diff --git a/seed/base-fedora-36/templates/login b/seed/base-fedora-36/templates/login index 46378f4..84c2f83 100644 --- a/seed/base-fedora-36/templates/login +++ b/seed/base-fedora-36/templates/login @@ -1,4 +1,4 @@ -# File from util-linux-*.x86_64 (not installed) +#GNUNUX File from util-linux-*.x86_64 (not installed) #%PAM-1.0 auth substack system-auth auth include postlogin diff --git a/seed/php-fpm/templates/php-fpm.conf b/seed/php-fpm/templates/php-fpm.conf index d9a1847..1532ebf 100644 --- a/seed/php-fpm/templates/php-fpm.conf +++ b/seed/php-fpm/templates/php-fpm.conf @@ -23,8 +23,10 @@ pid = /run/php-fpm/php-fpm.pid ; If it's set to "syslog", log is sent to syslogd instead of being written ; in a local file. ; Default Value: /var/log/php-fpm.log -; GNUNUX error_log = /var/log/php-fpm/error.log +;>GNUNUX +;error_log = /var/log/php-fpm/error.log error_log = syslog +;GNUNUX +;user = apache user = %%php_fpm_user +;GNUNUX +;group = apache group = %%php_fpm_user +;GNUNUX +;listen.acl_users = apache,nginx listen.acl_users = %%php_fpm_user +;GNUNUX +;slowlog = /var/log/php-fpm/www-slow.log slowlog = syslog +;GNUNUX +;php_admin_value[error_log] = /var/log/php-fpm/www-error.log php_admin_value[error_log] = syslog +;GNUNUX php_value[soap.wsdl_cache_dir] = /var/lib/php/wsdlcache ;php_value[opcache.file_cache] = /var/lib/php/opcache diff --git a/seed/php/templates/php.ini b/seed/php/templates/php.ini index ef7ff4e..cb876f4 100644 --- a/seed/php/templates/php.ini +++ b/seed/php/templates/php.ini @@ -17,7 +17,7 @@ ; 6. The directory from the --with-config-file-path compile time option, or the ; Windows directory (usually C:\windows) ; See the PHP docs for more specific information. -; http://php.net/configuration.file +; https://php.net/configuration.file ; The syntax of the file is extremely simple. Whitespace and lines ; beginning with a semicolon are silently ignored (as you probably guessed). @@ -31,7 +31,7 @@ ; special sections cannot be overridden by user-defined INI files or ; at runtime. Currently, [PATH=] and [HOST=] sections only work under ; CGI/FastCGI. -; http://php.net/ini.sections +; https://php.net/ini.sections ; Directives are specified using the following syntax: ; directive = value @@ -88,6 +88,7 @@ ;;;;;;;;;;;;;;;;;;; ; Quick Reference ; ;;;;;;;;;;;;;;;;;;; + ; The following are all the settings which are different in either the production ; or development versions of the INIs with respect to PHP's default behavior. ; Please see the actual settings later in the document for more details as to why @@ -99,12 +100,15 @@ ; Production Value: Off ; display_startup_errors -; Default Value: Off +; Default Value: On ; Development Value: On ; Production Value: Off +;>GNUNUX +display_startup_errors Off +; would work. -; http://php.net/syntax-highlighting +; https://php.net/syntax-highlighting ;highlight.string = #DD0000 ;highlight.comment = #FF9900 ;highlight.keyword = #007700 @@ -335,44 +349,54 @@ disable_classes = ; the request. Consider enabling it if executing long requests, which may end up ; being interrupted by the user or a browser timing out. PHP's default behavior ; is to disable this feature. -; http://php.net/ignore-user-abort +; https://php.net/ignore-user-abort ;ignore_user_abort = On ; Determines the size of the realpath cache to be used by PHP. This value should ; be increased on systems where PHP opens many files to reflect the quantity of ; the file operations performed. ; Note: if open_basedir is set, the cache is disabled -; http://php.net/realpath-cache-size +; https://php.net/realpath-cache-size ;realpath_cache_size = 4096k ; Duration of time, in seconds for which to cache realpath information for a given ; file or directory. For systems with rarely changing files, consider increasing this ; value. -; http://php.net/realpath-cache-ttl +; https://php.net/realpath-cache-ttl ;realpath_cache_ttl = 120 ; Enables or disables the circular reference collector. -; http://php.net/zend.enable-gc +; https://php.net/zend.enable-gc zend.enable_gc = On ; If enabled, scripts may be written in encodings that are incompatible with ; the scanner. CP936, Big5, CP949 and Shift_JIS are the examples of such ; encodings. To use this feature, mbstring extension must be enabled. -; Default: Off ;zend.multibyte = Off ; Allows to set the default encoding for the scripts. This value will be used ; unless "declare(encoding=...)" directive appears at the top of the script. ; Only affects if zend.multibyte is set. -; Default: "" ;zend.script_encoding = -; Allows to include or exclude arguments from stack traces generated for exceptions -; Default: Off -; In production, it is recommended to turn this setting on to prohibit the output +; Allows to include or exclude arguments from stack traces generated for exceptions. +; In production, it is recommended to turn this setting on to prohibit the output ; of sensitive information in stack traces +; Default Value: Off +; Development Value: Off +; Production Value: On zend.exception_ignore_args = On +; Allows setting the maximum string length in an argument of a stringified stack trace +; to a value between 0 and 1000000. +; This has no effect when zend.exception_ignore_args is enabled. +; Default Value: 15 +; Development Value: 15 +; Production Value: 0 +; In production, it is recommended to set this to 0 to reduce the output +; of sensitive information in stack traces. +zend.exception_string_param_max_len = 0 + ;;;;;;;;;;;;;;;;; ; Miscellaneous ; ;;;;;;;;;;;;;;;;; @@ -381,17 +405,23 @@ zend.exception_ignore_args = On ; (e.g. by adding its signature to the Web server header). It is no security ; threat in any way, but it makes it possible to determine whether you use PHP ; on your server or not. -; http://php.net/expose-php +; https://php.net/expose-php +;>GNUNUX +;expose_php = On expose_php = Off +;GNUNUX +;max_execution_time = 30 max_execution_time = %%php_max_execution_time +;GNUNUX +;max_input_time = 60 max_input_time = %%php_max_input_time +;GNUNUX +;memory_limit = 128M memory_limit = %%{php_memory_limit}M +;GNUNUX html_errors = Off +;GNUNUX +;post_max_size = 8M post_max_size = %%{php_post_max_size}M +;GNUNUX +;upload_max_filesize = 2M upload_max_filesize = %%{php_upload_max_filesize}M +;GNUNUX ;allow_url_fopen = On allow_url_fopen = Off +;) syntax. -; -; Notes for Windows environments : -; -; - Many DLL files are located in the extensions/ (PHP 4) or ext/ (PHP 5+) -; extension folders as well as the separate PECL DLL download (PHP 5+). -; Be sure to appropriately set the extension_dir directive. -; -;extension=bz2 -;extension=curl -;extension=ffi -;extension=ftp -;extension=fileinfo -;extension=gd2 -;extension=gettext -;extension=gmp -;extension=intl -;extension=imap -;extension=ldap -;extension=mbstring -;extension=exif ; Must be after mbstring as it depends on it -;extension=mysqli -;extension=oci8_12c ; Use with Oracle Database 12c Instant Client -;extension=odbc -;extension=openssl -;extension=pdo_firebird -;extension=pdo_mysql -;extension=pdo_oci -;extension=pdo_odbc -;extension=pdo_pgsql -;extension=pdo_sqlite -;extension=pgsql -;extension=shmop -; The MIBS data available in the PHP distribution must be installed. -; See http://www.php.net/manual/en/snmp.installation.php -;extension=snmp - -;extension=soap -;extension=sockets -;extension=sodium -;extension=sqlite3 -;extension=tidy -;extension=xmlrpc -;extension=xsl +;;;; +; Note: packaged extension modules are now loaded via the .ini files +; found in the directory /etc/php.d; these are loaded by default. +;;;; ;;;;;;;;;;;;;;;;;;; ; Module Settings ; @@ -972,26 +960,29 @@ cli_server.color = On [Date] ; Defines the default timezone used by the date functions -; http://php.net/date.timezone +; https://php.net/date.timezone +;date.timezone = +;>GNUNUX date.timezone = "%%time_zone" +;GNUNUX ;mail.add_x_header = Off mail.add_x_header = On +;GNUNUX +; session.save_handler = files session.save_handler = redis session.save_path = "tcp://%%redis_client_server_domainname:6379?auth[user]=%%redis_client_username&auth[pass]=%%redis_client_password" ;GNUNUX https://github.com/phpredis/phpredis/issues/2062 -#session.save_path = "tls://%%redis_client_server_domainname:6379?auth[user]=%%redis_client_username&auth[pass]=%%redis_client_password&stream[verify_peer]=1&stream[cafile]=/etc/pki/ca-trust/source/anchors/ca_Redis.crt&stream[local_cert]=/etc/pki/tls/certs/redis.crt&stream[local_pk]=/etc/pki/tls/private/redis.key" +;session.save_path = "tls://%%redis_client_server_domainname:6379?auth[user]=%%redis_client_username&auth[pass]=%%redis_client_password&stream[verify_peer]=1&stream[cafile]=/etc/pki/ca-trust/source/anchors/ca_Redis.crt&stream[local_cert]=/etc/pki/tls/certs/redis.crt&stream[local_pk]=/etc/pki/tls/private/redis.key" +;GNUNUX +;session.gc_maxlifetime = 1440 session.gc_maxlifetime = %%php_session_gc_maxlifetime +;/etc/roundcubemail/config.inc.php /etc/nginx/default.d/roundcubemail.conf roundcube_config - /secrets/roundcube-init.php /static/silique_cloud.svg /static/watermark.html /etc/pki/ca-trust/source/anchors/ca_MailServer.crt diff --git a/seed/roundcube/manual/image/preinstall/roundcube.sh b/seed/roundcube/manual/image/preinstall/roundcube.sh index b8cca87..1672008 100644 --- a/seed/roundcube/manual/image/preinstall/roundcube.sh +++ b/seed/roundcube/manual/image/preinstall/roundcube.sh @@ -1 +1 @@ -PKG="$PKG roundcubemail php-cli php-pgsql php-pecl-redis5" +PKG="$PKG roundcubemail php-pgsql php-pecl-redis5" diff --git a/seed/roundcube/templates/config.inc.php b/seed/roundcube/templates/config.inc.php index 46a9f02..25ee935 100644 --- a/seed/roundcube/templates/config.inc.php +++ b/seed/roundcube/templates/config.inc.php @@ -102,10 +102,7 @@ $config['per_user_logging'] = false; $config['smtp_log'] = true; // Log successful/failed logins to /userlogins.log or to syslog -// GNUNUX $config['log_logins'] = false; -#>GNUNUX $config['log_logins'] = false; -#/session.log or to syslog $config['session_debug'] = false; @@ -170,8 +167,6 @@ $config['imap_auth_type'] = null; // ], // ]; // Note: These can be also specified as an array of options indexed by hostname - - $config['imap_conn_options'] = null; // IMAP connection timeout, in seconds. Default: 0 (use default_socket_timeout) @@ -241,7 +236,10 @@ $config['imap_disabled_caps'] = []; $config['imap_log_session'] = false; // Type of IMAP indexes cache. Supported values: 'db', 'apc' and 'memcache' or 'memcached'. +//>GNUNUX +//$config['imap_cache'] = null; $config['imap_cache'] = 'db'; +//GNUNUX +//$config['blankpage_url'] = '/watermark.html'; $config['blankpage_url'] = '/risotto/watermark.html'; +// "/images/logo_print.png", ]; */ +//>GNUNUX +//$config['skin_logo'] = null; $config['skin_logo'] = '/risotto/silique_cloud.svg'; +//GNUNUX +//$config['temp_dir'] = '/var/lib/roundcubemail/temp/'; $config['temp_dir'] = '/tmp/'; +//= 2.0.0 is installed. // // Setting this value to 'php' will use the default session save handler configured in PHP +//>GNUNUX +//$config['session_storage'] = 'db'; $config['session_storage'] = 'redis'; +//GNUNUX +//$config['include_host_config'] = false; $config['include_host_config'] = array( %for %%domain in %%roundcube_domains "%%domain" => "%%{domain}.inc.php", %end for ); +//options(MYSQLI_OPT_SSL_VERIFY_SERVER_CERT, true); -//$mysqli->ssl_set(NULL, NULL, "/etc/ssl/certs/ca-bundle.crt", NULL, NULL); -//$mysqli->real_connect('mariadb_client_server_domainname', 'mariadb_client_username', 'mariadb_client_password', 'mariadb_client_database'); -//$mysqli->multi_query($sql); -//$mysqli->close(); -$sql = file_get_contents('/usr/share/roundcubemail/SQL/postgres.initial.sql'); -$db = pg_connect("host=%%pg_client_server_domainname port=5432 dbname=%%pg_client_database user=%%pg_client_username password=%%pg_client_password"); -pg_query($db, $sql); -pg_close($db); -?> diff --git a/seed/roundcube/templates/roundcube.service b/seed/roundcube/templates/roundcube.service index 19b462b..cb7c312 100644 --- a/seed/roundcube/templates/roundcube.service +++ b/seed/roundcube/templates/roundcube.service @@ -5,7 +5,8 @@ Before=nginx.service php-fpm.service [Service] Type=oneshot -ExecStart=-/usr/bin/php /usr/local/lib/secrets/roundcube-init.php +Environment=PGPASSFILE=/usr/local/lib/secrets/postgresql.pass +ExecStart=-/usr/bin/psql --set=sslmode=verify-full -h %%pg_client_server_domainname -U %%pg_client_username %%pg_client_database -f /usr/share/roundcubemail/SQL/postgres.initial.sql" [Install] WantedBy=multi-user.target diff --git a/seed/roundcube/templates/roundcubemail.conf b/seed/roundcube/templates/roundcubemail.conf index b373e2f..6213e65 100644 --- a/seed/roundcube/templates/roundcubemail.conf +++ b/seed/roundcube/templates/roundcubemail.conf @@ -1,12 +1,23 @@ +#>GNUNUX +#location = /roundcubemail { +#alias /usr/share/roundcubemail/; location = / { alias %%nginx_root; +#GNUNUX +#location /roundcubemail/ { +# root /usr/share; location / { root %%nginx_root; +#GNUNUX +# location ~ ^/roundcubemail/bin/(.+)$ { location ~ ^/bin/(.+)$ { +#GNUNUX +# location ~ ^/roundcubemail/installer/(.+\.php)$ { location ~ ^/installer/(.+\.php)$ { +#GNUNUX +# location ~ ^/roundcubemail/(.+\.php)$ { +# allow 127.0.0.1; +# allow ::1; +# deny all; location ~ ^/(.+\.php)$ { -# GNUNUX allow 127.0.0.1; -# GNUNUX allow ::1; -# GNUNUX deny all; +#GNUNUX location /skins/elastic/risotto { alias /usr/local/lib/static/; } +#