diff --git a/seed/applicationservice/2022.03.08/base/manual/install/install_host b/seed/applicationservice/2022.03.08/base/manual/install/install_host
index f63b5cd6..f6cb4aec 100755
--- a/seed/applicationservice/2022.03.08/base/manual/install/install_host
+++ b/seed/applicationservice/2022.03.08/base/manual/install/install_host
@@ -5,7 +5,7 @@ if [ -z "$HOST_NAME" ]; then
echo "usage: $0 host name"
exit 1
fi
-apt install --yes systemd-container dnf jq debootstrap htop gettext
+apt install --yes systemd-container dnf jq debootstrap htop gettext patch
systemd-tmpfiles --create --clean --remove $PWD/host/configurations/$HOST_NAME/tmpfiles.d/0asystemd-nspawn.conf
systemd-tmpfiles --create --clean --remove $PWD/host/configurations/$HOST_NAME/tmpfiles.d/0rougail.conf
systemctl daemon-reload
diff --git a/seed/applicationservice/2022.03.08/base/manual/install/install_image b/seed/applicationservice/2022.03.08/base/manual/install/install_image
index b63231c0..36a3b5db 100755
--- a/seed/applicationservice/2022.03.08/base/manual/install/install_image
+++ b/seed/applicationservice/2022.03.08/base/manual/install/install_image
@@ -103,6 +103,9 @@ if [ -n "$COPR" ]; then
wget "$COPR"
cd -
fi
+if [ "$FUSION" = true ]; then
+ dnf -y install "https://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$RELEASEVER.noarch.rpm" --installroot="$IMAGE_NAME_RISOTTO_IMAGE_DIR"
+fi
# FIXME verifier s'il y a des modifs sur pre/post
if [ -f "$IMAGE_NAME_RISOTTO_IMAGE_DIR".base.pkgs ] && [ -f "$IMAGE_NAME_RISOTTO_IMAGE_DIR".pkgs ]; then
@@ -125,12 +128,19 @@ if [ "$INSTALL" = true ]; then
VERSION=0
fi
mkdir tmp
+ ORI_DIR=$PWD
cd tmp
if [ ! "$VERSION" = 0 ]; then
tar xf "$IMAGE_NAME_RISOTTO_IMAGE_NAME"
+ if [ "$INSTALL_TOOL" = "apt" ]; then
+ chown _apt "$IMAGE_NAME"
+ fi
+ else
+ mkdir "$IMAGE_NAME"
fi
- ../make_changelog "$IMAGE_NAME" "$VERSION" "$OS_NAME" "$RELEASEVER" > "$IMAGE_NAME_RISOTTO_IMAGE_DIR"_"$RELEASEVER"_"$VERSION"_changelog.md
- cd -
+ cd "$IMAGE_NAME"
+ ../../make_changelog "$IMAGE_NAME" "$VERSION" "$OS_NAME" "$RELEASEVER" > "$IMAGE_NAME_RISOTTO_IMAGE_DIR"_"$RELEASEVER"_"$VERSION"_changelog.md
+ cd $ORI_DIR
rm -rf tmp
install_pkg
sleep 2
diff --git a/seed/applicationservice/2022.03.08/base/manual/install/make_changelog b/seed/applicationservice/2022.03.08/base/manual/install/make_changelog
index fcc0967d..c2da6ea9 100755
--- a/seed/applicationservice/2022.03.08/base/manual/install/make_changelog
+++ b/seed/applicationservice/2022.03.08/base/manual/install/make_changelog
@@ -34,7 +34,6 @@ def read_dnf_pkg_file(os_name, filename1, filename2):
for idx, pkg_line in enumerate(pkgs_fh.readlines()):
if idx < header_idx[fidx]:
# header
- print("béééé")
continue
sp_line = pkg_line.strip().split()
if len(sp_line) < idx_version[fidx] + 1:
@@ -154,13 +153,17 @@ type = "installe"
for package in ori_pkg & new_dict:
if ori_dict[package] == new_dict[package]:
continue
- run(['apt', 'download', package])
+ info = run(['apt', 'download', package], capture_output=True)
+ if info.returncode:
+ raise Exception(f'cannot download {package}: {info}')
packages = list(glob('*.deb'))
packages.sort()
for package in packages:
- info = run(['apt-listchanges', '--which', 'both', '-f', 'text', package], capture_output=True)
+ info = run(['chroot', '.', 'apt-listchanges', '--which', 'both', '-f', 'text', package], capture_output=True)
+ if info.returncode:
+ raise Exception(f'cannot list changes for {package}: {info}')
header = True
- for line in info.split('\n'):
+ for line in info.stdout.decode().split('\n'):
if not header:
print(line)
if line.startswith('-----------------------'):
diff --git a/seed/applicationservice/2022.03.08/dovecot/dictionaries/22_dovecot.xml b/seed/applicationservice/2022.03.08/dovecot/dictionaries/22_dovecot.xml
index 1348cb72..9a4717e2 100644
--- a/seed/applicationservice/2022.03.08/dovecot/dictionaries/22_dovecot.xml
+++ b/seed/applicationservice/2022.03.08/dovecot/dictionaries/22_dovecot.xml
@@ -86,6 +86,9 @@
+
+
+
diff --git a/seed/applicationservice/2022.03.08/gitea/templates/app.ini b/seed/applicationservice/2022.03.08/gitea/templates/app.ini
index def0b96d..617c9b73 100644
--- a/seed/applicationservice/2022.03.08/gitea/templates/app.ini
+++ b/seed/applicationservice/2022.03.08/gitea/templates/app.ini
@@ -10,7 +10,7 @@ NAME = %%pg_client_database
USER = %%pg_client_username
PASSWD = %%pg_client_password
SCHEMA =
-SSL_MODE = disable
+SSL_MODE = verify-full
CHARSET = utf8
LOG_SQL = false
diff --git a/seed/applicationservice/2022.03.08/host-systemd-machined/dictionaries/21-machined.xml b/seed/applicationservice/2022.03.08/host-systemd-machined/dictionaries/21-machined.xml
index 98d32b0e..337b5fdd 100644
--- a/seed/applicationservice/2022.03.08/host-systemd-machined/dictionaries/21-machined.xml
+++ b/seed/applicationservice/2022.03.08/host-systemd-machined/dictionaries/21-machined.xml
@@ -11,6 +11,8 @@
/etc/systemd/system/systemd-nspawn@.service.d/systemd-nspawn@.conf
/etc/distro.repos.d/boot.repo
/etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-35-x86_64
+ /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-36-x86_64
+ /etc/pki/rpm-gpg/RPM-GPG-KEY-rpmfusion-free-fedora-36
/etc/sysctl.d/90-risotto.conf
host_dhcp_filename
diff --git a/seed/applicationservice/2022.03.08/lemonldap/dictionaries/70_lemonldap_ng.xml b/seed/applicationservice/2022.03.08/lemonldap/dictionaries/70_lemonldap_ng.xml
index 5a360cc1..fda6d432 100644
--- a/seed/applicationservice/2022.03.08/lemonldap/dictionaries/70_lemonldap_ng.xml
+++ b/seed/applicationservice/2022.03.08/lemonldap/dictionaries/70_lemonldap_ng.xml
@@ -8,6 +8,7 @@
/static/silique_email.png
/static/silique_folder.png
/static/silique_note.png
+ /static/silique_video.png
/static/risotto.css
/var/lib/lemonldap-ng/conf/lmConf-1.json
/etc/lemonldap-ng/lemonldap-ng.ini
@@ -21,20 +22,10 @@
-
-
1
-
-
- reload.
- lemon_domain
-
- lemon_reload_web_name
-
-
diff --git a/seed/applicationservice/2022.03.08/lemonldap/templates/lmConf-1.json b/seed/applicationservice/2022.03.08/lemonldap/templates/lmConf-1.json
index 5482f751..03bd7d8c 100644
--- a/seed/applicationservice/2022.03.08/lemonldap/templates/lmConf-1.json
+++ b/seed/applicationservice/2022.03.08/lemonldap/templates/lmConf-1.json
@@ -57,12 +57,21 @@ commentStartToken = §
"locationRules" : {
"%%revprox_client_external_domainname" : {
"default" : "accept"
+%set %%domains = []
%for %%app in %%oauth2.remotes
%set %%key = %%normalize_family(%%app)
+ %set %%external = %%oauth2['oauth2_' + %%key]['external_' + %%key]
+ § external is somethink like https://domain/
+ %if %%external
+ %set %%domain = %%str(%%external).split('/', 3)[-2]
+ %if %%domain not in %%domains
},
- "%%lemon_domain" : {
+ "%%domain" : {
"^/logout" : "logout_sso",
"default" : "accept"
+%%domains.append(%%domain)%slurp
+ %end if
+ %end if
%end for
}
},
@@ -152,10 +161,6 @@ commentStartToken = §
"portalDisplayRegister": 0,
"portalDisplayResetPassword": 0,
"portalMainLogo": "risotto/logo.png",
- "registerUrl" : "https://%%lemon_reload_web_name/register",
- "reloadUrls" : {
- "localhost" : "https://%%lemon_reload_web_name/reload"
- },
"showLanguages": 0,
"whatToTrace" : "_whatToTrace",
%set %%remotes = {}
diff --git a/seed/applicationservice/2022.03.08/mailman/templates/mailman.cfg b/seed/applicationservice/2022.03.08/mailman/templates/mailman.cfg
index 2e3e34c0..66fa624f 100644
--- a/seed/applicationservice/2022.03.08/mailman/templates/mailman.cfg
+++ b/seed/applicationservice/2022.03.08/mailman/templates/mailman.cfg
@@ -24,8 +24,7 @@ layout: fhs
#>GNUNUX
[database]
class: mailman.database.postgresql.PostgreSQLDatabase
-url: postgresql://%%pg_client_username:%%pg_client_password@%%pg_client_server_domainname/%%pg_client_database
-#FIXME ?sslmode=require
+url: postgresql://%%pg_client_username:%%pg_client_password@%%pg_client_server_domainname/%%pg_client_database?sslmode=verify-full
[mta]
lmtp_host: %%ip_eth0
diff --git a/seed/applicationservice/2022.03.08/mailman/templates/postorius-settings.py b/seed/applicationservice/2022.03.08/mailman/templates/postorius-settings.py
index 7cfe027a..ff1f3345 100644
--- a/seed/applicationservice/2022.03.08/mailman/templates/postorius-settings.py
+++ b/seed/applicationservice/2022.03.08/mailman/templates/postorius-settings.py
@@ -10,6 +10,7 @@ DATABASES = {
'HOST': '%%pg_client_server_domainname', # Database server
'PORT': '', # Database port (leave blank for default)
'CONN_MAX_AGE': 300, # Max database connection age
+ 'OPTIONS': {'sslmode': 'verify-full'},
}
}
ALLOWED_HOSTS = ['%%revprox_client_external_domainname']
diff --git a/seed/applicationservice/2022.03.08/mariadb-server/applicationservice.yml b/seed/applicationservice/2022.03.08/mariadb/applicationservice.yml
similarity index 100%
rename from seed/applicationservice/2022.03.08/mariadb-server/applicationservice.yml
rename to seed/applicationservice/2022.03.08/mariadb/applicationservice.yml
diff --git a/seed/applicationservice/2022.03.08/mariadb-server/dictionaries/20_mariadb.xml b/seed/applicationservice/2022.03.08/mariadb/dictionaries/20_mariadb.xml
similarity index 100%
rename from seed/applicationservice/2022.03.08/mariadb-server/dictionaries/20_mariadb.xml
rename to seed/applicationservice/2022.03.08/mariadb/dictionaries/20_mariadb.xml
diff --git a/seed/applicationservice/2022.03.08/mariadb-server/manual/image/preinstall/mariadb_server.sh b/seed/applicationservice/2022.03.08/mariadb/manual/image/preinstall/mariadb_server.sh
similarity index 100%
rename from seed/applicationservice/2022.03.08/mariadb-server/manual/image/preinstall/mariadb_server.sh
rename to seed/applicationservice/2022.03.08/mariadb/manual/image/preinstall/mariadb_server.sh
diff --git a/seed/applicationservice/2022.03.08/mariadb-server/templates/mariadb.service b/seed/applicationservice/2022.03.08/mariadb/templates/mariadb.service
similarity index 100%
rename from seed/applicationservice/2022.03.08/mariadb-server/templates/mariadb.service
rename to seed/applicationservice/2022.03.08/mariadb/templates/mariadb.service
diff --git a/seed/applicationservice/2022.03.08/mariadb-server/templates/mariadb.sql b/seed/applicationservice/2022.03.08/mariadb/templates/mariadb.sql
similarity index 100%
rename from seed/applicationservice/2022.03.08/mariadb-server/templates/mariadb.sql
rename to seed/applicationservice/2022.03.08/mariadb/templates/mariadb.sql
diff --git a/seed/applicationservice/2022.03.08/mariadb-server/templates/risotto.cnf b/seed/applicationservice/2022.03.08/mariadb/templates/risotto.cnf
similarity index 100%
rename from seed/applicationservice/2022.03.08/mariadb-server/templates/risotto.cnf
rename to seed/applicationservice/2022.03.08/mariadb/templates/risotto.cnf
diff --git a/seed/applicationservice/2022.03.08/mariadb-server/templates/tmpfile-mariadb.conf b/seed/applicationservice/2022.03.08/mariadb/templates/tmpfile-mariadb.conf
similarity index 100%
rename from seed/applicationservice/2022.03.08/mariadb-server/templates/tmpfile-mariadb.conf
rename to seed/applicationservice/2022.03.08/mariadb/templates/tmpfile-mariadb.conf
diff --git a/seed/applicationservice/2022.03.08/nextcloud/manual/image/preinstall/nextcloud.sh b/seed/applicationservice/2022.03.08/nextcloud/manual/image/preinstall/nextcloud.sh
index 5aaa2fe3..a45eb1e0 100644
--- a/seed/applicationservice/2022.03.08/nextcloud/manual/image/preinstall/nextcloud.sh
+++ b/seed/applicationservice/2022.03.08/nextcloud/manual/image/preinstall/nextcloud.sh
@@ -1 +1 @@
-PKG="$PKG mod_ssl nextcloud-postgresql php-intl php-bcmath php-opcache php-pecl-redis"
+PKG="$PKG nextcloud-postgresql php-intl php-bcmath php-opcache php-pecl-redis"
diff --git a/seed/applicationservice/2022.03.08/nextcloud/templates/nextcloud-config.php b/seed/applicationservice/2022.03.08/nextcloud/templates/nextcloud-config.php
index b715b52c..803a441d 100644
--- a/seed/applicationservice/2022.03.08/nextcloud/templates/nextcloud-config.php
+++ b/seed/applicationservice/2022.03.08/nextcloud/templates/nextcloud-config.php
@@ -37,7 +37,7 @@ $CONFIG = array (
'dbtableprefix' => 'oc_',
'dbuser' => '%%pg_client_username',
'dbpassword' => '%%pg_client_password',
- 'dbdriveroptions' => array('sslmode' => true),
+ 'dbdriveroptions' => array('sslmode' => 'verify-full'),
'passwordsalt' => '{{SALT}}',
'secret' => '{{SECRET}}',
'instanceid' => '%%nextcloud_instance_id',
diff --git a/seed/applicationservice/2022.03.08/nginx-common/dictionaries/20_nginx.xml b/seed/applicationservice/2022.03.08/nginx-common/dictionaries/20_nginx.xml
index e6fda66b..4230d192 100644
--- a/seed/applicationservice/2022.03.08/nginx-common/dictionaries/20_nginx.xml
+++ b/seed/applicationservice/2022.03.08/nginx-common/dictionaries/20_nginx.xml
@@ -4,7 +4,7 @@
/etc/nginx/nginx.conf
/etc/nginx/sites-available/default
- /etc/nginx/default.d/risotto.conf
+ /etc/nginx/default.d/risotto.conf
/var/www/html/index.html
/etc/nginx/conf.d/options.conf
@@ -36,5 +36,9 @@
Fedora
nginx_fedora
+
+
+ nginx_default
+
diff --git a/seed/applicationservice/2022.03.08/nginx-reverse-proxy-server/extras/nginx/00-nginx.xml b/seed/applicationservice/2022.03.08/nginx-reverse-proxy-server/extras/nginx/00-nginx.xml
index 059344cc..96f1a93f 100644
--- a/seed/applicationservice/2022.03.08/nginx-reverse-proxy-server/extras/nginx/00-nginx.xml
+++ b/seed/applicationservice/2022.03.08/nginx-reverse-proxy-server/extras/nginx/00-nginx.xml
@@ -9,8 +9,8 @@
+
-
diff --git a/seed/applicationservice/2022.03.08/nginx-reverse-proxy-server/templates/revprox-nginx.conf b/seed/applicationservice/2022.03.08/nginx-reverse-proxy-server/templates/revprox-nginx.conf
index 72a00b24..f0763ac1 100644
--- a/seed/applicationservice/2022.03.08/nginx-reverse-proxy-server/templates/revprox-nginx.conf
+++ b/seed/applicationservice/2022.03.08/nginx-reverse-proxy-server/templates/revprox-nginx.conf
@@ -6,7 +6,7 @@
server {
listen 80;
server_name %%domainname;
- return 301 https://www.domain.com$request_uri;
+ return 301 https://%%domainname$request_uri;
}
# Configuration HTTPS %%domainname
@@ -25,6 +25,7 @@ server {
location %%location {
proxy_pass %%location['revprox_url_' + family];
%if %%location['revprox_is_websocket_' + family]
+ proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
%else
@@ -41,6 +42,10 @@ server {
proxy_ssl_verify on;
proxy_ssl_verify_depth 2;
proxy_ssl_session_reuse on;
+ %set %%maxbody = %%location['revprox_max_body_size_' + family]
+ %if %%maxbody
+ client_max_body_size %%maxbody;
+ %end if
set $dest $http_destination;
index error.html;
root /var/www/html;
diff --git a/seed/applicationservice/2022.03.08/php/applicationservice.yml b/seed/applicationservice/2022.03.08/php/applicationservice.yml
index b097efd4..60a43167 100644
--- a/seed/applicationservice/2022.03.08/php/applicationservice.yml
+++ b/seed/applicationservice/2022.03.08/php/applicationservice.yml
@@ -1,4 +1,2 @@
format: '0.1'
description: PHP configuration
-depends:
- - apache
diff --git a/seed/applicationservice/2022.03.08/postfix-relay/dictionaries/30_postfix.xml b/seed/applicationservice/2022.03.08/postfix-relay/dictionaries/30_postfix.xml
index 7926827a..37d0f69e 100644
--- a/seed/applicationservice/2022.03.08/postfix-relay/dictionaries/30_postfix.xml
+++ b/seed/applicationservice/2022.03.08/postfix-relay/dictionaries/30_postfix.xml
@@ -38,7 +38,6 @@
-
@@ -51,11 +50,6 @@
-
- domain_name_eth0
- MailServer
- postfix_ca_chain
-
/etc/opendkim/keys/
postfix_relay_domains
diff --git a/seed/applicationservice/2022.03.08/postfix-relay/templates/ca_MailServer.crt b/seed/applicationservice/2022.03.08/postfix-relay/templates/ca_MailServer.crt
index dadb6c9e..8db50d45 100644
--- a/seed/applicationservice/2022.03.08/postfix-relay/templates/ca_MailServer.crt
+++ b/seed/applicationservice/2022.03.08/postfix-relay/templates/ca_MailServer.crt
@@ -1 +1 @@
-%%postfix_ca_chain
+%%get_chain(authority_cn=%%domain_name_eth0, authority_name="MailServer")
diff --git a/seed/applicationservice/2022.03.08/postgresql-client/dictionaries/23_postgresql.xml b/seed/applicationservice/2022.03.08/postgresql-client/dictionaries/23_postgresql.xml
index c9194834..ed51763d 100644
--- a/seed/applicationservice/2022.03.08/postgresql-client/dictionaries/23_postgresql.xml
+++ b/seed/applicationservice/2022.03.08/postgresql-client/dictionaries/23_postgresql.xml
@@ -3,6 +3,9 @@
/secrets/postgresql.pass
+ /etc/pki/ca-trust/source/anchors/ca_PostgreSQL.crt
+ /etc/pki/tls/certs/postgresql.crt
+ /etc/pki/tls/private/postgresql.key
@@ -11,6 +14,9 @@
+
+ root
+
diff --git a/seed/applicationservice/2022.03.08/postgresql-client/templates/postgresqlclient.service b/seed/applicationservice/2022.03.08/postgresql-client/templates/postgresqlclient.service
index 6ae07e07..c25764ad 100644
--- a/seed/applicationservice/2022.03.08/postgresql-client/templates/postgresqlclient.service
+++ b/seed/applicationservice/2022.03.08/postgresql-client/templates/postgresqlclient.service
@@ -6,4 +6,4 @@ Before=network.target
Type=oneshot
Environment=PGPASSFILE=/usr/local/lib/secrets/postgresql.pass
ExecStart=/usr/bin/timeout 90 sh -c 'while ! 3<> /dev/tcp/%%pg_client_server_domainname/5432; do sleep 1; done; echo "POSTGRESQL STARTED"'
-ExecStart=/usr/bin/timeout 90 sh -c 'while ! /usr/bin/psql -h %%pg_client_server_domainname -U %%pg_client_username %%pg_client_database -c "\l"; do sleep 1; done; echo "POSTGRESQL READY"'
+ExecStart=/usr/bin/timeout 90 sh -c 'while ! /usr/bin/psql --set=sslmode=verify-full -h %%pg_client_server_domainname -U %%pg_client_username %%pg_client_database -c "\l"; do sleep 1; done; echo "POSTGRESQL READY"'
diff --git a/seed/applicationservice/2022.03.08/postgresql-server/dictionaries/22_postgresql.xml b/seed/applicationservice/2022.03.08/postgresql-server/dictionaries/22_postgresql.xml
index bed1dbdb..4cb925ff 100644
--- a/seed/applicationservice/2022.03.08/postgresql-server/dictionaries/22_postgresql.xml
+++ b/seed/applicationservice/2022.03.08/postgresql-server/dictionaries/22_postgresql.xml
@@ -10,6 +10,9 @@
/etc/postgresql/pg_ident.conf
/bin/postgresql_init
/sysusers.d/0postgresql.conf
+ /etc/pki/ca-trust/source/anchors/ca_PostgreSQL.crt
+ /etc/pki/tls/certs/postgresql.crt
+ /etc/pki/tls/private/postgresql.key
diff --git a/seed/applicationservice/2022.03.08/postgresql-server/manual/image/preinstall/postgresql_server.sh b/seed/applicationservice/2022.03.08/postgresql-server/manual/image/preinstall/postgresql_server.sh
index 6ddfa5cc..4bdeb8e7 100644
--- a/seed/applicationservice/2022.03.08/postgresql-server/manual/image/preinstall/postgresql_server.sh
+++ b/seed/applicationservice/2022.03.08/postgresql-server/manual/image/preinstall/postgresql_server.sh
@@ -1 +1 @@
-PKG="$PKG postgresql-server"
+PKG="$PKG postgresql-server postgresql-contrib"
diff --git a/seed/applicationservice/2022.03.08/postgresql-server/templates/pg_hba.conf b/seed/applicationservice/2022.03.08/postgresql-server/templates/pg_hba.conf
index 75c3d46b..7a48fb3d 100644
--- a/seed/applicationservice/2022.03.08/postgresql-server/templates/pg_hba.conf
+++ b/seed/applicationservice/2022.03.08/postgresql-server/templates/pg_hba.conf
@@ -89,11 +89,11 @@ local all postgres ident map=pg_map
#>GNUNUX
# host all all 127.0.0.1/32 ident
%for %%server in %%accounts.remotes
-host %%normalize_family(%%server) %%normalize_family(%%server) %%server md5
+hostssl %%normalize_family(%%server) %%normalize_family(%%server) %%server md5
%end for
#GNUNUX
diff --git a/seed/applicationservice/2022.03.08/postgresql-server/templates/postgresql.conf b/seed/applicationservice/2022.03.08/postgresql-server/templates/postgresql.conf
index 625df371..8849422a 100644
--- a/seed/applicationservice/2022.03.08/postgresql-server/templates/postgresql.conf
+++ b/seed/applicationservice/2022.03.08/postgresql-server/templates/postgresql.conf
@@ -138,13 +138,12 @@ authentication_timeout = §§{pg_authentication_timeout}s
#ssl_dh_params_file = ''
#ssl_passphrase_command = ''
#ssl_passphrase_command_supports_reload = off
-#>FIXME
-#ssl = true # (change requires restart)
-#%import os
-#%set %%pg_server_cert_chain = os.path.splitext(§§pg_server_cert)[0] + '_ca-chain.crt'
-#ssl_cert_file = '%%pg_server_cert_chain' # (change requires restart)
-#ssl_key_file = '§§pg_server_key' # (change requires restart)
-#GNUNUX
+ssl = true # (change requires restart)
+ssl_ca_file = '/etc/pki/ca-trust/source/anchors/ca_PostgreSQL.crt'
+ssl_cert_file = '/etc/pki/tls/certs/postgresql.crt' # (change requires restart)
+ssl_key_file = '/etc/pki/tls/private/postgresql.key' # (change requires restart)
+#
-
-
-
- revprox_ca_file
- revprox_cert_file
- revprox_key_file
-
-
-
-
-
-
-
-
-
- /
-
-
- False
-
-
-
-
-
- 443
-
-
- root
-
-
- root
-
-
-
-
-
-
-
-
- domain_name_eth0
- revprox_client_port
- revprox_client_local_location
- revprox_client_web_address
-
-
- tls_ca_directory
- ca_InternalReverseProxy.crt
- /
- revprox_ca_file
-
-
- tls_cert_directory
- revprox.crt
- /
- revprox_cert_file
-
-
- tls_key_directory
- revprox.key
- /
- revprox_key_file
-
-
- revprox_client_server_domainname
- revprox_clients
- revprox_client_external_domainname
- ip
- 0
- revprox_client_server_ip
-
-
- revprox_client_server_domainname
- revprox_location
- revprox_client_external_domainname
- revprox_client_location
-
-
- revprox_client_server_domainname
- revprox_is_websocket
- revprox_client_external_domainname
- revprox_location
- revprox_client_location
- revprox_client_is_websocket
-
-
- revprox_client_server_domainname
- revprox_url
- revprox_location
- revprox_client_location
- revprox_client_external_domainname
- revprox_client_web_address
-
-
-
diff --git a/seed/applicationservice/2022.03.08/roundcube/dictionaries/31_roundcube.xml b/seed/applicationservice/2022.03.08/roundcube/dictionaries/31_roundcube.xml
index b6584516..96dbd002 100644
--- a/seed/applicationservice/2022.03.08/roundcube/dictionaries/31_roundcube.xml
+++ b/seed/applicationservice/2022.03.08/roundcube/dictionaries/31_roundcube.xml
@@ -5,6 +5,8 @@
/etc/roundcubemail/config.inc.php
/etc/httpd/conf.d/roundcubemail.conf
/secrets/roundcube-init.php
+ /static/silique_cloud.svg
+ /static/watermark.html
/etc/pki/ca-trust/source/anchors/ca_MailServer.crt
diff --git a/seed/applicationservice/2022.03.08/roundcube/manual/image/preinstall/roundcube.sh b/seed/applicationservice/2022.03.08/roundcube/manual/image/preinstall/roundcube.sh
index 276c0520..b8cca879 100644
--- a/seed/applicationservice/2022.03.08/roundcube/manual/image/preinstall/roundcube.sh
+++ b/seed/applicationservice/2022.03.08/roundcube/manual/image/preinstall/roundcube.sh
@@ -1 +1 @@
-PKG="$PKG mod_ssl roundcubemail php-cli php-pgsql php-pecl-redis5"
+PKG="$PKG roundcubemail php-cli php-pgsql php-pecl-redis5"
diff --git a/seed/applicationservice/2022.03.08/roundcube/templates/config.inc.php b/seed/applicationservice/2022.03.08/roundcube/templates/config.inc.php
index 9c95668e..6c081cbe 100644
--- a/seed/applicationservice/2022.03.08/roundcube/templates/config.inc.php
+++ b/seed/applicationservice/2022.03.08/roundcube/templates/config.inc.php
@@ -31,7 +31,7 @@ $config = [];
// e.g. 'mysql://roundcube:@localhost/roundcubemail?verify_server_cert=false'
// GNUNUX $config['db_dsnw'] = 'mysql://roundcube:@localhost/roundcubemail';
//>GNUNUX
-$config['db_dsnw'] = 'pgsql://%%pg_client_username:%%pg_client_password@%%pg_client_server_domainname/%%pg_client_database';
+$config['db_dsnw'] = 'pgsql://%%pg_client_username:%%pg_client_password@%%pg_client_server_domainname/%%pg_client_database?sslmode=verify-full';
// "/images/logo_print.png",
];
*/
-$config['skin_logo'] = null;
+$config['skin_logo'] = '/risotto/silique_cloud.svg';
// Automatically register user in Roundcube database on successful (IMAP) logon.
// Set to false if only registered users should be allowed to the webmail.
diff --git a/seed/applicationservice/2022.03.08/roundcube/templates/roundcubemail.conf b/seed/applicationservice/2022.03.08/roundcube/templates/roundcubemail.conf
index 5cc2fceb..63f39d67 100644
--- a/seed/applicationservice/2022.03.08/roundcube/templates/roundcubemail.conf
+++ b/seed/applicationservice/2022.03.08/roundcube/templates/roundcubemail.conf
@@ -2,6 +2,13 @@
# Round Cube Webmail is a browser-based multilingual IMAP client
#
+
+#>GNUNUX
+Alias /roundcube/skins/elastic/risotto/ /usr/local/lib/static/
+
+ Require all granted
+
+#GNUNUX
-DATABASE_URL=postgresql://%%pg_client_username:%%pg_client_password@%%pg_client_server_domainname/%%pg_client_database
+DATABASE_URL=postgresql://%%pg_client_username:%%pg_client_password@%%pg_client_server_domainname/%%pg_client_database?sslmode=verify-full
#