Fix reachability & prepare
- Added placeholder Nginx configs for the subdomains - Added additional URLs to the SSO permissions
This commit is contained in:
parent
31282c3cb3
commit
008a113068
5 changed files with 65 additions and 14 deletions
14
conf/nginx.groups.conf
Normal file
14
conf/nginx.groups.conf
Normal file
|
|
@ -0,0 +1,14 @@
|
|||
location / { # TODO
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
|
||||
client_max_body_size 1M; # default is 1M
|
||||
|
||||
proxy_connect_timeout 10m;
|
||||
proxy_send_timeout 10m;
|
||||
proxy_read_timeout 10m;
|
||||
send_timeout 10m;
|
||||
|
||||
proxy_pass http://127.0.0.1:__PORT__;
|
||||
}
|
||||
14
conf/nginx.share.conf
Normal file
14
conf/nginx.share.conf
Normal file
|
|
@ -0,0 +1,14 @@
|
|||
location / { # TODO
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
|
||||
client_max_body_size 1M; # default is 1M
|
||||
|
||||
proxy_connect_timeout 10m;
|
||||
proxy_send_timeout 10m;
|
||||
proxy_read_timeout 10m;
|
||||
send_timeout 10m;
|
||||
|
||||
proxy_pass http://127.0.0.1:__PORT__;
|
||||
}
|
||||
|
|
@ -39,6 +39,9 @@ ram.runtime = "50M"
|
|||
type = "email"
|
||||
ask.en = "Administrator E-mail"
|
||||
help.en = "Provide an E-mail address where users can contact you"
|
||||
[install.init_main_permission]
|
||||
type = "group"
|
||||
default = "visitors"
|
||||
|
||||
[resources]
|
||||
[resources.sources.main]
|
||||
|
|
@ -50,6 +53,9 @@ ram.runtime = "50M"
|
|||
[resources.sources.prosody-modules]
|
||||
url = "https://hg.prosody.im/prosody-modules/archive/095030677ae6.tar.gz"
|
||||
sha256 = "8c2a51ef72cbe86a3b2a8e5c4d8656ee1d167f153223b481b5e8c4c5ed85f11d"
|
||||
[resources.sources.snikket-portal]
|
||||
url = "https://github.com/snikket-im/snikket-web-portal/archive/7c0310a141d45d71ccf4505f56267d2f4213ca08.tar.gz"
|
||||
sha256 = "3b0afaf99c7360b5813cf7e10021827fa9bd13e40e169ef68004ffec3bb6fa92"
|
||||
|
||||
[resources.system_user]
|
||||
|
||||
|
|
@ -67,10 +73,13 @@ ram.runtime = "50M"
|
|||
server.default=5269
|
||||
server.exposed="TCP"
|
||||
server.fixed=true
|
||||
main.default=5280
|
||||
http.default=5280
|
||||
main.default=80
|
||||
# TODO: Need to remove/disable Metronome *before* installation starts because of the port allocation here
|
||||
|
||||
[resources.permissions]
|
||||
main.url = "/"
|
||||
main.additional_urls = [ "groups.__DOMAIN__/", "share.__DOMAIN__/" ]
|
||||
|
||||
[resources.apt]
|
||||
packages = "libicu-dev, libidn11-dev, libssl-dev, openssl, txt2man, lua-luaossl, lua-readline, dns-root-data, lua-dbi-sqlite3"
|
||||
|
|
|
|||
|
|
@ -18,12 +18,25 @@ install_certificates() {
|
|||
domains=("$domain" "groups.$domain" "share.$domain")
|
||||
for d in "${domains[@]}"
|
||||
do
|
||||
cp "/etc/yunohost/certs/$d/crt.pem" "/etc/snikket/certs/${d}.crt"
|
||||
cp "/etc/yunohost/certs/$d/key.pem" "/etc/snikket/certs/${d}.key"
|
||||
error_message="No certificate found for domain $d! Please set up the domain and install a Let's Encrypt certificate for it."
|
||||
cp "/etc/yunohost/certs/$d/crt.pem" "/etc/snikket/certs/${d}.crt" || ynh_print_warn --message="$error_message"
|
||||
cp "/etc/yunohost/certs/$d/key.pem" "/etc/snikket/certs/${d}.key" || ynh_print_warn --message="$error_message"
|
||||
done
|
||||
chown $app /etc/snikket/certs/*
|
||||
}
|
||||
|
||||
### Add Nginx configuration for other domains. This is necessary because at the moment Snikket requires two additional
|
||||
### subdomains to function fully. Does not reload Nginx configuration.
|
||||
### Usage: add_extra_nginx_config <domain>
|
||||
add_extra_nginx_config() {
|
||||
local extra_domain="$1"
|
||||
local finalnginxconf="/etc/nginx/conf.d/$extra_domain.d/$app.conf"
|
||||
|
||||
ynh_add_config --template="nginx.$extra_domain.conf" --destination="$finalnginxconf"
|
||||
|
||||
ynh_store_file_checksum --file="$finalnginxconf"
|
||||
}
|
||||
|
||||
#=================================================
|
||||
# EXPERIMENTAL HELPERS
|
||||
#=================================================
|
||||
|
|
|
|||
|
|
@ -61,14 +61,15 @@ ynh_secure_remove --file="$builddir"
|
|||
ynh_script_progression --message="Adding Prosody configuration..."
|
||||
|
||||
config_path=/etc/$app
|
||||
ynh_app_setting_set --app=$app --key=config_path --value=$config_path
|
||||
mkdir -p $config_path
|
||||
mkdir -p $config_path/{certs,conf.avail,conf.d}
|
||||
mkdir -p $config_path/firewall
|
||||
# TODO: ynh_replace_string
|
||||
sed -i -e 's#/snikket/prosody#/var/lib/snikket#g' "$snikketdir/ansible/files/prosody.cfg.lua"
|
||||
sed -i -e 's#/var/run/prosody/prosody.pid#/var/run/snikket/prosody.pid#g' "$snikketdir/ansible/files/prosody.cfg.lua"
|
||||
sed -i -e 's#/etc/prosody/#/etc/snikket/#g' "$snikketdir/ansible/files/prosody.cfg.lua"
|
||||
ynh_app_setting_set --app=$app --key=config_path --value="$config_path"
|
||||
mkdir -p "$config_path"
|
||||
mkdir -p "$config_path"/{certs,conf.avail,conf.d}
|
||||
mkdir -p "$config_path"/firewall
|
||||
|
||||
prosody_config="$snikketdir/ansible/files/prosody.cfg.lua"
|
||||
ynh_replace_string --match_string="/snikket/prosody" --replace_string="/var/lib/snikket" --target_file="$prosody_config"
|
||||
ynh_replace_string --match_string="/var/run/prosody/prosody.pid" --replace_string="/var/run/snikket/prosody.pid" --target_file="$prosody_config"
|
||||
ynh_replace_string --match_string="/etc/prosody/" --replace_string="/etc/snikket/" --target_file="$prosody_config"
|
||||
|
||||
ynh_add_config --template="$snikketdir/ansible/files/prosody.cfg.lua" --destination="$config_path/prosody.cfg.lua"
|
||||
ynh_add_config --template="$snikketdir/ansible/files/restricted_users.pfw" --destination="$config_path/restricted_users.pfw"
|
||||
|
|
@ -120,7 +121,7 @@ EOF
|
|||
#=================================================
|
||||
ynh_script_progression --message="Installing certificates..."
|
||||
|
||||
# Create a dedicated systemd config
|
||||
# Install certificates for Prosody to use (taken from the web certs)
|
||||
install_certificates
|
||||
|
||||
#=================================================
|
||||
|
|
@ -154,7 +155,7 @@ ynh_use_logrotate
|
|||
#=================================================
|
||||
ynh_script_progression --message="Integrating service in YunoHost..."
|
||||
|
||||
yunohost service add $app --description="Chat that is simple, secure, and private" --log="/var/log/$app/$app.log"
|
||||
yunohost service add "$app" --description="Chat that is simple, secure, and private" --log="/var/log/$app/$app.log"
|
||||
|
||||
#=================================================
|
||||
# START SYSTEMD SERVICE
|
||||
|
|
@ -162,7 +163,7 @@ yunohost service add $app --description="Chat that is simple, secure, and privat
|
|||
ynh_script_progression --message="Starting a systemd service..."
|
||||
|
||||
# Start a systemd service
|
||||
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
|
||||
ynh_systemd_action --service_name="$app" --action="start" --log_path="/var/log/$app/$app.log"
|
||||
|
||||
#=================================================
|
||||
# END OF SCRIPT
|
||||
|
|
|
|||
Loading…
Reference in a new issue