Add sample Apache proxy configs

author: Caleb Maclennan 2015-11-10 14:23:52 +0200
committer: Caleb Maclennan 2015-11-10 14:23:52 +0200
commit: 939eaa99fc8838838f93cb6eb679cd2debcd3535 (patch)
tree: 71aae9edd0cdb5d774afbfdf485e31ca76649699
parent: 743c6d98973c42544dc644da265267f19dfa4416 (diff)
download: aur-939eaa99fc8838838f93cb6eb679cd2debcd3535.tar.gz
4 files changed, 95 insertions, 4 deletions
diff --git a/.SRCINFO b/.SRCINFO
index cc98096699f4..a41c01f65e45 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,7 +1,7 @@
 pkgbase = kanban-bin
 	pkgdesc = Self hosted Kanban board for GitLab issues (precompiled binary)
 	pkgver = 1.4.1
-	pkgrel = 3
+	pkgrel = 4
 	url = http://kanban.leanlabs.io/
 	arch = x86_64
 	license = MIT
@@ -9,8 +9,12 @@ pkgbase = kanban-bin
 	conflicts = kanban
 	source = kanban::https://github.com/leanlabsio/kanban/releases/download/1.4.1/kanban_x86_64_linux
 	source = kanban.service
+	source = apache2.4.conf.example
+	source = apache2.4-ssl.conf.example
 	sha256sums = 6c4f9e3a48d29a16689fc825b34ff7e4705bea70dddb84cd4831a90397b0a455
 	sha256sums = 40273cb5169a462b609b852b40e18eeb1cb742ebd6ced1181831e5eae108407e
+	sha256sums = a9d1cb56a566cdc5ced67e8d783b683fd8a4bf27f14a2e876c965d4c2ffc99fc
+	sha256sums = 86f5a034ad456b786a0d809297a5451dc48443f9e2e2f92147477818bd552170
 
 pkgname = kanban-bin
 
diff --git a/PKGBUILD b/PKGBUILD
index 611c567fbb4b..eba25fca6ab8 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -2,7 +2,7 @@
 
 pkgname=kanban-bin
 pkgver=1.4.1
-pkgrel=3
+pkgrel=4
 pkgdesc="Self hosted Kanban board for GitLab issues (precompiled binary)"
 arch=('x86_64')
 url="http://kanban.leanlabs.io/"
@@ -10,10 +10,16 @@ license=('MIT')
 depends=('redis')
 conflicts=('kanban')
 source=("kanban::https://github.com/leanlabsio/kanban/releases/download/${pkgver}/kanban_x86_64_linux"
-        "kanban.service")
+        "kanban.service"
+        "apache2.4.conf.example"
+        "apache2.4-ssl.conf.example"
+        )
 sha256sums=('6c4f9e3a48d29a16689fc825b34ff7e4705bea70dddb84cd4831a90397b0a455'
-            '40273cb5169a462b609b852b40e18eeb1cb742ebd6ced1181831e5eae108407e')
+            '40273cb5169a462b609b852b40e18eeb1cb742ebd6ced1181831e5eae108407e'
+            'a9d1cb56a566cdc5ced67e8d783b683fd8a4bf27f14a2e876c965d4c2ffc99fc'
+            '86f5a034ad456b786a0d809297a5451dc48443f9e2e2f92147477818bd552170')
 _homedir='/var/lib/kanban'
+_etcdir="/etc/webapps/kanban"
 
 post_install() {
     groupadd kanban &>/dev/null
@@ -27,4 +33,7 @@ post_remove() {
 package() {
     install -Dm755 "kanban" "${pkgdir}/usr/bin/kanban"
     install -Dm0644 kanban.service "${pkgdir}/usr/lib/systemd/system/kanban.service"
+    for __cfg in apache2.4 apache2.4-ssl; do
+        install -m644 "${srcdir}/${__cfg}.conf.example" "${pkgdir}${_etcdir}"
+    done
 }
diff --git a/apache2.4-ssl.conf.example b/apache2.4-ssl.conf.example
new file mode 100644
index 000000000000..37f475fc73ef
--- /dev/null
+++ b/apache2.4-ssl.conf.example
@@ -0,0 +1,57 @@
+<VirtualHost *:80>
+  ServerName kanban.example.com
+  ServerSignature Off
+
+  RewriteEngine on
+  RewriteCond %{HTTPS} !=on
+  RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L]
+</VirtualHost>
+
+<VirtualHost *:443>
+  SSLEngine on
+  #strong encryption ciphers only
+  #see ciphers(1) http://www.openssl.org/docs/apps/ciphers.html
+  SSLProtocol all -SSLv2 -SSLv3
+  SSLHonorCipherOrder on
+#  SSLCipherSuite "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
+  SSLCipherSuite "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA"
+  Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains"
+  SSLCompression Off
+  SSLCertificateFile /etc/httpd/ssl.crt/kanban.example.com.crt
+  SSLCertificateKeyFile /etc/httpd/ssl.key/kanban.example.com.key
+  SSLCACertificateFile /etc/httpd/ssl.crt/your-ca.crt
+
+  ServerName kanban.example.com
+  ServerSignature Off
+
+  ProxyPreserveHost On
+
+  <Location />
+    # New authorization commands for apache 2.4 and up
+    # http://httpd.apache.org/docs/2.4/upgrading.html#access
+    Require all granted
+
+    ProxyPassReverse http://127.0.0.1:8080
+    ProxyPassReverse http://kanban.example.com/
+  </Location>
+
+  RewriteEngine on
+  RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
+  RewriteRule .* http://127.0.0.1:8080%{REQUEST_URI} [P,QSA]
+  RequestHeader set X_FORWARDED_PROTO 'https'
+
+  DocumentRoot /usr/share/webapps/kanban
+
+  #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
+  ErrorDocument 404 /404.html
+  ErrorDocument 422 /422.html
+  ErrorDocument 500 /500.html
+  ErrorDocument 503 /deploy.html
+
+  LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
+  ErrorLog /var/log/httpd/logs/kanban.example.com_error.log
+  CustomLog /var/log/httpd/logs/kanban.example.com_forwarded.log common_forwarded
+  CustomLog /var/log/httpd/logs/kanban.example.com_access.log combined env=!dontlog
+  CustomLog /var/log/httpd/logs/kanban.example.com.log combined
+
+</VirtualHost>
diff --git a/apache2.4.conf.example b/apache2.4.conf.example
new file mode 100644
index 000000000000..759521ba39bf
--- /dev/null
+++ b/apache2.4.conf.example
@@ -0,0 +1,21 @@
+<VirtualHost *:80>
+  ServerName kanban.example.com
+  ServerSignature Off
+
+  ProxyPreserveHost On
+
+  <Location />
+    Require all granted
+
+    ProxyPassReverse http://127.0.0.1:8383
+    ProxyPassReverse http://kanban.example.com/
+  </Location>
+
+  DocumentRoot /usr/share/webapps/kanban
+  LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
+  ErrorLog  /var/log/httpd/logs/kanban.example.com_error.log
+  CustomLog /var/log/httpd/logs/kanban.example.com_forwarded.log common_forwarded
+  CustomLog /var/log/httpd/logs/kanban.example.com_access.log combined env=!dontlog
+  CustomLog /var/log/httpd/logs/kanban.example.com.log combined
+
+</VirtualHost>
author	Caleb Maclennan	2015-11-10 14:23:52 +0200
committer	Caleb Maclennan	2015-11-10 14:23:52 +0200
commit	939eaa99fc8838838f93cb6eb679cd2debcd3535 (patch)
tree	71aae9edd0cdb5d774afbfdf485e31ca76649699
parent	743c6d98973c42544dc644da265267f19dfa4416 (diff)
download	aur-939eaa99fc8838838f93cb6eb679cd2debcd3535.tar.gz