about summary refs log tree commit diff stats
path: root/tools
diff options
context:
space:
mode:
Diffstat (limited to 'tools')
-rw-r--r--tools/conf/etc/nginx/nginx.conf13
-rwxr-xr-xtools/conf/etc/rc.d/git-daemon42
-rw-r--r--tools/gitolite.html23
-rw-r--r--tools/network.html7
-rw-r--r--tools/nginx.html19
-rw-r--r--tools/nmap.html2
-rw-r--r--tools/scripts/pkgmk-test.conf2
-rw-r--r--tools/scripts/setup-nginx.sh22
-rw-r--r--tools/x.html3
9 files changed, 97 insertions, 36 deletions
diff --git a/tools/conf/etc/nginx/nginx.conf b/tools/conf/etc/nginx/nginx.conf
index ddbdee6..8fca293 100644
--- a/tools/conf/etc/nginx/nginx.conf
+++ b/tools/conf/etc/nginx/nginx.conf
@@ -3,7 +3,7 @@
 #
 
 
-user nginx;
+user www;
 worker_processes auto;
 
 error_log /var/log/nginx/error.log;
@@ -20,16 +20,6 @@ http {
     include       mime.types;
     default_type  application/octet-stream;
 
-    ##
-    # SSL Settings
-    ##
-    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
-    ssl_prefer_server_ciphers on;
-
-    # ssl on;
-    ssl_certificate /etc/ssl/certs/nginx.crt;
-    ssl_certificate_key /etc/ssl/keys/nginx.key;
-
     #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
     #                  '$status $body_bytes_sent "$http_referer" '
     #                  '"$http_user_agent" "$http_x_forwarded_for"';
@@ -40,6 +30,7 @@ http {
     sendfile        on;
     #tcp_nopush     on;
 
+    client_max_body_size 8M;
     keepalive_timeout  65;
     client_body_timeout 12;
     client_header_timeout 12;
diff --git a/tools/conf/etc/rc.d/git-daemon b/tools/conf/etc/rc.d/git-daemon
new file mode 100755
index 0000000..8aa9d81
--- /dev/null
+++ b/tools/conf/etc/rc.d/git-daemon
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+SSD=/sbin/start-stop-daemon
+NAME=git-daemon
+PROG=$(git --exec-path)/${NAME}
+USER=www
+GROUP=www
+PIDFILE=/var/run/git-daemon.pid
+OPTS="--verbose --reuseaddr --base-path=/srv/gitolite/repositories"
+
+case $1 in
+    start)
+        echo "Starting ${NAME}..."
+        $SSD --start \
+            --pidfile ${PIDFILE} \
+            --exec ${PROG} -- ${OPTS} \
+            --detach --pid-file=${PIDFILE} \
+            --user=${USER} --group=${GROUP}
+
+    ;;
+    stop)
+        echo "Stopping ${NAME}..."
+        $SSD --stop --quiet --name git-daemon \
+                            --pidfile ${PIDFILE}
+        ;;
+    restart)
+        echo "Restarting ${NAME}..."
+        $0 stop
+        $0 start
+        ;;
+    status)
+        $SSD --status --pidfile $PIDFILE
+        case $? in
+        0) echo "$PROG is running with pid $(cat $PIDFILE )" ;;
+        3) echo "$PROG is not running" ;;
+        4) echo "Unable to determine the program status" ;;
+        esac
+        ;;
+    *)
+        echo "usage: $0 [start|stop|restart|status]"
+        ;;
+esac
diff --git a/tools/gitolite.html b/tools/gitolite.html
index ab1ad3a..a275c23 100644
--- a/tools/gitolite.html
+++ b/tools/gitolite.html
@@ -552,24 +552,35 @@
 
         <h3>5.2. Configure nginx</h3>
 
-        <p>Edit /etc/rc.d/fcgiwrap to run as nginx user member of gitolite
-        and www group;</p>
+        <p>Edit /etc/rc.d/fcgiwrap to run as www user member of www group;</p>
 
         <pre>
-        USER=nginx
-        GROUP=nginx
+        USER=www
+        GROUP=www
         </pre>
 
+        <p>Permissions for /srv/gitolite/repositories directories should be
+        0750/drwxr-x---.</p>
+
         <pre>
-        # usermod -G www,gitolite nginx
+        $ chown gitolite:www /srv/gitolite
+        $ chown -R gitolite:www /srv/gitolite/projects.list
+        $ chown -R gitolite:www /srv/gitolite/repositories
         </pre>
 
-        <p>Create link from gitweb to web server folder;</p>
+        <p>A link from gitweb don't work under grsecurity since user www can't
+        follow simlink to root. Make a copy, later deploy via gitolite hook.</p>
 
+        <p>Link;</p>
         <pre>
         # ln -s /usr/share/gitweb /srv/www
         </pre>
 
+        <p>Copy;</p>
+        <pre>
+        # cp -r /usr/share/gitweb /srv/www
+        </pre>
+
         <p>Add this to default or main
 	<a href="nginx.html#virtual-host">nginx virtual host</a>;</p>
 
diff --git a/tools/network.html b/tools/network.html
index 9cf5395..c4e99f6 100644
--- a/tools/network.html
+++ b/tools/network.html
@@ -23,14 +23,11 @@
         to update ip every 5 minutes, check
         <a href="https://freedns.afraid.org/dynamic/v2/tips/">about dynamic interface</a>. To run as system cron job add as root and remove path line from example;</p>
         <pre>
-        PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
-        </pre>
-
-        <pre>
         # crontab -e
         </pre>
 
-        <p>Example from afraid uses curl and will log output to /tmp/freedns*</p>
+        <p>Example from afraid uses curl and will log output to /tmp/freedns*,
+        change to /var/log/freedns</p>
 
         <h2 id="bridge">Bridges</h2>
 
diff --git a/tools/nginx.html b/tools/nginx.html
index 6d4f355..a85cf0e 100644
--- a/tools/nginx.html
+++ b/tools/nginx.html
@@ -43,6 +43,25 @@
 
         <h2 id="certs">2. Certificates</h2>
 
+        <h3 id="letsencrypt">2.1. Lets encrypt</h2>
+
+        <p>Example of nginx location block on public pmwiki setup;</p>
+
+        <pre>
+        #ACME challenge
+        location ^~ /.well-known {
+              allow all;
+              alias /srv/www/c9-pmwiki/pub/cert/.well-known/;
+              default_type "text/plain";
+              try_files $uri =404;
+        }
+        </pre>
+
+        <pre>
+        # certbot certonly --email user@mail.org --webroot -w /srv/www/c9-pmwiki/pub/cert/-d c9.root.sx
+        </pre>
+
+        <h3 id="mancert">2.2. Self certificate</h2>
         <p>Certificates allow a more secure connection. Lets create
         self-signed certificate;</p>
 
diff --git a/tools/nmap.html b/tools/nmap.html
index c07ec0f..c3d5316 100644
--- a/tools/nmap.html
+++ b/tools/nmap.html
@@ -24,7 +24,7 @@
         <p>Or by hostname;</p>
 
         <pre>
-        # nmap -v c9.root.cx
+        # nmap -v c9.root.sx
         </pre>
 
         <p>Check OS and version detection;</p>
diff --git a/tools/scripts/pkgmk-test.conf b/tools/scripts/pkgmk-test.conf
index 623c52c..db9978d 100644
--- a/tools/scripts/pkgmk-test.conf
+++ b/tools/scripts/pkgmk-test.conf
@@ -22,7 +22,7 @@ case ${PKGMK_ARCH} in
 		;;
 esac
 
-PKGMK_SOURCE_MIRRORS=(https://c9.root.cx/ports/distfiles/)
+PKGMK_SOURCE_MIRRORS=(https://c9.root.sx/ports/distfiles/)
 # PKGMK_SOURCE_DIR="$PWD"
 # PKGMK_PACKAGE_DIR="$PWD"
 # PKGMK_WORK_DIR="$PWD/work"
diff --git a/tools/scripts/setup-nginx.sh b/tools/scripts/setup-nginx.sh
index decacc1..11065d2 100644
--- a/tools/scripts/setup-nginx.sh
+++ b/tools/scripts/setup-nginx.sh
@@ -1,16 +1,16 @@
 #!/bin/sh
 
-. `dirname $0`/config-install.sh
-
-prt-get depinst nginx
-
-cp -R $CONF_DIR/etc/nginx/* /etc/nginx/
-
-mkdir /srv/www
-chown nginx:www /srv/www
-
-usermod -a -G www nginx
-usermod -m -d /srv/www nginx
+#. `dirname $0`/config-install.sh
+#
+#prt-get depinst nginx
+#
+#cp -R $CONF_DIR/etc/nginx/* /etc/nginx/
+#
+#mkdir /srv/www
+#chown www:www /srv/www
+#
+#usermod -a -g www nginx
+#usermod -m -d /srv/www nginx
 
 openssl genrsa -des3 -out /etc/ssl/keys/nginx.key 2048
 openssl req -new -key /etc/ssl/keys/nginx.key -out /etc/ssl/certs/nginx.csr
diff --git a/tools/x.html b/tools/x.html
index 027d58a..8a68c5b 100644
--- a/tools/x.html
+++ b/tools/x.html
@@ -36,13 +36,14 @@
              xorg-font-dejavu-ttf \
              xorg-font-cursor-misc \
              xorg-font-misc-misc \
+             console-font-terminus \
+             xorg-font-terminus \
              xorg-font-mutt-misc
 
         $ prt-get search xorg-font-bitstream | xargs sudo prt-get depinst
         $ prt-get search xorg-font-bh | xargs sudo prt-get depinst
         </pre>
 
-        <p>From 6c37 collection;</p>
 
         <pre>
         $ prt-get search otf- | xargs sudo prt-get depinst
generated by cgit-pink 1.4.1-2-gfad0 (git 2.36.2.497.gbbea4dcf42) at 2024-12-15 06:37:52 +0000