diff options
author | MartiMcFly | 2018-05-31 00:39:30 +0200 |
---|---|---|
committer | MartiMcFly | 2018-05-31 00:39:30 +0200 |
commit | 57df4a9a47a0f78ebf896eb6836839bec381030e (patch) | |
tree | 1ce21f3499c8f4e22698a3502b806ab838061ac0 | |
download | aur-57df4a9a47a0f78ebf896eb6836839bec381030e.tar.gz |
init
-rw-r--r-- | .SRCINFO | 34 | ||||
-rw-r--r-- | PKGBUILD | 90 | ||||
-rw-r--r-- | composer.json | 25 | ||||
-rw-r--r-- | install | 23 | ||||
-rw-r--r-- | kopano-sabre.conf | 44 | ||||
-rw-r--r-- | kopano-sabre.ini | 2 | ||||
-rw-r--r-- | nginx-location.conf | 28 | ||||
-rw-r--r-- | nginx-ssl.example.conf | 56 | ||||
-rw-r--r-- | php-fpm.example.conf | 6 |
9 files changed, 308 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO new file mode 100644 index 000000000000..b088f8f29a25 --- /dev/null +++ b/.SRCINFO @@ -0,0 +1,34 @@ +pkgbase = kopano-sabre + pkgdesc = provide a full CardDav backend for SabreDAV to connect with Kopano groupware + pkgver = 0.23 + pkgrel = 201 + url = https://github.com/1afa/sabre-zarafa + install = install + arch = any + groups = zarafa + groups = kopano + license = AGPL3 + makedepends = php-composer + makedepends = git + depends = kopano-core + options = !strip + backup = etc/webapps/kopano-sabre/nginx-location.conf + backup = etc/php/conf.d/kopano-sabre.ini + backup = etc/php/fpm.d/kopano-sabre.conf + source = kopano-sabre-0.23::git+https://github.com/mpietruschka/sabre-zarafa.git + source = kopano-sabre.ini + source = kopano-sabre.conf + source = nginx-location.conf + source = nginx-ssl.example.conf + source = php-fpm.example.conf + source = composer.json + md5sums = SKIP + md5sums = SKIP + md5sums = SKIP + md5sums = SKIP + md5sums = SKIP + md5sums = SKIP + md5sums = SKIP + +pkgname = kopano-sabre + diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 000000000000..6013c047ff05 --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,90 @@ +# Maintainer: MartiMcFly <martimcfly [at] autorisation.de> + +pkgname=kopano-sabre +groups=('zarafa' + 'kopano') +pkgver=0.23 +pkgrel=201 +pkgdesc="provide a full CardDav backend for SabreDAV to connect with Kopano groupware" +arch=('any') +url="https://github.com/1afa/sabre-zarafa" +license=('AGPL3') +depends=('php' + 'php-fpm') +makedepends=('php-composer' + 'git') +depends=('kopano-core') +install='install' +backup=('etc/webapps/kopano-sabre/nginx-location.conf' + 'etc/php/conf.d/kopano-sabre.ini' + 'etc/php/fpm.d/kopano-sabre.conf') +options=('!strip') + +# Compatibility with Kopano +#"${pkgname}-${pkgver}.tar.gz::https://github.com/1afa/sabre-zarafa/archive/v${pkgver}.tar.gz" +source=("${pkgname}-${pkgver}::git+https://github.com/mpietruschka/sabre-zarafa.git" + "kopano-sabre.ini" + "kopano-sabre.conf" + "nginx-location.conf" + "nginx-ssl.example.conf" + "php-fpm.example.conf" + "composer.json") + +md5sums=('SKIP' + 'SKIP' + 'SKIP' + 'SKIP' + 'SKIP' + 'SKIP' + 'SKIP') + +package() { + # according to https://wiki.archlinux.org/index.php/Web_application_package_guidelines + mkdir -p ${pkgdir}/usr/share/webapps/${pkgname} + cp -r ${srcdir}/${pkgname}-${pkgver}/* ${pkgdir}/usr/share/webapps/${pkgname}/ + rm ${pkgdir}/usr/share/webapps/${pkgname}/config.inc.php + rm ${pkgdir}/usr/share/webapps/${pkgname}/debug.txt + rm -R ${pkgdir}/usr/share/webapps/${pkgname}/data + + mkdir -p ${pkgdir}/etc/webapps/${pkgname} + cp ${srcdir}/php-fpm.example.conf ${pkgdir}/etc/webapps/${pkgname}/ + cp ${srcdir}/nginx-ssl.example.conf ${pkgdir}/etc/webapps/${pkgname}/ + cp ${srcdir}/nginx-location.conf ${pkgdir}/etc/webapps/${pkgname}/ + cp ${srcdir}/${pkgname}-${pkgver}/config.inc.php ${pkgdir}/etc/webapps/${pkgname}/config.example.inc.php + ln -s /etc/webapps/${pkgname}/config.inc.php ${pkgdir}/usr/share/webapps/${pkgname}/config.inc.php + + mkdir -p ${pkgdir}/etc/php/conf.d + cp ${srcdir}/${pkgname}.ini ${pkgdir}/etc/php/conf.d + + mkdir -p ${pkgdir}/etc/php/fpm.d + cp ${srcdir}/${pkgname}.conf ${pkgdir}/etc/php/fpm.d + + mkdir -p ${pkgdir}/var/lib/${pkgname} + ln -s /var/lib/${pkgname} ${pkgdir}/usr/share/webapps/${pkgname}/data + + mkdir -p ${pkgdir}/var/log/${pkgname} + touch ${pkgdir}/var/log/${pkgname}/debug.txt + ln -s /var/log/${pkgname}/debug.txt ${pkgdir}/usr/share/webapps/${pkgname}/debug.txt + + # workaround for buggy dependency + rm ${pkgdir}/usr/share/webapps/${pkgname}/composer.json + cp ${srcdir}/composer.json ${pkgdir}/usr/share/webapps/${pkgname}/composer.json + + # workaround for php. its impossible to provide several ini files. + cd ${pkgdir}/usr/share/webapps/${pkgname}/ + cat ${srcdir}/${pkgname}.ini > /tmp/composer.ini + echo >> /tmp/composer.ini + + echo "extension=phar.so" >> /tmp/composer.ini + echo "extension=openssl.so" >> /tmp/composer.ini + echo "open_basedir=$(which composer):$(pwd):$(realpath $HOME/.composer)" >> /tmp/composer.ini + mkdir $HOME/.composer + + $(which php) -nc/tmp/composer.ini $(which composer) config -g disable-tls true + $(which php) -nc/tmp/composer.ini $(which composer) install + rm /tmp/composer.ini + + # perform settings + sed -i -e "s|\(CARDDAV_ROOT_URI', '\)\(.*\)\('.*$\)|\1/carddav\3|" ${pkgdir}/etc/webapps/${pkgname}/config.example.inc.php + sed -i -e "s|\(ZARAFA_SERVER', '\)\(.*\)\('.*$\)|\1file:///var/run/kopano/server.sock\3|" ${pkgdir}/etc/webapps/${pkgname}/config.example.inc.php +} diff --git a/composer.json b/composer.json new file mode 100644 index 000000000000..ed4bcd067427 --- /dev/null +++ b/composer.json @@ -0,0 +1,25 @@ +{ + "name": "bokxing-it/sabre-zarafa", + "require": { + "sabre/dav" : "<=2.1.11", + "apache/log4php" : "~2.3.0" + }, + "license": "agpl", + "authors": [ + { + "name": "Alfred Klomp", + "email": "alfred@1afa.com", + "role": "Developer" + }, + { + "name": "Guillaume Lapierre", + "role": "Developer" + } + ], + "autoload" : { + "psr-0" : { + "SabreZarafa" : "lib/" + } + }, + "minimum-stability": "stable" +} diff --git a/install b/install new file mode 100644 index 000000000000..e9b7394609d2 --- /dev/null +++ b/install @@ -0,0 +1,23 @@ +#!/bin/bash + +# care about existing files +function installdir() { + local owner="$1" + local moddir="$2" + local modfile="$3" + local directory="$4" + + mkdir -p "$directory" + find $directory -exec chown "$owner" {} \; + find $directory -type f -exec chmod "$modfile" {} \; + find $directory -type d -exec chmod "$moddir" {} \; +} + + +post_install() { + cp -n /etc/webapps/kopano-sabre/config.example.inc.php /etc/webapps/kopano-sabre/config.inc.php + + installdir http:http 0700 0600 /var/log/kopano-sabre + installdir http:http 0700 0600 /var/lib/kopano-sabre +} + diff --git a/kopano-sabre.conf b/kopano-sabre.conf new file mode 100644 index 000000000000..5497dce237d0 --- /dev/null +++ b/kopano-sabre.conf @@ -0,0 +1,44 @@ +[kopano-sabre] +listen = /run/php-fpm/kopano-sabre.sock +listen.owner = http +listen.group = http +listen.mode = 0666 + + +user = http +group = http + +; 5 kopano-sabre users +pm = ondemand +pm.max_children = 15 +pm.max_requests = 500 + +env[HOSTNAME] = $HOSTNAME +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /tmp +env[TMPDIR] = /tmp +env[TEMP] = /tmp +env[HOME] = /home + +php_admin_value[memory_limit] = 128M +php_admin_value[open_basedir] = ${open_basedir}:/usr/share/webapps/kopano-sabre:/etc/webapps/kopano-sabre:/var/lib/kopano-sabre:/var/log/kopano-sabre:/usr/share/php/mapi + +php_admin_value[upload_max_filesize] = 20M +php_admin_value[post_max_size] = 20M +php_admin_value[date.timezone] = Europe/Berlin + +;; http://sabre.io/dav/webservers/ +;; + +;; Output buffering needs to be off, to prevent high memory usage +php_flag[output_buffering] = off + +;; This is also to prevent high memory usage +php_flag[always_populate_raw_post_data] = off + +;; This is almost a given, but magic quotes is *still* on on some +;; linux distributions +php_flag[magic_quotes_gpc] = off + +;; SabreDAV is not compatible with mbstring function overloading +php_flag[mbstring.func_overload] = off diff --git a/kopano-sabre.ini b/kopano-sabre.ini new file mode 100644 index 000000000000..792e44037719 --- /dev/null +++ b/kopano-sabre.ini @@ -0,0 +1,2 @@ +extension=iconv.so +extension=mapi.so diff --git a/nginx-location.conf b/nginx-location.conf new file mode 100644 index 000000000000..a7d778eea99c --- /dev/null +++ b/nginx-location.conf @@ -0,0 +1,28 @@ + + ### + ## In order to run this component you need to define a server-context in. + ## /etc/nginx/nginx.conf: + ## + ## http { + ## server { + ## listen 80; + ## include ${PATH_TO_THIS_LOCATION_FILE}; + ## } + ## } + ## + ## Or include this file in your existing server-context. + ## + location /carddav { + root /usr/share/webapps/kopano-sabre; + + ## [WARNING] The following header states that the browser should only communicate + ## with your server over a secure connection for the next 24 months. + add_header Strict-Transport-Security max-age=63072000; + add_header X-Frame-Options DENY; + add_header X-Content-Type-Options nosniff; + + fastcgi_pass unix:/run/php-fpm/kopano-sabre.sock; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root/server.php; + fastcgi_param SCRIPT_NAME $fastcgi_script_name; + }
\ No newline at end of file diff --git a/nginx-ssl.example.conf b/nginx-ssl.example.conf new file mode 100644 index 000000000000..aba9f0c5f266 --- /dev/null +++ b/nginx-ssl.example.conf @@ -0,0 +1,56 @@ + + server { + # server_name YOUR_SERVER_FQDN; ## uncomment replace this with something like www.example.com + listen 443; + + server_tokens off; ## Don't show the nginx version number, a security best practice + root /usr/share/nginx/html; + index index.html index.htm; + + ## Strong SSL Security + ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/ + ## + ## Generate a strong SSL-Certificate and DHE parameter: + ## openssl genrsa -out /etc/ssl/private/kopano.key 4096 + ## openssl req -new -sha512 -key /etc/ssl/private/kopano.key -out /tmp/kopano.csr + ## openssl x509 -req -days 3650 -in /tmp/kopano.csr -signkey /etc/ssl/private/kopano.key -out /etc/ssl/private/kopano.crt + ## openssl dhparam -out /etc/ssl/private/kopano.dh 4096 + ## chmod go-rwx /etc/ssl/private/kopano.*; + ## chmod u+rw /etc/ssl/private/kopano.* + ## chown root:root /etc/ssl/private/kopano.* + ## + ssl on; + ssl_certificate_key /etc/ssl/private/kopano.key; + ssl_certificate /etc/ssl/private/kopano.crt; + ssl_dhparam /etc/ssl/private/kopano.dh; + + ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html + ## The recommended cipher suite for backwards compatibility (IE6/WinXP): + ssl_ciphers 'AES256+EECDH:AES256+EDH:!aNULL'; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:50m; + ssl_session_timeout 5m; + + ## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL. + ## Replace with your ssl_trusted_certificate. For more info see: + ## - https://medium.com/devops-programming/4445f4862461 + ## - https://www.ruby-forum.com/topic/4419319 + ## - https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx + ## - https://raymii.org/s/tutorials/OCSP_Stapling_on_nginx.html + ## - http://freiburg79.de/ocsp-stapling-mit-nginx/ + # ssl_stapling on; + # ssl_stapling_verify on; + # ssl_stapling_file /etc/ssl/private/de-autorisation-m.ocsp; + # resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired + # resolver_timeout 5s; + + # HIDDEN FILES AND FOLDERS + rewrite ^(.*)\/\.(.*)$ @404 break; + + location = @404 { + return 404; + } + + include ${PATH_TO_ATTACHED_LOCATION_FILE}; + }
\ No newline at end of file diff --git a/php-fpm.example.conf b/php-fpm.example.conf new file mode 100644 index 000000000000..1dcbc0fcf1f6 --- /dev/null +++ b/php-fpm.example.conf @@ -0,0 +1,6 @@ +include = /etc/php/fpm.d/*.conf + +[global] +pid = /run/php-fpm/php-fpm.pid +error_log = syslog +log_level = notice
\ No newline at end of file |