Fix launch (ports, certs, paths)

This commit is contained in:
Norbi Peti 2024-05-27 00:08:46 +02:00
parent e9e4ca9762
commit 31282c3cb3
4 changed files with 51 additions and 9 deletions

14
conf/nginx.conf Normal file
View file

@ -0,0 +1,14 @@
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
client_max_body_size 1M; # default is 1M
proxy_connect_timeout 10m;
proxy_send_timeout 10m;
proxy_read_timeout 10m;
send_timeout 10m;
proxy_pass http://127.0.0.1:__PORT__;
}

View file

@ -6,7 +6,6 @@ description.en = "Chat that is simple, secure, and private"
# TODO: post_cert_update hook to steal certs
# TODO: Deal with /var/www/snikket
# TODO: Remove cert check (and import certs)
# TODO: Paths are all wrong
version = "2024.02.21~ynh1"
@ -58,14 +57,18 @@ ram.runtime = "50M"
[resources.data_dir]
[resources.ports] # TODO
[resources.ports] # TODO: TURN server ports
file.default=5000
file.exposed="TCP"
file.fixed=true
client.default=5222
client.exposed="TCP"
client.fixed=true
server.default=5269
xmpp.default=5280
https.default=5281
component.default=5347
telnet.default=5582
server.exposed="TCP"
server.fixed=true
main.default=5280
# TODO: Need to remove/disable Metronome *before* installation starts because of the port allocation here
[resources.permissions]

View file

@ -14,6 +14,16 @@ fi
# PERSONAL HELPERS
#=================================================
install_certificates() {
domains=("$domain" "groups.$domain" "share.$domain")
for d in "${domains[@]}"
do
cp "/etc/yunohost/certs/$d/crt.pem" "/etc/snikket/certs/${d}.crt"
cp "/etc/yunohost/certs/$d/key.pem" "/etc/snikket/certs/${d}.key"
done
chown $app /etc/snikket/certs/*
}
#=================================================
# EXPERIMENTAL HELPERS
#=================================================

View file

@ -65,7 +65,10 @@ ynh_app_setting_set --app=$app --key=config_path --value=$config_path
mkdir -p $config_path
mkdir -p $config_path/{certs,conf.avail,conf.d}
mkdir -p $config_path/firewall
# TODO: ynh_replace_string
sed -i -e 's#/snikket/prosody#/var/lib/snikket#g' "$snikketdir/ansible/files/prosody.cfg.lua"
sed -i -e 's#/var/run/prosody/prosody.pid#/var/run/snikket/prosody.pid#g' "$snikketdir/ansible/files/prosody.cfg.lua"
sed -i -e 's#/etc/prosody/#/etc/snikket/#g' "$snikketdir/ansible/files/prosody.cfg.lua"
ynh_add_config --template="$snikketdir/ansible/files/prosody.cfg.lua" --destination="$config_path/prosody.cfg.lua"
ynh_add_config --template="$snikketdir/ansible/files/restricted_users.pfw" --destination="$config_path/restricted_users.pfw"
@ -108,15 +111,27 @@ cat >/etc/snikket/environment <<EOF
SNIKKET_DOMAIN=${domain}
SNIKKET_ADMIN_EMAIL=${admin}
SNIKKET_TWEAK_TURNSERVER=0
ENV_SNIKKET_TWEAK_INTERNAL_HTTP_PORT=${port}
ENV_SNIKKET_PROXY65_PORT=${port_file}
EOF
#=================================================
# SETUP SYSTEMD
# SETUP CERTIFICATES
#=================================================
ynh_script_progression --message="Configuring a systemd service..."
ynh_script_progression --message="Installing certificates..."
# Create a dedicated systemd config
install_certificates
#=================================================
# SYSTEM CONFIGURATIONS
#=================================================
ynh_script_progression --message="Adding system configurations..."
# Create a dedicated systemd config
ynh_add_systemd_config
# Create a dedicated NGINX config using the conf/nginx.conf template
ynh_add_nginx_config
#=================================================
# GENERIC FINALIZATION
@ -139,7 +154,7 @@ ynh_use_logrotate
#=================================================
ynh_script_progression --message="Integrating service in YunoHost..."
yunohost service add $app --description="Chat that is simple, secure, and private" --log="/var/log/$app/$app.log" --needs_exposed_ports $port_xmpp
yunohost service add $app --description="Chat that is simple, secure, and private" --log="/var/log/$app/$app.log"
#=================================================
# START SYSTEMD SERVICE