#!/bin/bash #================================================= # GENERIC STARTING #================================================= # IMPORT GENERIC HELPERS #================================================= source scripts/_common.sh source /usr/share/yunohost/helpers #================================================= # MANAGE SCRIPT FAILURE #================================================= # Exit if an error occurs during the execution of the script ynh_abort_if_errors #================================================= # RETRIEVE ARGUMENTS #================================================= app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) final_path=$(ynh_app_setting_get --app=$app --key=final_path) phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) #================================================= # SPECIFIC ACTION #================================================= # ACTIVATE MAINTENANCE MODE #================================================= ynh_script_progression --message="Activating maintenance mode..." ynh_maintenance_mode_ON #================================================= # NGINX CONFIGURATION #================================================= ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=1 # Create a dedicated nginx config yunohost app action run $app reset_default_nginx #================================================= # CREATE DEDICATED USER #================================================= ynh_script_progression --message="Making sure dedicated system user exists..." # Create a dedicated user (if not existing) ynh_system_user_create --username=$app #================================================= # PHP-FPM CONFIGURATION #================================================= ynh_script_progression --message="Upgrading PHP-FPM configuration..." --weight=2 # Create a dedicated php-fpm config yunohost app action run $app reset_default_phpfpm #================================================= # CREATE A CRON TASK FOR AUTOMATIC UPDATE #================================================= echo "# Reach everyday wp-cron.php to trig the internal WordPress cron. 0 3 * * * $app php$phpversion $final_path/wp-cron.php" > /etc/cron.d/$app #================================================= # SECURE FILES AND DIRECTORIES #================================================= # Set permissions to app files # Files have to be own by the user of wordpress. To allow upgrade from the app. chown -R $app: $final_path # Except the file config wp-config.php chown root:$app $final_path/wp-config.php # Reset permissions find $final_path/ -type f -print0 | xargs -0 chmod 0644 find $final_path/ -type d -print0 | xargs -0 chmod 0755 # Remove permissions for others chmod 640 $final_path/wp-config.php #================================================= # UPGRADE FAIL2BAN #================================================= ynh_script_progression --message="Reconfiguring Fail2Ban..." --weight=5 # Create a dedicated fail2ban config ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="PHP message: Leed: wrong login for .* client: " --max_retry=5 #================================================= # RELOAD NGINX #================================================= ynh_script_progression --message="Reloading NGINX web server..." ynh_systemd_action --service_name=nginx --action=reload #================================================= # DEACTIVE MAINTENANCE MODE #================================================= ynh_script_progression --message="Disabling maintenance mode..." ynh_maintenance_mode_OFF #================================================= # END OF SCRIPT #================================================= ynh_script_progression --message="Execution completed" --last