#!/bin/bash #================================================= # GENERIC STARTING #================================================= # IMPORT GENERIC HELPERS #================================================= source _common.sh source /usr/share/yunohost/helpers #================================================= # MANAGE FAILURE OF THE SCRIPT #================================================= # Exit if an error occurs during the execution of the script ynh_abort_if_errors #================================================= # RETRIEVE ARGUMENTS FROM THE MANIFEST #================================================= domain=$YNH_APP_ARG_DOMAIN path_url=$YNH_APP_ARG_PATH admin_wordpress=$YNH_APP_ARG_ADMIN language=$YNH_APP_ARG_LANGUAGE multisite=$YNH_APP_ARG_MULTISITE is_public=$YNH_APP_ARG_IS_PUBLIC app=$YNH_APP_INSTANCE_NAME #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THIS ARGS #================================================= ynh_script_progression --message="Validating installation parameters..." --weight=2 final_path=/var/www/$app test ! -e "$final_path" || ynh_die --message="This path already contains a folder" # Register (book) web path ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url if [ "$path_url" == "/" ] && [ $multisite -eq 1 ]; then ynh_die --message="Multisite option of wordpress doesn't work at the root of a domain." fi #================================================= # STORE SETTINGS FROM MANIFEST #================================================= ynh_script_progression --message="Storing installation settings..." --weight=2 ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url ynh_app_setting_set --app=$app --key=admin --value=$admin_wordpress ynh_app_setting_set --app=$app --key=is_public --value=$is_public ynh_app_setting_set --app=$app --key=language --value=$language ynh_app_setting_set --app=$app --key=multisite --value=$multisite ynh_app_setting_set --app=$app --key=overwrite_nginx --value=1 ynh_app_setting_set --app=$app --key=overwrite_phpfpm --value=1 ynh_app_setting_set --app=$app --key=admin_mail_html --value=1 #================================================= # STANDARD MODIFICATIONS #================================================= # CREATE A MYSQL DATABASE #================================================= ynh_script_progression --message="Creating a MySQL database..." db_name=$(ynh_sanitize_dbid --db_name=$app) ynh_app_setting_set --app=$app --key=db_name --value=$db_name ynh_mysql_setup_db --db_user=$db_name --db_name=$db_name #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= ynh_script_progression --message="Setting up source files..." --weight=4 ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" #================================================= # NGINX CONFIGURATION #================================================= ynh_script_progression --message="Configuring nginx web server..." --weight=3 # Create a dedicated nginx config ynh_add_nginx_config #================================================= # CREATE DEDICATED USER #================================================= ynh_script_progression --message="Configuring system user..." --weight=3 # Create a dedicated system user ynh_system_user_create --username=$app #================================================= # PHP-FPM CONFIGURATION #================================================= ynh_script_progression --message="Configuring php-fpm..." --weight=2 # If the app is private, set the usage to low, otherwise to high. if [ $is_public -eq 0 ] then usage=low else usage=high fi # Create a dedicated php-fpm config ynh_add_fpm_config --usage=$usage --footprint=medium #================================================= # SPECIFIC SETUP #================================================= # CONFIGURE WP-CONFIG #================================================= ynh_script_progression --message="Configuring wordpress..." cp ../conf/wp-config.php $final_path/wp-config.php # Change variables in Wordpress configuration ynh_replace_string --match_string="__DB_USER__" --replace_string=$db_name --target_file=$final_path/wp-config.php ynh_replace_string --match_string="__DB_PWD__" --replace_string="$db_pwd" --target_file=$final_path/wp-config.php for i in 1 2 3 4 5 6 7 8 do j=$(ynh_string_random --length=40) ynh_replace_string --match_string="KEY$i" --replace_string="$j" --target_file=$final_path/wp-config.php sleep 0.5 done #================================================= # SETTING UP WITH CURL #================================================= ynh_script_progression --message="Installing wordpress with Curl..." --weight=10 # Set right permissions for curl install chown -R $app: $final_path # Set the app as temporarily public for curl call ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" # Regen SSOwat configuration yunohost app ssowatconf # Reload Nginx ynh_systemd_action --service_name=nginx --action=reload # Wordpress installation ynh_local_curl "/wp-admin/install.php?step=2" "&weblog_title=YunoBlog" "user_name=$admin_wordpress" "admin_password=$db_pwd" "admin_password2=$db_pwd" "admin_email=$admin_wordpress@$domain" "Submit=Install+WordPress" ynh_print_info --message="Please wait during Wordpress installation..." for i in `seq 1 300` do # The loop waits for wordpress to be installed, or 5 minutes. if ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name <<< "show tables" | grep --quiet "wp_options"; then # If the table wp_options is found, wordpress has finished its installation. break fi sleep 1 done #================================================= # INSTALL WORDPRESS PLUGINS #================================================= ynh_script_progression --message="Installing wordpress plugins..." --weight=20 wget --no-verbose https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar --output-document=$final_path/wp-cli.phar wpcli_alias="php7.0 $final_path/wp-cli.phar --allow-root --path=$final_path" $wpcli_alias plugin install simple-ldap-login $wpcli_alias plugin install http-authentication $wpcli_alias plugin install companion-auto-update $wpcli_alias plugin install wp-fail2ban-redux #================================================= # SET LANGUAGE #================================================= ynh_script_progression --message="Configuring language..." --weight=3 $wpcli_alias core language install $language $wpcli_alias site switch-language $language #================================================= # CONFIGURE MULTISITE #================================================= if [ $multisite -eq 1 ] then ynh_script_progression --message="Configuring multisite..." --weight=2 ynh_replace_string --match_string="#--MULTISITE--" --replace_string="" --target_file=/etc/nginx/conf.d/$domain.d/$app.conf # Allow multisite ynh_replace_string --match_string="//--MULTISITE1--define" --replace_string="define " --target_file=$final_path/wp-config.php # Activate multisite via wp-cli ynh_exec_fully_quiet $wpcli_alias core multisite-convert --base=$path_url/ # Activate multisite in wordpress config ynh_replace_string --match_string="//--MULTISITE2--define" --replace_string="define" --target_file=$final_path/wp-config.php ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name < ../conf/sql/multisite.sql plugin_network="--network" else ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name < ../conf/sql/single.sql plugin_network="" fi #================================================= # ACTIVATE WORDPRESS PLUGINS #================================================= ynh_script_progression --message="Activating plugins..." --weight=4 $wpcli_alias plugin activate simple-ldap-login $plugin_network # Do not activate http-authentication, this plugin is sometimes unstable $wpcli_alias plugin activate companion-auto-update $plugin_network $wpcli_alias plugin activate wp-fail2ban-redux $plugin_network #================================================= # STORE THE CONFIG FILE CHECKSUM #================================================= # Calculate and store the config file checksum into the app settings ynh_store_file_checksum --file="$final_path/wp-config.php" #================================================= # CREATE A CRON TASK FOR AUTOMATIC UPDATE #================================================= echo "# Reach everyday wp-cron.php?doing_wp_cron to trig the internal wordpress cron. 0 3 * * * root wget -q -O - https://$domain$path_url/wp-cron.php?doing_wp_cron >/dev/null 2>&1" > /etc/cron.d/$app #================================================= # GENERIC FINALISATION #================================================= # SECURING FILES AND DIRECTORIES #================================================= # Set permissions to app files # Files have to be own by the user of wordpress. To allow upgrade from the app. chown -R $app: $final_path # Except the file config wp-config.php chown root: $final_path/wp-config.php #================================================= # SETUP FAIL2BAN #================================================= ynh_script_progression --message="Configuring fail2ban..." --weight=7 # Create a dedicated fail2ban config ynh_add_fail2ban_config --logpath="/var/log/auth.log" --failregex="Authentication (attempt for unknown user|failure for) .* from " --max_retry=5 #================================================= # SETUP SSOWAT #================================================= ynh_script_progression --message="Configuring SSOwat..." if [ $is_public -eq 0 ] then # Remove the public access ynh_app_setting_delete --app=$app --key=unprotected_uris fi #================================================= # RELOAD NGINX #================================================= ynh_script_progression --message="Reloading nginx web server..." --weight=3 ynh_systemd_action --service_name=nginx --action=reload #================================================= # REMOVE WP-CLI.PHAR #================================================= ynh_secure_remove $final_path/wp-cli.phar #================================================= # SEND A README FOR THE ADMIN #================================================= # Get main domain and buid the url of the admin panel of the app. admin_panel="https://$(grep portal_domain /etc/ssowat/conf.json | cut -d'"' -f4)/yunohost/admin/#/apps/$app" echo "You can configure this app easily by using the experimental __URL_TAG1__config-panel feature__URL_TAG2__$admin_panel/config-panel__URL_TAG3__. You can also find some specific actions for this app by using the experimental __URL_TAG1__action feature__URL_TAG2__$admin_panel/actions__URL_TAG3__. If you're facing an issue or want to improve this app, please open a new issue in this __URL_TAG1__project__URL_TAG2__https://github.com/YunoHost-Apps/wordpress_ynh__URL_TAG3__." > mail_to_send ynh_send_readme_to_admin --app_message="mail_to_send" --recipients="$admin_wordpress" --type=install #================================================= # END OF SCRIPT #================================================= ynh_script_progression --message="Installation of $app completed" --last