forked from stove/dataset
add piwigo
This commit is contained in:
parent
0bfbf16152
commit
da3e4d487d
70 changed files with 1716 additions and 100 deletions
|
@ -1,68 +1,73 @@
|
||||||
# Généré des certificats via la PKI interne de mini_risotto
|
# Généré des certificats via la PKI interne de mini_risotto
|
||||||
|
|
||||||
## Génération des certificates sur le serveur
|
## Génération du certificate sur le serveur
|
||||||
|
|
||||||
Création la variable contenant la chain :
|
### Sous Fedora
|
||||||
|
|
||||||
```
|
```
|
||||||
<variables>
|
<file>/etc/pki/ca-trust/source/anchors/ca_<AUTHORITY_NAME>.crt</file>
|
||||||
<variable name='service_ca_chain' description="CA certificate" hidden='True'/>
|
<file>/etc/pki/tls/certs/<SERVICE>.crt</file>
|
||||||
|
<file owner="root" group="<SERVICE>" mode="440">/etc/pki/tls/private/<SERVICE>.key</file>
|
||||||
|
```
|
||||||
|
|
||||||
|
### Les templates
|
||||||
|
|
||||||
|
Dans le template ca_<AUTHORITY_NAME>.crt :
|
||||||
|
|
||||||
|
```
|
||||||
|
%%get_chain(authority_cn=%%domain_name_eth0, authority_name="<AUTHORITY_NAME>")
|
||||||
|
```
|
||||||
|
|
||||||
|
Dans le template <SERVICE>.crt :
|
||||||
|
|
||||||
|
```
|
||||||
|
%%get_certificate(%%domain_name_eth0, '<AUTHORITY_NAME>')
|
||||||
|
```
|
||||||
|
|
||||||
|
Dans le template <SERVICE>.key :
|
||||||
|
|
||||||
|
```
|
||||||
|
%%get_private_key(%%domain_name_eth0, '<AUTHORITY_NAME>')
|
||||||
|
```
|
||||||
|
|
||||||
|
## Génération du certificat client
|
||||||
|
|
||||||
|
### Sous Fedora
|
||||||
|
|
||||||
|
```
|
||||||
|
<services>
|
||||||
|
<service name="<SERVICE>client" manage="False">
|
||||||
|
<file>/etc/pki/ca-trust/source/anchors/ca_<AUTHORITY_NAME>.crt</file>
|
||||||
|
<file>/etc/pki/tls/certs/<SERVICE>.crt</file>
|
||||||
|
<file owner_type="variable" owner="<VARIABLE_NAME>" mode="400">/etc/pki/tls/private/<SERVICE>.key</file>
|
||||||
|
</service>
|
||||||
|
</services>
|
||||||
|
```
|
||||||
|
|
||||||
|
### La variable
|
||||||
|
|
||||||
|
```
|
||||||
|
<variable name="<VARIABLE_NAME>" type="unix_user" description="Key owner" mandatory="True">
|
||||||
|
<value>DEFAULT_VALUE</value>
|
||||||
</variable>
|
</variable>
|
||||||
```
|
```
|
||||||
|
|
||||||
Création d'une autorité avec le nom "AuthorityName" (le nom est un terme en CamelCase) :
|
### Les templates
|
||||||
|
|
||||||
|
Dans le template ca_<AUTHORITY_NAME>.crt :
|
||||||
|
|
||||||
```
|
```
|
||||||
<fill name="get_chain">
|
%%get_chain(authority_cn=<SERVER_DOMAINNAME>, authority_name="<AUTHORITY_NAME>")
|
||||||
<param name="cn" type="information">server_name</param>
|
|
||||||
<param name="authority_cn" type="information">server_name</param>
|
|
||||||
<param name="authority_name">AuthorityName</param>
|
|
||||||
<target>service_chain</target>
|
|
||||||
</fill>
|
|
||||||
```
|
```
|
||||||
|
|
||||||
La création du fichier de CA est simple, il suffit d'utiliser la variable "service_ca_chain".
|
Dans le template <SERVICE>.crt :
|
||||||
|
|
||||||
Puis il faut créer le certificat avec un template qui contient :
|
|
||||||
|
|
||||||
```
|
```
|
||||||
%%get_certificate(%%domain_name_eth0, authority_name="AuthorityName")
|
%%get_certificate(cn=%%domain_name_eth0, authority_cn=<SERVER_DOMAINNAME>, authority_name='<AUTHORITY_NAME>', type="client")
|
||||||
```
|
```
|
||||||
|
|
||||||
Si l'autorité n'est pas gérer par le serveur courant, il faut précicer le nom du serveur responsable de l'autorité :
|
Dans le template <SERVICE>.key :
|
||||||
|
|
||||||
```
|
```
|
||||||
%%get_certificate(%%domain_name_eth0, authority_cn=%%server, authority_name="AuthorityName")
|
%%get_private_key(cn=%%domain_name_eth0, authority_cn=<SERVER_DOMAINNAME>, authority_name='<AUTHORITY_NAME>', type="client")
|
||||||
```
|
|
||||||
|
|
||||||
Enfin, le certificat peut avoir plusieurs nom de domaine, dans ce cas on peut le gérer par exemple en faisant :
|
|
||||||
|
|
||||||
```
|
|
||||||
%set %%extra_domainnames = []
|
|
||||||
%for %%idx in %%range(1, %%number_of_interfaces)
|
|
||||||
%%extra_domainnames.append(%%getVar('domain_name_eth' + %%str(%%idx)))
|
|
||||||
%end for
|
|
||||||
%%get_certificate(%%domain_name_eth0, 'LDAP', extra_domainnames=%%extra_domainnames)
|
|
||||||
```
|
|
||||||
|
|
||||||
Enfin on peut récupérer la clef privée (attention APRÉS avoir récupérer le certificat) :
|
|
||||||
|
|
||||||
```
|
|
||||||
%get_private_key(%%domain_name_eth0, %%server)
|
|
||||||
```
|
|
||||||
|
|
||||||
Comme le certificat, l'autorité peut ne pas être de la responsabilité du serveur courant :
|
|
||||||
|
|
||||||
```
|
|
||||||
%get_private_key(%%domain_name_eth0, authority_cn=%%server, authority_name="ReverseProxy")
|
|
||||||
```
|
|
||||||
|
|
||||||
## PKI sous Fedora
|
|
||||||
|
|
||||||
Création des fichiers pour l'autorité "AuthorityName" pour le service "service" :
|
|
||||||
|
|
||||||
```
|
|
||||||
<file>/etc/pki/ca-trust/source/anchors/ca_AuthorityName.crt</file>
|
|
||||||
<file>/etc/pki/tls/certs/service.crt</file>
|
|
||||||
<file owner="root" group="root" mode="400">/etc/pki/tls/private/service.key</file>
|
|
||||||
```
|
```
|
||||||
|
|
|
@ -6,13 +6,16 @@
|
||||||
<file>/etc/httpd/conf.d/risotto.conf</file>
|
<file>/etc/httpd/conf.d/risotto.conf</file>
|
||||||
<file>/etc/httpd/conf.d/ssl.conf</file>
|
<file>/etc/httpd/conf.d/ssl.conf</file>
|
||||||
<file>/etc/httpd/ssl/server.ca</file>
|
<file>/etc/httpd/ssl/server.ca</file>
|
||||||
<file>/etc/httpd/ssl/server.key</file>
|
|
||||||
<file>/etc/httpd/ssl/server.crt</file>
|
<file>/etc/httpd/ssl/server.crt</file>
|
||||||
|
<file>/etc/httpd/ssl/server.key</file>
|
||||||
<file engine="none" source="sysuser-httpd.conf">/sysusers.d/httpd.conf</file>
|
<file engine="none" source="sysuser-httpd.conf">/sysusers.d/httpd.conf</file>
|
||||||
<file engine="none" source="tmpfile-httpd.conf">/tmpfiles.d/0httpd.conf</file>
|
<file engine="none" source="tmpfile-httpd.conf">/tmpfiles.d/0httpd.conf</file>
|
||||||
</service>
|
</service>
|
||||||
</services>
|
</services>
|
||||||
<variables>
|
<variables>
|
||||||
|
<variable name="php_fpm_user" redefine="True" exists="True">
|
||||||
|
<value>apache</value>
|
||||||
|
</variable>
|
||||||
<family name="apache" description="Apache" help="Paramètrage avancé du serveur web Apache">
|
<family name="apache" description="Apache" help="Paramètrage avancé du serveur web Apache">
|
||||||
<variable name="apache_timeout" type="number" description="Temps en secondes pendant lequel le serveur va attendre des entrées/sorties avant de considérer qu'une requête a échoué">
|
<variable name="apache_timeout" type="number" description="Temps en secondes pendant lequel le serveur va attendre des entrées/sorties avant de considérer qu'une requête a échoué">
|
||||||
<value>300</value>
|
<value>300</value>
|
||||||
|
|
|
@ -17,8 +17,6 @@ def get_password(server_name: str,
|
||||||
length: int=20,
|
length: int=20,
|
||||||
temporary: bool=True,
|
temporary: bool=True,
|
||||||
) -> str:
|
) -> str:
|
||||||
if type != 'cleartext':
|
|
||||||
raise Exception('only cleartext is supported')
|
|
||||||
def gen_password():
|
def gen_password():
|
||||||
return _token_urlsafe(length)[:length]
|
return _token_urlsafe(length)[:length]
|
||||||
return _set_password(server_name,
|
return _set_password(server_name,
|
||||||
|
@ -26,6 +24,7 @@ def get_password(server_name: str,
|
||||||
description,
|
description,
|
||||||
gen_password,
|
gen_password,
|
||||||
temporary,
|
temporary,
|
||||||
|
type,
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
@ -45,6 +44,7 @@ def get_password_alpha_num(server_name,
|
||||||
description,
|
description,
|
||||||
gen_password,
|
gen_password,
|
||||||
True,
|
True,
|
||||||
|
'cleartext',
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
@ -53,7 +53,10 @@ def _set_password(server_name: str,
|
||||||
description: str,
|
description: str,
|
||||||
gen_password,
|
gen_password,
|
||||||
temporary,
|
temporary,
|
||||||
|
type,
|
||||||
) -> str:
|
) -> str:
|
||||||
|
if type != 'cleartext':
|
||||||
|
raise Exception('only cleartext is supported')
|
||||||
if not server_name or not username:
|
if not server_name or not username:
|
||||||
return
|
return
|
||||||
dir_name = _join(_PASSWORD_DIR, server_name, description)
|
dir_name = _join(_PASSWORD_DIR, server_name, description)
|
||||||
|
@ -65,7 +68,8 @@ def _set_password(server_name: str,
|
||||||
with open(file_name, 'w') as fh:
|
with open(file_name, 'w') as fh:
|
||||||
fh.write(password)
|
fh.write(password)
|
||||||
with open(file_name, 'r') as fh:
|
with open(file_name, 'r') as fh:
|
||||||
return fh.read().strip()
|
file_content = fh.read().strip()
|
||||||
|
return file_content
|
||||||
|
|
||||||
|
|
||||||
def get_range(stop):
|
def get_range(stop):
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
# machine configuration
|
# machine configuration
|
||||||
MACHINE_RISOTTO_SRV_DIR_LOCAL="srv/$MACHINE"
|
MACHINE_RISOTTO_SRV_DIR_LOCAL="srv/$MACHINE"
|
||||||
MACHINE_RISOTTO_SRV_DIR="$RISOTTO_SRV_DIR/$MACHINE"
|
MACHINE_RISOTTO_SRV_DIR="$RISOTTO_SRV_DIR/$MACHINE"
|
||||||
|
RISOTTO_JOURNALD_DIR="$RISOTTO_DIR/journals/$MACHINE"
|
||||||
MACHINE_RISOTTO_CONFIG_DIR_LOCAL="$IMAGE_NAME/configurations/$MACHINE"
|
MACHINE_RISOTTO_CONFIG_DIR_LOCAL="$IMAGE_NAME/configurations/$MACHINE"
|
||||||
MACHINE_RISOTTO_CONFIG_DIR="$RISOTTO_CONFIG_DIR/$MACHINE"
|
MACHINE_RISOTTO_CONFIG_DIR="$RISOTTO_CONFIG_DIR/$MACHINE"
|
||||||
MACHINE_MACHINES_DIR="$MACHINES_DIR/$MACHINE"
|
MACHINE_MACHINES_DIR="$MACHINES_DIR/$MACHINE"
|
||||||
|
|
|
@ -5,7 +5,7 @@ if [ -z "$HOST_NAME" ]; then
|
||||||
echo "usage: $0 host name"
|
echo "usage: $0 host name"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
apt install --yes systemd-container dnf jq debootstrap htop gettext patch
|
apt install --yes systemd-container dnf jq debootstrap htop gettext patch unzip mlocate
|
||||||
systemd-tmpfiles --create --clean --remove $PWD/host/configurations/$HOST_NAME/tmpfiles.d/0asystemd-nspawn.conf
|
systemd-tmpfiles --create --clean --remove $PWD/host/configurations/$HOST_NAME/tmpfiles.d/0asystemd-nspawn.conf
|
||||||
systemd-tmpfiles --create --clean --remove $PWD/host/configurations/$HOST_NAME/tmpfiles.d/0rougail.conf
|
systemd-tmpfiles --create --clean --remove $PWD/host/configurations/$HOST_NAME/tmpfiles.d/0rougail.conf
|
||||||
systemctl daemon-reload
|
systemctl daemon-reload
|
||||||
|
|
|
@ -17,18 +17,30 @@ if [ ! -f "$IMAGE_NAME_RISOTTO_IMAGE_NAME" ]; then
|
||||||
echo "PAS D'IMAGE $IMAGE_NAME_RISOTTO_IMAGE_NAME"
|
echo "PAS D'IMAGE $IMAGE_NAME_RISOTTO_IMAGE_NAME"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
NEW_IMAGE=false
|
||||||
|
NEW_CONF=false
|
||||||
if [ -L "$MACHINE_MACHINES_DIR" ] || [ -d "$MACHINE_MACHINES_DIR" ]; then
|
if [ -L "$MACHINE_MACHINES_DIR" ] || [ -d "$MACHINE_MACHINES_DIR" ]; then
|
||||||
|
# is the base image divergent?
|
||||||
|
diff -q "$IMAGE_NAME_RISOTTO_IMAGE_NAME".sha "$SHA_MACHINE" || NEW_IMAGE=true
|
||||||
|
# is the configuration divergent?
|
||||||
|
diff -q --no-dereference -Nru "$MACHINE_RISOTTO_CONFIG_DIR" "$MACHINE_RISOTTO_CONFIG_DIR_LOCAL" || NEW_CONF=true
|
||||||
|
fi
|
||||||
|
if [ "$NEW_IMAGE" = true ] || [ "$NEW_CONF" = true ]; then
|
||||||
machinectl stop "$MACHINE" 2> /dev/null || true
|
machinectl stop "$MACHINE" 2> /dev/null || true
|
||||||
while true; do
|
while true; do
|
||||||
machinectl status "$MACHINE" > /dev/null 2>&1 || break
|
machinectl status "$MACHINE" > /dev/null 2>&1 || break
|
||||||
sleep 1
|
sleep 1
|
||||||
echo "retry..."
|
echo "retry..."
|
||||||
done
|
done
|
||||||
diff -q "$IMAGE_NAME_RISOTTO_IMAGE_NAME".sha "$SHA_MACHINE" || rm -rf "$MACHINE_MACHINES_DIR"
|
|
||||||
fi
|
fi
|
||||||
if [ -d "$MACHINE_RISOTTO_CONFIG_DIR" ]; then
|
if [ "$NEW_IMAGE" = true ]; then
|
||||||
# fait un diff
|
echo "SUPPRIME ANCIENNE IMAGE"
|
||||||
diff -q --no-dereference -Nru "$MACHINE_RISOTTO_CONFIG_DIR" "$MACHINE_RISOTTO_CONFIG_DIR_LOCAL" || ( ./diff.py "$MACHINE" "$MACHINE_RISOTTO_CONFIG_DIR" "$MACHINE_RISOTTO_CONFIG_DIR_LOCAL" > "$MACHINE_RISOTTO_CONFIG_DIR"_changelog.md; rm -rf "$MACHINE_RISOTTO_CONFIG_DIR" )
|
rm -rf "$MACHINE_MACHINES_DIR"
|
||||||
|
fi
|
||||||
|
if [ "$NEW_CONF" = true ]; then
|
||||||
|
echo "SUPPRIME ANCIENNE CONF"
|
||||||
|
./diff.py "$MACHINE" "$MACHINE_RISOTTO_CONFIG_DIR" "$MACHINE_RISOTTO_CONFIG_DIR_LOCAL" > "$MACHINE_RISOTTO_CONFIG_DIR"_changelog.md
|
||||||
|
rm -rf "$MACHINE_RISOTTO_CONFIG_DIR"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
cp -a "$MACHINE_NAME_NSPAWN_LOCAL" "$MACHINE_NAME_NSPAWN"
|
cp -a "$MACHINE_NAME_NSPAWN_LOCAL" "$MACHINE_NAME_NSPAWN"
|
||||||
|
@ -39,6 +51,7 @@ fi
|
||||||
if [ ! -d "$MACHINE_RISOTTO_SRV_DIR" ] && [ -d "$MACHINE_RISOTTO_SRV_DIR_LOCAL" ]; then
|
if [ ! -d "$MACHINE_RISOTTO_SRV_DIR" ] && [ -d "$MACHINE_RISOTTO_SRV_DIR_LOCAL" ]; then
|
||||||
mkdir -p "$MACHINE_RISOTTO_SRV_DIR"
|
mkdir -p "$MACHINE_RISOTTO_SRV_DIR"
|
||||||
fi
|
fi
|
||||||
|
mkdir -p "$RISOTTO_JOURNALD_DIR"
|
||||||
if [ ! -d "$MACHINE_MACHINES_DIR" ]; then
|
if [ ! -d "$MACHINE_MACHINES_DIR" ]; then
|
||||||
cd "$MACHINES_DIR"
|
cd "$MACHINES_DIR"
|
||||||
tar xf "$IMAGE_NAME_RISOTTO_IMAGE_NAME"
|
tar xf "$IMAGE_NAME_RISOTTO_IMAGE_NAME"
|
||||||
|
|
|
@ -88,7 +88,7 @@ ADAPTER = redis
|
||||||
;; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180
|
;; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180
|
||||||
;; memcache: `127.0.0.1:11211`
|
;; memcache: `127.0.0.1:11211`
|
||||||
;; twoqueue: `{"size":50000,"recent_ratio":0.25,"ghost_ratio":0.5}` or `50000`
|
;; twoqueue: `{"size":50000,"recent_ratio":0.25,"ghost_ratio":0.5}` or `50000`
|
||||||
HOST = network=tcp,addr=%%redis_client_server_domainname:6379,password=%%redis_client_password,db=0,pool_size=100,idle_timeout=180
|
HOST = network=tcp,addr=%%redis_client_server_domainname:6379,username=%%redis_client_username,password=%%redis_client_password,db=0,pool_size=100,idle_timeout=180
|
||||||
;;
|
;;
|
||||||
;; Time to keep items in cache if not used, default is 16 hours.
|
;; Time to keep items in cache if not used, default is 16 hours.
|
||||||
;; Setting it to 0 disables caching
|
;; Setting it to 0 disables caching
|
||||||
|
|
|
@ -11,6 +11,7 @@
|
||||||
<family name="machine_" description="Machine " dynamic="machined.machines">
|
<family name="machine_" description="Machine " dynamic="machined.machines">
|
||||||
<variable name="external_ports_" description="External ports for " hidden="True" type="port" multi="True" provider="external_ports"/>
|
<variable name="external_ports_" description="External ports for " hidden="True" type="port" multi="True" provider="external_ports"/>
|
||||||
<variable name="srv_dir_" description="Directory with srv volume for " hidden="True" type="filename" provider="machine_srv"/>
|
<variable name="srv_dir_" description="Directory with srv volume for " hidden="True" type="filename" provider="machine_srv"/>
|
||||||
|
<variable name="journal_dir_" description="Directory with journal volume for " hidden="True" type="filename" provider="machine_journal"/>
|
||||||
<variable name="config_dir_" description="Directory with configuration volume for " hidden="True" type="filename" provider="machine_config" mandatory="True"/>
|
<variable name="config_dir_" description="Directory with configuration volume for " hidden="True" type="filename" provider="machine_config" mandatory="True"/>
|
||||||
<variable name="zones_" description="Zones for " hidden="True" provider="machine_zones" mandatory="True" multi="True"/>
|
<variable name="zones_" description="Zones for " hidden="True" provider="machine_zones" mandatory="True" multi="True"/>
|
||||||
</family>
|
</family>
|
||||||
|
|
|
@ -6,6 +6,7 @@ PrivateUsersChown=false
|
||||||
%if %%container['srv_dir_' + %%name]
|
%if %%container['srv_dir_' + %%name]
|
||||||
Bind=%%container['srv_dir_' + %%name]:/srv
|
Bind=%%container['srv_dir_' + %%name]:/srv
|
||||||
%end if
|
%end if
|
||||||
|
Bind=%%container['journal_dir_' + %%name]:/var/log/journal/
|
||||||
BindReadOnly=%%container['config_dir_' + %%name]:/usr/local/lib
|
BindReadOnly=%%container['config_dir_' + %%name]:/usr/local/lib
|
||||||
%set zones = %%container['zones_' + %%name]
|
%set zones = %%container['zones_' + %%name]
|
||||||
%if %%zones
|
%if %%zones
|
||||||
|
|
|
@ -1,16 +1,3 @@
|
||||||
def get_default_base_dn(server_name: str) -> str:
|
|
||||||
if not server_name or '.' not in server_name:
|
|
||||||
return None
|
|
||||||
values = server_name.split('.')
|
|
||||||
# cannot calculated base dn should be server.domain.tld
|
|
||||||
# remove 'server' in dn
|
|
||||||
if len(values) < 3:
|
|
||||||
return None
|
|
||||||
domain = ['ou=' + domain for domain in values[1:-2]]
|
|
||||||
domain.append(f'o={values[-2]},o={values[-1]}')
|
|
||||||
return ','.join(domain)
|
|
||||||
|
|
||||||
|
|
||||||
def valid_base_dn(base_dn: str) -> None:
|
def valid_base_dn(base_dn: str) -> None:
|
||||||
for att in ['o', 'dc', 'ou']:
|
for att in ['o', 'dc', 'ou']:
|
||||||
if base_dn.startswith(att + '='):
|
if base_dn.startswith(att + '='):
|
||||||
|
|
|
@ -9,6 +9,7 @@
|
||||||
<file engine="none">/static/silique_folder.png</file>
|
<file engine="none">/static/silique_folder.png</file>
|
||||||
<file engine="none">/static/silique_note.png</file>
|
<file engine="none">/static/silique_note.png</file>
|
||||||
<file engine="none">/static/silique_video.png</file>
|
<file engine="none">/static/silique_video.png</file>
|
||||||
|
<file engine="none">/static/silique_image.png</file>
|
||||||
<file engine="none">/static/risotto.css</file>
|
<file engine="none">/static/risotto.css</file>
|
||||||
<file>/var/lib/lemonldap-ng/conf/lmConf-1.json</file>
|
<file>/var/lib/lemonldap-ng/conf/lmConf-1.json</file>
|
||||||
<file engine="none">/etc/lemonldap-ng/lemonldap-ng.ini</file>
|
<file engine="none">/etc/lemonldap-ng/lemonldap-ng.ini</file>
|
||||||
|
|
Binary file not shown.
After Width: | Height: | Size: 2.5 KiB |
|
@ -14,6 +14,9 @@
|
||||||
<file source="config-nginx.conf">/etc/nginx/conf.d/postorius.conf</file>
|
<file source="config-nginx.conf">/etc/nginx/conf.d/postorius.conf</file>
|
||||||
<file source="postorius-settings.py">/etc/mailman3.d/postorius.py</file>
|
<file source="postorius-settings.py">/etc/mailman3.d/postorius.py</file>
|
||||||
</service>
|
</service>
|
||||||
|
<service name="postgresqlclient" target="multi-user" engine="creole">
|
||||||
|
<file owner="postorius" mode="400">/etc/pki/tls/private/postgresql_postorius.key</file>
|
||||||
|
</service>
|
||||||
</services>
|
</services>
|
||||||
<variables>
|
<variables>
|
||||||
<family name="mailman" description="Gestionnaire de liste">
|
<family name="mailman" description="Gestionnaire de liste">
|
||||||
|
@ -42,6 +45,11 @@
|
||||||
</variable>
|
</variable>
|
||||||
<variable name="oauth2_client_external" redefine="True" remove_fill="True"/>
|
<variable name="oauth2_client_external" redefine="True" remove_fill="True"/>
|
||||||
</family>
|
</family>
|
||||||
|
<family name="postgresql">
|
||||||
|
<variable name="pg_client_key_owner" redefine="True">
|
||||||
|
<value>mailman</value>
|
||||||
|
</variable>
|
||||||
|
</family>
|
||||||
</variables>
|
</variables>
|
||||||
<constraints>
|
<constraints>
|
||||||
<fill name="get_password">
|
<fill name="get_password">
|
||||||
|
|
|
@ -24,7 +24,7 @@ layout: fhs
|
||||||
#>GNUNUX
|
#>GNUNUX
|
||||||
[database]
|
[database]
|
||||||
class: mailman.database.postgresql.PostgreSQLDatabase
|
class: mailman.database.postgresql.PostgreSQLDatabase
|
||||||
url: postgresql://%%pg_client_username:%%pg_client_password@%%pg_client_server_domainname/%%pg_client_database?sslmode=verify-full
|
url: postgresql://%%pg_client_username:%%pg_client_password@%%pg_client_server_domainname/%%pg_client_database?sslmode=verify-full&sslcert=/etc/pki/tls/certs/postgresql.crt&sslkey=/etc/pki/tls/private/postgresql.key&sslrootcert=/etc/pki/ca-trust/source/anchors/ca_PostgreSQL.crt
|
||||||
|
|
||||||
[mta]
|
[mta]
|
||||||
lmtp_host: %%ip_eth0
|
lmtp_host: %%ip_eth0
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
%%get_private_key(cn=%%domain_name_eth0, authority_cn=%%pg_client_server_domainname, authority_name='PostgreSQL', type="client")
|
|
@ -10,7 +10,7 @@ DATABASES = {
|
||||||
'HOST': '%%pg_client_server_domainname', # Database server
|
'HOST': '%%pg_client_server_domainname', # Database server
|
||||||
'PORT': '', # Database port (leave blank for default)
|
'PORT': '', # Database port (leave blank for default)
|
||||||
'CONN_MAX_AGE': 300, # Max database connection age
|
'CONN_MAX_AGE': 300, # Max database connection age
|
||||||
'OPTIONS': {'sslmode': 'verify-full'},
|
'OPTIONS': {'sslmode': 'verify-full', 'sslcert': '/etc/pki/tls/certs/postgresql.crt', 'sslkey': '/etc/pki/tls/private/postgresql_postorius.key', 'sslrootcert': '/etc/pki/ca-trust/source/anchors/ca_PostgreSQL.crt'},
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
ALLOWED_HOSTS = ['%%revprox_client_external_domainname']
|
ALLOWED_HOSTS = ['%%revprox_client_external_domainname']
|
||||||
|
|
|
@ -1,5 +1,8 @@
|
||||||
<?xml version='1.0' encoding='UTF-8'?>
|
<?xml version='1.0' encoding='UTF-8'?>
|
||||||
<rougail version="0.10">
|
<rougail version="0.10">
|
||||||
|
<services>
|
||||||
|
<service name="mariadbclient" target="multi-user" engine="creole"/>
|
||||||
|
</services>
|
||||||
<variables>
|
<variables>
|
||||||
<family name="mariadb" description="MariaDB">
|
<family name="mariadb" description="MariaDB">
|
||||||
<variable name="mariadb_client_server_domainname" type="domainname" description="Nom de domaine du serveur MariaDB" mandatory="True"/>
|
<variable name="mariadb_client_server_domainname" type="domainname" description="Nom de domaine du serveur MariaDB" mandatory="True"/>
|
||||||
|
|
|
@ -0,0 +1,7 @@
|
||||||
|
[Unit]
|
||||||
|
Description=Waiting for mariadb server
|
||||||
|
Before=network.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=oneshot
|
||||||
|
ExecStart=/usr/bin/timeout 90 sh -c 'while ! 3<> /dev/tcp/%%mariadb_client_server_domainname/3306; do sleep 1; done; echo "MARIADB STARTED"'
|
|
@ -32,7 +32,7 @@
|
||||||
<value>Plateforme de collaboration Nextcloud</value>
|
<value>Plateforme de collaboration Nextcloud</value>
|
||||||
</variable>
|
</variable>
|
||||||
<variable name="oauth2_client_category" redefine='True'>
|
<variable name="oauth2_client_category" redefine='True'>
|
||||||
<value>Collaboration</value>
|
<value>Diffusion</value>
|
||||||
</variable>
|
</variable>
|
||||||
<variable name="oauth2_client_logo" redefine='True'>
|
<variable name="oauth2_client_logo" redefine='True'>
|
||||||
<value>silique_folder.png</value>
|
<value>silique_folder.png</value>
|
||||||
|
|
|
@ -37,7 +37,7 @@ $CONFIG = array (
|
||||||
'dbtableprefix' => 'oc_',
|
'dbtableprefix' => 'oc_',
|
||||||
'dbuser' => '%%pg_client_username',
|
'dbuser' => '%%pg_client_username',
|
||||||
'dbpassword' => '%%pg_client_password',
|
'dbpassword' => '%%pg_client_password',
|
||||||
'dbdriveroptions' => array('sslmode' => 'verify-full'),
|
'dbdriveroptions' => array('sslmode' => 'verify-full', 'sslcert' => '/etc/pki/tls/certs/postgresql.crt', 'sslkey' => '/etc/pki/tls/private/postgresql.key', 'sslrootcert' => '/etc/pki/ca-trust/source/anchors/ca_PostgreSQL.crt'),
|
||||||
'passwordsalt' => '{{SALT}}',
|
'passwordsalt' => '{{SALT}}',
|
||||||
'secret' => '{{SECRET}}',
|
'secret' => '{{SECRET}}',
|
||||||
'instanceid' => '%%nextcloud_instance_id',
|
'instanceid' => '%%nextcloud_instance_id',
|
||||||
|
@ -53,9 +53,15 @@ $CONFIG = array (
|
||||||
'filelocking.enabled' => true,
|
'filelocking.enabled' => true,
|
||||||
'redis' => [
|
'redis' => [
|
||||||
'host' => '%%redis_client_server_domainname',
|
'host' => '%%redis_client_server_domainname',
|
||||||
'port' => 6379,
|
'port' => 6380,
|
||||||
|
'user' => '%%redis_client_username',
|
||||||
'password' => '%%redis_client_password',
|
'password' => '%%redis_client_password',
|
||||||
'dbindex' => 0,
|
'dbindex' => 0,
|
||||||
|
'ssl_context' => [
|
||||||
|
'local_cert' => '/etc/pki/tls/certs/redis.crt',
|
||||||
|
'local_pk' => '/etc/pki/tls/private/redis.key',
|
||||||
|
'cafile' => '/etc/pki/ca-trust/source/anchors/ca_Redis.crt',
|
||||||
|
]
|
||||||
],
|
],
|
||||||
'default_phone_region' => 'FR',
|
'default_phone_region' => 'FR',
|
||||||
//OIDC login
|
//OIDC login
|
||||||
|
|
|
@ -0,0 +1,4 @@
|
||||||
|
format: '0.1'
|
||||||
|
description: Nginx as reverse proxy
|
||||||
|
depends:
|
||||||
|
- nginx-common
|
|
@ -0,0 +1,20 @@
|
||||||
|
<?xml version='1.0' encoding='UTF-8'?>
|
||||||
|
<rougail version="0.10">
|
||||||
|
<services>
|
||||||
|
<service name='nginx'>
|
||||||
|
<file>/etc/nginx/conf.d/risotto.conf</file>
|
||||||
|
<file>/etc/pki/ca-trust/source/anchors/ca_InternalReverseProxy.crt</file>
|
||||||
|
<file mode="600">/etc/pki/tls/certs/nginx.crt</file>
|
||||||
|
<file mode="600">/etc/pki/tls/private/nginx.key</file>
|
||||||
|
</service>
|
||||||
|
</services>
|
||||||
|
<variables>
|
||||||
|
<variable name="nginx_root_directory" type="filename" mandatory="True"/>
|
||||||
|
<variable name="php_fpm_user" redefine="True" exists="True">
|
||||||
|
<value>nginx</value>
|
||||||
|
</variable>
|
||||||
|
<variable name="nginx_locations" type="filename" multi="True" mandatory="True">
|
||||||
|
<value>/</value>
|
||||||
|
</variable>
|
||||||
|
</variables>
|
||||||
|
</rougail>
|
|
@ -0,0 +1 @@
|
||||||
|
%%get_chain(authority_cn=%%domain_name_eth0, authority_name="InternalReverseProxy")
|
|
@ -0,0 +1 @@
|
||||||
|
%%get_certificate(cn=%%domain_name_eth0, authority_cn=%%revprox_client_server_domainname, authority_name='InternalReverseProxy')
|
|
@ -0,0 +1,10 @@
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>Welcome</title>
|
||||||
|
<style>
|
||||||
|
</style>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -0,0 +1 @@
|
||||||
|
%%get_private_key(cn=%%domain_name_eth0, authority_cn=%%revprox_client_server_domainname, authority_name='InternalReverseProxy')
|
|
@ -0,0 +1,44 @@
|
||||||
|
server {
|
||||||
|
listen 443 default ssl;
|
||||||
|
server_name %%domain_name_eth0;
|
||||||
|
|
||||||
|
ssl_certificate /etc/pki/tls/certs/nginx.crt;
|
||||||
|
ssl_certificate_key /etc/pki/tls/private/nginx.key;
|
||||||
|
ssl_client_certificate /etc/pki/ca-trust/source/anchors/ca_InternalReverseProxy.crt;
|
||||||
|
|
||||||
|
error_page 403 404 502 503 504 /error.html;
|
||||||
|
location = /error.html{
|
||||||
|
root /var/www/html;
|
||||||
|
}
|
||||||
|
|
||||||
|
add_header X-Frame-Options "SAMEORIGIN";
|
||||||
|
add_header X-Content-Type-Options nosniff;
|
||||||
|
add_header X-XSS-Protection "1; mode=block";
|
||||||
|
add_header X-Robots-Tag none;
|
||||||
|
add_header X-Download-Options noopen;
|
||||||
|
add_header X-Permitted-Cross-Domain-Policies none;
|
||||||
|
add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains;';
|
||||||
|
add_header Referrer-Policy no-referrer always;
|
||||||
|
|
||||||
|
%for %%location in %%nginx_locations
|
||||||
|
location %%location {
|
||||||
|
%if %%location == '/'
|
||||||
|
root %slurp
|
||||||
|
%else
|
||||||
|
alias %slurp
|
||||||
|
%end if
|
||||||
|
%%nginx_root_directory;
|
||||||
|
%if not %%getVar('php_fpm_installed', False)
|
||||||
|
index index.html;
|
||||||
|
%else
|
||||||
|
index index.php;
|
||||||
|
location ~ ^(?<script_name>.+?\.php)(?<path_info>/.*)?$ {
|
||||||
|
fastcgi_pass php-fpm;
|
||||||
|
fastcgi_index index.php;
|
||||||
|
fastcgi_param SCRIPT_FILENAME $request_filename;
|
||||||
|
include fastcgi_params;
|
||||||
|
}
|
||||||
|
%end if
|
||||||
|
}
|
||||||
|
%end for
|
||||||
|
}
|
|
@ -1 +1,3 @@
|
||||||
%%get_chain(authority_cn=%%domain_name_eth0, authority_name="InternalReverseProxy")
|
%for %%idx in %%range(0, %%number_of_interfaces)
|
||||||
|
%%get_chain(authority_cn=%%getVar('domain_name_eth' + %%str(%%idx)), authority_name="InternalReverseProxy")
|
||||||
|
%end for
|
||||||
|
|
|
@ -7,6 +7,10 @@
|
||||||
<variable name="password_" description="Mot de passe" auto_save="True" hidden="True" provider="client_password"/>
|
<variable name="password_" description="Mot de passe" auto_save="True" hidden="True" provider="client_password"/>
|
||||||
<variable name="read_only_" description="Le compte est en lecture seule" type="boolean"/>
|
<variable name="read_only_" description="Le compte est en lecture seule" type="boolean"/>
|
||||||
</family>
|
</family>
|
||||||
|
<family name="acl" description="Gestion des droits d'accès aux attributes" leadership="True">
|
||||||
|
<variable name='ldap_acl_attribute' type="string" description="ACL de l'attribut" multi="True"/>
|
||||||
|
<variable name='ldap_acl_rights' type="string" description="ACL de l'attribut" multi="True"/>
|
||||||
|
</family>
|
||||||
<family name="users" description="Gestion des utilisateurs" leadership="True">
|
<family name="users" description="Gestion des utilisateurs" leadership="True">
|
||||||
<variable name='ldap_user_mail' type="mail" description="Adresse courriel du compte" multi="True"/>
|
<variable name='ldap_user_mail' type="mail" description="Adresse courriel du compte" multi="True"/>
|
||||||
<variable name='ldap_user_aliases' type="mail" description="Aliases du mail" multi="True"/> <!-- FIXME -->
|
<variable name='ldap_user_aliases' type="mail" description="Aliases du mail" multi="True"/> <!-- FIXME -->
|
||||||
|
@ -15,9 +19,16 @@
|
||||||
<variable name='ldap_user_gn' type="string" description="Nom de famille" mandatory="True"/>
|
<variable name='ldap_user_gn' type="string" description="Nom de famille" mandatory="True"/>
|
||||||
<variable name='ldap_user_password' type="password" description="Mot de passe" mandatory="True" hidden="True"/>
|
<variable name='ldap_user_password' type="password" description="Mot de passe" mandatory="True" hidden="True"/>
|
||||||
</family>
|
</family>
|
||||||
<family name="acl" description="Gestion des droits d'accès aux attributes" leadership="True">
|
<variable name="families" description="Familles" type="unix_user" multi="True"/>
|
||||||
<variable name='ldap_acl_attribute' type="string" description="ACL de l'attribut" multi="True"/>
|
<family name="family_" description="Gestion de la famille " dynamic="accounts.families">
|
||||||
<variable name='ldap_acl_rights' type="string" description="ACL de l'attribut" multi="True"/>
|
<family name="users_" description="Gestion des utilisateurs" leadership="True">
|
||||||
|
<variable name='ldap_user_mail_' type="mail" description="Adresse courriel du compte" multi="True"/>
|
||||||
|
<variable name='ldap_user_aliases_' type="mail" description="Aliases du mail" multi="True"/> <!-- FIXME -->
|
||||||
|
<variable name='ldap_user_uid_' type="unix_user" description="Nom de compte" mandatory="True"/>
|
||||||
|
<variable name='ldap_user_sn_' type="string" description="Prénom" mandatory="True"/>
|
||||||
|
<variable name='ldap_user_gn_' type="string" description="Nom de famille" mandatory="True"/>
|
||||||
|
<variable name='ldap_user_password_' type="password" description="Mot de passe" mandatory="True" hidden="True"/>
|
||||||
|
</family>
|
||||||
</family>
|
</family>
|
||||||
</variables>
|
</variables>
|
||||||
<constraints>
|
<constraints>
|
||||||
|
@ -45,5 +56,13 @@
|
||||||
<param name="temporary" type="boolean">True</param>
|
<param name="temporary" type="boolean">True</param>
|
||||||
<target>accounts.users.ldap_user_password</target>
|
<target>accounts.users.ldap_user_password</target>
|
||||||
</fill>
|
</fill>
|
||||||
|
<fill name="get_password">
|
||||||
|
<param name="server_name" type="variable">domain_name_eth0</param>
|
||||||
|
<param name="username" type='variable'>accounts.family_.users_.ldap_user_mail_</param>
|
||||||
|
<param name="description">ldap family user</param>
|
||||||
|
<param name="type">cleartext</param>
|
||||||
|
<param name="temporary" type="boolean">True</param>
|
||||||
|
<target>accounts.family_.users_.ldap_user_password_</target>
|
||||||
|
</fill>
|
||||||
</constraints>
|
</constraints>
|
||||||
</rougail>
|
</rougail>
|
||||||
|
|
|
@ -1,12 +1,44 @@
|
||||||
|
import __main__
|
||||||
from os import urandom as _urandom
|
from os import urandom as _urandom
|
||||||
from hashlib import sha1 as _sha1
|
from hashlib import sha1 as _sha1
|
||||||
from base64 import encodebytes as _encodebytes, b64encode as _b64encode
|
from base64 import encodebytes as _encodebytes, b64encode as _b64encode
|
||||||
|
from json import load as _load, dump as _dump
|
||||||
|
from os.path import dirname as _dirname, abspath as _abspath, join as _join, isfile as _isfile
|
||||||
|
|
||||||
|
|
||||||
|
_HERE = _dirname(_abspath(__main__.__file__))
|
||||||
|
_SSHA_PASSWORD_DIR = _join(_HERE, 'password', 'ssha.json')
|
||||||
|
|
||||||
|
|
||||||
# unproudly borrowed from
|
# unproudly borrowed from
|
||||||
# http://www.openldap.org/faq/data/cache/347.html
|
# http://www.openldap.org/faq/data/cache/347.html
|
||||||
def ssha_encode(password):
|
def ssha_encode(password):
|
||||||
|
# do not regenerate SSHA
|
||||||
|
if _isfile(_SSHA_PASSWORD_DIR):
|
||||||
|
with open(_SSHA_PASSWORD_DIR, 'r') as fh:
|
||||||
|
passwords = _load(fh)
|
||||||
|
else:
|
||||||
|
passwords = {}
|
||||||
|
if password in passwords:
|
||||||
|
return passwords[password]
|
||||||
salt = _urandom(4)
|
salt = _urandom(4)
|
||||||
h = _sha1(password.encode())
|
h = _sha1(password.encode())
|
||||||
h.update(salt)
|
h.update(salt)
|
||||||
return _b64encode(b"{SSHA}" + _encodebytes(h.digest() + salt)[:-1]).decode()
|
ret = _b64encode(b"{SSHA}" + _encodebytes(h.digest() + salt)[:-1]).decode()
|
||||||
|
passwords[password] = ret
|
||||||
|
with open(_SSHA_PASSWORD_DIR, 'w') as fh:
|
||||||
|
_dump(passwords, fh)
|
||||||
|
return ret
|
||||||
|
|
||||||
|
|
||||||
|
def get_default_base_dn(server_name: str) -> str:
|
||||||
|
if not server_name or '.' not in server_name:
|
||||||
|
return None
|
||||||
|
values = server_name.split('.')
|
||||||
|
# cannot calculated base dn should be server.domain.tld
|
||||||
|
# remove 'server' in dn
|
||||||
|
if len(values) < 3:
|
||||||
|
return None
|
||||||
|
domain = ['ou=' + domain for domain in values[1:-2]]
|
||||||
|
domain.append(f'o={values[-2]},o={values[-1]}')
|
||||||
|
return ','.join(domain)
|
||||||
|
|
|
@ -21,12 +21,12 @@ objectClass: top
|
||||||
objectClass: inetOrgPerson
|
objectClass: inetOrgPerson
|
||||||
|
|
||||||
%end for
|
%end for
|
||||||
|
# Users
|
||||||
dn: ou=users,%%ldap_base_dn
|
dn: ou=users,%%ldap_base_dn
|
||||||
ou: users
|
ou: users
|
||||||
objectClass: top
|
objectClass: top
|
||||||
objectClass: organizationalUnit
|
objectClass: organizationalUnit
|
||||||
|
|
||||||
# Users
|
|
||||||
%for %%user in %%accounts.users.ldap_user_mail
|
%for %%user in %%accounts.users.ldap_user_mail
|
||||||
dn: cn=%%user,ou=users,%%ldap_base_dn
|
dn: cn=%%user,ou=users,%%ldap_base_dn
|
||||||
cn: %%user
|
cn: %%user
|
||||||
|
@ -34,9 +34,33 @@ mail: %%user
|
||||||
sn: %%user.ldap_user_sn
|
sn: %%user.ldap_user_sn
|
||||||
givenName: %%user.ldap_user_gn
|
givenName: %%user.ldap_user_gn
|
||||||
uid: %%user.ldap_user_uid
|
uid: %%user.ldap_user_uid
|
||||||
#%%user.ldap_user_password
|
|
||||||
userPassword:: %%ssha_encode(%%user.ldap_user_password)
|
userPassword:: %%ssha_encode(%%user.ldap_user_password)
|
||||||
objectClass: top
|
objectClass: top
|
||||||
objectClass: inetOrgPerson
|
objectClass: inetOrgPerson
|
||||||
|
|
||||||
%end for
|
%end for
|
||||||
|
# Families
|
||||||
|
dn: ou=families,%%ldap_base_dn
|
||||||
|
ou: families
|
||||||
|
objectClass: top
|
||||||
|
objectClass: organizationalUnit
|
||||||
|
|
||||||
|
%for %%family in %%accounts.families
|
||||||
|
dn: ou=%%family,ou=families,%%ldap_base_dn
|
||||||
|
ou: %%family
|
||||||
|
objectClass: top
|
||||||
|
objectClass: organizationalUnit
|
||||||
|
|
||||||
|
%for %%user in %%accounts['family_' + %%family]['users_' + %%family]['ldap_user_mail_' + %%family]
|
||||||
|
dn: cn=%%user,ou=families,%%ldap_base_dn
|
||||||
|
cn: %%user
|
||||||
|
mail: %%user
|
||||||
|
sn: %%user['ldap_user_sn_' + %%family]
|
||||||
|
givenName: %%user['ldap_user_gn_' + %%family]
|
||||||
|
uid: %%user['ldap_user_uid_' + %%family]
|
||||||
|
userPassword:: %%ssha_encode(%%user['ldap_user_password_' + %%family])
|
||||||
|
objectClass: top
|
||||||
|
objectClass: inetOrgPerson
|
||||||
|
|
||||||
|
%end for
|
||||||
|
%end for
|
||||||
|
|
|
@ -3,8 +3,17 @@
|
||||||
<services>
|
<services>
|
||||||
<service name="php-fpm">
|
<service name="php-fpm">
|
||||||
<file engine="none">/etc/php-fpm.conf</file>
|
<file engine="none">/etc/php-fpm.conf</file>
|
||||||
|
<file>/etc/php-fpm.d/www.conf</file>
|
||||||
<file engine="none" source="sysuser-phpfpm.conf">/sysusers.d/phpfpm.conf</file>
|
<file engine="none" source="sysuser-phpfpm.conf">/sysusers.d/phpfpm.conf</file>
|
||||||
<file engine="none" source="tmpfile-phpfpm.conf">/tmpfiles.d/0phpfpm.conf</file>
|
<file source="tmpfile-phpfpm.conf">/tmpfiles.d/0phpfpm.conf</file>
|
||||||
</service>
|
</service>
|
||||||
</services>
|
</services>
|
||||||
|
<variables>
|
||||||
|
<variable name="php_fpm_user" type="unix_user">
|
||||||
|
<value>root</value>
|
||||||
|
</variable>
|
||||||
|
<variable name="php_fpm_installed" type="boolean">
|
||||||
|
<value>True</value>
|
||||||
|
</variable>
|
||||||
|
</variables>
|
||||||
</rougail>
|
</rougail>
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
PKG="$PKG php-fpm"
|
|
@ -1 +1 @@
|
||||||
d /var/lib/php/session 770 root apache - -
|
d /var/lib/php/session 770 root %%php_fpm_user - -
|
||||||
|
|
439
seed/applicationservice/2022.03.08/php-fpm/templates/www.conf
Normal file
439
seed/applicationservice/2022.03.08/php-fpm/templates/www.conf
Normal file
|
@ -0,0 +1,439 @@
|
||||||
|
; Start a new pool named 'www'.
|
||||||
|
; the variable $pool can be used in any directive and will be replaced by the
|
||||||
|
; pool name ('www' here)
|
||||||
|
[www]
|
||||||
|
|
||||||
|
; Per pool prefix
|
||||||
|
; It only applies on the following directives:
|
||||||
|
; - 'access.log'
|
||||||
|
; - 'slowlog'
|
||||||
|
; - 'listen' (unixsocket)
|
||||||
|
; - 'chroot'
|
||||||
|
; - 'chdir'
|
||||||
|
; - 'php_values'
|
||||||
|
; - 'php_admin_values'
|
||||||
|
; When not set, the global prefix (or @php_fpm_prefix@) applies instead.
|
||||||
|
; Note: This directive can also be relative to the global prefix.
|
||||||
|
; Default Value: none
|
||||||
|
;prefix = /path/to/pools/$pool
|
||||||
|
|
||||||
|
; Unix user/group of processes
|
||||||
|
; Note: The user is mandatory. If the group is not set, the default user's group
|
||||||
|
; will be used.
|
||||||
|
; RPM: apache user chosen to provide access to the same directories as httpd
|
||||||
|
user = %%php_fpm_user
|
||||||
|
; RPM: Keep a group allowed to write in log dir.
|
||||||
|
group = %%php_fpm_user
|
||||||
|
|
||||||
|
; The address on which to accept FastCGI requests.
|
||||||
|
; Valid syntaxes are:
|
||||||
|
; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on
|
||||||
|
; a specific port;
|
||||||
|
; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
|
||||||
|
; a specific port;
|
||||||
|
; 'port' - to listen on a TCP socket to all addresses
|
||||||
|
; (IPv6 and IPv4-mapped) on a specific port;
|
||||||
|
; '/path/to/unix/socket' - to listen on a unix socket.
|
||||||
|
; Note: This value is mandatory.
|
||||||
|
listen = /run/php-fpm/www.sock
|
||||||
|
|
||||||
|
; Set listen(2) backlog.
|
||||||
|
; Default Value: 511
|
||||||
|
;listen.backlog = 511
|
||||||
|
|
||||||
|
; Set permissions for unix socket, if one is used. In Linux, read/write
|
||||||
|
; permissions must be set in order to allow connections from a web server.
|
||||||
|
; Default Values: user and group are set as the running user
|
||||||
|
; mode is set to 0660
|
||||||
|
;listen.owner = nobody
|
||||||
|
;listen.group = nobody
|
||||||
|
;listen.mode = 0660
|
||||||
|
|
||||||
|
; When POSIX Access Control Lists are supported you can set them using
|
||||||
|
; these options, value is a comma separated list of user/group names.
|
||||||
|
; When set, listen.owner and listen.group are ignored
|
||||||
|
listen.acl_users = %%php_fpm_user
|
||||||
|
;listen.acl_groups =
|
||||||
|
|
||||||
|
; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect.
|
||||||
|
; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
|
||||||
|
; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
|
||||||
|
; must be separated by a comma. If this value is left blank, connections will be
|
||||||
|
; accepted from any ip address.
|
||||||
|
; Default Value: any
|
||||||
|
listen.allowed_clients = 127.0.0.1
|
||||||
|
|
||||||
|
; Specify the nice(2) priority to apply to the pool processes (only if set)
|
||||||
|
; The value can vary from -19 (highest priority) to 20 (lower priority)
|
||||||
|
; Note: - It will only work if the FPM master process is launched as root
|
||||||
|
; - The pool processes will inherit the master process priority
|
||||||
|
; unless it specified otherwise
|
||||||
|
; Default Value: no set
|
||||||
|
; process.priority = -19
|
||||||
|
|
||||||
|
; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user
|
||||||
|
; or group is differrent than the master process user. It allows to create process
|
||||||
|
; core dump and ptrace the process for the pool user.
|
||||||
|
; Default Value: no
|
||||||
|
; process.dumpable = yes
|
||||||
|
|
||||||
|
; Choose how the process manager will control the number of child processes.
|
||||||
|
; Possible Values:
|
||||||
|
; static - a fixed number (pm.max_children) of child processes;
|
||||||
|
; dynamic - the number of child processes are set dynamically based on the
|
||||||
|
; following directives. With this process management, there will be
|
||||||
|
; always at least 1 children.
|
||||||
|
; pm.max_children - the maximum number of children that can
|
||||||
|
; be alive at the same time.
|
||||||
|
; pm.start_servers - the number of children created on startup.
|
||||||
|
; pm.min_spare_servers - the minimum number of children in 'idle'
|
||||||
|
; state (waiting to process). If the number
|
||||||
|
; of 'idle' processes is less than this
|
||||||
|
; number then some children will be created.
|
||||||
|
; pm.max_spare_servers - the maximum number of children in 'idle'
|
||||||
|
; state (waiting to process). If the number
|
||||||
|
; of 'idle' processes is greater than this
|
||||||
|
; number then some children will be killed.
|
||||||
|
; ondemand - no children are created at startup. Children will be forked when
|
||||||
|
; new requests will connect. The following parameter are used:
|
||||||
|
; pm.max_children - the maximum number of children that
|
||||||
|
; can be alive at the same time.
|
||||||
|
; pm.process_idle_timeout - The number of seconds after which
|
||||||
|
; an idle process will be killed.
|
||||||
|
; Note: This value is mandatory.
|
||||||
|
pm = dynamic
|
||||||
|
|
||||||
|
; The number of child processes to be created when pm is set to 'static' and the
|
||||||
|
; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
|
||||||
|
; This value sets the limit on the number of simultaneous requests that will be
|
||||||
|
; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
|
||||||
|
; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
|
||||||
|
; CGI. The below defaults are based on a server without much resources. Don't
|
||||||
|
; forget to tweak pm.* to fit your needs.
|
||||||
|
; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
|
||||||
|
; Note: This value is mandatory.
|
||||||
|
pm.max_children = 50
|
||||||
|
|
||||||
|
; The number of child processes created on startup.
|
||||||
|
; Note: Used only when pm is set to 'dynamic'
|
||||||
|
; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
|
||||||
|
pm.start_servers = 5
|
||||||
|
|
||||||
|
; The desired minimum number of idle server processes.
|
||||||
|
; Note: Used only when pm is set to 'dynamic'
|
||||||
|
; Note: Mandatory when pm is set to 'dynamic'
|
||||||
|
pm.min_spare_servers = 5
|
||||||
|
|
||||||
|
; The desired maximum number of idle server processes.
|
||||||
|
; Note: Used only when pm is set to 'dynamic'
|
||||||
|
; Note: Mandatory when pm is set to 'dynamic'
|
||||||
|
pm.max_spare_servers = 35
|
||||||
|
|
||||||
|
; The number of seconds after which an idle process will be killed.
|
||||||
|
; Note: Used only when pm is set to 'ondemand'
|
||||||
|
; Default Value: 10s
|
||||||
|
;pm.process_idle_timeout = 10s;
|
||||||
|
|
||||||
|
; The number of requests each child process should execute before respawning.
|
||||||
|
; This can be useful to work around memory leaks in 3rd party libraries. For
|
||||||
|
; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
|
||||||
|
; Default Value: 0
|
||||||
|
;pm.max_requests = 500
|
||||||
|
|
||||||
|
; The URI to view the FPM status page. If this value is not set, no URI will be
|
||||||
|
; recognized as a status page. It shows the following informations:
|
||||||
|
; pool - the name of the pool;
|
||||||
|
; process manager - static, dynamic or ondemand;
|
||||||
|
; start time - the date and time FPM has started;
|
||||||
|
; start since - number of seconds since FPM has started;
|
||||||
|
; accepted conn - the number of request accepted by the pool;
|
||||||
|
; listen queue - the number of request in the queue of pending
|
||||||
|
; connections (see backlog in listen(2));
|
||||||
|
; max listen queue - the maximum number of requests in the queue
|
||||||
|
; of pending connections since FPM has started;
|
||||||
|
; listen queue len - the size of the socket queue of pending connections;
|
||||||
|
; idle processes - the number of idle processes;
|
||||||
|
; active processes - the number of active processes;
|
||||||
|
; total processes - the number of idle + active processes;
|
||||||
|
; max active processes - the maximum number of active processes since FPM
|
||||||
|
; has started;
|
||||||
|
; max children reached - number of times, the process limit has been reached,
|
||||||
|
; when pm tries to start more children (works only for
|
||||||
|
; pm 'dynamic' and 'ondemand');
|
||||||
|
; Value are updated in real time.
|
||||||
|
; Example output:
|
||||||
|
; pool: www
|
||||||
|
; process manager: static
|
||||||
|
; start time: 01/Jul/2011:17:53:49 +0200
|
||||||
|
; start since: 62636
|
||||||
|
; accepted conn: 190460
|
||||||
|
; listen queue: 0
|
||||||
|
; max listen queue: 1
|
||||||
|
; listen queue len: 42
|
||||||
|
; idle processes: 4
|
||||||
|
; active processes: 11
|
||||||
|
; total processes: 15
|
||||||
|
; max active processes: 12
|
||||||
|
; max children reached: 0
|
||||||
|
;
|
||||||
|
; By default the status page output is formatted as text/plain. Passing either
|
||||||
|
; 'html', 'xml' or 'json' in the query string will return the corresponding
|
||||||
|
; output syntax. Example:
|
||||||
|
; http://www.foo.bar/status
|
||||||
|
; http://www.foo.bar/status?json
|
||||||
|
; http://www.foo.bar/status?html
|
||||||
|
; http://www.foo.bar/status?xml
|
||||||
|
;
|
||||||
|
; By default the status page only outputs short status. Passing 'full' in the
|
||||||
|
; query string will also return status for each pool process.
|
||||||
|
; Example:
|
||||||
|
; http://www.foo.bar/status?full
|
||||||
|
; http://www.foo.bar/status?json&full
|
||||||
|
; http://www.foo.bar/status?html&full
|
||||||
|
; http://www.foo.bar/status?xml&full
|
||||||
|
; The Full status returns for each process:
|
||||||
|
; pid - the PID of the process;
|
||||||
|
; state - the state of the process (Idle, Running, ...);
|
||||||
|
; start time - the date and time the process has started;
|
||||||
|
; start since - the number of seconds since the process has started;
|
||||||
|
; requests - the number of requests the process has served;
|
||||||
|
; request duration - the duration in µs of the requests;
|
||||||
|
; request method - the request method (GET, POST, ...);
|
||||||
|
; request URI - the request URI with the query string;
|
||||||
|
; content length - the content length of the request (only with POST);
|
||||||
|
; user - the user (PHP_AUTH_USER) (or '-' if not set);
|
||||||
|
; script - the main script called (or '-' if not set);
|
||||||
|
; last request cpu - the %cpu the last request consumed
|
||||||
|
; it's always 0 if the process is not in Idle state
|
||||||
|
; because CPU calculation is done when the request
|
||||||
|
; processing has terminated;
|
||||||
|
; last request memory - the max amount of memory the last request consumed
|
||||||
|
; it's always 0 if the process is not in Idle state
|
||||||
|
; because memory calculation is done when the request
|
||||||
|
; processing has terminated;
|
||||||
|
; If the process is in Idle state, then informations are related to the
|
||||||
|
; last request the process has served. Otherwise informations are related to
|
||||||
|
; the current request being served.
|
||||||
|
; Example output:
|
||||||
|
; ************************
|
||||||
|
; pid: 31330
|
||||||
|
; state: Running
|
||||||
|
; start time: 01/Jul/2011:17:53:49 +0200
|
||||||
|
; start since: 63087
|
||||||
|
; requests: 12808
|
||||||
|
; request duration: 1250261
|
||||||
|
; request method: GET
|
||||||
|
; request URI: /test_mem.php?N=10000
|
||||||
|
; content length: 0
|
||||||
|
; user: -
|
||||||
|
; script: /home/fat/web/docs/php/test_mem.php
|
||||||
|
; last request cpu: 0.00
|
||||||
|
; last request memory: 0
|
||||||
|
;
|
||||||
|
; Note: There is a real-time FPM status monitoring sample web page available
|
||||||
|
; It's available in: @EXPANDED_DATADIR@/fpm/status.html
|
||||||
|
;
|
||||||
|
; Note: The value must start with a leading slash (/). The value can be
|
||||||
|
; anything, but it may not be a good idea to use the .php extension or it
|
||||||
|
; may conflict with a real PHP file.
|
||||||
|
; Default Value: not set
|
||||||
|
;pm.status_path = /status
|
||||||
|
|
||||||
|
; The ping URI to call the monitoring page of FPM. If this value is not set, no
|
||||||
|
; URI will be recognized as a ping page. This could be used to test from outside
|
||||||
|
; that FPM is alive and responding, or to
|
||||||
|
; - create a graph of FPM availability (rrd or such);
|
||||||
|
; - remove a server from a group if it is not responding (load balancing);
|
||||||
|
; - trigger alerts for the operating team (24/7).
|
||||||
|
; Note: The value must start with a leading slash (/). The value can be
|
||||||
|
; anything, but it may not be a good idea to use the .php extension or it
|
||||||
|
; may conflict with a real PHP file.
|
||||||
|
; Default Value: not set
|
||||||
|
;ping.path = /ping
|
||||||
|
|
||||||
|
; This directive may be used to customize the response of a ping request. The
|
||||||
|
; response is formatted as text/plain with a 200 response code.
|
||||||
|
; Default Value: pong
|
||||||
|
;ping.response = pong
|
||||||
|
|
||||||
|
; The access log file
|
||||||
|
; Default: not set
|
||||||
|
;access.log = log/$pool.access.log
|
||||||
|
|
||||||
|
; The access log format.
|
||||||
|
; The following syntax is allowed
|
||||||
|
; %%: the '%' character
|
||||||
|
; %C: %CPU used by the request
|
||||||
|
; it can accept the following format:
|
||||||
|
; - %{user}C for user CPU only
|
||||||
|
; - %{system}C for system CPU only
|
||||||
|
; - %{total}C for user + system CPU (default)
|
||||||
|
; %d: time taken to serve the request
|
||||||
|
; it can accept the following format:
|
||||||
|
; - %{seconds}d (default)
|
||||||
|
; - %{miliseconds}d
|
||||||
|
; - %{mili}d
|
||||||
|
; - %{microseconds}d
|
||||||
|
; - %{micro}d
|
||||||
|
; %e: an environment variable (same as $_ENV or $_SERVER)
|
||||||
|
; it must be associated with embraces to specify the name of the env
|
||||||
|
; variable. Some exemples:
|
||||||
|
; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e
|
||||||
|
; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e
|
||||||
|
; %f: script filename
|
||||||
|
; %l: content-length of the request (for POST request only)
|
||||||
|
; %m: request method
|
||||||
|
; %M: peak of memory allocated by PHP
|
||||||
|
; it can accept the following format:
|
||||||
|
; - %{bytes}M (default)
|
||||||
|
; - %{kilobytes}M
|
||||||
|
; - %{kilo}M
|
||||||
|
; - %{megabytes}M
|
||||||
|
; - %{mega}M
|
||||||
|
; %n: pool name
|
||||||
|
; %o: output header
|
||||||
|
; it must be associated with embraces to specify the name of the header:
|
||||||
|
; - %{Content-Type}o
|
||||||
|
; - %{X-Powered-By}o
|
||||||
|
; - %{Transfert-Encoding}o
|
||||||
|
; - ....
|
||||||
|
; %p: PID of the child that serviced the request
|
||||||
|
; %P: PID of the parent of the child that serviced the request
|
||||||
|
; %q: the query string
|
||||||
|
; %Q: the '?' character if query string exists
|
||||||
|
; %r: the request URI (without the query string, see %q and %Q)
|
||||||
|
; %R: remote IP address
|
||||||
|
; %s: status (response code)
|
||||||
|
; %t: server time the request was received
|
||||||
|
; it can accept a strftime(3) format:
|
||||||
|
; %d/%b/%Y:%H:%M:%S %z (default)
|
||||||
|
; The strftime(3) format must be encapsuled in a %{<strftime_format>}t tag
|
||||||
|
; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
|
||||||
|
; %T: time the log has been written (the request has finished)
|
||||||
|
; it can accept a strftime(3) format:
|
||||||
|
; %d/%b/%Y:%H:%M:%S %z (default)
|
||||||
|
; The strftime(3) format must be encapsuled in a %{<strftime_format>}t tag
|
||||||
|
; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
|
||||||
|
; %u: remote user
|
||||||
|
;
|
||||||
|
; Default: "%R - %u %t \"%m %r\" %s"
|
||||||
|
;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
|
||||||
|
|
||||||
|
; The log file for slow requests
|
||||||
|
; Default Value: not set
|
||||||
|
; Note: slowlog is mandatory if request_slowlog_timeout is set
|
||||||
|
slowlog = syslog
|
||||||
|
|
||||||
|
; The timeout for serving a single request after which a PHP backtrace will be
|
||||||
|
; dumped to the 'slowlog' file. A value of '0s' means 'off'.
|
||||||
|
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
|
||||||
|
; Default Value: 0
|
||||||
|
;request_slowlog_timeout = 0
|
||||||
|
|
||||||
|
; Depth of slow log stack trace.
|
||||||
|
; Default Value: 20
|
||||||
|
;request_slowlog_trace_depth = 20
|
||||||
|
|
||||||
|
; The timeout for serving a single request after which the worker process will
|
||||||
|
; be killed. This option should be used when the 'max_execution_time' ini option
|
||||||
|
; does not stop script execution for some reason. A value of '0' means 'off'.
|
||||||
|
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
|
||||||
|
; Default Value: 0
|
||||||
|
;request_terminate_timeout = 0
|
||||||
|
|
||||||
|
; Set open file descriptor rlimit.
|
||||||
|
; Default Value: system defined value
|
||||||
|
;rlimit_files = 1024
|
||||||
|
|
||||||
|
; Set max core size rlimit.
|
||||||
|
; Possible Values: 'unlimited' or an integer greater or equal to 0
|
||||||
|
; Default Value: system defined value
|
||||||
|
;rlimit_core = 0
|
||||||
|
|
||||||
|
; Chroot to this directory at the start. This value must be defined as an
|
||||||
|
; absolute path. When this value is not set, chroot is not used.
|
||||||
|
; Note: you can prefix with '$prefix' to chroot to the pool prefix or one
|
||||||
|
; of its subdirectories. If the pool prefix is not set, the global prefix
|
||||||
|
; will be used instead.
|
||||||
|
; Note: chrooting is a great security feature and should be used whenever
|
||||||
|
; possible. However, all PHP paths will be relative to the chroot
|
||||||
|
; (error_log, sessions.save_path, ...).
|
||||||
|
; Default Value: not set
|
||||||
|
;chroot =
|
||||||
|
|
||||||
|
; Chdir to this directory at the start.
|
||||||
|
; Note: relative path can be used.
|
||||||
|
; Default Value: current directory or / when chroot
|
||||||
|
;chdir = /var/www
|
||||||
|
|
||||||
|
; Redirect worker stdout and stderr into main error log. If not set, stdout and
|
||||||
|
; stderr will be redirected to /dev/null according to FastCGI specs.
|
||||||
|
; Note: on highloaded environement, this can cause some delay in the page
|
||||||
|
; process time (several ms).
|
||||||
|
; Default Value: no
|
||||||
|
;catch_workers_output = yes
|
||||||
|
|
||||||
|
; Clear environment in FPM workers
|
||||||
|
; Prevents arbitrary environment variables from reaching FPM worker processes
|
||||||
|
; by clearing the environment in workers before env vars specified in this
|
||||||
|
; pool configuration are added.
|
||||||
|
; Setting to "no" will make all environment variables available to PHP code
|
||||||
|
; via getenv(), $_ENV and $_SERVER.
|
||||||
|
; Default Value: yes
|
||||||
|
;clear_env = no
|
||||||
|
|
||||||
|
; Limits the extensions of the main script FPM will allow to parse. This can
|
||||||
|
; prevent configuration mistakes on the web server side. You should only limit
|
||||||
|
; FPM to .php extensions to prevent malicious users to use other extensions to
|
||||||
|
; execute php code.
|
||||||
|
; Note: set an empty value to allow all extensions.
|
||||||
|
; Default Value: .php
|
||||||
|
;security.limit_extensions = .php .php3 .php4 .php5 .php7
|
||||||
|
|
||||||
|
; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
|
||||||
|
; the current environment.
|
||||||
|
; Default Value: clean env
|
||||||
|
;env[HOSTNAME] = $HOSTNAME
|
||||||
|
;env[PATH] = /usr/local/bin:/usr/bin:/bin
|
||||||
|
;env[TMP] = /tmp
|
||||||
|
;env[TMPDIR] = /tmp
|
||||||
|
;env[TEMP] = /tmp
|
||||||
|
|
||||||
|
; Additional php.ini defines, specific to this pool of workers. These settings
|
||||||
|
; overwrite the values previously defined in the php.ini. The directives are the
|
||||||
|
; same as the PHP SAPI:
|
||||||
|
; php_value/php_flag - you can set classic ini defines which can
|
||||||
|
; be overwritten from PHP call 'ini_set'.
|
||||||
|
; php_admin_value/php_admin_flag - these directives won't be overwritten by
|
||||||
|
; PHP call 'ini_set'
|
||||||
|
; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.
|
||||||
|
|
||||||
|
; Defining 'extension' will load the corresponding shared extension from
|
||||||
|
; extension_dir. Defining 'disable_functions' or 'disable_classes' will not
|
||||||
|
; overwrite previously defined php.ini values, but will append the new value
|
||||||
|
; instead.
|
||||||
|
|
||||||
|
; Note: path INI options can be relative and will be expanded with the prefix
|
||||||
|
; (pool, global or @prefix@)
|
||||||
|
|
||||||
|
; Default Value: nothing is defined by default except the values in php.ini and
|
||||||
|
; specified at startup with the -d argument
|
||||||
|
;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
|
||||||
|
;php_flag[display_errors] = off
|
||||||
|
php_admin_value[error_log] = syslog
|
||||||
|
php_admin_flag[log_errors] = on
|
||||||
|
;php_admin_value[memory_limit] = 128M
|
||||||
|
|
||||||
|
; Set the following data paths to directories owned by the FPM process user.
|
||||||
|
;
|
||||||
|
; Do not change the ownership of existing system directories, if the process
|
||||||
|
; user does not have write permission, create dedicated directories for this
|
||||||
|
; purpose.
|
||||||
|
;
|
||||||
|
; See warning about choosing the location of these directories on your system
|
||||||
|
; at http://php.net/session.save-path
|
||||||
|
php_value[session.save_handler] = redis
|
||||||
|
;GNUNUX php_value[session.save_path] = /var/lib/php/session
|
||||||
|
;php_value[session.save_path] = "tcp://%%redis_client_server_domainname:6379?auth[user]=%%redis_client_username&auth[pass]=%%redis_client_password"
|
||||||
|
php_value[soap.wsdl_cache_dir] = /var/lib/php/wsdlcache
|
||||||
|
;php_value[opcache.file_cache] = /var/lib/php/opcache
|
14
seed/applicationservice/2022.03.08/php/DEBUG.md
Normal file
14
seed/applicationservice/2022.03.08/php/DEBUG.md
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
Test une session avec redis
|
||||||
|
============================
|
||||||
|
|
||||||
|
<?php
|
||||||
|
session_id('jlnp3nfrq92ffquipn4534ojbe');
|
||||||
|
session_start();
|
||||||
|
if (!isset($_SESSION['count'])) {
|
||||||
|
$_SESSION['count'] = 0;
|
||||||
|
} else {
|
||||||
|
$_SESSION['count']++;
|
||||||
|
}
|
||||||
|
print($_SESSION['count']);
|
||||||
|
?>
|
||||||
|
|
|
@ -1,2 +1,4 @@
|
||||||
format: '0.1'
|
format: '0.1'
|
||||||
description: PHP configuration
|
description: PHP configuration
|
||||||
|
depends:
|
||||||
|
- redis-client
|
||||||
|
|
|
@ -1329,7 +1329,11 @@ browscap = /etc/php/extra/browscap.ini
|
||||||
[Session]
|
[Session]
|
||||||
; Handler used to store/retrieve data.
|
; Handler used to store/retrieve data.
|
||||||
; http://php.net/session.save-handler
|
; http://php.net/session.save-handler
|
||||||
session.save_handler = files
|
# GNUNUX session.save_handler = files
|
||||||
|
session.save_handler = redis
|
||||||
|
session.save_path = "tcp://%%redis_client_server_domainname:6379?auth[user]=%%redis_client_username&auth[pass]=%%redis_client_password"
|
||||||
|
;GNUNUX https://github.com/phpredis/phpredis/issues/2062
|
||||||
|
#session.save_path = "tls://%%redis_client_server_domainname:6379?auth[user]=%%redis_client_username&auth[pass]=%%redis_client_password&stream[verify_peer]=1&stream[cafile]=/etc/pki/ca-trust/source/anchors/ca_Redis.crt&stream[local_cert]=/etc/pki/tls/certs/redis.crt&stream[local_pk]=/etc/pki/tls/private/redis.key"
|
||||||
|
|
||||||
; Argument passed to save_handler. In the case of files, this is the path
|
; Argument passed to save_handler. In the case of files, this is the path
|
||||||
; where data files are stored. Note: Windows users have to change this
|
; where data files are stored. Note: Windows users have to change this
|
||||||
|
@ -1424,7 +1428,7 @@ session.serialize_handler = php
|
||||||
; Development Value: 1
|
; Development Value: 1
|
||||||
; Production Value: 1
|
; Production Value: 1
|
||||||
; http://php.net/session.gc-probability
|
; http://php.net/session.gc-probability
|
||||||
session.gc_probability = 0
|
session.gc_probability = 1
|
||||||
|
|
||||||
; Defines the probability that the 'garbage collection' process is started on every
|
; Defines the probability that the 'garbage collection' process is started on every
|
||||||
; session initialization. The probability is calculated by using gc_probability/gc_divisor,
|
; session initialization. The probability is calculated by using gc_probability/gc_divisor,
|
||||||
|
|
|
@ -6,6 +6,6 @@ depends:
|
||||||
- ldap-client-fedora
|
- ldap-client-fedora
|
||||||
- oauth2-client
|
- oauth2-client
|
||||||
- relay-mail-client
|
- relay-mail-client
|
||||||
- nginx-common
|
- nginx-https
|
||||||
- php-fpm
|
- php-fpm
|
||||||
- reverse-proxy-client
|
- reverse-proxy-client
|
||||||
|
|
|
@ -1,11 +1,56 @@
|
||||||
<?xml version='1.0' encoding='UTF-8'?>
|
<?xml version='1.0' encoding='UTF-8'?>
|
||||||
<rougail version="0.10">
|
<rougail version="0.10">
|
||||||
<services>
|
<services>
|
||||||
<service name="piwigo" manage="False">
|
<service name="piwigo" engine="creole" target="multi-user">
|
||||||
|
<file source="tmpfile-piwigo.conf">/tmpfiles.d/0piwigo.conf</file>
|
||||||
|
<file>/etc/piwigo/config.inc.php</file>
|
||||||
|
<file>/etc/piwigo/database.inc.php</file>
|
||||||
|
<file mode="755">/bin/piwigo.sh</file>
|
||||||
|
<file engine="none">/etc/php-fpm.d/piwigo.conf</file>
|
||||||
</service>
|
</service>
|
||||||
</services>
|
</services>
|
||||||
<variables>
|
<variables>
|
||||||
<family name="piwigo" description="Piwigo">
|
<variable name="piwigo_admin_email" type="mail" description="Adresse courriel de l'administrateur Piwigo" mandatory="True"/>
|
||||||
|
<variable name="piwigo_admin_password" type="password" auto_save="True" hidden="True"/>
|
||||||
|
<variable name="nginx_root_directory" mandatory="True" redefine="True">
|
||||||
|
<value>/usr/local/share/piwigo</value>
|
||||||
|
</variable>
|
||||||
|
<variable name="piwigo_title" type="string" description="Titre de l'album" mandatory="True">
|
||||||
|
<value>Album photographique</value>
|
||||||
|
</variable>
|
||||||
|
<family name="users" leadership="True">
|
||||||
|
<variable name="piwigo_users" type="unix_user" description="Utilisateur ayant un album" multi="True" mandatory="True"/>
|
||||||
|
<variable name="piwigo_email" type="mail" description="Adresse courriel" mandatory="True"/>
|
||||||
|
</family>
|
||||||
|
<family name="oauth2_client">
|
||||||
|
<variable name="oauth2_is_client_application" redefine='True'>
|
||||||
|
<value>True</value>
|
||||||
|
</variable>
|
||||||
|
<variable name="oauth2_client_name" redefine='True'>
|
||||||
|
<value>Album</value>
|
||||||
|
</variable>
|
||||||
|
<variable name="oauth2_client_description" redefine='True'>
|
||||||
|
<value>Album photographique Piwigo</value>
|
||||||
|
</variable>
|
||||||
|
<variable name="oauth2_client_category" redefine='True'>
|
||||||
|
<value>Diffusion</value>
|
||||||
|
</variable>
|
||||||
|
<variable name="oauth2_client_logo" redefine='True'>
|
||||||
|
<value>silique_image.png</value>
|
||||||
|
</variable>
|
||||||
</family>
|
</family>
|
||||||
</variables>
|
</variables>
|
||||||
|
<constraints>
|
||||||
|
<fill name="get_password">
|
||||||
|
<param name="server_name" type="variable">domain_name_eth0</param>
|
||||||
|
<param name="username">admin_password</param>
|
||||||
|
<param name="description">piwigo</param>
|
||||||
|
<param name="type">cleartext</param>
|
||||||
|
<target>piwigo_admin_password</target>
|
||||||
|
</fill>
|
||||||
|
<fill name="get_locations">
|
||||||
|
<param name="usernames" type="variable">piwigo_users</param>
|
||||||
|
<target>nginx_locations</target>
|
||||||
|
</fill>
|
||||||
|
</constraints>
|
||||||
</rougail>
|
</rougail>
|
||||||
|
|
|
@ -0,0 +1,6 @@
|
||||||
|
from risotto.utils import multi_function as _multi_function
|
||||||
|
|
||||||
|
|
||||||
|
@_multi_function
|
||||||
|
def get_locations(usernames):
|
||||||
|
return ['/'] + ['/' + user for user in usernames]
|
|
@ -0,0 +1,13 @@
|
||||||
|
<?php
|
||||||
|
define('PHPWG_ROOT_PATH','./');
|
||||||
|
if (isset($_GET['v']) and $_GET['v'] == 1)
|
||||||
|
include_once( PHPWG_ROOT_PATH. 'plugins/piwigo-openstreetmap/osmmap.php');
|
||||||
|
else if (isset($_GET['v']) and $_GET['v'] == 2)
|
||||||
|
include_once( PHPWG_ROOT_PATH. 'plugins/piwigo-openstreetmap/osmmap2.php');
|
||||||
|
else if (isset($_GET['v']) and $_GET['v'] == 3)
|
||||||
|
include_once( PHPWG_ROOT_PATH. 'plugins/piwigo-openstreetmap/osmmap3.php');
|
||||||
|
else if (isset($_GET['v']) and $_GET['v'] == 4)
|
||||||
|
include_once( PHPWG_ROOT_PATH. 'plugins/piwigo-openstreetmap/osmmap4.php');
|
||||||
|
else
|
||||||
|
include_once( PHPWG_ROOT_PATH. 'plugins/piwigo-openstreetmap/osmmap3.php');
|
||||||
|
?>
|
|
@ -0,0 +1,288 @@
|
||||||
|
--- piwigo/admin/include/functions_install.inc.php
|
||||||
|
+++ piwigo/admin/include/functions_install.inc.php
|
||||||
|
@@ -21,6 +21,7 @@
|
||||||
|
* @param string $replaced
|
||||||
|
* @param string $replacing
|
||||||
|
*/
|
||||||
|
+
|
||||||
|
function execute_sqlfile($filepath, $replaced, $replacing, $dblayer)
|
||||||
|
{
|
||||||
|
$sql_lines = file($filepath);
|
||||||
|
@@ -91,17 +92,15 @@ function activate_core_plugins()
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
- * Connect to database during installation. Uses $_POST.
|
||||||
|
+ * Connect to database during installation.
|
||||||
|
*
|
||||||
|
- * @param array &$infos - populated with infos
|
||||||
|
* @param array &$errors - populated with errors
|
||||||
|
*/
|
||||||
|
-function install_db_connect(&$infos, &$errors)
|
||||||
|
+function install_db_connect($dbhost, $dbuser, $dbpasswd, $dbname, &$errors)
|
||||||
|
{
|
||||||
|
try
|
||||||
|
{
|
||||||
|
- pwg_db_connect($_POST['dbhost'], $_POST['dbuser'],
|
||||||
|
- $_POST['dbpasswd'], $_POST['dbname']);
|
||||||
|
+ pwg_db_connect($dbhost, $dbuser, $dbpasswd, $dbname);
|
||||||
|
pwg_db_check_version();
|
||||||
|
}
|
||||||
|
catch (Exception $e)
|
||||||
|
@@ -110,4 +109,101 @@ function install_db_connect(&$infos, &$errors)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
-?>
|
||||||
|
\ No newline at end of file
|
||||||
|
+/**
|
||||||
|
+ * Create and initialize database
|
||||||
|
+ *
|
||||||
|
+ * @param object languages - languages informations
|
||||||
|
+ * @param string language - default language
|
||||||
|
+ * @param string prefixeTable - prefix of database names
|
||||||
|
+ */
|
||||||
|
+function initialize_db($languages, $language, $prefixeTable, &$errors=[])
|
||||||
|
+{
|
||||||
|
+ include_once(PHPWG_ROOT_PATH.PWG_LOCAL_DIR .'config/database.inc.php');
|
||||||
|
+ $result = pwg_query("SHOW TABLES LIKE '${prefixeTable}activity';");
|
||||||
|
+ if(pwg_db_num_rows($result))
|
||||||
|
+ {
|
||||||
|
+ $errors[] = l10n('The database is already imported');
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+ // tables creation, based on piwigo_structure.sql
|
||||||
|
+ execute_sqlfile(
|
||||||
|
+ PHPWG_ROOT_PATH.'install/piwigo_structure-mysql.sql',
|
||||||
|
+ DEFAULT_PREFIX_TABLE,
|
||||||
|
+ $prefixeTable,
|
||||||
|
+ 'mysql'
|
||||||
|
+ );
|
||||||
|
+ // We fill the tables with basic informations
|
||||||
|
+ execute_sqlfile(
|
||||||
|
+ PHPWG_ROOT_PATH.'install/config.sql',
|
||||||
|
+ DEFAULT_PREFIX_TABLE,
|
||||||
|
+ $prefixeTable,
|
||||||
|
+ 'mysql'
|
||||||
|
+ );
|
||||||
|
+
|
||||||
|
+ $query = '
|
||||||
|
+INSERT INTO '.$prefixeTable.'config (param,value,comment)
|
||||||
|
+ VALUES (\'secret_key\',md5('.pwg_db_cast_to_text(DB_RANDOM_FUNCTION.'()').'),
|
||||||
|
+ \'a secret key specific to the gallery for internal use\');';
|
||||||
|
+ pwg_query($query);
|
||||||
|
+
|
||||||
|
+ conf_update_param('piwigo_db_version', get_branch_from_version(PHPWG_VERSION));
|
||||||
|
+ conf_update_param('gallery_title', pwg_db_real_escape_string(l10n('Just another Piwigo gallery')));
|
||||||
|
+
|
||||||
|
+ conf_update_param(
|
||||||
|
+ 'page_banner',
|
||||||
|
+ '<h1>%gallery_title%</h1>'."\n\n<p>".pwg_db_real_escape_string(l10n('Welcome to my photo gallery')).'</p>'
|
||||||
|
+ );
|
||||||
|
+
|
||||||
|
+ // fill languages table, only activate the current language
|
||||||
|
+ $languages->perform_action('activate', $language);
|
||||||
|
+
|
||||||
|
+ // fill $conf global array
|
||||||
|
+ load_conf_from_db();
|
||||||
|
+
|
||||||
|
+ // PWG_CHARSET is required for building the fs_themes array in the
|
||||||
|
+ // themes class
|
||||||
|
+ if (!defined('PWG_CHARSET'))
|
||||||
|
+ {
|
||||||
|
+ define('PWG_CHARSET', 'utf-8');
|
||||||
|
+ }
|
||||||
|
+ activate_core_themes();
|
||||||
|
+ activate_core_plugins();
|
||||||
|
+
|
||||||
|
+ $insert = array(
|
||||||
|
+ 'id' => 1,
|
||||||
|
+ 'galleries_url' => PHPWG_ROOT_PATH.'galleries/',
|
||||||
|
+ );
|
||||||
|
+ mass_inserts(SITES_TABLE, array_keys($insert), array($insert));
|
||||||
|
+
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/**
|
||||||
|
+ * Add first admin in database
|
||||||
|
+ *
|
||||||
|
+ * @param string admin_name - admin name
|
||||||
|
+ * @param string admin_pass1 - admin password
|
||||||
|
+ * @param string admin_main - admin email
|
||||||
|
+ * @param string admin_language - language of admin
|
||||||
|
+ */
|
||||||
|
+function add_admin($admin_name, $admin_pass1, $admin_mail, $language)
|
||||||
|
+{
|
||||||
|
+ // webmaster admin user
|
||||||
|
+ $inserts = array(
|
||||||
|
+ array(
|
||||||
|
+ 'id' => 1,
|
||||||
|
+ 'username' => $admin_name,
|
||||||
|
+ 'password' => md5($admin_pass1),
|
||||||
|
+ 'mail_address' => $admin_mail,
|
||||||
|
+ ),
|
||||||
|
+ array(
|
||||||
|
+ 'id' => 2,
|
||||||
|
+ 'username' => 'guest',
|
||||||
|
+ ),
|
||||||
|
+ );
|
||||||
|
+ mass_inserts(USERS_TABLE, array_keys($inserts[0]), $inserts);
|
||||||
|
+
|
||||||
|
+ create_user_infos(array(1,2), array('language' => $language));
|
||||||
|
+
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+?>
|
||||||
|
--- piwigo/admin/include/functions_upgrade.php
|
||||||
|
+++ piwigo/admin/include/functions_upgrade.php
|
||||||
|
@@ -319,4 +319,30 @@ function upgrade_db_connect()
|
||||||
|
my_error(l10n($e->getMessage()), true);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+/**
|
||||||
|
+ * Mark all upgrades as done.
|
||||||
|
+ * Available upgrades must be ignored after a fresh installation. To
|
||||||
|
+ * make PWG avoid upgrading, we must tell it upgrades have already been
|
||||||
|
+ * made.
|
||||||
|
+ */
|
||||||
|
+function mark_all_upgrades_as_done() {
|
||||||
|
+ list($dbnow) = pwg_db_fetch_row(pwg_query('SELECT NOW();'));
|
||||||
|
+ define('CURRENT_DATE', $dbnow);
|
||||||
|
+ $datas = array();
|
||||||
|
+ foreach (get_available_upgrade_ids() as $upgrade_id)
|
||||||
|
+ {
|
||||||
|
+ $datas[] = array(
|
||||||
|
+ 'id' => $upgrade_id,
|
||||||
|
+ 'applied' => CURRENT_DATE,
|
||||||
|
+ 'description' => 'upgrade included in installation',
|
||||||
|
+ );
|
||||||
|
+ }
|
||||||
|
+ mass_inserts(
|
||||||
|
+ UPGRADE_TABLE,
|
||||||
|
+ array_keys($datas[0]),
|
||||||
|
+ $datas
|
||||||
|
+ );
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
?>
|
||||||
|
--- piwigo/install.php
|
||||||
|
+++ piwigo/install.php
|
||||||
|
@@ -166,6 +166,7 @@ if (@file_exists($config_file))
|
||||||
|
|
||||||
|
include(PHPWG_ROOT_PATH . 'include/constants.php');
|
||||||
|
include(PHPWG_ROOT_PATH . 'admin/include/functions.php');
|
||||||
|
+include(PHPWG_ROOT_PATH . 'admin/include/functions_upgrade.php');
|
||||||
|
|
||||||
|
include(PHPWG_ROOT_PATH . 'admin/include/languages.class.php');
|
||||||
|
$languages = new languages('utf-8');
|
||||||
|
@@ -253,11 +254,10 @@ if (!isset($step))
|
||||||
|
//---------------------------------------------------------------- form analyze
|
||||||
|
include(PHPWG_ROOT_PATH .'include/dblayer/functions_'.$dblayer.'.inc.php');
|
||||||
|
include(PHPWG_ROOT_PATH . 'admin/include/functions_install.inc.php');
|
||||||
|
-include(PHPWG_ROOT_PATH . 'admin/include/functions_upgrade.php');
|
||||||
|
|
||||||
|
if (isset($_POST['install']))
|
||||||
|
{
|
||||||
|
- install_db_connect($infos, $errors);
|
||||||
|
+ install_db_connect($dbhost, $dbuser, $dbpasswd, $dbname, $errors);
|
||||||
|
pwg_db_check_charset();
|
||||||
|
|
||||||
|
$webmaster = trim(preg_replace('/\s{2,}/', ' ', $admin_name));
|
||||||
|
@@ -328,93 +328,9 @@ define(\'DB_COLLATE\', \'\');
|
||||||
|
@fputs($fp, $file_content, strlen($file_content));
|
||||||
|
@fclose($fp);
|
||||||
|
|
||||||
|
- // tables creation, based on piwigo_structure.sql
|
||||||
|
- execute_sqlfile(
|
||||||
|
- PHPWG_ROOT_PATH.'install/piwigo_structure-mysql.sql',
|
||||||
|
- DEFAULT_PREFIX_TABLE,
|
||||||
|
- $prefixeTable,
|
||||||
|
- 'mysql'
|
||||||
|
- );
|
||||||
|
- // We fill the tables with basic informations
|
||||||
|
- execute_sqlfile(
|
||||||
|
- PHPWG_ROOT_PATH.'install/config.sql',
|
||||||
|
- DEFAULT_PREFIX_TABLE,
|
||||||
|
- $prefixeTable,
|
||||||
|
- 'mysql'
|
||||||
|
- );
|
||||||
|
-
|
||||||
|
- $query = '
|
||||||
|
-INSERT INTO '.$prefixeTable.'config (param,value,comment)
|
||||||
|
- VALUES (\'secret_key\',md5('.pwg_db_cast_to_text(DB_RANDOM_FUNCTION.'()').'),
|
||||||
|
- \'a secret key specific to the gallery for internal use\');';
|
||||||
|
- pwg_query($query);
|
||||||
|
-
|
||||||
|
- conf_update_param('piwigo_db_version', get_branch_from_version(PHPWG_VERSION));
|
||||||
|
- conf_update_param('gallery_title', pwg_db_real_escape_string(l10n('Just another Piwigo gallery')));
|
||||||
|
-
|
||||||
|
- conf_update_param(
|
||||||
|
- 'page_banner',
|
||||||
|
- '<h1>%gallery_title%</h1>'."\n\n<p>".pwg_db_real_escape_string(l10n('Welcome to my photo gallery')).'</p>'
|
||||||
|
- );
|
||||||
|
-
|
||||||
|
- // fill languages table, only activate the current language
|
||||||
|
- $languages->perform_action('activate', $language);
|
||||||
|
-
|
||||||
|
- // fill $conf global array
|
||||||
|
- load_conf_from_db();
|
||||||
|
-
|
||||||
|
- // PWG_CHARSET is required for building the fs_themes array in the
|
||||||
|
- // themes class
|
||||||
|
- if (!defined('PWG_CHARSET'))
|
||||||
|
- {
|
||||||
|
- define('PWG_CHARSET', 'utf-8');
|
||||||
|
- }
|
||||||
|
- activate_core_themes();
|
||||||
|
- activate_core_plugins();
|
||||||
|
-
|
||||||
|
- $insert = array(
|
||||||
|
- 'id' => 1,
|
||||||
|
- 'galleries_url' => PHPWG_ROOT_PATH.'galleries/',
|
||||||
|
- );
|
||||||
|
- mass_inserts(SITES_TABLE, array_keys($insert), array($insert));
|
||||||
|
-
|
||||||
|
- // webmaster admin user
|
||||||
|
- $inserts = array(
|
||||||
|
- array(
|
||||||
|
- 'id' => 1,
|
||||||
|
- 'username' => $admin_name,
|
||||||
|
- 'password' => md5($admin_pass1),
|
||||||
|
- 'mail_address' => $admin_mail,
|
||||||
|
- ),
|
||||||
|
- array(
|
||||||
|
- 'id' => 2,
|
||||||
|
- 'username' => 'guest',
|
||||||
|
- ),
|
||||||
|
- );
|
||||||
|
- mass_inserts(USERS_TABLE, array_keys($inserts[0]), $inserts);
|
||||||
|
-
|
||||||
|
- create_user_infos(array(1,2), array('language' => $language));
|
||||||
|
-
|
||||||
|
- // Available upgrades must be ignored after a fresh installation. To
|
||||||
|
- // make PWG avoid upgrading, we must tell it upgrades have already been
|
||||||
|
- // made.
|
||||||
|
- list($dbnow) = pwg_db_fetch_row(pwg_query('SELECT NOW();'));
|
||||||
|
- define('CURRENT_DATE', $dbnow);
|
||||||
|
- $datas = array();
|
||||||
|
- foreach (get_available_upgrade_ids() as $upgrade_id)
|
||||||
|
- {
|
||||||
|
- $datas[] = array(
|
||||||
|
- 'id' => $upgrade_id,
|
||||||
|
- 'applied' => CURRENT_DATE,
|
||||||
|
- 'description' => 'upgrade included in installation',
|
||||||
|
- );
|
||||||
|
- }
|
||||||
|
- mass_inserts(
|
||||||
|
- UPGRADE_TABLE,
|
||||||
|
- array_keys($datas[0]),
|
||||||
|
- $datas
|
||||||
|
- );
|
||||||
|
-
|
||||||
|
+ initialize_db($languages, $language, $prefixeTable);
|
||||||
|
+ add_admin($admin_name, $admin_pass1, $admin_mail, $language);
|
||||||
|
+ mark_all_upgrades_as_done();
|
||||||
|
if ($is_newsletter_subscribe)
|
||||||
|
{
|
||||||
|
fetchRemote(
|
|
@ -1,3 +1,5 @@
|
||||||
|
set -e
|
||||||
|
ORIPWD=$PWD
|
||||||
mkdir -p "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/local/share"
|
mkdir -p "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/local/share"
|
||||||
cd "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/local/share"
|
cd "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/local/share"
|
||||||
app=$(wget https://api.github.com/repos/Piwigo/Piwigo/releases/latest -q -O - | jq -r '.tag_name')
|
app=$(wget https://api.github.com/repos/Piwigo/Piwigo/releases/latest -q -O - | jq -r '.tag_name')
|
||||||
|
@ -6,4 +8,65 @@ tar xf *tar.gz
|
||||||
rm -f *tar.gz
|
rm -f *tar.gz
|
||||||
mv Piwigo-* piwigo
|
mv Piwigo-* piwigo
|
||||||
chown -R root: piwigo
|
chown -R root: piwigo
|
||||||
cd -
|
rm -rf piwigo/doc piwigo/README.md # piwigo/install.php
|
||||||
|
ln -s /etc/piwigo/config.inc.php piwigo/local/config/config.inc.php
|
||||||
|
ln -s /etc/piwigo/database.inc.php piwigo/local/config/database.inc.php
|
||||||
|
ln -s /srv/piwigo/data piwigo/_data
|
||||||
|
ln -s /srv/piwigo/upload piwigo/upload
|
||||||
|
ln -s /srv/piwigo/logs piwigo/logs
|
||||||
|
cp $OLDPWD/piwigo/postinstall/osmmap.php piwigo/
|
||||||
|
chmod 644 piwigo/osmmap.php
|
||||||
|
patch -p0 < $OLDPWD/piwigo/postinstall/piwigo.patch
|
||||||
|
cp $OLDPWD/piwigo/postinstall/piwigo_cli.php piwigo/
|
||||||
|
# Plugins
|
||||||
|
cd piwigo/plugins
|
||||||
|
wget https://piwigo.org/ext/download.php?rid=7848 -O plugin.zip
|
||||||
|
unzip plugin.zip
|
||||||
|
rm -f plugin.zip
|
||||||
|
#
|
||||||
|
wget https://piwigo.org/ext/download.php?rid=8014 -O plugin.zip
|
||||||
|
unzip plugin.zip
|
||||||
|
rm -f plugin.zip
|
||||||
|
#
|
||||||
|
app=$(wget https://api.github.com/repos/Piwigo/piwigo-openstreetmap/releases/latest -q -O - | jq -r '.tag_name')
|
||||||
|
wget -q "https://github.com/Piwigo/piwigo-openstreetmap/archive/refs/tags/$app.tar.gz"
|
||||||
|
tar xf *tar.gz
|
||||||
|
rm -f *tar.gz
|
||||||
|
mv piwigo-openstreetmap-* piwigo-openstreetmap
|
||||||
|
#
|
||||||
|
wget https://piwigo.org/ext/download.php?rid=7744 -O plugin.zip
|
||||||
|
unzip plugin.zip
|
||||||
|
rm -f plugin.zip
|
||||||
|
# community
|
||||||
|
wget https://piwigo.org/ext/download.php?rid=8160 -O plugin.zip
|
||||||
|
unzip plugin.zip
|
||||||
|
rm -f plugin.zip
|
||||||
|
echo """<?php
|
||||||
|
$lang['Edit photos'] = 'Editer les photos';
|
||||||
|
$lang['Edit Photos'] = 'Editer les photos';
|
||||||
|
$lang['Edit your photos'] = 'Editer vos photos';
|
||||||
|
$lang['Photos posted by %s'] = 'Photos postées par %s';
|
||||||
|
$lang['Photos posted by %s in album %s'] = 'Photos postées par %s dans l\'album %s';
|
||||||
|
$lang['Select at least one tag'] = 'Sélectionner au moins un tag';
|
||||||
|
$lang['Select at least one photo'] = 'Sélectionner au moins une photo';
|
||||||
|
$lang['No photo can be deleted'] = 'Aucune photo ne peut être supprimée';
|
||||||
|
$lang['You need to confirm deletion'] = 'Vous devez confirmer la suppression';
|
||||||
|
$lang['No photo selected, no action possible.'] = 'Aucune photo sélectionnée, aucune action possible.';
|
||||||
|
?>
|
||||||
|
""" >> community/language/fr_FR/plugin.lang.php
|
||||||
|
# embedded
|
||||||
|
wget https://fr.piwigo.org/ext/download.php?rid=7924 -O plugin.zip
|
||||||
|
unzip plugin.zip
|
||||||
|
rm -f plugin.zip
|
||||||
|
# user delete photo
|
||||||
|
#wget https://fr.piwigo.org/ext/download.php?rid=7974 -O plugin.zip
|
||||||
|
#unzip plugin.zip
|
||||||
|
#rm -f plugin.zip
|
||||||
|
# Theme
|
||||||
|
cd ../themes/
|
||||||
|
wget https://piwigo.org/ext/download.php?rid=8163 -O plugin.zip
|
||||||
|
unzip plugin.zip
|
||||||
|
rm -f plugin.zip
|
||||||
|
ln -s /srv/piwigo/bootstrap_darkroom ../local/bootstrap_darkroom
|
||||||
|
#
|
||||||
|
cd $ORIPWD
|
||||||
|
|
|
@ -0,0 +1,288 @@
|
||||||
|
#!/usr/bin/php
|
||||||
|
<?php
|
||||||
|
|
||||||
|
define('PHPWG_ROOT_PATH', dirname($argv[0]) . '/');
|
||||||
|
include(PHPWG_ROOT_PATH . 'include/config_default.inc.php');
|
||||||
|
@include(PHPWG_ROOT_PATH. 'local/config/config.inc.php');
|
||||||
|
defined('PWG_LOCAL_DIR') or define('PWG_LOCAL_DIR', 'local/');
|
||||||
|
define('DEFAULT_PREFIX_TABLE', 'piwigo_');
|
||||||
|
include(PHPWG_ROOT_PATH.PWG_LOCAL_DIR .'config/database.inc.php');
|
||||||
|
include(PHPWG_ROOT_PATH . 'include/dblayer/functions_'.$conf['dblayer'].'.inc.php');
|
||||||
|
include(PHPWG_ROOT_PATH . 'include/functions.inc.php');
|
||||||
|
include(PHPWG_ROOT_PATH . 'admin/include/functions_install.inc.php');
|
||||||
|
include(PHPWG_ROOT_PATH . 'admin/include/functions_upgrade.php');
|
||||||
|
include(PHPWG_ROOT_PATH . 'include/constants.php');
|
||||||
|
include(PHPWG_ROOT_PATH . 'include/ws_functions/pwg.extensions.php');
|
||||||
|
include(PHPWG_ROOT_PATH . 'include/template.class.php');
|
||||||
|
$filename = PHPWG_ROOT_PATH . 'plugins/OpenIdConnect/main.inc.php';
|
||||||
|
|
||||||
|
if (is_file($filename))
|
||||||
|
{
|
||||||
|
include($filename);
|
||||||
|
$OIDC_INSTALLED = true;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$OIDC_INSTALLED = false;
|
||||||
|
};
|
||||||
|
|
||||||
|
// all namespaces with options
|
||||||
|
$namespaces_data = array('db:install' => array('language:'),
|
||||||
|
'user:create' => array('login:', 'mail_address:'),
|
||||||
|
'user:admin:create' => array('login:', 'admin_pass:', 'mail_address:', 'language:'),
|
||||||
|
'config:show' => array(),
|
||||||
|
'config:modify' => array('conf_name:', 'value:', 'type:'),
|
||||||
|
'config:show:array' => array('conf_name:'),
|
||||||
|
'config:modify:array' => array('conf_name:', 'key:', 'value:', 'type:'),
|
||||||
|
'config:show:json' => array('conf_name:'),
|
||||||
|
'config:modify:json' => array('conf_name:', 'key:', 'value:', 'type:'),
|
||||||
|
'plugin:activate' => array('plugin_name:'),
|
||||||
|
'plugin:deactivate' => array('plugin_name:'),
|
||||||
|
'theme:activate' => array('theme_name:'),
|
||||||
|
);
|
||||||
|
if ($OIDC_INSTALLED) {
|
||||||
|
$namespaces_data['user:create'][] = 'oidc';
|
||||||
|
}
|
||||||
|
if (is_file(PHPWG_ROOT_PATH . 'plugins/community/admin.php')) {
|
||||||
|
$namespaces_data['community:permission:add'] = array('type:', 'user_album', 'recursive', 'create_subcategories', 'moderated');
|
||||||
|
}
|
||||||
|
|
||||||
|
// command line must starts with -c namespace
|
||||||
|
$namespaces = array_keys($namespaces_data);
|
||||||
|
if ($argc < 3 || $argv[1] != '-c' || !in_array($argv[2], $namespaces)) {
|
||||||
|
$namespaces_str = implode('|', $namespaces);
|
||||||
|
exit("Usage: $argv[0]: -c [$namespaces_str]" . PHP_EOL);
|
||||||
|
}
|
||||||
|
|
||||||
|
// load extra parameter for this namespace
|
||||||
|
$namespace = $argv[2];
|
||||||
|
$rest_index = 0;
|
||||||
|
$options = getopt('c:', $namespaces_data[$namespace], $rest_index);
|
||||||
|
|
||||||
|
$error = false;
|
||||||
|
$namespace_options = '';
|
||||||
|
foreach ($namespaces_data[$namespace] as $parameter) {
|
||||||
|
if(str_ends_with($parameter, ':')) {
|
||||||
|
$parameter = substr($parameter, 0, -1);
|
||||||
|
$namespace_options .= " --$parameter <$parameter>";
|
||||||
|
if (!isset($options[$parameter])) {
|
||||||
|
$error = true;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
$namespace_options .= " --$parameter";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if ($rest_index != count($argv)) {
|
||||||
|
exit("Error in arguments.". PHP_EOL . "Usage: $argv[0]: -c $namespace$namespace_options" . PHP_EOL);
|
||||||
|
}
|
||||||
|
if ($error) {
|
||||||
|
exit("Some arguments are missing.". PHP_EOL . "Usage: $argv[0]: -c $namespace$namespace_options" . PHP_EOL);
|
||||||
|
}
|
||||||
|
|
||||||
|
function get_all_languages()
|
||||||
|
{
|
||||||
|
include(PHPWG_ROOT_PATH . 'admin/include/languages.class.php');
|
||||||
|
return new languages('utf-8');
|
||||||
|
}
|
||||||
|
|
||||||
|
function validate_language($language, $languages) {
|
||||||
|
$languages_available = array_keys($languages->fs_languages);
|
||||||
|
if (!in_array($language, $languages_available))
|
||||||
|
{
|
||||||
|
exit("Invalid language $language (not in " . implode(', ', $languages_available) . ") ". PHP_EOL . "Usage: $argv[0]: -c $namespace$namespace_options" . PHP_EOL);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
function cast_value($type, $value)
|
||||||
|
{
|
||||||
|
if ($type === 'boolean')
|
||||||
|
{
|
||||||
|
$value = get_boolean($value);
|
||||||
|
}
|
||||||
|
else if ($type === 'integer')
|
||||||
|
{
|
||||||
|
$value = intval($value);
|
||||||
|
}
|
||||||
|
return $value;
|
||||||
|
}
|
||||||
|
|
||||||
|
function custom_array_modify($ori_config, $options)
|
||||||
|
{
|
||||||
|
$value = cast_value($options['type'], $options['value']);
|
||||||
|
$keys = array_reverse(explode('.', $options['key']));
|
||||||
|
$update = Array($keys[0] => $value);
|
||||||
|
for ($i=0; $i<count($keys)-1; $i++)
|
||||||
|
{
|
||||||
|
$update = Array($keys[$i+1] => $update);
|
||||||
|
}
|
||||||
|
return array_replace_recursive($ori_config, $update);
|
||||||
|
}
|
||||||
|
|
||||||
|
$errors = array();
|
||||||
|
install_db_connect($conf['db_host'], $conf['db_user'], $conf['db_password'], $conf['db_base'], $errors);
|
||||||
|
if ( count( $errors ) !== 0 )
|
||||||
|
{
|
||||||
|
for ($i=0; $i<count($errors); $i++)
|
||||||
|
{
|
||||||
|
print($errors[$i] . PHP_EOL);
|
||||||
|
}
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
if ($namespace == 'db:install') {
|
||||||
|
global $user;
|
||||||
|
$user = Array('status' => 'webmaster');
|
||||||
|
$language = $options['language'];
|
||||||
|
$languages = get_all_languages();
|
||||||
|
validate_language($language, $languages);
|
||||||
|
$errors = [];
|
||||||
|
initialize_db($languages, $language, $prefixeTable, $errors);
|
||||||
|
if ($errors) {
|
||||||
|
for ($i=0; $i<count($errors); $i++)
|
||||||
|
{
|
||||||
|
print($errors[$i] . PHP_EOL);
|
||||||
|
}
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
// mark_all_upgrades_as_done();
|
||||||
|
}
|
||||||
|
else if ($namespace == 'user:create')
|
||||||
|
{
|
||||||
|
$password = random_pass();
|
||||||
|
global $user;
|
||||||
|
$user = Array('id' => 0);
|
||||||
|
$_SERVER['REMOTE_ADDR'] = '127.0.0.1';
|
||||||
|
session_start();
|
||||||
|
$id = register_user($options['login'], $password, $options['mail_address'], false);
|
||||||
|
if(array_key_exists('oidc', $options) && !$options['oidc'])
|
||||||
|
{
|
||||||
|
single_insert(OIDC_TABLE, [
|
||||||
|
'sub' => $options['mail_address'],
|
||||||
|
'user_id' => $id,
|
||||||
|
]);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else if ($namespace == 'user:admin:create')
|
||||||
|
{
|
||||||
|
$language = $options['language'];
|
||||||
|
$languages = get_all_languages();
|
||||||
|
validate_language($language, $languages);
|
||||||
|
add_admin($options['login'], $options['admin_pass'], $options['mail_address'], $options['language']);
|
||||||
|
}
|
||||||
|
else if ($namespace == 'config:show')
|
||||||
|
{
|
||||||
|
load_conf_from_db();
|
||||||
|
$config = safe_unserialize($conf);
|
||||||
|
var_dump($config);
|
||||||
|
}
|
||||||
|
else if ($namespace == 'config:modify')
|
||||||
|
{
|
||||||
|
$value = cast_value($options['type'], $options['value']);
|
||||||
|
load_conf_from_db();
|
||||||
|
conf_update_param($options['conf_name'], $value);
|
||||||
|
}
|
||||||
|
else if ($namespace == 'plugin:activate')
|
||||||
|
{
|
||||||
|
global $user, $template;
|
||||||
|
$user = Array('status' => 'webmaster', 'id' => 0);
|
||||||
|
$_SERVER['REMOTE_ADDR'] = '127.0.0.1';
|
||||||
|
session_start();
|
||||||
|
$template = new Template(PHPWG_ROOT_PATH.'admin/themes', 'clear');
|
||||||
|
$conf['secret_key'] = 'secret';
|
||||||
|
$params = array(
|
||||||
|
'action' => 'activate',
|
||||||
|
'plugin' => $options['plugin_name'],
|
||||||
|
'pwg_token' => get_pwg_token(),
|
||||||
|
);
|
||||||
|
$errors = ws_plugins_performAction($params, null);
|
||||||
|
if (! $errors) {
|
||||||
|
var_dump($errors);
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else if ($namespace == 'plugin:deactivate')
|
||||||
|
{
|
||||||
|
global $user, $template;
|
||||||
|
$user = Array('status' => 'webmaster');
|
||||||
|
$template = new Template(PHPWG_ROOT_PATH.'admin/themes', 'clear');
|
||||||
|
$conf['secret_key'] = 'secret';
|
||||||
|
$params = array(
|
||||||
|
'action' => 'deactivate',
|
||||||
|
'plugin' => $options['plugin_name'],
|
||||||
|
'pwg_token' => get_pwg_token(),
|
||||||
|
);
|
||||||
|
$errors = ws_plugins_performAction($params, null);
|
||||||
|
if (! $errors) {
|
||||||
|
var_dump($errors);
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else if ($namespace == 'config:show:array')
|
||||||
|
{
|
||||||
|
load_conf_from_db();
|
||||||
|
$config = safe_unserialize($conf[$options['conf_name']]);
|
||||||
|
var_dump($config);
|
||||||
|
}
|
||||||
|
else if ($namespace == 'config:modify:array')
|
||||||
|
{
|
||||||
|
load_conf_from_db();
|
||||||
|
$ori_config = safe_unserialize($conf[$options['conf_name']]);
|
||||||
|
$new_config = serialize(custom_array_modify($ori_config, $options));
|
||||||
|
conf_update_param($options['conf_name'], $new_config);
|
||||||
|
}
|
||||||
|
else if ($namespace == 'config:show:json')
|
||||||
|
{
|
||||||
|
load_conf_from_db();
|
||||||
|
$config = json_decode($conf[$options['conf_name']], true);
|
||||||
|
var_dump($config);
|
||||||
|
}
|
||||||
|
else if ($namespace == 'config:modify:json')
|
||||||
|
{
|
||||||
|
load_conf_from_db();
|
||||||
|
if(array_key_exists($options['conf_name'], $conf))
|
||||||
|
{
|
||||||
|
$ori_config = json_decode($conf[$options['conf_name']], true);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$ori_config = Array();
|
||||||
|
}
|
||||||
|
$new_config = json_encode(custom_array_modify($ori_config, $options));
|
||||||
|
conf_update_param($options['conf_name'], $new_config);
|
||||||
|
}
|
||||||
|
else if ($namespace == 'theme:activate')
|
||||||
|
{
|
||||||
|
global $page, $template;
|
||||||
|
$template = new Template(PHPWG_ROOT_PATH.'admin/themes', 'clear');
|
||||||
|
$conf['mobile_theme'] = '';
|
||||||
|
$page = Array('page' => $options['theme_name']);
|
||||||
|
include(PHPWG_ROOT_PATH.'admin/themes_installed.php');
|
||||||
|
$themes = new themes();
|
||||||
|
$errors = $themes->perform_action('activate', $options['theme_name']);
|
||||||
|
if (!empty($errors)) {
|
||||||
|
var_dump($errors);
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else if ($namespace == 'community:permission:add')
|
||||||
|
{
|
||||||
|
include(PHPWG_ROOT_PATH . 'plugins/community/main.inc.php');
|
||||||
|
$insert = array(
|
||||||
|
'type' => $options['type'],
|
||||||
|
'group_id' => null,
|
||||||
|
'user_id' => null,
|
||||||
|
'category_id' => null,
|
||||||
|
'user_album' => array_key_exists('user_album', $options) ? 'true' : 'false',
|
||||||
|
'`recursive`' => array_key_exists('recursive', $options) ? 'true' : 'false',
|
||||||
|
'create_subcategories' => array_key_exists('create_subcategories', $options) ? 'true' : 'false',
|
||||||
|
'moderated' => array_key_exists('moderated', $options) ? 'true' : 'false',
|
||||||
|
'nb_photos' => -1,
|
||||||
|
'storage' => -1,
|
||||||
|
);
|
||||||
|
mass_inserts(
|
||||||
|
COMMUNITY_PERMISSIONS_TABLE,
|
||||||
|
array_keys($insert),
|
||||||
|
array($insert)
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
?>
|
|
@ -0,0 +1 @@
|
||||||
|
PKG="$PKG php-mysqlnd php-mbstring ImageMagick php-cli php-gd perl-Image-ExifTool"
|
|
@ -0,0 +1,50 @@
|
||||||
|
<?php
|
||||||
|
if(!isset($_SERVER) && isset($_ENV) && isset($_ENV['REQUEST_URI']))
|
||||||
|
{
|
||||||
|
$_SERVER = Array('REQUEST_URI' => $_ENV['REQUEST_URI']);
|
||||||
|
}
|
||||||
|
|
||||||
|
%for %%idx, %%user in %%enumerate(%%piwigo_users)
|
||||||
|
%if %%idx != 0
|
||||||
|
}
|
||||||
|
else %slurp
|
||||||
|
%end if
|
||||||
|
if(str_starts_with($_SERVER['REQUEST_URI'], '/%%user/')) {
|
||||||
|
$prefixe = '%%{user}';
|
||||||
|
%end for
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$conf['OIDC'] = Array('issuer_url' => 'https://%%oauth2_client_server_domainname/',
|
||||||
|
'client_id' => '%%oauth2_client_id',
|
||||||
|
'client_secret' => '%%oauth2_client_secret',
|
||||||
|
'scope' => 'openid profile email',
|
||||||
|
);
|
||||||
|
require_once(PHPWG_ROOT_PATH . 'plugins/OpenIdConnect/oidc.php');
|
||||||
|
require_once(PHPWG_ROOT_PATH . 'include/functions.inc.php');
|
||||||
|
$oidc = get_oidc_client();
|
||||||
|
try {
|
||||||
|
$success = $oidc->authenticate();
|
||||||
|
} catch (Exception $e) {
|
||||||
|
}
|
||||||
|
if (isset($_REQUEST['code'])) {
|
||||||
|
$token_json = $oidc->getTokenResponse();
|
||||||
|
$oidc->setAccessToken($token_json->access_token);
|
||||||
|
$name = $oidc->requestUserInfo('nickname');
|
||||||
|
if(isset($name)) {
|
||||||
|
redirect('/' . $name . '/plugins/OpenIdConnect/auth.php');
|
||||||
|
};
|
||||||
|
print('unknown album');
|
||||||
|
die();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
$conf['data_location'] = "_data/$prefixe/";
|
||||||
|
$conf['log_dir'] = "logs/$prefixe";
|
||||||
|
$conf['upload_dir'] = "./upload/$prefixe";
|
||||||
|
$conf['graphics_library'] = 'ext_imagick';
|
||||||
|
$conf['osm_add_osmmap.php'] = false;
|
||||||
|
$conf['show_exif'] = false;
|
||||||
|
$conf['derivative_default_size'] = 'large';
|
||||||
|
#FOR GPX
|
||||||
|
$conf['upload_form_all_types'] = true;
|
||||||
|
?>
|
|
@ -0,0 +1,32 @@
|
||||||
|
<?php
|
||||||
|
$conf['dblayer'] = 'mysqli';
|
||||||
|
$conf['db_base'] = '%%mariadb_client_database';
|
||||||
|
$conf['db_user'] = '%%mariadb_client_username';
|
||||||
|
$conf['db_password'] = '%%mariadb_client_password';
|
||||||
|
$conf['db_host'] = '%%mariadb_client_server_domainname';
|
||||||
|
|
||||||
|
if(!isset($_SERVER) && isset($_ENV) && isset($_ENV['REQUEST_URI']))
|
||||||
|
{
|
||||||
|
$_SERVER = Array('REQUEST_URI' => $_ENV['REQUEST_URI']);
|
||||||
|
}
|
||||||
|
|
||||||
|
%for %%idx, %%user in %%enumerate(%%piwigo_users)
|
||||||
|
%if %%idx != 0
|
||||||
|
}
|
||||||
|
else %slurp
|
||||||
|
%end if
|
||||||
|
if(str_starts_with($_SERVER['REQUEST_URI'], '/%%user/')) {
|
||||||
|
$prefixeTable = 'piwigo_%%{user}_';
|
||||||
|
%end for
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
die('unknown album');
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
define('PHPWG_INSTALLED', true);
|
||||||
|
define('PWG_CHARSET', 'utf-8');
|
||||||
|
define('DB_CHARSET', 'utf8');
|
||||||
|
define('DB_COLLATE', '');
|
||||||
|
?>
|
|
@ -0,0 +1,2 @@
|
||||||
|
[www]
|
||||||
|
php_admin_value[error_reporting] = E_ALL & ~E_WARNING & ~E_DEPRECATED & ~E_STRICT
|
|
@ -0,0 +1,14 @@
|
||||||
|
[Unit]
|
||||||
|
Description=Piwigo management
|
||||||
|
After=mariadbclient.service
|
||||||
|
Before=nginx.service php-fpm.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=oneshot
|
||||||
|
ExecStart=/usr/local/lib/bin/piwigo.sh
|
||||||
|
|
||||||
|
User=nginx
|
||||||
|
Group=nginx
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
|
@ -0,0 +1,85 @@
|
||||||
|
%echo "#!/bin/bash"
|
||||||
|
|
||||||
|
set -x
|
||||||
|
|
||||||
|
cd /usr/local/share/piwigo
|
||||||
|
%for %%user in %%piwigo_users
|
||||||
|
export REQUEST_URI="/%%user/"
|
||||||
|
/usr/bin/php piwigo_cli.php -c db:install --language fr_FR
|
||||||
|
IMPORTED=$?
|
||||||
|
if [ "$IMPORTED" = "0" ]; then
|
||||||
|
/usr/bin/php piwigo_cli.php -c user:admin:create --login admin --admin_pass %%piwigo_admin_password --mail_address %%piwigo_admin_email --language fr_FR
|
||||||
|
fi
|
||||||
|
#
|
||||||
|
/usr/bin/php piwigo_cli.php -c config:modify:array --conf_name picture_informations --key author --value false --type boolean
|
||||||
|
/usr/bin/php piwigo_cli.php -c config:modify:array --conf_name picture_informations --key rating_score --value false --type boolean
|
||||||
|
/usr/bin/php piwigo_cli.php -c config:modify:array --conf_name picture_informations --key visits --value false --type boolean
|
||||||
|
/usr/bin/php piwigo_cli.php -c config:modify:array --conf_name picture_informations --key categories --value false --type boolean
|
||||||
|
/usr/bin/php piwigo_cli.php -c config:modify:array --conf_name picture_informations --key posted_on --value false --type boolean
|
||||||
|
/usr/bin/php piwigo_cli.php -c config:modify --conf_name gallery_title --value "%%piwigo_title" --type string
|
||||||
|
/usr/bin/php piwigo_cli.php -c config:modify --conf_name page_banner --value "%%piwigo_title" --type string
|
||||||
|
/usr/bin/php piwigo_cli.php -c config:modify --conf_name allow_user_registration --value false --type boolean
|
||||||
|
/usr/bin/php piwigo_cli.php -c config:modify --conf_name allow_user_customization --value false --type boolean
|
||||||
|
/usr/bin/php piwigo_cli.php -c config:modify --conf_name nb_categories_page --value 40 --type string
|
||||||
|
/usr/bin/php piwigo_cli.php -c config:modify --conf_name picture_metadata_icon --value false --type boolean
|
||||||
|
/usr/bin/php piwigo_cli.php -c config:modify --conf_name picture_favorite_icon --value false --type boolean
|
||||||
|
/usr/bin/php piwigo_cli.php -c config:modify --conf_name picture_sizes_icon --value false --type boolean
|
||||||
|
/usr/bin/php piwigo_cli.php -c config:modify --conf_name no_photo_yet --value false --type boolean
|
||||||
|
#
|
||||||
|
/usr/bin/php piwigo_cli.php -c plugin:activate --plugin_name piwigo-openstreetmap
|
||||||
|
/usr/bin/php piwigo_cli.php -c config:modify:array --conf_name osm_conf --key left_menu.enabled --value true --type boolean
|
||||||
|
/usr/bin/php piwigo_cli.php -c config:modify:array --conf_name osm_conf --key left_menu.link --value "Voir sur la carte" --type string
|
||||||
|
/usr/bin/php piwigo_cli.php -c config:modify:array --conf_name osm_conf --key right_panel.enabled --value false --type boolean
|
||||||
|
/usr/bin/php piwigo_cli.php -c config:modify:array --conf_name osm_conf --key category_description.enabled --value true --type boolean
|
||||||
|
/usr/bin/php piwigo_cli.php -c config:modify:array --conf_name osm_conf --key category_description.height --value 500 --type string
|
||||||
|
/usr/bin/php piwigo_cli.php -c config:modify:array --conf_name osm_conf --key category_description.width --value 300 --type string
|
||||||
|
/usr/bin/php piwigo_cli.php -c config:modify:array --conf_name osm_conf --key main_menu.enabled --value false --type boolean
|
||||||
|
#/usr/bin/php piwigo_cli.php -c config:modify:array --conf_name osm_conf --key left_menu.link --value Carte --type string
|
||||||
|
/usr/bin/php piwigo_cli.php -c config:modify:array --conf_name osm_conf --key batch.global_height --value 300 --type string
|
||||||
|
/usr/bin/php piwigo_cli.php -c config:modify:array --conf_name osm_conf --key batch.unit_height --value 300 --type string
|
||||||
|
#/usr/bin/php piwigo_cli.php -c config:modify:array --conf_name osm_conf --key main_menu.height --value 300 --type string
|
||||||
|
/usr/bin/php piwigo_cli.php -c config:modify:array --conf_name osm_conf --key map.attrplugin --value false --type boolean
|
||||||
|
/usr/bin/php piwigo_cli.php -c config:modify:array --conf_name osm_conf --key method --value resize --type string
|
||||||
|
/usr/bin/php piwigo_cli.php -c config:modify:array --conf_name osm_conf --key method --value resize --type string
|
||||||
|
#
|
||||||
|
/usr/bin/php piwigo_cli.php -c plugin:activate --plugin_name GDThumb
|
||||||
|
/usr/bin/php piwigo_cli.php -c config:modify:array --conf_name gdThumb --key margin --value 1 --type integer
|
||||||
|
/usr/bin/php piwigo_cli.php -c config:modify:array --conf_name gdThumb --key big_thumb --value false --type boolean
|
||||||
|
#/usr/bin/php piwigo_cli.php -c config:modify:array --conf_name gdThumb --key thumb_animate --value true --type boolean
|
||||||
|
/usr/bin/php piwigo_cli.php -c config:modify:array --conf_name gdThumb --key thumb_metamode --value hide --type string
|
||||||
|
#
|
||||||
|
/usr/bin/php piwigo_cli.php -c plugin:activate --plugin_name rv_tscroller
|
||||||
|
#
|
||||||
|
/usr/bin/php piwigo_cli.php -c plugin:activate --plugin_name gvideo
|
||||||
|
#
|
||||||
|
/usr/bin/php piwigo_cli.php -c plugin:activate --plugin_name OpenIdConnect
|
||||||
|
/usr/bin/php piwigo_cli.php -c config:modify:array --conf_name OIDC --key issuer_url --value https://%%oauth2_client_server_domainname/ --type string
|
||||||
|
/usr/bin/php piwigo_cli.php -c config:modify:array --conf_name OIDC --key client_id --value %%oauth2_client_id --type string
|
||||||
|
/usr/bin/php piwigo_cli.php -c config:modify:array --conf_name OIDC --key client_secret --value %%oauth2_client_secret --type string
|
||||||
|
/usr/bin/php piwigo_cli.php -c config:modify:array --conf_name OIDC --key verify_host --value true --type boolean
|
||||||
|
/usr/bin/php piwigo_cli.php -c config:modify:array --conf_name OIDC --key verify_peer --value true --type boolean
|
||||||
|
/usr/bin/php piwigo_cli.php -c config:modify:array --conf_name OIDC --key register_new_users --value false --type boolean
|
||||||
|
/usr/bin/php piwigo_cli.php -c config:modify:array --conf_name OIDC --key redirect_new_to_profile --value false --type boolean
|
||||||
|
/usr/bin/php piwigo_cli.php -c config:modify:array --conf_name OIDC --key notify_admins_on_register --value false --type boolean
|
||||||
|
/usr/bin/php piwigo_cli.php -c config:modify:array --conf_name OIDC --key notify_user_on_register --value false --type boolean
|
||||||
|
/usr/bin/php piwigo_cli.php -c config:modify:array --conf_name OIDC --key authorization_code_flow --value true --type boolean
|
||||||
|
/usr/bin/php piwigo_cli.php -c config:modify:array --conf_name OIDC --key password_flow --value false --type boolean
|
||||||
|
#
|
||||||
|
/usr/bin/php piwigo_cli.php -c plugin:activate --plugin_name community
|
||||||
|
if [ "$IMPORTED" = "0" ]; then
|
||||||
|
/usr/bin/php piwigo_cli.php -c community:permission:add --type any_registered_user --create_subcategories
|
||||||
|
fi
|
||||||
|
#
|
||||||
|
/usr/bin/php piwigo_cli.php -c plugin:activate --plugin_name gvideo
|
||||||
|
#
|
||||||
|
/usr/bin/php piwigo_cli.php -c theme:activate --theme_name bootstrap_darkroom
|
||||||
|
/usr/bin/php piwigo_cli.php -c config:modify:json --conf_name bootstrap_darkroom --key fluid_width --value true --type boolean
|
||||||
|
/usr/bin/php piwigo_cli.php -c config:modify:json --conf_name bootstrap_darkroom --key page_header --value none --type string
|
||||||
|
/usr/bin/php piwigo_cli.php -c config:modify:json --conf_name bootstrap_darkroom --key bootstrap_theme --value bootswatch-darkly --type string
|
||||||
|
/usr/bin/php piwigo_cli.php -c config:modify:json --conf_name bootstrap_darkroom --key navbar_main_bg --value bg-primary --type string
|
||||||
|
/usr/bin/php piwigo_cli.php -c config:modify:json --conf_name bootstrap_darkroom --key social_enabled --value false --type boolean
|
||||||
|
#
|
||||||
|
if [ "$IMPORTED" = "0" ]; then
|
||||||
|
/usr/bin/php piwigo_cli.php -c user:create --login %%user --mail_address %%user.piwigo_email --oidc
|
||||||
|
fi
|
||||||
|
%end for
|
|
@ -0,0 +1,6 @@
|
||||||
|
%for %%user in %%piwigo_users
|
||||||
|
d /srv/piwigo/logs/%%user 770 root nginx - -
|
||||||
|
d /srv/piwigo/upload/%%user 770 root nginx - -
|
||||||
|
d /srv/piwigo/data/%%user 770 root nginx - -
|
||||||
|
%end for
|
||||||
|
d /srv/piwigo/bootstrap_darkroom 770 root nginx - -
|
|
@ -1,5 +1,4 @@
|
||||||
%set %%chain = %%get_chain(%%rougail_variable, 'MailRelay')
|
%set %%chain = %%get_chain(authority_cn=%%rougail_variable, authority_name="MailRelay")
|
||||||
%set %%cert = %%get_certificate(%%rougail_variable, 'MailRelay')
|
%set %%cert = %%get_certificate(%%rougail_variable, 'MailRelay')
|
||||||
%%get_private_key(%%rougail_variable, 'MailRelay')
|
%%get_private_key(%%rougail_variable, 'MailRelay')
|
||||||
%%cert
|
%%cert
|
||||||
%%chain
|
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
<file mode="400">/secrets/postgresql.pass</file>
|
<file mode="400">/secrets/postgresql.pass</file>
|
||||||
<file>/etc/pki/ca-trust/source/anchors/ca_PostgreSQL.crt</file>
|
<file>/etc/pki/ca-trust/source/anchors/ca_PostgreSQL.crt</file>
|
||||||
<file>/etc/pki/tls/certs/postgresql.crt</file>
|
<file>/etc/pki/tls/certs/postgresql.crt</file>
|
||||||
<file owner_type="variable" owner="pg_client_key_owner" mode="440">/etc/pki/tls/private/postgresql.key</file>
|
<file owner_type="variable" owner="pg_client_key_owner" mode="400">/etc/pki/tls/private/postgresql.key</file>
|
||||||
</service>
|
</service>
|
||||||
</services>
|
</services>
|
||||||
<variables>
|
<variables>
|
||||||
|
@ -15,7 +15,7 @@
|
||||||
<variable name="pg_client_password" type="password" description="Client password" mandatory="True" hidden="True"/>
|
<variable name="pg_client_password" type="password" description="Client password" mandatory="True" hidden="True"/>
|
||||||
<variable name="pg_client_database" description="Client database" mandatory="True" hidden="True"/>
|
<variable name="pg_client_database" description="Client database" mandatory="True" hidden="True"/>
|
||||||
<variable name="pg_client_key_owner" type="unix_user" description="Key owner" mandatory="True">
|
<variable name="pg_client_key_owner" type="unix_user" description="Key owner" mandatory="True">
|
||||||
<value>root</value>
|
<value>apache</value>
|
||||||
</variable>
|
</variable>
|
||||||
</family>
|
</family>
|
||||||
</variables>
|
</variables>
|
||||||
|
|
|
@ -15,9 +15,13 @@
|
||||||
<variable name="container_config_path" type="filename" description="Nom du répertoire racine des configurations">
|
<variable name="container_config_path" type="filename" description="Nom du répertoire racine des configurations">
|
||||||
<value>/var/lib/risotto/configurations</value>
|
<value>/var/lib/risotto/configurations</value>
|
||||||
</variable>
|
</variable>
|
||||||
|
<variable name="container_journal_path" type="filename" description="Nom du répertoire racine des journaux">
|
||||||
|
<value>/var/lib/risotto/journals</value>
|
||||||
|
</variable>
|
||||||
<variable name="host" type="domainname" description="Machine où est démarrer le conteneur" mandatory="True"/>
|
<variable name="host" type="domainname" description="Machine où est démarrer le conteneur" mandatory="True"/>
|
||||||
<variable name="external_ports" type="port" description="Port exposé depuis l'extérieur" multi="True"/>
|
<variable name="external_ports" type="port" description="Port exposé depuis l'extérieur" multi="True"/>
|
||||||
<variable name="srv_dir" type="filename" hidden="True"/>
|
<variable name="srv_dir" type="filename" hidden="True"/>
|
||||||
|
<variable name="journal_dir" type="filename" hidden="True" mandatory="True"/>
|
||||||
<variable name="config_dir" type="filename" hidden="True" mandatory="True"/>
|
<variable name="config_dir" type="filename" hidden="True" mandatory="True"/>
|
||||||
<variable name="use_systemd_repart" redefine="True">
|
<variable name="use_systemd_repart" redefine="True">
|
||||||
<value>False</value>
|
<value>False</value>
|
||||||
|
@ -38,6 +42,13 @@
|
||||||
<param name="join"></param>
|
<param name="join"></param>
|
||||||
<target>srv_dir</target>
|
<target>srv_dir</target>
|
||||||
</fill>
|
</fill>
|
||||||
|
<fill name="calc_value">
|
||||||
|
<param type="variable">container_journal_path</param>
|
||||||
|
<param>/</param>
|
||||||
|
<param type="variable">domain_name_eth0</param>
|
||||||
|
<param name="join"></param>
|
||||||
|
<target>journal_dir</target>
|
||||||
|
</fill>
|
||||||
<fill name="calc_value">
|
<fill name="calc_value">
|
||||||
<param type="variable">container_config_path</param>
|
<param type="variable">container_config_path</param>
|
||||||
<param>/</param>
|
<param>/</param>
|
||||||
|
@ -62,6 +73,12 @@
|
||||||
<param name="dynamic" type="variable">domain_name_eth0</param>
|
<param name="dynamic" type="variable">domain_name_eth0</param>
|
||||||
<target>srv_dir</target>
|
<target>srv_dir</target>
|
||||||
</check>
|
</check>
|
||||||
|
<check name="set_linked_configuration">
|
||||||
|
<param name="linked_server" type="variable">host</param>
|
||||||
|
<param name="linked_provider">machine_journal</param>
|
||||||
|
<param name="dynamic" type="variable">domain_name_eth0</param>
|
||||||
|
<target>journal_dir</target>
|
||||||
|
</check>
|
||||||
<check name="set_linked_configuration">
|
<check name="set_linked_configuration">
|
||||||
<param name="linked_server" type="variable">host</param>
|
<param name="linked_server" type="variable">host</param>
|
||||||
<param name="linked_provider">machine_config</param>
|
<param name="linked_provider">machine_config</param>
|
||||||
|
|
|
@ -1,10 +1,21 @@
|
||||||
<?xml version='1.0' encoding='UTF-8'?>
|
<?xml version='1.0' encoding='UTF-8'?>
|
||||||
<rougail version="0.10">
|
<rougail version="0.10">
|
||||||
|
<services>
|
||||||
|
<service name="redisclient" manage="False">
|
||||||
|
<file>/etc/pki/ca-trust/source/anchors/ca_Redis.crt</file>
|
||||||
|
<file>/etc/pki/tls/certs/redis.crt</file>
|
||||||
|
<file owner_type="variable" owner="redis_client_key_owner" mode="400">/etc/pki/tls/private/redis.key</file>
|
||||||
|
<!--file owner_type="variable" owner="redis_client_key_owner" mode="400" source="redis.pem">/etc/pki/tls/redis.pem</file-->
|
||||||
|
</service>
|
||||||
|
</services>
|
||||||
<variables>
|
<variables>
|
||||||
<family name="redis" description="Redis">
|
<family name="redis" description="Redis">
|
||||||
<variable name="redis_client_server_domainname" type="domainname" description="Nom de domaine du serveur" mandatory="True"/>
|
<variable name="redis_client_server_domainname" type="domainname" description="Nom de domaine du serveur" mandatory="True"/>
|
||||||
<variable name="redis_client_username" description="Nom d'utilisateur" mandatory="True" hidden="True"/>
|
<variable name="redis_client_username" description="Nom d'utilisateur" mandatory="True" hidden="True"/>
|
||||||
<variable name="redis_client_password" type="password" description="Mot de passe de connexion" mandatory="True" hidden="True"/>
|
<variable name="redis_client_password" type="password" description="Mot de passe de connexion" mandatory="True" hidden="True"/>
|
||||||
|
<variable name="redis_client_key_owner" type="unix_user" description="Key owner" mandatory="True">
|
||||||
|
<value>apache</value>
|
||||||
|
</variable>
|
||||||
</family>
|
</family>
|
||||||
</variables>
|
</variables>
|
||||||
<constraints>
|
<constraints>
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
%%get_chain(authority_cn=%%redis_client_server_domainname, authority_name="Redis")
|
|
@ -0,0 +1 @@
|
||||||
|
%%get_certificate(cn=%%domain_name_eth0, authority_cn=%%redis_client_server_domainname, authority_name='Redis', type="client")
|
|
@ -0,0 +1 @@
|
||||||
|
%%get_private_key(cn=%%domain_name_eth0, authority_cn=%%redis_client_server_domainname, authority_name='Redis', type="client")
|
|
@ -0,0 +1,5 @@
|
||||||
|
%set %%ca_chain = %%get_chain(authority_cn=%%redis_client_server_domainname, authority_name="Redis")
|
||||||
|
%set %%cert = %%get_certificate(cn=%%domain_name_eth0, authority_cn=%%redis_client_server_domainname, authority_name='Redis', type="client")
|
||||||
|
%%get_private_key(cn=%%domain_name_eth0, authority_cn=%%redis_client_server_domainname, authority_name='Redis', type="client")
|
||||||
|
%%cert
|
||||||
|
%%ca_chain
|
|
@ -6,6 +6,9 @@
|
||||||
<ip ip_type='variable'>account.remote_ip</ip>
|
<ip ip_type='variable'>account.remote_ip</ip>
|
||||||
<file engine="none" source="sysuser-redis.conf">/sysusers.d/0redis.conf</file>
|
<file engine="none" source="sysuser-redis.conf">/sysusers.d/0redis.conf</file>
|
||||||
<file engine="none" source="tmpfile-redis.conf">/tmpfiles.d/0redis.conf</file>
|
<file engine="none" source="tmpfile-redis.conf">/tmpfiles.d/0redis.conf</file>
|
||||||
|
<file>/etc/pki/ca-trust/source/anchors/ca_Redis.crt</file>
|
||||||
|
<file>/etc/pki/tls/certs/redis.crt</file>
|
||||||
|
<file owner="root" group="redis" mode="440">/etc/pki/tls/private/redis.key</file>
|
||||||
</service>
|
</service>
|
||||||
</services>
|
</services>
|
||||||
<variables>
|
<variables>
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
<variables>
|
<variables>
|
||||||
<variable name="remote" description="Remote client needing an account" type="domainname" provider="redis_client" mandatory="True"/>
|
<variable name="remote" description="Remote client needing an account" type="domainname" provider="redis_client" mandatory="True"/>
|
||||||
<variable name="remote_ip" description="Remote IP" type="ip" provider="redis_client_ip" mandatory="True"/>
|
<variable name="remote_ip" description="Remote IP" type="ip" provider="redis_client_ip" mandatory="True"/>
|
||||||
<variable name="password" description="Remote password" auto_save="True" hidden="True" type="password" mandatory="True" provider="redis_client_password"/>
|
<variable name="password" auto_save="True" hidden="True" type="password" mandatory="True" provider="redis_client_password"/>
|
||||||
</variables>
|
</variables>
|
||||||
<constraints>
|
<constraints>
|
||||||
<fill name="get_password">
|
<fill name="get_password">
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
%%get_chain(authority_cn=%%domain_name_eth0, authority_name="Redis")
|
|
@ -99,6 +99,7 @@ protected-mode no
|
||||||
|
|
||||||
# Accept connections on the specified port, default is 6379 (IANA #815344).
|
# Accept connections on the specified port, default is 6379 (IANA #815344).
|
||||||
# If port 0 is specified Redis will not listen on a TCP socket.
|
# If port 0 is specified Redis will not listen on a TCP socket.
|
||||||
|
# GNUNUX: for php/php-fpm
|
||||||
port 6379
|
port 6379
|
||||||
|
|
||||||
# TCP listen() backlog.
|
# TCP listen() backlog.
|
||||||
|
@ -141,7 +142,6 @@ timeout 0
|
||||||
#tcp-keepalive 300
|
#tcp-keepalive 300
|
||||||
tcp-keepalive %%redis_tcp_keepalive
|
tcp-keepalive %%redis_tcp_keepalive
|
||||||
#<GNUNUX
|
#<GNUNUX
|
||||||
#FIXME TLS !!
|
|
||||||
################################# TLS/SSL #####################################
|
################################# TLS/SSL #####################################
|
||||||
|
|
||||||
# By default, TLS/SSL is disabled. To enable it, the "tls-port" configuration
|
# By default, TLS/SSL is disabled. To enable it, the "tls-port" configuration
|
||||||
|
@ -190,6 +190,12 @@ tcp-keepalive %%redis_tcp_keepalive
|
||||||
#
|
#
|
||||||
# tls-ca-cert-file ca.crt
|
# tls-ca-cert-file ca.crt
|
||||||
# tls-ca-cert-dir /etc/ssl/certs
|
# tls-ca-cert-dir /etc/ssl/certs
|
||||||
|
#>GNUNUX
|
||||||
|
tls-port 6380
|
||||||
|
tls-cert-file /etc/pki/tls/certs/redis.crt
|
||||||
|
tls-key-file /etc/pki/tls/private/redis.key
|
||||||
|
tls-ca-cert-file /etc/pki/ca-trust/source/anchors/ca_Redis.crt
|
||||||
|
#<GNUNUX
|
||||||
|
|
||||||
# By default, clients (including replica servers) on a TLS port are required
|
# By default, clients (including replica servers) on a TLS port are required
|
||||||
# to authenticate using valid client side certificates.
|
# to authenticate using valid client side certificates.
|
||||||
|
@ -896,6 +902,9 @@ replica-priority 100
|
||||||
#
|
#
|
||||||
# For more information about ACL configuration please refer to
|
# For more information about ACL configuration please refer to
|
||||||
# the Redis web site at https://redis.io/topics/acl
|
# the Redis web site at https://redis.io/topics/acl
|
||||||
|
#>GNUNUX
|
||||||
|
user %%normalize_family(%%account.remote) on >%%account.password ~* &* +@all
|
||||||
|
#<GNUNUX
|
||||||
|
|
||||||
# ACL LOG
|
# ACL LOG
|
||||||
#
|
#
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
%%get_certificate(%%domain_name_eth0, 'Redis')
|
|
@ -0,0 +1 @@
|
||||||
|
%%get_private_key(%%domain_name_eth0, 'Redis')
|
|
@ -25,12 +25,17 @@
|
||||||
<value>Consulter ces courriels avec Roundcube</value>
|
<value>Consulter ces courriels avec Roundcube</value>
|
||||||
</variable>
|
</variable>
|
||||||
<variable name="oauth2_client_category" redefine='True'>
|
<variable name="oauth2_client_category" redefine='True'>
|
||||||
<value>Collaboration</value>
|
<value>Diffusion</value>
|
||||||
</variable>
|
</variable>
|
||||||
<variable name="oauth2_client_logo" redefine='True'>
|
<variable name="oauth2_client_logo" redefine='True'>
|
||||||
<value>silique_email.png</value>
|
<value>silique_email.png</value>
|
||||||
</variable>
|
</variable>
|
||||||
</family>
|
</family>
|
||||||
|
<family name="nginx">
|
||||||
|
<variable name="revprox_client_local_location" redefine="True">
|
||||||
|
<value>/roundcube/</value>
|
||||||
|
</variable>
|
||||||
|
</family>
|
||||||
</variables>
|
</variables>
|
||||||
<constraints>
|
<constraints>
|
||||||
<fill name="get_password">
|
<fill name="get_password">
|
||||||
|
|
|
@ -31,7 +31,7 @@ $config = [];
|
||||||
// e.g. 'mysql://roundcube:@localhost/roundcubemail?verify_server_cert=false'
|
// e.g. 'mysql://roundcube:@localhost/roundcubemail?verify_server_cert=false'
|
||||||
// GNUNUX $config['db_dsnw'] = 'mysql://roundcube:@localhost/roundcubemail';
|
// GNUNUX $config['db_dsnw'] = 'mysql://roundcube:@localhost/roundcubemail';
|
||||||
//>GNUNUX
|
//>GNUNUX
|
||||||
$config['db_dsnw'] = 'pgsql://%%pg_client_username:%%pg_client_password@%%pg_client_server_domainname/%%pg_client_database?sslmode=verify-full';
|
$config['db_dsnw'] = 'pgsql://%%pg_client_username:%%pg_client_password@%%pg_client_server_domainname/%%pg_client_database?sslmode=verify-full&sslcert=/etc/pki/tls/certs/postgresql.crt&sslkey=/etc/pki/tls/private/postgresql.key&sslrootcert=/etc/pki/ca-trust/source/anchors/ca_PostgreSQL.crt';
|
||||||
//<GNUNUX
|
//<GNUNUX
|
||||||
|
|
||||||
// Database DSN for read-only operations (if empty write database will be used)
|
// Database DSN for read-only operations (if empty write database will be used)
|
||||||
|
|
Loading…
Reference in a new issue