1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/zwiicms_ynh.git synced 2024-09-03 18:06:04 +02:00

Update from example_ynh

This commit is contained in:
pp-r 2021-02-14 12:37:42 +01:00 committed by GitHub
parent a8ac9a7b23
commit 8068f1a129
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -56,7 +56,7 @@ app=$YNH_APP_INSTANCE_NAME
### The execution time is given for the duration since the previous call. So the weight should be applied to this previous call. ### The execution time is given for the duration since the previous call. So the weight should be applied to this previous call.
ynh_script_progression --message="Validating installation parameters..." --time --weight=1 ynh_script_progression --message="Validating installation parameters..." --time --weight=1
### If the app uses nginx as web server (written in HTML/PHP in most cases), the final path should be "/var/www/$app". ### If the app uses NGINX as web server (written in HTML/PHP in most cases), the final path should be "/var/www/$app".
### If the app provides an internal web server (or uses another application server such as uwsgi), the final path should be "/opt/yunohost/$app" ### If the app provides an internal web server (or uses another application server such as uwsgi), the final path should be "/opt/yunohost/$app"
final_path=/var/www/$app final_path=/var/www/$app
test ! -e "$final_path" || ynh_die --message="This path already contains a folder" test ! -e "$final_path" || ynh_die --message="This path already contains a folder"
@ -72,7 +72,6 @@ ynh_script_progression --message="Storing installation settings..." --time --wei
ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=domain --value=$domain
ynh_app_setting_set --app=$app --key=path --value=$path_url ynh_app_setting_set --app=$app --key=path --value=$path_url
#ynh_app_setting_set --app=$app --key=admin --value=$admin #ynh_app_setting_set --app=$app --key=admin --value=$admin
ynh_app_setting_set --app=$app --key=is_public --value=$is_public
#ynh_app_setting_set --app=$app --key=language --value=$language #ynh_app_setting_set --app=$app --key=language --value=$language
#================================================= #=================================================
@ -96,6 +95,7 @@ ynh_app_setting_set --app=$app --key=is_public --value=$is_public
# If you do this and the app doesn't actually need you are CREATING SECURITY HOLES IN THE SERVER !) # If you do this and the app doesn't actually need you are CREATING SECURITY HOLES IN THE SERVER !)
# Open the port # Open the port
# ynh_script_progression --message="Configuring firewall..." --time --weight=1
# ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port # ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port
#================================================= #=================================================
@ -148,7 +148,7 @@ ynh_setup_source --dest_dir="$final_path"
#================================================= #=================================================
# NGINX CONFIGURATION # NGINX CONFIGURATION
#================================================= #=================================================
ynh_script_progression --message="Configuring NGINX web server..." --time --weight=1 ynh_script_progression --message="Configuring nginx web server..." --time --weight=1
### `ynh_add_nginx_config` will use the file conf/nginx.conf ### `ynh_add_nginx_config` will use the file conf/nginx.conf
@ -179,7 +179,7 @@ ynh_script_progression --message="Configuring PHP-FPM..." --time --weight=1
### With the reload at the end of the script. ### With the reload at the end of the script.
### - And the section "PHP-FPM CONFIGURATION" in the upgrade script ### - And the section "PHP-FPM CONFIGURATION" in the upgrade script
# Create a dedicated php-fpm config # Create a dedicated PHP-FPM config
ynh_add_fpm_config ynh_add_fpm_config
#================================================= #=================================================
@ -221,11 +221,12 @@ ynh_add_fpm_config
# Set the app as temporarily public for curl call # Set the app as temporarily public for curl call
#ynh_script_progression --message="Configuring SSOwat..." --time --weight=1 #ynh_script_progression --message="Configuring SSOwat..." --time --weight=1
#ynh_app_setting_set --app=$app --key=skipped_uris --value="/" # Making the app public for curl
ynh_permission_update --permission="main" --add="visitors"
# Reload SSOwat config # Reload SSOwat config
#yunohost app ssowatconf #yunohost app ssowatconf
# Reload Nginx # Reload NGINX
#ynh_systemd_action --service_name=nginx --action=reload #ynh_systemd_action --service_name=nginx --action=reload
# Installation with curl # Installation with curl
@ -233,10 +234,7 @@ ynh_add_fpm_config
#ynh_local_curl "/INSTALL_PATH" "key1=value1" "key2=value2" "key3=value3" #ynh_local_curl "/INSTALL_PATH" "key1=value1" "key2=value2" "key3=value3"
# Remove the public access # Remove the public access
#if [ $is_public -eq 0 ] ynh_permission_update --permission="main" --remove="visitors"
#then
# ynh_app_setting_delete --app=$app --key=skipped_uris
#fi
#================================================= #=================================================
# MODIFY A CONFIG FILE # MODIFY A CONFIG FILE
@ -268,7 +266,7 @@ ynh_add_fpm_config
### Then, if write authorization is needed, any access should be given only to directories ### Then, if write authorization is needed, any access should be given only to directories
### that really need such authorization. ### that really need such authorization.
# Set permissions to app files # Set permissions to app files chown -R root: $final_path
chown -R $app: $final_path chown -R $app: $final_path
#================================================= #=================================================
@ -291,23 +289,34 @@ chown -R $app: $final_path
# INTEGRATE SERVICE IN YUNOHOST # INTEGRATE SERVICE IN YUNOHOST
#================================================= #=================================================
#ynh_script_progression --message="Integrating service in YunoHost..." --time --weight=1
### `yunohost service add` integrates a service in YunoHost. It then gets ### `yunohost service add` integrates a service in YunoHost. It then gets
### displayed in the admin interface and through the others `yunohost service` commands. ### displayed in the admin interface and through the others `yunohost service` commands.
### (N.B. : this line only makes sense if the app adds a service to the system!) ### (N.B.: this line only makes sense if the app adds a service to the system!)
### If you're not using these lines: ### If you're not using these lines:
### - You can remove these files in conf/. ### - You can remove these files in conf/.
### - Remove the section "REMOVE SERVICE FROM ADMIN PANEL" in the remove script ### - Remove the section "REMOVE SERVICE INTEGRATION IN YUNOHOST" in the remove script
### - As well as the section "ADVERTISE SERVICE IN ADMIN PANEL" in the restore script ### - As well as the section "INTEGRATE SERVICE IN YUNOHOST" in the restore script
### - And the section "INTEGRATE SERVICE IN YUNOHOST" in the upgrade script
#yunohost service add $app --description "A short description of the app" --log "/var/log/$app/$app.log" #yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log"
### With YunoHost 3.8 you will then be able to: ### Additional options starting with 3.8:
### - specify a list of ports that needs to be publicly exposed (c.f. --needs_exposed_ports) ###
### --needs_exposed_ports "$port" a list of ports that needs to be publicly exposed
### which will then be checked by YunoHost's diagnosis system ### which will then be checked by YunoHost's diagnosis system
### - specify a custom command to check the status of the service (c.f. --test_status) ### (N.B. DO NOT USE THIS is the port is only internal!!!)
### though it's only needed for weird cases where 'systemctl status' doesn't do a good job ###
### - specify a custom command to check / validate the configuration of the service (c.f. --test_conf) ### --test_status "some command" a custom command to check the status of the service
### for example, the command to check the configuration of nginx is "nginx -t" ### (only relevant if 'systemctl status' doesn't do a good job)
###
### --test_conf "some command" some command similar to "nginx -t" that validates the conf of the service
###
### Re-calling 'yunohost service add' during the upgrade script is the right way
### to proceed if you later realize that you need to enable some flags that
### weren't enabled on old installs (be careful it'll override the existing
### service though so you should re-provide all relevant flags when doing so)
#================================================= #=================================================
# START SYSTEMD SERVICE # START SYSTEMD SERVICE
@ -330,42 +339,34 @@ chown -R $app: $final_path
#================================================= #=================================================
#ynh_script_progression --message="Configuring fail2ban..." --time --weight=1 #ynh_script_progression --message="Configuring fail2ban..." --time --weight=1
# Create the log file is not already existing during install # Create a dedicated Fail2Ban config
#mkdir -p "/var/www/$app/var/logs/"
#touch "/var/www/$app/var/logs/prod.log"
#chown $app: "/var/www/$app/var/logs/prod.log"
# Create a dedicated fail2ban config
#ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login" #ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login"
#ynh_add_fail2ban_config --logpath="/var/www/$app/var/logs/prod.log" --failregex='app.ERROR: Authentication failure for user "([\w]+)?", from IP "<HOST>"' --max_retry=5
#================================================= #=================================================
# SETUP SSOWAT # SETUP SSOWAT
#================================================= #=================================================
##ynh_script_progression --message="Configuring permissions..." --time --weight=1 ynh_script_progression --message="Configuring SSOwat..." --time --weight=1
# Make app public if necessary # Make app public if necessary
##if [ $is_public -eq 1 ] if [ $is_public -eq 1 ]
##then then
# unprotected_uris allows SSO credentials to be passed anyway.
#ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
# Everyone can access the app. # Everyone can access the app.
# The "main" permission is automatically created before the install script. # The "main" permission is automatically created before the install script.
## ynh_permission_update --permission="main" --add="visitors" ynh_permission_update --permission="main" --add="visitors"
##fi fi
# Set the app as temporarily public for curl call # Only the admin can access the admin panel of the app (if the app has an admin panel)
ynh_script_progression --message="Configuring SSOwat..." --time --weight=1 ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin
# Making the app public for curl
ynh_permission_update --permission="main" --add="visitors" # Everyone can access to the api part
# Reload SSOwat config # We don't want to display the tile in the sso so we put --show_tile="false"
yunohost app ssowatconf # And we don't want that the YunoHost Admin can remove visitors group to this permission, so we put --protected="true"
ynh_permission_create --permission="api" --url "/api" --allowed="visitors" --show_tile="false" --protected="true"
#================================================= #=================================================
# RELOAD NGINX # RELOAD NGINX
#================================================= #=================================================
ynh_script_progression --message="Reloading NGINX web server..." --time --weight=1 ynh_script_progression --message="Reloading nginx web server..." --time --weight=1
ynh_systemd_action --service_name=nginx --action=reload ynh_systemd_action --service_name=nginx --action=reload