From 23f30c65964bc70e3e1e162d4398c83fde05c513 Mon Sep 17 00:00:00 2001 From: antoine Date: Thu, 30 Jul 2020 18:54:44 +0200 Subject: [PATCH] update nginx and install --- conf/nginx.conf | 14 +++++++------ scripts/install | 52 ++++++++++++++++++++++++++++++------------------- 2 files changed, 40 insertions(+), 26 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index 4b18c6c..f38409f 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -5,27 +5,29 @@ location __PATH__/ { alias __FINALPATH__/ ; # Force usage of https - if ($scheme = http) { - rewrite ^ https://$server_name$request_uri? permanent; + if ($scheme = http) { + rewrite ^ https://$server_name$request_uri? permanent; } +### Example PHP configuration (remove it if not used) index index.php; - + # Common parameter to increase upload size limit in conjunction with dedicated php-fpm file #client_max_body_size 50M; try_files $uri $uri/ index.php; location ~ [^/]\.php(/|$) { fastcgi_split_path_info ^(.+?\.php)(/.*)$; - fastcgi_pass unix:/var/run/php/php7.0-fpm-__NAME__.sock; + fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock; fastcgi_index index.php; include fastcgi_params; fastcgi_param REMOTE_USER $remote_user; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param SCRIPT_FILENAME $request_filename; - } - + } +### End of PHP configuration part + # Include SSOWAT user panel. include conf.d/yunohost_panel.conf.inc; } diff --git a/scripts/install b/scripts/install index 3802a17..1915f06 100755 --- a/scripts/install +++ b/scripts/install @@ -35,18 +35,20 @@ app=$YNH_APP_INSTANCE_NAME #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= -ynh_print_info "Validating installation parameters..." +ynh_script_progression --message="Validating installation parameters..." +### If the app uses nginx as web server (written in HTML/PHP in most cases), the final path should be "/var/www/$app". +### If the app provides an internal web server (or uses another application server such as uwsgi), the final path should be "/opt/yunohost/$app" final_path=/var/www/$app -test ! -e "$final_path" || ynh_die "This path already contains a folder" +test ! -e "$final_path" || ynh_die --message="This path already contains a folder" # Register (book) web path -ynh_webpath_register $app $domain $path_url +ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url #================================================= # STORE SETTINGS FROM MANIFEST #================================================= -ynh_print_info "Storing installation settings..." +ynh_script_progression --message="Storing installation settings..." ynh_app_setting_set $app is_public $is_public ynh_app_setting_set $app domain $domain @@ -55,14 +57,14 @@ ynh_app_setting_set $app path $path_url #================================================= # INSTALL DEPENDENCIES #================================================= -ynh_print_info "Installing dependencies..." +ynh_script_progression --message="Installing dependencies..." ynh_install_app_dependencies $pkg_dependencies #================================================= # CREATE A MYSQL DATABASE #================================================= -ynh_print_info "Creating a MySQL database..." +ynh_script_progression --message="Creating a MySQL database..." db_name=$(ynh_sanitize_dbid --db_name=$app) ynh_app_setting_set $app db_name $db_name @@ -71,16 +73,22 @@ ynh_mysql_setup_db $db_name $db_name #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= -ynh_print_info "Setting up source files..." +ynh_script_progression --message="Setting up source files..." -ynh_app_setting_set $app final_path $final_path +### `ynh_setup_source` is used to install an app from a zip or tar.gz file, +### downloaded from an upstream source, like a git repository. +### `ynh_setup_source` use the file conf/app.src + +ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src -ynh_setup_source "$final_path" +ynh_setup_source --dest_dir="$final_path" #================================================= # NGINX CONFIGURATION #================================================= -ynh_print_info "Configuring nginx web server..." +ynh_script_progression --message="Configuring nginx web server..." + +### `ynh_add_nginx_config` will use the file conf/nginx.conf # Create a dedicated nginx config ynh_add_nginx_config @@ -88,15 +96,15 @@ ynh_add_nginx_config #================================================= # CREATE DEDICATED USER #================================================= -ynh_print_info "Configuring system user..." +ynh_script_progression --message="Configuring system user..." # Create a system user -ynh_system_user_create $app +ynh_system_user_create --username=$app #================================================= # PHP-FPM CONFIGURATION #================================================= -ynh_print_info "Configuring php-fpm..." +ynh_script_progression --message="Configuring php-fpm..." # Create a dedicated php-fpm config ynh_add_fpm_config @@ -129,7 +137,7 @@ ynh_mysql_connect_as "$db_name" "$db_pwd" "$db_name" < "../conf/sql/admin.sql" #================================================= # Calculate and store the config file checksum into the app settings -ynh_store_file_checksum "$final_path/data/config.ini.php" +ynh_store_file_checksum --file="$final_path/data/config.ini.php" #================================================= # GENERIC FINALIZATION @@ -137,6 +145,10 @@ ynh_store_file_checksum "$final_path/data/config.ini.php" # SECURE FILES AND DIRECTORIES #================================================= +### For security reason, any app should set the permissions to root: before anything else. +### Then, if write authorization is needed, any access should be given only to directories +### that really need such authorization. + # Set permissions to app files chown -R $app: $final_path chmod -R 700 $final_path/data @@ -144,21 +156,21 @@ chmod -R 700 $final_path/data #================================================= # SETUP SSOWAT #================================================= -ynh_print_info "Configuring SSOwat..." +ynh_script_progression --message="Configuring SSOwat..." # Make app public if necessary if [ $is_public -eq 1 ] then - # unprotected_uris allows SSO credentials to be passed anyway. - ynh_app_setting_set $app unprotected_uris "/" + # unprotected_uris allows SSO credentials to be passed anyway. + ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" fi #================================================= # RELOAD NGINX #================================================= -ynh_print_info "Reloading nginx web server..." +ynh_script_progression --message="Reloading nginx web server..." -systemctl reload nginx +ynh_systemd_action --service_name=nginx --action=reload #================================================= # SEND A README FOR THE ADMIN @@ -172,4 +184,4 @@ ynh_send_readme_to_admin "$message" # END OF SCRIPT #================================================= -ynh_print_info "Installation of $app completed" +ynh_script_progression --message="Installation of $app completed"