diff --git a/.gitignore b/.gitignore
index 6a97812..caaee30 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,7 +3,7 @@
docker-compose.yml
-/services/10-nineapache/volume/apache
+/services/10-nineapache/volume
/services/15-mariadb/volume/mysql
@@ -19,6 +19,7 @@ docker-compose.yml
/services/50-nextcloud/volume/html
/services/50-nextcloud/volume/app
+/services/50-nineboard/volume/data
/services/50-nineboard/volume/data
/services/50-ninefolio/volume/data
/services/50-ninefolio/volume/apache
diff --git a/env/.env b/env/.env
index b02444c..0a6eb00 100644
--- a/env/.env
+++ b/env/.env
@@ -33,6 +33,7 @@ MODE_AUTH=CAS
NINEAPACHE_SERVICE_NAME=nineapache
NINEAPACHE_ACTIVATE=1
NINEAPACHE_LOCAL=1
+NINEAPACHE_LETSENCRYPT=0
# FAKESMTP
# fake-smtp server
diff --git a/misc/images/apache/nine.conf b/misc/images/apache/nine.conf
deleted file mode 100644
index 06a7361..0000000
--- a/misc/images/apache/nine.conf
+++ /dev/null
@@ -1,22 +0,0 @@
-ProxyPass /auth http://nine.local:8080/auth retry=0 keepalive=On
-ProxyPassReverse /auth http://nine.local:8080/auth retry=0
-
-ProxyPass /ninegate http://nine.local:9000/ninegate retry=0 keepalive=On
-ProxyPassReverse /ninegate http://nine.local:9000/ninegate retry=0
-ProxyPass /wssninegate ws://nine.local:9000/wssninegate retry=0 keepalive=On
-ProxyPassReverse /wssninegate ws://nine.local:9000/wssninegate retry=0
-
-ProxyPass /nextcloud http://nine.local:9001 retry=0 keepalive=On
-ProxyPassReverse /nextcloud http://nine.local:9001 retry=0
-
-ProxyPass /adminer http://nine.local:9100 retry=0 keepalive=On
-ProxyPassReverse /adminer http://nine.local:9100 retry=0
-
-ProxyPass /phpldapadmin http://nine.local:9101/phpldapadmin retry=0 keepalive=On
-ProxyPassReverse /phpldapadmin http://nine.local:9101/phpldapadmin retry=0
-
-ProxyPass /nineapache http://nine.local:9102 retry=0 keepalive=On
-ProxyPassReverse /nineapache http://nine.local:9102 retry=0
-
-
-
diff --git a/misc/images/nineapache81/containers/nineapache/Dockerfile b/misc/images/nineapache81/containers/nineapache/Dockerfile
index 6eca3f8..1a031a7 100755
--- a/misc/images/nineapache81/containers/nineapache/Dockerfile
+++ b/misc/images/nineapache81/containers/nineapache/Dockerfile
@@ -13,7 +13,9 @@ RUN apk add --no-cache \
unzip \
zip \
openssl \
- mariadb-client
+ mariadb-client \
+ certbot \
+ gettext
RUN apk add --no-cache \
apache2 \
@@ -64,7 +66,14 @@ RUN chmod +x /etc/apache2/apache2.sh
COPY php.local.ini /etc/php81/conf.d/
COPY httpd.conf /etc/apache2/httpd.conf
COPY site.conf /etc/apache2/conf.d/nine/site.conf
-COPY ssl.conf /etc/apache2/conf.d/ssl.conf
+COPY sslself.conf /etc/apache2/conf.d/ssl.conf
COPY index.php /app/public/index.php
+RUN mkdir /nine
+COPY sslletsencrypt.conf /nine/ssl.conf
+RUN mkdir -p /usr/local/apache2/htdocs/.well-known/acme-challenge
+COPY addcertif.sh /nine/addcertif.sh
+RUN chmod +x /nine/addcertif.sh
+RUN echo "0 1 * * * /etc/apache2/addcertif.sh >> /var/log/addcertif.log 2>&1" >> /var/spool/cron/crontabs/root
+
CMD /etc/apache2/apache2.sh
\ No newline at end of file
diff --git a/misc/images/nineapache81/containers/nineapache/addcertif.sh b/misc/images/nineapache81/containers/nineapache/addcertif.sh
new file mode 100644
index 0000000..6715448
--- /dev/null
+++ b/misc/images/nineapache81/containers/nineapache/addcertif.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+
+if [[ $NINEAPACHE_LETSENCRYPT == 1 ]]
+then
+ # On génère ou renouvel le certificat
+ echo "CERTIFICAT LETSENCRYPT"
+ certbot certonly --webroot -w /usr/local/apache2/htdocs -d ${WEB_URL} --non-interactive --agree-tos --email ${ADMIN_EMAIL}
+
+ # On supprime la conf ssl pour placer celle de letsencrypt en y placant la web_url
+ rm -f /etc/apache2/conf.d/ssl.conf
+ envsubst < "/nine/ssl.conf" > "/etc/apache2/conf.d/ssl.conf"
+
+ # On redemarre apache
+ httpd -k graceful
+fi
\ No newline at end of file
diff --git a/misc/images/nineapache81/containers/nineapache/site.conf b/misc/images/nineapache81/containers/nineapache/site.conf
index f774c5b..bab7452 100755
--- a/misc/images/nineapache81/containers/nineapache/site.conf
+++ b/misc/images/nineapache81/containers/nineapache/site.conf
@@ -1,13 +1,28 @@
-
LoadModule rewrite_module modules/mod_rewrite.so
ServerName nineapache.local
DocumentRoot "/app/public"
+
+# Alias pour le répertoire de validation de Certbot
+Alias /.well-known/acme-challenge /usr/local/apache2/htdocs/.well-known/acme-challenge
+
+# Exclure les requêtes pour .well-known/acme-challenge de la redirection vers index.php
+
+ Options None
+ AllowOverride None
+ Require all granted
+
+
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
RewriteEngine On
+
+ # Exclure les requêtes vers .well-known/acme-challenge de la redirection
+ RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge
+
+ # Règles de réécriture existantes
RewriteCond %{REQUEST_URI}::$0 ^(/.+)/(.*)::\2$
RewriteRule .* - [E=BASE:%1]
RewriteCond %{HTTP:Authorization} .+
@@ -15,6 +30,5 @@ DocumentRoot "/app/public"
RewriteCond %{ENV:REDIRECT_STATUS} =""
RewriteRule ^index\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-f
- RewriteRule ^ %{ENV:BASE}/index.php [L]
+ RewriteRule ^ %{ENV:BASE}/index.php [L]
-
diff --git a/misc/images/nineapache81/containers/nineapache/sslletsencrypt.conf b/misc/images/nineapache81/containers/nineapache/sslletsencrypt.conf
new file mode 100644
index 0000000..975d824
--- /dev/null
+++ b/misc/images/nineapache81/containers/nineapache/sslletsencrypt.conf
@@ -0,0 +1,43 @@
+LoadModule ssl_module modules/mod_ssl.so
+LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
+
+SSLRandomSeed startup file:/dev/urandom 512
+SSLRandomSeed connect builtin
+
+Listen 443
+
+SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES:!ADH
+SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES:!ADH
+SSLHonorCipherOrder on
+SSLProtocol all -SSLv3
+SSLProxyProtocol all -SSLv3
+SSLPassPhraseDialog builtin
+SSLSessionCache "shmcb:/var/cache/mod_ssl/scache(512000)"
+SSLSessionCacheTimeout 300
+
+
+ DocumentRoot "/app/public"
+ ServerName www.example.com:443
+ ServerAdmin you@example.com
+ ErrorLog logs/ssl_error.log
+ TransferLog logs/ssl_access.log
+
+ SSLEngine on
+
+ SSLCertificateFile /etc/letsencrypt/live/${WEB_URL}/fullchain.pem
+ SSLCertificateKeyFile /etc/letsencrypt/live/${WEB_URL}/privkey.pem
+
+
+ SSLOptions +StdEnvVars
+
+
+ SSLOptions +StdEnvVars
+
+
+ BrowserMatch "MSIE [2-5]" \
+ nokeepalive ssl-unclean-shutdown \
+ downgrade-1.0 force-response-1.0
+
+ CustomLog logs/ssl_request.log \
+ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+
\ No newline at end of file
diff --git a/misc/images/nineapache81/containers/nineapache/ssl.conf b/misc/images/nineapache81/containers/nineapache/sslself.conf
similarity index 100%
rename from misc/images/nineapache81/containers/nineapache/ssl.conf
rename to misc/images/nineapache81/containers/nineapache/sslself.conf
diff --git a/nine.sh b/nine.sh
index fc7b8bc..d342883 100755
--- a/nine.sh
+++ b/nine.sh
@@ -342,6 +342,15 @@ then
up$2
fi
docker-compose logs -f $2
+elif [[ $1 == "letsencrypt" ]]
+then
+ Title ${NINEAPACHE_SERVICE_NAME^^} LETSENCRYPT
+ if [[ $NINEAPACHE_ACTIVATE == 1 && $NINEAPACHE_LOCAL == 1 ]]
+ then
+ docker-compose exec ${NINEAPACHE_SERVICE_NAME} /nine/addcertif.sh
+ else
+ EchoRouge "Service ${NINEAPACHE_SERVICE_NAME} non actif"
+ fi
else
EchoRouge "Action possible ="
EchoRouge "nine.sh > UP de l'ensemble des services actifs"
@@ -362,6 +371,7 @@ else
EchoRouge "nine.sh iswait monservice > monservice est-il en cours de construction"
EchoRouge "nine.sh regen > lance destroyall puis up sur l'ensemble des service"
EchoRouge "nine.sh regen monservice > lance destroy monservice puis up monservice"
+ EchoRouge "nine.sh letsencrypt > genere ou renouvelle le certificat letsencrypt"
fi
echo
echo
diff --git a/services/10-nineapache/apache/apache.conf b/services/10-nineapache/apache/apache.conf
index dce74e7..20fac88 100644
--- a/services/10-nineapache/apache/apache.conf
+++ b/services/10-nineapache/apache/apache.conf
@@ -2,6 +2,10 @@ LoadModule rewrite_module modules/mod_rewrite.so
ServerName nineapache.local
+RewriteEngine On
+RewriteCond %{HTTPS} !=on
+RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
+
# Options Proxy
ProxyRequests Off
ProxyPreserveHost On
@@ -16,14 +20,26 @@ RequestHeader set X-Forwarded-For "%{REMOTE_ADDR}s"
RequestHeader set Host "%{HTTP_HOST}s"
RequestHeader set X-Forwarded-Proto "http"
+# Alias pour le répertoire de validation de Certbot
+Alias /.well-known/acme-challenge /usr/local/apache2/htdocs/.well-known/acme-challenge
+
+# Exclure les requêtes pour .well-known/acme-challenge de la redirection vers index.php
+
+ Options None
+ Require all granted
+
+
# Page interne au proxy
DocumentRoot "/app/public"
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
-
RewriteEngine On
+
+ # Exclure les requêtes vers .well-known/acme-challenge de la redirection
+ RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge
+
RewriteCond %{REQUEST_URI}::$0 ^(/.+)/(.*)::\2$
RewriteRule .* - [E=BASE:%1]
RewriteCond %{HTTP:Authorization} .+
diff --git a/services/10-nineapache/dockercompose/dockercompose.yml b/services/10-nineapache/dockercompose/dockercompose.yml
index 569422e..a1d2064 100644
--- a/services/10-nineapache/dockercompose/dockercompose.yml
+++ b/services/10-nineapache/dockercompose/dockercompose.yml
@@ -14,4 +14,4 @@ services:
- "443:443"
volumes:
- ./services/10-nineapache/volume/apache:/etc/apache2/conf.d/nine
- - ./services/10-nineapache/volume/ssl:/etc/apache2/ssl
+ - ./services/10-nineapache/volume/letsencrypt:/etc/letsencrypt
diff --git a/services/10-nineapache/volume/ssl/selfsigned.crt b/services/10-nineapache/volume/ssl/selfsigned.crt
deleted file mode 100644
index 49d040f..0000000
--- a/services/10-nineapache/volume/ssl/selfsigned.crt
+++ /dev/null
@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDYTCCAkmgAwIBAgIUQ+F6GtJo7VWyn1uemlBWSqYDGyYwDQYJKoZIhvcNAQEL
-BQAwQDELMAkGA1UEBhMCRlIxDzANBgNVBAgMBkZyYW5jZTEOMAwGA1UEBwwFRGlq
-b24xEDAOBgNVBAoMB0NhZG9sZXMwHhcNMjQwNzI4MTU1NjM0WhcNMjUwNzI4MTU1
-NjM0WjBAMQswCQYDVQQGEwJGUjEPMA0GA1UECAwGRnJhbmNlMQ4wDAYDVQQHDAVE
-aWpvbjEQMA4GA1UECgwHQ2Fkb2xlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
-AQoCggEBAKLfE1bjieaMAKV7e9blEPGSQtp2gFfrsYwjLaFnT+JyUtNbAKtAUxsB
-SOLMC+cBMluQyv1E69xeL+8v9QgkmpvUw/nJy32/hU1AVSxzfU67wZHWusjx4089
-tHLmJymDQkjvKnshLoPSXQTD3bA1HScMyuymqdXlUTIHm3xoOmi+9T+58UgCsTaj
-7j8TavNdbU5PXSWyk8WHoYZJMEefLypvARa8g0xDYq3S7MomTIIulS/p/pD2RVA6
-th8SrjBiIvI7OrNP2TyYbZbVGit64+03+YIiCr8UUqA+a4FZlOzvWo9pHsErb/9a
-uQeQ2ICS6ZnrLNHcNY/mppUW4TfEn6kCAwEAAaNTMFEwHQYDVR0OBBYEFGZEJEsY
-Y4TL3Q2UMm1CfJNywqJuMB8GA1UdIwQYMBaAFGZEJEsYY4TL3Q2UMm1CfJNywqJu
-MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAITdEJjIwNhzPomS
-ybcf1MES4zHSzQNmE6eRgKrB3V7qKANyjaav8vuDaH5drs5cEs+r/uheuVEQFrSV
-Jk4zLllo3XTdOE2Hydjzxy7Ztqel11hA8dD5tgdJBDxLj4lMbgAbMBWTfH2VjGYC
-xPtr8dV9kH2/91sJixRgKBVZ5ywzbqPIZU3iraXe8VOd9Uj+hDrNomAXJFrI/QV4
-81bEvHwTmBHWU+plTu0YyhlBkW5byScFZNek5eOxI721phnog/t9UDbsi20mrH0e
-iLfJ169LZ3yAWGy4NRq3oQnJUalu3HwlZr0fp0Eih0t7CD5O8Lt4ymN7EywrrI7J
-VnR5yZU=
------END CERTIFICATE-----
diff --git a/services/10-nineapache/volume/ssl/selfsigned.key b/services/10-nineapache/volume/ssl/selfsigned.key
deleted file mode 100644
index fb22b8a..0000000
--- a/services/10-nineapache/volume/ssl/selfsigned.key
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCi3xNW44nmjACl
-e3vW5RDxkkLadoBX67GMIy2hZ0/iclLTWwCrQFMbAUjizAvnATJbkMr9ROvcXi/v
-L/UIJJqb1MP5yct9v4VNQFUsc31Ou8GR1rrI8eNPPbRy5icpg0JI7yp7IS6D0l0E
-w92wNR0nDMrspqnV5VEyB5t8aDpovvU/ufFIArE2o+4/E2rzXW1OT10lspPFh6GG
-STBHny8qbwEWvINMQ2Kt0uzKJkyCLpUv6f6Q9kVQOrYfEq4wYiLyOzqzT9k8mG2W
-1RoreuPtN/mCIgq/FFKgPmuBWZTs71qPaR7BK2//WrkHkNiAkumZ6yzR3DWP5qaV
-FuE3xJ+pAgMBAAECggEAONndCktKa2sbHqhHxe8XRvti0pbinc3rn5r35osFW2nE
-d3ogdaZyW87K/j9zOCM2zLdx444XNki6OqdmxHziatqNvbcujKo5gYmfMXDuoHjx
-TFLDyDiGu7YyMpkbumXS0VqKXYhrkB/x0CP+Ue94SZUxkAFs7vioqun04CwRl1Xh
-8Z0fU8IFSP1gEOmJMk1nLfCcYPdgsVDWNauhe1NAPCoZQGGYGfuGI6aBERy7vkAD
-S5kt7SAnhznXbo2K1hNHuj2exOLUpjWUeA7k/pyiIuK+PBoizB0nOgGClvOY9TCu
-il8jljLyH2lHeNhO1q6e+mu2oggjfozbMD5NcwduMQKBgQDGgj7+5fzhYtziFJOC
-DtCDgOEx8F7WxluxwuniG+WasnrpvF3mERQfj+Lx1X4gSSiZBu/ygq+e+NVuw6oL
-XNYyArvzsH+Ti9xzXhdJA0ujPXwoQ9km7GrM16x/OJGmA8Ruj7Xi5FSaP1mQeZze
-6JttYTVLw2vOe+4OQpxRSSe/FwKBgQDSCp4TRh7HJ3/cx/VMt1r8YvD8O/RrS+Df
-zKmTp57zaua8aVVXw34LN5RXnpom/zE1dg2uV0Lh4hneNEZgcm6OcJQrofkfrMUr
-LJKyym635VmYOmLdZYfHU3YpyJmPSb9+VwObPN9WGqgMMhoG8b7AeTqLihait5OA
-I0gj2+/PPwKBgGGeAySOLMEZQM3cmH1Ik7lXU2afccPkX4sW8rTCSzK7uj3e574P
-f/nVZCDQf+mYkGJQSwbSxVJDw5FonuJfkOWe+pZnoRUJnisNhh3dhQCNZ9TVKKA/
-enWpSaZ2RwmAqMRF34foCMKhjIXDiCUF9gjf2LmdLBKqVvKkRwKiGu2ZAoGBAMbo
-VSBthBIXnueG2Q8IiHqAfDRx1pqRpehqmaCB2W4tK0r7+Vz+fevDe5CqWtNZUdGN
-9ZDHhEgDZXnfSVJmq7nqdPcJEbHkXGfxcw8r00QFRx55FE0TrEygBkO1e26NaXIM
-lxa4w8t3vPKns6wl3P3LEB067Qq1DFMJlnSXAHfjAoGAAPbkr4ETFLswU/qdWAag
-mp5l2q7lAr9WUW+grJsY7PAc+RWvYiqs8zSyqIP39FyiwCdvJbQ7yhmUUI4Xsap+
-sseQwQ77KvZbAmbaht/8CCEpEvIunlmDPPvdmC2aBjjiXPCdfuI9oZW1vHg+DMR0
-EJyRdCAFQ4+712mehLzSSFQ=
------END PRIVATE KEY-----
diff --git a/services/50-nextcloud/volume/prestart/prestart.sh b/services/50-nextcloud/volume/prestart/prestart.sh
index dc3d7c8..2a575ac 100755
--- a/services/50-nextcloud/volume/prestart/prestart.sh
+++ b/services/50-nextcloud/volume/prestart/prestart.sh
@@ -16,6 +16,7 @@ run_as 'php occ config:system:set trusted_domains 1 --value '${WEB_URL}
run_as 'php occ config:system:set overwrite.cli.url --value '${NEXTCLOUD_URL}
run_as 'php occ config:system:set overwritewebroot --value '${NEXTCLOUD_ALIAS}
run_as 'php occ config:system:set htaccess.RewriteBase --value '${NEXTCLOUD_ALIAS}
+run_as 'php occ config:system:set overwriteprotocol --value '${PROTOCOLE}
echo
echo "== CALENDAR"