diff --git a/conf/nginx_vpnadmin.conf b/conf/nginx.conf similarity index 80% rename from conf/nginx_vpnadmin.conf rename to conf/nginx.conf index 1185d29..96ad003 100644 --- a/conf/nginx_vpnadmin.conf +++ b/conf/nginx.conf @@ -1,34 +1,40 @@ -# VPN Client app for YunoHost +# VPN Client app for YunoHost # Copyright (C) 2015 Julien Vaubourg # Contribute at https://github.com/labriqueinternet/vpnclient_ynh -# +# # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. -# +# # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. -# +# # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . -location { - alias ; +location __PATH__ { + # Path to source + alias __FINALPATH__/ ; + + # Force usage of https if ($scheme = http) { rewrite ^ https://$server_name$request_uri? permanent; } + # Common parameter to increase upload size limit in conjunction with dedicated php-fpm file client_max_body_size 10G; + index index.php; + try_files $uri $uri/ index.php; location ~ [^/]\.php(/|$) { fastcgi_split_path_info ^(.+?\.php)(/.*)$; - fastcgi_pass unix:/var/run/php5-fpm-.sock; + fastcgi_pass unix:/var/run/php/php7.0-fpm-__NAME__.sock; fastcgi_index index.php; include fastcgi_params; fastcgi_read_timeout 600; @@ -37,5 +43,6 @@ location { fastcgi_param SCRIPT_FILENAME $request_filename; } + # Include SSOWAT user panel. include conf.d/yunohost_panel.conf.inc; } diff --git a/conf/phpfpm_vpnadmin.conf b/conf/php-fpm.conf similarity index 97% rename from conf/phpfpm_vpnadmin.conf rename to conf/php-fpm.conf index a53e4fc..70adb50 100644 --- a/conf/phpfpm_vpnadmin.conf +++ b/conf/php-fpm.conf @@ -1,24 +1,24 @@ -; VPN Client app for YunoHost +; VPN Client app for YunoHost ; Copyright (C) 2015 Julien Vaubourg ; Contribute at https://github.com/labriqueinternet/vpnclient_ynh -; +; ; This program is free software: you can redistribute it and/or modify ; it under the terms of the GNU Affero General Public License as published by ; the Free Software Foundation, either version 3 of the License, or ; (at your option) any later version. -; +; ; This program is distributed in the hope that it will be useful, ; but WITHOUT ANY WARRANTY; without even the implied warranty of ; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ; GNU Affero General Public License for more details. -; +; ; You should have received a copy of the GNU Affero General Public License ; along with this program. If not, see . - -; Start a new pool named ''. + +; Start a new pool named 'www'. ; the variable $pool can we used in any directive and will be replaced by the ; pool name ('www' here) -[] +[__NAMETOCHANGE__] ; The address on which to accept FastCGI requests. ; Valid syntaxes are: @@ -28,7 +28,7 @@ ; specific port; ; '/path/to/unix/socket' - to listen on a unix socket. ; Note: This value is mandatory. -listen = /var/run/php5-fpm-.sock +listen = /var/run/php/php7.0-fpm-__NAMETOCHANGE__.sock ; Set permissions for unix socket, if one is used. In Linux, read/write ; permissions must be set in order to allow connections from a web server. Many @@ -42,8 +42,8 @@ listen.mode = 0600 ; Unix user/group of processes ; Note: The user is mandatory. If the group is not set, the default user's group ; will be used. -user = -group = +user = __USER__ +group = __USER__ ; Choose how the process manager will control the number of child processes. ; Possible Values: @@ -157,7 +157,7 @@ request_slowlog_timeout = 0 ; The log file for slow requests ; Default Value: not set ; Note: slowlog is mandatory if request_slowlog_timeout is set -slowlog = /var/log/nginx/.slow.log +slowlog = /var/log/nginx/[__NAMETOCHANGE__].slow.log ; Set open file descriptor rlimit. ; Default Value: system defined value @@ -171,7 +171,7 @@ rlimit_core = 0 ; Chdir to this directory at the start. ; Note: relative path can be used. ; Default Value: current directory or / when chroot -chdir = +chdir = __FINALPATH__ ; Redirect worker stdout and stderr into main error log. If not set, stdout and ; stderr will be redirected to /dev/null according to FastCGI specs. diff --git a/conf/ynh-vpnclient b/conf/ynh-vpnclient index a75823c..628c740 100644 --- a/conf/ynh-vpnclient +++ b/conf/ynh-vpnclient @@ -238,10 +238,10 @@ ynh_setting_set() { if [ "$1" != restart ]; then - # Restart php5-fpm at the first start (it needs to be restarted after the slapd start) + # Restart php-fpm at the first start (it needs to be restarted after the slapd start) if [ ! -e /tmp/.ynh-vpnclient-boot ]; then touch /tmp/.ynh-vpnclient-boot - systemctl restart php5-fpm + systemctl restart php7.0-fpm fi # Check configuration consistency diff --git a/scripts/_common.sh b/scripts/_common.sh index 6be8a1d..ccf12aa 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -3,23 +3,8 @@ # Common variables and helpers # -pkg_dependencies="php5-fpm sipcalc dnsutils openvpn curl fake-hwclock" +pkg_dependencies="php7.0-fpm sipcalc dnsutils openvpn curl fake-hwclock" -log() { - echo "${1}" -} - -info() { - log "[INFO] ${1}" -} - -warn() { - log "[WARN] ${1}" -} - -err() { - log "[ERR] ${1}" -} to_logs() { # When yunohost --verbose or bash -x @@ -52,7 +37,7 @@ ynh_abort_if_up_to_date () { version=$(read_json "/etc/yunohost/apps/$YNH_APP_INSTANCE_NAME/manifest.json" 'version' 2> /dev/null || echo '20160501-7') last_version=$(read_manifest 'version') if [ "${version}" = "${last_version}" ]; then - info "Up-to-date, nothing to do" + ynh_print_info "Up-to-date, nothing to do" ynh_die "" 0 fi } @@ -63,9 +48,9 @@ ynh_abort_if_up_to_date () { # | arg: manifest - Path of the manifest to read # | arg: key - Name of the key to find ynh_read_manifest () { - manifest="$1" - key="$2" - python3 -c "import sys, json;print(json.load(open('$manifest', encoding='utf-8'))['$key'])" + manifest="$1" + key="$2" + python3 -c "import sys, json;print(json.load(open('$manifest', encoding='utf-8'))['$key'])" } # Read the upstream version from the manifest @@ -78,7 +63,7 @@ ynh_read_manifest () { ynh_app_upstream_version () { manifest_path="../manifest.json" if [ ! -e "$manifest_path" ]; then - manifest_path="../settings/manifest.json" # Into the restore script, the manifest is not at the same place + manifest_path="../settings/manifest.json" # Into the restore script, the manifest is not at the same place fi version_key=$(ynh_read_manifest "$manifest_path" "version") echo "${version_key/~ynh*/}" @@ -94,7 +79,7 @@ ynh_app_upstream_version () { ynh_app_package_version () { manifest_path="../manifest.json" if [ ! -e "$manifest_path" ]; then - manifest_path="../settings/manifest.json" # Into the restore script, the manifest is not at the same place + manifest_path="../settings/manifest.json" # Into the restore script, the manifest is not at the same place fi version_key=$(ynh_read_manifest "$manifest_path" "version") echo "${version_key/*~ynh/}" @@ -111,24 +96,24 @@ ynh_app_package_version () { # # usage: ynh_abort_if_up_to_date ynh_abort_if_up_to_date () { - local force_upgrade=${YNH_FORCE_UPGRADE:-0} - local package_check=${PACKAGE_CHECK_EXEC:-0} + local force_upgrade=${YNH_FORCE_UPGRADE:-0} + local package_check=${PACKAGE_CHECK_EXEC:-0} - local version=$(ynh_read_manifest "/etc/yunohost/apps/$YNH_APP_INSTANCE_NAME/manifest.json" "version" || echo 1.0) - local last_version=$(ynh_read_manifest "../manifest.json" "version" || echo 1.0) - if [ "$version" = "$last_version" ] - then - if [ "$force_upgrade" != "0" ] - then - echo "Upgrade forced by YNH_FORCE_UPGRADE." >&2 - unset YNH_FORCE_UPGRADE - elif [ "$package_check" != "0" ] - then - echo "Upgrade forced for package check." >&2 - else - ynh_die "Up-to-date, nothing to do" 0 - fi - fi + local version=$(ynh_read_manifest "/etc/yunohost/apps/$YNH_APP_INSTANCE_NAME/manifest.json" "version" || echo 1.0) + local last_version=$(ynh_read_manifest "../manifest.json" "version" || echo 1.0) + if [ "$version" = "$last_version" ] + then + if [ "$force_upgrade" != "0" ] + then + echo "Upgrade forced by YNH_FORCE_UPGRADE." >&2 + unset YNH_FORCE_UPGRADE + elif [ "$package_check" != "0" ] + then + echo "Upgrade forced for package check." >&2 + else + ynh_die "Up-to-date, nothing to do" 0 + fi + fi } # Operations needed by both 'install' and 'upgrade' scripts @@ -163,8 +148,6 @@ function vpnclient_deploy_files_and_services() install -b -o root -g ${sysuser} -m 0664 ../conf/openvpn_client.conf.tpl /etc/openvpn/client.conf.tpl install -o root -g root -m 0644 ../conf/openvpn_client.conf.tpl /etc/openvpn/client.conf.tpl.restore - install -b -o root -g root -m 0644 ../conf/nginx_vpnadmin.conf "/etc/nginx/conf.d/${domain}.d/${app}.conf" - install -b -o root -g root -m 0644 ../conf/phpfpm_vpnadmin.conf /etc/php5/fpm/pool.d/${app}.conf install -b -o root -g root -m 0755 ../conf/hook_post-iptable-rules /etc/yunohost/hooks.d/90-vpnclient.tpl install -b -o root -g root -m 0644 ../conf/openvpn@.service /etc/systemd/system/ @@ -183,22 +166,21 @@ function vpnclient_deploy_files_and_services() #================================================= # NGINX CONFIGURATION #================================================= + ynh_print_info "Configuring nginx web server..." - sed "s||${path_url}|g" -i "/etc/nginx/conf.d/${domain}.d/${app}.conf" - sed "s||/var/www/${app}/|g" -i "/etc/nginx/conf.d/${domain}.d/${app}.conf" - sed "s||${app}|g" -i "/etc/nginx/conf.d/${domain}.d/${app}.conf" + ynh_add_nginx_config #================================================= # PHP-FPM CONFIGURATION #================================================= + ynh_print_info "Configuring php-fpm..." - sed "s||${app}|g" -i /etc/php5/fpm/pool.d/${app}.conf - sed "s||${sysuser}|g" -i /etc/php5/fpm/pool.d/${app}.conf - sed "s||${sysuser}|g" -i /etc/php5/fpm/pool.d/${app}.conf - sed "s||/var/www/${app}/|g" -i /etc/php5/fpm/pool.d/${app}.conf + ynh_add_fpm_config + + #================================================= # Fix sources - sed "s||${path_url}|g" -i /var/www/${app}/config.php + ynh_replace_string "__PATH__" "${path_url}" "/var/www/${app}/config.php" # Copy init script install -o root -g root -m 0755 ../conf/ynh-vpnclient /usr/local/bin/ diff --git a/scripts/install b/scripts/install index f7e7c80..1f799ac 100644 --- a/scripts/install +++ b/scripts/install @@ -49,6 +49,7 @@ service_checker_name=$service_name"-checker" #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= +ynh_print_info "Validating installation parameters..." # Check destination directory test ! -e "$final_path" || ynh_die "Path is already in use: ${final_path}." @@ -59,6 +60,7 @@ ynh_webpath_register "$app" "$domain" "$path_url" #================================================= # STORE SETTINGS FROM MANIFEST #================================================= +ynh_print_info "Storing installation settings..." ynh_app_setting_set "$app" domain "$domain" ynh_app_setting_set "$app" final_path "$final_path" @@ -68,15 +70,21 @@ ynh_app_setting_set "$app" final_path "$final_path" #================================================= # INSTALL DEPENDENCIES #================================================= +ynh_print_info "Installing dependencies..." ynh_install_app_dependencies "$pkg_dependencies" #================================================= # DEPLOY FILES FROM PACKAGE #================================================= +ynh_print_info "Deploy files from package..." vpnclient_deploy_files_and_services "${domain}" "${app}" +#================================================= +# RELOAD SERVICES +#================================================= +ynh_print_info "Reloading services..." # Set default inits # The boot order of these services are important, so they are disabled by default @@ -102,4 +110,8 @@ yunohost service enable $service_checker_name systemctl start $service_checker_name.timer systemctl enable $service_checker_name.timer -yunohost app ssowatconf +#================================================= +# END OF SCRIPT +#================================================= + +ynh_print_info "Installation of $app completed" diff --git a/scripts/remove b/scripts/remove index 054fe96..3ac37db 100644 --- a/scripts/remove +++ b/scripts/remove @@ -29,6 +29,7 @@ source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= +ynh_print_info "Loading installation settings..." app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get $app domain) @@ -37,8 +38,9 @@ service_name="ynh-vpnclient" service_checker_name=$service_name"-checker" #================================================= - -# Stop and remove yunohost services +# STOP AND REMOVE SERVICES +#================================================= +ynh_print_info "Stopping and removing services" yunohost service stop $service_checker_name yunohost service disable $service_checker_name @@ -55,19 +57,45 @@ do ynh_secure_remove "$FILE" done -# Remove confs +#================================================= +# REMOVE NGINX CONFIGURATION +#================================================= +ynh_print_info "Removing nginx web server configuration" + +# Remove the dedicated nginx config +ynh_remove_nginx_config + +#================================================= +# REMOVE PHP-FPM CONFIGURATION +#================================================= +ynh_print_info "Removing php-fpm configuration" + +# Remove the dedicated php-fpm config +ynh_remove_fpm_config + +#================================================= +# SPECIFIC REMOVE +#================================================ +ynh_print_info "Removing openvpn configuration" + +# Remove openvpn configurations ynh_secure_remove /etc/openvpn/client.conf ynh_secure_remove /etc/openvpn/client.conf.tpl ynh_secure_remove /etc/openvpn/client.conf.tpl.restore -ynh_secure_remove /etc/nginx/conf.d/${domain}.d/${app}.conf -ynh_secure_remove /etc/php5/fpm/pool.d/${app}.conf + +# Remove YunoHost hook ynh_secure_remove /etc/yunohost/hooks.d/90-vpnclient.tpl + +# Remove openvpn service ynh_secure_remove /etc/systemd/system/openvpn@.service -# Remove certificates +# Remove openvpn certificates ynh_secure_remove /etc/openvpn/keys -# Remove packages +#================================================= +# REMOVE DEPENDENCIES +#================================================= +ynh_print_info "Removing dependencies" ynh_remove_app_dependencies # Remove sources @@ -82,6 +110,18 @@ systemctl daemon-reload systemctl restart php5-fpm systemctl reload nginx -# Removed system user +#================================================= +# REMOVE DEDICATED USER +#================================================= + +ynh_print_info "Removing the dedicated system user" + +# Delete a system user ynh_system_user_delete ${app} ynh_secure_remove "/etc/sudoers.d/${app}_ynh" + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_print_info "Removal of $app completed" diff --git a/scripts/upgrade b/scripts/upgrade index eef179d..0e398f5 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -12,6 +12,7 @@ source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= +ynh_print_info "Loading installation settings..." app=$YNH_APP_INSTANCE_NAME @@ -64,6 +65,7 @@ ynh_abort_if_errors #================================================= # INSTALL DEPENDENCIES #================================================= +ynh_print_info "Installing dependencies..." ynh_install_app_dependencies "$pkg_dependencies" @@ -85,8 +87,9 @@ ynh_secure_remove ${tmpdir} #================================================= # RELOAD RELEVANT SERVICES #================================================= +ynh_print_info "Reload services..." -systemctl reload php5-fpm +systemctl reload php7.0-fpm systemctl reload nginx ### Make sure that the yunohost services have a description and need-lock enabled @@ -133,3 +136,9 @@ if systemctl is-active $service_name.timer >/dev/null; then yunohost service restart $service_checker_name.timer fi + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_print_info "Upgrade of $app completed" diff --git a/sources/config.php b/sources/config.php index dce0aa6..eb790cf 100644 --- a/sources/config.php +++ b/sources/config.php @@ -1,19 +1,19 @@ * Contribute at https://github.com/labriqueinternet/vpnclient_ynh - * + * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. - * + * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Affero General Public License for more details. - * + * * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ @@ -22,11 +22,11 @@ function configure() { option('env', ENV_PRODUCTION); option('debug', false); - option('base_uri', '/'); + option('base_uri', '__PATH__/'); layout('layout.html.php'); - define('PUBLIC_DIR', '/public'); + define('PUBLIC_DIR', '__PATH__/public'); } // Before routing