diff --git a/check_process b/check_process index bc8552a..d723240 100644 --- a/check_process +++ b/check_process @@ -1,14 +1,15 @@ -;; Nom du test -# Commentaire ignoré +# See here for more information +# https://github.com/YunoHost/package_check#syntax-check_process-file + +# Move this file from check_process.default to check_process when you have filled it. +;; Test complet ; Manifest domain="domain.tld" (DOMAIN) path="/path" (PATH) username="john" name="john" email="admin@example.com" - password="password" -# is_public="Yes" (PUBLIC|public=Yes|private=No) - is_public=1 (PUBLIC|public=1|private=0) + is_public=1 (PUBLIC|public=1|private=0) ; Checks pkg_linter=1 setup_sub_dir=1 @@ -26,7 +27,9 @@ Level 1=auto Level 2=auto Level 3=auto - Level 4=0 +# Level 4: If the app supports LDAP and SSOwat, turn level 4 to '1' and add a link to an issue or a part of your code to show it. +# If the app does not use LDAP nor SSOwat, and can't use them, turn level 4 to 'na' and explain as well. + Level 4=na # Not supported by the core app yet Level 5=auto Level 6=auto Level 7=auto @@ -34,5 +37,5 @@ Level 9=0 Level 10=0 ;;; Options -Email= -Notification=none +Email=anmol@datamol.org +Notification=yes diff --git a/conf/nginx.conf b/conf/nginx.conf index 7472207..398f4ba 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -16,7 +16,7 @@ location __PATH__ { try_files $uri $uri/ index.php; location ~ [^/]\.php(/|$) { fastcgi_split_path_info ^(.+?\.php)(/.*)$; - fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_pass unix:/var/run/php5-fpm-__NAME__.sock; # Filename to be changed if dedicated php-fpm process is required # This is to be used INSTEAD of line above diff --git a/conf/php-fpm.conf b/conf/php-fpm.conf new file mode 100644 index 0000000..8affbc2 --- /dev/null +++ b/conf/php-fpm.conf @@ -0,0 +1,392 @@ +; Start a new pool named 'www'. +; the variable $pool can we used in any directive and will be replaced by the +; pool name ('www' here) +[__NAMETOCHANGE__] + +; Per pool prefix +; It only applies on the following directives: +; - 'slowlog' +; - 'listen' (unixsocket) +; - 'chroot' +; - 'chdir' +; - 'php_values' +; - 'php_admin_values' +; When not set, the global prefix (or /usr) applies instead. +; Note: This directive can also be relative to the global prefix. +; Default Value: none +;prefix = /path/to/pools/$pool + +; Unix user/group of processes +; Note: The user is mandatory. If the group is not set, the default user's group +; will be used. +user = __USER__ +group = __USER__ + +; The address on which to accept FastCGI requests. +; Valid syntaxes are: +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses on a +; specific port; +; '/path/to/unix/socket' - to listen on a unix socket. +; Note: This value is mandatory. +listen = /var/run/php5-fpm-__NAMETOCHANGE__.sock + +; Set listen(2) backlog. A value of '-1' means unlimited. +; Default Value: 128 (-1 on FreeBSD and OpenBSD) +;listen.backlog = 128 + +; Set permissions for unix socket, if one is used. In Linux, read/write +; permissions must be set in order to allow connections from a web server. Many +; BSD-derived systems allow connections regardless of permissions. +; Default Values: user and group are set as the running user +; mode is set to 0660 +listen.owner = www-data +listen.group = www-data +;listen.mode = 0660 + +; List of ipv4 addresses of FastCGI clients which are allowed to connect. +; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original +; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address +; must be separated by a comma. If this value is left blank, connections will be +; accepted from any ip address. +; Default Value: any +;listen.allowed_clients = 127.0.0.1 + +; Specify the nice(2) priority to apply to the pool processes (only if set) +; The value can vary from -19 (highest priority) to 20 (lower priority) +; Note: - It will only work if the FPM master process is launched as root +; - The pool processes will inherit the master process priority +; unless it specified otherwise +; Default Value: no set +; priority = -19 + +; Choose how the process manager will control the number of child processes. +; Possible Values: +; static - a fixed number (pm.max_children) of child processes; +; dynamic - the number of child processes are set dynamically based on the +; following directives. With this process management, there will be +; always at least 1 children. +; pm.max_children - the maximum number of children that can +; be alive at the same time. +; pm.start_servers - the number of children created on startup. +; pm.min_spare_servers - the minimum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is less than this +; number then some children will be created. +; pm.max_spare_servers - the maximum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is greater than this +; number then some children will be killed. +; ondemand - no children are created at startup. Children will be forked when +; new requests will connect. The following parameter are used: +; pm.max_children - the maximum number of children that +; can be alive at the same time. +; pm.process_idle_timeout - The number of seconds after which +; an idle process will be killed. +; Note: This value is mandatory. +pm = dynamic + +; The number of child processes to be created when pm is set to 'static' and the +; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. +; This value sets the limit on the number of simultaneous requests that will be +; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. +; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP +; CGI. The below defaults are based on a server without much resources. Don't +; forget to tweak pm.* to fit your needs. +; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' +; Note: This value is mandatory. +pm.max_children = 10 + +; The number of child processes created on startup. +; Note: Used only when pm is set to 'dynamic' +; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 +pm.start_servers = 2 + +; The desired minimum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.min_spare_servers = 1 + +; The desired maximum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.max_spare_servers = 3 + +; The number of seconds after which an idle process will be killed. +; Note: Used only when pm is set to 'ondemand' +; Default Value: 10s +;pm.process_idle_timeout = 10s; + +; The number of requests each child process should execute before respawning. +; This can be useful to work around memory leaks in 3rd party libraries. For +; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. +; Default Value: 0 +pm.max_requests = 500 + +; The URI to view the FPM status page. If this value is not set, no URI will be +; recognized as a status page. It shows the following informations: +; pool - the name of the pool; +; process manager - static, dynamic or ondemand; +; start time - the date and time FPM has started; +; start since - number of seconds since FPM has started; +; accepted conn - the number of request accepted by the pool; +; listen queue - the number of request in the queue of pending +; connections (see backlog in listen(2)); +; max listen queue - the maximum number of requests in the queue +; of pending connections since FPM has started; +; listen queue len - the size of the socket queue of pending connections; +; idle processes - the number of idle processes; +; active processes - the number of active processes; +; total processes - the number of idle + active processes; +; max active processes - the maximum number of active processes since FPM +; has started; +; max children reached - number of times, the process limit has been reached, +; when pm tries to start more children (works only for +; pm 'dynamic' and 'ondemand'); +; Value are updated in real time. +; Example output: +; pool: www +; process manager: static +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 62636 +; accepted conn: 190460 +; listen queue: 0 +; max listen queue: 1 +; listen queue len: 42 +; idle processes: 4 +; active processes: 11 +; total processes: 15 +; max active processes: 12 +; max children reached: 0 +; +; By default the status page output is formatted as text/plain. Passing either +; 'html', 'xml' or 'json' in the query string will return the corresponding +; output syntax. Example: +; http://www.foo.bar/status +; http://www.foo.bar/status?json +; http://www.foo.bar/status?html +; http://www.foo.bar/status?xml +; +; By default the status page only outputs short status. Passing 'full' in the +; query string will also return status for each pool process. +; Example: +; http://www.foo.bar/status?full +; http://www.foo.bar/status?json&full +; http://www.foo.bar/status?html&full +; http://www.foo.bar/status?xml&full +; The Full status returns for each process: +; pid - the PID of the process; +; state - the state of the process (Idle, Running, ...); +; start time - the date and time the process has started; +; start since - the number of seconds since the process has started; +; requests - the number of requests the process has served; +; request duration - the duration in µs of the requests; +; request method - the request method (GET, POST, ...); +; request URI - the request URI with the query string; +; content length - the content length of the request (only with POST); +; user - the user (PHP_AUTH_USER) (or '-' if not set); +; script - the main script called (or '-' if not set); +; last request cpu - the %cpu the last request consumed +; it's always 0 if the process is not in Idle state +; because CPU calculation is done when the request +; processing has terminated; +; last request memory - the max amount of memory the last request consumed +; it's always 0 if the process is not in Idle state +; because memory calculation is done when the request +; processing has terminated; +; If the process is in Idle state, then informations are related to the +; last request the process has served. Otherwise informations are related to +; the current request being served. +; Example output: +; ************************ +; pid: 31330 +; state: Running +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 63087 +; requests: 12808 +; request duration: 1250261 +; request method: GET +; request URI: /test_mem.php?N=10000 +; content length: 0 +; user: - +; script: /home/fat/web/docs/php/test_mem.php +; last request cpu: 0.00 +; last request memory: 0 +; +; Note: There is a real-time FPM status monitoring sample web page available +; It's available in: ${prefix}/share/fpm/status.html +; +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;pm.status_path = /status + +; The ping URI to call the monitoring page of FPM. If this value is not set, no +; URI will be recognized as a ping page. This could be used to test from outside +; that FPM is alive and responding, or to +; - create a graph of FPM availability (rrd or such); +; - remove a server from a group if it is not responding (load balancing); +; - trigger alerts for the operating team (24/7). +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;ping.path = /ping + +; This directive may be used to customize the response of a ping request. The +; response is formatted as text/plain with a 200 response code. +; Default Value: pong +;ping.response = pong + +; The access log file +; Default: not set +;access.log = log/$pool.access.log + +; The access log format. +; The following syntax is allowed +; %%: the '%' character +; %C: %CPU used by the request +; it can accept the following format: +; - %{user}C for user CPU only +; - %{system}C for system CPU only +; - %{total}C for user + system CPU (default) +; %d: time taken to serve the request +; it can accept the following format: +; - %{seconds}d (default) +; - %{miliseconds}d +; - %{mili}d +; - %{microseconds}d +; - %{micro}d +; %e: an environment variable (same as $_ENV or $_SERVER) +; it must be associated with embraces to specify the name of the env +; variable. Some exemples: +; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e +; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e +; %f: script filename +; %l: content-length of the request (for POST request only) +; %m: request method +; %M: peak of memory allocated by PHP +; it can accept the following format: +; - %{bytes}M (default) +; - %{kilobytes}M +; - %{kilo}M +; - %{megabytes}M +; - %{mega}M +; %n: pool name +; %o: ouput header +; it must be associated with embraces to specify the name of the header: +; - %{Content-Type}o +; - %{X-Powered-By}o +; - %{Transfert-Encoding}o +; - .... +; %p: PID of the child that serviced the request +; %P: PID of the parent of the child that serviced the request +; %q: the query string +; %Q: the '?' character if query string exists +; %r: the request URI (without the query string, see %q and %Q) +; %R: remote IP address +; %s: status (response code) +; %t: server time the request was received +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; %T: time the log has been written (the request has finished) +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; %u: remote user +; +; Default: "%R - %u %t \"%m %r\" %s" +;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" + +; The log file for slow requests +; Default Value: not set +; Note: slowlog is mandatory if request_slowlog_timeout is set +slowlog = /var/log/nginx/__NAMETOCHANGE__.slow.log + +; The timeout for serving a single request after which a PHP backtrace will be +; dumped to the 'slowlog' file. A value of '0s' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +request_slowlog_timeout = 5s + +; The timeout for serving a single request after which the worker process will +; be killed. This option should be used when the 'max_execution_time' ini option +; does not stop script execution for some reason. A value of '0' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +request_terminate_timeout = 1d + +; Set open file descriptor rlimit. +; Default Value: system defined value +;rlimit_files = 1024 + +; Set max core size rlimit. +; Possible Values: 'unlimited' or an integer greater or equal to 0 +; Default Value: system defined value +;rlimit_core = 0 + +; Chroot to this directory at the start. This value must be defined as an +; absolute path. When this value is not set, chroot is not used. +; Note: you can prefix with '$prefix' to chroot to the pool prefix or one +; of its subdirectories. If the pool prefix is not set, the global prefix +; will be used instead. +; Note: chrooting is a great security feature and should be used whenever +; possible. However, all PHP paths will be relative to the chroot +; (error_log, sessions.save_path, ...). +; Default Value: not set +;chroot = + +; Chdir to this directory at the start. +; Note: relative path can be used. +; Default Value: current directory or / when chroot +chdir = __FINALPATH__ + +; Redirect worker stdout and stderr into main error log. If not set, stdout and +; stderr will be redirected to /dev/null according to FastCGI specs. +; Note: on highloaded environement, this can cause some delay in the page +; process time (several ms). +; Default Value: no +catch_workers_output = yes + +; Limits the extensions of the main script FPM will allow to parse. This can +; prevent configuration mistakes on the web server side. You should only limit +; FPM to .php extensions to prevent malicious users to use other extensions to +; exectute php code. +; Note: set an empty value to allow all extensions. +; Default Value: .php +;security.limit_extensions = .php .php3 .php4 .php5 + +; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from +; the current environment. +; Default Value: clean env +;env[HOSTNAME] = $HOSTNAME +;env[PATH] = /usr/local/bin:/usr/bin:/bin +;env[TMP] = /tmp +;env[TMPDIR] = /tmp +;env[TEMP] = /tmp + +; Additional php.ini defines, specific to this pool of workers. These settings +; overwrite the values previously defined in the php.ini. The directives are the +; same as the PHP SAPI: +; php_value/php_flag - you can set classic ini defines which can +; be overwritten from PHP call 'ini_set'. +; php_admin_value/php_admin_flag - these directives won't be overwritten by +; PHP call 'ini_set' +; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. + +; Defining 'extension' will load the corresponding shared extension from +; extension_dir. Defining 'disable_functions' or 'disable_classes' will not +; overwrite previously defined php.ini values, but will append the new value +; instead. + +; Note: path INI options can be relative and will be expanded with the prefix +; (pool, global or /usr) + +; Default Value: nothing is defined by default except the values in php.ini and +; specified at startup with the -d argument +;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com +;php_flag[display_errors] = off +;php_admin_value[error_log] = /var/log/fpm-php.www.log +;php_admin_flag[log_errors] = on +;php_admin_value[memory_limit] = 32M diff --git a/conf/php-fpm.ini b/conf/php-fpm.ini new file mode 100644 index 0000000..5c27d59 --- /dev/null +++ b/conf/php-fpm.ini @@ -0,0 +1,10 @@ +; Common values to change to increase file upload limit +; upload_max_filesize = 50M +; post_max_size = 50M +; mail.add_x_header = Off + +; Other common parameters +; max_execution_time = 600 +; max_input_time = 300 +; memory_limit = 256M +; short_open_tag = On diff --git a/manifest.json b/manifest.json index e67371b..9e680a5 100644 --- a/manifest.json +++ b/manifest.json @@ -61,14 +61,6 @@ }, "example": "admin@example.com" }, - { - "name": "password", - "type": "password", - "ask": { - "en": "Password for the admin account (At least 6 characters long)" - }, - "example": "admin@example.com" - }, { "name": "is_public", "type": "boolean", diff --git a/scripts/_common.sh b/scripts/_common.sh index 0f53f77..9fd3604 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -1,112 +1,71 @@ #!/bin/bash -# ============================================================================= -# YUNOHOST 2.7 FORTHCOMING HELPERS -# ============================================================================= - -# Create a dedicated nginx config +# ============= FUTURE YUNOHOST HELPER ============= +# Delete a file checksum from the app settings # -# usage: ynh_add_nginx_config -ynh_add_nginx_config () { - finalnginxconf="/etc/nginx/conf.d/$domain.d/$app.conf" - ynh_backup_if_checksum_is_different "$finalnginxconf" - sudo cp ../conf/nginx.conf "$finalnginxconf" - - # To avoid a break by set -u, use a void substitution ${var:-}. If the variable is not set, it's simply set with an empty variable. - # Substitute in a nginx config file only if the variable is not empty - if test -n "${path_url:-}"; then - ynh_replace_string "__PATH__" "$path_url" "$finalnginxconf" - fi - if test -n "${domain:-}"; then - ynh_replace_string "__DOMAIN__" "$domain" "$finalnginxconf" - fi - if test -n "${port:-}"; then - ynh_replace_string "__PORT__" "$port" "$finalnginxconf" - fi - if test -n "${app:-}"; then - ynh_replace_string "__NAME__" "$app" "$finalnginxconf" - fi - if test -n "${final_path:-}"; then - ynh_replace_string "__FINALPATH__" "$final_path" "$finalnginxconf" - fi - ynh_store_file_checksum "$finalnginxconf" - - sudo systemctl reload nginx +# $app should be defined when calling this helper +# +# usage: ynh_remove_file_checksum file +# | arg: file - The file for which the checksum will be deleted +ynh_delete_file_checksum () { + local checksum_setting_name=checksum_${1//[\/ ]/_} # Replace all '/' and ' ' by '_' + ynh_app_setting_delete $app $checksum_setting_name } -# Remove the dedicated nginx config -# -# usage: ynh_remove_nginx_config -ynh_remove_nginx_config () { - ynh_secure_remove "/etc/nginx/conf.d/$domain.d/$app.conf" - sudo systemctl reload nginx -} -# Create a dedicated php-fpm config +# Send an email to inform the administrator # -# usage: ynh_add_fpm_config -ynh_add_fpm_config () { - finalphpconf="/etc/php5/fpm/pool.d/$app.conf" - ynh_backup_if_checksum_is_different "$finalphpconf" - sudo cp ../conf/php-fpm.conf "$finalphpconf" - ynh_replace_string "__NAMETOCHANGE__" "$app" "$finalphpconf" - ynh_replace_string "__FINALPATH__" "$final_path" "$finalphpconf" - ynh_replace_string "__USER__" "$app" "$finalphpconf" - sudo chown root: "$finalphpconf" - ynh_store_file_checksum "$finalphpconf" +# usage: ynh_send_readme_to_admin app_message [recipients] +# | arg: app_message - The message to send to the administrator. +# | arg: recipients - The recipients of this email. Use spaces to separate multiples recipients. - default: root +# example: "root admin@domain" +# If you give the name of a YunoHost user, ynh_send_readme_to_admin will find its email adress for you +# example: "root admin@domain user1 user2" +ynh_send_readme_to_admin() { + local app_message="${1:-...No specific information...}" + local recipients="${2:-root}" - if [ -e "../conf/php-fpm.ini" ] + # Retrieve the email of users + find_mails () { + local list_mails="$1" + local mail + local recipients=" " + # Read each mail in argument + for mail in $list_mails + do + # Keep root or a real email address as it is + if [ "$mail" = "root" ] || echo "$mail" | grep --quiet "@" + then + recipients="$recipients $mail" + else + # But replace an user name without a domain after by its email + if mail=$(ynh_user_get_info "$mail" "mail" 2> /dev/null) + then + recipients="$recipients $mail" + fi + fi + done + echo "$recipients" + } + recipients=$(find_mails "$recipients") + + local mail_subject="☁️🆈🅽🅷☁️: \`$app\` has important message for you" + + local mail_message="This is an automated message from your beloved YunoHost server. +Specific information for the application $app. +$app_message +--- +Automatic diagnosis data from YunoHost +$(yunohost tools diagnosis | grep -B 100 "services:" | sed '/services:/d')" + + # Define binary to use for mail command + if [ -e /usr/bin/bsd-mailx ] then - finalphpini="/etc/php5/fpm/conf.d/20-$app.ini" - ynh_backup_if_checksum_is_different "$finalphpini" - sudo cp ../conf/php-fpm.ini "$finalphpini" - sudo chown root: "$finalphpini" - ynh_store_file_checksum "$finalphpini" + local mail_bin=/usr/bin/bsd-mailx + else + local mail_bin=/usr/bin/mail.mailutils fi - sudo systemctl reload php5-fpm -} - -# Remove the dedicated php-fpm config -# -# usage: ynh_remove_fpm_config -ynh_remove_fpm_config () { - ynh_secure_remove "/etc/php5/fpm/pool.d/$app.conf" - ynh_secure_remove "/etc/php5/fpm/conf.d/20-$app.ini" 2>&1 - sudo systemctl reload php5-fpm -} - -# Create a dedicated systemd config -# -# usage: ynh_add_systemd_config -ynh_add_systemd_config () { - finalsystemdconf="/etc/systemd/system/$app.service" - ynh_backup_if_checksum_is_different "$finalsystemdconf" - sudo cp ../conf/systemd.service "$finalsystemdconf" - - # To avoid a break by set -u, use a void substitution ${var:-}. If the variable is not set, it's simply set with an empty variable. - # Substitute in a nginx config file only if the variable is not empty - if test -n "${final_path:-}"; then - ynh_replace_string "__FINALPATH__" "$final_path" "$finalsystemdconf" - fi - if test -n "${app:-}"; then - ynh_replace_string "__APP__" "$app" "$finalsystemdconf" - fi - ynh_store_file_checksum "$finalsystemdconf" - - sudo chown root: "$finalsystemdconf" - sudo systemctl enable $app - sudo systemctl daemon-reload -} - -# Remove the dedicated systemd config -# -# usage: ynh_remove_systemd_config -ynh_remove_systemd_config () { - finalsystemdconf="/etc/systemd/system/$app.service" - if [ -e "$finalsystemdconf" ]; then - sudo systemctl stop $app - sudo systemctl disable $app - ynh_secure_remove "$finalsystemdconf" - fi + # Send the email to the recipients + echo "$mail_message" | $mail_bin -a "Content-Type: text/plain; charset=UTF-8" -s "$mail_subject" "$recipients" } diff --git a/scripts/backup b/scripts/backup index 027a834..6ff479b 100755 --- a/scripts/backup +++ b/scripts/backup @@ -2,27 +2,28 @@ #================================================= # GENERIC START -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -# Exit on command errors and treat access to unset variables as an error -set -eu - - #================================================= # IMPORT GENERIC HELPERS #================================================= -if [ ! -e _common.sh ]; then - # Get the _common.sh file if it's not in the current directory - cp ../settings/scripts/_common.sh ./_common.sh - chmod a+rx _common.sh -fi -source _common.sh +source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers -# See comments in install script +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + +ynh_clean_setup () { + ### Remove this function if there's nothing to clean before calling the remove script. + true +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# LOAD SETTINGS +#================================================= + app=$YNH_APP_INSTANCE_NAME final_path=$(ynh_app_setting_get $app final_path) @@ -36,13 +37,20 @@ db_pwd=$(ynh_app_setting_get $app mysqlpwd) # BACKUP THE APP MAIN DIR #================================================= -ynh_backup "$final_path" "$final_path" +ynh_backup "$final_path" #================================================= # BACKUP THE NGINX CONFIGURATION #================================================= -ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" "/etc/nginx/conf.d/$domain.d/$app.conf" +ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" + +#================================================= +# BACKUP THE PHP-FPM CONFIGURATION +#================================================= + +ynh_backup "/etc/php5/fpm/pool.d/$app.conf" +ynh_backup "/etc/php5/fpm/conf.d/20-$app.ini" #================================================= # BACKUP THE MYSQL DATABASE @@ -50,9 +58,3 @@ ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" "/etc/nginx/conf.d/$domain.d/ ynh_mysql_dump_db "$db_name" > db.sql - -### PHP (remove if not used) ### -# If a dedicated php-fpm process is used: -# # Copy PHP-FPM pool configuration -# ynh_backup "/etc/php5/fpm/pool.d/${app}.conf" "php-fpm.conf" -### PHP end ### diff --git a/scripts/install b/scripts/install index c80be0a..b58ab77 100755 --- a/scripts/install +++ b/scripts/install @@ -25,8 +25,6 @@ ynh_abort_if_errors # RETRIEVE ARGUMENTS FROM THE MANIFEST #================================================= -app=$YNH_APP_INSTANCE_NAME - # Retrieve arguments domain=$YNH_APP_ARG_DOMAIN path_url=$YNH_APP_ARG_PATH @@ -34,11 +32,28 @@ is_public=$YNH_APP_ARG_IS_PUBLIC admin_username=$YNH_APP_ARG_USERNAME admin_name=$YNH_APP_ARG_NAME admin_email=$YNH_APP_ARG_EMAIL -admin_password=$(openssl passwd -1 -salt xyz $YNH_APP_ARG_PASSWORD) +password=$(ynh_string_random 24) +admin_password=$(openssl passwd -1 -salt xyz $password) + +### If it's a multi-instance app, meaning it can be installed several times independently +### The id of the app as stated in the manifest is available as $YNH_APP_ID +### The instance number is available as $YNH_APP_INSTANCE_NUMBER (equals "1", "2", ...) +### The app instance name is available as $YNH_APP_INSTANCE_NAME +### - the first time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample +### - the second time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample__2 +### - ynhexample__{N} for the subsequent installations, with N=3,4, ... +### The app instance name is probably what interests you most, since this is +### guaranteed to be unique. This is a good unique identifier to define installation path, +### db names, ... +app=$YNH_APP_INSTANCE_NAME #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= +### If the app uses nginx as web server (written in HTML/PHP in most cases), the final path should be "/var/www/$app". +### If the app provides an internal web server (or uses another application server such as uwsgi), the final path should be "/opt/yunohost/$app" +final_path=/var/www/$app +test ! -e "$final_path" || ynh_die "This path already contains a folder" # Normalize the url path syntax path_url=$(ynh_normalize_url_path $path_url) @@ -48,80 +63,131 @@ ynh_webpath_available $domain $path_url # Register (book) web path ynh_webpath_register $app $domain $path_url -final_path=/var/www/$app -test ! -e "$final_path" || ynh_die "This path already contains a folder" - - -# Save app settings -ynh_app_setting_set "$app" is_public "$is_public" +#================================================= +# STORE SETTINGS FROM MANIFEST +#================================================= +ynh_app_setting_set $app is_public $is_public ynh_app_setting_set $app domain $domain ynh_app_setting_set $app path $path_url -# Check password strength -[[ ${#admin_password} -gt 6 ]] || ynh_die \ -"The password is too weak, it must be longer than 6 characters" - - #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= +### `ynh_setup_source` is used to install an app from a zip or tar.gz file, +### downloaded from an upstream source, like a git repository. +### `ynh_setup_source` use the file conf/app.src + ynh_app_setting_set $app final_path $final_path # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source "$final_path" -# Set permissions to app files -# you may need to make some file and/or directory writeable by www-data (nginx user) -sudo chown -R root: $final_path - #================================================= # CREATE A MYSQL DATABASE #================================================= -# If your app uses a MySQL database, you can use these lines to bootstrap -# a database, an associated user and save the password in app settings + +### Use these lines if you need a database for the application. +### `ynh_mysql_setup_db` will create a database, an associated user and a ramdom password. +### The password will be stored as 'mysqlpwd' into the app settings, +### and will be available as $db_pwd +### If you're not using these lines: +### - Remove the section "BACKUP THE MYSQL DATABASE" in the backup script +### - Remove also the section "REMOVE THE MYSQL DATABASE" in the remove script +### - As well as the section "RESTORE THE MYSQL DATABASE" in the restore script db_name=$(ynh_sanitize_dbid $app) ynh_app_setting_set $app db_name $db_name ynh_mysql_setup_db $db_name $db_name # Adding the details of the database to the config file -sed -i "s@__dbuser__@$db_name@g" ../conf/config.ini.php -sed -i "s@__dbpass__@$db_pwd@g" ../conf/config.ini.php -sed -i "s@__dbname__@$db_name@g" ../conf/config.ini.php +ynh_replace_string "__dbuser__" "$db_name@g" "../conf/config.ini.php" +ynh_replace_string "__dbpass__" "$db_pwd@g" "../conf/config.ini.php" +ynh_replace_string "__dbname__" "$db_name@g" "../conf/config.ini.php" # Copy the config file to the final path sudo cp ../conf/config.ini.php $final_path/data/. - - -# # Load initial SQL into the new database +# Load initial SQL into the new database ynh_mysql_connect_as "$db_name" "$db_pwd" "$db_name" < "../conf/sql/webtrees.sql" - - # Replace variables in sql scripts -ynh_replace_string "__USER_NAME__" "$admin_username" ../conf/sql/admin.sql -ynh_replace_string "__NAME__" "$admin_name" ../conf/sql/admin.sql -ynh_replace_string "__USER_EMAIL__" "$admin_email" ../conf/sql/admin.sql -ynh_replace_string "__PASSWORD__" "$admin_password" ../conf/sql/admin.sql +ynh_replace_string "__USER_NAME__" "$admin_username" "../conf/sql/admin.sql" +ynh_replace_string "__NAME__" "$admin_name" "../conf/sql/admin.sql" +ynh_replace_string "__USER_EMAIL__" "$admin_email" "../conf/sql/admin.sql" +ynh_replace_string "__PASSWORD__" "$admin_password" "../conf/sql/admin.sql" ynh_mysql_connect_as "$db_name" "$db_pwd" "$db_name" < "../conf/sql/admin.sql" -### MySQL end ### +#================================================= +# NGINX CONFIGURATION +#================================================= + +### `ynh_add_nginx_config` will use the file conf/nginx.conf # Create a dedicated nginx config ynh_add_nginx_config +#================================================= +# CREATE DEDICATED USER +#================================================= +# Create a system user +ynh_system_user_create $app -# If app is public, add url to SSOWat conf as skipped_uris -if [[ $is_public -eq 1 ]]; then - # unprotected_uris allows SSO credentials to be passed anyway. - ynh_app_setting_set "$app" unprotected_uris "/" -fi +#================================================= +# PHP-FPM CONFIGURATION +#================================================= +### `ynh_add_fpm_config` is used to set up a PHP config. +### You can remove it if your app doesn't use PHP. +### `ynh_add_fpm_config` will use the files conf/php-fpm.conf and conf/php-fpm.ini +### If you're not using these lines: +### - You can remove these files in conf/. +### - Remove the section "BACKUP THE PHP-FPM CONFIGURATION" in the backup script +### - Remove also the section "REMOVE PHP-FPM CONFIGURATION" in the remove script +### - As well as the section "RESTORE THE PHP-FPM CONFIGURATION" in the restore script +### With the reload at the end of the script. +### - And the section "PHP-FPM CONFIGURATION" in the upgrade script + +# Create a dedicated php-fpm config +ynh_add_fpm_config + +#================================================= +# SET RIGHT PERMISSION FOR APP +#================================================= + +chown -R $app: $final_path sudo chmod -R 777 $final_path/data -# Reload services -sudo service nginx reload +#================================================= +# SETUP SSOWAT +#================================================= + +# Make app public if necessary +if [ $is_public -eq 1 ] +then + # unprotected_uris allows SSO credentials to be passed anyway. + ynh_app_setting_set $app unprotected_uris "/" +fi + +#================================================= +# RELOAD NGINX +#================================================= + +systemctl reload nginx + +#================================================= +# SEND A README FOR THE ADMIN +#================================================= + +message=" $app was successfully installed :) + +Please open https://$domain$path_url + +The admin username is: $admin_username +And the admin password is: $password + +If you facing an issue or want to improve this app, please open a new issue in this project: https://github.com/YunoHost-Apps/Webtrees_ynh" + +ynh_send_readme_to_admin "$message" diff --git a/scripts/remove b/scripts/remove index 5f0bba9..079c230 100755 --- a/scripts/remove +++ b/scripts/remove @@ -12,15 +12,21 @@ source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= + app=$YNH_APP_INSTANCE_NAME # Retrieve app settings domain=$(ynh_app_setting_get "$app" domain) db_name=$(ynh_app_setting_get $app db_name) +db_user=$db_name +final_path=$(ynh_app_setting_get $app final_path) +#================================================= +# REMOVE APP MAIN DIR +#================================================= # Remove the app directory securely -ynh_secure_remove "/var/www/$app" +ynh_secure_remove "$final_path" #================================================= # REMOVE NGINX CONFIGURATION @@ -29,12 +35,16 @@ ynh_secure_remove "/var/www/$app" # Remove the dedicated nginx config ynh_remove_nginx_config +#================================================= +# REMOVE PHP-FPM CONFIGURATION +#================================================= -### PHP (remove if not used) ### -# If a dedicated php-fpm process is used: -# sudo rm -f /etc/php5/fpm/pool.d/$app.conf -# sudo service php5-fpm reload -### PHP end ### +# Remove the dedicated php-fpm config +ynh_remove_fpm_config + +#================================================= +# REMOVE THE MYSQL DATABASE +#================================================= # Remove a database if it exists, along with the associated user -ynh_mysql_remove_db $db_name $db_name +ynh_mysql_remove_db $db_user $db_name diff --git a/scripts/restore b/scripts/restore index 93071f0..10f84a5 100644 --- a/scripts/restore +++ b/scripts/restore @@ -2,28 +2,29 @@ #================================================= # GENERIC START -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -# Exit on command errors and treat access to unset variables as an error -set -eu - #================================================= # IMPORT GENERIC HELPERS #================================================= -if [ ! -e _common.sh ]; then - # Get the _common.sh file if it's not in the current directory - cp ../settings/scripts/_common.sh ./_common.sh - chmod a+rx _common.sh -fi -source _common.sh +source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers -# See comsudo yunohost app ssowatconfments in install script -app=$YNH_APP_INSTANCE_NAME +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= +ynh_clean_setup () { + #### Remove this function if there's nothing to clean before calling the remove script. + true +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# LOAD SETTINGS +#================================================= + +app=$YNH_APP_INSTANCE_NAME # Retrieve old app settings domain=$(ynh_app_setting_get "$app" domain) @@ -35,29 +36,40 @@ db_name=$(ynh_app_setting_get $app db_name) # CHECK IF THE APP CAN BE RESTORED #================================================= -yunohost app checkurl "${domain}${path_url}" -a "$app" \ +ynh_webpath_available $domain $path_url \ || ynh_die "Path not available: ${domain}${path_url}" test ! -d $final_path \ || ynh_die "There is already a directory: $final_path " - #================================================= - # STANDARD RESTORATION STEPS - #================================================= - # RESTORE THE NGINX CONFIGURATION - #================================================= +#================================================= +# STANDARD RESTORATION STEPS +#================================================= +# RESTORE THE NGINX CONFIGURATION +#================================================= - ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf" +ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf" - #================================================= - # RESTORE THE APP MAIN DIR - #================================================= +#================================================= +# RESTORE THE APP MAIN DIR +#================================================= - ynh_restore_file "$final_path" +ynh_restore_file "$final_path" + +#================================================= +# RECREATE THE DEDICATED USER +#================================================= + +# Create the dedicated user (if not existing) +ynh_system_user_create $app + +#================================================= +# RESTORE USER RIGHTS +#================================================= # Restore permissions to app files -# you may need to make some file and/or directory writeable by www-data (nginx user) -sudo chown -R root: "${final_path}" +sudo chown -R $app: "${final_path}" +sudo chmod -R 777 $final_path/data #================================================= # RESTORE THE MYSQL DATABASE @@ -66,16 +78,19 @@ sudo chown -R root: "${final_path}" db_pwd=$(ynh_app_setting_get $app mysqlpwd) ynh_mysql_setup_db $db_name $db_name $db_pwd ynh_mysql_connect_as $db_name $db_pwd $db_name < ./db.sql -### PHP (remove if not used) ### -# If a dedicated php-fpm process is used: -# # Copy PHP-FPM pool configuration and reload the service -# sudo cp -a ./php-fpm.conf "/etc/php5/fpm/pool.d/${app}.conf" -# sudo service php5-fpm reload -### PHP end ### +#================================================= +# RESTORE THE PHP-FPM CONFIGURATION +#================================================= -sudo chmod -R 777 $final_path/data +ynh_restore_file "/etc/php5/fpm/pool.d/$app.conf" +ynh_restore_file "/etc/php5/fpm/conf.d/20-$app.ini" + +#================================================= +# GENERIC FINALIZATION +#================================================= +# RELOAD NGINX AND PHP-FPM +#================================================= -# Restart webserver systemctl reload php5-fpm -sudo service nginx reload +systemctl reload nginx diff --git a/scripts/upgrade b/scripts/upgrade index 0e9902b..5ca5354 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -12,7 +12,7 @@ source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= -# See comments in install script + app=$YNH_APP_INSTANCE_NAME @@ -20,25 +20,46 @@ app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get "$app" domain) path_url=$(ynh_app_setting_get "$app" path) is_public=$(ynh_app_setting_get "$app" is_public) - +final_path=$(ynh_app_setting_get $app final_path) #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= +# Fix is_public as a boolean value if [ "$is_public" = "Yes" ]; then - ynh_app_setting_set $app is_public 1 # Fix is_public as a boolean value + ynh_app_setting_set $app is_public 1 is_public=1 elif [ "$is_public" = "No" ]; then ynh_app_setting_set $app is_public 0 is_public=0 fi -if [ -z $db_name ]; then # If db_name doesn't exist, create it +# If db_name doesn't exist, create it +if [ -z $db_name ]; then db_name=$(ynh_sanitize_dbid $app) ynh_app_setting_set $app db_name $db_name fi +# If final_path doesn't exist, create it +if [ -z $final_path ]; then + final_path=/var/www/$app + ynh_app_setting_set $app final_path $final_path +fi + +#================================================= +# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP +#================================================= + +# Backup the current version of the app +ynh_backup_before_upgrade +ynh_clean_setup () { + # restore it if the upgrade fails + ynh_restore_upgradebackup +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + #================================================= # CHECK THE PATH #================================================= @@ -46,8 +67,6 @@ fi # Normalize the URL path syntax path_url=$(ynh_normalize_url_path $path_url) -final_path=/var/www/$app - # Move old app dir sudo mv ${final_path} ${final_path}.old @@ -60,35 +79,37 @@ sudo cp -a ${final_path}.old/data ${final_path} # delete temp directory sudo rm -Rf ${final_path}.old - -# Set permissions to app files -# you may need to make some file and/or directory writeable by www-data (nginx user) -sudo chown -R root: $final_path - # Create a dedicated nginx config ynh_add_nginx_config +#================================================= +# CREATE DEDICATED USER +#================================================= -### PHP (remove if not used) ### -# If a dedicated php-fpm process is used: -# # Modify PHP-FPM pool configuration and copy it to the pool directory -# sed -i "s@YNH_WWW_APP@$app@g" ../conf/php-fpm.conf -# sed -i "s@YNH_WWW_ALIAS@$final_path/@g" ../conf/php-fpm.conf -# finalphpconf=/etc/php5/fpm/pool.d/$app.conf -# sudo cp ../conf/php-fpm.conf $finalphpconf -# sudo chown root: $finalphpconf -# sudo chmod 644 $finalphpconf -# sudo service php5-fpm restart -### PHP end ### +# Create a dedicated user (if not existing) +ynh_system_user_create $app + +#================================================= +# PHP-FPM CONFIGURATION +#================================================= + +# Create a dedicated php-fpm config +ynh_add_fpm_config + +#================================================= +# GENERIC FINALIZATION +#================================================= +# SECURE FILES AND DIRECTORIES +#================================================= + +# Set permissions on app files +chown -R $app: $final_path +sudo chmod -R 777 $final_path/data #================================================= # SETUP SSOWAT #================================================= -if [ $is_public -eq 0 ] -then # Remove the public access - ynh_app_setting_delete $app skipped_uris -fi # Make app public if necessary if [ $is_public -eq 1 ] then @@ -96,8 +117,6 @@ then ynh_app_setting_set $app unprotected_uris "/" fi - -sudo chmod -R 777 $final_path/data #================================================= # RELOAD NGINX #=================================================