mirror of
https://github.com/YunoHost-Apps/synapse_ynh.git
synced 2024-09-03 20:26:38 +02:00
Solve error with custom certificat
This commit is contained in:
parent
f4805d6996
commit
0dcd75eeeb
5 changed files with 106 additions and 19 deletions
|
@ -3,21 +3,20 @@
|
||||||
# Commentaire ignoré
|
# Commentaire ignoré
|
||||||
; Manifest
|
; Manifest
|
||||||
domain="$DOMAIN" (DOMAIN)
|
domain="$DOMAIN" (DOMAIN)
|
||||||
path="$PATH" (PATH)
|
|
||||||
is_public=1 (PUBLIC|public=1|private=0)
|
is_public=1 (PUBLIC|public=1|private=0)
|
||||||
; Checks
|
; Checks
|
||||||
pkg_linter=1
|
pkg_linter=1
|
||||||
setup_sub_dir=1
|
setup_sub_dir=1
|
||||||
setup_root=1
|
setup_root=0
|
||||||
setup_nourl=0
|
setup_nourl=1
|
||||||
setup_private=1
|
setup_private=1
|
||||||
setup_public=1
|
setup_public=1
|
||||||
upgrade=1
|
upgrade=1
|
||||||
backup_restore=1
|
backup_restore=1
|
||||||
multi_instance=0
|
multi_instance=0
|
||||||
wrong_user=1
|
wrong_user=0
|
||||||
wrong_path=1
|
wrong_path=2
|
||||||
incorrect_path=1
|
incorrect_path=0
|
||||||
corrupt_source=1
|
corrupt_source=1
|
||||||
fail_download_source=1
|
fail_download_source=1
|
||||||
port_already_use=1 (8008)
|
port_already_use=1 (8008)
|
||||||
|
|
|
@ -50,13 +50,53 @@ GET_DEBIAN_VERSION() {
|
||||||
}
|
}
|
||||||
|
|
||||||
enable_backport_repos() {
|
enable_backport_repos() {
|
||||||
if [[ -z "$(grep -e "^deb .*/.* $debian_version-backports main" /etc/apt/sources.list ; grep -e "^deb .*/.* $debian_version-backports main" /etc/apt/sources.list.d/*)" ]]
|
if [[ -z "$(grep -e "^deb .*/.* $debian_version-backports main" /etc/apt/sources.list ; grep -e "^deb .*/.* $debian_version-backports main" /etc/apt/sources.list.d/*.list)" ]]
|
||||||
then
|
then
|
||||||
echo "deb $(grep -m 1 "^deb .* $debian_version .*main" /etc/apt/sources.list | cut -d ' ' -f2) $debian_version-backports main contrib non-free" | sudo tee -a "/etc/apt/sources.list"
|
echo "deb $(grep -m 1 "^deb .* $debian_version .*main" /etc/apt/sources.list | cut -d ' ' -f2) $debian_version-backports main contrib non-free" | sudo tee -a "/etc/apt/sources.list"
|
||||||
fi
|
fi
|
||||||
ynh_package_update
|
ynh_package_update
|
||||||
}
|
}
|
||||||
|
|
||||||
|
set_access() { # example : set_access USER FILE
|
||||||
|
user="$1"
|
||||||
|
file_to_set="$2"
|
||||||
|
while [[ 0 ]]
|
||||||
|
do
|
||||||
|
path_to_set=""
|
||||||
|
oldIFS="$IFS"
|
||||||
|
IFS="/"
|
||||||
|
for dirname in $file_to_set
|
||||||
|
do
|
||||||
|
if [[ -n "$dirname" ]]
|
||||||
|
then
|
||||||
|
sudo test -f "$path_to_set"/"$dirname" && sudo setfacl -m d:u:$user:r "$path_to_set"
|
||||||
|
|
||||||
|
path_to_set="$path_to_set/$dirname"
|
||||||
|
|
||||||
|
if $(sudo sudo -u $user test ! -r "$path_to_set")
|
||||||
|
then
|
||||||
|
sudo test -d "$path_to_set" && sudo setfacl -m user:$user:rx "$path_to_set"
|
||||||
|
sudo test -f "$path_to_set" && sudo setfacl -m user:$user:r "$path_to_set"
|
||||||
|
sudo test -L "$path_to_set" && sudo setfacl -m user:$user:r "$path_to_set"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
IFS="$oldIFS"
|
||||||
|
|
||||||
|
if $(sudo test -L "$file_to_set")
|
||||||
|
then
|
||||||
|
if [[ -n "$(sudo readlink "$file_to_set" | grep -e "^/")" ]]
|
||||||
|
then
|
||||||
|
file_to_set=$(sudo readlink "$file_to_set") # If it is an absolute path
|
||||||
|
else
|
||||||
|
file_to_set=$(sudo realpath -s -m "$(echo "$file_to_set" | cut -d'/' -f-$(echo "$file_to_set" | grep -o '/' | wc -l))/$(sudo readlink "$file_to_set")") # If it is an relative path (we get with realpath the absolute path)
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
CHECK_VAR () { # Vérifie que la variable n'est pas vide.
|
CHECK_VAR () { # Vérifie que la variable n'est pas vide.
|
||||||
# $1 = Variable à vérifier
|
# $1 = Variable à vérifier
|
||||||
# $2 = Texte à afficher en cas d'erreur
|
# $2 = Texte à afficher en cas d'erreur
|
||||||
|
|
|
@ -99,13 +99,13 @@ sudo sed -i "s@__DOMAIN__@$domain@g" /etc/turnserver.conf
|
||||||
sudo sed -i "s@__TLS_PORT__@$turnserver_tls_port@g" /etc/turnserver.conf
|
sudo sed -i "s@__TLS_PORT__@$turnserver_tls_port@g" /etc/turnserver.conf
|
||||||
|
|
||||||
# Configure access for certificates
|
# Configure access for certificates
|
||||||
sudo setfacl -m user:matrix-synapse:r /etc/yunohost/certs/$domain/crt.pem
|
set_access matrix-synapse /etc/yunohost/certs/$domain/crt.pem
|
||||||
sudo setfacl -m user:matrix-synapse:r /etc/yunohost/certs/$domain/key.pem
|
set_access matrix-synapse /etc/yunohost/certs/$domain/key.pem
|
||||||
sudo setfacl -m user:matrix-synapse:r /etc/yunohost/certs/$domain/dh.pem
|
set_access matrix-synapse /etc/yunohost/certs/$domain/dh.pem
|
||||||
|
|
||||||
sudo setfacl -m user:turnserver:r /etc/yunohost/certs/$domain/crt.pem
|
set_access turnserver /etc/yunohost/certs/$domain/crt.pem
|
||||||
sudo setfacl -m user:turnserver:r /etc/yunohost/certs/$domain/key.pem
|
set_access turnserver /etc/yunohost/certs/$domain/key.pem
|
||||||
sudo setfacl -m user:turnserver:r /etc/yunohost/certs/$domain/dh.pem
|
set_access turnserver /etc/yunohost/certs/$domain/dh.pem
|
||||||
|
|
||||||
# Configuration de logrotate
|
# Configuration de logrotate
|
||||||
sed -i "s@__APP__@$app@g" ../conf/logrotate
|
sed -i "s@__APP__@$app@g" ../conf/logrotate
|
||||||
|
|
|
@ -66,6 +66,45 @@ enable_backport_repos() {
|
||||||
ynh_package_update
|
ynh_package_update
|
||||||
}
|
}
|
||||||
|
|
||||||
|
set_access() { # example : set_access USER FILE
|
||||||
|
user="$1"
|
||||||
|
file_to_set="$2"
|
||||||
|
while [[ 0 ]]
|
||||||
|
do
|
||||||
|
path_to_set=""
|
||||||
|
oldIFS="$IFS"
|
||||||
|
IFS="/"
|
||||||
|
for dirname in $file_to_set
|
||||||
|
do
|
||||||
|
if [[ -n "$dirname" ]]
|
||||||
|
then
|
||||||
|
sudo test -f "$path_to_set"/"$dirname" && sudo setfacl -m d:u:$user:r "$path_to_set"
|
||||||
|
|
||||||
|
path_to_set="$path_to_set/$dirname"
|
||||||
|
|
||||||
|
if $(sudo sudo -u $user test ! -r "$path_to_set")
|
||||||
|
then
|
||||||
|
sudo test -d "$path_to_set" && sudo setfacl -m user:$user:rx "$path_to_set"
|
||||||
|
sudo test -f "$path_to_set" && sudo setfacl -m user:$user:r "$path_to_set"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
IFS="$oldIFS"
|
||||||
|
|
||||||
|
if $(sudo test -L "$file_to_set")
|
||||||
|
then
|
||||||
|
if [[ -n "$(sudo readlink "$file_to_set" | grep -e "^/")" ]]
|
||||||
|
then
|
||||||
|
file_to_set=$(sudo readlink "$file_to_set") # If it is an absolute path
|
||||||
|
else
|
||||||
|
file_to_set=$(sudo realpath -s -m "$(echo "$file_to_set" | cut -d'/' -f-$(echo "$file_to_set" | grep -o '/' | wc -l))/$(sudo readlink "$file_to_set")") # If it is an relative path (we get with realpath the absolute path)
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
CHECK_VAR () { # Vérifie que la variable n'est pas vide.
|
CHECK_VAR () { # Vérifie que la variable n'est pas vide.
|
||||||
# $1 = Variable à vérifier
|
# $1 = Variable à vérifier
|
||||||
# $2 = Texte à afficher en cas d'erreur
|
# $2 = Texte à afficher en cas d'erreur
|
||||||
|
@ -201,13 +240,13 @@ sudo cp -a ./coturn_config_default "/etc/default/coturn"
|
||||||
sudo cp -a ./data/. "/var/lib/matrix-synapse/."
|
sudo cp -a ./data/. "/var/lib/matrix-synapse/."
|
||||||
|
|
||||||
# Configure access for certificates
|
# Configure access for certificates
|
||||||
sudo setfacl -m user:matrix-synapse:r /etc/yunohost/certs/$domain/crt.pem
|
set_access matrix-synapse /etc/yunohost/certs/$domain/crt.pem
|
||||||
sudo setfacl -m user:matrix-synapse:r /etc/yunohost/certs/$domain/key.pem
|
set_access matrix-synapse /etc/yunohost/certs/$domain/key.pem
|
||||||
sudo setfacl -m user:matrix-synapse:r /etc/yunohost/certs/$domain/dh.pem
|
set_access matrix-synapse /etc/yunohost/certs/$domain/dh.pem
|
||||||
|
|
||||||
sudo setfacl -m user:turnserver:r /etc/yunohost/certs/$domain/crt.pem
|
set_access turnserver /etc/yunohost/certs/$domain/crt.pem
|
||||||
sudo setfacl -m user:turnserver:r /etc/yunohost/certs/$domain/key.pem
|
set_access turnserver /etc/yunohost/certs/$domain/key.pem
|
||||||
sudo setfacl -m user:turnserver:r /etc/yunohost/certs/$domain/dh.pem
|
set_access turnserver /etc/yunohost/certs/$domain/dh.pem
|
||||||
|
|
||||||
# Ouvre le port dans le firewall
|
# Ouvre le port dans le firewall
|
||||||
sudo yunohost firewall allow --no-upnp TCP $synapse_tls_port > /dev/null 2>&1
|
sudo yunohost firewall allow --no-upnp TCP $synapse_tls_port > /dev/null 2>&1
|
||||||
|
|
|
@ -37,6 +37,15 @@ sudo sed -i "s@__TLS_PORT__@$synapse_tls_port@g" /etc/matrix-synapse/homeserver.
|
||||||
sudo sed -i "s@__TURNSERVER_TLS_PORT__@$turnserver_tls_port@g" /etc/matrix-synapse/homeserver.yaml
|
sudo sed -i "s@__TURNSERVER_TLS_PORT__@$turnserver_tls_port@g" /etc/matrix-synapse/homeserver.yaml
|
||||||
sudo sed -i "s@__TURNPWD__@$turnserver_pwd@g" /etc/matrix-synapse/homeserver.yaml
|
sudo sed -i "s@__TURNPWD__@$turnserver_pwd@g" /etc/matrix-synapse/homeserver.yaml
|
||||||
|
|
||||||
|
# Configure access for certificates
|
||||||
|
set_access matrix-synapse /etc/yunohost/certs/$domain/crt.pem
|
||||||
|
set_access matrix-synapse /etc/yunohost/certs/$domain/key.pem
|
||||||
|
set_access matrix-synapse /etc/yunohost/certs/$domain/dh.pem
|
||||||
|
|
||||||
|
set_access turnserver /etc/yunohost/certs/$domain/crt.pem
|
||||||
|
set_access turnserver /etc/yunohost/certs/$domain/key.pem
|
||||||
|
set_access turnserver /etc/yunohost/certs/$domain/dh.pem
|
||||||
|
|
||||||
if [ "$is_public" = "0" ]
|
if [ "$is_public" = "0" ]
|
||||||
then
|
then
|
||||||
sudo sed -i "s@__ALLOWED_ACCESS__@False@g" /etc/matrix-synapse/homeserver.yaml
|
sudo sed -i "s@__ALLOWED_ACCESS__@False@g" /etc/matrix-synapse/homeserver.yaml
|
||||||
|
|
Loading…
Reference in a new issue