Merge branch 'master' of code.ungleich.ch:ungleich-public/__ungleich_nextcloud into HEAD

This commit is contained in:
Nico Schottelius 2020-09-21 09:17:19 +02:00
commit c0c0915162
4 changed files with 12 additions and 12 deletions

View file

@ -3,7 +3,7 @@
user = www-data user = www-data
group = www-data group = www-data
listen = /run/php/php7.0-fpm.sock listen = /run/php/phpVERSION-fpm.sock
listen.owner = www-data listen.owner = www-data
listen.group = www-data listen.group = www-data

View file

@ -1,5 +1,5 @@
upstream php-handler { upstream php-handler {
server unix:/run/php/php7.0-fpm.sock; server unix:/run/php/phpVERSION-fpm.sock;
} }
server { server {
@ -16,7 +16,8 @@ server {
add_header Strict-Transport-Security "max-age=15768000; add_header Strict-Transport-Security "max-age=15768000;
includeSubDomains; preload;"; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff; add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN"; #add_header X-Frame-Options "SAMEORIGIN";
add_header Referrer-Policy no-referrer;
add_header X-XSS-Protection "1; mode=block"; add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none; add_header X-Robots-Tag none;
add_header X-Download-Options noopen; add_header X-Download-Options noopen;
@ -56,7 +57,7 @@ server {
#pagespeed off; #pagespeed off;
location / { location / {
rewrite ^ /index.php$uri; rewrite ^ /index.php;
} }
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
@ -68,6 +69,7 @@ server {
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) { location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.*)$; fastcgi_split_path_info ^(.+\.php)(/.*)$;
try_files $fastcgi_script_name =404;
include fastcgi_params; include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_INFO $fastcgi_path_info;

View file

@ -9,14 +9,10 @@ case "$os" in
;; ;;
debian) debian)
case "$os_version" in case "$os_version" in
8*) 8*|9*|10*)
restart="systemctl restart nginx"
;;
9*|10*)
restart="systemctl restart nginx" restart="systemctl restart nginx"
;; ;;
*) *)
restart="systemctl restart nginx"
echo "Unsupported version $os_version of $os." >&2 echo "Unsupported version $os_version of $os." >&2
exit 1 exit 1
;; ;;

View file

@ -38,7 +38,6 @@ case "$os_version" in
10*) 10*)
php_version=7.3 php_version=7.3
;; ;;
*) *)
echo "Unsupported version $os_version of $os." >&2 echo "Unsupported version $os_version of $os." >&2
exit 1 exit 1
@ -46,6 +45,7 @@ case "$os_version" in
esac esac
db_pass=$(cat "$__object/parameter/db-pass") db_pass=$(cat "$__object/parameter/db-pass")
nameserver fd00::2e3a:fdff:fef6:130e
db_user=$(cat "$__object/parameter/db-user") db_user=$(cat "$__object/parameter/db-user")
db_name=$(cat "$__object/parameter/db-name") db_name=$(cat "$__object/parameter/db-name")
domain=$(cat "$__object/parameter/domain") domain=$(cat "$__object/parameter/domain")
@ -60,12 +60,13 @@ for package in php-gd php-json php-pgsql php-curl \
done done
__package postgresql --state=present __package postgresql --state=present
__package curl --state=present #require="__apt_update_index" __package curl --state=present
# Configure packages # Configure packages
## PHP 7 ## PHP 7
sed "s/VERSION/$php_version/" "$__type/files/fpm.conf" > "$tmpdir/fpm"
require="__package/php-fpm" __file /etc/php/${php_version}/fpm/pool.d/www.conf \ require="__package/php-fpm" __file /etc/php/${php_version}/fpm/pool.d/www.conf \
--owner root --group root --mode 644 --source "$__type/files/fpm.conf" --owner root --group root --mode 644 --source "$tmpdir/fpm"
## Nginx ## Nginx
@ -82,6 +83,7 @@ require="__ungleich_http_server_ssl_redirect_letsencrypt/$domain" \
### The SSL configuration ### The SSL configuration
sed "s/DOMAIN/$domain/" "$__type/files/nextcloud.nginx" > "$tmpdir/nginx" sed "s/DOMAIN/$domain/" "$__type/files/nextcloud.nginx" > "$tmpdir/nginx"
sed -i "s/VERSION/$phpv/" "$tmpdir/nginx"
require="__letsencrypt_cert/$domain __package/nginx" __file /etc/nginx/sites-enabled/nextcloud \ require="__letsencrypt_cert/$domain __package/nginx" __file /etc/nginx/sites-enabled/nextcloud \
--owner www-data \ --owner www-data \
--group www-data \ --group www-data \