YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #916 from pitchum/fix-1516-separate-xmpp-vhosts

Browse source 
[enh] Setup all XMPP components for each "parent" domains
This commit is contained in:
Alexandre Aubin 2020-04-27 18:03:51 +02:00 committed by GitHub
commit 2e51a80132
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 76 additions and 61 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
data/actionsmap/yunohost.yml
View file

@ -406,6 +406,10 @@ domain:
list: list:
action_help: List domains action_help: List domains
api: GET /domains api: GET /domains
arguments:
--exclude-subdomains:
help: Filter out domains that are obviously subdomains of other declared domains
action: store_true
### domain_add() ### domain_add()
add: add:

10
data/hooks/conf_regen/12-metronome
View file

@ -43,16 +43,16 @@ do_post_regen() {
# retrieve variables # retrieve variables
main_domain=$(cat /etc/yunohost/current_host) main_domain=$(cat /etc/yunohost/current_host)
domain_list=$(yunohost domain list --output-as plain --quiet) domain_list=$(yunohost domain list --exclude-subdomains --output-as plain --quiet)
# create metronome directories for domains # create metronome directories for domains
for domain in $domain_list; do for domain in $domain_list; do
mkdir -p "/var/lib/metronome/${domain//./%2e}/pep" mkdir -p "/var/lib/metronome/${domain//./%2e}/pep"
# http_upload directory must be writable by metronome and readable by nginx
mkdir -p "/var/xmpp-upload/${domain}/upload"
chmod g+s "/var/xmpp-upload/${domain}/upload"
chown -R metronome:www-data "/var/xmpp-upload/${domain}"
done done
# http_upload directory must be writable by metronome and readable by nginx
mkdir -p "/var/xmpp-upload/${main_domain}/upload"
chmod g+s "/var/xmpp-upload/${main_domain}/upload"
chown -R metronome:www-data "/var/xmpp-upload/${main_domain}"
# fix some permissions # fix some permissions
chown -R metronome: /var/lib/metronome/ chown -R metronome: /var/lib/metronome/

56
data/templates/metronome/domain.tpl.cfg.lua
View file

@ -1,4 +1,5 @@
VirtualHost "{{ domain }}" VirtualHost "{{ domain }}"
enable = true
ssl = { ssl = {
key = "/etc/yunohost/certs/{{ domain }}/key.pem"; key = "/etc/yunohost/certs/{{ domain }}/key.pem";
certificate = "/etc/yunohost/certs/{{ domain }}/crt.pem"; certificate = "/etc/yunohost/certs/{{ domain }}/crt.pem";
@ -13,3 +14,58 @@ VirtualHost "{{ domain }}"
namefield = "cn", namefield = "cn",
}, },
} }
-- Discovery items
disco_items = {
{ "muc.{{ domain }}" },
{ "pubsub.{{ domain }}" },
{ "jabber.{{ domain }}" },
{ "vjud.{{ domain }}" },
{ "xmpp-upload.{{ domain }}" },
};
-- contact_info = {
-- abuse = { "mailto:abuse@{{ domain }}", "xmpp:admin@{{ domain }}" };
-- admin = { "mailto:root@{{ domain }}", "xmpp:admin@{{ domain }}" };
-- };
------ Components ------
-- You can specify components to add hosts that provide special services,
-- like multi-user conferences, and transports.
---Set up a MUC (multi-user chat) room server
Component "muc.{{ domain }}" "muc"
name = "{{ domain }} Chatrooms"
modules_enabled = {
"muc_limits";
"muc_log";
"muc_log_mam";
"muc_log_http";
"muc_vcard";
}
muc_event_rate = 0.5
muc_burst_factor = 10
---Set up a PubSub server
Component "pubsub.{{ domain }}" "pubsub"
name = "{{ domain }} Publish/Subscribe"
unrestricted_node_creation = true -- Anyone can create a PubSub node (from any server)
---Set up a HTTP Upload service
Component "xmpp-upload.{{ domain }}" "http_upload"
name = "{{ domain }} Sharing Service"
http_file_path = "/var/xmpp-upload/{{ domain }}/upload"
http_external_url = "https://xmpp-upload.{{ domain }}:443"
http_file_base_path = "/upload"
http_file_size_limit = 6*1024*1024
http_file_quota = 60*1024*1024
http_upload_file_size_limit = 100 * 1024 * 1024 -- bytes
http_upload_quota = 10 * 1024 * 1024 * 1024 -- bytes
---Set up a VJUD service
Component "vjud.{{ domain }}" "vjud"
vjud_disco_name = "{{ domain }} User Directory"

47
data/templates/metronome/metronome.cfg.lua
View file

@ -81,14 +81,6 @@ http_interfaces = { "127.0.0.1", "::1" }
-- Enable IPv6 -- Enable IPv6
use_ipv6 = true use_ipv6 = true
-- Discovery items
disco_items = {
{ "muc.{{ main_domain }}" },
{ "pubsub.{{ main_domain }}" },
{ "xmpp-upload.{{ main_domain }}" },
{ "vjud.{{ main_domain }}" }
};
-- BOSH configuration (mod_bosh) -- BOSH configuration (mod_bosh)
consider_bosh_secure = true consider_bosh_secure = true
cross_domain_bosh = true cross_domain_bosh = true
@ -119,45 +111,6 @@ log = {
Component "localhost" "http" Component "localhost" "http"
modules_enabled = { "bosh" } modules_enabled = { "bosh" }
---Set up a MUC (multi-user chat) room server
Component "muc.{{ main_domain }}" "muc"
name = "{{ main_domain }} Chatrooms"
modules_enabled = {
"muc_limits";
"muc_log";
"muc_log_mam";
"muc_log_http";
"muc_vcard";
}
muc_event_rate = 0.5
muc_burst_factor = 10
---Set up a PubSub server
Component "pubsub.{{ main_domain }}" "pubsub"
name = "{{ main_domain }} Publish/Subscribe"
unrestricted_node_creation = true -- Anyone can create a PubSub node (from any server)
---Set up a HTTP Upload service
Component "xmpp-upload.{{ main_domain }}" "http_upload"
name = "{{ main_domain }} Sharing Service"
http_file_path = "/var/xmpp-upload/{{ main_domain }}/upload"
http_external_url = "https://xmpp-upload.{{ main_domain }}:443"
http_file_base_path = "/upload"
http_file_size_limit = 6*1024*1024
http_file_quota = 60*1024*1024
http_upload_file_size_limit = 100 * 1024 * 1024 -- bytes
http_upload_quota = 10 * 1024 * 1024 * 1024 -- bytes
---Set up a VJUD service
Component "vjud.{{ main_domain }}" "vjud"
ud_disco_name = "{{ main_domain }} User Directory"
----------- Virtual hosts ----------- ----------- Virtual hosts -----------
-- You need to add a VirtualHost entry for each domain you wish Metronome to serve. -- You need to add a VirtualHost entry for each domain you wish Metronome to serve.
-- Settings under each VirtualHost entry apply *only* to that host. -- Settings under each VirtualHost entry apply *only* to that host.

6
src/yunohost/certificate.py
View file

@ -592,9 +592,9 @@ def _prepare_certificate_signing_request(domain, key_file, output_folder):
# Set the domain # Set the domain
csr.get_subject().CN = domain csr.get_subject().CN = domain
from yunohost.domain import _get_maindomain from yunohost.domain import domain_list
if domain == _get_maindomain(): # For "parent" domains, include xmpp-upload subdomain in subject alternate names
# Include xmpp-upload subdomain in subject alternate names if domain in domain_list(exclude_subdomains=True)["domains"]:
subdomain = "xmpp-upload." + domain subdomain = "xmpp-upload." + domain
try: try:
_dns_ip_match_public_ip(get_public_ip(), subdomain) _dns_ip_match_public_ip(get_public_ip(), subdomain)

14
src/yunohost/domain.py
View file

@ -41,24 +41,26 @@ from yunohost.hook import hook_callback
logger = getActionLogger('yunohost.domain') logger = getActionLogger('yunohost.domain')
def domain_list(): def domain_list(exclude_subdomains=False):
""" """
List domains List domains
Keyword argument: Keyword argument:
filter -- LDAP filter used to search exclude_subdomains -- Filter out domains that are subdomains of other declared domains
offset -- Starting number for domain fetching
limit -- Maximum number of domain fetched
""" """
from yunohost.utils.ldap import _get_ldap_interface from yunohost.utils.ldap import _get_ldap_interface
ldap = _get_ldap_interface() ldap = _get_ldap_interface()
result = ldap.search('ou=domains,dc=yunohost,dc=org', 'virtualdomain=*', ['virtualdomain']) result = [entry['virtualdomain'][0] for entry in ldap.search('ou=domains,dc=yunohost,dc=org', 'virtualdomain=*', ['virtualdomain'])]
result_list = [] result_list = []
for domain in result: for domain in result:
result_list.append(domain['virtualdomain'][0]) if exclude_subdomains:
parent_domain = domain.split(".", 1)[1]
if parent_domain in result:
continue
result_list.append(domain)
return {'domains': result_list} return {'domains': result_list}