diff --git a/files/base_config/centos.conf b/files/base_config/centos.conf deleted file mode 100644 index b926731..0000000 --- a/files/base_config/centos.conf +++ /dev/null @@ -1,44 +0,0 @@ -# For more information on configuration, see: -# * Official English Documentation: http://nginx.org/en/docs/ -# * Official Russian Documentation: http://nginx.org/ru/docs/ - -user nginx; -worker_processes 1; - -error_log /var/log/nginx/error.log; -#error_log /var/log/nginx/error.log notice; -#error_log /var/log/nginx/error.log info; - -pid /run/nginx.pid; - - -events { - worker_connections 1024; -} - - -http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - sendfile on; - #tcp_nopush on; - - #keepalive_timeout 0; - keepalive_timeout 65; - - #gzip on; - - index index.html index.htm; - - # Load modular configuration files from the /etc/nginx/conf.d directory. - # See http://nginx.org/en/docs/ngx_core_module.html#include - # for more information. - include /etc/nginx/conf.d/*.conf; -} diff --git a/files/base_config/debian.conf b/files/base_config/debian.conf deleted file mode 100644 index a911806..0000000 --- a/files/base_config/debian.conf +++ /dev/null @@ -1,50 +0,0 @@ -user www-data; -worker_processes 1; - -error_log /var/log/nginx/error.log; -pid /var/run/nginx.pid; - -events { - worker_connections 1024; - # multi_accept on; -} - -http { - include /etc/nginx/mime.types; - - access_log /var/log/nginx/access.log; - - sendfile on; - #tcp_nopush on; - - #keepalive_timeout 0; - keepalive_timeout 65; - tcp_nodelay on; - - gzip on; - gzip_disable "MSIE [1-6]\.(?!.*SV1)"; - - include /etc/nginx/conf.d/*.conf; - include /etc/nginx/sites-enabled/*; -} - -# mail { -# # See sample authentication script at: -# # http://wiki.nginx.org/NginxImapAuthenticateWithApachePhpScript -# -# # auth_http localhost/auth.php; -# # pop3_capabilities "TOP" "USER"; -# # imap_capabilities "IMAP4rev1" "UIDPLUS"; -# -# server { -# listen localhost:110; -# protocol pop3; -# proxy on; -# } -# -# server { -# listen localhost:143; -# protocol imap; -# proxy on; -# } -# } diff --git a/files/nginx-footer b/files/nginx-footer deleted file mode 100644 index 5c34318..0000000 --- a/files/nginx-footer +++ /dev/null @@ -1 +0,0 @@ -} diff --git a/files/nginx-header b/files/nginx-header deleted file mode 100644 index 7dc5024..0000000 --- a/files/nginx-header +++ /dev/null @@ -1,3 +0,0 @@ -# -# cdist maintained configuration - do not overwrite -# diff --git a/files/nginx-header-generic b/files/nginx-header-generic deleted file mode 100644 index f63030f..0000000 --- a/files/nginx-header-generic +++ /dev/null @@ -1,12 +0,0 @@ - # Compress everything [tm] - gzip on; - gzip_static on; - gzip_proxied any; - - # Not for silly ie - gzip_disable "MSIE [1-6]\."; - gzip_http_version 1.0; - gzip_types text/plain text/xml text/css - text/comma-separated-values - text/javascript application/x-javascript - application/atom+xml; diff --git a/files/nginx-header-https b/files/nginx-header-https deleted file mode 100644 index 1ae4fbc..0000000 --- a/files/nginx-header-https +++ /dev/null @@ -1,6 +0,0 @@ -server { - listen 443 ssl; - listen [::]:443 ssl; - ssl_certificate /etc/nginx/ssl.crt; - ssl_certificate_key /etc/nginx/ssl.key; - diff --git a/files/nginx-header-https-letsencrypt b/files/nginx-header-https-letsencrypt deleted file mode 100644 index 20bc934..0000000 --- a/files/nginx-header-https-letsencrypt +++ /dev/null @@ -1,25 +0,0 @@ -server { - listen 443 ssl; - listen [::]:443 ssl; - ssl_certificate /etc/nginx/ssl.crt; - ssl_certificate_key /etc/nginx/ssl.key; - ssl_dhparam /etc/nginx/dhparam.pem; - - # OCSP - ssl_stapling on; - ssl_stapling_verify on; - ssl_trusted_certificate /etc/nginx/chain.pem; - - # Chipers - ssl_protocols TLSv1.2 TLSv1.1 TLSv1; - ssl_ciphers EECDH+AESGCM:EDH+AESGCM:EECDH:EDH:!MD5:!RC4:!LOW:!MEDIUM:!CAMELLIA:!ECDSA:!DES:!DSS:!3DES:!NULL; - ssl_prefer_server_ciphers on; - ssl_ecdh_curve secp384r1; - - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; - - # Session resumption - ssl_session_timeout 10m; - ssl_session_cache off; - ssl_session_tickets on; - ssl_session_ticket_key /etc/nginx/nginx-ticketkey; diff --git a/files/nginx-header-server_name b/files/nginx-header-server_name deleted file mode 100644 index e69de29..0000000 diff --git a/gencode-remote b/gencode-remote index 918dc2e..3bcf822 100755 --- a/gencode-remote +++ b/gencode-remote @@ -1,49 +1,22 @@ #!/bin/sh os=$(cat "$__global/explorer/os") -os_version=$(cat "$__global/explorer/os_version") - -# remove this check, if there is support for othere OS -if [ ! "$os" = "debian" ]; then +if [ ! "$os" = "debian" ] +then echo "OS $os is currently not supported." >&2 exit 1 fi - -case "$os" in - centos) - restart="/etc/init.d/nginx reload" +os_version=$(cat "$__global/explorer/os_version") +case "$os_version" in + 8*) + : ;; - debian) - case "$os_version" in - [1-7]*) - restart="/etc/init.d/nginx restart" - echo "Unsupported version $os_version of $os." >&2 - exit 1 - ;; - 8*) - restart="systemctl restart nginx" - ;; - *) - restart="systemctl restart nginx" - echo "Unsupported version $os_version of $os." >&2 - exit 1 - ;; - esac - ;; - devuan) - restart="/etc/init.d/nginx restart" - ;; - *) - echo "Unsupported OS: $os" >&2 + *) + echo "Unsupported version $os_version of $os." >&2 exit 1 ;; esac -# maybe we dont need this -if grep -E -q "^(__file|__link)/etc/nginx" "$__messages_in"; then - echo $restart -fi - nextcloud_uri="$(cat "$__object/parameter/uri")-$(cat "$__object/parameter/version").tar.bz2" db_name=$(cat "$__object/parameter/db-name") db_user=$(cat "$__object/parameter/db-user") @@ -54,14 +27,13 @@ domain=$(cat "$__object/parameter/domain") # TODO check shasum of tar ball cat < - - -DESCRIPTION ------------ -We suggest to use our type -__ungleich_nginx_app_proxy for the nginx configuration. -Keep in mind, that you have to install the certificates with -another type or nginx doesn't start. - - -REQUIRED PARAMETERS -------------------- -domain - where Nextcloud runs - - -DEFAULT PARAMETERS -------------------- -admin-pass - Nextcloud default admin passwort: nextcloud - -admin-user - Nextcloud default admin user: nextcloud - -db-name - Nextcloud default database name: nextcloud - -db-pass - Nextcloud default password: nextcloud - -db-user - Nextcloud default database user: nextcloud - -uri - Nextcloud default Uniform Resource Identifier (URI): https://download.nextcloud.com/server/releases/nextcloud - -version - Nextcloud default version: 11.0.1 - - -OPTIONAL PARAMETERS -------------------- -admin-pass - Nextcloud admin password - -admin-user - Nextcloud user password - -db-name - Nextcloud database name - -db-pass - Nextcloud password - -db-user - Nextcloud database user - -ssl-cert - Define the path where the ssl-cert is on the $host - -ssl-key - Define the path where the ssl-key is on the $host - -uri - Nextcloud Uniform Resource Identifier (URI) - -version - Nextcloud version - -If not set the type uses the default parameters. - -BOOLEAN PARAMETERS ------------------- -ssl - Enable if you want to use SSL - -ssl-no-redirect - Enable if you don't want a redirect to https - -custom-config-from-stdin - Insert this configuration from stdin after the generic part - - -EXAMPLES --------- - -.. code-block:: sh - - # only required - __ungleich_nextcloud --domain test.example.org - - # set a different admin-user and db-user; ssl is needed - __ungleich_nextcloud --ssl --admin-user ungleich --db-user ungleich --domain test.example.org - - # custom config - __ungleich_nextcloud --domain test.example.org --custom-config-from-stdin << eof - - # some aditional nginx config - - eof - - -SEE ALSO --------- -- `cdist-type(7) `_ - - -COPYING -------- -Copyright \(C) 2017 ungleich GmbH (www.ungleich.ch). -Free use of this software is granted under the terms -of the GNU General Public License version 3 (GPLv3). diff --git a/manifest b/manifest index c3de33e..8d24c7d 100755 --- a/manifest +++ b/manifest @@ -38,10 +38,8 @@ esac db_pass=$(cat "$__object/parameter/db-pass") db_user=$(cat "$__object/parameter/db-user") db_name=$(cat "$__object/parameter/db-name") -db_name=$(cat "$__object/parameter/domain") -# Hostname -__hostname --name "$domain" + # Install packages for package in php7.0-common php7.0-gd php7.0-json php7.0-pgsql php7.0-curl \ @@ -55,7 +53,7 @@ __package postgresql --state=present __package curl --state=present # Configure packages -## PHP 7 +## Php 7 __apt_key_uri dotdeb --uri https://www.dotdeb.org/dotdeb.gpg require="__apt_key_uri/dotdeb" __apt_source dotdeb --uri http://packages.dotdeb.org \ --distribution jessie \ @@ -66,6 +64,12 @@ require="__apt_source/dotdeb" __apt_update_index require="__package/php7.0-fpm" __file /etc/php/7.0/fpm/pool.d/www.conf \ --owner root --group root --mode 644 --source "$__type/files/fpm.conf" + + +## Nginx +require="__package/nginx" __file /etc/nginx/sites-enabled/nextcloud --owner www-data \ + --group www-data --mode 755 --source "$__type/files/nextcloud.nginx" + ## Postgres require="__package/postgresql" __postgres_role "${db_user}" --password "${db_pass}"\ --login --createdb @@ -73,6 +77,7 @@ require="__package/postgresql" __postgres_role "${db_user}" --password "${db_pas require="__package/postgresql __postgres_role/${db_user}" __postgres_database "${db_name}"\ --owner "${db_user}" --state present + # Start on boot require="__package/postgresql" __start_on_boot postgresql require="__package/nginx" __start_on_boot nginx diff --git a/parameter/boolean b/parameter/boolean deleted file mode 100644 index 24e0cde..0000000 --- a/parameter/boolean +++ /dev/null @@ -1,3 +0,0 @@ -ssl -ssl-no-redirect -custom-config-from-stdin diff --git a/parameter/default/domain b/parameter/default/domain new file mode 100644 index 0000000..3bb24a8 --- /dev/null +++ b/parameter/default/domain @@ -0,0 +1 @@ +cloud.ungleich.ch diff --git a/parameter/optional b/parameter/optional index 455151a..419e014 100644 --- a/parameter/optional +++ b/parameter/optional @@ -5,5 +5,4 @@ admin-user admin-pass uri version -ssl-cert -ssl-key +domain diff --git a/parameter/required b/parameter/required deleted file mode 100644 index d23ab7a..0000000 --- a/parameter/required +++ /dev/null @@ -1 +0,0 @@ -domain