mirror of
https://github.com/YunoHost-Apps/zwiicms_ynh.git
synced 2024-09-03 18:06:04 +02:00
Update from example_ynh
This commit is contained in:
parent
a8ac9a7b23
commit
8068f1a129
1 changed files with 45 additions and 44 deletions
|
@ -56,7 +56,7 @@ app=$YNH_APP_INSTANCE_NAME
|
||||||
### The execution time is given for the duration since the previous call. So the weight should be applied to this previous call.
|
### The execution time is given for the duration since the previous call. So the weight should be applied to this previous call.
|
||||||
ynh_script_progression --message="Validating installation parameters..." --time --weight=1
|
ynh_script_progression --message="Validating installation parameters..." --time --weight=1
|
||||||
|
|
||||||
### If the app uses nginx as web server (written in HTML/PHP in most cases), the final path should be "/var/www/$app".
|
### If the app uses NGINX as web server (written in HTML/PHP in most cases), the final path should be "/var/www/$app".
|
||||||
### If the app provides an internal web server (or uses another application server such as uwsgi), the final path should be "/opt/yunohost/$app"
|
### If the app provides an internal web server (or uses another application server such as uwsgi), the final path should be "/opt/yunohost/$app"
|
||||||
final_path=/var/www/$app
|
final_path=/var/www/$app
|
||||||
test ! -e "$final_path" || ynh_die --message="This path already contains a folder"
|
test ! -e "$final_path" || ynh_die --message="This path already contains a folder"
|
||||||
|
@ -72,7 +72,6 @@ ynh_script_progression --message="Storing installation settings..." --time --wei
|
||||||
ynh_app_setting_set --app=$app --key=domain --value=$domain
|
ynh_app_setting_set --app=$app --key=domain --value=$domain
|
||||||
ynh_app_setting_set --app=$app --key=path --value=$path_url
|
ynh_app_setting_set --app=$app --key=path --value=$path_url
|
||||||
#ynh_app_setting_set --app=$app --key=admin --value=$admin
|
#ynh_app_setting_set --app=$app --key=admin --value=$admin
|
||||||
ynh_app_setting_set --app=$app --key=is_public --value=$is_public
|
|
||||||
#ynh_app_setting_set --app=$app --key=language --value=$language
|
#ynh_app_setting_set --app=$app --key=language --value=$language
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
|
@ -96,6 +95,7 @@ ynh_app_setting_set --app=$app --key=is_public --value=$is_public
|
||||||
# If you do this and the app doesn't actually need you are CREATING SECURITY HOLES IN THE SERVER !)
|
# If you do this and the app doesn't actually need you are CREATING SECURITY HOLES IN THE SERVER !)
|
||||||
|
|
||||||
# Open the port
|
# Open the port
|
||||||
|
# ynh_script_progression --message="Configuring firewall..." --time --weight=1
|
||||||
# ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port
|
# ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
|
@ -148,7 +148,7 @@ ynh_setup_source --dest_dir="$final_path"
|
||||||
#=================================================
|
#=================================================
|
||||||
# NGINX CONFIGURATION
|
# NGINX CONFIGURATION
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Configuring NGINX web server..." --time --weight=1
|
ynh_script_progression --message="Configuring nginx web server..." --time --weight=1
|
||||||
|
|
||||||
### `ynh_add_nginx_config` will use the file conf/nginx.conf
|
### `ynh_add_nginx_config` will use the file conf/nginx.conf
|
||||||
|
|
||||||
|
@ -179,7 +179,7 @@ ynh_script_progression --message="Configuring PHP-FPM..." --time --weight=1
|
||||||
### With the reload at the end of the script.
|
### With the reload at the end of the script.
|
||||||
### - And the section "PHP-FPM CONFIGURATION" in the upgrade script
|
### - And the section "PHP-FPM CONFIGURATION" in the upgrade script
|
||||||
|
|
||||||
# Create a dedicated php-fpm config
|
# Create a dedicated PHP-FPM config
|
||||||
ynh_add_fpm_config
|
ynh_add_fpm_config
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
|
@ -221,11 +221,12 @@ ynh_add_fpm_config
|
||||||
|
|
||||||
# Set the app as temporarily public for curl call
|
# Set the app as temporarily public for curl call
|
||||||
#ynh_script_progression --message="Configuring SSOwat..." --time --weight=1
|
#ynh_script_progression --message="Configuring SSOwat..." --time --weight=1
|
||||||
#ynh_app_setting_set --app=$app --key=skipped_uris --value="/"
|
# Making the app public for curl
|
||||||
|
ynh_permission_update --permission="main" --add="visitors"
|
||||||
# Reload SSOwat config
|
# Reload SSOwat config
|
||||||
#yunohost app ssowatconf
|
#yunohost app ssowatconf
|
||||||
|
|
||||||
# Reload Nginx
|
# Reload NGINX
|
||||||
#ynh_systemd_action --service_name=nginx --action=reload
|
#ynh_systemd_action --service_name=nginx --action=reload
|
||||||
|
|
||||||
# Installation with curl
|
# Installation with curl
|
||||||
|
@ -233,10 +234,7 @@ ynh_add_fpm_config
|
||||||
#ynh_local_curl "/INSTALL_PATH" "key1=value1" "key2=value2" "key3=value3"
|
#ynh_local_curl "/INSTALL_PATH" "key1=value1" "key2=value2" "key3=value3"
|
||||||
|
|
||||||
# Remove the public access
|
# Remove the public access
|
||||||
#if [ $is_public -eq 0 ]
|
ynh_permission_update --permission="main" --remove="visitors"
|
||||||
#then
|
|
||||||
# ynh_app_setting_delete --app=$app --key=skipped_uris
|
|
||||||
#fi
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# MODIFY A CONFIG FILE
|
# MODIFY A CONFIG FILE
|
||||||
|
@ -268,7 +266,7 @@ ynh_add_fpm_config
|
||||||
### Then, if write authorization is needed, any access should be given only to directories
|
### Then, if write authorization is needed, any access should be given only to directories
|
||||||
### that really need such authorization.
|
### that really need such authorization.
|
||||||
|
|
||||||
# Set permissions to app files
|
# Set permissions to app files chown -R root: $final_path
|
||||||
chown -R $app: $final_path
|
chown -R $app: $final_path
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
|
@ -291,23 +289,34 @@ chown -R $app: $final_path
|
||||||
# INTEGRATE SERVICE IN YUNOHOST
|
# INTEGRATE SERVICE IN YUNOHOST
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
||||||
|
#ynh_script_progression --message="Integrating service in YunoHost..." --time --weight=1
|
||||||
|
|
||||||
### `yunohost service add` integrates a service in YunoHost. It then gets
|
### `yunohost service add` integrates a service in YunoHost. It then gets
|
||||||
### displayed in the admin interface and through the others `yunohost service` commands.
|
### displayed in the admin interface and through the others `yunohost service` commands.
|
||||||
### (N.B. : this line only makes sense if the app adds a service to the system!)
|
### (N.B.: this line only makes sense if the app adds a service to the system!)
|
||||||
### If you're not using these lines:
|
### If you're not using these lines:
|
||||||
### - You can remove these files in conf/.
|
### - You can remove these files in conf/.
|
||||||
### - Remove the section "REMOVE SERVICE FROM ADMIN PANEL" in the remove script
|
### - Remove the section "REMOVE SERVICE INTEGRATION IN YUNOHOST" in the remove script
|
||||||
### - As well as the section "ADVERTISE SERVICE IN ADMIN PANEL" in the restore script
|
### - As well as the section "INTEGRATE SERVICE IN YUNOHOST" in the restore script
|
||||||
|
### - And the section "INTEGRATE SERVICE IN YUNOHOST" in the upgrade script
|
||||||
|
|
||||||
#yunohost service add $app --description "A short description of the app" --log "/var/log/$app/$app.log"
|
#yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log"
|
||||||
|
|
||||||
### With YunoHost 3.8 you will then be able to:
|
### Additional options starting with 3.8:
|
||||||
### - specify a list of ports that needs to be publicly exposed (c.f. --needs_exposed_ports)
|
###
|
||||||
|
### --needs_exposed_ports "$port" a list of ports that needs to be publicly exposed
|
||||||
### which will then be checked by YunoHost's diagnosis system
|
### which will then be checked by YunoHost's diagnosis system
|
||||||
### - specify a custom command to check the status of the service (c.f. --test_status)
|
### (N.B. DO NOT USE THIS is the port is only internal!!!)
|
||||||
### though it's only needed for weird cases where 'systemctl status' doesn't do a good job
|
###
|
||||||
### - specify a custom command to check / validate the configuration of the service (c.f. --test_conf)
|
### --test_status "some command" a custom command to check the status of the service
|
||||||
### for example, the command to check the configuration of nginx is "nginx -t"
|
### (only relevant if 'systemctl status' doesn't do a good job)
|
||||||
|
###
|
||||||
|
### --test_conf "some command" some command similar to "nginx -t" that validates the conf of the service
|
||||||
|
###
|
||||||
|
### Re-calling 'yunohost service add' during the upgrade script is the right way
|
||||||
|
### to proceed if you later realize that you need to enable some flags that
|
||||||
|
### weren't enabled on old installs (be careful it'll override the existing
|
||||||
|
### service though so you should re-provide all relevant flags when doing so)
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# START SYSTEMD SERVICE
|
# START SYSTEMD SERVICE
|
||||||
|
@ -330,42 +339,34 @@ chown -R $app: $final_path
|
||||||
#=================================================
|
#=================================================
|
||||||
#ynh_script_progression --message="Configuring fail2ban..." --time --weight=1
|
#ynh_script_progression --message="Configuring fail2ban..." --time --weight=1
|
||||||
|
|
||||||
# Create the log file is not already existing during install
|
# Create a dedicated Fail2Ban config
|
||||||
#mkdir -p "/var/www/$app/var/logs/"
|
|
||||||
#touch "/var/www/$app/var/logs/prod.log"
|
|
||||||
#chown $app: "/var/www/$app/var/logs/prod.log"
|
|
||||||
|
|
||||||
# Create a dedicated fail2ban config
|
|
||||||
#ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login"
|
#ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login"
|
||||||
|
|
||||||
#ynh_add_fail2ban_config --logpath="/var/www/$app/var/logs/prod.log" --failregex='app.ERROR: Authentication failure for user "([\w]+)?", from IP "<HOST>"' --max_retry=5
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# SETUP SSOWAT
|
# SETUP SSOWAT
|
||||||
#=================================================
|
#=================================================
|
||||||
##ynh_script_progression --message="Configuring permissions..." --time --weight=1
|
ynh_script_progression --message="Configuring SSOwat..." --time --weight=1
|
||||||
|
|
||||||
# Make app public if necessary
|
# Make app public if necessary
|
||||||
##if [ $is_public -eq 1 ]
|
if [ $is_public -eq 1 ]
|
||||||
##then
|
then
|
||||||
# unprotected_uris allows SSO credentials to be passed anyway.
|
|
||||||
#ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
|
|
||||||
# Everyone can access the app.
|
# Everyone can access the app.
|
||||||
# The "main" permission is automatically created before the install script.
|
# The "main" permission is automatically created before the install script.
|
||||||
## ynh_permission_update --permission="main" --add="visitors"
|
ynh_permission_update --permission="main" --add="visitors"
|
||||||
##fi
|
fi
|
||||||
|
|
||||||
# Set the app as temporarily public for curl call
|
# Only the admin can access the admin panel of the app (if the app has an admin panel)
|
||||||
ynh_script_progression --message="Configuring SSOwat..." --time --weight=1
|
ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin
|
||||||
# Making the app public for curl
|
|
||||||
ynh_permission_update --permission="main" --add="visitors"
|
# Everyone can access to the api part
|
||||||
# Reload SSOwat config
|
# We don't want to display the tile in the sso so we put --show_tile="false"
|
||||||
yunohost app ssowatconf
|
# And we don't want that the YunoHost Admin can remove visitors group to this permission, so we put --protected="true"
|
||||||
|
ynh_permission_create --permission="api" --url "/api" --allowed="visitors" --show_tile="false" --protected="true"
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# RELOAD NGINX
|
# RELOAD NGINX
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Reloading NGINX web server..." --time --weight=1
|
ynh_script_progression --message="Reloading nginx web server..." --time --weight=1
|
||||||
|
|
||||||
ynh_systemd_action --service_name=nginx --action=reload
|
ynh_systemd_action --service_name=nginx --action=reload
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue