Fix launch (ports, certs, paths)

conf/nginx.conf

@@ -0,0 +1,14 @@
+location / {
+  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+  proxy_set_header Host            $host;
+  proxy_set_header X-Real-IP       $remote_addr;
+
+  client_max_body_size  1M; # default is 1M
+
+  proxy_connect_timeout 10m;
+  proxy_send_timeout    10m;
+  proxy_read_timeout    10m;
+  send_timeout          10m;
+
+  proxy_pass http://127.0.0.1:__PORT__;
+}

manifest.toml

@@ -6,7 +6,6 @@ description.en = "Chat that is simple, secure, and private"
 # TODO: post_cert_update hook to steal certs
 # TODO: Deal with /var/www/snikket
 # TODO: Remove cert check (and import certs)
-# TODO: Paths are all wrong
 
 version = "2024.02.21~ynh1"
 
@@ -58,14 +57,18 @@ ram.runtime = "50M"
 
     [resources.data_dir]
 
-    [resources.ports] # TODO
+    [resources.ports] # TODO: TURN server ports
     file.default=5000
+    file.exposed="TCP"
+    file.fixed=true
     client.default=5222
+    client.exposed="TCP"
+    client.fixed=true
     server.default=5269
-    xmpp.default=5280
-    https.default=5281
-    component.default=5347
-    telnet.default=5582
+    server.exposed="TCP"
+    server.fixed=true
+    main.default=5280
+    # TODO: Need to remove/disable Metronome *before* installation starts because of the port allocation here
 
     [resources.permissions]
 

scripts/_common.sh

@@ -14,6 +14,16 @@ fi
 # PERSONAL HELPERS
 #=================================================
 
+install_certificates() {
+  domains=("$domain" "groups.$domain" "share.$domain")
+  for d in "${domains[@]}"
+  do
+    cp "/etc/yunohost/certs/$d/crt.pem" "/etc/snikket/certs/${d}.crt"
+    cp "/etc/yunohost/certs/$d/key.pem" "/etc/snikket/certs/${d}.key"
+  done
+  chown $app /etc/snikket/certs/*
+}
+
 #=================================================
 # EXPERIMENTAL HELPERS
 #=================================================

scripts/install

@@ -65,7 +65,10 @@ ynh_app_setting_set --app=$app --key=config_path --value=$config_path
 mkdir -p $config_path
 mkdir -p $config_path/{certs,conf.avail,conf.d}
 mkdir -p $config_path/firewall
+# TODO: ynh_replace_string
 sed -i -e 's#/snikket/prosody#/var/lib/snikket#g' "$snikketdir/ansible/files/prosody.cfg.lua"
+sed -i -e 's#/var/run/prosody/prosody.pid#/var/run/snikket/prosody.pid#g' "$snikketdir/ansible/files/prosody.cfg.lua"
+sed -i -e 's#/etc/prosody/#/etc/snikket/#g' "$snikketdir/ansible/files/prosody.cfg.lua"
 
 ynh_add_config --template="$snikketdir/ansible/files/prosody.cfg.lua" --destination="$config_path/prosody.cfg.lua"
 ynh_add_config --template="$snikketdir/ansible/files/restricted_users.pfw" --destination="$config_path/restricted_users.pfw"
@@ -108,15 +111,27 @@ cat >/etc/snikket/environment <<EOF
 SNIKKET_DOMAIN=${domain}
 SNIKKET_ADMIN_EMAIL=${admin}
 SNIKKET_TWEAK_TURNSERVER=0
+ENV_SNIKKET_TWEAK_INTERNAL_HTTP_PORT=${port}
+ENV_SNIKKET_PROXY65_PORT=${port_file}
 EOF
 
 #=================================================
-# SETUP SYSTEMD
+# SETUP CERTIFICATES
 #=================================================
-ynh_script_progression --message="Configuring a systemd service..."
+ynh_script_progression --message="Installing certificates..."
+
+# Create a dedicated systemd config
+install_certificates
+
+#=================================================
+# SYSTEM CONFIGURATIONS
+#=================================================
+ynh_script_progression --message="Adding system configurations..."
 
 # Create a dedicated systemd config
 ynh_add_systemd_config
+# Create a dedicated NGINX config using the conf/nginx.conf template
+ynh_add_nginx_config
 
 #=================================================
 # GENERIC FINALIZATION
@@ -139,7 +154,7 @@ ynh_use_logrotate
 #=================================================
 ynh_script_progression --message="Integrating service in YunoHost..."
 
-yunohost service add $app --description="Chat that is simple, secure, and private" --log="/var/log/$app/$app.log" --needs_exposed_ports $port_xmpp
+yunohost service add $app --description="Chat that is simple, secure, and private" --log="/var/log/$app/$app.log"
 
 #=================================================
 # START SYSTEMD SERVICE