diff options
Diffstat (limited to 'tools/conf/etc')
| -rw-r--r-- | tools/conf/etc/dnsmasq.conf | 22 | ||||
| -rw-r--r-- | tools/conf/etc/nginx/conf.d/10-default.conf | 8 | ||||
| -rw-r--r-- | tools/conf/etc/nginx/nginx.conf | 141 | ||||
| -rw-r--r-- | tools/conf/etc/nginx/sites-enabled/default.conf | 49 | ||||
| -rw-r--r-- | tools/conf/etc/nginx/sites/default.conf | 60 | ||||
| -rw-r--r-- | tools/conf/etc/nginx/sites/drupal.conf | 129 | ||||
| -rw-r--r-- | tools/conf/etc/nginx/sites/flyspray.conf | 40 | ||||
| -rw-r--r-- | tools/conf/etc/nginx/sites/laravel.conf | 28 | ||||
| -rwxr-xr-x | tools/conf/etc/rc.d/blan | 63 | ||||
| -rwxr-xr-x | tools/conf/etc/rc.d/postgresql | 16 |
10 files changed, 548 insertions, 8 deletions
diff --git a/tools/conf/etc/dnsmasq.conf b/tools/conf/etc/dnsmasq.conf index 35d75c8..f09b6a6 100644 --- a/tools/conf/etc/dnsmasq.conf +++ b/tools/conf/etc/dnsmasq.conf @@ -8,6 +8,7 @@ # (53). Setting this to zero completely disables DNS function, # leaving only DHCP and/or TFTP. #port=5353 +port=53 # The following two options make you a better netizen, since they # tell dnsmasq to filter out queries which the public DNS cannot @@ -74,7 +75,7 @@ server=127.0.0.1#40 # Add local-only domains here, queries in these domains are answered # from /etc/hosts or DHCP only. -#local=/localnet/ +local=/core/ # Add domains which you want to force to an IP address here. # The example below send any host in double-click.net to a local @@ -106,16 +107,20 @@ server=127.0.0.1#40 # specified interfaces (and the loopback) give the name of the # interface (eg eth0) here. # Repeat the line for more than one interface. -#interface= +interface=lo +interface=br0 + # Or you can specify which interface _not_ to listen on -#except-interface= +except-interface=wlp7s0 # Or which to listen on by address (remember to include 127.0.0.1 if # you use this.) -#listen-address= +listen-address=127.0.0.1 +#listen-address=10.0.0.1 # If you want dnsmasq to provide only DNS service on an interface, # configure it as shown above, and then use the following line to # disable DHCP and TFTP on it. -#no-dhcp-interface= +no-dhcp-interface=lo +no-dhcp-interface=wlp7s0 # On systems which support it, dnsmasq binds the wildcard address, # even when it is listening on only some interfaces. It then discards @@ -124,7 +129,7 @@ server=127.0.0.1#40 # want dnsmasq to really bind only the interfaces it is listening on, # uncomment this option. About the only time you may need this is when # running another nameserver on the same machine. -#bind-interfaces +bind-interfaces # If you don't want dnsmasq to read /etc/hosts, uncomment the # following line. @@ -136,7 +141,7 @@ addn-hosts=/etc/hosts.dnsmasq # Set this (and domain: see below) if you want to have a domain # automatically added to simple names in a hosts-file. -#expand-hosts +expand-hosts # Set the domain for dnsmasq. this is optional, but if it is set, it # does the following things. @@ -145,7 +150,7 @@ addn-hosts=/etc/hosts.dnsmasq # 2) Sets the "domain" DHCP option thereby potentially setting the # domain of all systems configured by DHCP # 3) Provides the domain part for "expand-hosts" -#domain=thekelleys.org.uk +domain=core.privat-network.net # Set a different domain for a particular subnet #domain=wireless.thekelleys.org.uk,192.168.2.0/24 @@ -159,6 +164,7 @@ addn-hosts=/etc/hosts.dnsmasq # repeat this for each network on which you want to supply DHCP # service. #dhcp-range=192.168.0.50,192.168.0.150,12h +dhcp-range=br0,10.0.0.5,10.0.0.50,12h # This is an example of a DHCP range where the netmask is given. This # is needed for networks we reach the dnsmasq DHCP server via a relay diff --git a/tools/conf/etc/nginx/conf.d/10-default.conf b/tools/conf/etc/nginx/conf.d/10-default.conf new file mode 100644 index 0000000..97ee31b --- /dev/null +++ b/tools/conf/etc/nginx/conf.d/10-default.conf @@ -0,0 +1,8 @@ +## +# Virtual Host Redirection 80 to 443 +## +server { + listen 80 default_server; + server_name _; + return 301 https://$host$request_uri; +} diff --git a/tools/conf/etc/nginx/nginx.conf b/tools/conf/etc/nginx/nginx.conf new file mode 100644 index 0000000..ddbdee6 --- /dev/null +++ b/tools/conf/etc/nginx/nginx.conf @@ -0,0 +1,141 @@ +# +# /etc/nginx/nginx.conf - nginx server configuration +# + + +user nginx; +worker_processes auto; + +error_log /var/log/nginx/error.log; + +pid /var/run/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + include mime.types; + default_type application/octet-stream; + + ## + # SSL Settings + ## + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE + ssl_prefer_server_ciphers on; + + # ssl on; + ssl_certificate /etc/ssl/certs/nginx.crt; + ssl_certificate_key /etc/ssl/keys/nginx.key; + + #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + # '$status $body_bytes_sent "$http_referer" ' + # '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + client_body_timeout 12; + client_header_timeout 12; + send_timeout 65; + + + gzip on; + gzip_vary on; + #gzip_proxied any; + gzip_comp_level 9; + # gzip_buffers 16 8k; + # gzip_http_version 1.1; + gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; + + + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*.conf; + + #server { + # listen 80; + # server_name localhost; + # + # #charset koi8-r; + # + # location / { + # root html; + # index index.html index.htm; + # } + # + # error_page 404 /404.html; + # + # # redirect server error pages to the static page /50x.html + # # + # error_page 500 502 503 504 /50x.html; + # location = /50x.html { + # root html; + # } + # + # # proxy the PHP scripts to Apache listening on 127.0.0.1:80 + # # + # #location ~ \.php$ { + # # proxy_pass http://127.0.0.1; + # #} + # + # # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 + # # + # #location ~ \.php$ { + # # root html; + # # fastcgi_pass 127.0.0.1:9000; + # # fastcgi_index index.php; + # # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; + # # include fastcgi_params; + # #} + # + # # deny access to .htaccess files, if Apache's document root + # # concurs with nginx's one + # # + # #location ~ /\.ht { + # # deny all; + # #} + #} + + + # another virtual host using mix of IP-, name-, and port-based configuration + # + #server { + # listen 8000; + # listen somename:8080; + # server_name somename alias another.alias; + + # location / { + # root html; + # index index.html index.htm; + # } + #} + + + # HTTPS server + # + #server { + # listen 443 ssl; + # server_name localhost; + + # ssl_certificate cert.pem; + # ssl_certificate_key cert.key; + + # ssl_session_cache shared:SSL:1m; + # ssl_session_timeout 5m; + + # ssl_ciphers HIGH:!aNULL:!MD5; + # ssl_prefer_server_ciphers on; + + # location / { + # root html; + # index index.html index.htm; + # } + #} + +} diff --git a/tools/conf/etc/nginx/sites-enabled/default.conf b/tools/conf/etc/nginx/sites-enabled/default.conf new file mode 100644 index 0000000..4e01b88 --- /dev/null +++ b/tools/conf/etc/nginx/sites-enabled/default.conf @@ -0,0 +1,49 @@ + +server { + listen 443 ssl; + # listen [::]:443 ssl; + + server_name c9.core; + + root /srv/www/default; + + location /distfiles { + alias /usr/ports/distfiles; + } + + + location /bug { + index index.php; + alias /srv/www/default/flyspray; + try_files $uri $uri/ index.php$is_args$args; + } + + location ~ ^/bug(.+\.php)$ { ### This location block was the solution + alias /srv/www/default/flyspray; + + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index index.php; + try_files $uri /index.php =404; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$1; + # fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_pass 127.0.0.1:9000; + } + + location / { + alias /srv/www/default/pmwiki/; + index pmwiki.php + try_files $uri $uri/ /pmwiki.php$is_args$args; + } + + location ~ \.php$ { + alias /srv/www/default/pmwiki; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index pmwiki.php; + try_files $uri /pmwiki.php =404; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + # fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_pass 127.0.0.1:9000; + } +} diff --git a/tools/conf/etc/nginx/sites/default.conf b/tools/conf/etc/nginx/sites/default.conf new file mode 100644 index 0000000..1c71c44 --- /dev/null +++ b/tools/conf/etc/nginx/sites/default.conf @@ -0,0 +1,60 @@ + +server { + listen 443 ssl; + # listen [::]:443 ssl; + + server_name c9.core; + + root /srv/www/default; + + location /ports { + alias /var/ports/ports; + autoindex on; + } + + location /distfiles { + alias /var/ports/distfiles; + autoindex on; + } + + location /packages { + root /var/ports/packages; + autoindex off; + } + + + location /bug { + index index.php; + alias /srv/www/default/flyspray; + try_files $uri $uri/ index.php$is_args$args; + } + + location ~ ^/bug(.+\.php)$ { ### This location block was the solution + alias /srv/www/default/flyspray; + + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index index.php; + try_files $uri /index.php =404; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$1; + # fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_pass 127.0.0.1:9000; + } + + location / { + alias /srv/www/default/pmwiki/; + index pmwiki.php + try_files $uri $uri/ /pmwiki.php$is_args$args; + } + + location ~ \.php$ { + alias /srv/www/default/pmwiki; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index pmwiki.php; + try_files $uri /pmwiki.php =404; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + # fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_pass 127.0.0.1:9000; + } +} diff --git a/tools/conf/etc/nginx/sites/drupal.conf b/tools/conf/etc/nginx/sites/drupal.conf new file mode 100644 index 0000000..0407a6a --- /dev/null +++ b/tools/conf/etc/nginx/sites/drupal.conf @@ -0,0 +1,129 @@ +server { + + listen 192.168.1.254:443 ssl; + listen 10.0.0.254:443 ssl; + + server_name c9.core + + root /srv/www/default/drupal; ## <-- Your only path reference. + + # Enable compression, this will help if you have for instance advagg¿? module + # by serving Gzip versions of the files. + gzip_static on; + + location ~ ^/stats/(.*)$ { + alias /srv/www/stats/$1; + autoindex on; + } + + location /doc { + alias /srv/www/c9-doc; + autoindex on; + } + + location /ports { + alias /var/ports/ports; + autoindex on; + } + + location /distfiles { + alias /var/ports/distfiles; + autoindex on; + } + + + location /packages { + root /var/ports/packages; + autoindex off; + } + + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + } + + # This matters if you use drush prior to 5.x + # After 5.x backups are stored outside the Drupal install. + #location = /backup { + # deny all; + #} + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + # This is cool because no php is touched for static content + try_files $uri @rewrite; + } + + location ~* /update.php*/.*$ { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /update.php; + # For Drupal 6 and bwlow: + # Some modules enforce no slash (/) at the end of the URL + # Else this rewrite block wouldn't be needed (GlobalRedirect) + #rewrite ^/(.*)$ /index.php?q=$1; + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + # For Drupal 6 and bwlow: + # Some modules enforce no slash (/) at the end of the URL + # Else this rewrite block wouldn't be needed (GlobalRedirect) + #rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ \.php$ { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + #NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + #fastcgi_pass unix:/tmp/phpfpm.sock; + fastcgi_pass 127.0.0.1:9000; + } + + # Fighting with Styles? This little gem is amazing. + # This is for D6 + #location ~ ^/sites/.*/files/imagecache/ { + # This is for D7 and D8 + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { + expires max; + #log_not_found off; + } + +} diff --git a/tools/conf/etc/nginx/sites/flyspray.conf b/tools/conf/etc/nginx/sites/flyspray.conf new file mode 100644 index 0000000..80b5530 --- /dev/null +++ b/tools/conf/etc/nginx/sites/flyspray.conf @@ -0,0 +1,40 @@ + +server { + listen 443 ssl; + # listen [::]:443 ssl; + + server_name c9.core; + + root /srv/www/default/flyspray; + index index.php; + + location /ports { + alias /var/ports/ports; + autoindex on; + } + + location /distfiles { + alias /var/ports/distfiles; + autoindex on; + } + + location /packages { + root /var/ports/packages; + autoindex off; + } + + + location / { + try_files $uri $uri/ index.php$is_args$args; + } + + location ~ \.php$ { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index index.php; + try_files $uri /index.php =404; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + # fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_pass 127.0.0.1:9000; + } +} diff --git a/tools/conf/etc/nginx/sites/laravel.conf b/tools/conf/etc/nginx/sites/laravel.conf new file mode 100644 index 0000000..e563a3e --- /dev/null +++ b/tools/conf/etc/nginx/sites/laravel.conf @@ -0,0 +1,28 @@ +server { + listen 443 ssl; + # listen [::]:443 ssl; + + root /srv/www/default/laravel/public; + server_name c9.core + + location /c9-doc { + alias /srv/www/c9-doc; + index index.html; + autoindex on; + } + + location / { + try_files $uri $uri/ /index.php$is_args$args; + } + + location ~ \.php$ { + index index.php; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index index.php; + # try_files $uri /index.php =404; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + # fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_pass 127.0.0.1:9000; + } +} diff --git a/tools/conf/etc/rc.d/blan b/tools/conf/etc/rc.d/blan new file mode 100755 index 0000000..f75d272 --- /dev/null +++ b/tools/conf/etc/rc.d/blan @@ -0,0 +1,63 @@ +#!/bin/sh +# +# /etc/rc.d/net: start/stop network interface +# + +DEV="br0" +PHY="enp8s0" + +ADDR=10.0.0.1 +NET=10.0.0.0 +MASK=24 +GTW=10.0.0.1 +NTAPS=$((`/usr/bin/nproc`-1)) + +case $1 in + start) + /sbin/ip link add name ${DEV} type bridge + /sbin/ip link set dev ${DEV} up + + /bin/sleep 0.2s + /sbin/ip route flush dev ${PHY} + /sbin/ip addr flush dev ${PHY} + /sbin/ip link set dev ${PHY} master ${DEV} + + /sbin/ip addr add ${ADDR}/${MASK} dev ${DEV} broadcast + + + for i in `/usr/bin/seq $NTAPS` + do + TAP="tap$i" + echo $TAP + /sbin/ip tuntap add ${TAP} mode tap group kvm + /sbin/ip link set ${TAP} up + /bin/sleep 0.2s + #brctl addif $switch $1 + /sbin/ip link set ${TAP} master ${DEV} + done + + exit 0 + ;; + stop) + + for i in `/usr/bin/seq $NTAPS` + do + TAP="tap$i" + /sbin/ip link del ${TAP} + echo $TAP + done + + /sbin/ip link set dev ${DEV} down + /sbin/ip route flush dev ${DEV} + /sbin/ip link del ${DEV} + exit 0 + ;; + restart) + $0 stop + $0 start + ;; + *) + echo "Usage: $0 [start|stop|restart]" + ;; +esac + +# End of file diff --git a/tools/conf/etc/rc.d/postgresql b/tools/conf/etc/rc.d/postgresql new file mode 100755 index 0000000..5f0762a --- /dev/null +++ b/tools/conf/etc/rc.d/postgresql @@ -0,0 +1,16 @@ +# +# /etc/rc.d/postgresql: start, stop or restart PostgreSQL server postmaster +# + +PG_DATA=/srv/pgsql/data + +case "$1" in + start|stop|status|restart|reload) + sudo -u postgres pg_ctl -D "$PG_DATA" -l /var/log/postgresql "$1" + ;; + *) + echo "usage: $0 start|stop|restart|reload|status" + ;; +esac + +# End of file |