diff options
| -rw-r--r-- | core/exim.html | 2 | ||||
| -rw-r--r-- | index.html | 2 | ||||
| -rw-r--r-- | tools/conf/etc/nginx/sites-enabled/default.conf | 49 | ||||
| -rw-r--r-- | tools/conf/etc/nginx/sites/default.conf | 136 | ||||
| -rw-r--r-- | tools/conf/etc/nginx/sites/drupal.conf | 8 | ||||
| -rw-r--r-- | tools/conf/etc/nginx/sites/flyspray.conf (renamed from tools/conf/etc/nginx/sites-enabled/mantisbt.conf) | 25 | ||||
| -rw-r--r-- | tools/conf/etc/nginx/sites/laravel.conf | 10 | ||||
| -rw-r--r-- | tools/conf/srv/pgsql/data/pg_hba.conf | 4 | ||||
| -rw-r--r-- | tools/conf/srv/pgsql/data/postgresql.conf | 623 | ||||
| -rw-r--r-- | tools/nginx.html | 125 | ||||
| -rw-r--r-- | tools/postgresql.html | 98 | ||||
| -rw-r--r-- | tools/scripts/install-nginx.sh | 4 | ||||
| -rw-r--r-- | tools/scripts/install-php.sh | 2 |
13 files changed, 948 insertions, 140 deletions
diff --git a/core/exim.html b/core/exim.html index c2a5a63..c4b3c95 100644 --- a/core/exim.html +++ b/core/exim.html @@ -51,7 +51,7 @@ <pre> # chown mail:mail /etc/ssl/keys/exim.key - # chmod 644 /etc/ssl/keys/exim.key + # chmod 0600 /etc/ssl/keys/exim.key # chmod 644 /etc/ssl/certs/exim.cert </pre> diff --git a/index.html b/index.html index a499669..2122690 100644 --- a/index.html +++ b/index.html @@ -27,7 +27,7 @@ <p>Version;</p> <pre> - rev develop + rev 0.2.3 </pre> diff --git a/tools/conf/etc/nginx/sites-enabled/default.conf b/tools/conf/etc/nginx/sites-enabled/default.conf new file mode 100644 index 0000000..4e01b88 --- /dev/null +++ b/tools/conf/etc/nginx/sites-enabled/default.conf @@ -0,0 +1,49 @@ + +server { + listen 443 ssl; + # listen [::]:443 ssl; + + server_name c9.core; + + root /srv/www/default; + + location /distfiles { + alias /usr/ports/distfiles; + } + + + location /bug { + index index.php; + alias /srv/www/default/flyspray; + try_files $uri $uri/ index.php$is_args$args; + } + + location ~ ^/bug(.+\.php)$ { ### This location block was the solution + alias /srv/www/default/flyspray; + + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index index.php; + try_files $uri /index.php =404; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$1; + # fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_pass 127.0.0.1:9000; + } + + location / { + alias /srv/www/default/pmwiki/; + index pmwiki.php + try_files $uri $uri/ /pmwiki.php$is_args$args; + } + + location ~ \.php$ { + alias /srv/www/default/pmwiki; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index pmwiki.php; + try_files $uri /pmwiki.php =404; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + # fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_pass 127.0.0.1:9000; + } +} diff --git a/tools/conf/etc/nginx/sites/default.conf b/tools/conf/etc/nginx/sites/default.conf index 95be0b7..1c71c44 100644 --- a/tools/conf/etc/nginx/sites/default.conf +++ b/tools/conf/etc/nginx/sites/default.conf @@ -1,82 +1,60 @@ server { - listen 80; - server_name localhost; - -#charset koi8-r; - - location / { - root html; - index index.html index.htm; - } - - error_page 404 /404.html; - - # redirect server error pages to the static page /50x.html - # - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root html; - } - -# proxy the PHP scripts to Apache listening on 127.0.0.1:80 -# -#location ~ \.php$ { -# proxy_pass http://127.0.0.1; -#} - -# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 -# -#location ~ \.php$ { -# root html; -# fastcgi_pass 127.0.0.1:9000; -# fastcgi_index index.php; -# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; -# include fastcgi_params; -#} - -# deny access to .htaccess files, if Apache's document root -# concurs with nginx's one -# -#location ~ /\.ht { -# deny all; -#} + listen 443 ssl; + # listen [::]:443 ssl; + + server_name c9.core; + + root /srv/www/default; + + location /ports { + alias /var/ports/ports; + autoindex on; + } + + location /distfiles { + alias /var/ports/distfiles; + autoindex on; + } + + location /packages { + root /var/ports/packages; + autoindex off; + } + + + location /bug { + index index.php; + alias /srv/www/default/flyspray; + try_files $uri $uri/ index.php$is_args$args; + } + + location ~ ^/bug(.+\.php)$ { ### This location block was the solution + alias /srv/www/default/flyspray; + + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index index.php; + try_files $uri /index.php =404; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$1; + # fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_pass 127.0.0.1:9000; + } + + location / { + alias /srv/www/default/pmwiki/; + index pmwiki.php + try_files $uri $uri/ /pmwiki.php$is_args$args; + } + + location ~ \.php$ { + alias /srv/www/default/pmwiki; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index pmwiki.php; + try_files $uri /pmwiki.php =404; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + # fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_pass 127.0.0.1:9000; + } } - - -# another virtual host using mix of IP-, name-, and port-based configuration -# -#server { -# listen 8000; -# listen somename:8080; -# server_name somename alias another.alias; - -# location / { -# root html; -# index index.html index.htm; -# } -#} - - -# HTTPS server -# -#server { -# listen 443 ssl; -# server_name localhost; - -# ssl_certificate cert.pem; -# ssl_certificate_key cert.key; - -# ssl_session_cache shared:SSL:1m; -# ssl_session_timeout 5m; - -# ssl_ciphers HIGH:!aNULL:!MD5; -# ssl_prefer_server_ciphers on; - -# location / { -# root html; -# index index.html index.htm; -# } -#} - - diff --git a/tools/conf/etc/nginx/sites/drupal.conf b/tools/conf/etc/nginx/sites/drupal.conf index 39b096a..0407a6a 100644 --- a/tools/conf/etc/nginx/sites/drupal.conf +++ b/tools/conf/etc/nginx/sites/drupal.conf @@ -3,9 +3,9 @@ server { listen 192.168.1.254:443 ssl; listen 10.0.0.254:443 ssl; - server_name core.privat-network.net; + server_name c9.core - root /srv/www/drupal; ## <-- Your only path reference. + root /srv/www/default/drupal; ## <-- Your only path reference. # Enable compression, this will help if you have for instance advagg¿? module # by serving Gzip versions of the files. @@ -16,8 +16,8 @@ server { autoindex on; } - location /sysdoc { - alias /srv/www/sysdoc; + location /doc { + alias /srv/www/c9-doc; autoindex on; } diff --git a/tools/conf/etc/nginx/sites-enabled/mantisbt.conf b/tools/conf/etc/nginx/sites/flyspray.conf index 597983f..80b5530 100644 --- a/tools/conf/etc/nginx/sites-enabled/mantisbt.conf +++ b/tools/conf/etc/nginx/sites/flyspray.conf @@ -1,20 +1,37 @@ + server { listen 443 ssl; # listen [::]:443 ssl; - root /srv/www/mantisbt; - server_name core.privat-network.net; + server_name c9.core; + root /srv/www/default/flyspray; index index.php; + location /ports { + alias /var/ports/ports; + autoindex on; + } + + location /distfiles { + alias /var/ports/distfiles; + autoindex on; + } + + location /packages { + root /var/ports/packages; + autoindex off; + } + + location / { - try_files $uri $uri/ /index.php$is_args$args; + try_files $uri $uri/ index.php$is_args$args; } location ~ \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_index index.php; - # try_files $uri /index.php =404; + try_files $uri /index.php =404; include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; # fastcgi_pass unix:/var/run/php5-fpm.sock; diff --git a/tools/conf/etc/nginx/sites/laravel.conf b/tools/conf/etc/nginx/sites/laravel.conf index f648f17..e563a3e 100644 --- a/tools/conf/etc/nginx/sites/laravel.conf +++ b/tools/conf/etc/nginx/sites/laravel.conf @@ -2,21 +2,21 @@ server { listen 443 ssl; # listen [::]:443 ssl; - root /srv/www/atom/public; - server_name core.privat-network.net; + root /srv/www/default/laravel/public; + server_name c9.core - location /sysdoc { - alias /srv/www/sysdoc; + location /c9-doc { + alias /srv/www/c9-doc; index index.html; autoindex on; } - index index.php; location / { try_files $uri $uri/ /index.php$is_args$args; } location ~ \.php$ { + index index.php; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_index index.php; # try_files $uri /index.php =404; diff --git a/tools/conf/srv/pgsql/data/pg_hba.conf b/tools/conf/srv/pgsql/data/pg_hba.conf index 34587d4..55ce3f3 100644 --- a/tools/conf/srv/pgsql/data/pg_hba.conf +++ b/tools/conf/srv/pgsql/data/pg_hba.conf @@ -84,8 +84,8 @@ #local all all trust local all postgres ident # IPv4 local connections: -#host all all 127.0.0.1/32 trust -hostssl all all 127.0.0.1/32 md5 +host all all 127.0.0.1/32 trust +#hostssl all all 192.168.0.0/32 md5 # IPv6 local connections: #host all all ::1/128 trust diff --git a/tools/conf/srv/pgsql/data/postgresql.conf b/tools/conf/srv/pgsql/data/postgresql.conf new file mode 100644 index 0000000..df3525c --- /dev/null +++ b/tools/conf/srv/pgsql/data/postgresql.conf @@ -0,0 +1,623 @@ +# ----------------------------- +# PostgreSQL configuration file +# ----------------------------- +# +# This file consists of lines of the form: +# +# name = value +# +# (The "=" is optional.) Whitespace may be used. Comments are introduced with +# "#" anywhere on a line. The complete list of parameter names and allowed +# values can be found in the PostgreSQL documentation. +# +# The commented-out settings shown in this file represent the default values. +# Re-commenting a setting is NOT sufficient to revert it to the default value; +# you need to reload the server. +# +# This file is read on server startup and when the server receives a SIGHUP +# signal. If you edit the file on a running system, you have to SIGHUP the +# server for the changes to take effect, or use "pg_ctl reload". Some +# parameters, which are marked below, require a server shutdown and restart to +# take effect. +# +# Any parameter can also be given as a command-line option to the server, e.g., +# "postgres -c log_connections=on". Some parameters can be changed at run time +# with the "SET" SQL command. +# +# Memory units: kB = kilobytes Time units: ms = milliseconds +# MB = megabytes s = seconds +# GB = gigabytes min = minutes +# TB = terabytes h = hours +# d = days + + +#------------------------------------------------------------------------------ +# FILE LOCATIONS +#------------------------------------------------------------------------------ + +# The default values of these variables are driven from the -D command-line +# option or PGDATA environment variable, represented here as ConfigDir. + +#data_directory = 'ConfigDir' # use data in another directory + # (change requires restart) +#hba_file = 'ConfigDir/pg_hba.conf' # host-based authentication file + # (change requires restart) +#ident_file = 'ConfigDir/pg_ident.conf' # ident configuration file + # (change requires restart) + +# If external_pid_file is not explicitly set, no extra PID file is written. +#external_pid_file = '' # write an extra PID file + # (change requires restart) + + +#------------------------------------------------------------------------------ +# CONNECTIONS AND AUTHENTICATION +#------------------------------------------------------------------------------ + +# - Connection Settings - + +#listen_addresses = 'localhost' # what IP address(es) to listen on; + # comma-separated list of addresses; + # defaults to 'localhost'; use '*' for all + # (change requires restart) +#port = 5432 # (change requires restart) +max_connections = 100 # (change requires restart) +#superuser_reserved_connections = 3 # (change requires restart) +#unix_socket_directories = '/tmp' # comma-separated list of directories + # (change requires restart) +#unix_socket_group = '' # (change requires restart) +#unix_socket_permissions = 0777 # begin with 0 to use octal notation + # (change requires restart) +#bonjour = off # advertise server via Bonjour + # (change requires restart) +#bonjour_name = '' # defaults to the computer name + # (change requires restart) + +# - Security and Authentication - + +#authentication_timeout = 1min # 1s-600s +ssl = on # (change requires restart) +#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers + # (change requires restart) +#ssl_prefer_server_ciphers = on # (change requires restart) +#ssl_ecdh_curve = 'prime256v1' # (change requires restart) +ssl_cert_file = '/etc/ssl/certs/pg.crt' # (change requires restart) +ssl_key_file = '/etc/ssl/keys/pg.key' # (change requires restart) +#ssl_ca_file = '' # (change requires restart) +#ssl_crl_file = '' # (change requires restart) +password_encryption = on +#db_user_namespace = off +#row_security = on + +# GSSAPI using Kerberos +#krb_server_keyfile = '' +#krb_caseins_users = off + +# - TCP Keepalives - +# see "man 7 tcp" for details + +#tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds; + # 0 selects the system default +#tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds; + # 0 selects the system default +#tcp_keepalives_count = 0 # TCP_KEEPCNT; + # 0 selects the system default + + +#------------------------------------------------------------------------------ +# RESOURCE USAGE (except WAL) +#------------------------------------------------------------------------------ + +# - Memory - + +shared_buffers = 128MB # min 128kB + # (change requires restart) +#huge_pages = try # on, off, or try + # (change requires restart) +#temp_buffers = 8MB # min 800kB +#max_prepared_transactions = 0 # zero disables the feature + # (change requires restart) +# Caution: it is not advisable to set max_prepared_transactions nonzero unless +# you actively intend to use prepared transactions. +#work_mem = 4MB # min 64kB +#maintenance_work_mem = 64MB # min 1MB +#autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem +#max_stack_depth = 2MB # min 100kB +dynamic_shared_memory_type = sysv # the default is the first option + # supported by the operating system: + # posix + # sysv + # windows + # mmap + # use none to disable dynamic shared memory + +# - Disk - + +#temp_file_limit = -1 # limits per-session temp file space + # in kB, or -1 for no limit + +# - Kernel Resource Usage - + +#max_files_per_process = 1000 # min 25 + # (change requires restart) +#shared_preload_libraries = '' # (change requires restart) + +# - Cost-Based Vacuum Delay - + +#vacuum_cost_delay = 0 # 0-100 milliseconds +#vacuum_cost_page_hit = 1 # 0-10000 credits +#vacuum_cost_page_miss = 10 # 0-10000 credits +#vacuum_cost_page_dirty = 20 # 0-10000 credits +#vacuum_cost_limit = 200 # 1-10000 credits + +# - Background Writer - + +#bgwriter_delay = 200ms # 10-10000ms between rounds +#bgwriter_lru_maxpages = 100 # 0-1000 max buffers written/round +#bgwriter_lru_multiplier = 2.0 # 0-10.0 multipler on buffers scanned/round + +# - Asynchronous Behavior - + +#effective_io_concurrency = 1 # 1-1000; 0 disables prefetching +#max_worker_processes = 8 + + +#------------------------------------------------------------------------------ +# WRITE AHEAD LOG +#------------------------------------------------------------------------------ + +# - Settings - + +#wal_level = minimal # minimal, archive, hot_standby, or logical + # (change requires restart) +#fsync = on # turns forced synchronization on or off +#synchronous_commit = on # synchronization level; + # off, local, remote_write, or on +#wal_sync_method = fsync # the default is the first option + # supported by the operating system: + # open_datasync + # fdatasync (default on Linux) + # fsync + # fsync_writethrough + # open_sync +#full_page_writes = on # recover from partial page writes +#wal_compression = off # enable compression of full-page writes +#wal_log_hints = off # also do full page writes of non-critical updates + # (change requires restart) +#wal_buffers = -1 # min 32kB, -1 sets based on shared_buffers + # (change requires restart) +#wal_writer_delay = 200ms # 1-10000 milliseconds + +#commit_delay = 0 # range 0-100000, in microseconds +#commit_siblings = 5 # range 1-1000 + +# - Checkpoints - + +#checkpoint_timeout = 5min # range 30s-1h +#max_wal_size = 1GB +#min_wal_size = 80MB +#checkpoint_completion_target = 0.5 # checkpoint target duration, 0.0 - 1.0 +#checkpoint_warning = 30s # 0 disables + +# - Archiving - + +#archive_mode = off # enables archiving; off, on, or always + # (change requires restart) +#archive_command = '' # command to use to archive a logfile segment + # placeholders: %p = path of file to archive + # %f = file name only + # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f' +#archive_timeout = 0 # force a logfile segment switch after this + # number of seconds; 0 disables + + +#------------------------------------------------------------------------------ +# REPLICATION +#------------------------------------------------------------------------------ + +# - Sending Server(s) - + +# Set these on the master and on any standby that will send replication data. + +#max_wal_senders = 0 # max number of walsender processes + # (change requires restart) +#wal_keep_segments = 0 # in logfile segments, 16MB each; 0 disables +#wal_sender_timeout = 60s # in milliseconds; 0 disables + +#max_replication_slots = 0 # max number of replication slots + # (change requires restart) +#track_commit_timestamp = off # collect timestamp of transaction commit + # (change requires restart) + +# - Master Server - + +# These settings are ignored on a standby server. + +#synchronous_standby_names = '' # standby servers that provide sync rep + # comma-separated list of application_name + # from standby(s); '*' = all +#vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed + +# - Standby Servers - + +# These settings are ignored on a master server. + +#hot_standby = off # "on" allows queries during recovery + # (change requires restart) +#max_standby_archive_delay = 30s # max delay before canceling queries + # when reading WAL from archive; + # -1 allows indefinite delay +#max_standby_streaming_delay = 30s # max delay before canceling queries + # when reading streaming WAL; + # -1 allows indefinite delay +#wal_receiver_status_interval = 10s # send replies at least this often + # 0 disables +#hot_standby_feedback = off # send info from standby to prevent + # query conflicts +#wal_receiver_timeout = 60s # time that receiver waits for + # communication from master + # in milliseconds; 0 disables +#wal_retrieve_retry_interval = 5s # time to wait before retrying to + # retrieve WAL after a failed attempt + + +#------------------------------------------------------------------------------ +# QUERY TUNING +#------------------------------------------------------------------------------ + +# - Planner Method Configuration - + +#enable_bitmapscan = on +#enable_hashagg = on +#enable_hashjoin = on +#enable_indexscan = on +#enable_indexonlyscan = on +#enable_material = on +#enable_mergejoin = on +#enable_nestloop = on +#enable_seqscan = on +#enable_sort = on +#enable_tidscan = on + +# - Planner Cost Constants - + +#seq_page_cost = 1.0 # measured on an arbitrary scale +#random_page_cost = 4.0 # same scale as above +#cpu_tuple_cost = 0.01 # same scale as above +#cpu_index_tuple_cost = 0.005 # same scale as above +#cpu_operator_cost = 0.0025 # same scale as above +#effective_cache_size = 4GB + +# - Genetic Query Optimizer - + +#geqo = on +#geqo_threshold = 12 +#geqo_effort = 5 # range 1-10 +#geqo_pool_size = 0 # selects default based on effort +#geqo_generations = 0 # selects default based on effort +#geqo_selection_bias = 2.0 # range 1.5-2.0 +#geqo_seed = 0.0 # range 0.0-1.0 + +# - Other Planner Options - + +#default_statistics_target = 100 # range 1-10000 +#constraint_exclusion = partition # on, off, or partition +#cursor_tuple_fraction = 0.1 # range 0.0-1.0 +#from_collapse_limit = 8 +#join_collapse_limit = 8 # 1 disables collapsing of explicit + # JOIN clauses + + +#------------------------------------------------------------------------------ +# ERROR REPORTING AND LOGGING +#------------------------------------------------------------------------------ + +# - Where to Log - + +#log_destination = 'stderr' # Valid values are combinations of + # stderr, csvlog, syslog, and eventlog, + # depending on platform. csvlog + # requires logging_collector to be on. + +# This is used when logging to stderr: +#logging_collector = off # Enable capturing of stderr and csvlog + # into log files. Required to be on for + # csvlogs. + # (change requires restart) + +# These are only used if logging_collector is on: +#log_directory = 'pg_log' # directory where log files are written, + # can be absolute or relative to PGDATA +#log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern, + # can include strftime() escapes +#log_file_mode = 0600 # creation mode for log files, + # begin with 0 to use octal notation +#log_truncate_on_rotation = off # If on, an existing log file with the + # same name as the new log file will be + # truncated rather than appended to. + # But such truncation only occurs on + # time-driven rotation, not on restarts + # or size-driven rotation. Default is + # off, meaning append to existing files + # in all cases. +#log_rotation_age = 1d # Automatic rotation of logfiles will + # happen after that time. 0 disables. +#log_rotation_size = 10MB # Automatic rotation of logfiles will + # happen after that much log output. + # 0 disables. + +# These are relevant when logging to syslog: +#syslog_facility = 'LOCAL0' +#syslog_ident = 'postgres' + +# This is only relevant when logging to eventlog (win32): +#event_source = 'PostgreSQL' + +# - When to Log - + +#client_min_messages = notice # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # log + # notice + # warning + # error + +#log_min_messages = warning # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic + +#log_min_error_statement = error # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic (effectively off) + +#log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements + # and their durations, > 0 logs only + # statements running at least this number + # of milliseconds + + +# - What to Log - + +#debug_print_parse = off +#debug_print_rewritten = off +#debug_print_plan = off +#debug_pretty_print = on +#log_checkpoints = off +#log_connections = off +#log_disconnections = off +#log_duration = off +#log_error_verbosity = default # terse, default, or verbose messages +#log_hostname = off +#log_line_prefix = '' # special values: + # %a = application name + # %u = user name + # %d = database name + # %r = remote host and port + # %h = remote host + # %p = process ID + # %t = timestamp without milliseconds + # %m = timestamp with milliseconds + # %i = command tag + # %e = SQL state + # %c = session ID + # %l = session line number + # %s = session start timestamp + # %v = virtual transaction ID + # %x = transaction ID (0 if none) + # %q = stop here in non-session + # processes + # %% = '%' + # e.g. '<%u%%%d> ' +#log_lock_waits = off # log lock waits >= deadlock_timeout +#log_statement = 'none' # none, ddl, mod, all +#log_replication_commands = off +#log_temp_files = -1 # log temporary files equal or larger + # than the specified size in kilobytes; + # -1 disables, 0 logs all temp files +log_timezone = 'Portugal' + + +# - Process Title - + +#cluster_name = '' # added to process titles if nonempty + # (change requires restart) +#update_process_title = on + + +#------------------------------------------------------------------------------ +# RUNTIME STATISTICS +#------------------------------------------------------------------------------ + +# - Query/Index Statistics Collector - + +#track_activities = on +#track_counts = on +#track_io_timing = off +#track_functions = none # none, pl, all +#track_activity_query_size = 1024 # (change requires restart) +#stats_temp_directory = 'pg_stat_tmp' + + +# - Statistics Monitoring - + +#log_parser_stats = off +#log_planner_stats = off +#log_executor_stats = off +#log_statement_stats = off + + +#------------------------------------------------------------------------------ +# AUTOVACUUM PARAMETERS +#------------------------------------------------------------------------------ + +#autovacuum = on # Enable autovacuum subprocess? 'on' + # requires track_counts to also be on. +#log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and + # their durations, > 0 logs only + # actions running at least this number + # of milliseconds. +#autovacuum_max_workers = 3 # max number of autovacuum subprocesses + # (change requires restart) +#autovacuum_naptime = 1min # time between autovacuum runs +#autovacuum_vacuum_threshold = 50 # min number of row updates before + # vacuum +#autovacuum_analyze_threshold = 50 # min number of row updates before + # analyze +#autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum +#autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze +#autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum + # (change requires restart) +#autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age + # before forced vacuum + # (change requires restart) +#autovacuum_vacuum_cost_delay = 20ms # default vacuum cost delay for + # autovacuum, in milliseconds; + # -1 means use vacuum_cost_delay +#autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for + # autovacuum, -1 means use + # vacuum_cost_limit + + +#------------------------------------------------------------------------------ +# CLIENT CONNECTION DEFAULTS +#------------------------------------------------------------------------------ + +# - Statement Behavior - + +#search_path = '"$user", public' # schema names +#default_tablespace = '' # a tablespace name, '' uses the default +#temp_tablespaces = '' # a list of tablespace names, '' uses + # only default tablespace +#check_function_bodies = on +#default_transaction_isolation = 'read committed' +#default_transaction_read_only = off +#default_transaction_deferrable = off +#session_replication_role = 'origin' +#statement_timeout = 0 # in milliseconds, 0 is disabled +#lock_timeout = 0 # in milliseconds, 0 is disabled +#vacuum_freeze_min_age = 50000000 +#vacuum_freeze_table_age = 150000000 +#vacuum_multixact_freeze_min_age = 5000000 +#vacuum_multixact_freeze_table_age = 150000000 +#bytea_output = 'hex' # hex, escape +#xmlbinary = 'base64' +#xmloption = 'content' +#gin_fuzzy_search_limit = 0 +#gin_pending_list_limit = 4MB + +# - Locale and Formatting - + +datestyle = 'iso, mdy' +#intervalstyle = 'postgres' +timezone = 'Portugal' +#timezone_abbreviations = 'Default' # Select the set of available time zone + # abbreviations. Currently, there are + # Default + # Australia (historical usage) + # India + # You can create your own file in + # share/timezonesets/. +#extra_float_digits = 0 # min -15, max 3 +#client_encoding = sql_ascii # actually, defaults to database + # encoding + +# These settings are initialized by initdb, but they can be changed. +lc_messages = 'C' # locale for system error message + # strings +lc_monetary = 'C' # locale for monetary formatting +lc_numeric = 'C' # locale for number formatting +lc_time = 'C' # locale for time formatting + +# default configuration for text search +default_text_search_config = 'pg_catalog.english' + +# - Other Defaults - + +#dynamic_library_path = '$libdir' +#local_preload_libraries = '' +#session_preload_libraries = '' + + +#------------------------------------------------------------------------------ +# LOCK MANAGEMENT +#------------------------------------------------------------------------------ + +#deadlock_timeout = 1s +#max_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_transaction = 64 # min 10 + # (change requires restart) + + +#------------------------------------------------------------------------------ +# VERSION/PLATFORM COMPATIBILITY +#------------------------------------------------------------------------------ + +# - Previous PostgreSQL Versions - + +#array_nulls = on +#backslash_quote = safe_encoding # on, off, or safe_encoding +#default_with_oids = off +#escape_string_warning = on +#lo_compat_privileges = off +#operator_precedence_warning = off +#quote_all_identifiers = off +#sql_inheritance = on +#standard_conforming_strings = on +#synchronize_seqscans = on + +# - Other Platforms and Clients - + +#transform_null_equals = off + + +#------------------------------------------------------------------------------ +# ERROR HANDLING +#------------------------------------------------------------------------------ + +#exit_on_error = off # terminate session on any error? +#restart_after_crash = on # reinitialize after backend crash? + + +#------------------------------------------------------------------------------ +# CONFIG FILE INCLUDES +#------------------------------------------------------------------------------ + +# These options allow settings to be loaded from files other than the +# default postgresql.conf. + +#include_dir = 'conf.d' # include files ending in '.conf' from + # directory 'conf.d' +#include_if_exists = 'exists.conf' # include file only if it exists +#include = 'special.conf' # include file + + +#------------------------------------------------------------------------------ +# CUSTOMIZED OPTIONS +#------------------------------------------------------------------------------ + +# Add settings for extensions here diff --git a/tools/nginx.html b/tools/nginx.html index 9fd38b9..0ded2b6 100644 --- a/tools/nginx.html +++ b/tools/nginx.html @@ -88,6 +88,25 @@ $ </pre> + <p>Having password is a good idea, but requires it every + time nginx is restarted. To remove;</p> + + <pre> + $ sudo cp /etc/ssl/keys/nginx.key /etc/ssl/keys/nginx.key.pass + $ sudo openssl rsa -in /etc/ssl/keys/nginx.key.pass -out /etc/ssl/keys/nginx.key + </pre> + + <pre> + Enter pass phrase for /etc/ssl/keys/nginx.key.pass: + writing RSA key + </pre> + + <pre> + $ sudo chown nginx /etc/ssl/keys/nginx.key* + $ sudo chmod 0600 /etc/ssl/keys/nginx.key* + # chmod 644 /etc/ssl/certs/exim.cert + </pre> + <p>Sign SSL cetificate;</p> <pre> @@ -96,23 +115,17 @@ -signkey /etc/ssl/keys/nginx.key \ -out /etc/ssl/certs/nginx.crt </pre> + Signature ok subject=/C=PT/ST=Some-State/O=Internet Widgits Pty Ltd/CN=core.privat-network.net Getting Private key Enter pass phrase for /etc/ssl/keys/nginx.key: </pre> - <p>Having password is a good idea, but requires it every - time nginx is restarted. To remove;</p> - - <pre> - $ sudo cp /etc/ssl/keys/nginx.key /etc/ssl/keys/nginx.key.pass - $ sudo openssl rsa -in /etc/ssl/keys/nginx.key.pass -out /etc/ssl/keys/nginx.key - </pre> - <pre> - Enter pass phrase for /etc/ssl/keys/nginx.key.org: - writing RSA key + $ sudo chown nginx:nginx /etc/ssl/keys/nginx.key* + $ sudo chmod 0600 /etc/ssl/keys/nginx.key* + $ sudo chmod 644 /etc/ssl/certs/nginx.cert </pre> <h2 id="nginxconf">3. Nginx Configuration</h2> @@ -137,7 +150,7 @@ 1024 </pre> - <p>Example of http block with ssl configured;</p> + <p>Example of http block with ssl configured;</p> <pre> # @@ -215,16 +228,18 @@ <h2 id="server">4. Server with PHP</h2> + <p>To debug configurations check logs and;</p> - <p>Check <a href="conf/etc/nginx/sites/">/etc/nginx/sites</a> - for more examples.</p> + <pre> + nginx -V + </pre> <h3>4.1. Setup PHP</h3> <p> Install php and setup php.ini as development mode;</p> <pre> - $ prt-get depinst php php-fpm php-gd + $ sudo prt-get depinst php php-fpm php-gd php-pdo-pgsql php-postgresql </pre> <p>Setup php ini in development mode;<p/> @@ -244,51 +259,83 @@ <h3>4.2. Setup Virtual Host</h3> - <p>Server (virtual host) with Laravel, - <a href="conf/etc/nginx/sites/laravel.conf">/etc/nginx/sites/laravel.conf</a>;</p> + <p>Server (virtual host) with pmwiki and flyspray, check + <a href="conf/etc/nginx/sites/">/etc/nginx/sites</a> + for more examples. Install pmwiki and flyspray;</p> + + <pre> + $ sudo prt-get depinst pmwiki flyspray + </pre> + + <p> This server is configured in a way that + root serves pmwiki and /tasks serves flyspray. In order to + flyspray to link correctly change index is needed;</p> <pre> server { listen 443 ssl; - listen [::]:443 ssl; + # listen [::]:443 ssl; - root /srv/www/atom/public; - server_name core.privat-network.net; - index index.html index.htm index.php; + server_name c9.core; - charset utf-8; + root /srv/www/default; - location / { - try_files $uri $uri/ /index.php$is_args$args; + location /distfiles { + alias /usr/ports/distfiles; } - location = /favicon.ico { access_log off; log_not_found off; } - location = /robots.txt { access_log off; log_not_found off; } - - access_log off; - error_log /var/log/nginx/core.privat-network.net-error.log error; - sendfile off; + location /tasks { + index index.php; + alias /srv/www/default/flyspray; + try_files $uri $uri/ index.php$is_args$args; + } - client_max_body_size 100m; + location ~ ^/tasks(.+\.php)$ { + alias /srv/www/default/flyspray; - location ~ \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_intercept_errors off; - fastcgi_buffer_size 16k; - fastcgi_buffers 4 16k; + try_files $uri /index.php =404; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$1; + # fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_pass 127.0.0.1:9000; + } + + location / { + alias /srv/www/default/pmwiki/; + index pmwiki.php + try_files $uri $uri/ /pmwiki.php$is_args$args; } - location ~ /\.ht { - deny all; + location ~ \.php$ { + alias /srv/www/default/pmwiki; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index pmwiki.php; + try_files $uri /pmwiki.php =404; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + # fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_pass 127.0.0.1:9000; } } </pre> + <p>Change /srv/www/default/flyspray/index.php to;</p> + + <pre> + <?php + /* + This is the main script that everything else is included + in. Mostly what it does is check the user permissions + to see what they have access to. + */ + define('IN_FS', true); + $_SERVER['SCRIPT_NAME'] = "/bug/index.php"; + require_once(dirname(__FILE__).'/header.php'); + </pre> + <h2 id="userdir">5. User Directory</h2> <p><a href="http://wiki.nginx.org/UserDir">Nginx Wiki UserDir</a></p> diff --git a/tools/postgresql.html b/tools/postgresql.html index b8790e2..0399ec6 100644 --- a/tools/postgresql.html +++ b/tools/postgresql.html @@ -26,6 +26,10 @@ # sudo -u postgres initdb -D /srv/pgsql/data </pre> + <h2 id="config">2. Configure Server</h2> + + <h3>2.1. Init script</h3> + <p>Change <a href="conf/etc/rc.d/postgresql">/etc/rc.d/postgresql</a>;</p> <pre> @@ -47,7 +51,71 @@ # End of file </pre> - <h2 id="config">2. Configure Server</h2> + <h3>2.2. Certificates</h3> + + <pre> + $ sudo openssl genrsa -des3 -out /etc/ssl/keys/pg.key 2048 + Password: + Generating RSA private key, 2048 bit long modulus + ..............................+++ + ............+++ + e is 65537 (0x10001) + Enter pass phrase for /etc/ssl/keys/pg.key: + Verifying - Enter pass phrase for /etc/ssl/keys/pg.key: + </pre> + + <p>Create ceritificate signing request. For "Common Name" + provide domain name or ip address, leave challange password + and optional company name blank;</p> + + <pre> + $ sudo openssl req -x509 -in server.req -text -key /etc/ssl/keys/pg.key -out /etc/ssl/certs/pg.crt + + Enter pass phrase for /etc/ssl/keys/pg.key: + You are about to be asked to enter information that will be incorporated + into your certificate request. + What you are about to enter is what is called a Distinguished Name or a DN. + There are quite a few fields but you can leave some blank + For some fields there will be a default value, + If you enter '.', the field will be left blank. + ----- + Country Name (2 letter code) [AU]:PT + State or Province Name (full name) [Some-State]: + Locality Name (eg, city) []: + Organization Name (eg, company) [Internet Widgits Pty Ltd]: + Organizational Unit Name (eg, section) []: + Common Name (e.g. server FQDN or YOUR name) []:core.privat-network.net + Email Address []: + + Please enter the following 'extra' attributes + to be sent with your certificate request + A challenge password []: + An optional company name []: + $ + </pre> + + <p>Having password is a good idea, but requires it every + time pg is restarted. To remove;</p> + + <pre> + $ sudo cp /etc/ssl/keys/pg.key /etc/ssl/keys/pg.key.pass + $ sudo openssl rsa \ + -in /etc/ssl/keys/pg.key.pass \ + -out /etc/ssl/keys/pg.key + </pre> + + <pre> + Enter pass phrase for /etc/ssl/keys/pg.key.pass: + writing RSA key + </pre> + + <pre> + $ sudo chown postgres:postgres /etc/ssl/keys/pg.key* + $ sudo chmod 0600 /etc/ssl/keys/pg.key* + $ sudo chmod 644 /etc/ssl/certs/pg.cert + </pre> + + <h3>2.3. Super user password</h3> <p>Create password for super user;</p> @@ -56,6 +124,28 @@ $ psql -U postgres </pre> + <h3>2.4. Configure postgresql.conf</h3> + + <p>Edit <a href="conf/srv/pgsql/data/postgresql.conf">/srv/pgsql/data/postgresql.conf</a>;</p> + + <pre> + # - Security and Authentication - + + #authentication_timeout = 1min # 1s-600s + ssl = on # (change requires restart) + #ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers + # (change requires restart) + #ssl_prefer_server_ciphers = on # (change requires restart) + #ssl_ecdh_curve = 'prime256v1' # (change requires restart) + ssl_cert_file = '/etc/ssl/certs/pg.crt' # (change requires restart) + ssl_key_file = '/etc/ssl/keys/pg.key' # (change requires restart) + #ssl_ca_file = '' # (change requires restart) + #ssl_crl_file = '' # (change requires restart) + password_encryption = on + </pre> + + <h3>2.5. Configure pg_hba.conf</h3> + <p>Edit <a href="conf/srv/pgsql/data/pg_hba.conf">/srv/pgsql/data/pg_hba.conf</a>; </p> @@ -67,7 +157,8 @@ #local all all trust local all postgres ident # IPv4 local connections: - hostssl all all 127.0.0.1/32 md5 + host all all 127.0.0.1/32 trust + #hostssl all all 192.168.0.0/32 md5 # IPv6 local connections: #host all all ::1/128 trust # Allow replication connections from localhost, by a user with the @@ -87,7 +178,7 @@ postgres=# alter user postgres with password 'new_password'; </pre> - <h3 id="syslog">2.1. Configure syslog-ng</h3> + <h3 id="syslog">2.6. Configure syslog-ng</h3> <p><a href="syslog-ng.html">Configure Syslog-ng</a>, check <a href="http://michael.otacoo.com/postgresql-2/postgres-settings-simple-syslog-configuration-with-syslog-ng/">Michael at otacoo</a> article. Example;</p> @@ -98,7 +189,6 @@ syslog_facility='LOCAL0' syslog_ident='postgres' log_connections = on - password_encryption=on </pre> diff --git a/tools/scripts/install-nginx.sh b/tools/scripts/install-nginx.sh index 7fee79b..decacc1 100644 --- a/tools/scripts/install-nginx.sh +++ b/tools/scripts/install-nginx.sh @@ -6,6 +6,9 @@ prt-get depinst nginx cp -R $CONF_DIR/etc/nginx/* /etc/nginx/ +mkdir /srv/www +chown nginx:www /srv/www + usermod -a -G www nginx usermod -m -d /srv/www nginx @@ -18,3 +21,4 @@ openssl x509 -req -days 365 \ cp /etc/ssl/keys/nginx.key /etc/ssl/keys/nginx.key.pass openssl rsa -in /etc/ssl/keys/nginx.key.pass -out /etc/ssl/keys/nginx.key + diff --git a/tools/scripts/install-php.sh b/tools/scripts/install-php.sh index 9d47ada..4c28173 100644 --- a/tools/scripts/install-php.sh +++ b/tools/scripts/install-php.sh @@ -2,6 +2,6 @@ . `dirname $0`/config-install.sh -prt-get depinst php php-fpm php-gd php-pdo-pgsql +prt-get depinst php php-fpm php-gd php-pdo-pgsql php-postgresql cp /etc/php/php.ini-development /etc/php/php.ini |