diff --git a/apache/conf/fluid-eos.conf b/apache/conf/fluid-eos.conf
new file mode 100644
index 0000000..839c8c0
--- /dev/null
+++ b/apache/conf/fluid-eos.conf
@@ -0,0 +1,28 @@
+
+ ServerName fluid-eos-test.psi.ch
+ DocumentRoot /var/www/fluid-eos
+
+ # Allow CGI everywhere if needed
+ Options +ExecCGI
+ AddHandler cgi-script .pl .cgi .x
+
+
+ Options +ExecCGI
+ AllowOverride None
+ Require all granted
+
+
+ # Explicit CGI directories
+ ScriptAlias /cgi-bin/ /var/www/fluid-eos/cgi-bin/
+
+ Options +ExecCGI
+ Require all granted
+
+
+ ScriptAlias /cgibin/ /var/www/fluid-eos/cgibin/
+
+ Options +ExecCGI
+ Require all granted
+
+
+
diff --git a/apache/conf/gfa-status.conf b/apache/conf/gfa-status.conf
new file mode 100644
index 0000000..23bf340
--- /dev/null
+++ b/apache/conf/gfa-status.conf
@@ -0,0 +1,31 @@
+
+ ServerName gfa-status-test.psi.ch
+ DocumentRoot /var/www/gfa-status/web
+
+ ErrorLog /proc/self/fd/2
+ CustomLog /proc/self/fd/1 combined
+
+ Header set Access-Control-Allow-Origin "*"
+
+ # PHP configuration
+
+ SetHandler application/x-httpd-php
+
+
+ php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -fwebmaster@gfa-status.web.psi.ch"
+ php_admin_value upload_tmp_dir /var/www/clients/client45/web70/tmp
+ php_admin_value session.save_path /var/www/clients/client45/web70/tmp
+ php_admin_value open_basedir /var/www/clients/client45/web70/web:/var/www/clients/client45/web70/private:/var/www/clients/client45/web70/tmp:/var/www/gfa-status.web.psi.ch/web:/tmp:/usr/share/php:/usr/share/phpmyadmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/var/www/error/
+
+
+ Options +FollowSymLinks +Includes
+ AllowOverride All
+ Require all granted
+
+ # SSI support
+ AddType text/html .shtml
+ AddOutputFilter INCLUDES .shtml
+
+
+
+
diff --git a/apache/conf/rfmwtools.conf b/apache/conf/rfmwtools.conf
new file mode 100644
index 0000000..e86abfd
--- /dev/null
+++ b/apache/conf/rfmwtools.conf
@@ -0,0 +1,29 @@
+
+ ServerName rfmwtools-test.psi.ch
+
+ # Document root for static files
+ DocumentRoot /var/www/rfmwtools
+
+ # CGI scripts
+ ScriptAlias /cgi-bin/ /var/www/rfmwtools/cgi-bin/
+
+
+ Options +ExecCGI +FollowSymLinks +Indexes
+ AddHandler cgi-script .sh .cgi
+ Require all granted
+
+ SetEnv SCRIPT_WORKDIR /var/www/rfmwtools/cgi-bin
+ DirectoryIndex rfmwtools.html
+
+
+
+ Options Indexes FollowSymLinks
+ AllowOverride None
+ Require all granted
+ DirectoryIndex rfmwtools.html
+
+
+ ErrorLog /proc/self/fd/2
+ CustomLog /proc/self/fd/1 combined
+
+
diff --git a/apache/conf/sls2.conf b/apache/conf/sls2.conf
new file mode 100644
index 0000000..5b5b68b
--- /dev/null
+++ b/apache/conf/sls2.conf
@@ -0,0 +1,14 @@
+
+ ServerName sls2.psi.ch
+ DocumentRoot /var/www/sls2
+
+ Options +Includes
+
+
+ Options +Includes
+ AllowOverride None
+ Require all granted
+
+
+
+
diff --git a/apache/conf/srem.conf b/apache/conf/srem.conf
new file mode 100644
index 0000000..05ac2d8
--- /dev/null
+++ b/apache/conf/srem.conf
@@ -0,0 +1,29 @@
+
+ ServerName srem-test.psi.ch
+ DocumentRoot /var/www/srem
+
+ Options +ExecCGI +Includes
+ AddHandler cgi-script .pl .cgi
+ AddHandler server-parsed .shtml
+ AddOutputFilter INCLUDES .shtml
+
+
+ Options +Includes
+ AllowOverride None
+ Require all granted
+
+
+
+ Options +Includes
+ AllowOverride None
+ Require all granted
+
+
+ # Explicit CGI directory
+ ScriptAlias /cgibin/ /var/www/srem/cgibin/
+
+ Options +ExecCGI -Includes
+ Require all granted
+
+
+
diff --git a/conf.d/fluid-eos-test.conf b/conf.d/fluid-eos-test.conf
new file mode 100644
index 0000000..5706550
--- /dev/null
+++ b/conf.d/fluid-eos-test.conf
@@ -0,0 +1,30 @@
+server {
+ listen 80;
+ server_name fluid-eos-test.psi.ch;
+
+ return 301 https://$host$request_uri;
+}
+
+server {
+ listen 443 ssl;
+ server_name fluid-eos-test.psi.ch;
+
+ ssl_certificate /etc/nginx/certs/fluid-eos-test.psi.ch.crt;
+ ssl_certificate_key /etc/nginx/private/fluid-eos-test.psi.ch.key;
+
+ access_log /var/log/nginx/fluid-eos-test.access.log;
+ error_log /var/log/nginx/fluid-eos-test.error.log;
+
+ # Proxy EVERYTHING to the Apache container
+ location / {
+ proxy_pass http://apache_app:80;
+
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+ # Important for CGI apps
+ proxy_buffering off;
+ }
+}
+
diff --git a/conf.d/gfa-status-test.conf b/conf.d/gfa-status-test.conf
index b7fec56..6c991a0 100644
--- a/conf.d/gfa-status-test.conf
+++ b/conf.d/gfa-status-test.conf
@@ -12,7 +12,7 @@ server {
ssl_certificate_key /etc/nginx/private/gfa-status-test.psi.ch.key;
location / {
- proxy_pass http://gfa-status-test:80;
+ proxy_pass http://apache_app:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
diff --git a/conf.d/rfmwtools.conf b/conf.d/rfmwtools.conf
new file mode 100644
index 0000000..5331c38
--- /dev/null
+++ b/conf.d/rfmwtools.conf
@@ -0,0 +1,21 @@
+server {
+ listen 80;
+ server_name rfmwtools-test.psi.ch;
+ return 301 https://$host$request_uri;
+}
+
+server {
+ listen 443 ssl;
+ server_name rfmwtools-test.psi.ch;
+
+ ssl_certificate /etc/nginx/certs/rfmwtools-test.psi.ch.crt;
+ ssl_certificate_key /etc/nginx/private/rfmwtools-test.psi.ch.key;
+
+ location / {
+ proxy_pass http://apache_app:80;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ }
+}
diff --git a/conf.d/sls2.conf b/conf.d/sls2.conf
new file mode 100644
index 0000000..ef83143
--- /dev/null
+++ b/conf.d/sls2.conf
@@ -0,0 +1,27 @@
+server {
+ listen 80;
+ server_name sls2.psi.ch;
+
+ return 301 https://$host$request_uri;
+}
+
+server {
+ listen 443 ssl;
+ server_name sls2.psi.ch;
+
+ ssl_certificate /etc/nginx/certs/sls2.psi.ch.crt;
+ ssl_certificate_key /etc/nginx/private/sls2.psi.ch.key;
+
+ access_log /var/log/nginx/sls2.access.log;
+ error_log /var/log/nginx/sls2.error.log;
+
+ location / {
+ proxy_pass http://apache_app:80;
+
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+ }
+}
+
diff --git a/conf.d/srem-test.conf b/conf.d/srem-test.conf
new file mode 100644
index 0000000..8a3f17d
--- /dev/null
+++ b/conf.d/srem-test.conf
@@ -0,0 +1,30 @@
+server {
+ listen 80;
+ server_name srem-test.psi.ch;
+
+ return 301 https://$host$request_uri;
+}
+
+server {
+ listen 443 ssl;
+ server_name srem-test.psi.ch;
+
+ ssl_certificate /etc/nginx/certs/srem-test.psi.ch.crt;
+ ssl_certificate_key /etc/nginx/private/srem-test.psi.ch.key;
+
+ access_log /var/log/nginx/srem-test.access.log;
+ error_log /var/log/nginx/srem-test.error.log;
+
+ # Proxy EVERYTHING to the Apache container
+ location / {
+ proxy_pass http://apache_app:80;
+
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+ # Important for CGI apps
+ proxy_buffering off;
+ }
+}
+
diff --git a/docker-compose.yaml b/docker-compose.yaml
index 09ef5dd..4cfd6d4 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -22,7 +22,25 @@ services:
networks:
- public
- backend
-
+
+ # rfwtools
+ # gfa-status-test
+ # fluid-eos
+ # spaceweather
+ apache:
+ image: gitea.psi.ch/images/php-apache:latest
+ container_name: apache_app
+ restart: always
+ volumes:
+ - /opt/webcontent/rfmwtools:/var/www/rfmwtools:ro
+ - /opt/webcontent/gfa-status:/var/www/gfa-status:rw
+ - /opt/webcontent/fluid-eos:/var/www/fluid-eos:rw
+ - /opt/webcontent/sls2:/var/www/sls2:rw
+ - /mount/srem/webhosting:/var/www/srem:rw
+ - ./apache/conf:/etc/apache2/sites-enabled:ro
+ networks:
+ - backend
+
# linux-eng@psi.ch
# Test app
excalidraw:
@@ -38,19 +56,19 @@ services:
pif-elog:
image: gitea.psi.ch/images/elog:3.1.5
container_name: pif-elog
- restart: always
+ restart: always
volumes:
- /opt/logbooks/pif:/usr/local/elog/logbooks
- /opt/webcontent/pif/elog.cfg:/usr/local/elog/elogd.cfg
networks:
- - backend
+ - backend
# Krieger Jonas Andreas , Raselli Andrea-Raeto
# Elog as a Service PoC mit musr-elog.psi.ch? linux-eng@psi.ch
lmu-elog:
image: gitea.psi.ch/images/elog:3.1.5
container_name: lmu-elog
- restart: always
+ restart: always
volumes:
- /opt/logbooks/LMU:/usr/local/elog/logbooks
- /opt/webcontent/LMU/elog.cfg:/usr/local/elog/elogd.cfg
@@ -64,7 +82,7 @@ services:
image: gitea.psi.ch/images/mcda-calculator:1.0.3
container_name: mcda-calculator
restart: always
- networks:
+ networks:
- backend
# Romain Sacchi
@@ -102,7 +120,7 @@ services:
- /opt/webcontent/sf-hedgedoc/uploads:/hedgedoc/public/uploads
restart: always
depends_on:
- - hedgedoc_db
+ - hedgedoc_db
networks:
- backend
- hedgedoc_backend
@@ -121,17 +139,6 @@ services:
networks:
- hedgedoc_backend
- # Andreas Luedeke
- # POC not running yet
- gfa-status-test:
- image: php:8.2-apache
- container_name: gfa-status-test
- volumes:
- - /opt/webcontent/gfa-status/web:/var/www/html
- restart: always
- networks:
- - backend
-
# Flechsig Uwe
# opticswiki (test setup)
# webcontent:
@@ -147,7 +154,7 @@ services:
- /opt/webcontent/opticswiki/lib:/usr/local/apache2/Foswiki-2.1.9/lib
networks:
- backend
-
+
# Angelo Sozzi INC0150655 angelo.sozzi@psi.ch
# POC Software - might be installed on docker-dmz
n8n:
@@ -173,7 +180,7 @@ services:
# It-Strategy monitoring dashboard
it-strategy-dashboard-frontend:
- image: gitea.psi.ch/9501/it-strategy-dashboard-frontend:2.0
+ image: gitea.psi.ch/9501/it-strategy-dashboard-frontend:3.0
container_name: it-strategy-dashboard-frontend
command: ["sh","-c","/usr/local/bin/copyData.sh"]
volumes:
@@ -183,7 +190,7 @@ services:
- it_strategy_dashboard_backend
it-strategy-dashboard-backend:
- image: gitea.psi.ch/9501/it-strategy-dashboard-backend:2.0.1
+ image: gitea.psi.ch/9501/it-strategy-dashboard-backend:3.0.1
container_name: it-strategy-dashboard-backend
restart: always
environment:
diff --git a/nginx.conf b/nginx.conf
index 022ad56..6516663 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -12,7 +12,6 @@ http {
default_type application/octet-stream;
add_header X-Content-Type-Options nosniff;
- add_header X-Frame-Options DENY;
add_header X-XSS-Protection "1; mode=block";
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; # HSTS
add_header Referrer-Policy no-referrer-when-downgrade; # Referrer policy