Tmp fix for https://github.com/YunoHost-Apps/peertube_ynh/issues/5,fix https://github.com/YunoHost-Apps/peertube_ynh/issues/8,upgrade file,option to change port,password check for lenght,multi_instance

2018-03-26 09:20:46 +05:30 · 2018-03-26 09:20:46 +05:30 · abd325042d
parent 666f021efb
commit abd325042d
8 changed files with 255 additions and 33 deletions
--- a/6
+++ b/6
@ -18,7 +18,7 @@
 		setup_public=1
 		upgrade=0
 		backup_restore=0
-		multi_instance=0
+		multi_instance=1
 		incorrect_path=0
 		port_already_use=1
 		change_url=0
@ -36,5 +36,5 @@
 	Level 9=0
 	Level 10=0
 ;;; Options
-Email=
-Notification=none
+Email=anmol@datamol.org
+Notification=yes
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@ -1,18 +1,37 @@
-location / {
+	location ~ ^/client/(.*\.(js|css|woff2|otf|ttf|woff|eot))$ {
+    add_header Cache-Control "public, max-age=31536000, immutable";
+
+    alias __FINALPATH__/client/dist/$1;
+  }
+
+	location ~ ^/static/(thumbnails|avatars)/(.*)$ {
+    add_header Cache-Control "public, max-age=31536000, immutable";
+
+    alias /home/yunohost.app/__NAME__/storage/$1/$2;
+  }
+  
+	location / {
     if ($scheme = http) {
        rewrite ^ https://$server_name$request_uri? permanent;
      }
-    proxy_pass http://localhost:9000;
+    proxy_pass http://localhost:__PORT__;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

-    # For the video upload
+    # Hard limit, PeerTube does not support videos > 4GB
    client_max_body_size 4G;
+    proxy_connect_timeout       600;
+    proxy_send_timeout          600;
+    proxy_read_timeout          600;
+    send_timeout                600;
  }

-  # Bypass PeerTube webseed route for better performances
-  location /static/webseed {
+	# Bypass PeerTube webseed route for better performances
+	location /static/webseed {
+    # Clients usually have 4 simultaneous webseed connections, so the real limit is 3MB/s per client
+    limit_rate 800k;
+
    if ($request_method = 'OPTIONS') {
      add_header 'Access-Control-Allow-Origin' '*';
      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';
@ -27,9 +46,12 @@ location / {
      add_header 'Access-Control-Allow-Origin' '*';
      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';
      add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
+
+      # Don't spam access log file with byte range requests
+      access_log off;
    }

-    alias __FINALPATH__/videos;
+    alias /home/yunohost.app/__NAME__/storage/videos;
  }

  # Websocket tracker
@ -42,5 +64,5 @@ location / {
    proxy_http_version 1.1;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $host;
-    proxy_pass http://localhost:9000;
+    proxy_pass http://localhost:__PORT__;
  }
--- a/conf/production.yaml
+++ b/conf/production.yaml
@ -1,5 +1,5 @@
 listen:
-  port: 9000
+  port: __PORT__

 # Correspond to your reverse proxy "listen" configuration
 webserver:
@ -11,8 +11,8 @@ webserver:
 database:
  hostname: 'localhost'
  port: 5432
-  suffix: '_prod'
-  username: 'peertube'
+  suffix: '___db_name__'
+  username: '__db_name__'
  password: '__db_pwd__'

 # Your object store
@ -21,22 +21,45 @@ redis:
  port: 6379
  auth: null

+# SMTP server to send emails
+smtp:
+  hostname: null
+  port: 465
+  username: null
+  password: null
+  tls: true
+  disable_starttls: false
+  ca_file: null # Used for self signed certificates
+  from_address: 'admin@__domain__'
+  
 # From the project root directory
 storage:
-  avatars: 'avatars/'
-  videos: 'videos/'
-  logs: 'logs/'
-  previews: 'previews/'
-  thumbnails: 'thumbnails/'
-  torrents: 'torrents/'
-  cache: 'cache/'
+  avatars: '/home/yunohost.app/__app__/storage/avatars/'
+  videos: '/home/yunohost.app/__app__/storage/videos/'
+  logs: '/home/yunohost.app/__app__/storage/logs/'
+  previews: '/home/yunohost.app/__app__/storage/previews/'
+  thumbnails: '/home/yunohost.app/__app__/storage/thumbnails/'
+  torrents: '/home/yunohost.app/__app__/storage/torrents/'
+  cache: '/home/yunohost.app/__app__/storage/cache/'

 log:
  level: 'info' # debug/info/warning/error

+###############################################################################
+#
+# From this point, all the following keys can be overriden by the web interface
+# (local-production.json file). If you need to change some values, prefer to
+# use the web interface because the configuration will be automatically
+# reloaded without any need to restart PeerTube.
+#
+# /!\ If you already have a local-production.json file, the modification of the
+# following keys will have no effect /!\.
+#
+###############################################################################
+
 cache:
  previews:
-    size: 1 # Max number of previews you want to cache
+    size: 100 # Max number of previews you want to cache

 admin:
  email: '__email__'
@ -62,10 +85,13 @@ transcoding:
    720p: true
    1080p: true

+# Instance settings
 instance:
  name: 'PeerTube'
-  description: 'Welcome to this PeerTube instance!' # Support markdown
-  terms: 'No terms for now.' # Support markdown
+  short_description: 'PeerTube, a federated (ActivityPub) video streaming platform using P2P (BitTorrent) directly in the web browser with WebTorrent and Angular.'
+  description: '' # Support markdown
+  terms: '' # Support markdown
+  default_client_route: '/videos/trending'
  customizations:
    javascript: '' # Directly your JavaScript code (without <script> tags). Will be eval at runtime
    css: '' # Directly your CSS code (without <style> tags). Will be injected at runtime
--- a/conf/systemd.service
+++ b/conf/systemd.service
@ -4,13 +4,14 @@ Description=PeerTube daemon
 [Service]
 Type=simple
 Environment=NODE_ENV=production
+Environment=NODE_CONFIG_DIR=__FINALPATH__/config
 User=__APP__
 Group=__APP__
 ExecStart=/bin/sh -c 'PATH=/opt/node_n/bin:$PATH exec npm start'
 WorkingDirectory=__FINALPATH__/
 StandardOutput=syslog
 StandardError=syslog
-SyslogIdentifier=peertube
+SyslogIdentifier=__APP__
 Restart=always

 [Install]
--- a/manifest.json
+++ b/manifest.json
@ -15,7 +15,7 @@
    "requirements": {
        "yunohost": ">= 2.7.2"
    },
-    "multi_instance": false,
+    "multi_instance": true,
    "services": [
        "nginx"
    ],
@ -32,7 +32,7 @@
            {
                "name": "email",
                "ask": {
-                    "en": "Choose an admin(root) email(Can be other then LDAP emails and can't be changed after installation)"
+                    "en": "Choose an admin email(Can be other then the LDAP emails and can be changed after installation)"
                },
                "example": "johndoe@example.com"
            },
@ -40,11 +40,18 @@
                "name": "pass",
                "type": "password",
                "ask": {
-                    "en": "Enter password of this administrator ≥ 6 character",
+                    "en": "Enter password of this administrator(username:root).Should be greater then 6 character",
                    "fr": "Ajouter le mot de passe pour cette administrateur ≥ 6 charactères"
                },
                "example": "battery horse staple nenuphar"
            },
+            {
+                "name": "port",
+                "ask": {
+                    "en": "Enter a port(default:9000).If the port is occupied by other app change it to any other value."
+				},
+                "default": "9000"
+            },
            {
                "name": "is_public",
                "type": "boolean",
--- a/scripts/install
+++ b/scripts/install
@ -29,8 +29,10 @@ domain=$YNH_APP_ARG_DOMAIN
 path_url="/"
 admin_email=$YNH_APP_ARG_EMAIL
 admin_pass=$YNH_APP_ARG_PASS
+port=$YNH_APP_ARG_PORT
 is_public=$YNH_APP_ARG_IS_PUBLIC

+
 # This is a multi-instance app, meaning it can be installed several times independently
 # The id of the app as stated in the manifest is available as $YNH_APP_ID
 # The instance number is available as $YNH_APP_INSTANCE_NUMBER (equals "1", "2", ...)
@ -55,6 +57,11 @@ ynh_webpath_available $domain $path_url
 # Register (book) web path
 ynh_webpath_register $app $domain $path_url

+# Check password strength
+[[ ${#admin_pass} -gt 6 ]] || ynh_die \
+"The password is too weak, it must be longer than 6 characters"
+
+
 #=================================================
 # STORE SETTINGS FROM MANIFEST
 #=================================================
@ -71,11 +78,20 @@ ynh_app_setting_set $app is_public $is_public
 #=================================================

 # Find a free port
-port=$(ynh_find_port 9000)
+ynh_find_port $port
 # Open this port
 yunohost firewall allow Both $port 2>&1
 ynh_app_setting_set $app port $port

+#=================================================
+# CREATE THE DATA DIRECTORY
+#=================================================
+
+# Define app's data directory
+datadir="/home/yunohost.app/${app}/storage"
+# Create app folders
+mkdir -p "$datadir"
+
 #=================================================
 # INSTALL DEPENDENCIES
 #=================================================
@ -100,7 +116,7 @@ ynh_install_nodejs 8
 #=================================================

 # Create postgresql database
-db_name="peertube_prod"
+db_name="peertube_${app}"
 db_pwd=$(ynh_string_random 30)
 ynh_app_setting_set $app psql_db $db_name
 ynh_app_setting_set $app psqlpwd $db_pwd
@ -139,7 +155,7 @@ ynh_add_nginx_config
 #=================================================

 # Set right permissions for curl install
-chown -R $app:$app $final_path
+chown -R $app:$app "$final_path" "$datadir"

 # Reload Nginx
 systemctl reload nginx
@ -150,8 +166,11 @@ systemctl reload nginx

 ynh_replace_string "__domain__" "$domain" "$final_path/config/production.yaml"
 ynh_replace_string "__db_name__" "$app" "$final_path/config/production.yaml"
+ynh_replace_string "__app__" "$app" "$final_path/config/production.yaml"
 ynh_replace_string "__db_pwd__" "$db_pwd" "$final_path/config/production.yaml"
 ynh_replace_string "__email__" "$admin_email" "$final_path/config/production.yaml"
+ynh_replace_string "__PORT__" "$port" "$final_path/config/production.yaml"
+

 #=================================================
 # STORE THE CHECKSUM OF THE CONFIG FILE
@ -191,14 +210,14 @@ fi

 # Create a dedicated systemd config
 ynh_add_systemd_config
-sudo systemctl start peertube
+sudo systemctl start $app

 #=================================================
 # CHANGE PEERTUBE ADMIN PASSWORD AFTER INITIAL GEN
 #=================================================

 # we need to wait for the service to init peertube's database
-(cd /var/www/peertube && sleep 5 && exec /bin/sh -c "echo $admin_pass | NODE_CONFIG_DIR=/var/www/peertube/config NODE_ENV=production PATH=/opt/node_n/bin:$PATH npm run reset-password -- -u root")
+(cd /var/www/$app && sleep 15 && exec /bin/sh -c "echo $admin_pass | NODE_CONFIG_DIR=/var/www/$app/config NODE_ENV=production PATH=/opt/node_n/bin:$PATH npm run reset-password -- -u root")

 #=================================================
 # RELOAD NGINX
--- a/scripts/remove
+++ b/scripts/remove
@ -62,6 +62,7 @@ ynh_psql_drop_user $app

 # Remove the app directory securely
 ynh_secure_remove "$final_path"
+ynh_secure_remove /home/yunohost.app/"$app"

 #=================================================
 # REMOVE NGINX CONFIGURATION
@ -77,6 +78,7 @@ ynh_remove_nginx_config
 # Remove the app-specific logrotate config
 ynh_remove_logrotate
 ynh_secure_remove /var/log/"$app"
+
 #=================================================
 # CLOSE A PORT
 #=================================================
@ -84,7 +86,7 @@ ynh_secure_remove /var/log/"$app"
 if yunohost firewall list | grep -q "\- $port$"
 then
 	echo "Close port $port"
-	yunohost firewall disallow TCP $port 2>&1
+	yunohost firewall disallow Both $port 2>&1
 fi

 #=================================================
--- a/scripts/upgrade
+++ b/scripts/upgrade
@ -0,0 +1,145 @@
+#!/bin/bash
+
+#=================================================
+# GENERIC START
+#=================================================
+# IMPORT GENERIC HELPERS
+#=================================================
+
+source _common.sh
+source /usr/share/yunohost/helpers
+
+#=================================================
+# LOAD SETTINGS
+#=================================================
+
+app=$YNH_APP_INSTANCE_NAME
+
+domain=$(ynh_app_setting_get $app domain)
+path_url="/"
+is_public=$(ynh_app_setting_get $app is_public)
+admin_email=$(ynh_app_setting_get $app admin_email)
+admin_pass=$(ynh_app_setting_get $app admin_pass)
+final_path=$(ynh_app_setting_get $app final_path)
+port=$(ynh_app_setting_get $app port)
+db_name=$(ynh_app_setting_get $app db_name)
+db_pwd=$(ynh_app_setting_get $app psqlpwd)
+
+#=================================================
+# ENSURE DOWNWARD COMPATIBILITY
+#=================================================
+
+# Fix is_public as a boolean value
+if [ "$is_public" = "Yes" ]; then
+	ynh_app_setting_set $app is_public 1
+	is_public=1
+elif [ "$is_public" = "No" ]; then
+	ynh_app_setting_set $app is_public 0
+	is_public=0
+fi
+
+#=================================================
+# REMOVE APP MAIN DIR
+#=================================================
+
+# Remove the app directory securely
+ynh_secure_remove "$final_path"
+
+# Define app's data directory
+datadir="/home/yunohost.app/${app}/storage"
+# Create app folders
+mkdir -p "$datadir"
+
+# Open this port
+yunohost firewall allow Both $port 2>&1
+
+#=================================================
+# CREATE DEDICATED USER
+#=================================================
+
+# Create a system user
+ynh_system_user_create $app
+
+#=================================================
+# CHECK THE PATH
+#=================================================
+
+# Normalize the URL path syntax
+path_url=$(ynh_normalize_url_path $path_url)
+
+# Download, check integrity, uncompress and patch the source from app.src
+ynh_setup_source "$final_path"
+cp ../conf/production.yaml $final_path/config/production.yaml
+(cd $final_path && yarn install --production --pure-lockfile)
+
+
+#=================================================
+# NGINX CONFIGURATION
+#=================================================
+
+# Create a dedicated nginx config
+ynh_add_nginx_config
+
+
+chown -R $app:$app "$final_path" "$datadir"
+
+# Reload Nginx
+systemctl reload nginx
+
+#=================================================
+# MODIFY A CONFIG FILE
+#=================================================
+
+ynh_replace_string "__domain__" "$domain" "$final_path/config/production.yaml"
+ynh_replace_string "__db_name__" "$app" "$final_path/config/production.yaml"
+ynh_replace_string "__app__" "$app" "$final_path/config/production.yaml"
+ynh_replace_string "__db_pwd__" "$db_pwd" "$final_path/config/production.yaml"
+ynh_replace_string "__email__" "$admin_email" "$final_path/config/production.yaml"
+ynh_replace_string "__PORT__" "$port" "$final_path/config/production.yaml"
+
+
+# Recalculate and store the config file checksum into the app settings
+ynh_store_file_checksum "$final_path/config/production.yaml"
+
+#=================================================
+# SETUP LOGROTATE
+#=================================================
+
+# Use logrotate to manage app-specific logfile(s)
+ynh_use_logrotate --non-append
+
+#=================================================
+# SETUP SYSTEMD
+#=================================================
+
+# Create a dedicated systemd config
+ynh_add_systemd_config
+
+
+# Set right permissions for curl installation
+chown -R $app:$app "$final_path" "$datadir"
+
+
+#=================================================
+# SETUP SSOWAT
+#=================================================
+
+if [ $is_public -eq 0 ]
+then	# Remove the public access
+	ynh_app_setting_delete $app skipped_uris
+fi
+# Make app public if necessary
+if [ $is_public -eq 1 ]
+then
+	# unprotected_uris allows SSO credentials to be passed anyway
+	ynh_app_setting_set $app unprotected_uris "/"
+fi
+
+#=================================================
+# RELOAD NGINX
+#=================================================
+
+systemctl reload nginx
+
+
+