Fix launch (ports, certs, paths)
This commit is contained in:
parent
e9e4ca9762
commit
31282c3cb3
4 changed files with 51 additions and 9 deletions
14
conf/nginx.conf
Normal file
14
conf/nginx.conf
Normal file
|
@ -0,0 +1,14 @@
|
|||
location / {
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
|
||||
client_max_body_size 1M; # default is 1M
|
||||
|
||||
proxy_connect_timeout 10m;
|
||||
proxy_send_timeout 10m;
|
||||
proxy_read_timeout 10m;
|
||||
send_timeout 10m;
|
||||
|
||||
proxy_pass http://127.0.0.1:__PORT__;
|
||||
}
|
|
@ -6,7 +6,6 @@ description.en = "Chat that is simple, secure, and private"
|
|||
# TODO: post_cert_update hook to steal certs
|
||||
# TODO: Deal with /var/www/snikket
|
||||
# TODO: Remove cert check (and import certs)
|
||||
# TODO: Paths are all wrong
|
||||
|
||||
version = "2024.02.21~ynh1"
|
||||
|
||||
|
@ -58,14 +57,18 @@ ram.runtime = "50M"
|
|||
|
||||
[resources.data_dir]
|
||||
|
||||
[resources.ports] # TODO
|
||||
[resources.ports] # TODO: TURN server ports
|
||||
file.default=5000
|
||||
file.exposed="TCP"
|
||||
file.fixed=true
|
||||
client.default=5222
|
||||
client.exposed="TCP"
|
||||
client.fixed=true
|
||||
server.default=5269
|
||||
xmpp.default=5280
|
||||
https.default=5281
|
||||
component.default=5347
|
||||
telnet.default=5582
|
||||
server.exposed="TCP"
|
||||
server.fixed=true
|
||||
main.default=5280
|
||||
# TODO: Need to remove/disable Metronome *before* installation starts because of the port allocation here
|
||||
|
||||
[resources.permissions]
|
||||
|
||||
|
|
|
@ -14,6 +14,16 @@ fi
|
|||
# PERSONAL HELPERS
|
||||
#=================================================
|
||||
|
||||
install_certificates() {
|
||||
domains=("$domain" "groups.$domain" "share.$domain")
|
||||
for d in "${domains[@]}"
|
||||
do
|
||||
cp "/etc/yunohost/certs/$d/crt.pem" "/etc/snikket/certs/${d}.crt"
|
||||
cp "/etc/yunohost/certs/$d/key.pem" "/etc/snikket/certs/${d}.key"
|
||||
done
|
||||
chown $app /etc/snikket/certs/*
|
||||
}
|
||||
|
||||
#=================================================
|
||||
# EXPERIMENTAL HELPERS
|
||||
#=================================================
|
||||
|
|
|
@ -65,7 +65,10 @@ ynh_app_setting_set --app=$app --key=config_path --value=$config_path
|
|||
mkdir -p $config_path
|
||||
mkdir -p $config_path/{certs,conf.avail,conf.d}
|
||||
mkdir -p $config_path/firewall
|
||||
# TODO: ynh_replace_string
|
||||
sed -i -e 's#/snikket/prosody#/var/lib/snikket#g' "$snikketdir/ansible/files/prosody.cfg.lua"
|
||||
sed -i -e 's#/var/run/prosody/prosody.pid#/var/run/snikket/prosody.pid#g' "$snikketdir/ansible/files/prosody.cfg.lua"
|
||||
sed -i -e 's#/etc/prosody/#/etc/snikket/#g' "$snikketdir/ansible/files/prosody.cfg.lua"
|
||||
|
||||
ynh_add_config --template="$snikketdir/ansible/files/prosody.cfg.lua" --destination="$config_path/prosody.cfg.lua"
|
||||
ynh_add_config --template="$snikketdir/ansible/files/restricted_users.pfw" --destination="$config_path/restricted_users.pfw"
|
||||
|
@ -108,15 +111,27 @@ cat >/etc/snikket/environment <<EOF
|
|||
SNIKKET_DOMAIN=${domain}
|
||||
SNIKKET_ADMIN_EMAIL=${admin}
|
||||
SNIKKET_TWEAK_TURNSERVER=0
|
||||
ENV_SNIKKET_TWEAK_INTERNAL_HTTP_PORT=${port}
|
||||
ENV_SNIKKET_PROXY65_PORT=${port_file}
|
||||
EOF
|
||||
|
||||
#=================================================
|
||||
# SETUP SYSTEMD
|
||||
# SETUP CERTIFICATES
|
||||
#=================================================
|
||||
ynh_script_progression --message="Configuring a systemd service..."
|
||||
ynh_script_progression --message="Installing certificates..."
|
||||
|
||||
# Create a dedicated systemd config
|
||||
install_certificates
|
||||
|
||||
#=================================================
|
||||
# SYSTEM CONFIGURATIONS
|
||||
#=================================================
|
||||
ynh_script_progression --message="Adding system configurations..."
|
||||
|
||||
# Create a dedicated systemd config
|
||||
ynh_add_systemd_config
|
||||
# Create a dedicated NGINX config using the conf/nginx.conf template
|
||||
ynh_add_nginx_config
|
||||
|
||||
#=================================================
|
||||
# GENERIC FINALIZATION
|
||||
|
@ -139,7 +154,7 @@ ynh_use_logrotate
|
|||
#=================================================
|
||||
ynh_script_progression --message="Integrating service in YunoHost..."
|
||||
|
||||
yunohost service add $app --description="Chat that is simple, secure, and private" --log="/var/log/$app/$app.log" --needs_exposed_ports $port_xmpp
|
||||
yunohost service add $app --description="Chat that is simple, secure, and private" --log="/var/log/$app/$app.log"
|
||||
|
||||
#=================================================
|
||||
# START SYSTEMD SERVICE
|
||||
|
|
Loading…
Reference in a new issue