From 24de11e1c2a5e2564e1b83b9aa9b237cea55f4e2 Mon Sep 17 00:00:00 2001 From: ritter_t Date: Wed, 17 Sep 2025 09:14:34 +0200 Subject: [PATCH 01/46] It-strategy-dashboard v2.0 --- conf.d/it-dashboard.conf | 28 +++++++++++++ docker-compose.yaml | 88 ++++++++++++++++++++++++++++++++++++---- 2 files changed, 109 insertions(+), 7 deletions(-) create mode 100644 conf.d/it-dashboard.conf diff --git a/conf.d/it-dashboard.conf b/conf.d/it-dashboard.conf new file mode 100644 index 0000000..124d9c0 --- /dev/null +++ b/conf.d/it-dashboard.conf @@ -0,0 +1,28 @@ +server { + listen 80; + server_name it-strategy-dashboard.psi.ch; + return 301 https://$host$request_uri; +} + +server { + listen 443 ssl; + server_name it-strategy-dashboard.psi.ch; + + ssl_certificate /etc/nginx/certs/it-strategy-dashboard.psi.ch.crt; + ssl_certificate_key /etc/nginx/private/it-strategy-dashboard.psi.ch.key; + + root /opt/webcontent/it-strategy-dashboard; + index index.html; + + location / { + try_files $uri /index.html; + } + + location /api/ { + proxy_pass http://it-strategy-dashboard-backend:8080; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} diff --git a/docker-compose.yaml b/docker-compose.yaml index 0956cf7..840d2ad 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -16,10 +16,11 @@ services: - /etc/nginx/nginx.conf:/etc/nginx/nginx.conf:ro - /etc/nginx/conf.d:/etc/nginx/conf.d:ro - /opt/webcontent/sinqstatus-test:/opt/webcontent/sinqstatus-test:ro + - /opt/webcontent/it-strategy-dashboard/frontend/:/opt/webcontent/it-strategy-dashboard/:ro networks: - public - backend - + # linux-eng@psi.ch # Test app excalidraw: @@ -35,19 +36,19 @@ services: pif-elog: image: gitea.psi.ch/images/elog:3.1.5 container_name: pif-elog - restart: always + restart: always volumes: - /opt/logbooks/pif:/usr/local/elog/logbooks - /opt/webcontent/pif/elog.cfg:/usr/local/elog/elogd.cfg networks: - - backend + - backend # Krieger Jonas Andreas , Raselli Andrea-Raeto # Elog as a Service PoC mit musr-elog.psi.ch? linux-eng@psi.ch lmu-elog: image: gitea.psi.ch/images/elog:3.1.5 container_name: lmu-elog - restart: always + restart: always volumes: - /opt/logbooks/LMU:/usr/local/elog/logbooks - /opt/webcontent/LMU/elog.cfg:/usr/local/elog/elogd.cfg @@ -61,7 +62,7 @@ services: image: gitea.psi.ch/images/mcda-calculator:1.0.3 container_name: mcda-calculator restart: always - networks: + networks: - backend # Romain Sacchi @@ -99,7 +100,7 @@ services: - /opt/webcontent/sf-hedgedoc/uploads:/hedgedoc/public/uploads restart: always depends_on: - - hedgedoc_db + - hedgedoc_db networks: - backend - hedgedoc_backend @@ -123,7 +124,7 @@ services: gfa-status-test: image: php:8.2-apache container_name: gfa-status-test - volumes: + volumes: - /opt/webcontent/gfa-status/web:/var/www/html restart: always networks: @@ -187,8 +188,81 @@ services: networks: - backend + +# Ritter Tom +# It-Strategy monitoring dashboard + it-strategy-dashboard-frontend: + image: gitea.psi.ch/9501/it-strategy-dashboard-frontend:2.0 + container_name: it-strategy-dashboard-frontend + command: ["sh","-c","/usr/local/bin/copyData.sh"] + volumes: + - /opt/webcontent/it-strategy-dashboard/frontend:/opt/webcontent/it-strategy-dashboard/frontend + restart: "no" + + it-strategy-dashboard-backend: + image: gitea.psi.ch/9501/it-strategy-dashboard-backend:2.0 + container_name: it-strategy-dashboard-backend + restart: always + environment: + - DB_HOST=it-strategy-dashboard-db + - DB_PORT=3306 + - DB_NAME=itstrategy + - DB_USER=${IT_DASHBOARD_DB_USER} + - DB_PASS=${IT_DASHBOARD_DB_PW} + - JWT_SECRET=${JWT_SECRET} + depends_on: + it-strategy-dashboard-db: + condition: service_started + it-strategy-dashboard-liquibase: + condition: service_completed_successfully + networks: + - it_strategy_dashboard_backend + - backend + + it-strategy-dashboard-liquibase: + image: gitea.psi.ch/9501/it-strategy-dashboard-liquibase:2.0 + container_name: it-strategy-dashboard-liquibase + restart: "no" + environment: + - ADMIN_PW_HASH=${ADMIN_PW_HASH} + command: + - "--url=jdbc:mariadb://it-strategy-dashboard-db:3306/itstrategy" + - "--username=${IT_DASHBOARD_DB_USER}" + - "--password=${IT_DASHBOARD_DB_PW}" + - "--changelog-file=changelog/master.yaml" + - "update" + depends_on: + it-strategy-dashboard-db: + condition: service_healthy + networks: + - it_strategy_dashboard_backend + + + it-strategy-dashboard-db: + image: mariadb:12 + container_name: it-strategy-dashboard-db + restart: always + environment: + - MYSQL_ROOT_PASSWORD=${IT_DASHBOARD_DB_ROOT_PW} + - MYSQL_DATABASE=itstrategy + - MYSQL_USER=${IT_DASHBOARD_DB_USER} + - MYSQL_PASSWORD=${IT_DASHBOARD_DB_PW} + volumes: + - /opt/webcontent/it-strategy-dashboard/mysql/data:/var/lib/mysql + depends_on: + it-strategy-dashboard-frontend: + condition: service_completed_successfully + networks: + - it_strategy_dashboard_backend + healthcheck: + test: ["CMD", "mariadb-admin", "ping", "-h", "localhost", "-u${IT_DASHBOARD_DB_USER}", "-p${IT_DASHBOARD_DB_PW}"] + interval: 10s + timeout: 5s + retries: 5 + networks: public: backend: hedgedoc_backend: woodpecker_backend: + it_strategy_dashboard_backend: From 397d56ef8848c9649844d56c861ad3173682615b Mon Sep 17 00:00:00 2001 From: ritter_t Date: Fri, 26 Sep 2025 16:19:45 +0200 Subject: [PATCH 02/46] docker-compose.yaml aktualisiert added directory with frontend data to nginx service --- docker-compose.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/docker-compose.yaml b/docker-compose.yaml index cb3b7d7..f894c18 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -16,6 +16,7 @@ services: - /etc/nginx/nginx.conf:/etc/nginx/nginx.conf:ro - /etc/nginx/conf.d:/etc/nginx/conf.d:ro - /opt/webcontent/sinqstatus-test:/opt/webcontent/sinqstatus-test:ro + - /opt/webcontent/it-strategy-dashboard/frontend/:/opt/webcontent/it-strategy-dashboard/:ro networks: - public - backend From 708b0f8152e2a2bd776538ea598c5b11d5a07d1d Mon Sep 17 00:00:00 2001 From: "tom.ritter" Date: Wed, 8 Oct 2025 13:18:23 +0200 Subject: [PATCH 03/46] It-strategy-dashboard v2.0.1 --- docker-compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yaml b/docker-compose.yaml index f894c18..d9d1813 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -202,7 +202,7 @@ services: - it_strategy_dashboard_backend it-strategy-dashboard-backend: - image: gitea.psi.ch/9501/it-strategy-dashboard-backend:2.0 + image: gitea.psi.ch/9501/it-strategy-dashboard-backend:2.0.1 container_name: it-strategy-dashboard-backend restart: always environment: From 2a95f63f3bb92be1504c42137b970944612887d3 Mon Sep 17 00:00:00 2001 From: ritter_t Date: Wed, 8 Oct 2025 13:22:39 +0200 Subject: [PATCH 04/46] removed duplicated nginx conf file --- conf.d/it-dashboard.conf | 28 ---------------------------- 1 file changed, 28 deletions(-) delete mode 100644 conf.d/it-dashboard.conf diff --git a/conf.d/it-dashboard.conf b/conf.d/it-dashboard.conf deleted file mode 100644 index 124d9c0..0000000 --- a/conf.d/it-dashboard.conf +++ /dev/null @@ -1,28 +0,0 @@ -server { - listen 80; - server_name it-strategy-dashboard.psi.ch; - return 301 https://$host$request_uri; -} - -server { - listen 443 ssl; - server_name it-strategy-dashboard.psi.ch; - - ssl_certificate /etc/nginx/certs/it-strategy-dashboard.psi.ch.crt; - ssl_certificate_key /etc/nginx/private/it-strategy-dashboard.psi.ch.key; - - root /opt/webcontent/it-strategy-dashboard; - index index.html; - - location / { - try_files $uri /index.html; - } - - location /api/ { - proxy_pass http://it-strategy-dashboard-backend:8080; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - } -} From 0d160ed817ba3160a7d774a6c332c14b448a865d Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Tue, 11 Nov 2025 11:00:19 +0100 Subject: [PATCH 05/46] deploy fluid-eos and rfmwtools test Signed-off-by: Basil Bruhn --- conf.d/fluid-eos-test.conf | 30 ++++++++++++++++++++++++++++++ conf.d/rfmwtools-test.conf | 30 ++++++++++++++++++++++++++++++ docker-compose.yaml | 2 ++ 3 files changed, 62 insertions(+) create mode 100644 conf.d/fluid-eos-test.conf create mode 100644 conf.d/rfmwtools-test.conf diff --git a/conf.d/fluid-eos-test.conf b/conf.d/fluid-eos-test.conf new file mode 100644 index 0000000..6826f64 --- /dev/null +++ b/conf.d/fluid-eos-test.conf @@ -0,0 +1,30 @@ +# INC0150202 Kohlbrecher Joachim & Wall Edward Owen +server { + listen 80; + server_name fluid-eos-test.psi.ch; + + return 301 https://$host$request_uri; +} + +server { + listen 443 ssl; + server_name fluid-eos-test.psi.ch; + + root /opt/webcontent/fluid-eos; + index index.html; + + ssl_certificate /etc/nginx/certs/fluid-eos-test.psi.ch.crt; + ssl_certificate_key /etc/nginx/private/fluid-eos-test.psi.ch.key; + + access_log /var/log/nginx/fluid-eos-test.access.log; + error_log /var/log/nginx/fluid-eos-test.error.log; + + location / { + autoindex on; + autoindex_exact_size off; + autoindex_localtime on; + + try_files $uri $uri/ =404; + } +} + diff --git a/conf.d/rfmwtools-test.conf b/conf.d/rfmwtools-test.conf new file mode 100644 index 0000000..6a59873 --- /dev/null +++ b/conf.d/rfmwtools-test.conf @@ -0,0 +1,30 @@ +# Gaspar Marcos - ISPD Migration +server { + listen 80; + server_name rfmwtools-test.psi.ch; + + return 301 https://$host$request_uri; +} + +server { + listen 443 ssl; + server_name rfmwtools-test.psi.ch; + + root /opt/webcontent/rfmwtools; + index rfmwtools.html; + + ssl_certificate /etc/nginx/certs/rfmwtools-test.psi.ch.crt; + ssl_certificate_key /etc/nginx/private/rfmwtools-test.psi.ch.key; + + access_log /var/log/nginx/rfmwtools-test.access.log; + error_log /var/log/nginx/rfmwtools-test.error.log; + + location / { + autoindex on; + autoindex_exact_size off; + autoindex_localtime on; + + try_files $uri $uri/ =404; + } +} + diff --git a/docker-compose.yaml b/docker-compose.yaml index b87386f..e2a26b0 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -18,6 +18,8 @@ services: - /etc/nginx/nginx.conf:/etc/nginx/nginx.conf:ro - /etc/nginx/conf.d:/etc/nginx/conf.d:ro - /opt/webcontent/sinqstatus-test:/opt/webcontent/sinqstatus-test:ro + - /opt/webcontent/fluid-eos:/opt/webcontent/fluid-eos:ro + - /opt/webcontent/rfmwtools:/opt/webcontent/rfmwtools:ro - /opt/webcontent/it-strategy-dashboard/frontend/:/opt/webcontent/it-strategy-dashboard/:ro networks: - public From 478e3ab70f4b9100c2290fa47185749d26774354 Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Tue, 11 Nov 2025 11:07:39 +0100 Subject: [PATCH 06/46] fix description and locations EOS Signed-off-by: Basil Bruhn --- conf.d/fluid-eos-test.conf | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/conf.d/fluid-eos-test.conf b/conf.d/fluid-eos-test.conf index 6826f64..5951684 100644 --- a/conf.d/fluid-eos-test.conf +++ b/conf.d/fluid-eos-test.conf @@ -1,4 +1,4 @@ -# INC0150202 Kohlbrecher Joachim & Wall Edward Owen +# Churakov Sergey - ISPD migration server { listen 80; server_name fluid-eos-test.psi.ch; @@ -26,5 +26,12 @@ server { try_files $uri $uri/ =404; } + location /EOS/ { + autoindex on; + autoindex_exact_size off; + autoindex_localtime on; + + try_files $uri $uri/ =404; + } } From 0b68f417156e37433f5f34236f67ab00eb9469df Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Tue, 11 Nov 2025 11:10:13 +0100 Subject: [PATCH 07/46] prefix match Signed-off-by: Basil Bruhn --- conf.d/fluid-eos-test.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf.d/fluid-eos-test.conf b/conf.d/fluid-eos-test.conf index 5951684..e0e1a21 100644 --- a/conf.d/fluid-eos-test.conf +++ b/conf.d/fluid-eos-test.conf @@ -26,7 +26,7 @@ server { try_files $uri $uri/ =404; } - location /EOS/ { + location ^~ /EOS/ { autoindex on; autoindex_exact_size off; autoindex_localtime on; From c96d168b6d35690bc82d48f960a01b9c5204cfa4 Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Tue, 11 Nov 2025 11:28:42 +0100 Subject: [PATCH 08/46] x-frame-options allow Signed-off-by: Basil Bruhn --- nginx.conf | 1 - 1 file changed, 1 deletion(-) diff --git a/nginx.conf b/nginx.conf index 022ad56..6516663 100644 --- a/nginx.conf +++ b/nginx.conf @@ -12,7 +12,6 @@ http { default_type application/octet-stream; add_header X-Content-Type-Options nosniff; - add_header X-Frame-Options DENY; add_header X-XSS-Protection "1; mode=block"; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; # HSTS add_header Referrer-Policy no-referrer-when-downgrade; # Referrer policy From 0ace2e232e5f3a536dde28181a4454ffabd6427a Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Tue, 11 Nov 2025 11:50:02 +0100 Subject: [PATCH 09/46] java script errors Signed-off-by: Basil Bruhn --- conf.d/rfmwtools-test.conf | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/conf.d/rfmwtools-test.conf b/conf.d/rfmwtools-test.conf index 6a59873..d1a9f70 100644 --- a/conf.d/rfmwtools-test.conf +++ b/conf.d/rfmwtools-test.conf @@ -19,12 +19,21 @@ server { access_log /var/log/nginx/rfmwtools-test.access.log; error_log /var/log/nginx/rfmwtools-test.error.log; + # CSP-only framing + add_header Content-Security-Policy "frame-ancestors https://*.psi.ch" always; + add_header X-Frame-Options "" always; + + location ~* \.(js|css|html|gif|png|jpg|ico)$ { + autoindex off; + try_files $uri =404; + } + location / { autoindex on; autoindex_exact_size off; autoindex_localtime on; - try_files $uri $uri/ =404; + try_files $uri/ =404; } } From 70569943087e7f036f26cfbad557ec67153f049a Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Tue, 11 Nov 2025 12:03:42 +0100 Subject: [PATCH 10/46] whitespaces Signed-off-by: Basil Bruhn --- docker-compose.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docker-compose.yaml b/docker-compose.yaml index e2a26b0..ce17a33 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -40,19 +40,19 @@ services: pif-elog: image: gitea.psi.ch/images/elog:3.1.5 container_name: pif-elog - restart: always + restart: always volumes: - /opt/logbooks/pif:/usr/local/elog/logbooks - /opt/webcontent/pif/elog.cfg:/usr/local/elog/elogd.cfg networks: - - backend + - backend # Krieger Jonas Andreas , Raselli Andrea-Raeto # Elog as a Service PoC mit musr-elog.psi.ch? linux-eng@psi.ch lmu-elog: image: gitea.psi.ch/images/elog:3.1.5 container_name: lmu-elog - restart: always + restart: always volumes: - /opt/logbooks/LMU:/usr/local/elog/logbooks - /opt/webcontent/LMU/elog.cfg:/usr/local/elog/elogd.cfg @@ -66,7 +66,7 @@ services: image: gitea.psi.ch/images/mcda-calculator:1.0.3 container_name: mcda-calculator restart: always - networks: + networks: - backend # Romain Sacchi @@ -104,7 +104,7 @@ services: - /opt/webcontent/sf-hedgedoc/uploads:/hedgedoc/public/uploads restart: always depends_on: - - hedgedoc_db + - hedgedoc_db networks: - backend - hedgedoc_backend From 572398fe572b0e2a27f1d90353e113a6f6e84382 Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Tue, 11 Nov 2025 12:21:04 +0100 Subject: [PATCH 11/46] add apache php / cgi container for future apps and rfmwtools Signed-off-by: Basil Bruhn --- apache/conf/httpd.conf | 25 ++++++++++++++++++++++++ conf.d/rfmwtools-test.conf | 39 -------------------------------------- conf.d/rfmwtools.conf | 21 ++++++++++++++++++++ docker-compose.yaml | 15 +++++++++++++-- 4 files changed, 59 insertions(+), 41 deletions(-) create mode 100644 apache/conf/httpd.conf delete mode 100644 conf.d/rfmwtools-test.conf create mode 100644 conf.d/rfmwtools.conf diff --git a/apache/conf/httpd.conf b/apache/conf/httpd.conf new file mode 100644 index 0000000..f4edc99 --- /dev/null +++ b/apache/conf/httpd.conf @@ -0,0 +1,25 @@ +# Enable modules +LoadModule cgi_module modules/mod_cgi.so +LoadModule rewrite_module modules/mod_rewrite.so +LoadModule php_module modules/libphp.so # already in php:8.2-apache + +# RFMTools +DocumentRoot "/var/www/rfmwtools" + + + Options +ExecCGI +FollowSymLinks + AddHandler cgi-script .sh .cgi + Require all granted + + +# Optional: PHP apps under /phpapps (not enabled yet) + + Options Indexes FollowSymLinks + AllowOverride All + Require all granted + + +# Aliases for PHP apps (commented until ready) +#Alias /phpapp1/ /var/www/phpapps/app1/ +#Alias /phpapp2/ /var/www/phpapps/app2/ + diff --git a/conf.d/rfmwtools-test.conf b/conf.d/rfmwtools-test.conf deleted file mode 100644 index d1a9f70..0000000 --- a/conf.d/rfmwtools-test.conf +++ /dev/null @@ -1,39 +0,0 @@ -# Gaspar Marcos - ISPD Migration -server { - listen 80; - server_name rfmwtools-test.psi.ch; - - return 301 https://$host$request_uri; -} - -server { - listen 443 ssl; - server_name rfmwtools-test.psi.ch; - - root /opt/webcontent/rfmwtools; - index rfmwtools.html; - - ssl_certificate /etc/nginx/certs/rfmwtools-test.psi.ch.crt; - ssl_certificate_key /etc/nginx/private/rfmwtools-test.psi.ch.key; - - access_log /var/log/nginx/rfmwtools-test.access.log; - error_log /var/log/nginx/rfmwtools-test.error.log; - - # CSP-only framing - add_header Content-Security-Policy "frame-ancestors https://*.psi.ch" always; - add_header X-Frame-Options "" always; - - location ~* \.(js|css|html|gif|png|jpg|ico)$ { - autoindex off; - try_files $uri =404; - } - - location / { - autoindex on; - autoindex_exact_size off; - autoindex_localtime on; - - try_files $uri/ =404; - } -} - diff --git a/conf.d/rfmwtools.conf b/conf.d/rfmwtools.conf new file mode 100644 index 0000000..5331c38 --- /dev/null +++ b/conf.d/rfmwtools.conf @@ -0,0 +1,21 @@ +server { + listen 80; + server_name rfmwtools-test.psi.ch; + return 301 https://$host$request_uri; +} + +server { + listen 443 ssl; + server_name rfmwtools-test.psi.ch; + + ssl_certificate /etc/nginx/certs/rfmwtools-test.psi.ch.crt; + ssl_certificate_key /etc/nginx/private/rfmwtools-test.psi.ch.key; + + location / { + proxy_pass http://apache_app:80; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} diff --git a/docker-compose.yaml b/docker-compose.yaml index ce17a33..ee7cd7c 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -19,12 +19,23 @@ services: - /etc/nginx/conf.d:/etc/nginx/conf.d:ro - /opt/webcontent/sinqstatus-test:/opt/webcontent/sinqstatus-test:ro - /opt/webcontent/fluid-eos:/opt/webcontent/fluid-eos:ro - - /opt/webcontent/rfmwtools:/opt/webcontent/rfmwtools:ro - /opt/webcontent/it-strategy-dashboard/frontend/:/opt/webcontent/it-strategy-dashboard/:ro networks: - public - backend - + + apache: + image: php:8.2-apache + container_name: apache_app + restart: always + volumes: + - /opt/webcontent/rfmwtools:/var/www/rfmwtools:ro +# Apache config is prepared to have php apps inside /var/www/phpapps +# - ./phpapps:/var/www/phpapps:ro + - ./apache/conf/httpd.conf:/usr/local/etc/apache2/httpd.conf:ro + networks: + - backend + # linux-eng@psi.ch # Test app excalidraw: From fe99b08bdda05aaf97378feee1820aecb7de69df Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Tue, 11 Nov 2025 12:26:57 +0100 Subject: [PATCH 12/46] apache config document root disable Signed-off-by: Basil Bruhn --- apache/conf/httpd.conf | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/apache/conf/httpd.conf b/apache/conf/httpd.conf index f4edc99..1325bf0 100644 --- a/apache/conf/httpd.conf +++ b/apache/conf/httpd.conf @@ -3,6 +3,11 @@ LoadModule cgi_module modules/mod_cgi.so LoadModule rewrite_module modules/mod_rewrite.so LoadModule php_module modules/libphp.so # already in php:8.2-apache +# Disable default doc root + + Require all denied + + # RFMTools DocumentRoot "/var/www/rfmwtools" From 2280fb03ad6fb50eb2e37e215610d8110719cfa4 Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Tue, 11 Nov 2025 12:42:02 +0100 Subject: [PATCH 13/46] make apache config modular Signed-off-by: Basil Bruhn --- apache/conf/httpd.conf | 30 ------------------------------ apache/conf/rfmwtools.conf | 15 +++++++++++++++ docker-compose.yaml | 5 ++--- 3 files changed, 17 insertions(+), 33 deletions(-) delete mode 100644 apache/conf/httpd.conf create mode 100644 apache/conf/rfmwtools.conf diff --git a/apache/conf/httpd.conf b/apache/conf/httpd.conf deleted file mode 100644 index 1325bf0..0000000 --- a/apache/conf/httpd.conf +++ /dev/null @@ -1,30 +0,0 @@ -# Enable modules -LoadModule cgi_module modules/mod_cgi.so -LoadModule rewrite_module modules/mod_rewrite.so -LoadModule php_module modules/libphp.so # already in php:8.2-apache - -# Disable default doc root - - Require all denied - - -# RFMTools -DocumentRoot "/var/www/rfmwtools" - - - Options +ExecCGI +FollowSymLinks - AddHandler cgi-script .sh .cgi - Require all granted - - -# Optional: PHP apps under /phpapps (not enabled yet) - - Options Indexes FollowSymLinks - AllowOverride All - Require all granted - - -# Aliases for PHP apps (commented until ready) -#Alias /phpapp1/ /var/www/phpapps/app1/ -#Alias /phpapp2/ /var/www/phpapps/app2/ - diff --git a/apache/conf/rfmwtools.conf b/apache/conf/rfmwtools.conf new file mode 100644 index 0000000..e4d10c0 --- /dev/null +++ b/apache/conf/rfmwtools.conf @@ -0,0 +1,15 @@ + + ServerName rfmwtools-test.psi.ch + + DocumentRoot /var/www/rfmwtools + + + Options +ExecCGI +FollowSymLinks + AddHandler cgi-script .sh .cgi + Require all granted + + + ErrorLog /proc/self/fd/2 + CustomLog /proc/self/fd/1 combined + + diff --git a/docker-compose.yaml b/docker-compose.yaml index ee7cd7c..b7983b7 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -30,9 +30,8 @@ services: restart: always volumes: - /opt/webcontent/rfmwtools:/var/www/rfmwtools:ro -# Apache config is prepared to have php apps inside /var/www/phpapps -# - ./phpapps:/var/www/phpapps:ro - - ./apache/conf/httpd.conf:/usr/local/etc/apache2/httpd.conf:ro + - ./apache/conf/rfmwtools.conf:/etc/apache2/sites-enabled/rfmwtools.conf:ro + networks: - backend From a455dcc0324ee65663cd1f8c01bfb11a87627b16 Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Tue, 11 Nov 2025 12:44:55 +0100 Subject: [PATCH 14/46] change index Signed-off-by: Basil Bruhn --- apache/conf/rfmwtools.conf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/apache/conf/rfmwtools.conf b/apache/conf/rfmwtools.conf index e4d10c0..8c61e85 100644 --- a/apache/conf/rfmwtools.conf +++ b/apache/conf/rfmwtools.conf @@ -4,8 +4,9 @@ DocumentRoot /var/www/rfmwtools - Options +ExecCGI +FollowSymLinks + Options +ExecCGI +FollowSymLinks +Indexes AddHandler cgi-script .sh .cgi + DirectoryIndex rfmwtools.html Require all granted From fb522a5a893644f3103f7d9322453007f7bf8daf Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Tue, 11 Nov 2025 12:47:03 +0100 Subject: [PATCH 15/46] apache ist soooooooo kompliziert Signed-off-by: Basil Bruhn --- apache/conf/rfmwtools.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apache/conf/rfmwtools.conf b/apache/conf/rfmwtools.conf index 8c61e85..941665e 100644 --- a/apache/conf/rfmwtools.conf +++ b/apache/conf/rfmwtools.conf @@ -3,7 +3,7 @@ DocumentRoot /var/www/rfmwtools - + Options +ExecCGI +FollowSymLinks +Indexes AddHandler cgi-script .sh .cgi DirectoryIndex rfmwtools.html From 4fb595ea66fad702103d4dd2dab6e024f2f39e0e Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Tue, 11 Nov 2025 12:48:33 +0100 Subject: [PATCH 16/46] fail Signed-off-by: Basil Bruhn --- apache/conf/rfmwtools.conf | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/apache/conf/rfmwtools.conf b/apache/conf/rfmwtools.conf index 941665e..0967497 100644 --- a/apache/conf/rfmwtools.conf +++ b/apache/conf/rfmwtools.conf @@ -3,10 +3,17 @@ DocumentRoot /var/www/rfmwtools + # Serve HTML and static files at root + + Options +FollowSymLinks + DirectoryIndex rfmwtools.html + Require all granted + + + # Enable CGI execution for scripts in cgi-bin - Options +ExecCGI +FollowSymLinks +Indexes + Options +ExecCGI +FollowSymLinks AddHandler cgi-script .sh .cgi - DirectoryIndex rfmwtools.html Require all granted From ac9831d4aa83d86253ecbf41509ae4948297d5d3 Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Tue, 11 Nov 2025 13:04:43 +0100 Subject: [PATCH 17/46] own docker image Signed-off-by: Basil Bruhn --- docker-compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yaml b/docker-compose.yaml index b7983b7..16fc00f 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -25,7 +25,7 @@ services: - backend apache: - image: php:8.2-apache + image: gitea.psi.ch/images/php-apache:latest container_name: apache_app restart: always volumes: From 0f0ceb374b84fb975655bd6d077133d443a960af Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Tue, 11 Nov 2025 13:07:57 +0100 Subject: [PATCH 18/46] apache mal wieder Signed-off-by: Basil Bruhn --- apache/conf/rfmwtools.conf | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/apache/conf/rfmwtools.conf b/apache/conf/rfmwtools.conf index 0967497..ca12624 100644 --- a/apache/conf/rfmwtools.conf +++ b/apache/conf/rfmwtools.conf @@ -3,16 +3,10 @@ DocumentRoot /var/www/rfmwtools - # Serve HTML and static files at root - - Options +FollowSymLinks - DirectoryIndex rfmwtools.html - Require all granted - + ScriptAlias /cgi-bin/ /var/www/rfmwtools/cgi-bin/ - # Enable CGI execution for scripts in cgi-bin - Options +ExecCGI +FollowSymLinks + Options +ExecCGI +FollowSymLinks +Indexes AddHandler cgi-script .sh .cgi Require all granted From 50b7cf64c585f71fb0be3f61235a687253bde5ff Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Tue, 11 Nov 2025 13:10:36 +0100 Subject: [PATCH 19/46] apache Signed-off-by: Basil Bruhn --- apache/conf/rfmwtools.conf | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/apache/conf/rfmwtools.conf b/apache/conf/rfmwtools.conf index ca12624..5122cda 100644 --- a/apache/conf/rfmwtools.conf +++ b/apache/conf/rfmwtools.conf @@ -11,6 +11,11 @@ Require all granted + + Options Indexes FollowSymLinks + Require all granted + + ErrorLog /proc/self/fd/2 CustomLog /proc/self/fd/1 combined From 570cd243e2bc07266f32314f15cabff886a2eb18 Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Tue, 11 Nov 2025 13:18:58 +0100 Subject: [PATCH 20/46] finally Signed-off-by: Basil Bruhn --- apache/conf/rfmwtools.conf | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/apache/conf/rfmwtools.conf b/apache/conf/rfmwtools.conf index 5122cda..e86abfd 100644 --- a/apache/conf/rfmwtools.conf +++ b/apache/conf/rfmwtools.conf @@ -1,19 +1,26 @@ ServerName rfmwtools-test.psi.ch + # Document root for static files DocumentRoot /var/www/rfmwtools + # CGI scripts ScriptAlias /cgi-bin/ /var/www/rfmwtools/cgi-bin/ Options +ExecCGI +FollowSymLinks +Indexes AddHandler cgi-script .sh .cgi Require all granted + + SetEnv SCRIPT_WORKDIR /var/www/rfmwtools/cgi-bin + DirectoryIndex rfmwtools.html Options Indexes FollowSymLinks + AllowOverride None Require all granted + DirectoryIndex rfmwtools.html ErrorLog /proc/self/fd/2 From a543867ffd41f9790f60e3034fb37bf979abcc80 Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Tue, 11 Nov 2025 14:48:26 +0100 Subject: [PATCH 21/46] gfa-status-test Signed-off-by: Basil Bruhn --- apache/conf/gfa-status.conf | 32 ++++++++++++++++++++++++++++++++ docker-compose.yaml | 17 ++++------------- 2 files changed, 36 insertions(+), 13 deletions(-) create mode 100644 apache/conf/gfa-status.conf diff --git a/apache/conf/gfa-status.conf b/apache/conf/gfa-status.conf new file mode 100644 index 0000000..5bdfea7 --- /dev/null +++ b/apache/conf/gfa-status.conf @@ -0,0 +1,32 @@ + + ServerName gfa-status.web.psi.ch + ServerAlias www.gfa-status.web.psi.ch + DocumentRoot /var/www/gfa-status.web.psi.ch/web + + ErrorLog /proc/self/fd/2 + CustomLog /proc/self/fd/1 combined + + Header set Access-Control-Allow-Origin "*" + + # PHP configuration + + SetHandler application/x-httpd-php + + + php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -fwebmaster@gfa-status.web.psi.ch" + php_admin_value upload_tmp_dir /var/www/clients/client45/web70/tmp + php_admin_value session.save_path /var/www/clients/client45/web70/tmp + php_admin_value open_basedir /var/www/clients/client45/web70/web:/var/www/clients/client45/web70/private:/var/www/clients/client45/web70/tmp:/var/www/gfa-status.web.psi.ch/web:/tmp:/usr/share/php:/usr/share/phpmyadmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/var/www/error/ + + + Options +FollowSymLinks +Includes + AllowOverride All + Require all granted + + # SSI support + AddType text/html .shtml + AddOutputFilter INCLUDES .shtml + + + + diff --git a/docker-compose.yaml b/docker-compose.yaml index 16fc00f..d468e87 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -24,14 +24,16 @@ services: - public - backend + # rfwtools + # gfa-status-test apache: image: gitea.psi.ch/images/php-apache:latest container_name: apache_app restart: always volumes: - /opt/webcontent/rfmwtools:/var/www/rfmwtools:ro - - ./apache/conf/rfmwtools.conf:/etc/apache2/sites-enabled/rfmwtools.conf:ro - + - /opt/webcontent/gfa-status:/var/www/gfa-status:ro + - ./apache/conf/:/etc/apache2/sites-enabled/:ro networks: - backend @@ -133,17 +135,6 @@ services: networks: - hedgedoc_backend - # Andreas Luedeke - # POC not running yet - gfa-status-test: - image: php:8.2-apache - container_name: gfa-status-test - volumes: - - /opt/webcontent/gfa-status/web:/var/www/html - restart: always - networks: - - backend - # Flechsig Uwe # opticswiki (test setup) # I assume gitea.psi.ch/images is the local image repository filled docker push From d9bc31d0b66de88e0383fe66a935ecd348f86ff9 Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Tue, 11 Nov 2025 14:55:46 +0100 Subject: [PATCH 22/46] individual configs Signed-off-by: Basil Bruhn --- docker-compose.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docker-compose.yaml b/docker-compose.yaml index d468e87..5b482d3 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -33,7 +33,8 @@ services: volumes: - /opt/webcontent/rfmwtools:/var/www/rfmwtools:ro - /opt/webcontent/gfa-status:/var/www/gfa-status:ro - - ./apache/conf/:/etc/apache2/sites-enabled/:ro + - ./apache/conf/rfmwtools.conf:/etc/apache2/sites-enabled/rfmwtools.conf:ro + - ./apache/conf/gfa-status.conf:/etc/apache2/sites-enabled/gfa-status.conf:ro networks: - backend From ecc9fc2fc14fbd3de03f50a4cbe50710ae825a39 Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Tue, 11 Nov 2025 15:14:42 +0100 Subject: [PATCH 23/46] different container for gfa status Signed-off-by: Basil Bruhn --- conf.d/gfa-status-test.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf.d/gfa-status-test.conf b/conf.d/gfa-status-test.conf index b7fec56..6c991a0 100644 --- a/conf.d/gfa-status-test.conf +++ b/conf.d/gfa-status-test.conf @@ -12,7 +12,7 @@ server { ssl_certificate_key /etc/nginx/private/gfa-status-test.psi.ch.key; location / { - proxy_pass http://gfa-status-test:80; + proxy_pass http://apache_app:80; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; From 106d05bedb4519eabe6376067be0d70c05d986a1 Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Tue, 11 Nov 2025 15:21:11 +0100 Subject: [PATCH 24/46] apache config error Signed-off-by: Basil Bruhn --- apache/conf/gfa-status.conf | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/apache/conf/gfa-status.conf b/apache/conf/gfa-status.conf index 5bdfea7..23bf340 100644 --- a/apache/conf/gfa-status.conf +++ b/apache/conf/gfa-status.conf @@ -1,7 +1,6 @@ - ServerName gfa-status.web.psi.ch - ServerAlias www.gfa-status.web.psi.ch - DocumentRoot /var/www/gfa-status.web.psi.ch/web + ServerName gfa-status-test.psi.ch + DocumentRoot /var/www/gfa-status/web ErrorLog /proc/self/fd/2 CustomLog /proc/self/fd/1 combined From 6d2b4b7087df344e51b499fa9ebc1f50910ea2c2 Mon Sep 17 00:00:00 2001 From: "tom.ritter" Date: Wed, 12 Nov 2025 14:23:30 +0100 Subject: [PATCH 25/46] chore(v3.0): updated frontend and backend container --- docker-compose.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-compose.yaml b/docker-compose.yaml index d9d1813..07578cb 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -192,7 +192,7 @@ services: # It-Strategy monitoring dashboard it-strategy-dashboard-frontend: - image: gitea.psi.ch/9501/it-strategy-dashboard-frontend:2.0 + image: gitea.psi.ch/9501/it-strategy-dashboard-frontend:3.0 container_name: it-strategy-dashboard-frontend command: ["sh","-c","/usr/local/bin/copyData.sh"] volumes: @@ -202,7 +202,7 @@ services: - it_strategy_dashboard_backend it-strategy-dashboard-backend: - image: gitea.psi.ch/9501/it-strategy-dashboard-backend:2.0.1 + image: gitea.psi.ch/9501/it-strategy-dashboard-backend:3.0 container_name: it-strategy-dashboard-backend restart: always environment: From e5f7eb77b5034d561c8d3fb665e310b0c706224d Mon Sep 17 00:00:00 2001 From: "tom.ritter" Date: Fri, 14 Nov 2025 14:20:07 +0100 Subject: [PATCH 26/46] chore(v3.0.1): fixed missing db column --- docker-compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yaml b/docker-compose.yaml index fdb895e..ec29500 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -188,7 +188,7 @@ services: - it_strategy_dashboard_backend it-strategy-dashboard-backend: - image: gitea.psi.ch/9501/it-strategy-dashboard-backend:3.0 + image: gitea.psi.ch/9501/it-strategy-dashboard-backend:3.0.1 container_name: it-strategy-dashboard-backend restart: always environment: From f2d6ca9c835bd5c92886f248362b4150f20176bb Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Mon, 24 Nov 2025 10:33:04 +0100 Subject: [PATCH 27/46] move fluid to apache Signed-off-by: Basil Bruhn --- apache/conf/fluid-eos.conf | 28 ++++++++++++++++++++++++++++ conf.d/fluid-eos-test.conf | 8 -------- docker-compose.yaml | 3 ++- 3 files changed, 30 insertions(+), 9 deletions(-) create mode 100644 apache/conf/fluid-eos.conf diff --git a/apache/conf/fluid-eos.conf b/apache/conf/fluid-eos.conf new file mode 100644 index 0000000..7c8139d --- /dev/null +++ b/apache/conf/fluid-eos.conf @@ -0,0 +1,28 @@ + + ServerName fluid-eos-test.psi.ch + DocumentRoot /var/www/html/fluid-eos + + # Allow CGI everywhere if needed + Options +ExecCGI + AddHandler cgi-script .pl .cgi .x + + + Options +ExecCGI + AllowOverride None + Require all granted + + + # Explicit CGI directories + ScriptAlias /cgi-bin/ /var/www/html/fluid-eos/cgi-bin/ + + Options +ExecCGI + Require all granted + + + ScriptAlias /cgibin/ /var/www/html/fluid-eos/cgibin/ + + Options +ExecCGI + Require all granted + + + diff --git a/conf.d/fluid-eos-test.conf b/conf.d/fluid-eos-test.conf index e0e1a21..4c14d97 100644 --- a/conf.d/fluid-eos-test.conf +++ b/conf.d/fluid-eos-test.conf @@ -24,14 +24,6 @@ server { autoindex_exact_size off; autoindex_localtime on; - try_files $uri $uri/ =404; - } - location ^~ /EOS/ { - autoindex on; - autoindex_exact_size off; - autoindex_localtime on; - - try_files $uri $uri/ =404; } } diff --git a/docker-compose.yaml b/docker-compose.yaml index ec29500..c73d473 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -18,7 +18,6 @@ services: - /etc/nginx/nginx.conf:/etc/nginx/nginx.conf:ro - /etc/nginx/conf.d:/etc/nginx/conf.d:ro - /opt/webcontent/sinqstatus-test:/opt/webcontent/sinqstatus-test:ro - - /opt/webcontent/fluid-eos:/opt/webcontent/fluid-eos:ro - /opt/webcontent/it-strategy-dashboard/frontend/:/opt/webcontent/it-strategy-dashboard/:ro networks: - public @@ -33,8 +32,10 @@ services: volumes: - /opt/webcontent/rfmwtools:/var/www/rfmwtools:ro - /opt/webcontent/gfa-status:/var/www/gfa-status:ro + - /opt/webcontent/fluid-eos:/var/www/fluid-eos:ro - ./apache/conf/rfmwtools.conf:/etc/apache2/sites-enabled/rfmwtools.conf:ro - ./apache/conf/gfa-status.conf:/etc/apache2/sites-enabled/gfa-status.conf:ro + - ./apache/conf/fluid-eos.conf:/etc/apache2/sites-enabled/fluid-eos.conf:ro networks: - backend From 8492280db2686e42123fe5d254d8a3223a1c3c0d Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Mon, 24 Nov 2025 10:36:12 +0100 Subject: [PATCH 28/46] nginx conf Signed-off-by: Basil Bruhn --- conf.d/fluid-eos-test.conf | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/conf.d/fluid-eos-test.conf b/conf.d/fluid-eos-test.conf index 4c14d97..c68a73f 100644 --- a/conf.d/fluid-eos-test.conf +++ b/conf.d/fluid-eos-test.conf @@ -1,4 +1,3 @@ -# Churakov Sergey - ISPD migration server { listen 80; server_name fluid-eos-test.psi.ch; @@ -10,20 +9,22 @@ server { listen 443 ssl; server_name fluid-eos-test.psi.ch; - root /opt/webcontent/fluid-eos; - index index.html; - ssl_certificate /etc/nginx/certs/fluid-eos-test.psi.ch.crt; ssl_certificate_key /etc/nginx/private/fluid-eos-test.psi.ch.key; access_log /var/log/nginx/fluid-eos-test.access.log; error_log /var/log/nginx/fluid-eos-test.error.log; + # Proxy EVERYTHING to the Apache container location / { - autoindex on; - autoindex_exact_size off; - autoindex_localtime on; + proxy_pass http://apache-fluid-eos:80; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + # Important for CGI apps + proxy_buffering off; } } From 374c5612efc4c999dd6ad0d3822e155cfa4f5284 Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Mon, 24 Nov 2025 10:37:28 +0100 Subject: [PATCH 29/46] correct vhost Signed-off-by: Basil Bruhn --- conf.d/fluid-eos-test.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf.d/fluid-eos-test.conf b/conf.d/fluid-eos-test.conf index c68a73f..922334d 100644 --- a/conf.d/fluid-eos-test.conf +++ b/conf.d/fluid-eos-test.conf @@ -17,7 +17,7 @@ server { # Proxy EVERYTHING to the Apache container location / { - proxy_pass http://apache-fluid-eos:80; + proxy_pass apache_app:80; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; From 5287936bc43dfb7bfb9accb0ce62eeb802016f93 Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Mon, 24 Nov 2025 10:38:27 +0100 Subject: [PATCH 30/46] http to vhost Signed-off-by: Basil Bruhn --- conf.d/fluid-eos-test.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf.d/fluid-eos-test.conf b/conf.d/fluid-eos-test.conf index 922334d..5706550 100644 --- a/conf.d/fluid-eos-test.conf +++ b/conf.d/fluid-eos-test.conf @@ -17,7 +17,7 @@ server { # Proxy EVERYTHING to the Apache container location / { - proxy_pass apache_app:80; + proxy_pass http://apache_app:80; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; From 1a464fe1b1745f81c869b3135d02d964b1347557 Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Mon, 24 Nov 2025 10:41:55 +0100 Subject: [PATCH 31/46] folder location Signed-off-by: Basil Bruhn --- apache/conf/fluid-eos.conf | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/apache/conf/fluid-eos.conf b/apache/conf/fluid-eos.conf index 7c8139d..839c8c0 100644 --- a/apache/conf/fluid-eos.conf +++ b/apache/conf/fluid-eos.conf @@ -1,26 +1,26 @@ ServerName fluid-eos-test.psi.ch - DocumentRoot /var/www/html/fluid-eos + DocumentRoot /var/www/fluid-eos # Allow CGI everywhere if needed Options +ExecCGI AddHandler cgi-script .pl .cgi .x - + Options +ExecCGI AllowOverride None Require all granted # Explicit CGI directories - ScriptAlias /cgi-bin/ /var/www/html/fluid-eos/cgi-bin/ - + ScriptAlias /cgi-bin/ /var/www/fluid-eos/cgi-bin/ + Options +ExecCGI Require all granted - ScriptAlias /cgibin/ /var/www/html/fluid-eos/cgibin/ - + ScriptAlias /cgibin/ /var/www/fluid-eos/cgibin/ + Options +ExecCGI Require all granted From 32309356db9aa5ff9bf61e4b96a25983fd2521b0 Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Mon, 24 Nov 2025 10:52:33 +0100 Subject: [PATCH 32/46] make directories writeable Signed-off-by: Basil Bruhn --- docker-compose.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-compose.yaml b/docker-compose.yaml index c73d473..8494244 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -31,8 +31,8 @@ services: restart: always volumes: - /opt/webcontent/rfmwtools:/var/www/rfmwtools:ro - - /opt/webcontent/gfa-status:/var/www/gfa-status:ro - - /opt/webcontent/fluid-eos:/var/www/fluid-eos:ro + - /opt/webcontent/gfa-status:/var/www/gfa-status:rw + - /opt/webcontent/fluid-eos:/var/www/fluid-eos:rw - ./apache/conf/rfmwtools.conf:/etc/apache2/sites-enabled/rfmwtools.conf:ro - ./apache/conf/gfa-status.conf:/etc/apache2/sites-enabled/gfa-status.conf:ro - ./apache/conf/fluid-eos.conf:/etc/apache2/sites-enabled/fluid-eos.conf:ro From 64b49356312e9ce759bbb2229b63bc92f3a4ac51 Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Tue, 25 Nov 2025 09:47:38 +0100 Subject: [PATCH 33/46] srem Signed-off-by: Basil Bruhn --- apache/conf/srem.conf | 22 ++++++++++++++++++++++ conf.d/srem-test.conf | 30 ++++++++++++++++++++++++++++++ docker-compose.yaml | 2 ++ 3 files changed, 54 insertions(+) create mode 100644 apache/conf/srem.conf create mode 100644 conf.d/srem-test.conf diff --git a/apache/conf/srem.conf b/apache/conf/srem.conf new file mode 100644 index 0000000..1cbfad4 --- /dev/null +++ b/apache/conf/srem.conf @@ -0,0 +1,22 @@ + + ServerName srem-test.psi.ch + DocumentRoot /var/www/srem + + # Allow CGI everywhere if needed + Options +ExecCGI + AddHandler cgi-script .pl .cgi + + + Options +ExecCGI + AllowOverride None + Require all granted + + + # Explicit CGI directories + ScriptAlias /cgibin/ /var/www/srem/cgibin/ + + Options +ExecCGI + Require all granted + + + diff --git a/conf.d/srem-test.conf b/conf.d/srem-test.conf new file mode 100644 index 0000000..8a3f17d --- /dev/null +++ b/conf.d/srem-test.conf @@ -0,0 +1,30 @@ +server { + listen 80; + server_name srem-test.psi.ch; + + return 301 https://$host$request_uri; +} + +server { + listen 443 ssl; + server_name srem-test.psi.ch; + + ssl_certificate /etc/nginx/certs/srem-test.psi.ch.crt; + ssl_certificate_key /etc/nginx/private/srem-test.psi.ch.key; + + access_log /var/log/nginx/srem-test.access.log; + error_log /var/log/nginx/srem-test.error.log; + + # Proxy EVERYTHING to the Apache container + location / { + proxy_pass http://apache_app:80; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + # Important for CGI apps + proxy_buffering off; + } +} + diff --git a/docker-compose.yaml b/docker-compose.yaml index 8494244..9fa2e0c 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -31,9 +31,11 @@ services: restart: always volumes: - /opt/webcontent/rfmwtools:/var/www/rfmwtools:ro + - /opt/webcontent/srem/new_srem_webpage:/var/www/srem:ro - /opt/webcontent/gfa-status:/var/www/gfa-status:rw - /opt/webcontent/fluid-eos:/var/www/fluid-eos:rw - ./apache/conf/rfmwtools.conf:/etc/apache2/sites-enabled/rfmwtools.conf:ro + - ./apache/conf/srem.conf:/etc/apache2/sites-enabled/srem.conf:ro - ./apache/conf/gfa-status.conf:/etc/apache2/sites-enabled/gfa-status.conf:ro - ./apache/conf/fluid-eos.conf:/etc/apache2/sites-enabled/fluid-eos.conf:ro networks: From cc2dc31a84f0a7f85f195092d583145f9430b26b Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Tue, 25 Nov 2025 09:57:42 +0100 Subject: [PATCH 34/46] srem data mount Signed-off-by: Basil Bruhn --- docker-compose.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/docker-compose.yaml b/docker-compose.yaml index 9fa2e0c..87b74fc 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -32,6 +32,7 @@ services: volumes: - /opt/webcontent/rfmwtools:/var/www/rfmwtools:ro - /opt/webcontent/srem/new_srem_webpage:/var/www/srem:ro + - /opt/srem:/var/www/srem:ro - /opt/webcontent/gfa-status:/var/www/gfa-status:rw - /opt/webcontent/fluid-eos:/var/www/fluid-eos:rw - ./apache/conf/rfmwtools.conf:/etc/apache2/sites-enabled/rfmwtools.conf:ro From 9425a555fc396f410b9166a7a6d1ff19c03127fc Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Tue, 25 Nov 2025 10:24:45 +0100 Subject: [PATCH 35/46] mount point for srem data Signed-off-by: Basil Bruhn --- docker-compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yaml b/docker-compose.yaml index 87b74fc..a30f1f1 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -32,7 +32,7 @@ services: volumes: - /opt/webcontent/rfmwtools:/var/www/rfmwtools:ro - /opt/webcontent/srem/new_srem_webpage:/var/www/srem:ro - - /opt/srem:/var/www/srem:ro + - /opt/srem:/var/www/srem/data:ro - /opt/webcontent/gfa-status:/var/www/gfa-status:rw - /opt/webcontent/fluid-eos:/var/www/fluid-eos:rw - ./apache/conf/rfmwtools.conf:/etc/apache2/sites-enabled/rfmwtools.conf:ro From 42be4257d759a3a3e132bad953c381a0017a1cff Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Tue, 25 Nov 2025 10:26:45 +0100 Subject: [PATCH 36/46] read only filesystem Signed-off-by: Basil Bruhn --- docker-compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yaml b/docker-compose.yaml index a30f1f1..d22e01b 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -31,7 +31,7 @@ services: restart: always volumes: - /opt/webcontent/rfmwtools:/var/www/rfmwtools:ro - - /opt/webcontent/srem/new_srem_webpage:/var/www/srem:ro + - /opt/webcontent/srem/new_srem_webpage:/var/www/srem:rw - /opt/srem:/var/www/srem/data:ro - /opt/webcontent/gfa-status:/var/www/gfa-status:rw - /opt/webcontent/fluid-eos:/var/www/fluid-eos:rw From b1df7508debf080405f47fd7c687607f7d516710 Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Tue, 25 Nov 2025 10:34:55 +0100 Subject: [PATCH 37/46] includes and shtml Signed-off-by: Basil Bruhn --- apache/conf/srem.conf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/apache/conf/srem.conf b/apache/conf/srem.conf index 1cbfad4..b70932b 100644 --- a/apache/conf/srem.conf +++ b/apache/conf/srem.conf @@ -3,11 +3,11 @@ DocumentRoot /var/www/srem # Allow CGI everywhere if needed - Options +ExecCGI - AddHandler cgi-script .pl .cgi + Options +ExecCGI +Includes + AddHandler cgi-script .pl .cgi .shtml - Options +ExecCGI + Options +ExecCGI +Includes AllowOverride None Require all granted From 95b21ecb966847a10da7a22f6570d6cff069d7a8 Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Tue, 25 Nov 2025 10:44:34 +0100 Subject: [PATCH 38/46] include for /static Signed-off-by: Basil Bruhn --- apache/conf/srem.conf | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/apache/conf/srem.conf b/apache/conf/srem.conf index b70932b..c10591b 100644 --- a/apache/conf/srem.conf +++ b/apache/conf/srem.conf @@ -12,6 +12,12 @@ Require all granted + + Options +ExecCGI +Includes + AllowOverride None + Require all granted + + # Explicit CGI directories ScriptAlias /cgibin/ /var/www/srem/cgibin/ From e0c259ede1c9491437d52a965d1d4993f913fbda Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Tue, 25 Nov 2025 10:48:57 +0100 Subject: [PATCH 39/46] shtml handler for shtml parsing... Signed-off-by: Basil Bruhn --- apache/conf/srem.conf | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/apache/conf/srem.conf b/apache/conf/srem.conf index c10591b..057d721 100644 --- a/apache/conf/srem.conf +++ b/apache/conf/srem.conf @@ -4,7 +4,9 @@ # Allow CGI everywhere if needed Options +ExecCGI +Includes - AddHandler cgi-script .pl .cgi .shtml + AddHandler cgi-script .pl .cgi + AddHandler server-parsed .shtml + AddOutputFilter INCLUDES .shtml Options +ExecCGI +Includes @@ -13,7 +15,7 @@ - Options +ExecCGI +Includes + Options +Includes AllowOverride None Require all granted From 5a76038aee29956b2be2f7c96318cf782e721999 Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Tue, 25 Nov 2025 11:07:43 +0100 Subject: [PATCH 40/46] disable layout wrapping Signed-off-by: Basil Bruhn --- apache/conf/srem.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apache/conf/srem.conf b/apache/conf/srem.conf index 057d721..842b211 100644 --- a/apache/conf/srem.conf +++ b/apache/conf/srem.conf @@ -23,7 +23,7 @@ # Explicit CGI directories ScriptAlias /cgibin/ /var/www/srem/cgibin/ - Options +ExecCGI + Options +ExecCGI -Includes Require all granted From acd0bbfc999a680fedf07a937221d7a05e457073 Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Tue, 25 Nov 2025 11:13:19 +0100 Subject: [PATCH 41/46] no cgi in root folder Signed-off-by: Basil Bruhn --- apache/conf/srem.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apache/conf/srem.conf b/apache/conf/srem.conf index 842b211..ea90392 100644 --- a/apache/conf/srem.conf +++ b/apache/conf/srem.conf @@ -9,7 +9,7 @@ AddOutputFilter INCLUDES .shtml - Options +ExecCGI +Includes + Options +Includes AllowOverride None Require all granted From dbcc7013c65134350ba2dfeeea11bb9431d40712 Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Tue, 25 Nov 2025 11:43:05 +0100 Subject: [PATCH 42/46] mount to /mount Signed-off-by: Basil Bruhn --- docker-compose.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docker-compose.yaml b/docker-compose.yaml index d22e01b..40a3450 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -25,6 +25,8 @@ services: # rfwtools # gfa-status-test + # fluid-eos + # spaceweather apache: image: gitea.psi.ch/images/php-apache:latest container_name: apache_app @@ -32,7 +34,7 @@ services: volumes: - /opt/webcontent/rfmwtools:/var/www/rfmwtools:ro - /opt/webcontent/srem/new_srem_webpage:/var/www/srem:rw - - /opt/srem:/var/www/srem/data:ro + - /mount/srem:/var/www/srem/data:ro - /opt/webcontent/gfa-status:/var/www/gfa-status:rw - /opt/webcontent/fluid-eos:/var/www/fluid-eos:rw - ./apache/conf/rfmwtools.conf:/etc/apache2/sites-enabled/rfmwtools.conf:ro From ee9fba0b900e742355edd3fbe13f6bab283992d7 Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Tue, 25 Nov 2025 13:20:02 +0100 Subject: [PATCH 43/46] data mountpoint Signed-off-by: Basil Bruhn --- docker-compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yaml b/docker-compose.yaml index 40a3450..a8a2461 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -34,7 +34,7 @@ services: volumes: - /opt/webcontent/rfmwtools:/var/www/rfmwtools:ro - /opt/webcontent/srem/new_srem_webpage:/var/www/srem:rw - - /mount/srem:/var/www/srem/data:ro + - /mount/srem/webhosting/data:/var/www/srem/data:ro - /opt/webcontent/gfa-status:/var/www/gfa-status:rw - /opt/webcontent/fluid-eos:/var/www/fluid-eos:rw - ./apache/conf/rfmwtools.conf:/etc/apache2/sites-enabled/rfmwtools.conf:ro From 0587cb20b444e2e29c28aee47c3b53466192c9ee Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Tue, 25 Nov 2025 15:50:52 +0100 Subject: [PATCH 44/46] srem only to NFS Signed-off-by: Basil Bruhn --- apache/conf/srem.conf | 3 +-- docker-compose.yaml | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/apache/conf/srem.conf b/apache/conf/srem.conf index ea90392..05ac2d8 100644 --- a/apache/conf/srem.conf +++ b/apache/conf/srem.conf @@ -2,7 +2,6 @@ ServerName srem-test.psi.ch DocumentRoot /var/www/srem - # Allow CGI everywhere if needed Options +ExecCGI +Includes AddHandler cgi-script .pl .cgi AddHandler server-parsed .shtml @@ -20,7 +19,7 @@ Require all granted - # Explicit CGI directories + # Explicit CGI directory ScriptAlias /cgibin/ /var/www/srem/cgibin/ Options +ExecCGI -Includes diff --git a/docker-compose.yaml b/docker-compose.yaml index a8a2461..a400aed 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -33,8 +33,7 @@ services: restart: always volumes: - /opt/webcontent/rfmwtools:/var/www/rfmwtools:ro - - /opt/webcontent/srem/new_srem_webpage:/var/www/srem:rw - - /mount/srem/webhosting/data:/var/www/srem/data:ro + - /mount/srem/webhosting:/var/www/srem:rw - /opt/webcontent/gfa-status:/var/www/gfa-status:rw - /opt/webcontent/fluid-eos:/var/www/fluid-eos:rw - ./apache/conf/rfmwtools.conf:/etc/apache2/sites-enabled/rfmwtools.conf:ro From e0b97741dec824d797182c8429d3ca69ac8a6959 Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Tue, 25 Nov 2025 16:22:49 +0100 Subject: [PATCH 45/46] simple docker mount and sls2 Signed-off-by: Basil Bruhn --- apache/conf/sls2.conf | 14 ++++++++++++++ conf.d/sls2.conf | 27 +++++++++++++++++++++++++++ docker-compose.yaml | 5 +---- 3 files changed, 42 insertions(+), 4 deletions(-) create mode 100644 apache/conf/sls2.conf create mode 100644 conf.d/sls2.conf diff --git a/apache/conf/sls2.conf b/apache/conf/sls2.conf new file mode 100644 index 0000000..5b5b68b --- /dev/null +++ b/apache/conf/sls2.conf @@ -0,0 +1,14 @@ + + ServerName sls2.psi.ch + DocumentRoot /var/www/sls2 + + Options +Includes + + + Options +Includes + AllowOverride None + Require all granted + + + + diff --git a/conf.d/sls2.conf b/conf.d/sls2.conf new file mode 100644 index 0000000..ef83143 --- /dev/null +++ b/conf.d/sls2.conf @@ -0,0 +1,27 @@ +server { + listen 80; + server_name sls2.psi.ch; + + return 301 https://$host$request_uri; +} + +server { + listen 443 ssl; + server_name sls2.psi.ch; + + ssl_certificate /etc/nginx/certs/sls2.psi.ch.crt; + ssl_certificate_key /etc/nginx/private/sls2.psi.ch.key; + + access_log /var/log/nginx/sls2.access.log; + error_log /var/log/nginx/sls2.error.log; + + location / { + proxy_pass http://apache_app:80; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + } +} + diff --git a/docker-compose.yaml b/docker-compose.yaml index a400aed..a2db3dd 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -36,10 +36,7 @@ services: - /mount/srem/webhosting:/var/www/srem:rw - /opt/webcontent/gfa-status:/var/www/gfa-status:rw - /opt/webcontent/fluid-eos:/var/www/fluid-eos:rw - - ./apache/conf/rfmwtools.conf:/etc/apache2/sites-enabled/rfmwtools.conf:ro - - ./apache/conf/srem.conf:/etc/apache2/sites-enabled/srem.conf:ro - - ./apache/conf/gfa-status.conf:/etc/apache2/sites-enabled/gfa-status.conf:ro - - ./apache/conf/fluid-eos.conf:/etc/apache2/sites-enabled/fluid-eos.conf:ro + - ./apache/conf:/etc/apache2/sites-enabled:ro networks: - backend From edf6e58074770f3fbe8dac3cac26784670b1a81a Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Tue, 25 Nov 2025 16:55:37 +0100 Subject: [PATCH 46/46] rebase Signed-off-by: Basil Bruhn --- docker-compose.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docker-compose.yaml b/docker-compose.yaml index a2db3dd..c8a456f 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -33,9 +33,10 @@ services: restart: always volumes: - /opt/webcontent/rfmwtools:/var/www/rfmwtools:ro - - /mount/srem/webhosting:/var/www/srem:rw - /opt/webcontent/gfa-status:/var/www/gfa-status:rw - /opt/webcontent/fluid-eos:/var/www/fluid-eos:rw + - /opt/webcontent/sls2:/var/www/sls2:rw + - /mount/srem/webhosting:/var/www/srem:rw - ./apache/conf:/etc/apache2/sites-enabled:ro networks: - backend