diff --git a/conf/nginx.conf b/conf/nginx.conf index 86f404e..1e6eee0 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -8,7 +8,7 @@ location __PATH__/ { index index.php; # Common parameter to increase upload size limit in conjunction with dedicated php-fpm file - #client_max_body_size 50M; + # client_max_body_size 50M; try_files $uri $uri/ index.php; location ~ [^/]\.php(/|$) { diff --git a/conf/systemd.service b/conf/systemd.service index f100e84..97d2900 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -11,9 +11,9 @@ ExecStart=__INSTALL_DIR__/script StandardOutput=append:/var/log/__APP__/__APP__.log StandardError=inherit +### Depending on specificities of your service/app, you may need to tweak these +### .. but this should be a good baseline # Sandboxing options to harden security -# Depending on specificities of your service/app, you may need to tweak these -# .. but this should be a good baseline # Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html NoNewPrivileges=yes PrivateTmp=yes diff --git a/scripts/backup b/scripts/backup index cf5e5c5..a675fe7 100755 --- a/scripts/backup +++ b/scripts/backup @@ -30,7 +30,7 @@ ynh_backup --src_path="$install_dir" # BACKUP THE DATA DIR #================================================= -# Only relevant if there is a "data_dir" resource for this app +### Only relevant if there is a "data_dir" resource for this app ynh_backup --src_path="$data_dir" --is_big #================================================= @@ -40,7 +40,6 @@ ynh_backup --src_path="$data_dir" --is_big # Backup the PHP-FPM configuration ynh_backup --src_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" - # Backup the nginx configuration ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" @@ -62,8 +61,8 @@ ynh_backup --src_path="/etc/cron.d/$app" ynh_backup --src_path="/etc/$app/" -# For apps with huge logs, you might want to pass --is_big, -# and in restore script, mkdir and pass --not_mandatory to ynh_restore_file. +### For apps with huge logs, you might want to pass --is_big, +### and in restore script, mkdir and pass --not_mandatory to ynh_restore_file. ynh_backup --src_path="/var/log/$app/" #================================================= diff --git a/scripts/install b/scripts/install index 99e2580..4db86ed 100755 --- a/scripts/install +++ b/scripts/install @@ -9,26 +9,24 @@ source _common.sh source /usr/share/yunohost/helpers -# Install parameters are automatically saved as settings -# -# Settings are automatically loaded as bash variables -# in every app script context, therefore typically these will exist: -# - $domain -# - $path -# - $language -# ... etc -# -# Resources defined in the manifest are provisioned prior to this script -# and corresponding settings are also available, such as: -# - $install_dir -# - $port -# - $db_name -# ... - -# -# $app is the app id (i.e. 'example' for first install, -# or 'example__2', '__3', ... for multi-instance installs) -# +### Install parameters are automatically saved as settings +### +### Settings are automatically loaded as bash variables +### in every app script context, therefore typically these will exist: +### - $domain +### - $path +### - $language +### ... etc +### +### Resources defined in the manifest are provisioned prior to this script +### and corresponding settings are also available, such as: +### - $install_dir +### - $port +### - $db_name +### ... +### +### $app is the app id (i.e. 'example' for first install, +### or 'example__2', '__3', ... for multi-instance installs) #================================================= # APP "BUILD" (DEPLOYING SOURCES, VENV, COMPILING ETC) @@ -44,9 +42,9 @@ ynh_script_progression --message="Setting up source files..." --weight=1 # Download, check integrity, uncompress and patch the source from manifest.toml ynh_setup_source --dest_dir="$install_dir" -# $install_dir will automatically be initialized with some decent -# permission by default ... however, you may need to recursively reapply -# ownership to all files such as after the ynh_setup_source step +### $install_dir will automatically be initialized with some decent +### permission by default ... however, you may need to recursively reapply +### ownership to all files such as after the ynh_setup_source step chown -R "$app:www-data" "$install_dir" #================================================= @@ -94,8 +92,6 @@ ynh_add_systemd_config ### - As well as the section "INTEGRATE SERVICE IN YUNOHOST" in the restore script ### - And the section "INTEGRATE SERVICE IN YUNOHOST" in the upgrade script -yunohost service add "$app" --description="A short description of the app" --log="/var/log/$app/$app.log" - ### Additional options starting with 3.8: ### ### --needs_exposed_ports "$port" a list of ports that needs to be publicly exposed @@ -111,6 +107,7 @@ yunohost service add "$app" --description="A short description of the app" --log ### to proceed if you later realize that you need to enable some flags that ### weren't enabled on old installs (be careful it'll override the existing ### service though so you should re-provide all relevant flags when doing so) +yunohost service add "$app" --description="A short description of the app" --log="/var/log/$app/$app.log" ### `ynh_use_logrotate` is used to configure a logrotate configuration for the logs of this app. ### Use this helper only if there is effectively a log file for this app. @@ -148,8 +145,8 @@ ynh_script_progression --message="Adding a configuration file..." --weight=1 ynh_add_config --template="some_config_file" --destination="$install_dir/some_config_file" # FIXME: this should be handled by the core in the future -# You may need to use chmod 600 instead of 400, -# for example if the app is expected to be able to modify its own config +### You may need to use chmod 600 instead of 400, +### for example if the app is expected to be able to modify its own config chmod 400 "$install_dir/some_config_file" chown "$app:$app" "$install_dir/some_config_file" diff --git a/scripts/remove b/scripts/remove index f0aaf93..9369d1b 100755 --- a/scripts/remove +++ b/scripts/remove @@ -9,25 +9,25 @@ source _common.sh source /usr/share/yunohost/helpers -# Settings are automatically loaded as bash variables -# in every app script context, therefore typically these will exist: -# - $domain -# - $path -# - $language -# - $install_dir -# - $port -# ... +### Settings are automatically loaded as bash variables +### in every app script context, therefore typically these will exist: +### - $domain +### - $path +### - $language +### - $install_dir +### - $port +### ... -# For remove operations : -# - the core will deprovision every resource defined in the manifest **after** this script is ran -# this includes removing the install directory, and data directory (if --purge was used) +### For remove operations : +### - the core will deprovision every resource defined in the manifest **after** this script is ran +### this includes removing the install directory, and data directory (if --purge was used) #================================================= # REMOVE SYSTEM CONFIGURATIONS #================================================= ynh_script_progression --message="Removing system configurations related to $app..." --weight=1 -# This should be a symetric version of what happens in the install script +### This should be a symetric version of what happens in the install script # Remove the service from the list of services known by YunoHost (added from `yunohost service add`) if ynh_exec_warn_less yunohost service status "$app" >/dev/null; then diff --git a/scripts/restore b/scripts/restore index 645e23d..d37b841 100755 --- a/scripts/restore +++ b/scripts/restore @@ -17,9 +17,9 @@ ynh_script_progression --message="Restoring the app main directory..." --weight= ynh_restore_file --origin_path="$install_dir" -# $install_dir will automatically be initialized with some decent -# permissions by default ... however, you may need to recursively reapply -# ownership to all files such as after the ynh_setup_source step +### $install_dir will automatically be initialized with some decent +### permissions by default ... however, you may need to recursively reapply +### ownership to all files such as after the ynh_setup_source step chown -R "$app:www-data" "$install_dir" #================================================= @@ -29,7 +29,7 @@ ynh_script_progression --message="Restoring the data directory..." --weight=1 ynh_restore_file --origin_path="$data_dir" --not_mandatory -# (Same as for install dir) +### (Same as for install dir) chown -R "$app:www-data" "$data_dir" #================================================= @@ -44,7 +44,7 @@ ynh_mysql_connect_as --user="$db_user" --password="$db_pwd" --database="$db_name #================================================= ynh_script_progression --message="Restoring system configurations related to $app..." --weight=1 -# This should be a symetric version of what happens in the install script +### This should be a symetric version of what happens in the install script ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" @@ -68,13 +68,13 @@ ynh_systemd_action --action=restart --service_name=fail2ban ynh_restore_file --origin_path="/etc/cron.d/$app" ynh_restore_file --origin_path="/etc/$app/" -# For apps with huge logs, you might want to not backup logs every time: -# The mkdir call is just here in case the log directory was not backed up. -# mkdir -p "/var/log/$app" -# chown $app:www-data "/var/log/$app" -# ynh_restore_file --src_path="/var/log/$app/" --not_mandatory -# -# For other apps, the simple way is better: +### For apps with huge logs, you might want to not backup logs every time: +### The mkdir call is just here in case the log directory was not backed up. +### mkdir -p "/var/log/$app" +### chown $app:www-data "/var/log/$app" +### ynh_restore_file --src_path="/var/log/$app/" --not_mandatory +### +### For other apps, the simple way is better: ynh_restore_file --origin_path="/var/log/$app/" @@ -92,7 +92,7 @@ ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./ #================================================= ynh_script_progression --message="Reloading NGINX web server and $app's service..." --weight=1 -# Typically you only have either $app or php-fpm but not both at the same time... +### Typically you only have either $app or php-fpm but not both at the same time... ynh_systemd_action --service_name="$app" --action="start" --log_path="/var/log/$app/$app.log" ynh_systemd_action --service_name="php$phpversion-fpm" --action=reload diff --git a/scripts/upgrade b/scripts/upgrade index 01fbd5e..1cfde47 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -9,18 +9,18 @@ source _common.sh source /usr/share/yunohost/helpers -# Settings are automatically loaded as bash variables -# in every app script context, therefore typically these will exist: -# - $domain -# - $path -# - $language -# - $install_dir -# - $port -# ... +### Settings are automatically loaded as bash variables +### in every app script context, therefore typically these will exist: +### - $domain +### - $path +### - $language +### - $install_dir +### - $port +### ... -# In the context of upgrade, -# - resources are automatically provisioned / updated / deleted (depending on existing resources) -# - a safety backup is automatically created by the core and will be restored if the upgrade fails +### In the context of upgrade, +### - resources are automatically provisioned / updated / deleted (depending on existing resources) +### - a safety backup is automatically created by the core and will be restored if the upgrade fails ### This helper will compare the version of the currently installed app and the version of the upstream package. ### $upgrade_type can have 2 different values @@ -37,11 +37,9 @@ upgrade_type=$(ynh_check_app_version_changed) #================================================= #ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 -# -# N.B. : the following setting migration snippets are provided as *EXAMPLES* -# of what you may want to do in some cases (e.g. a setting was not defined on -# some legacy installs and you therefore want to initiaze stuff during upgrade) -# +### N.B. : the following setting migration snippets are provided as *EXAMPLES* +### of what you may want to do in some cases (e.g. a setting was not defined on +### some legacy installs and you therefore want to initiaze stuff during upgrade) # If db_name doesn't exist, create it # if [ -z "$db_name" ]; then @@ -75,9 +73,9 @@ if [ "$upgrade_type" == "UPGRADE_APP" ]; then ynh_setup_source --dest_dir="$install_dir" fi -# $install_dir will automatically be initialized with some decent -# permissions by default ... however, you may need to recursively reapply -# ownership to all files such as after the ynh_setup_source step +### $install_dir will automatically be initialized with some decent +### permissions by default ... however, you may need to recursively reapply +### ownership to all files such as after the ynh_setup_source step chown -R "$app:www-data" "$install_dir" #================================================= @@ -85,7 +83,7 @@ chown -R "$app:www-data" "$install_dir" #================================================= ynh_script_progression --message="Upgrading system configurations related to $app..." --weight=1 -# This should be a literal copypaste of what happened in the install's "System configuration" section +### This should be a literal copypaste of what happened in the install's "System configuration" section ynh_add_fpm_config @@ -114,8 +112,8 @@ ynh_script_progression --message="Updating a configuration file..." --weight=1 ynh_add_config --template="some_config_file" --destination="$install_dir/some_config_file" # FIXME: this should be handled by the core in the future -# You may need to use chmod 600 instead of 400, -# for example if the app is expected to be able to modify its own config +### You may need to use chmod 600 instead of 400, +### for example if the app is expected to be able to modify its own config chmod 400 "$install_dir/some_config_file" chown "$app:$app" "$install_dir/some_config_file"