3,704
edits
Changes
From SME Server
Jump to navigationJump to search
mLine 1:
Line 1: + Line 8:
Line 9: − + − + Line 38:
Line 39: + Line 52:
Line 54: + Line 69:
Line 72: − − %pre − %preun − %post − %postun Line 87:
Line 85: − + Line 101:
Line 99: − + − Line 134:
Line 131: + + + + + + + + + + + + + + + + + + + − * The alias fragment tailored to suit the application+ − + Line 218:
Line 234: + Line 226:
Line 243: − * a workaround to enable the application to be located in a domain or subdomain root+ + + + + + + + + + + + + + + + + + + + + + + + − root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/80OptDomainFoo+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + − my $status = $foo{'status'} || "disabled";+ − return " # foo-status is disabled.\n" + − unless $status eq 'enabled';+ − my $domain = $foo{'domain'} || "disabled";+ − return " # no hostname or domain for foo defined\n"+ − if $domain eq 'disabled';+ − + − my $DocRoot = "/opt/foo";+ − + − $OUT = "";+ − $OUT .= "\n";+ − $OUT .= "# Redirect an existing hostname or domain to $DocRoot.\n";+ − $OUT .= "<VirtualHost 0.0.0.0:80>\n";+ − + − $OUT .= " DocumentRoot $DocRoot\n";+ − $OUT .= "</VirtualHost>\n";+ − $OUT .= "<VirtualHost 0.0.0.0:443>\n";+ − $OUT .= " ServerName $domain\n";+ − $OUT .= " DocumentRoot $DocRoot\n";+ − $OUT .= " SSLEngine on\n";+ − $OUT .= "</VirtualHost>\n";+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + − + + + + + + + + + + + + + + + + Line 269:
Line 404: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Line 274:
Line 439: − + − Include the original application config file in the templates directory, <br>+ + + Line 315:
Line 482: − $OUT .= "\$CFG->dbname = \'$foo{DbName}\'\; \n";+ − $OUT .= "\$CFG->dbuser = \'$foo{DbUser}\'\; \n";+ − $OUT .= "\$CFG->dbpass = \'$foo{DbPassword}\'\; \n";+ − $OUT .= "\$CFG->dirroot = \'/opt/foo'\; \n";+ Line 356:
Line 523: − mkdir -p root/etc/e-smith/db/accounts/defaults/foo − echo "reserved" > root/etc/e-smith/db/accounts/defaults/foo/type − − mkdir -p root/etc/e-smith/db/configuration/defaults/foo − echo "service" > root/etc/e-smith/db/configuration/defaults/foo/type − echo "Helpdesk" > root/etc/e-smith/db/configuration/defaults/foo/Name − echo "global-pw-remote" > root/etc/e-smith/db/configuration/defaults/foo/PublicAccess − echo "enabled" > root/etc/e-smith/db/configuration/defaults/foo/status − echo "foo" > root/etc/e-smith/db/configuration/defaults/foo/DbName − echo "foo" > root/etc/e-smith/db/configuration/defaults/foo/DbUser − − mkdir -p root/etc/e-smith/templates.metadata/etc/e-smith/sql/init − echo "PERMS=0750" > root/etc/e-smith/templates.metadata/etc/e-smith/sql/init/80foo Line 384:
Line 538: − /etc/e-smith/events/actions/initialize-default-databases − /sbin/e-smith/expand-template /etc/e-smith/sql/init/80foo − /etc/rc.d/init.d/mysql.init start − /sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf − /usr/bin/sv h /service/httpd-e-smith − /sbin/e-smith/expand-template /opt/foo/config.php − /sbin/e-smith/expand-template /etc/crontab − − echo "" − echo "see http://wiki.contribs.org/foo" Line 427:
Line 571: + + + + + + + Line 433:
Line 584: − + − foo.yourserver.net or <br> − domain2.org − − config setprop foo domain foo.yourserver.org OR − config setprop foo domain domain2.org − In /server-manager ''Hostnames and Addressess'' setup foo as a hostname on one of you domains or <br>+ − in ''Domains'' setup a new domain eg. domain2.org, this will overrule the panel setting
→Apache Authentication: add AuthBasicProvider directive
{{Level|Developer}}
=Generic Instructions for building a Web Application RPM=
=Generic Instructions for building a Web Application RPM=
===Local Server===
===Local Server===
Create a build environment on your local server, refer to the SME Server Developer's Guide: [http://mirror.contribs.org/smeserver/contribs/gordonr/devguide/html/p1082.htm How to create an SME Server package - step by step]
Create a build environment on your local server, refer to the SME Server Developer's Guide: [[:SME_Server:Documentation:Developers_Manual#III._How_to_create_an_SME_Server_package_-_step_by_step | How to create a SME Server package - step by step]]
===SME Build Server===
===SME Build Server===
When you are comfortable building rpms, you are encouraged to put your source files on
When you are comfortable building rpms, you are encouraged to put your source files on
the SME Build Server, [[:Package_Modification]], this allows others to more easily update and improve your rpms.
the SME Build Server, [[:Package Modification]], this allows others to more easily update and improve your rpms.
==The Application RPM==
==The Application RPM==
BuildArchitectures: noarch
BuildArchitectures: noarch
BuildRoot: /var/tmp/%{name}-%{version}
BuildRoot: /var/tmp/%{name}-%{version}
BuildRequires: e-smith-devtools
Requires: e-smith-release >= 7.0
Requires: e-smith-release >= 7.0
AutoReqProv: no
AutoReqProv: no
%prep
%prep
%setup -c -n %{name}
%setup -c -n %{name}
%build
%build
#drop in an unchanged .tgz, if required rename directory here, eg remove version number.
#drop in an unchanged .tgz, if required rename directory here, eg remove version number.
cd ..
cd ..
rm -rf %{name}
rm -rf %{name}
%files -f %{name}-%{version}-filelist
%files -f %{name}-%{version}-filelist
Check the .spec files of other contribs, see the [http://fisheye1.cenqua.com/browse/smecontribs/rpms CVS (SME Contribs)]
Check the .spec files of other contribs, see the [http://fisheye1.cenqua.com/browse/smecontribs/rpms CVS (SME Contribs)]
==SME Intergration RPM==
==SME Server Intergration RPM==
===Create database===
===Create database===
my $pw = $rec->prop('DbPassword');
my $pw = $rec->prop('DbPassword');
return "" if $pw;
return "" if $pw;
$rec->set_prop('DbPassword', MIME::Base64::encode(int( (1000000000000000) * rand() )));
$rec->set_prop('DbPassword', sprintf("%15.0f", int( (1000000000000000) * rand() )));
}
}
The %post section of the spec file run the commands to initialise db values and create the db structure
The %post section of the spec file run the commands to initialise db values and create the db structure
===db defaults===
Reserve the foo name in accounts and create default settings in configuration
Create files in these locations, with default values
root/etc/e-smith/db/accounts/defaults/foo
root/etc/e-smith/db/accounts/defaults/foo/type > reserved
root/etc/e-smith/db/configuration/defaults/foo
root/etc/e-smith/db/configuration/defaults/foo/type > service
root/etc/e-smith/db/configuration/defaults/foo/Name > Helpdesk
root/etc/e-smith/db/configuration/defaults/foo/PublicAccess > global-pw-remote
root/etc/e-smith/db/configuration/defaults/foo/status > enabled
root/etc/e-smith/db/configuration/defaults/foo/DbName > foo
root/etc/e-smith/db/configuration/defaults/foo/DbUser > foo
root/etc/e-smith/templates.metadata/etc/e-smith/sql/init
root/etc/e-smith/templates.metadata/etc/e-smith/sql/init/80foo > PERMS=0750
===Webserver templates===
===Webserver templates===
====Http Template 92Foo====
The alias fragment tailored to suit the application
root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/92foo
root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/92foo
$OUT .= " AuthName \"$name\"\n";
$OUT .= " AuthName \"$name\"\n";
$OUT .= " AuthType Basic\n";
$OUT .= " AuthType Basic\n";
$OUT .= " AuthBasicProvider external\n";
$OUT .= " AuthExternal pwauth\n";
$OUT .= " AuthExternal pwauth\n";
$OUT .= " require valid-user\n";
$OUT .= " require valid-user\n";
}
}
====Apache Authentication====
In the example above, all sme users can authenticate to the web folder /opt/foo, for an application with no matter in security, it is normal but in certain case it could be dangerous.
* All users of SME Server
The original template in /etc/e-smith/templates/etc/httpd/conf/httpd.conf/92foo
{
$OUT .= " AuthName \"$name\"\n";
$OUT .= " AuthType Basic\n";
$OUT .= " AuthBasicProvider external\n";
$OUT .= " AuthExternal pwauth\n";
'''$OUT .= " require valid-user\n";'''
$OUT .= " Satisfy $satisfy\n";
}
* one user or several users
Now you need to modify the 92foo template with these new lines
nano /etc/e-smith/templates/etc/httpd/conf/httpd.conf/92foo
{
$OUT .= " AuthName \"$name\"\n";
$OUT .= " AuthType Basic\n";
$OUT .= " AuthBasicProvider external\n";
$OUT .= " AuthExternal pwauth\n";
'''$OUT .= " require user admin pierre paul\n";'''
$OUT .= " Satisfy $satisfy\n";
}
*one group or several groups with some specific users
You have to download a plugin of pwauth to authenticate unix group in SME Server 8 : http://code.google.com/p/pwauth/
For SME Server 9 a nfr is raised see [[bugzilla:3690]]
wget http://pwauth.googlecode.com/files/pwauth-2.3.10.tar.gz
tar xvzf pwauth-2.3.10.tar.gz
cp pwauth-2.3.10/unixgroup /usr/lib/httpd/modules/
chown root:www /usr/lib/httpd/modules/unixgroup
chmod 750 /usr/lib/httpd/modules/unixgroup
We need to create a new fragment<br />
nano /etc/e-smith/templates/etc/httpd/conf/httpd.conf/35-group-auth
{
$OUT .= " AddExternalGroup unixgroup /usr/lib/httpd/modules/unixgroup\n";
$OUT .= " SetExternalGroupMethod unixgroup environment\n";
}
Now you need to modify the 92foo template with these new lines
nano /etc/e-smith/templates/etc/httpd/conf/httpd.conf/92foo
{
$OUT .= " AuthName \"$name\"\n";
$OUT .= " AuthType Basic\n";
$OUT .= " AuthBasicProvider external\n";
$OUT .= " AuthExternal pwauth\n";
$OUT .= " GroupExternal unixgroup\n";
$OUT .= " AuthzUserAuthoritative off\n";
'''$OUT .= " require user admin pierre paul\n";'''
'''$OUT .= " require group virt\n";'''
$OUT .= " Satisfy $satisfy\n";
}
*DB command to choose groups and users
Above we have seen how to write name of groups or users directly in the template, but in the real life it is not enough good :)<br />
The purpose is to choose users or groups by command line.
-In first you have to make other DB configuration as described [[Web_Application_RPM#db_defaults]]
echo "admin" > root/etc/e-smith/db/configuration/defaults/foo/User
echo "" > root/etc/e-smith/db/configuration/defaults/foo/Group
Only the user admin is set by default
-You have to download a plugin of pwauth to authenticate unix group in SME Server 8 : http://code.google.com/p/pwauth/
wget http://pwauth.googlecode.com/files/pwauth-2.3.10.tar.gz
tar xvzf pwauth-2.3.10.tar.gz
cp pwauth-2.3.10/unixgroup /usr/lib/httpd/modules/
chown root:www /usr/lib/httpd/modules/unixgroup
chmod 750 /usr/lib/httpd/modules/unixgroup
We need to create a new fragment<br />
nano /etc/e-smith/templates/etc/httpd/conf/httpd.conf/35-group-auth
{
{
$OUT .= " AddExternalGroup unixgroup /usr/lib/httpd/modules/unixgroup\n";
$OUT .= " SetExternalGroupMethod unixgroup environment\n";
}
Now you need to modify the 92foo template with these new lines <br />
nano /etc/e-smith/templates/etc/httpd/conf/httpd.conf/92foo
{
$OUT .= " AuthName \"$name\"\n";
$OUT .= " AuthType Basic\n";
$OUT .= " AuthExternal pwauth\n";
$OUT .= " GroupExternal unixgroup\n";
$OUT .= " ServerName $domain\n";
$OUT .= " AuthzUserAuthoritative off\n";
$OUT .= " require user $foo{'User'}\n";
$OUT .= " require group $foo{'Group'}\n";
$OUT .= " Satisfy $satisfy\n";
}
-change groups and users allowed by CL
config setprop foo User "admin toto"
config setprop foo Group "famille virt"
then
signal-event console-save
=====SME Server 9=====
The apache authentication is made by a new file named authnz_external_module instead of auth_external_module, therefore you need to slightly modify the code above. <br />
If it is not done you can have this error in log file and you won't be authenticated
configuration error: couldn't check user. No user file?:
See this [http://code.google.com/p/mod-auth-external/wiki/ConfigApache22 howTo]. You need to verify if your /etc/httpd/conf/httpd.conf contain these lines
AddExternalGroup unixgroup /usr/bin/unixgroup
SetExternalGroupMethod unixgroup environment
We are waiting the default use of authenticator unixgroup in sme9 (see [[bugzilla:8008]]). For now you need to make the relevant fragment template.
nano /etc/e-smith/templates/etc/httpd/conf/httpd.conf/35-group-auth
{
$OUT .= " AddExternalGroup unixgroup /usr/bin/unixgroup\n";
$OUT .= " SetExternalGroupMethod unixgroup environment\n";
}
nano /etc/e-smith/templates/etc/httpd/conf/httpd.conf/92foo
{
$OUT .= " AuthName \"$name\"\n";
$OUT .= " '''AuthBasicProvider external'''\n";
$OUT .= " AuthType Basic\n";
$OUT .= " AuthExternal pwauth\n";
$OUT .= " GroupExternal unixgroup\n";
$OUT .= " AuthzUserAuthoritative off\n";
$OUT .= " require user $foo{'User'}\n";
$OUT .= " require group $foo{'Group'}\n";
$OUT .= " Satisfy $satisfy\n";
}
}
* a hack to get https to work, a better solution is required
-change groups and users allowed by CL
config setprop foo User "admin toto"
config setprop foo Group "famille virt"
then
signal-event console-save
====Upload_tmp_dir====
Since SME Server V8, you could have sometime an error is thrown by PHP and you will need to specify a temporary directory (e.g. upload_tmp_dir) which is not set in php.ini. see [[bugzilla:6650]] and [[bugzilla:7652]]. Many Php applications needs this setting, most of known are wordpress, roudcube, egroupware, etc. Symptoms are that you can't upload contents to the PHP application.
An easy way is to make a Custom Template to resolve this issue.
see [[Uploadtmpdir]]
====Https_redirection====
*a hack to get https to work, a better solution is required, you can see [[Https_redirection]]
root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/30FooAlias
root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/30FooAlias
}
}
}
}
*or this solution which does the automatic redirection to https protocol, you have to choose either 30FooAlias or 60FooAlias but not both.
root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/60FooAlias
{
my $status = $foo{'status'} || "disabled";
return " # foo is disabled in this VirtualHost"
unless $status eq 'enabled';
{
if ($port ne "443")
{
$OUT .= <<'HERE';
## Redirect Web Address to Secure Address
RewriteEngine on
RewriteRule ^/foo https://%{HTTP_HOST}/foo
## End Of Redirect
HERE
}
}
}
*To enforce the security you can decide to prohibit all connexions which are not https. You need to add "SSLRequireSSL" in the correct position of the 92foo template.
$OUT .= "<Directory /opt/foo>\n";
'''$OUT .= " SSLRequireSSL\n";'''
$OUT .= " AddType application/x-httpd-php .php\n";
===System file templates===
===System file templates===
You may need to create a fragment for a system file such as crontab.
You may need to create a fragment for a system file such as crontab.
http://mirror.contribs.org/smeserver/contribs/gordonr/devguide/html/c610.htm
http://wiki.contribs.org/SME_Server:Documentation:Developers_Manual
===Application templates===
===Application templates===
Preferably include the original application config file in the templates directory, <br>
then overwrite key values, some of which we keep in SME DB's
then overwrite key values, some of which we keep in SME DB's
This is not always possible, eg your application modifies the config file <br>
in this case leave the config file untemplated and advise the user how to configure manually.
eg . root\etc\template\opt\foo\config.php
eg . root\etc\template\opt\foo\config.php
// SME Server Settings
// SME Server Settings
{
{
$OUT .= "\$CFG->dbname = ini_get\(\'mysql.default_host\'\)\; \n";
$OUT .= "\$CFG->dbuser = ini_get\(\'mysql.default_user\'\)\; \n";
$OUT .= "\$CFG->dbpass = ini_get\(\'mysql.default_password\'\)\; \n";
$OUT .= "\$CFG->dirroot = \'/opt/foo'\; \n";
}
}
%build
%build
%install
%install
%preun
%preun
%post
%post
%postun
%postun
global-pw => Entire Internet(password required)
global-pw => Entire Internet(password required)
global-pw-remote => Entire Internet(password required outside local network)
global-pw-remote => Entire Internet(password required outside local network)
*change groups and users allowed by CL
config setprop foo User "admin toto"
config setprop foo Group "famille virt"
then
signal-event console-save
* To add a different URL eg. yourserver.net/foo
* To add a different URL eg. yourserver.net/foo
config setprop foo URL newfoo
config setprop foo URL newfoo
* To run foo from the root of a domain eg.
* To run foo from the root of a domain, This option is buggy to remove
config delprop foo domain
To enable your changes run these commands
To enable your changes run these commands
