potier_f/WebHosting
0
0
Fork 0
forked from linux/WebHosting
Code Pull Requests Activity

merge upstream

Browse Source
This commit is contained in:
flechsig
2025-11-27 09:27:47 +01:00
parent b1467fcbce edf6e58074
commit e8c78f21c0
12 changed files with 267 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files
apache/conf/fluid-eos.conf
+28
View File
@@ -0,0 +1,28 @@
<VirtualHost *:80>
ServerName fluid-eos-test.psi.ch
DocumentRoot /var/www/fluid-eos
# Allow CGI everywhere if needed
Options +ExecCGI
AddHandler cgi-script .pl .cgi .x
<Directory "/var/www/fluid-eos">
Options +ExecCGI
AllowOverride None
Require all granted
</Directory>
# Explicit CGI directories
ScriptAlias /cgi-bin/ /var/www/fluid-eos/cgi-bin/
<Directory "/var/www/fluid-eos/cgi-bin">
Options +ExecCGI
Require all granted
</Directory>
ScriptAlias /cgibin/ /var/www/fluid-eos/cgibin/
<Directory "/var/www/fluid-eos/cgibin">
Options +ExecCGI
Require all granted
</Directory>
</VirtualHost>
apache/conf/gfa-status.conf
+31
View File
@@ -0,0 +1,31 @@
<VirtualHost *:80>
ServerName gfa-status-test.psi.ch
DocumentRoot /var/www/gfa-status/web
ErrorLog /proc/self/fd/2
CustomLog /proc/self/fd/1 combined
Header set Access-Control-Allow-Origin "*"
# PHP configuration
<FilesMatch ".+\.ph(p[345]?|t|tml)$">
SetHandler application/x-httpd-php
</FilesMatch>
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -fwebmaster@gfa-status.web.psi.ch"
php_admin_value upload_tmp_dir /var/www/clients/client45/web70/tmp
php_admin_value session.save_path /var/www/clients/client45/web70/tmp
php_admin_value open_basedir /var/www/clients/client45/web70/web:/var/www/clients/client45/web70/private:/var/www/clients/client45/web70/tmp:/var/www/gfa-status.web.psi.ch/web:/tmp:/usr/share/php:/usr/share/phpmyadmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/var/www/error/
<Directory /var/www/gfa-status.web.psi.ch/web>
Options +FollowSymLinks +Includes
AllowOverride All
Require all granted
# SSI support
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
</Directory>
</VirtualHost>
apache/conf/rfmwtools.conf
+29
View File
@@ -0,0 +1,29 @@
<VirtualHost *:80>
ServerName rfmwtools-test.psi.ch
# Document root for static files
DocumentRoot /var/www/rfmwtools
# CGI scripts
ScriptAlias /cgi-bin/ /var/www/rfmwtools/cgi-bin/
<Directory "/var/www/rfmwtools/cgi-bin">
Options +ExecCGI +FollowSymLinks +Indexes
AddHandler cgi-script .sh .cgi
Require all granted
SetEnv SCRIPT_WORKDIR /var/www/rfmwtools/cgi-bin
DirectoryIndex rfmwtools.html
</Directory>
<Directory "/var/www/rfmwtools">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
DirectoryIndex rfmwtools.html
</Directory>
ErrorLog /proc/self/fd/2
CustomLog /proc/self/fd/1 combined
</VirtualHost>
apache/conf/sls2.conf
+14
View File
@@ -0,0 +1,14 @@
<VirtualHost *:80>
ServerName sls2.psi.ch
DocumentRoot /var/www/sls2
Options +Includes
<Directory "/var/www/sls2">
Options +Includes
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
apache/conf/srem.conf
+29
View File
@@ -0,0 +1,29 @@
<VirtualHost *:80>
ServerName srem-test.psi.ch
DocumentRoot /var/www/srem
Options +ExecCGI +Includes
AddHandler cgi-script .pl .cgi
AddHandler server-parsed .shtml
AddOutputFilter INCLUDES .shtml
<Directory "/var/www/srem">
Options +Includes
AllowOverride None
Require all granted
</Directory>
<Directory "/var/www/srem/static">
Options +Includes
AllowOverride None
Require all granted
</Directory>
# Explicit CGI directory
ScriptAlias /cgibin/ /var/www/srem/cgibin/
<Directory "/var/www/srem/cgibin">
Options +ExecCGI -Includes
Require all granted
</Directory>
</VirtualHost>
conf.d/fluid-eos-test.conf
+30
View File
@@ -0,0 +1,30 @@
server {
listen 80;
server_name fluid-eos-test.psi.ch;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name fluid-eos-test.psi.ch;
ssl_certificate /etc/nginx/certs/fluid-eos-test.psi.ch.crt;
ssl_certificate_key /etc/nginx/private/fluid-eos-test.psi.ch.key;
access_log /var/log/nginx/fluid-eos-test.access.log;
error_log /var/log/nginx/fluid-eos-test.error.log;
# Proxy EVERYTHING to the Apache container
location / {
proxy_pass http://apache_app:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# Important for CGI apps
proxy_buffering off;
}
}
conf.d/gfa-status-test.conf
+1 -1
View File
@@ -12,7 +12,7 @@ server {
ssl_certificate_key /etc/nginx/private/gfa-status-test.psi.ch.key;
location / {
proxy_pass http://gfa-status-test:80;
proxy_pass http://apache_app:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
conf.d/rfmwtools.conf
+21
View File
@@ -0,0 +1,21 @@
server {
listen 80;
server_name rfmwtools-test.psi.ch;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name rfmwtools-test.psi.ch;
ssl_certificate /etc/nginx/certs/rfmwtools-test.psi.ch.crt;
ssl_certificate_key /etc/nginx/private/rfmwtools-test.psi.ch.key;
location / {
proxy_pass http://apache_app:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
conf.d/sls2.conf
+27
View File
@@ -0,0 +1,27 @@
server {
listen 80;
server_name sls2.psi.ch;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name sls2.psi.ch;
ssl_certificate /etc/nginx/certs/sls2.psi.ch.crt;
ssl_certificate_key /etc/nginx/private/sls2.psi.ch.key;
access_log /var/log/nginx/sls2.access.log;
error_log /var/log/nginx/sls2.error.log;
location / {
proxy_pass http://apache_app:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
conf.d/srem-test.conf
+30
View File
@@ -0,0 +1,30 @@
server {
listen 80;
server_name srem-test.psi.ch;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name srem-test.psi.ch;
ssl_certificate /etc/nginx/certs/srem-test.psi.ch.crt;
ssl_certificate_key /etc/nginx/private/srem-test.psi.ch.key;
access_log /var/log/nginx/srem-test.access.log;
error_log /var/log/nginx/srem-test.error.log;
# Proxy EVERYTHING to the Apache container
location / {
proxy_pass http://apache_app:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# Important for CGI apps
proxy_buffering off;
}
}
docker-compose.yaml
+27 -20
View File
@@ -22,7 +22,25 @@ services:
networks:
- public
- backend
# rfwtools
# gfa-status-test
# fluid-eos
# spaceweather
apache:
image: gitea.psi.ch/images/php-apache:latest
container_name: apache_app
restart: always
volumes:
- /opt/webcontent/rfmwtools:/var/www/rfmwtools:ro
- /opt/webcontent/gfa-status:/var/www/gfa-status:rw
- /opt/webcontent/fluid-eos:/var/www/fluid-eos:rw
- /opt/webcontent/sls2:/var/www/sls2:rw
- /mount/srem/webhosting:/var/www/srem:rw
- ./apache/conf:/etc/apache2/sites-enabled:ro
networks:
- backend
# linux-eng@psi.ch
# Test app
excalidraw:
@@ -38,19 +56,19 @@ services:
pif-elog:
image: gitea.psi.ch/images/elog:3.1.5
container_name: pif-elog
restart: always
restart: always
volumes:
- /opt/logbooks/pif:/usr/local/elog/logbooks
- /opt/webcontent/pif/elog.cfg:/usr/local/elog/elogd.cfg
networks:
- backend
- backend
# Krieger Jonas Andreas <jonas.krieger@psi.ch>, Raselli Andrea-Raeto <andrea.raselli@psi.ch>
# Elog as a Service PoC mit musr-elog.psi.ch? linux-eng@psi.ch
lmu-elog:
image: gitea.psi.ch/images/elog:3.1.5
container_name: lmu-elog
restart: always
restart: always
volumes:
- /opt/logbooks/LMU:/usr/local/elog/logbooks
- /opt/webcontent/LMU/elog.cfg:/usr/local/elog/elogd.cfg
@@ -64,7 +82,7 @@ services:
image: gitea.psi.ch/images/mcda-calculator:1.0.3
container_name: mcda-calculator
restart: always
networks:
networks:
- backend
# Romain Sacchi <romain.sacchi@psi.ch>
@@ -102,7 +120,7 @@ services:
- /opt/webcontent/sf-hedgedoc/uploads:/hedgedoc/public/uploads
restart: always
depends_on:
- hedgedoc_db
- hedgedoc_db
networks:
- backend
- hedgedoc_backend
@@ -121,17 +139,6 @@ services:
networks:
- hedgedoc_backend
# Andreas Luedeke <andreas.luedeke@psi.ch>
# POC not running yet
gfa-status-test:
image: php:8.2-apache
container_name: gfa-status-test
volumes:
- /opt/webcontent/gfa-status/web:/var/www/html
restart: always
networks:
- backend
# Flechsig Uwe <uwe.flechsig@psi.ch>
# opticswiki (test setup)
# webcontent:
@@ -147,7 +154,7 @@ services:
- /opt/webcontent/opticswiki/lib:/usr/local/apache2/Foswiki-2.1.9/lib
networks:
- backend
# Angelo Sozzi INC0150655 angelo.sozzi@psi.ch
# POC Software - might be installed on docker-dmz
n8n:
@@ -173,7 +180,7 @@ services:
# It-Strategy monitoring dashboard
it-strategy-dashboard-frontend:
image: gitea.psi.ch/9501/it-strategy-dashboard-frontend:2.0
image: gitea.psi.ch/9501/it-strategy-dashboard-frontend:3.0
container_name: it-strategy-dashboard-frontend
command: ["sh","-c","/usr/local/bin/copyData.sh"]
volumes:
@@ -183,7 +190,7 @@ services:
- it_strategy_dashboard_backend
it-strategy-dashboard-backend:
image: gitea.psi.ch/9501/it-strategy-dashboard-backend:2.0.1
image: gitea.psi.ch/9501/it-strategy-dashboard-backend:3.0.1
container_name: it-strategy-dashboard-backend
restart: always
environment:
nginx.conf
-1
View File
@@ -12,7 +12,6 @@ http {
default_type application/octet-stream;
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options DENY;
add_header X-XSS-Protection "1; mode=block";
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; # HSTS
add_header Referrer-Policy no-referrer-when-downgrade; # Referrer policy