gabriel
/
wordpress_cache_ynh
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
309 Commits
3 Branches
0 Tags
33 MiB
 
 
 
Branch: fucking_fail2start
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'fucking_fail2start'
${ noResults }
wordpress_cache_ynh/scripts/install

374 lines
14 KiB
Raw Permalink Blame History

#!/bin/bash
#=================================================
# GENERIC STARTING
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source _common.sh
source /usr/share/yunohost/helpers
source _ynh_add_fpm_config
#=================================================
# MANAGE FAILURE OF THE SCRIPT
#=================================================
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# RETRIEVE ARGUMENTS FROM THE MANIFEST
#=================================================
domain=$YNH_APP_ARG_DOMAIN
path_url=$YNH_APP_ARG_PATH
admin_wordpress=$YNH_APP_ARG_ADMIN
language=$YNH_APP_ARG_LANGUAGE
multisite=$YNH_APP_ARG_MULTISITE
is_public=$YNH_APP_ARG_IS_PUBLIC
app=$YNH_APP_INSTANCE_NAME
#=================================================
# CHECK IF THE APP CAN BE INSTALLED WITH THIS ARGS
#=================================================
ynh_script_progression --message="Validating installation parameters..." --weight=2
final_path=/var/www/$app
test ! -e "$final_path" || ynh_die --message="This path already contains a folder"
# Register (book) web path
ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
if [ "$path_url" == "/" ] && [ $multisite -eq 1 ]; then
ynh_die --message="Multisite option of wordpress doesn't work at the root of a domain."
fi
#=================================================
# STORE SETTINGS FROM MANIFEST
#=================================================
ynh_script_progression --message="Storing installation settings..." --weight=2
ynh_app_setting_set --app=$app --key=domain --value=$domain
ynh_app_setting_set --app=$app --key=path --value=$path_url
ynh_app_setting_set --app=$app --key=admin --value=$admin_wordpress
ynh_app_setting_set --app=$app --key=is_public --value=$is_public
ynh_app_setting_set --app=$app --key=language --value=$language
ynh_app_setting_set --app=$app --key=multisite --value=$multisite
ynh_app_setting_set --app=$app --key=overwrite_nginx --value=1
ynh_app_setting_set --app=$app --key=overwrite_phpfpm --value=1
ynh_app_setting_set --app=$app --key=admin_mail_html --value=1
#=================================================
# STANDARD MODIFICATIONS
#=================================================
# INSTALL DEPENDENCIES
#=================================================
ynh_script_progression --message="Installing dependencies..." --weight=9
ynh_install_app_dependencies php7.0-cli
#=================================================
# CREATE A MYSQL DATABASE
#=================================================
ynh_script_progression --message="Creating a MySQL database..."
db_name=$(ynh_sanitize_dbid --db_name=$app)
ynh_app_setting_set --app=$app --key=db_name --value=$db_name
ynh_mysql_setup_db --db_user=$db_name --db_name=$db_name
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
ynh_script_progression --message="Setting up source files..." --weight=4
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
# Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source --dest_dir="$final_path"
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Configuring nginx web server..." --weight=3
# Create a dedicated nginx config
ynh_add_nginx_config
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Configuring system user..." --weight=3
# Create a dedicated system user
ynh_system_user_create --username=$app
#=================================================
# PHP-FPM CONFIGURATION
#=================================================
ynh_script_progression --message="Configuring php-fpm..." --weight=2
# If the app is private, set the usage to low, otherwise to high.
if [ $is_public -eq 0 ]
then
usage=low
else
usage=high
fi
# Create a dedicated php-fpm config
ynh_add_fpm_config --usage=$usage --footprint=$usage
#=================================================
# SPECIFIC SETUP
#=================================================
# CONFIGURE WP-CONFIG
#=================================================
ynh_script_progression --message="Configuring wordpress..."
cp ../conf/wp-config.php $final_path/wp-config.php
# Change variables in Wordpress configuration
ynh_replace_string --match_string="__DB_USER__" --replace_string=$db_name --target_file=$final_path/wp-config.php
ynh_replace_string --match_string="__DB_PWD__" --replace_string="$db_pwd" --target_file=$final_path/wp-config.php
for i in 1 2 3 4 5 6 7 8
do
j=$(ynh_string_random --length=40)
ynh_replace_string --match_string="KEY$i" --replace_string="$j" --target_file=$final_path/wp-config.php
sleep 0.5
done
#=================================================
# SETTING UP WITH CURL
#=================================================
ynh_script_progression --message="Installing wordpress with Curl..." --weight=10
# Set right permissions for curl install
chown -R $app: $final_path
# Set the app as temporarily public for curl call
ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
# Regen SSOwat configuration
yunohost app ssowatconf
# Reload Nginx
ynh_systemd_action --service_name=nginx --action=reload
# Wordpress installation
ynh_local_curl "/wp-admin/install.php?step=2" "&weblog_title=YunoBlog" "user_name=$admin_wordpress" "admin_password=$db_pwd" "admin_password2=$db_pwd" "admin_email=$admin_wordpress@$domain" "Submit=Install+WordPress"
ynh_print_info --message="Please wait during Wordpress installation..."
for i in `seq 1 300`
do
# The loop waits for wordpress to be installed, or 5 minutes.
if ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name <<< "show tables" | grep --quiet "wp_options"; then
# If the table wp_options is found, wordpress has finished its installation.
break
fi
sleep 1
done
#=================================================
# INSTALL WORDPRESS PLUGINS
#=================================================
ynh_script_progression --message="Installing wordpress plugins..." --weight=20
wget --no-verbose https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar --output-document=$final_path/wp-cli.phar
wpcli_alias="php7.0 $final_path/wp-cli.phar --allow-root --path=$final_path"
$wpcli_alias plugin install simple-ldap-login
$wpcli_alias plugin install http-authentication
$wpcli_alias plugin install companion-auto-update
$wpcli_alias plugin install wp-fail2ban-redux
#=================================================
# SET LANGUAGE
#=================================================
ynh_script_progression --message="Configuring language..." --weight=3
$wpcli_alias core language install $language
$wpcli_alias site switch-language $language
#=================================================
# CONFIGURE MULTISITE
#=================================================
if [ $multisite -eq 1 ]
then
ynh_script_progression --message="Configuring multisite..." --weight=2
ynh_replace_string --match_string="#--MULTISITE--" --replace_string="" --target_file=/etc/nginx/conf.d/$domain.d/$app.conf
# Allow multisite
ynh_replace_string --match_string="//--MULTISITE1--define" --replace_string="define " --target_file=$final_path/wp-config.php
# Activate multisite via wp-cli
ynh_exec_fully_quiet $wpcli_alias core multisite-convert --base=$path_url/
# Activate multisite in wordpress config
ynh_replace_string --match_string="//--MULTISITE2--define" --replace_string="define" --target_file=$final_path/wp-config.php
ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name < ../conf/sql/multisite.sql
plugin_network="--network"
else
ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name < ../conf/sql/single.sql
plugin_network=""
fi
#=================================================
# ACTIVATE WORDPRESS PLUGINS
#=================================================
ynh_script_progression --message="Activating plugins..." --weight=4
$wpcli_alias plugin activate simple-ldap-login $plugin_network
# Do not activate http-authentication, this plugin is sometimes unstable
$wpcli_alias plugin activate companion-auto-update $plugin_network
$wpcli_alias plugin activate wp-fail2ban-redux $plugin_network
#=================================================
# STORE THE CONFIG FILE CHECKSUM
#=================================================
# Calculate and store the config file checksum into the app settings
ynh_store_file_checksum --file="$final_path/wp-config.php"
#=================================================
# CREATE A CRON TASK FOR AUTOMATIC UPDATE
#=================================================
echo "# Reach everyday wp-cron.php?doing_wp_cron to trig the internal wordpress cron.
0 3 * * * root wget -q -O - https://$domain$path_url/wp-cron.php?doing_wp_cron >/dev/null 2>&1" > /etc/cron.d/$app
#=================================================
# GENERIC FINALISATION
#=================================================
# SECURING FILES AND DIRECTORIES
#=================================================
# Set permissions to app files
# Files have to be own by the user of wordpress. To allow upgrade from the app.
chown -R $app: $final_path
# Except the file config wp-config.php
chown root: $final_path/wp-config.php
#=================================================
# SETUP FAIL2BAN
#=================================================
ynh_script_progression --message="Configuring fail2ban..." --weight=7
ynh_add_fail2ban_config_mod () {
# Declare an array to define the options of this helper.
local legacy_args=lrmptv
declare -Ar args_array=( [l]=logpath= [r]=failregex= [m]=max_retry= [p]=ports= [t]=use_template [v]=others_var=)
local logpath
local failregex
local max_retry
local ports
local others_var
local use_template
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
use_template="${use_template:-0}"
max_retry=${max_retry:-3}
ports=${ports:-http,https}
finalfail2banjailconf="/etc/fail2ban/jail.d/$app.conf"
finalfail2banfilterconf="/etc/fail2ban/filter.d/$app.conf"
ynh_backup_if_checksum_is_different "$finalfail2banjailconf"
ynh_backup_if_checksum_is_different "$finalfail2banfilterconf"
if [ $use_template -eq 1 ]
then
# Usage 2, templates
cp ../conf/f2b_jail.conf $finalfail2banjailconf
cp ../conf/f2b_filter.conf $finalfail2banfilterconf
if [ -n "${app:-}" ]
then
ynh_replace_string "__APP__" "$app" "$finalfail2banjailconf"
ynh_replace_string "__APP__" "$app" "$finalfail2banfilterconf"
fi
# Replace all other variable given as arguments
for var_to_replace in ${others_var:-}; do
# ${var_to_replace^^} make the content of the variable on upper-cases
# ${!var_to_replace} get the content of the variable named $var_to_replace
ynh_replace_string --match_string="__${var_to_replace^^}__" --replace_string="${!var_to_replace}" --target_file="$finalfail2banjailconf"
ynh_replace_string --match_string="__${var_to_replace^^}__" --replace_string="${!var_to_replace}" --target_file="$finalfail2banfilterconf"
done
else
# Usage 1, no template. Build a config file from scratch.
test -n "$logpath" || ynh_die "ynh_add_fail2ban_config expects a logfile path as first argument and received nothing."
test -n "$failregex" || ynh_die "ynh_add_fail2ban_config expects a failure regex as second argument and received nothing."
tee $finalfail2banjailconf <<EOF
[$app]
enabled = true
port = $ports
filter = $app
logpath = $logpath
maxretry = $max_retry
EOF
tee $finalfail2banfilterconf <<EOF
[INCLUDES]
before = common.conf
[Definition]
failregex = $failregex
ignoreregex =
EOF
fi
# Common to usage 1 and 2.
ynh_store_file_checksum "$finalfail2banjailconf"
ynh_store_file_checksum "$finalfail2banfilterconf"
ynh_systemd_action --service_name=fail2ban --action=reload --line_match="ed Fail2Ban Service" --log_path=systemd
local fail2ban_error="$(journalctl -u fail2ban | tail -n50 | grep "WARNING.*$app.*")"
if [[ -n "$fail2ban_error" ]]; then
ynh_print_err --message="Fail2ban failed to load the jail for $app"
ynh_print_warn --message="${fail2ban_error#*WARNING}"
fi
}
# Create a dedicated fail2ban config
ynh_add_fail2ban_config_mod --logpath="/var/log/auth.log" --failregex="Authentication (attempt for unknown user|failure for) .* from <HOST>" --max_retry=5
#=================================================
# SETUP SSOWAT
#=================================================
ynh_script_progression --message="Configuring SSOwat..."
if [ $is_public -eq 0 ]
then
# Remove the public access
ynh_app_setting_delete --app=$app --key=unprotected_uris
fi
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading nginx web server..." --weight=3
ynh_systemd_action --service_name=nginx --action=reload
#=================================================
# REMOVE WP-CLI.PHAR
#=================================================
ynh_secure_remove $final_path/wp-cli.phar
#=================================================
# SEND A README FOR THE ADMIN
#=================================================
echo "If you're facing an issue or want to improve this app, please open a new issue in this project: https://github.com/YunoHost-Apps/wordpress_ynh" > mail_to_send
ynh_send_readme_to_admin --app_message="mail_to_send" --recipients="$admin_wordpress" --type=install
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Installation of $app completed" --last