svg
This commit is contained in:
Arno
@ -1,22 +0,0 @@
|
||||
ProxyPass /auth http://nine.local:8080/auth retry=0 keepalive=On
|
||||
ProxyPassReverse /auth http://nine.local:8080/auth retry=0
|
||||
|
||||
ProxyPass /ninegate http://nine.local:9000/ninegate retry=0 keepalive=On
|
||||
ProxyPassReverse /ninegate http://nine.local:9000/ninegate retry=0
|
||||
ProxyPass /wssninegate ws://nine.local:9000/wssninegate retry=0 keepalive=On
|
||||
ProxyPassReverse /wssninegate ws://nine.local:9000/wssninegate retry=0
|
||||
|
||||
ProxyPass /nextcloud http://nine.local:9001 retry=0 keepalive=On
|
||||
ProxyPassReverse /nextcloud http://nine.local:9001 retry=0
|
||||
|
||||
ProxyPass /adminer http://nine.local:9100 retry=0 keepalive=On
|
||||
ProxyPassReverse /adminer http://nine.local:9100 retry=0
|
||||
|
||||
ProxyPass /phpldapadmin http://nine.local:9101/phpldapadmin retry=0 keepalive=On
|
||||
ProxyPassReverse /phpldapadmin http://nine.local:9101/phpldapadmin retry=0
|
||||
|
||||
ProxyPass /nineapache http://nine.local:9102 retry=0 keepalive=On
|
||||
ProxyPassReverse /nineapache http://nine.local:9102 retry=0
|
||||
|
||||
|
||||
|
||||
@ -13,7 +13,9 @@ RUN apk add --no-cache \
|
||||
unzip \
|
||||
zip \
|
||||
openssl \
|
||||
mariadb-client
|
||||
mariadb-client \
|
||||
certbot \
|
||||
gettext
|
||||
|
||||
RUN apk add --no-cache \
|
||||
apache2 \
|
||||
@ -64,7 +66,14 @@ RUN chmod +x /etc/apache2/apache2.sh
|
||||
COPY php.local.ini /etc/php81/conf.d/
|
||||
COPY httpd.conf /etc/apache2/httpd.conf
|
||||
COPY site.conf /etc/apache2/conf.d/nine/site.conf
|
||||
COPY ssl.conf /etc/apache2/conf.d/ssl.conf
|
||||
COPY sslself.conf /etc/apache2/conf.d/ssl.conf
|
||||
COPY index.php /app/public/index.php
|
||||
|
||||
RUN mkdir /nine
|
||||
COPY sslletsencrypt.conf /nine/ssl.conf
|
||||
RUN mkdir -p /usr/local/apache2/htdocs/.well-known/acme-challenge
|
||||
COPY addcertif.sh /nine/addcertif.sh
|
||||
RUN chmod +x /nine/addcertif.sh
|
||||
RUN echo "0 1 * * * /etc/apache2/addcertif.sh >> /var/log/addcertif.log 2>&1" >> /var/spool/cron/crontabs/root
|
||||
|
||||
CMD /etc/apache2/apache2.sh
|
||||
15
misc/images/nineapache81/containers/nineapache/addcertif.sh
Normal file
15
misc/images/nineapache81/containers/nineapache/addcertif.sh
Normal file
@ -0,0 +1,15 @@
|
||||
#!/bin/bash
|
||||
|
||||
if [[ $NINEAPACHE_LETSENCRYPT == 1 ]]
|
||||
then
|
||||
# On génère ou renouvel le certificat
|
||||
echo "CERTIFICAT LETSENCRYPT"
|
||||
certbot certonly --webroot -w /usr/local/apache2/htdocs -d ${WEB_URL} --non-interactive --agree-tos --email ${ADMIN_EMAIL}
|
||||
|
||||
# On supprime la conf ssl pour placer celle de letsencrypt en y placant la web_url
|
||||
rm -f /etc/apache2/conf.d/ssl.conf
|
||||
envsubst < "/nine/ssl.conf" > "/etc/apache2/conf.d/ssl.conf"
|
||||
|
||||
# On redemarre apache
|
||||
httpd -k graceful
|
||||
fi
|
||||
@ -1,13 +1,28 @@
|
||||
|
||||
LoadModule rewrite_module modules/mod_rewrite.so
|
||||
ServerName nineapache.local
|
||||
DocumentRoot "/app/public"
|
||||
|
||||
# Alias pour le répertoire de validation de Certbot
|
||||
Alias /.well-known/acme-challenge /usr/local/apache2/htdocs/.well-known/acme-challenge
|
||||
|
||||
# Exclure les requêtes pour .well-known/acme-challenge de la redirection vers index.php
|
||||
<Location "/.well-known/acme-challenge">
|
||||
Options None
|
||||
AllowOverride None
|
||||
Require all granted
|
||||
</Location>
|
||||
|
||||
<Directory "/app/public">
|
||||
Options Indexes FollowSymLinks
|
||||
AllowOverride All
|
||||
Require all granted
|
||||
|
||||
RewriteEngine On
|
||||
|
||||
# Exclure les requêtes vers .well-known/acme-challenge de la redirection
|
||||
RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge
|
||||
|
||||
# Règles de réécriture existantes
|
||||
RewriteCond %{REQUEST_URI}::$0 ^(/.+)/(.*)::\2$
|
||||
RewriteRule .* - [E=BASE:%1]
|
||||
RewriteCond %{HTTP:Authorization} .+
|
||||
@ -15,6 +30,5 @@ DocumentRoot "/app/public"
|
||||
RewriteCond %{ENV:REDIRECT_STATUS} =""
|
||||
RewriteRule ^index\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L]
|
||||
RewriteCond %{REQUEST_FILENAME} !-f
|
||||
RewriteRule ^ %{ENV:BASE}/index.php [L]
|
||||
RewriteRule ^ %{ENV:BASE}/index.php [L]
|
||||
</Directory>
|
||||
|
||||
|
||||
@ -0,0 +1,43 @@
|
||||
LoadModule ssl_module modules/mod_ssl.so
|
||||
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
|
||||
|
||||
SSLRandomSeed startup file:/dev/urandom 512
|
||||
SSLRandomSeed connect builtin
|
||||
|
||||
Listen 443
|
||||
|
||||
SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES:!ADH
|
||||
SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES:!ADH
|
||||
SSLHonorCipherOrder on
|
||||
SSLProtocol all -SSLv3
|
||||
SSLProxyProtocol all -SSLv3
|
||||
SSLPassPhraseDialog builtin
|
||||
SSLSessionCache "shmcb:/var/cache/mod_ssl/scache(512000)"
|
||||
SSLSessionCacheTimeout 300
|
||||
|
||||
<VirtualHost _default_:443>
|
||||
DocumentRoot "/app/public"
|
||||
ServerName www.example.com:443
|
||||
ServerAdmin you@example.com
|
||||
ErrorLog logs/ssl_error.log
|
||||
TransferLog logs/ssl_access.log
|
||||
|
||||
SSLEngine on
|
||||
|
||||
SSLCertificateFile /etc/letsencrypt/live/${WEB_URL}/fullchain.pem
|
||||
SSLCertificateKeyFile /etc/letsencrypt/live/${WEB_URL}/privkey.pem
|
||||
|
||||
<FilesMatch "\.(cgi|shtml|phtml|php)$">
|
||||
SSLOptions +StdEnvVars
|
||||
</FilesMatch>
|
||||
<Directory "/app/public/cgi-bin">
|
||||
SSLOptions +StdEnvVars
|
||||
</Directory>
|
||||
|
||||
BrowserMatch "MSIE [2-5]" \
|
||||
nokeepalive ssl-unclean-shutdown \
|
||||
downgrade-1.0 force-response-1.0
|
||||
|
||||
CustomLog logs/ssl_request.log \
|
||||
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
|
||||
</VirtualHost>
|
||||
Reference in New Issue
Block a user