diff options
author | Caleb Maclennan | 2015-11-10 14:23:52 +0200 |
---|---|---|
committer | Caleb Maclennan | 2015-11-10 14:23:52 +0200 |
commit | 939eaa99fc8838838f93cb6eb679cd2debcd3535 (patch) | |
tree | 71aae9edd0cdb5d774afbfdf485e31ca76649699 | |
parent | 743c6d98973c42544dc644da265267f19dfa4416 (diff) | |
download | aur-939eaa99fc8838838f93cb6eb679cd2debcd3535.tar.gz |
Add sample Apache proxy configs
-rw-r--r-- | .SRCINFO | 6 | ||||
-rw-r--r-- | PKGBUILD | 15 | ||||
-rw-r--r-- | apache2.4-ssl.conf.example | 57 | ||||
-rw-r--r-- | apache2.4.conf.example | 21 |
4 files changed, 95 insertions, 4 deletions
@@ -1,7 +1,7 @@ pkgbase = kanban-bin pkgdesc = Self hosted Kanban board for GitLab issues (precompiled binary) pkgver = 1.4.1 - pkgrel = 3 + pkgrel = 4 url = http://kanban.leanlabs.io/ arch = x86_64 license = MIT @@ -9,8 +9,12 @@ pkgbase = kanban-bin conflicts = kanban source = kanban::https://github.com/leanlabsio/kanban/releases/download/1.4.1/kanban_x86_64_linux source = kanban.service + source = apache2.4.conf.example + source = apache2.4-ssl.conf.example sha256sums = 6c4f9e3a48d29a16689fc825b34ff7e4705bea70dddb84cd4831a90397b0a455 sha256sums = 40273cb5169a462b609b852b40e18eeb1cb742ebd6ced1181831e5eae108407e + sha256sums = a9d1cb56a566cdc5ced67e8d783b683fd8a4bf27f14a2e876c965d4c2ffc99fc + sha256sums = 86f5a034ad456b786a0d809297a5451dc48443f9e2e2f92147477818bd552170 pkgname = kanban-bin @@ -2,7 +2,7 @@ pkgname=kanban-bin pkgver=1.4.1 -pkgrel=3 +pkgrel=4 pkgdesc="Self hosted Kanban board for GitLab issues (precompiled binary)" arch=('x86_64') url="http://kanban.leanlabs.io/" @@ -10,10 +10,16 @@ license=('MIT') depends=('redis') conflicts=('kanban') source=("kanban::https://github.com/leanlabsio/kanban/releases/download/${pkgver}/kanban_x86_64_linux" - "kanban.service") + "kanban.service" + "apache2.4.conf.example" + "apache2.4-ssl.conf.example" + ) sha256sums=('6c4f9e3a48d29a16689fc825b34ff7e4705bea70dddb84cd4831a90397b0a455' - '40273cb5169a462b609b852b40e18eeb1cb742ebd6ced1181831e5eae108407e') + '40273cb5169a462b609b852b40e18eeb1cb742ebd6ced1181831e5eae108407e' + 'a9d1cb56a566cdc5ced67e8d783b683fd8a4bf27f14a2e876c965d4c2ffc99fc' + '86f5a034ad456b786a0d809297a5451dc48443f9e2e2f92147477818bd552170') _homedir='/var/lib/kanban' +_etcdir="/etc/webapps/kanban" post_install() { groupadd kanban &>/dev/null @@ -27,4 +33,7 @@ post_remove() { package() { install -Dm755 "kanban" "${pkgdir}/usr/bin/kanban" install -Dm0644 kanban.service "${pkgdir}/usr/lib/systemd/system/kanban.service" + for __cfg in apache2.4 apache2.4-ssl; do + install -m644 "${srcdir}/${__cfg}.conf.example" "${pkgdir}${_etcdir}" + done } diff --git a/apache2.4-ssl.conf.example b/apache2.4-ssl.conf.example new file mode 100644 index 000000000000..37f475fc73ef --- /dev/null +++ b/apache2.4-ssl.conf.example @@ -0,0 +1,57 @@ +<VirtualHost *:80> + ServerName kanban.example.com + ServerSignature Off + + RewriteEngine on + RewriteCond %{HTTPS} !=on + RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L] +</VirtualHost> + +<VirtualHost *:443> + SSLEngine on + #strong encryption ciphers only + #see ciphers(1) http://www.openssl.org/docs/apps/ciphers.html + SSLProtocol all -SSLv2 -SSLv3 + SSLHonorCipherOrder on +# SSLCipherSuite "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS" + SSLCipherSuite "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA" + Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains" + SSLCompression Off + SSLCertificateFile /etc/httpd/ssl.crt/kanban.example.com.crt + SSLCertificateKeyFile /etc/httpd/ssl.key/kanban.example.com.key + SSLCACertificateFile /etc/httpd/ssl.crt/your-ca.crt + + ServerName kanban.example.com + ServerSignature Off + + ProxyPreserveHost On + + <Location /> + # New authorization commands for apache 2.4 and up + # http://httpd.apache.org/docs/2.4/upgrading.html#access + Require all granted + + ProxyPassReverse http://127.0.0.1:8080 + ProxyPassReverse http://kanban.example.com/ + </Location> + + RewriteEngine on + RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f + RewriteRule .* http://127.0.0.1:8080%{REQUEST_URI} [P,QSA] + RequestHeader set X_FORWARDED_PROTO 'https' + + DocumentRoot /usr/share/webapps/kanban + + #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up. + ErrorDocument 404 /404.html + ErrorDocument 422 /422.html + ErrorDocument 500 /500.html + ErrorDocument 503 /deploy.html + + LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded + ErrorLog /var/log/httpd/logs/kanban.example.com_error.log + CustomLog /var/log/httpd/logs/kanban.example.com_forwarded.log common_forwarded + CustomLog /var/log/httpd/logs/kanban.example.com_access.log combined env=!dontlog + CustomLog /var/log/httpd/logs/kanban.example.com.log combined + +</VirtualHost> diff --git a/apache2.4.conf.example b/apache2.4.conf.example new file mode 100644 index 000000000000..759521ba39bf --- /dev/null +++ b/apache2.4.conf.example @@ -0,0 +1,21 @@ +<VirtualHost *:80> + ServerName kanban.example.com + ServerSignature Off + + ProxyPreserveHost On + + <Location /> + Require all granted + + ProxyPassReverse http://127.0.0.1:8383 + ProxyPassReverse http://kanban.example.com/ + </Location> + + DocumentRoot /usr/share/webapps/kanban + LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded + ErrorLog /var/log/httpd/logs/kanban.example.com_error.log + CustomLog /var/log/httpd/logs/kanban.example.com_forwarded.log common_forwarded + CustomLog /var/log/httpd/logs/kanban.example.com_access.log combined env=!dontlog + CustomLog /var/log/httpd/logs/kanban.example.com.log combined + +</VirtualHost> |