* Fix the issue alias_traversal
https://github.com/yandex/gixy/blob/master/docs/en/plugins/aliastraversal.md
* Update fix alias_traversal
* Don't change original nginx conf file and add change_url
* Use newest version of ynh_add_nginx_config from #462
No more need to deal with "#sub_path_only"
* Revert "Use newest version of ynh_add_nginx_config from #462" as it's not released (and subject to discussions)!
This reverts commit fac62c49ff.
* Fix indentation
		
	
			
		
			
				
	
	
		
			160 lines
		
	
	
		
			4.5 KiB
		
	
	
	
		
			Bash
		
	
	
		
			Executable File
		
	
	
	
	
			
		
		
	
	
			160 lines
		
	
	
		
			4.5 KiB
		
	
	
	
		
			Bash
		
	
	
		
			Executable File
		
	
	
	
	
| #!/bin/bash
 | |
| 
 | |
| #=================================================
 | |
| # GENERIC START
 | |
| #=================================================
 | |
| # IMPORT GENERIC HELPERS
 | |
| #=================================================
 | |
| 
 | |
| source _common.sh
 | |
| source /usr/share/yunohost/helpers
 | |
| 
 | |
| #=================================================
 | |
| # LOAD SETTINGS
 | |
| #=================================================
 | |
| 
 | |
| app=$YNH_APP_INSTANCE_NAME
 | |
| 
 | |
| domain=$(ynh_app_setting_get $app domain)
 | |
| path_url=$(ynh_app_setting_get $app path)
 | |
| admin=$(ynh_app_setting_get $app admin)
 | |
| is_public=$(ynh_app_setting_get $app is_public)
 | |
| final_path=$(ynh_app_setting_get $app final_path)
 | |
| port=$(ynh_app_setting_get $app port)
 | |
| db_name=$(ynh_app_setting_get $app db_name)
 | |
| 
 | |
| #=================================================
 | |
| # ENSURE DOWNWARD COMPATIBILITY
 | |
| #=================================================
 | |
| 
 | |
| # Fix is_public as a boolean value
 | |
| if [ "$is_public" = "Yes" ]; then
 | |
| 	ynh_app_setting_set $app is_public 1
 | |
| 	is_public=1
 | |
| elif [ "$is_public" = "No" ]; then
 | |
| 	ynh_app_setting_set $app is_public 0
 | |
| 	is_public=0
 | |
| fi
 | |
| 
 | |
| # If db_name doesn't exist, create it
 | |
| if [ -z $db_name ]; then
 | |
| 	db_name=$(ynh_sanitize_dbid $app)
 | |
| 	ynh_app_setting_set $app db_name $db_name
 | |
| fi
 | |
| 
 | |
| # If final_path doesn't exist, create it
 | |
| if [ -z $final_path ]; then
 | |
| 	final_path=/var/www/$app
 | |
| 	ynh_app_setting_set $app final_path $final_path
 | |
| fi
 | |
| 
 | |
| #=================================================
 | |
| # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
 | |
| #=================================================
 | |
| 
 | |
| # Backup the current version of the app
 | |
| ynh_backup_before_upgrade
 | |
| ynh_clean_setup () {
 | |
| 	# restore it if the upgrade fails
 | |
| 	ynh_restore_upgradebackup
 | |
| }
 | |
| # Exit if an error occurs during the execution of the script
 | |
| ynh_abort_if_errors
 | |
| 
 | |
| #=================================================
 | |
| # CHECK THE PATH
 | |
| #=================================================
 | |
| 
 | |
| # Normalize the URL path syntax
 | |
| path_url=$(ynh_normalize_url_path $path_url)
 | |
| 
 | |
| #=================================================
 | |
| # STANDARD UPGRADE STEPS
 | |
| #=================================================
 | |
| # DOWNLOAD, CHECK AND UNPACK SOURCE
 | |
| #=================================================
 | |
| 
 | |
| # Download, check integrity, uncompress and patch the source from app.src
 | |
| ynh_setup_source "$final_path"
 | |
| 
 | |
| #=================================================
 | |
| # NGINX CONFIGURATION
 | |
| #=================================================
 | |
| 
 | |
| # Create a dedicated nginx config
 | |
| ynh_add_nginx_config
 | |
| if [ "$path_url" != "/" ]
 | |
| then
 | |
| 	ynh_replace_string "^#sub_path_only" "" "/etc/nginx/conf.d/$domain.d/$app.conf"
 | |
| fi
 | |
| ynh_store_file_checksum "/etc/nginx/conf.d/$domain.d/$app.conf"
 | |
| 
 | |
| #=================================================
 | |
| # CREATE DEDICATED USER
 | |
| #=================================================
 | |
| 
 | |
| # Create a system user
 | |
| ynh_system_user_create $app
 | |
| 
 | |
| #=================================================
 | |
| # PHP-FPM CONFIGURATION
 | |
| #=================================================
 | |
| 
 | |
| # Create a dedicated php-fpm config
 | |
| ynh_add_fpm_config
 | |
| 
 | |
| #=================================================
 | |
| # SPECIFIC UPGRADE
 | |
| #=================================================
 | |
| # ...
 | |
| #=================================================
 | |
| 
 | |
| # Verify the checksum and backup the file if it's different
 | |
| ynh_backup_if_checksum_is_different "$final_path/CONFIG_FILE"
 | |
| # Recalculate and store the config file checksum into the app settings
 | |
| ynh_store_file_checksum "$final_path/CONFIG_FILE"
 | |
| 
 | |
| #=================================================
 | |
| # SETUP LOGROTATE
 | |
| #=================================================
 | |
| 
 | |
| # Use logrotate to manage app-specific logfile(s)
 | |
| ynh_use_logrotate --non-append
 | |
| 
 | |
| #=================================================
 | |
| # SETUP SYSTEMD
 | |
| #=================================================
 | |
| 
 | |
| # Create a dedicated systemd config
 | |
| ynh_add_systemd_config
 | |
| 
 | |
| #=================================================
 | |
| # GENERIC FINALIZATION
 | |
| #=================================================
 | |
| # SECURE FILES AND DIRECTORIES
 | |
| #=================================================
 | |
| 
 | |
| # Set right permissions for curl installation
 | |
| chown -R root: $final_path
 | |
| 
 | |
| #=================================================
 | |
| # SETUP SSOWAT
 | |
| #=================================================
 | |
| 
 | |
| if [ $is_public -eq 0 ]
 | |
| then	# Remove the public access
 | |
| 	ynh_app_setting_delete $app skipped_uris
 | |
| fi
 | |
| # Make app public if necessary
 | |
| if [ $is_public -eq 1 ]
 | |
| then
 | |
| 	# unprotected_uris allows SSO credentials to be passed anyway
 | |
| 	ynh_app_setting_set $app unprotected_uris "/"
 | |
| fi
 | |
| 
 | |
| #=================================================
 | |
| # RELOAD NGINX
 | |
| #=================================================
 | |
| 
 | |
| systemctl reload nginx
 |