diff options
| author | Your Name | 2021-01-26 16:36:20 +0100 |
|---|---|---|
| committer | Your Name | 2021-01-26 16:36:20 +0100 |
| commit | 3e77c9eb1335d88623733101a915b74aeba17064 (patch) | |
| tree | db8a1427cc28a9b8cc9e4211774fbb0b8748be6d | |
| download | aur-3e77c9eb1335d88623733101a915b74aeba17064.tar.gz | |
next iteration
| -rw-r--r-- | .SRCINFO | 41 | ||||
| -rw-r--r-- | PKGBUILD | 77 | ||||
| -rw-r--r-- | apache.example.conf | 8 | ||||
| -rw-r--r-- | htaccess | 4 | ||||
| -rw-r--r-- | install | 23 | ||||
| -rw-r--r-- | nginx-location.conf | 32 | ||||
| -rw-r--r-- | nginx-ssl.example.conf | 56 | ||||
| -rw-r--r-- | php-fpm.example.conf | 6 | ||||
| -rwxr-xr-x | z-push-admin | 2 | ||||
| -rwxr-xr-x | z-push-top | 2 | ||||
| -rw-r--r-- | z-push.conf | 35 | ||||
| -rw-r--r-- | z-push.ini | 9 |
12 files changed, 295 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO new file mode 100644 index 000000000000..28e3a148cb76 --- /dev/null +++ b/.SRCINFO @@ -0,0 +1,41 @@ +pkgbase = z-push-git + pkgdesc = open-source implementation of the ActiveSync protocol + pkgver = 2.6.0 + pkgrel = 1 + url = https://z-push.org/ + install = install + arch = any + groups = zarafa + groups = kopano + license = AGPL3 + makedepends = git + depends = nginx + depends = php + depends = php-fpm + options = !strip + backup = etc/webapps/z-push/nginx-location.conf + backup = etc/php/conf.d/z-push.ini + backup = etc/php/fpm.d/z-push.conf + source = z-push-git-2.6.0::git+https://stash.z-hub.io/scm/zp/z-push.git#tag=2.6.0 + source = apache.example.conf + source = htaccess + source = z-push.ini + source = z-push.conf + source = nginx-location.conf + source = nginx-ssl.example.conf + source = php-fpm.example.conf + source = z-push-admin + source = z-push-top + md5sums = SKIP + md5sums = SKIP + md5sums = SKIP + md5sums = SKIP + md5sums = SKIP + md5sums = SKIP + md5sums = SKIP + md5sums = SKIP + md5sums = SKIP + md5sums = SKIP + +pkgname = z-push-git + diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 000000000000..eb6d39097538 --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,77 @@ +# Maintainer: MartiMcFly <martimcfly [at] autorisation.de> +# Contributor: C Anthony Risinger +# Contributer: Jörg Thalheim <joerg@higgsboson.tk> + +pkgname='z-push-git' +groups=('zarafa' + 'kopano') +pkgver=2.6.0 +pkgrel=1 +pkgdesc="open-source implementation of the ActiveSync protocol" +arch=('any') +url="https://z-push.org/" +license=('AGPL3') +makedepends=('git') +depends=('nginx' + 'php' + # 'kopano-core' # php-mapi + 'php-fpm') +install='install' +backup=('etc/webapps/z-push/nginx-location.conf' + 'etc/php/conf.d/z-push.ini' + 'etc/php/fpm.d/z-push.conf') +options=('!strip') +source=("${pkgname}-${pkgver}::git+https://stash.z-hub.io/scm/zp/z-push.git#tag=${pkgver}" + "apache.example.conf" + "htaccess" + "z-push.ini" + "z-push.conf" + "nginx-location.conf" + "nginx-ssl.example.conf" + "php-fpm.example.conf" + "z-push-admin" + "z-push-top") +md5sums=('SKIP' + 'SKIP' + 'SKIP' + 'SKIP' + 'SKIP' + 'SKIP' + 'SKIP' + 'SKIP' + 'SKIP' + 'SKIP') + +package() { + # according to https://wiki.archlinux.org/index.php/Web_application_package_guidelines + mkdir -p ${pkgdir}/usr/share/webapps/z-push + cp -r ${srcdir}/${pkgname}-${pkgver}/src/* ${pkgdir}/usr/share/webapps/z-push/ + cp ${srcdir}/htaccess ${pkgdir}/usr/share/webapps/z-push/.htaccess + rm ${pkgdir}/usr/share/webapps/z-push/config.php + rm ${pkgdir}/usr/share/webapps/z-push/policies.ini + sed -i -e "s|\('MAPI_SERVER', \).*$|\1'file:///var/run/kopano/server.sock'\);|" ${pkgdir}/usr/share/webapps/z-push/backend/kopano/config.php + + mkdir -p ${pkgdir}/usr/bin + cp ${srcdir}/z-push-admin ${pkgdir}/usr/bin + cp ${srcdir}/z-push-top ${pkgdir}/usr/bin + + mkdir -p ${pkgdir}/etc/webapps/z-push + cp ${srcdir}/apache.example.conf ${pkgdir}/etc/webapps/z-push/ + cp ${srcdir}/php-fpm.example.conf ${pkgdir}/etc/webapps/z-push/ + cp ${srcdir}/nginx-ssl.example.conf ${pkgdir}/etc/webapps/z-push/ + cp ${srcdir}/nginx-location.conf ${pkgdir}/etc/webapps/z-push/ + cp ${srcdir}/${pkgname}-${pkgver}/src/config.php ${pkgdir}/etc/webapps/z-push/config.example.php + cp ${srcdir}/${pkgname}-${pkgver}/src/policies.ini ${pkgdir}/etc/webapps/z-push/policies.ini + sed -i -e "s|\('BACKEND_PROVIDER', \).*$|\1'BackendKopano'\);|" ${pkgdir}/etc/webapps/z-push/config.example.php + + ln -s /etc/webapps/z-push/config.php ${pkgdir}/usr/share/webapps/z-push/config.php + ln -s /etc/webapps/z-push/policies.ini ${pkgdir}/usr/share/webapps/z-push/policies.ini + + mkdir -p ${pkgdir}/etc/php/conf.d + cp ${srcdir}/z-push.ini ${pkgdir}/etc/php/conf.d + + mkdir -p ${pkgdir}/etc/php/fpm.d + cp ${srcdir}/z-push.conf ${pkgdir}/etc/php/fpm.d + + mkdir -p ${pkgdir}/var/log/z-push +} diff --git a/apache.example.conf b/apache.example.conf new file mode 100644 index 000000000000..3815e9844960 --- /dev/null +++ b/apache.example.conf @@ -0,0 +1,8 @@ +Alias /Microsoft-Server-ActiveSync /usr/share/webapps/z-push/index.php + +<Directory /usr/share/webapps/z-push/> + DirectoryIndex index.php + AllowOverride Options + + Require all granted +</Directory> diff --git a/htaccess b/htaccess new file mode 100644 index 000000000000..5968acaa485f --- /dev/null +++ b/htaccess @@ -0,0 +1,4 @@ +php_flag magic_quotes_gpc off +php_flag register_globals off +php_flag magic_quotes_runtime off +php_flag short_open_tag on diff --git a/install b/install new file mode 100644 index 000000000000..6a9087a1e230 --- /dev/null +++ b/install @@ -0,0 +1,23 @@ +#!/bin/bash + +# care about existing files +function installdir() { + local owner="$1" + local moddir="$2" + local modfile="$3" + local directory="$4" + + mkdir -p "$directory" + find $directory -exec chown "$owner" {} \; + find $directory -type f -exec chmod "$modfile" {} \; + find $directory -type d -exec chmod "$moddir" {} \; +} + + +post_install() { + cp -n /etc/webapps/z-push/config.example.php /etc/webapps/z-push/config.php + + installdir http:http 700 600 /var/lib/z-push + installdir http:http 700 600 /var/log/z-push +} + diff --git a/nginx-location.conf b/nginx-location.conf new file mode 100644 index 000000000000..2ea6a503598c --- /dev/null +++ b/nginx-location.conf @@ -0,0 +1,32 @@ + + ### + ## In order to run this component you need to define a server-context in. + ## /etc/nginx/nginx.conf: + ## + ## http { + ## server { + ## listen 80; + ## include ${PATH_TO_THIS_LOCATION_FILE}; + ## } + ## } + ## + ## Or include this file in your existing server-context. + ## + location /Microsoft-Server-ActiveSync { + root /usr/share/webapps/z-push; + + ## [WARNING] The following header states that the browser should only communicate + ## with your server over a secure connection for the next 24 months. + add_header Strict-Transport-Security max-age=63072000; + add_header X-Frame-Options DENY; + add_header X-Content-Type-Options nosniff; + + fastcgi_connect_timeout 65; + fastcgi_send_timeout 6000; + fastcgi_read_timeout 6000; + + fastcgi_pass unix:/run/php-fpm/z-push.sock; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root/index.php; + fastcgi_param SCRIPT_NAME $fastcgi_script_name; + } diff --git a/nginx-ssl.example.conf b/nginx-ssl.example.conf new file mode 100644 index 000000000000..aba9f0c5f266 --- /dev/null +++ b/nginx-ssl.example.conf @@ -0,0 +1,56 @@ + + server { + # server_name YOUR_SERVER_FQDN; ## uncomment replace this with something like www.example.com + listen 443; + + server_tokens off; ## Don't show the nginx version number, a security best practice + root /usr/share/nginx/html; + index index.html index.htm; + + ## Strong SSL Security + ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/ + ## + ## Generate a strong SSL-Certificate and DHE parameter: + ## openssl genrsa -out /etc/ssl/private/kopano.key 4096 + ## openssl req -new -sha512 -key /etc/ssl/private/kopano.key -out /tmp/kopano.csr + ## openssl x509 -req -days 3650 -in /tmp/kopano.csr -signkey /etc/ssl/private/kopano.key -out /etc/ssl/private/kopano.crt + ## openssl dhparam -out /etc/ssl/private/kopano.dh 4096 + ## chmod go-rwx /etc/ssl/private/kopano.*; + ## chmod u+rw /etc/ssl/private/kopano.* + ## chown root:root /etc/ssl/private/kopano.* + ## + ssl on; + ssl_certificate_key /etc/ssl/private/kopano.key; + ssl_certificate /etc/ssl/private/kopano.crt; + ssl_dhparam /etc/ssl/private/kopano.dh; + + ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html + ## The recommended cipher suite for backwards compatibility (IE6/WinXP): + ssl_ciphers 'AES256+EECDH:AES256+EDH:!aNULL'; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:50m; + ssl_session_timeout 5m; + + ## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL. + ## Replace with your ssl_trusted_certificate. For more info see: + ## - https://medium.com/devops-programming/4445f4862461 + ## - https://www.ruby-forum.com/topic/4419319 + ## - https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx + ## - https://raymii.org/s/tutorials/OCSP_Stapling_on_nginx.html + ## - http://freiburg79.de/ocsp-stapling-mit-nginx/ + # ssl_stapling on; + # ssl_stapling_verify on; + # ssl_stapling_file /etc/ssl/private/de-autorisation-m.ocsp; + # resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired + # resolver_timeout 5s; + + # HIDDEN FILES AND FOLDERS + rewrite ^(.*)\/\.(.*)$ @404 break; + + location = @404 { + return 404; + } + + include ${PATH_TO_ATTACHED_LOCATION_FILE}; + }
\ No newline at end of file diff --git a/php-fpm.example.conf b/php-fpm.example.conf new file mode 100644 index 000000000000..1dcbc0fcf1f6 --- /dev/null +++ b/php-fpm.example.conf @@ -0,0 +1,6 @@ +include = /etc/php/fpm.d/*.conf + +[global] +pid = /run/php-fpm/php-fpm.pid +error_log = syslog +log_level = notice
\ No newline at end of file diff --git a/z-push-admin b/z-push-admin new file mode 100755 index 000000000000..ed9bde2900fa --- /dev/null +++ b/z-push-admin @@ -0,0 +1,2 @@ +#!/bin/bash +/usr/share/webapps/z-push/z-push-admin.php "$@"
\ No newline at end of file diff --git a/z-push-top b/z-push-top new file mode 100755 index 000000000000..bb9ce296be82 --- /dev/null +++ b/z-push-top @@ -0,0 +1,2 @@ +#!/bin/bash +/usr/share/webapps/z-push/z-push-top.php "$@"
\ No newline at end of file diff --git a/z-push.conf b/z-push.conf new file mode 100644 index 000000000000..7f12f33c6ba2 --- /dev/null +++ b/z-push.conf @@ -0,0 +1,35 @@ +[z-push] +listen = /run/php-fpm/z-push.sock +listen.owner = http +listen.group = http +listen.mode = 0666 + + +user = http +group = http + +; z-push for 5 users +pm = ondemand +pm.max_children = 15 +pm.max_requests = 500 + +env[HOSTNAME] = $HOSTNAME +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /tmp +env[TMPDIR] = /tmp +env[TEMP] = /tmp +env[HOME] = /home + +php_admin_value[memory_limit] = 128M +php_admin_value[open_basedir] = ${open_basedir}:/usr/share/webapps/z-push:/etc/webapps/z-push:/var/lib/z-push:/var/log/z-push:/usr/share/php/mapi + +php_admin_value[upload_max_filesize] = 20M +php_admin_value[post_max_size] = 20M +php_admin_value[date.timezone] = Europe/Berlin + +;; https://z-push.org/svn/z-push/trunk/src/INSTALL +;; +php_flag[magic_quotes_gpc] = off +php_flag[register_globals] = off +php_flag[magic_quotes_runtime] = off +php_flag[short_open_tag] = on diff --git a/z-push.ini b/z-push.ini new file mode 100644 index 000000000000..adbdf833cc33 --- /dev/null +++ b/z-push.ini @@ -0,0 +1,9 @@ +extension=mapi.so +extension=iconv.so +extension=shmop.so +extension=soap.so +extension=sysvsem.so +extension=sysvshm.so + +; in order to use the utils this system wide is needed +open_basedir=${open_basedir}:/usr/share/webapps/z-push:/etc/webapps/z-push:/var/lib/z-push:/var/log/z-push:/usr/share/php/mapi |