From 94a38d7c1e8ed89af31cdc3cb6d8ad954b209a50 Mon Sep 17 00:00:00 2001 From: anmol Date: Thu, 4 Apr 2019 22:03:31 +0530 Subject: [PATCH] First commit --- LICENSE | 20 +++ README.md | 64 ++++++- check_process | 45 +++++ conf/app.src | 6 + conf/app_addons.src | 6 + conf/ldap_conf.php | 7 + conf/nginx.conf | 79 ++++++++ conf/php-fpm.conf | 430 ++++++++++++++++++++++++++++++++++++++++++++ conf/poller-cron | 2 + manifest.json | 45 +++++ scripts/_common.sh | 80 +++++++++ scripts/backup | 91 ++++++++++ scripts/install | 271 ++++++++++++++++++++++++++++ scripts/remove | 103 +++++++++++ scripts/restore | 132 ++++++++++++++ scripts/upgrade | 171 ++++++++++++++++++ 16 files changed, 1550 insertions(+), 2 deletions(-) create mode 100644 LICENSE create mode 100644 check_process create mode 100644 conf/app.src create mode 100644 conf/app_addons.src create mode 100644 conf/ldap_conf.php create mode 100644 conf/nginx.conf create mode 100644 conf/php-fpm.conf create mode 100644 conf/poller-cron create mode 100644 manifest.json create mode 100644 scripts/_common.sh create mode 100755 scripts/backup create mode 100755 scripts/install create mode 100755 scripts/remove create mode 100755 scripts/restore create mode 100755 scripts/upgrade diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..dd90a77 --- /dev/null +++ b/LICENSE @@ -0,0 +1,20 @@ +Copyright (c) 2010-2019 Mike Macgirvin +All rights reserved. + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. diff --git a/README.md b/README.md index bc3a2ab..99fd6fc 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,62 @@ -# zap_ynh -Zap is a full featured social network application with identity/content mirroring across multiple servers ("nomadic identity") but no "federate" with non-nomadic servers. +# ZAP for YunoHost + +[![Integration level](https://dash.yunohost.org/integration/zap.svg)](https://dash.yunohost.org/appci/app/zap) +[![Install Nextcloud with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=zap) + +> *This package allow you to install Nextcloud quickly and simply on a YunoHost server. +If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to know how to install and enjoy it.* +
+Version: **2.6** + +### Interesting links + +- [YunoHost project](https://yunohost.org) +- [Zap website](https://zotlabs.com/zap/) +- [Zap code on Framagit](https://framagit.org/zot/zap) +- [Zap addons on Framagit](https://framagit.org/zot/zap-addons) + +## ZAP +[Zap](https://zotlabs.com/zap/) is a powerful platform for creating interconnected websites featuring a decentralized identity, communications, and permissions framework built using common webserver technology. + +## This app claims following features: +- [X] Ldap integration +- [X] Multi-instance +- [X] Adeed php.log in the root folder for debugging php, with logrotate applied on it (can be accesssed by **admin->logs** and entering the **php.log**). +- [X] Fail2ban + + + +## Installation +Before installing, read the [ZAP installation instructions](https://framagit.org/zot/zap/blob/master/install/INSTALL.txt) for important information about + + +### Register a new domain and add it to YunoHost +- Zap requires a dedicated domain, so obtain one and add it using the YunoHost admin panel. **Domains -> Add domain**. As Hubzilla uses the full domain and is installed on the root, you can create a subdomain such as zap.domain.tld. Don't forget to update your DNS if you manage them manually. + + +#### YunoHost >= 2.5 : +Once the dedicated domain has been added to YunoHost, go again to the admin panel, go to domains then select your domain and click on "Install Let's Encrypt certificate". + +### Install the ZAP application +Use the YunoHost admin panel to install Zap by entering the GitHub repo address in the custom app URL + + https://github.com/YunoHost-Apps/zap_ynh + +Make sure to select your new domain created by the instruction in previous section as the application domain. + +**For admin rights**: When installation is complete, you will need to visit your new hub's page and login with the **admin account username** which was entered at the time of installation process. You should then be able to create your first channel and have the admin rights for the hub. + +**For normal YunoHost users:** Normal LDAP users can login through Ldap authentication and create there channels. + +**If the admin cannot access the admin settings:** If the admin cannot access the admin settings at `https://zap.example.com/admin` or you want to grant admin rights to any other user(s) on the hub, then you have to **manually add 4096** to the **account_roles** under **accounts** for that user in the **database through phpMYAdmin**. + +**For logs:** Go to **admin->logs** and enter the file name **php.log**. + +**Failed Database after Upgrade:** Some times databse upgrade fails after version upgrade. You can go to your hub eg. `https://zap.example.com/admin/dbsync/` and upgrade it manually. + + +#### Supported architectures + +* x86-64b - [![Build Status](https://ci-apps.yunohost.org/ci/logs/zap%20%28Official%29.svg)](https://ci-apps.yunohost.org/ci/apps/zap/) +* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/zap%20%28Official%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/zap/) +* Jessie x86-64b - [![Build Status](https://ci-stretch.nohost.me/ci/logs/zap%20%28Official%29.svg)](https://ci-stretch.nohost.me/ci/apps/zap/) diff --git a/check_process b/check_process new file mode 100644 index 0000000..3b35eb0 --- /dev/null +++ b/check_process @@ -0,0 +1,45 @@ +# See here for more information +# https://github.com/YunoHost/package_check#syntax-check_process-file + +# Move this file from check_process.default to check_process when you have filled it. + +;; Test complet + ; Manifest + domain="domain.tld" (DOMAIN) + admin="john" (USER) + upload="256M" + ; Checks + pkg_linter=1 + setup_sub_dir=0 + setup_root=1 + setup_nourl=0 + setup_private=0 + setup_public=1 + upgrade=1 + #upgrade=1 from_commit=CommitHash + backup_restore=1 + multi_instance=1 + incorrect_path=1 + port_already_use=0 + change_url=0 +;;; Levels + Level 1=auto + Level 2=auto + Level 3=auto +# Level 4: If the app supports LDAP and SSOwat, turn level 4 to '1' and add a link to an issue or a part of your code to show it. +# If the app does not use LDAP nor SSOwat, and can't use them, turn level 4 to 'na' and explain as well. + Level 4=1 + Level 5=auto + Level 6=auto + Level 7=auto + Level 8=0 + Level 9=0 + Level 10=0 +;;; Options +Email=anmol@datamol.org +Notification= +;;; Upgrade options + ; commit=CommitHash + name=Name and date of the commit. + manifest_arg=domain=DOMAIN&path=PATH&admin=USER&language=fr&is_public=1&password=pass&port=666& + diff --git a/conf/app.src b/conf/app.src new file mode 100644 index 0000000..2ce46a9 --- /dev/null +++ b/conf/app.src @@ -0,0 +1,6 @@ +SOURCE_URL=https://framagit.org/zot/zap/-/archive/2.6/zap-2.6.tar.gz +SOURCE_SUM=813b81f923691fb09a14600c8c5db73323c8ac74aba716ca5c96d8b411c40ac3 +SOURCE_SUM_PRG=sha256sum +SOURCE_FORMAT=tar.gz +SOURCE_IN_SUBDIR= +SOURCE_FILENAME= diff --git a/conf/app_addons.src b/conf/app_addons.src new file mode 100644 index 0000000..d949fba --- /dev/null +++ b/conf/app_addons.src @@ -0,0 +1,6 @@ +SOURCE_URL=https://framagit.org/zot/zap-addons/-/archive/master/zap-addons-master.tar.gz +SOURCE_SUM=cc64695bbcb464ebcddcb8ef7db2e875bb2411ba4ba8aa1a94bb2fa5a5073cf8 +SOURCE_SUM_PRG=sha256sum +SOURCE_FORMAT=tar.gz +SOURCE_IN_SUBDIR= +SOURCE_FILENAME= diff --git a/conf/ldap_conf.php b/conf/ldap_conf.php new file mode 100644 index 0000000..a4688d6 --- /dev/null +++ b/conf/ldap_conf.php @@ -0,0 +1,7 @@ +App::$config['system']['addon'] = 'ldapauth'; + +App::$config['ldapauth']['ldap_server'] = 'localhost'; +App::$config['ldapauth']['ldap_searchdn'] = 'ou=users,dc=yunohost,dc=org'; +App::$config['ldapauth']['ldap_userattr'] = 'uid'; +App::$config['ldapauth']['ldap_autocreateaccount_emailattribute'] = 'mail'; +App::$config['ldapauth']['create_account'] = '1'; diff --git a/conf/nginx.conf b/conf/nginx.conf new file mode 100644 index 0000000..caa98d8 --- /dev/null +++ b/conf/nginx.conf @@ -0,0 +1,79 @@ + location __PATH__ + { + alias __FINALPATH__/; + # Force https + if ($scheme = http) + + { + rewrite ^ https://$server_name$request_uri? permanent; + } + + if (!-e $request_filename) + + { + rewrite ^(.*)$ /index.php?q=$1; + } + + client_max_body_size 20m; + client_body_buffer_size 128k; + + # Default indexes and catch-all + index index.php; + charset utf-8; + + + # Example PHP configuration + location ~* \.php$ + { + try_files $uri =404; + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + + # make sure webfinger and other well known services aren't blocked + # by denying dot files and rewrite request to the front controller + location ^~ /.well-known/ + { + allow all; + if (!-e $request_filename) + { + rewrite ^(.*)$ /index.php?q=$1; + } + } + + # statically serve these file types when possible + # otherwise fall back to front controller + # allow browser to cache them + # added .htm for advanced source code editor library + # location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|map|ttf|woff|woff2|svg)$ { + # expires 30d; + # try_files $uri /index.php?q=$uri&$args; + # } + + # block these file types + location ~* \.(tpl|md|tgz|log|out)$ + { + deny all; + } + + # deny access to all dot files + location ~ /\. + { + deny all; + } + + #deny access to store + location ~ /store + { + deny all; + } + + #deny access to util + location ~ /util { + deny all; + } + + } + diff --git a/conf/php-fpm.conf b/conf/php-fpm.conf new file mode 100644 index 0000000..ab5dca9 --- /dev/null +++ b/conf/php-fpm.conf @@ -0,0 +1,430 @@ +; Start a new pool named 'www'. +; the variable $pool can be used in any directive and will be replaced by the +; pool name ('www' here) +[__NAMETOCHANGE__] + +; Per pool prefix +; It only applies on the following directives: +; - 'access.log' +; - 'slowlog' +; - 'listen' (unixsocket) +; - 'chroot' +; - 'chdir' +; - 'php_values' +; - 'php_admin_values' +; When not set, the global prefix (or /usr) applies instead. +; Note: This directive can also be relative to the global prefix. +; Default Value: none +;prefix = /path/to/pools/$pool + +; Unix user/group of processes +; Note: The user is mandatory. If the group is not set, the default user's group +; will be used. +user = __USER__ +group = __USER__ + +; The address on which to accept FastCGI requests. +; Valid syntaxes are: +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on +; a specific port; +; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses +; (IPv6 and IPv4-mapped) on a specific port; +; '/path/to/unix/socket' - to listen on a unix socket. +; Note: This value is mandatory. +listen = /var/run/php/php7.0-fpm-__NAMETOCHANGE__.sock + +; Set listen(2) backlog. +; Default Value: 511 (-1 on FreeBSD and OpenBSD) +;listen.backlog = 511 + +; Set permissions for unix socket, if one is used. In Linux, read/write +; permissions must be set in order to allow connections from a web server. Many +; BSD-derived systems allow connections regardless of permissions. +; Default Values: user and group are set as the running user +; mode is set to 0660 +listen.owner = www-data +listen.group = www-data +;listen.mode = 0660 +; When POSIX Access Control Lists are supported you can set them using +; these options, value is a comma separated list of user/group names. +; When set, listen.owner and listen.group are ignored +;listen.acl_users = +;listen.acl_groups = + +; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect. +; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original +; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address +; must be separated by a comma. If this value is left blank, connections will be +; accepted from any ip address. +; Default Value: any +;listen.allowed_clients = 127.0.0.1 + +; Specify the nice(2) priority to apply to the pool processes (only if set) +; The value can vary from -19 (highest priority) to 20 (lower priority) +; Note: - It will only work if the FPM master process is launched as root +; - The pool processes will inherit the master process priority +; unless it specified otherwise +; Default Value: no set +; process.priority = -19 + +; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user +; or group is differrent than the master process user. It allows to create process +; core dump and ptrace the process for the pool user. +; Default Value: no +; process.dumpable = yes + +; Choose how the process manager will control the number of child processes. +; Possible Values: +; static - a fixed number (pm.max_children) of child processes; +; dynamic - the number of child processes are set dynamically based on the +; following directives. With this process management, there will be +; always at least 1 children. +; pm.max_children - the maximum number of children that can +; be alive at the same time. +; pm.start_servers - the number of children created on startup. +; pm.min_spare_servers - the minimum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is less than this +; number then some children will be created. +; pm.max_spare_servers - the maximum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is greater than this +; number then some children will be killed. +; ondemand - no children are created at startup. Children will be forked when +; new requests will connect. The following parameter are used: +; pm.max_children - the maximum number of children that +; can be alive at the same time. +; pm.process_idle_timeout - The number of seconds after which +; an idle process will be killed. +; Note: This value is mandatory. +pm = dynamic + +; The number of child processes to be created when pm is set to 'static' and the +; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. +; This value sets the limit on the number of simultaneous requests that will be +; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. +; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP +; CGI. The below defaults are based on a server without much resources. Don't +; forget to tweak pm.* to fit your needs. +; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' +; Note: This value is mandatory. +pm.max_children = 5 + +; The number of child processes created on startup. +; Note: Used only when pm is set to 'dynamic' +; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 +pm.start_servers = 2 + +; The desired minimum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.min_spare_servers = 1 + +; The desired maximum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.max_spare_servers = 3 + +; The number of seconds after which an idle process will be killed. +; Note: Used only when pm is set to 'ondemand' +; Default Value: 10s +;pm.process_idle_timeout = 10s; + +; The number of requests each child process should execute before respawning. +; This can be useful to work around memory leaks in 3rd party libraries. For +; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. +; Default Value: 0 +;pm.max_requests = 500 + +; The URI to view the FPM status page. If this value is not set, no URI will be +; recognized as a status page. It shows the following informations: +; pool - the name of the pool; +; process manager - static, dynamic or ondemand; +; start time - the date and time FPM has started; +; start since - number of seconds since FPM has started; +; accepted conn - the number of request accepted by the pool; +; listen queue - the number of request in the queue of pending +; connections (see backlog in listen(2)); +; max listen queue - the maximum number of requests in the queue +; of pending connections since FPM has started; +; listen queue len - the size of the socket queue of pending connections; +; idle processes - the number of idle processes; +; active processes - the number of active processes; +; total processes - the number of idle + active processes; +; max active processes - the maximum number of active processes since FPM +; has started; +; max children reached - number of times, the process limit has been reached, +; when pm tries to start more children (works only for +; pm 'dynamic' and 'ondemand'); +; Value are updated in real time. +; Example output: +; pool: www +; process manager: static +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 62636 +; accepted conn: 190460 +; listen queue: 0 +; max listen queue: 1 +; listen queue len: 42 +; idle processes: 4 +; active processes: 11 +; total processes: 15 +; max active processes: 12 +; max children reached: 0 +; +; By default the status page output is formatted as text/plain. Passing either +; 'html', 'xml' or 'json' in the query string will return the corresponding +; output syntax. Example: +; http://www.foo.bar/status +; http://www.foo.bar/status?json +; http://www.foo.bar/status?html +; http://www.foo.bar/status?xml +; +; By default the status page only outputs short status. Passing 'full' in the +; query string will also return status for each pool process. +; Example: +; http://www.foo.bar/status?full +; http://www.foo.bar/status?json&full +; http://www.foo.bar/status?html&full +; http://www.foo.bar/status?xml&full +; The Full status returns for each process: +; pid - the PID of the process; +; state - the state of the process (Idle, Running, ...); +; start time - the date and time the process has started; +; start since - the number of seconds since the process has started; +; requests - the number of requests the process has served; +; request duration - the duration in µs of the requests; +; request method - the request method (GET, POST, ...); +; request URI - the request URI with the query string; +; content length - the content length of the request (only with POST); +; user - the user (PHP_AUTH_USER) (or '-' if not set); +; script - the main script called (or '-' if not set); +; last request cpu - the %cpu the last request consumed +; it's always 0 if the process is not in Idle state +; because CPU calculation is done when the request +; processing has terminated; +; last request memory - the max amount of memory the last request consumed +; it's always 0 if the process is not in Idle state +; because memory calculation is done when the request +; processing has terminated; +; If the process is in Idle state, then informations are related to the +; last request the process has served. Otherwise informations are related to +; the current request being served. +; Example output: +; ************************ +; pid: 31330 +; state: Running +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 63087 +; requests: 12808 +; request duration: 1250261 +; request method: GET +; request URI: /test_mem.php?N=10000 +; content length: 0 +; user: - +; script: /home/fat/web/docs/php/test_mem.php +; last request cpu: 0.00 +; last request memory: 0 +; +; Note: There is a real-time FPM status monitoring sample web page available +; It's available in: /usr/share/php/7.0/fpm/status.html +; +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;pm.status_path = /status + +; The ping URI to call the monitoring page of FPM. If this value is not set, no +; URI will be recognized as a ping page. This could be used to test from outside +; that FPM is alive and responding, or to +; - create a graph of FPM availability (rrd or such); +; - remove a server from a group if it is not responding (load balancing); +; - trigger alerts for the operating team (24/7). +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;ping.path = /ping + +; This directive may be used to customize the response of a ping request. The +; response is formatted as text/plain with a 200 response code. +; Default Value: pong +;ping.response = pong + +; The access log file +; Default: not set +;access.log = log/$pool.access.log + +; The access log format. +; The following syntax is allowed +; %%: the '%' character +; %C: %CPU used by the request +; it can accept the following format: +; - %{user}C for user CPU only +; - %{system}C for system CPU only +; - %{total}C for user + system CPU (default) +; %d: time taken to serve the request +; it can accept the following format: +; - %{seconds}d (default) +; - %{miliseconds}d +; - %{mili}d +; - %{microseconds}d +; - %{micro}d +; %e: an environment variable (same as $_ENV or $_SERVER) +; it must be associated with embraces to specify the name of the env +; variable. Some exemples: +; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e +; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e +; %f: script filename +; %l: content-length of the request (for POST request only) +; %m: request method +; %M: peak of memory allocated by PHP +; it can accept the following format: +; - %{bytes}M (default) +; - %{kilobytes}M +; - %{kilo}M +; - %{megabytes}M +; - %{mega}M +; %n: pool name +; %o: output header +; it must be associated with embraces to specify the name of the header: +; - %{Content-Type}o +; - %{X-Powered-By}o +; - %{Transfert-Encoding}o +; - .... +; %p: PID of the child that serviced the request +; %P: PID of the parent of the child that serviced the request +; %q: the query string +; %Q: the '?' character if query string exists +; %r: the request URI (without the query string, see %q and %Q) +; %R: remote IP address +; %s: status (response code) +; %t: server time the request was received +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsuled in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t +; %T: time the log has been written (the request has finished) +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsuled in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t +; %u: remote user +; +; Default: "%R - %u %t \"%m %r\" %s" +;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" + +; The log file for slow requests +; Default Value: not set +; Note: slowlog is mandatory if request_slowlog_timeout is set +;slowlog = log/$pool.log.slow + +; The timeout for serving a single request after which a PHP backtrace will be +; dumped to the 'slowlog' file. A value of '0s' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_slowlog_timeout = 0 + +; The timeout for serving a single request after which the worker process will +; be killed. This option should be used when the 'max_execution_time' ini option +; does not stop script execution for some reason. A value of '0' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +request_terminate_timeout = 1d + +; Set open file descriptor rlimit. +; Default Value: system defined value +;rlimit_files = 1024 + +; Set max core size rlimit. +; Possible Values: 'unlimited' or an integer greater or equal to 0 +; Default Value: system defined value +;rlimit_core = 0 + +; Chroot to this directory at the start. This value must be defined as an +; absolute path. When this value is not set, chroot is not used. +; Note: you can prefix with '$prefix' to chroot to the pool prefix or one +; of its subdirectories. If the pool prefix is not set, the global prefix +; will be used instead. +; Note: chrooting is a great security feature and should be used whenever +; possible. However, all PHP paths will be relative to the chroot +; (error_log, sessions.save_path, ...). +; Default Value: not set +;chroot = + +; Chdir to this directory at the start. +; Note: relative path can be used. +; Default Value: current directory or / when chroot +chdir = __FINALPATH__ + +; Redirect worker stdout and stderr into main error log. If not set, stdout and +; stderr will be redirected to /dev/null according to FastCGI specs. +; Note: on highloaded environement, this can cause some delay in the page +; process time (several ms). +; Default Value: no +;catch_workers_output = yes + +; Clear environment in FPM workers +; Prevents arbitrary environment variables from reaching FPM worker processes +; by clearing the environment in workers before env vars specified in this +; pool configuration are added. +; Setting to "no" will make all environment variables available to PHP code +; via getenv(), $_ENV and $_SERVER. +; Default Value: yes +;clear_env = no + +; Limits the extensions of the main script FPM will allow to parse. This can +; prevent configuration mistakes on the web server side. You should only limit +; FPM to .php extensions to prevent malicious users to use other extensions to +; execute php code. +; Note: set an empty value to allow all extensions. +; Default Value: .php +;security.limit_extensions = .php .php3 .php4 .php5 .php7 + +; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from +; the current environment. +; Default Value: clean env +;env[HOSTNAME] = $HOSTNAME +;env[PATH] = /usr/local/bin:/usr/bin:/bin +;env[TMP] = /tmp +;env[TMPDIR] = /tmp +;env[TEMP] = /tmp + +; Additional php.ini defines, specific to this pool of workers. These settings +; overwrite the values previously defined in the php.ini. The directives are the +; same as the PHP SAPI: +; php_value/php_flag - you can set classic ini defines which can +; be overwritten from PHP call 'ini_set'. +; php_admin_value/php_admin_flag - these directives won't be overwritten by +; PHP call 'ini_set' +; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. + +; Defining 'extension' will load the corresponding shared extension from +; extension_dir. Defining 'disable_functions' or 'disable_classes' will not +; overwrite previously defined php.ini values, but will append the new value +; instead. + +; Note: path INI options can be relative and will be expanded with the prefix +; (pool, global or /usr) + +; Default Value: nothing is defined by default except the values in php.ini and +; specified at startup with the -d argument +;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com +;php_flag[display_errors] = off +;php_admin_value[error_log] = /var/log/fpm-php.www.log +;php_admin_flag[log_errors] = on +;php_admin_value[memory_limit] = 32M + +; Common values to change to increase file upload limit +; php_admin_value[upload_max_filesize] = 50M +; php_admin_value[post_max_size] = 50M +; php_admin_flag[mail.add_x_header] = Off + +; Other common parameters +; php_admin_value[max_execution_time] = 600 +; php_admin_value[max_input_time] = 300 +; php_admin_value[memory_limit] = 256M +; php_admin_flag[short_open_tag] = On diff --git a/conf/poller-cron b/conf/poller-cron new file mode 100644 index 0000000..cd3d674 --- /dev/null +++ b/conf/poller-cron @@ -0,0 +1,2 @@ +# Run poller periodically to update Hubzilla +*/10 * * * * __USER__ cd YNH_WWW_PATH; /usr/bin/php Zotlabs/Daemon/Master.php Cron > /dev/null 2>&1 diff --git a/manifest.json b/manifest.json new file mode 100644 index 0000000..071e599 --- /dev/null +++ b/manifest.json @@ -0,0 +1,45 @@ +{ + "name": "Zap Social network app for Yunohost", + "id": "zap", + "packaging_format": 1, + "description": { + "en": "Zap is a full featured social network application with identity/content mirroring across multiple servers ("nomadic identity") but no "federate" with non-nomadic servers." + }, + "version": "2.6~ynh1", + "url": "https://zotlabs.com/zap/", + "license": "MIT", + "maintainer": { + "name": "Anmol Sharma", + "email": "anmol@datamol.org", + "url": "https://datamol.org" + }, + "requirements": { + "yunohost": ">= 3.4" + }, + "multi_instance": true, + "services": [ + "nginx", + "php7.0-fpm", + "mysql" + ], + "arguments": { + "install" : [ + { + "name": "domain", + "type": "domain", + "ask": { + "en": "Choose a domain for your ZAP hub. ZAP must run in the root of this domain. It means no other app can be accessed/run from this domain. We advise to use a dedicated subdomain such as zap.domain.tld", + "fr": "Indiquez un domain pour ZAP. ZAP doit être installé à la racine du domaine. Cela implique qu'aucune autre app ne pourra être installée ou accessible sur ce domain. Nous conseillons un sous-domaine dédié par exemple zap.domain.tld." + } + }, + { + "name": "admin", + "type": "user", + "ask": { + "en": "Choose the ZAP administrator (must be an existing YunoHost user)", + "fr": "Choisissez l'administrateur de ZAP (doit être un utilisateur YunoHost existant)" + } + } + ] + } +} diff --git a/scripts/_common.sh b/scripts/_common.sh new file mode 100644 index 0000000..5a23916 --- /dev/null +++ b/scripts/_common.sh @@ -0,0 +1,80 @@ +#!/bin/bash + +#================================================= +# COMMON VARIABLES +#================================================= + +# dependencies used by the app +pkg_dependencies=php-mbstring php5-cli 'php5-imagick|php-imagick' php5-gd php5-mcrypt 'php-xml|base-files(<<9.0)' + +#================================================= +# PERSONAL HELPERS +#================================================= + +#================================================= +# EXPERIMENTAL HELPERS +#================================================= + +# Create a dedicated fail2ban config (jail and filter conf files) +# +# usage: ynh_add_fail2ban_config log_file filter [max_retry [ports]] +# | arg: log_file - Log file to be checked by fail2ban +# | arg: failregex - Failregex to be looked for by fail2ban +# | arg: max_retry - Maximum number of retries allowed before banning IP address - default: 3 +# | arg: ports - Ports blocked for a banned IP address - default: http,https +ynh_add_fail2ban_config () { + # Process parameters + logpath=$1 + failregex=$2 + max_retry=${3:-3} + ports=${4:-http,https} + + test -n "$logpath" || ynh_die "ynh_add_fail2ban_config expects a logfile path as first argument and received nothing." + test -n "$failregex" || ynh_die "ynh_add_fail2ban_config expects a failure regex as second argument and received nothing." + + finalfail2banjailconf="/etc/fail2ban/jail.d/$app.conf" + finalfail2banfilterconf="/etc/fail2ban/filter.d/$app.conf" + ynh_backup_if_checksum_is_different "$finalfail2banjailconf" 1 + ynh_backup_if_checksum_is_different "$finalfail2banfilterconf" 1 + + sudo tee $finalfail2banjailconf <&2 + echo "WARNING${fail2ban_error#*WARNING}" >&2 + fi +} + +# Remove the dedicated fail2ban config (jail and filter conf files) +# +# usage: ynh_remove_fail2ban_config +ynh_remove_fail2ban_config () { + ynh_secure_remove "/etc/fail2ban/jail.d/$app.conf" + ynh_secure_remove "/etc/fail2ban/filter.d/$app.conf" + sudo systemctl restart fail2ban +} + +#================================================= +# FUTURE OFFICIAL HELPERS +#================================================= diff --git a/scripts/backup b/scripts/backup new file mode 100755 index 0000000..7a706f8 --- /dev/null +++ b/scripts/backup @@ -0,0 +1,91 @@ +#!/bin/bash + +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +#Keep this path for calling _common.sh inside the execution's context of backup and restore scripts +source ../settings/scripts/_common.sh +source /usr/share/yunohost/helpers + +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + +ynh_clean_setup () { + ### Remove this function if there's nothing to clean before calling the remove script. + true +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# LOAD SETTINGS +#================================================= +ynh_print_info "Loading installation settings..." + +app=$YNH_APP_INSTANCE_NAME + +final_path=$(ynh_app_setting_get $app final_path) +domain=$(ynh_app_setting_get $app domain) +db_name=$(ynh_app_setting_get $app db_name) + +#================================================= +# STANDARD BACKUP STEPS +#================================================= +# BACKUP THE APP MAIN DIR +#================================================= +ynh_print_info "Backing up the main app directory..." + +ynh_backup "$final_path" + +#================================================= +# BACKUP THE NGINX CONFIGURATION +#================================================= +ynh_print_info "Backing up nginx web server configuration..." + +ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" + +#================================================= +# BACKUP THE PHP-FPM CONFIGURATION +#================================================= +ynh_print_info "Backing up php-fpm configuration..." + +ynh_backup "/etc/php/7.0/fpm/pool.d/$app.conf" + +#================================================= +# BACKUP THE MYSQL DATABASE +#================================================= +ynh_print_info "Backing up the MySQL database..." + +ynh_mysql_dump_db "$db_name" > db.sql + +#================================================= +# SPECIFIC BACKUP +#================================================= +# BACKUP LOGROTATE +#================================================= +ynh_print_info "Backing up logrotate configuration..." + +ynh_backup "/etc/logrotate.d/$app" + +#================================================= +# BACKUP THE CRON FILE +#================================================= + +ynh_backup "/etc/cron.d/$app" + +#================================================= +# BACKUP FAIL2BAN CONFIGURATION +#================================================= + +ynh_backup "/etc/fail2ban/jail.d/$app.conf" +ynh_backup "/etc/fail2ban/filter.d/$app.conf" + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_print_info "Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." diff --git a/scripts/install b/scripts/install new file mode 100755 index 0000000..708d837 --- /dev/null +++ b/scripts/install @@ -0,0 +1,271 @@ +#!/bin/bash + +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +source _common.sh +source /usr/share/yunohost/helpers + +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + +ynh_clean_setup () { + ### Remove this function if there's nothing to clean before calling the remove script. + true +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# RETRIEVE ARGUMENTS FROM THE MANIFEST +#================================================= + +domain=$YNH_APP_ARG_DOMAIN +path_url="/" +admin=$YNH_APP_ARG_ADMIN +email=$(sudo yunohost user info $admin | grep "mail:" | cut -d' ' -f2) +upload="256M" +database="1" + +# This is a multi-instance app, meaning it can be installed several times independently +# The id of the app as stated in the manifest is available as $YNH_APP_ID +# The instance number is available as $YNH_APP_INSTANCE_NUMBER (equals "1", "2", ...) +# The app instance name is available as $YNH_APP_INSTANCE_NAME +# - the first time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample +# - the second time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample__2 +# - ynhexample__{N} for the subsequent installations, with N=3,4, ... +# The app instance name is probably what you are interested the most, since this is +# guaranteed to be unique. This is a good unique identifier to define installation path, +# db names, ... +app=$YNH_APP_INSTANCE_NAME + +#================================================= +# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS +#================================================= +ynh_print_info "Validating installation parameters..." + +### If the app uses nginx as web server (written in HTML/PHP in most cases), the final path should be "/var/www/$app". +### If the app provides an internal web server (or uses another application server such as uwsgi), the final path should be "/opt/yunohost/$app" +final_path=/var/www/$app +test ! -e "$final_path" || ynh_die "This path already contains a folder" + +# Register (book) web path +ynh_webpath_register $app $domain $path_url + +#================================================= +# STORE SETTINGS FROM MANIFEST +#================================================= +ynh_print_info "Storing installation settings..." + +ynh_app_setting_set $app domain $domain +ynh_app_setting_set $app path $path_url +ynh_app_setting_set $app admin $admin +ynh_app_setting_set $app email $email +ynh_app_setting_set $app upload $upload +ynh_app_setting_set $app database $database + + +#================================================= +# STANDARD MODIFICATIONS +#================================================= +# INSTALL DEPENDENCIES +#================================================= +ynh_print_info "Installing dependencies..." + +### `ynh_install_app_dependencies` allows you to add any "apt" dependencies to the package. +### Those deb packages will be installed as dependencies of this package. +### If you're not using this helper: +### - Remove the section "REMOVE DEPENDENCIES" in the remove script +### - Remove the variable "pkg_dependencies" in _common.sh +### - As well as the section "REINSTALL DEPENDENCIES" in the restore script +### - And the section "UPGRADE DEPENDENCIES" in the upgrade script + +ynh_install_app_dependencies $pkg_dependencies + +#================================================= +# CREATE A MYSQL DATABASE +#================================================= +ynh_print_info "Creating a MySQL database..." + +### Use these lines if you need a database for the application. +### `ynh_mysql_setup_db` will create a database, an associated user and a ramdom password. +### The password will be stored as 'mysqlpwd' into the app settings, +### and will be available as $db_pwd +### If you're not using these lines: +### - Remove the section "BACKUP THE MYSQL DATABASE" in the backup script +### - Remove also the section "REMOVE THE MYSQL DATABASE" in the remove script +### - As well as the section "RESTORE THE MYSQL DATABASE" in the restore script + +db_name=$(ynh_sanitize_dbid $app) +ynh_app_setting_set $app db_name $db_name +ynh_mysql_setup_db $db_name $db_name + +#================================================= +# DOWNLOAD, CHECK AND UNPACK SOURCE +#================================================= + +# 1 - Zap +ynh_print_info "Setting up source files..." + +### `ynh_setup_source` is used to install an app from a zip or tar.gz file, +### downloaded from an upstream source, like a git repository. +### `ynh_setup_source` use the file conf/app.src + +ynh_app_setting_set $app final_path $final_path +# Download, check integrity, uncompress and patch the source from app.src +ynh_setup_source "$final_path" + +# 2 - Zap Addons + +# Make addon Directory and unpack the addons to this directory +ynh_print_info "Create addon directory inside root folder..." +sudo mkdir $final_path/addon +ynh_print_info "Setting up addons source files..." +ynh_setup_source "$final_path/addon" "app_addons" + + +# 3 - Some extra folders +ynh_print_info "Creating smarty3 folder for personal data..." +sudo mkdir -p "${final_path}/store/[data]/smarty3" +sudo chmod -R 777 $final_path/store + +# Import database schema +ynh_print_info "Importing database..." +ynh_mysql_connect_as "$db_name" "$db_pwd" "$db_name" < $final_path/install/schema_mysql.sql + +# Copy the template install/htconfig.sample.php to .htconfig.php +ynh_print_info "Moving .htconfig.php to root folder ..." +sudo cp $final_path/install/htconfig.sample.php $final_path/.htconfig.php + +# Create php.log inside for logs +ynh_print_info "Create php.log for the debuging..." +sudo touch "$final_path/php.log" + +#================================================= +# MODIFY A CONFIG FILE +#================================================= + +### `ynh_replace_string` is used to replace a string in a file. +### (It's compatible with sed regular expressions syntax) + +ynh_print_info "Replace the .htconfig.php values...." +sudo sed -i "s/your.mysqlhost.com/localhost/g" $final_path/.htconfig.php +sudo sed -i "s/mysqlpassword/$db_pwd/g" $final_path/.htconfig.php +sudo sed -i "s/mysqlusername/$db_name/g" $final_path/.htconfig.php +sudo sed -i "s/mysqldatabasename/$db_name/g" $final_path/.htconfig.php +sudo sed -i "s/mysite.example/$domain/g" $final_path/.htconfig.php +sudo sed -i "s/if the auto install failed, put a unique random string here/$(ynh_string_random)$(ynh_string_random)$(ynh_string_random)/g" $final_path/.htconfig.php +sudo sed -i "s/\['admin_email'\] = '';/\['admin_email'\] = '$email';/g" $final_path/.htconfig.php +sudo sed -i "s@//error_reporting(E_ERROR | E_WARNING | E_PARSE );@error_reporting(E_ERROR | E_WARNING | E_PARSE );@g" $final_path/.htconfig.php +sudo sed -i "s@//ini_set('error_log','php.out');@ini_set('error_log','php.log');@g" $final_path/.htconfig.php +sudo sed -i "s@//ini_set('log_errors','1');@ini_set('log_errors','1');@g" $final_path/.htconfig.php +sudo sed -i "s@//ini_set('display_errors', '0');@ini_set('display_errors', '0');@g" $final_path/.htconfig.php + +# Addon ldap config +ynh_print_info "Push Ldap configuration to .htconfig.php..." +sudo su -c "cat ../conf/ldap_conf.php >> $final_path/.htconfig.php" + + +#================================================= +# NGINX CONFIGURATION +#================================================= +ynh_print_info "Configuring nginx web server..." + +### `ynh_add_nginx_config` will use the file conf/nginx.conf + +# Create a dedicated nginx config +ynh_add_nginx_config + +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_print_info "Configuring system user..." + +# Create a system user +ynh_system_user_create $app + +#================================================= +# PHP-FPM CONFIGURATION +#================================================= +ynh_print_info "Configuring php-fpm..." + +### `ynh_add_fpm_config` is used to set up a PHP config. +### You can remove it if your app doesn't use PHP. +### `ynh_add_fpm_config` will use the files conf/php-fpm.conf and conf/php-fpm.ini +### If you're not using these lines: +### - You can remove these files in conf/. +### - Remove the section "BACKUP THE PHP-FPM CONFIGURATION" in the backup script +### - Remove also the section "REMOVE PHP-FPM CONFIGURATION" in the remove script +### - As well as the section "RESTORE THE PHP-FPM CONFIGURATION" in the restore script +### With the reload at the end of the script. +### - And the section "PHP-FPM CONFIGURATION" in the upgrade script + +# Create a dedicated php-fpm config +ynh_add_fpm_config + +# Set right permissions for the app +ynh_print_info "Set the app rights..." +chown -R $app: $final_path + +# Set up cron job +ynh_print_info "Setting up cron job..." +ynh_replace_string "YNH_WWW_PATH" "$final_path" ../conf/poller-cron +ynh_replace_string "__USER__" "$app" ../conf/poller-cron +sudo cp ../conf/poller-cron /etc/cron.d/$app + +#================================================= +# STORE THE CONFIG FILE CHECKSUM +#================================================= + +### `ynh_store_file_checksum` is used to store the checksum of a file. +### That way, during the upgrade script, by using `ynh_backup_if_checksum_is_different`, +### you can make a backup of this file before modifying it again if the admin had modified it. + +# Calculate and store the config file checksum into the app settings +ynh_store_file_checksum "$final_path/.htconfig.php" + +#================================================= +# SETUP LOGROTATE +#================================================= +ynh_print_info "Configuring log rotation..." + +### `ynh_use_logrotate` is used to configure a logrotate configuration for the logs of this app. +### Use this helper only if there is effectively a log file for this app. +### If you're not using this helper: +### - Remove the section "BACKUP LOGROTATE" in the backup script +### - Remove also the section "REMOVE LOGROTATE CONFIGURATION" in the remove script +### - As well as the section "RESTORE THE LOGROTATE CONFIGURATION" in the restore script +### - And the section "SETUP LOGROTATE" in the upgrade script + +# Use logrotate to manage application logfile(s) +ynh_use_logrotate "$final_path/php.log" + +#================================================= +# SETUP FAIL2BAN +#================================================= +ynh_print_info "Add Fail2Ban..." +ynh_add_fail2ban_config "$final_path/php.log" "^.*auth\.php.*failed login attempt.*from IP .*$" 5 + +#================================================= +# SETUP SSOWAT +#================================================= +# As Zap is social network and have its own permission there is no need to keep Zap behind SSO +ynh_print_info "Configuring SSOwat..." +ynh_app_setting_set $app skipped_uris "/" + +#================================================= +# RELOAD NGINX +#================================================= +ynh_print_info "Reloading nginx web server..." + +systemctl reload nginx + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_print_info "Installation of $app completed" diff --git a/scripts/remove b/scripts/remove new file mode 100755 index 0000000..cb3e234 --- /dev/null +++ b/scripts/remove @@ -0,0 +1,103 @@ +#!/bin/bash + +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +source _common.sh +source /usr/share/yunohost/helpers + +#================================================= +# LOAD SETTINGS +#================================================= +ynh_print_info "Loading installation settings..." + +app=$YNH_APP_INSTANCE_NAME + +domain=$(ynh_app_setting_get $app domain) +db_name=$(ynh_app_setting_get $app db_name) +db_user="$db_name" +final_path=$(ynh_app_setting_get $app final_path) + +#================================================= +# STANDARD REMOVE +#================================================= + +#================================================= +# REMOVE DEPENDENCIES +#================================================= +ynh_print_info "Removing dependencies" + +# Remove metapackage and its dependencies +ynh_remove_app_dependencies + +#================================================= +# REMOVE THE MYSQL DATABASE +#================================================= +ynh_print_info "Removing the MySQL database" + +# Remove a database if it exists, along with the associated user +ynh_mysql_remove_db $db_user $db_name + +#================================================= +# REMOVE APP MAIN DIR +#================================================= +ynh_print_info "Removing app main directory" + +# Remove the app directory securely +ynh_secure_remove "$final_path" + +#================================================= +# REMOVE NGINX CONFIGURATION +#================================================= +ynh_print_info "Removing nginx web server configuration" + +# Remove the dedicated nginx config +ynh_remove_nginx_config + +#================================================= +# REMOVE PHP-FPM CONFIGURATION +#================================================= +ynh_print_info "Removing php-fpm configuration" + +# Remove the dedicated php-fpm config +ynh_remove_fpm_config + +#================================================= +# REMOVE LOGROTATE CONFIGURATION +#================================================= +ynh_print_info "Removing logrotate configuration" + +# Remove the app-specific logrotate config +ynh_remove_logrotate + +#================================================= +# REMOVE THE CRON FILE +#================================================= + +# Remove a cron file +ynh_secure_remove "/etc/cron.d/$app" + +#================================================= +# REMOVE FAIL2BAN CONFIGURATION +#================================================= + +ynh_remove_fail2ban_config + +#================================================= +# GENERIC FINALIZATION +#================================================= +# REMOVE DEDICATED USER +#================================================= +ynh_print_info "Removing the dedicated system user" + +# Delete a system user +ynh_system_user_delete $app + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_print_info "Removal of $app completed" diff --git a/scripts/restore b/scripts/restore new file mode 100755 index 0000000..04d3450 --- /dev/null +++ b/scripts/restore @@ -0,0 +1,132 @@ +#!/bin/bash + +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +#Keep this path for calling _common.sh inside the execution's context of backup and restore scripts +source ../settings/scripts/_common.sh +source /usr/share/yunohost/helpers + +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + +ynh_clean_setup () { + #### Remove this function if there's nothing to clean before calling the remove script. + true +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# LOAD SETTINGS +#================================================= +ynh_print_info "Loading settings..." + +app=$YNH_APP_INSTANCE_NAME + +domain=$(ynh_app_setting_get $app domain) +path_url=$(ynh_app_setting_get $app path) +admin=$(ynh_app_setting_get $app admin) +final_path=$(ynh_app_setting_get $app final_path) +db_name=$(ynh_app_setting_get $app db_name) + +#================================================= +# CHECK IF THE APP CAN BE RESTORED +#================================================= +ynh_print_info "Validating restoration parameters..." + +ynh_webpath_available $domain $path_url \ + || ynh_die "Path not available: ${domain}${path_url}" +test ! -d $final_path \ + || ynh_die "There is already a directory: $final_path " + +#================================================= +# STANDARD RESTORATION STEPS +#================================================= +# RESTORE THE NGINX CONFIGURATION +#================================================= + +ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf" + +#================================================= +# RESTORE THE APP MAIN DIR +#================================================= +ynh_print_info "Restoring the app main directory..." + +ynh_restore_file "$final_path" + +#================================================= +# RESTORE THE MYSQL DATABASE +#================================================= +ynh_print_info "Restoring the MySQL database..." + +db_pwd=$(ynh_app_setting_get $app mysqlpwd) +ynh_mysql_setup_db $db_name $db_name $db_pwd +ynh_mysql_connect_as $db_name $db_pwd $db_name < ./db.sql + +#================================================= +# RECREATE THE DEDICATED USER +#================================================= +ynh_print_info "Recreating the dedicated system user..." + +# Create the dedicated user (if not existing) +ynh_system_user_create $app + +#================================================= +# RESTORE THE PHP-FPM CONFIGURATION +#================================================= + +ynh_restore_file "/etc/php/7.0/fpm/pool.d/$app.conf" + +#================================================= +# SPECIFIC RESTORATION +#================================================= +# REINSTALL DEPENDENCIES +#================================================= +ynh_print_info "Reinstalling dependencies..." + +# Define and install dependencies +ynh_install_app_dependencies $pkg_dependencies + +#================================================= +# RESTORE THE CRON FILE +#================================================= + +ynh_restore_file "/etc/cron.d/$app" + +#================================================= +# RESTORE THE LOGROTATE CONFIGURATION +#================================================= + +ynh_restore_file "/etc/logrotate.d/$app" + +#================================================= +# RESTORE FAIL2BAN CONFIGURATION +#================================================= + +ynh_restore_file "/etc/fail2ban/jail.d/$app.conf" +ynh_restore_file "/etc/fail2ban/filter.d/$app.conf" +systemctl restart fail2ban + +# Make app public +ynh_app_setting_set $app skipped_uris "/" + +#================================================= +# GENERIC FINALIZATION +#================================================= +# RELOAD NGINX AND PHP-FPM +#================================================= +ynh_print_info "Reloading nginx web server and php-fpm..." + +systemctl reload php7.0-fpm +systemctl reload nginx + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_print_info "Restoration completed for $app" diff --git a/scripts/upgrade b/scripts/upgrade new file mode 100755 index 0000000..1c12d3d --- /dev/null +++ b/scripts/upgrade @@ -0,0 +1,171 @@ +#!/bin/bash + +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +source _common.sh +source /usr/share/yunohost/helpers + +#================================================= +# LOAD SETTINGS +#================================================= +ynh_print_info "Loading installation settings..." + +app=$YNH_APP_INSTANCE_NAME + +domain=$(ynh_app_setting_get $app domain) +path_url=$(ynh_app_setting_get $app path) +final_path=$(ynh_app_setting_get $app final_path) +upload=$(ynh_app_setting_get $app upload) +db_name=$(ynh_app_setting_get $app db_name) +db_pwd=$(ynh_app_setting_get $app mysqlpwd) + +#================================================= +# ENSURE DOWNWARD COMPATIBILITY +#================================================= + +# If db_name doesn't exist, create it +if [ -z $db_name ]; then + db_name=$(ynh_sanitize_dbid $app) + ynh_app_setting_set $app db_name $db_name +fi + + +#================================================= +# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP +#================================================= +ynh_print_info "Backing up the app before upgrading (may take a while)..." + +# Backup the current version of the app +ynh_backup_before_upgrade +ynh_clean_setup () { + # restore it if the upgrade fails + ynh_restore_upgradebackup +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + + +#================================================= +# STANDARD UPGRADE STEPS +#================================================= +# REMOVE APP MAIN DIR +#================================================= +ynh_print_info "Upgrading source files..." +# Create a temporary directory +tmpdir="$(mktemp -d)" +# Backup the config file in the temp dir +cp -a "$final_path/.htconfig.php" "$tmpdir/.htconfig.php" +cp -a "$final_path/store" "$tmpdir/store" +cp -a "$final_path/php.log" "$tmpdir/php.log" + + +# Remove the app directory securely +ynh_secure_remove "$final_path" + +# If final_path doesn't exist, create it +if [ -z $final_path ]; then + final_path=/var/www/$app + ynh_app_setting_set $app final_path $final_path +fi + +#================================================= +# STANDARD UPGRADE STEPS +#================================================= +# DOWNLOAD, CHECK AND UNPACK SOURCE +#================================================= + +# Download, check integrity, uncompress and patch the source from app.src +ynh_setup_source "$final_path" +sudo cp -a "$tmpdir/store" "${final_path}" +sudo cp -a "$tmpdir/.htconfig.php" "${final_path}" +sudo cp -a "$tmpdir/php.log" "${final_path}" +sudo rm -Rf "$tmpdir" +sudo chmod -R 777 $final_path/store +sudo mkdir $final_path/addon +ynh_setup_source "$final_path/addon" "app_addons" + + +#================================================= +# NGINX CONFIGURATION +#================================================= +ynh_print_info "Upgrading nginx web server configuration..." + +# Create a dedicated nginx config +ynh_add_nginx_config + +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_print_info "Making sure dedicated system user exists..." + +# Create a dedicated user (if not existing) +ynh_system_user_create $app + +# Set right permissions for curl install +chown -R $app: $final_path + +#================================================= +# PHP-FPM CONFIGURATION +#================================================= +ynh_print_info "Upgrading php-fpm configuration..." + +# Create a dedicated php-fpm config +ynh_add_fpm_config + + +### Verify the checksum of a file, stored by `ynh_store_file_checksum` in the install script. +### And create a backup of this file if the checksum is different. So the file will be backed up if the admin had modified it. +ynh_backup_if_checksum_is_different "$final_path/.htconfig.php" +# Recalculate and store the config file checksum into the app settings +ynh_store_file_checksum "$final_path/.htconfig.php" + +#================================================= +# SETUP LOGROTATE +#================================================= +ynh_print_info "Upgrading logrotate configuration..." + +# Use logrotate to manage app-specific logfile(s) +ynh_use_logrotate --non-append + +#================================================= +# SETUP FAIL2BAN +#================================================= +ynh_print_info "Add Fail2Ban..." +ynh_add_fail2ban_config "$final_path/php.log" "^.*auth\.php.*failed login attempt.*from IP .*$" 5 + +# Set cron job +ynh_print_info "Setting up cron job..." +ynh_replace_string "YNH_WWW_PATH" "$final_path" ../conf/poller-cron +ynh_replace_string "__USER__" "$app" ../conf/poller-cron +sudo cp ../conf/poller-cron /etc/cron.d/$app + +#================================================= +# UPGRADE DEPENDENCIES +#================================================= +ynh_print_info "Upgrading dependencies..." + +ynh_install_app_dependencies $pkg_dependencies + +#================================================= +# SETUP SSOWAT +#================================================= +# As Hubzilla is social network and have its own permission there is no need to keep Hubzilla behind SSO +ynh_print_info "Configuring SSOwat..." +ynh_app_setting_set $app skipped_uris "/" + +#================================================= +# RELOAD NGINX +#================================================= +ynh_print_info "Reloading nginx web server..." + +systemctl reload nginx + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_print_info "Upgrade of $app completed"