svg
This commit is contained in:
parent
6410bf5e34
commit
b5e5a75d36
|
@ -3,7 +3,7 @@
|
|||
|
||||
docker-compose.yml
|
||||
|
||||
/services/10-nineapache/volume/apache
|
||||
/services/10-nineapache/volume
|
||||
|
||||
/services/15-mariadb/volume/mysql
|
||||
|
||||
|
@ -19,6 +19,7 @@ docker-compose.yml
|
|||
/services/50-nextcloud/volume/html
|
||||
/services/50-nextcloud/volume/app
|
||||
|
||||
/services/50-nineboard/volume/data
|
||||
/services/50-nineboard/volume/data
|
||||
/services/50-ninefolio/volume/data
|
||||
/services/50-ninefolio/volume/apache
|
||||
|
|
|
@ -33,6 +33,7 @@ MODE_AUTH=CAS
|
|||
NINEAPACHE_SERVICE_NAME=nineapache
|
||||
NINEAPACHE_ACTIVATE=1
|
||||
NINEAPACHE_LOCAL=1
|
||||
NINEAPACHE_LETSENCRYPT=0
|
||||
|
||||
# FAKESMTP
|
||||
# fake-smtp server
|
||||
|
|
|
@ -1,22 +0,0 @@
|
|||
ProxyPass /auth http://nine.local:8080/auth retry=0 keepalive=On
|
||||
ProxyPassReverse /auth http://nine.local:8080/auth retry=0
|
||||
|
||||
ProxyPass /ninegate http://nine.local:9000/ninegate retry=0 keepalive=On
|
||||
ProxyPassReverse /ninegate http://nine.local:9000/ninegate retry=0
|
||||
ProxyPass /wssninegate ws://nine.local:9000/wssninegate retry=0 keepalive=On
|
||||
ProxyPassReverse /wssninegate ws://nine.local:9000/wssninegate retry=0
|
||||
|
||||
ProxyPass /nextcloud http://nine.local:9001 retry=0 keepalive=On
|
||||
ProxyPassReverse /nextcloud http://nine.local:9001 retry=0
|
||||
|
||||
ProxyPass /adminer http://nine.local:9100 retry=0 keepalive=On
|
||||
ProxyPassReverse /adminer http://nine.local:9100 retry=0
|
||||
|
||||
ProxyPass /phpldapadmin http://nine.local:9101/phpldapadmin retry=0 keepalive=On
|
||||
ProxyPassReverse /phpldapadmin http://nine.local:9101/phpldapadmin retry=0
|
||||
|
||||
ProxyPass /nineapache http://nine.local:9102 retry=0 keepalive=On
|
||||
ProxyPassReverse /nineapache http://nine.local:9102 retry=0
|
||||
|
||||
|
||||
|
|
@ -13,7 +13,9 @@ RUN apk add --no-cache \
|
|||
unzip \
|
||||
zip \
|
||||
openssl \
|
||||
mariadb-client
|
||||
mariadb-client \
|
||||
certbot \
|
||||
gettext
|
||||
|
||||
RUN apk add --no-cache \
|
||||
apache2 \
|
||||
|
@ -64,7 +66,14 @@ RUN chmod +x /etc/apache2/apache2.sh
|
|||
COPY php.local.ini /etc/php81/conf.d/
|
||||
COPY httpd.conf /etc/apache2/httpd.conf
|
||||
COPY site.conf /etc/apache2/conf.d/nine/site.conf
|
||||
COPY ssl.conf /etc/apache2/conf.d/ssl.conf
|
||||
COPY sslself.conf /etc/apache2/conf.d/ssl.conf
|
||||
COPY index.php /app/public/index.php
|
||||
|
||||
RUN mkdir /nine
|
||||
COPY sslletsencrypt.conf /nine/ssl.conf
|
||||
RUN mkdir -p /usr/local/apache2/htdocs/.well-known/acme-challenge
|
||||
COPY addcertif.sh /nine/addcertif.sh
|
||||
RUN chmod +x /nine/addcertif.sh
|
||||
RUN echo "0 1 * * * /etc/apache2/addcertif.sh >> /var/log/addcertif.log 2>&1" >> /var/spool/cron/crontabs/root
|
||||
|
||||
CMD /etc/apache2/apache2.sh
|
|
@ -0,0 +1,15 @@
|
|||
#!/bin/bash
|
||||
|
||||
if [[ $NINEAPACHE_LETSENCRYPT == 1 ]]
|
||||
then
|
||||
# On génère ou renouvel le certificat
|
||||
echo "CERTIFICAT LETSENCRYPT"
|
||||
certbot certonly --webroot -w /usr/local/apache2/htdocs -d ${WEB_URL} --non-interactive --agree-tos --email ${ADMIN_EMAIL}
|
||||
|
||||
# On supprime la conf ssl pour placer celle de letsencrypt en y placant la web_url
|
||||
rm -f /etc/apache2/conf.d/ssl.conf
|
||||
envsubst < "/nine/ssl.conf" > "/etc/apache2/conf.d/ssl.conf"
|
||||
|
||||
# On redemarre apache
|
||||
httpd -k graceful
|
||||
fi
|
|
@ -1,13 +1,28 @@
|
|||
|
||||
LoadModule rewrite_module modules/mod_rewrite.so
|
||||
ServerName nineapache.local
|
||||
DocumentRoot "/app/public"
|
||||
|
||||
# Alias pour le répertoire de validation de Certbot
|
||||
Alias /.well-known/acme-challenge /usr/local/apache2/htdocs/.well-known/acme-challenge
|
||||
|
||||
# Exclure les requêtes pour .well-known/acme-challenge de la redirection vers index.php
|
||||
<Location "/.well-known/acme-challenge">
|
||||
Options None
|
||||
AllowOverride None
|
||||
Require all granted
|
||||
</Location>
|
||||
|
||||
<Directory "/app/public">
|
||||
Options Indexes FollowSymLinks
|
||||
AllowOverride All
|
||||
Require all granted
|
||||
|
||||
RewriteEngine On
|
||||
|
||||
# Exclure les requêtes vers .well-known/acme-challenge de la redirection
|
||||
RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge
|
||||
|
||||
# Règles de réécriture existantes
|
||||
RewriteCond %{REQUEST_URI}::$0 ^(/.+)/(.*)::\2$
|
||||
RewriteRule .* - [E=BASE:%1]
|
||||
RewriteCond %{HTTP:Authorization} .+
|
||||
|
@ -15,6 +30,5 @@ DocumentRoot "/app/public"
|
|||
RewriteCond %{ENV:REDIRECT_STATUS} =""
|
||||
RewriteRule ^index\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L]
|
||||
RewriteCond %{REQUEST_FILENAME} !-f
|
||||
RewriteRule ^ %{ENV:BASE}/index.php [L]
|
||||
RewriteRule ^ %{ENV:BASE}/index.php [L]
|
||||
</Directory>
|
||||
|
||||
|
|
|
@ -0,0 +1,43 @@
|
|||
LoadModule ssl_module modules/mod_ssl.so
|
||||
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
|
||||
|
||||
SSLRandomSeed startup file:/dev/urandom 512
|
||||
SSLRandomSeed connect builtin
|
||||
|
||||
Listen 443
|
||||
|
||||
SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES:!ADH
|
||||
SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES:!ADH
|
||||
SSLHonorCipherOrder on
|
||||
SSLProtocol all -SSLv3
|
||||
SSLProxyProtocol all -SSLv3
|
||||
SSLPassPhraseDialog builtin
|
||||
SSLSessionCache "shmcb:/var/cache/mod_ssl/scache(512000)"
|
||||
SSLSessionCacheTimeout 300
|
||||
|
||||
<VirtualHost _default_:443>
|
||||
DocumentRoot "/app/public"
|
||||
ServerName www.example.com:443
|
||||
ServerAdmin you@example.com
|
||||
ErrorLog logs/ssl_error.log
|
||||
TransferLog logs/ssl_access.log
|
||||
|
||||
SSLEngine on
|
||||
|
||||
SSLCertificateFile /etc/letsencrypt/live/${WEB_URL}/fullchain.pem
|
||||
SSLCertificateKeyFile /etc/letsencrypt/live/${WEB_URL}/privkey.pem
|
||||
|
||||
<FilesMatch "\.(cgi|shtml|phtml|php)$">
|
||||
SSLOptions +StdEnvVars
|
||||
</FilesMatch>
|
||||
<Directory "/app/public/cgi-bin">
|
||||
SSLOptions +StdEnvVars
|
||||
</Directory>
|
||||
|
||||
BrowserMatch "MSIE [2-5]" \
|
||||
nokeepalive ssl-unclean-shutdown \
|
||||
downgrade-1.0 force-response-1.0
|
||||
|
||||
CustomLog logs/ssl_request.log \
|
||||
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
|
||||
</VirtualHost>
|
10
nine.sh
10
nine.sh
|
@ -342,6 +342,15 @@ then
|
|||
up$2
|
||||
fi
|
||||
docker-compose logs -f $2
|
||||
elif [[ $1 == "letsencrypt" ]]
|
||||
then
|
||||
Title ${NINEAPACHE_SERVICE_NAME^^} LETSENCRYPT
|
||||
if [[ $NINEAPACHE_ACTIVATE == 1 && $NINEAPACHE_LOCAL == 1 ]]
|
||||
then
|
||||
docker-compose exec ${NINEAPACHE_SERVICE_NAME} /nine/addcertif.sh
|
||||
else
|
||||
EchoRouge "Service ${NINEAPACHE_SERVICE_NAME} non actif"
|
||||
fi
|
||||
else
|
||||
EchoRouge "Action possible ="
|
||||
EchoRouge "nine.sh > UP de l'ensemble des services actifs"
|
||||
|
@ -362,6 +371,7 @@ else
|
|||
EchoRouge "nine.sh iswait monservice > monservice est-il en cours de construction"
|
||||
EchoRouge "nine.sh regen > lance destroyall puis up sur l'ensemble des service"
|
||||
EchoRouge "nine.sh regen monservice > lance destroy monservice puis up monservice"
|
||||
EchoRouge "nine.sh letsencrypt > genere ou renouvelle le certificat letsencrypt"
|
||||
fi
|
||||
echo
|
||||
echo
|
||||
|
|
|
@ -2,6 +2,10 @@ LoadModule rewrite_module modules/mod_rewrite.so
|
|||
|
||||
ServerName nineapache.local
|
||||
|
||||
RewriteEngine On
|
||||
RewriteCond %{HTTPS} !=on
|
||||
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
|
||||
|
||||
# Options Proxy
|
||||
ProxyRequests Off
|
||||
ProxyPreserveHost On
|
||||
|
@ -16,14 +20,26 @@ RequestHeader set X-Forwarded-For "%{REMOTE_ADDR}s"
|
|||
RequestHeader set Host "%{HTTP_HOST}s"
|
||||
RequestHeader set X-Forwarded-Proto "http"
|
||||
|
||||
# Alias pour le répertoire de validation de Certbot
|
||||
Alias /.well-known/acme-challenge /usr/local/apache2/htdocs/.well-known/acme-challenge
|
||||
|
||||
# Exclure les requêtes pour .well-known/acme-challenge de la redirection vers index.php
|
||||
<Location "/.well-known/acme-challenge">
|
||||
Options None
|
||||
Require all granted
|
||||
</Location>
|
||||
|
||||
# Page interne au proxy
|
||||
DocumentRoot "/app/public"
|
||||
<Directory "/app/public">
|
||||
Options Indexes FollowSymLinks
|
||||
AllowOverride All
|
||||
Require all granted
|
||||
|
||||
RewriteEngine On
|
||||
|
||||
# Exclure les requêtes vers .well-known/acme-challenge de la redirection
|
||||
RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge
|
||||
|
||||
RewriteCond %{REQUEST_URI}::$0 ^(/.+)/(.*)::\2$
|
||||
RewriteRule .* - [E=BASE:%1]
|
||||
RewriteCond %{HTTP:Authorization} .+
|
||||
|
|
|
@ -14,4 +14,4 @@ services:
|
|||
- "443:443"
|
||||
volumes:
|
||||
- ./services/10-nineapache/volume/apache:/etc/apache2/conf.d/nine
|
||||
- ./services/10-nineapache/volume/ssl:/etc/apache2/ssl
|
||||
- ./services/10-nineapache/volume/letsencrypt:/etc/letsencrypt
|
||||
|
|
|
@ -1,21 +0,0 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDYTCCAkmgAwIBAgIUQ+F6GtJo7VWyn1uemlBWSqYDGyYwDQYJKoZIhvcNAQEL
|
||||
BQAwQDELMAkGA1UEBhMCRlIxDzANBgNVBAgMBkZyYW5jZTEOMAwGA1UEBwwFRGlq
|
||||
b24xEDAOBgNVBAoMB0NhZG9sZXMwHhcNMjQwNzI4MTU1NjM0WhcNMjUwNzI4MTU1
|
||||
NjM0WjBAMQswCQYDVQQGEwJGUjEPMA0GA1UECAwGRnJhbmNlMQ4wDAYDVQQHDAVE
|
||||
aWpvbjEQMA4GA1UECgwHQ2Fkb2xlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
|
||||
AQoCggEBAKLfE1bjieaMAKV7e9blEPGSQtp2gFfrsYwjLaFnT+JyUtNbAKtAUxsB
|
||||
SOLMC+cBMluQyv1E69xeL+8v9QgkmpvUw/nJy32/hU1AVSxzfU67wZHWusjx4089
|
||||
tHLmJymDQkjvKnshLoPSXQTD3bA1HScMyuymqdXlUTIHm3xoOmi+9T+58UgCsTaj
|
||||
7j8TavNdbU5PXSWyk8WHoYZJMEefLypvARa8g0xDYq3S7MomTIIulS/p/pD2RVA6
|
||||
th8SrjBiIvI7OrNP2TyYbZbVGit64+03+YIiCr8UUqA+a4FZlOzvWo9pHsErb/9a
|
||||
uQeQ2ICS6ZnrLNHcNY/mppUW4TfEn6kCAwEAAaNTMFEwHQYDVR0OBBYEFGZEJEsY
|
||||
Y4TL3Q2UMm1CfJNywqJuMB8GA1UdIwQYMBaAFGZEJEsYY4TL3Q2UMm1CfJNywqJu
|
||||
MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAITdEJjIwNhzPomS
|
||||
ybcf1MES4zHSzQNmE6eRgKrB3V7qKANyjaav8vuDaH5drs5cEs+r/uheuVEQFrSV
|
||||
Jk4zLllo3XTdOE2Hydjzxy7Ztqel11hA8dD5tgdJBDxLj4lMbgAbMBWTfH2VjGYC
|
||||
xPtr8dV9kH2/91sJixRgKBVZ5ywzbqPIZU3iraXe8VOd9Uj+hDrNomAXJFrI/QV4
|
||||
81bEvHwTmBHWU+plTu0YyhlBkW5byScFZNek5eOxI721phnog/t9UDbsi20mrH0e
|
||||
iLfJ169LZ3yAWGy4NRq3oQnJUalu3HwlZr0fp0Eih0t7CD5O8Lt4ymN7EywrrI7J
|
||||
VnR5yZU=
|
||||
-----END CERTIFICATE-----
|
|
@ -1,28 +0,0 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCi3xNW44nmjACl
|
||||
e3vW5RDxkkLadoBX67GMIy2hZ0/iclLTWwCrQFMbAUjizAvnATJbkMr9ROvcXi/v
|
||||
L/UIJJqb1MP5yct9v4VNQFUsc31Ou8GR1rrI8eNPPbRy5icpg0JI7yp7IS6D0l0E
|
||||
w92wNR0nDMrspqnV5VEyB5t8aDpovvU/ufFIArE2o+4/E2rzXW1OT10lspPFh6GG
|
||||
STBHny8qbwEWvINMQ2Kt0uzKJkyCLpUv6f6Q9kVQOrYfEq4wYiLyOzqzT9k8mG2W
|
||||
1RoreuPtN/mCIgq/FFKgPmuBWZTs71qPaR7BK2//WrkHkNiAkumZ6yzR3DWP5qaV
|
||||
FuE3xJ+pAgMBAAECggEAONndCktKa2sbHqhHxe8XRvti0pbinc3rn5r35osFW2nE
|
||||
d3ogdaZyW87K/j9zOCM2zLdx444XNki6OqdmxHziatqNvbcujKo5gYmfMXDuoHjx
|
||||
TFLDyDiGu7YyMpkbumXS0VqKXYhrkB/x0CP+Ue94SZUxkAFs7vioqun04CwRl1Xh
|
||||
8Z0fU8IFSP1gEOmJMk1nLfCcYPdgsVDWNauhe1NAPCoZQGGYGfuGI6aBERy7vkAD
|
||||
S5kt7SAnhznXbo2K1hNHuj2exOLUpjWUeA7k/pyiIuK+PBoizB0nOgGClvOY9TCu
|
||||
il8jljLyH2lHeNhO1q6e+mu2oggjfozbMD5NcwduMQKBgQDGgj7+5fzhYtziFJOC
|
||||
DtCDgOEx8F7WxluxwuniG+WasnrpvF3mERQfj+Lx1X4gSSiZBu/ygq+e+NVuw6oL
|
||||
XNYyArvzsH+Ti9xzXhdJA0ujPXwoQ9km7GrM16x/OJGmA8Ruj7Xi5FSaP1mQeZze
|
||||
6JttYTVLw2vOe+4OQpxRSSe/FwKBgQDSCp4TRh7HJ3/cx/VMt1r8YvD8O/RrS+Df
|
||||
zKmTp57zaua8aVVXw34LN5RXnpom/zE1dg2uV0Lh4hneNEZgcm6OcJQrofkfrMUr
|
||||
LJKyym635VmYOmLdZYfHU3YpyJmPSb9+VwObPN9WGqgMMhoG8b7AeTqLihait5OA
|
||||
I0gj2+/PPwKBgGGeAySOLMEZQM3cmH1Ik7lXU2afccPkX4sW8rTCSzK7uj3e574P
|
||||
f/nVZCDQf+mYkGJQSwbSxVJDw5FonuJfkOWe+pZnoRUJnisNhh3dhQCNZ9TVKKA/
|
||||
enWpSaZ2RwmAqMRF34foCMKhjIXDiCUF9gjf2LmdLBKqVvKkRwKiGu2ZAoGBAMbo
|
||||
VSBthBIXnueG2Q8IiHqAfDRx1pqRpehqmaCB2W4tK0r7+Vz+fevDe5CqWtNZUdGN
|
||||
9ZDHhEgDZXnfSVJmq7nqdPcJEbHkXGfxcw8r00QFRx55FE0TrEygBkO1e26NaXIM
|
||||
lxa4w8t3vPKns6wl3P3LEB067Qq1DFMJlnSXAHfjAoGAAPbkr4ETFLswU/qdWAag
|
||||
mp5l2q7lAr9WUW+grJsY7PAc+RWvYiqs8zSyqIP39FyiwCdvJbQ7yhmUUI4Xsap+
|
||||
sseQwQ77KvZbAmbaht/8CCEpEvIunlmDPPvdmC2aBjjiXPCdfuI9oZW1vHg+DMR0
|
||||
EJyRdCAFQ4+712mehLzSSFQ=
|
||||
-----END PRIVATE KEY-----
|
|
@ -16,6 +16,7 @@ run_as 'php occ config:system:set trusted_domains 1 --value '${WEB_URL}
|
|||
run_as 'php occ config:system:set overwrite.cli.url --value '${NEXTCLOUD_URL}
|
||||
run_as 'php occ config:system:set overwritewebroot --value '${NEXTCLOUD_ALIAS}
|
||||
run_as 'php occ config:system:set htaccess.RewriteBase --value '${NEXTCLOUD_ALIAS}
|
||||
run_as 'php occ config:system:set overwriteprotocol --value '${PROTOCOLE}
|
||||
|
||||
echo
|
||||
echo "== CALENDAR"
|
||||
|
|
Loading…
Reference in New Issue