From: mhoellein Date: Fri, 29 Mar 2019 23:07:44 +0000 (+0100) Subject: daily autocommit X-Git-Url: https://git.hoellein.online/?a=commitdiff_plain;h=b9518d183a9ccb880589bc89608d096846142329;p=homeserver daily autocommit --- diff --git a/.etckeeper b/.etckeeper index 5d149789..ea286954 100755 --- a/.etckeeper +++ b/.etckeeper @@ -425,21 +425,18 @@ maybe chmod 0644 'apache2/sites-available/ccu.conf' maybe chmod 0644 'apache2/sites-available/ck.conf' maybe chmod 0644 'apache2/sites-available/collabora.conf' maybe chmod 0644 'apache2/sites-available/default-ssl.conf' -maybe chmod 0644 'apache2/sites-available/default-ssl.conf.save' maybe chmod 0644 'apache2/sites-available/default.conf' maybe chmod 0644 'apache2/sites-available/fhem.conf' maybe chmod 0644 'apache2/sites-available/git.conf' -maybe chmod 0644 'apache2/sites-available/git.conf.save' maybe chmod 0644 'apache2/sites-available/git_moellein.homeip.net_redirect.conf' maybe chmod 0644 'apache2/sites-available/mediawiki.ssh.conf' maybe chmod 0644 'apache2/sites-available/nextcloud.conf' +maybe chmod 0644 'apache2/sites-available/nextcloud_moellein.homeip.net_redirect.conf' maybe chmod 0644 'apache2/sites-available/tine20.conf' -maybe chmod 0644 'apache2/sites-available/tine20.conf.save' maybe chmod 0644 'apache2/sites-available/tine20_moellein.homeip.net_redirect.conf' maybe chmod 0644 'apache2/sites-available/tv.conf' maybe chmod 0644 'apache2/sites-available/webssh.conf' maybe chmod 0644 'apache2/sites-available/wiki.ssl.conf' -maybe chmod 0644 'apache2/sites-available/wiki.ssl.conf.save' maybe chmod 0644 'apache2/sites-available/wiki_moellein.homeip.net_redirect.conf' maybe chmod 0644 'apache2/sites-available/zm.conf' maybe chmod 0755 'apache2/sites-enabled' diff --git a/apache2/sites-available/default-ssl.conf.save b/apache2/sites-available/default-ssl.conf.save deleted file mode 100644 index 8458352c..00000000 --- a/apache2/sites-available/default-ssl.conf.save +++ /dev/null @@ -1,179 +0,0 @@ - -# - - ServerAdmin webmaster@localhost - ServerName moellein.homeip.net - ServerAlias - DocumentRoot /var/www - - Options FollowSymLinks - AllowOverride all - - - Options Indexes FollowSymLinks MultiViews - AllowOverride None - Order allow,deny - allow from all - - RewriteEngine on - RewriteRule /Microsoft-Server-ActiveSync(.*) /var/www/index.php$1 [E=REDIRECT_ACTIVESYNC:true,E=REMOTE_USER:%{HTTP:Authorization}] - RewriteRule /calendars(.*) /var/www/index.php?frontend=webdav [E=REMOTE_USER:%{HTTP:Authorization},L,QSA] - - ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ - - AllowOverride None - Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch - Order allow,deny - Allow from all - - - ErrorLog ${APACHE_LOG_DIR}/error.log - - # Possible values include: debug, info, notice, warn, error, crit, - # alert, emerg. - LogLevel warn - - CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined - - Alias /doc/ "/usr/share/doc/" - - Options Indexes MultiViews FollowSymLinks - AllowOverride None - Order deny,allow - Deny from all - Allow from 127.0.0.0/255.0.0.0 ::1/128 - - - # SSL Engine Switch: - # Enable/Disable SSL for this virtual host. - SSLEngine on - - # A self-signed (snakeoil) certificate can be created by installing - # the ssl-cert package. See - # /usr/share/doc/apache2.2-common/README.Debian.gz for more info. - # If both key and certificate are stored in the same file, only the - # SSLCertificateFile directive is needed. -# SSLCertificateFile /etc/ssl/certs/myServerCert.pem -# SSLCertificateKeyFile /etc/ssl/private/myServerKey.pem - SSLCertificateFile /etc/letsencrypt/live/moellein.homeip.net/cert.pem - SSLCertificateKeyFile /etc/letsencrypt/live/moellein.homeip.net/privkey.pem - # Server Certificate Chain: - # Point SSLCertificateChainFile at a file containing the - # concatenation of PEM encoded CA certificates which form the - # certificate chain for the server certificate. Alternatively - # the referenced file can be the same as SSLCertificateFile - # when the CA certificates are directly appended to the server - # certificate for convinience. - #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt - - # Certificate Authority (CA): - # Set the CA certificate verification path where to find CA - # certificates for client authentication or alternatively one - # huge file containing all of them (file must be PEM encoded) - # Note: Inside SSLCACertificatePath you need hash symlinks - # to point to the certificate files. Use the provided - # Makefile to update the hash symlinks after changes. - #SSLCACertificatePath /etc/ssl/certs/ - #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt - - # Certificate Revocation Lists (CRL): - # Set the CA revocation path where to find CA CRLs for client - # authentication or alternatively one huge file containing all - # of them (file must be PEM encoded) - # Note: Inside SSLCARevocationPath you need hash symlinks - # to point to the certificate files. Use the provided - # Makefile to update the hash symlinks after changes. - #SSLCARevocationPath /etc/apache2/ssl.crl/ - #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl - - # Client Authentication (Type): - # Client certificate verification type and depth. Types are - # none, optional, require and optional_no_ca. Depth is a - # number which specifies how deeply to verify the certificate - # issuer chain before deciding the certificate is not valid. - #SSLVerifyClient require - #SSLVerifyDepth 10 - - # Access Control: - # With SSLRequire you can do per-directory access control based - # on arbitrary complex boolean expressions containing server - # variable checks and other lookup directives. The syntax is a - # mixture between C and Perl. See the mod_ssl documentation - # for more details. - # - #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ - # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ - # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ - # and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ - # and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ - # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ - # - - # SSL Engine Options: - # Set various options for the SSL engine. - # o FakeBasicAuth: - # Translate the client X.509 into a Basic Authorisation. This means that - # the standard Auth/DBMAuth methods can be used for access control. The - # user name is the `one line' version of the client's X.509 certificate. - # Note that no password is obtained from the user. Every entry in the user - # file needs this password: `xxj31ZMTZzkVA'. - # o ExportCertData: - # This exports two additional environment variables: SSL_CLIENT_CERT and - # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the - # server (always existing) and the client (only existing when client - # authentication is used). This can be used to import the certificates - # into CGI scripts. - # o StdEnvVars: - # This exports the standard SSL/TLS related `SSL_*' environment variables. - # Per default this exportation is switched off for performance reasons, - # because the extraction step is an expensive operation and is usually - # useless for serving static content. So one usually enables the - # exportation for CGI and SSI requests only. - # o StrictRequire: - # This denies access when "SSLRequireSSL" or "SSLRequire" applied even - # under a "Satisfy any" situation, i.e. when it applies access is denied - # and no other module can change it. - # o OptRenegotiate: - # This enables optimized SSL connection renegotiation handling when SSL - # directives are used in per-directory context. - #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire - - SSLOptions +StdEnvVars - - - SSLOptions +StdEnvVars - - - # SSL Protocol Adjustments: - # The safe and default but still SSL/TLS standard compliant shutdown - # approach is that mod_ssl sends the close notify alert but doesn't wait for - # the close notify alert from client. When you need a different shutdown - # approach you can use one of the following variables: - # o ssl-unclean-shutdown: - # This forces an unclean shutdown when the connection is closed, i.e. no - # SSL close notify alert is send or allowed to received. This violates - # the SSL/TLS standard but is needed for some brain-dead browsers. Use - # this when you receive I/O errors because of the standard approach where - # mod_ssl sends the close notify alert. - # o ssl-accurate-shutdown: - # This forces an accurate shutdown when the connection is closed, i.e. a - # SSL close notify alert is send and mod_ssl waits for the close notify - # alert of the client. This is 100% SSL/TLS standard compliant, but in - # practice often causes hanging connections with brain-dead browsers. Use - # this only for browsers where you know that their SSL implementation - # works correctly. - # Notice: Most problems of broken clients are also related to the HTTP - # keep-alive facility, so you usually additionally want to disable - # keep-alive for those clients, too. Use variable "nokeepalive" for this. - # Similarly, one has to force some clients to use HTTP/1.0 to workaround - # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and - # "force-response-1.0" for this. - BrowserMatch "MSIE [2-6]" \ - nokeepalive ssl-unclean-shutdown \ - downgrade-1.0 force-response-1.0 - # MSIE 7 and newer should be able to use keepalive - BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown - -SSLCertificateChainFile /etc/letsencrypt/live/moellein.homeip.net/chain.pem - - diff --git a/apache2/sites-available/git.conf.save b/apache2/sites-available/git.conf.save deleted file mode 100644 index 8174ffa3..00000000 --- a/apache2/sites-available/git.conf.save +++ /dev/null @@ -1,33 +0,0 @@ - - - ServerName git.moellein.homeip.net:443 - ServerAlias git.moellein.homeip.net - DocumentRoot /var/www/gitweb/ - ScriptAlias /gitweb.cgi /usr/lib/cgi-bin/gitweb.cgi - Alias /static/gitweb.css /usr/share/gitweb/static/gitweb.css - Alias /static/gitweb.js /usr/share/gitweb/static/gitweb.js - Alias /static/git-favicon.png /usr/share/gitweb/static/git-favicon.png - Alias /static/git-logo.png /usr/share/gitweb/static/git-logo.png - - AuthUserFile /etc/apache2/.htpasswd - AuthName "Enter Password for git" - AuthType Basic - require user git - Options +ExecCGI +FollowSymLinks +SymLinksIfOwnerMatch - SetEnv GITWEB_CONFIG /etc/gitweb.conf - AllowOverride All -# order allow,deny -# Allow from all -# Require all granted - AddHandler cgi-script cgi - DirectoryIndex gitweb.cgi - - SSLEngine on - SSLProtocol all -SSLv2 -SSLv3 - Include /etc/letsencrypt/options-ssl-apache.conf - SSLCertificateFile /etc/letsencrypt/live/moellein.homeip.net/cert.pem - SSLCertificateKeyFile /etc/letsencrypt/live/moellein.homeip.net/privkey.pem - SSLCertificateChainFile /etc/letsencrypt/live/moellein.homeip.net/chain.pem - SSLOpenSSLConfCmd DHParameters /etc/letsencrypt/live/moellein.homeip.net/dhparams_2048.pem - - diff --git a/apache2/sites-available/nextcloud_moellein.homeip.net_redirect.conf b/apache2/sites-available/nextcloud_moellein.homeip.net_redirect.conf new file mode 100644 index 00000000..496f72d8 --- /dev/null +++ b/apache2/sites-available/nextcloud_moellein.homeip.net_redirect.conf @@ -0,0 +1,6 @@ + + ServerName nextcloud.moellein.homeip.net + RedirectPermanent / http://nextcloud.hoellein.online/ + # optionally add an AccessLog directive for + # logging the requests and do some statistics + diff --git a/apache2/sites-available/tine20.conf.save b/apache2/sites-available/tine20.conf.save deleted file mode 100644 index c3d54790..00000000 --- a/apache2/sites-available/tine20.conf.save +++ /dev/null @@ -1,71 +0,0 @@ -SSLStrictSNIVHostCheck off - - - ServerAdmin webmaster@localhost - ServerName moellein.homeip.net:443 - ServerAlias moellein.homeip.net - DocumentRoot "/var/www/tine20/" - - Options FollowSymLinks - AllowOverride all - - - Options Indexes FollowSymLinks MultiViews - AllowOverride None -# Order allow,deny -# allow from all - Require all granted - - RewriteEngine on - RewriteRule /Microsoft-Server-ActiveSync(.*) /var/www/tine20/index.php$1 [E=REDIRECT_ACTIVESYNC:true,E=REMOTE_USER:%{HTTP:Authorization}] - RewriteRule /calendars(.*) /var/www/tine20/index.php?frontend=webdav [E=REMOTE_USER:%{HTTP:Authorization},L,QSA] - - ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ - - AllowOverride None - Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch -# Order allow,deny -# Allow from all - Require all granted - - - - # Possible values include: debug, info, notice, warn, error, crit, - # alert, emerg. - LogLevel debug - - ErrorLog ${APACHE_LOG_DIR}/moellein.homeip.net_error.log - CustomLog ${APACHE_LOG_DIR}/moellein.homeip.net_ssl_access.log combined - - Alias /doc/ "/usr/share/doc/" - - Options Indexes MultiViews FollowSymLinks - AllowOverride None -# Order deny,allow - Deny from all -# Allow from 127.0.0.0/255.0.0.0 ::1/128 - Require all granted - - - # SSL Engine Switch: - # Enable/Disable SSL for this virtual host. - SSLEngine on - SSLProtocol all -SSLv2 -SSLv3 - - - SSLOptions +StdEnvVars - - - SSLOptions +StdEnvVars - - BrowserMatch "MSIE [2-6]" \ - nokeepalive ssl-unclean-shutdown \ - downgrade-1.0 force-response-1.0 - # MSIE 7 and newer should be able to use keepalive - BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown - SSLCertificateFile /etc/letsencrypt/live/moellein.homeip.net/cert.pem - SSLCertificateKeyFile /etc/letsencrypt/live/moellein.homeip.net/privkey.pem - SSLCertificateChainFile /etc/letsencrypt/live/moellein.homeip.net/chain.pem - SSLOpenSSLConfCmd DHParameters /etc/letsencrypt/live/moellein.homeip.net/dhparams_2048.pem - - diff --git a/apache2/sites-available/wiki.ssl.conf.save b/apache2/sites-available/wiki.ssl.conf.save deleted file mode 100644 index a00609fc..00000000 --- a/apache2/sites-available/wiki.ssl.conf.save +++ /dev/null @@ -1,52 +0,0 @@ - - - ServerAdmin webmaster@localhost - DocumentRoot /var/www/wiki/ - ServerName wiki.moellein.homeip.net - ServerAlias www.wiki.moellein.homeip.net wiki.moellein.homeip.net - - Options FollowSymLinks - AllowOverride all - - - Options Indexes FollowSymLinks MultiViews - AllowOverride None - Order allow,deny - allow from all - - - Order allow,deny - Deny from all - Satisfy All - - RewriteEngine on - ScriptAlias /cgi-bin/ /var/www/wiki/cgi-bin/ - - AllowOverride None - Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch - Order allow,deny - Allow from all - - - ErrorLog ${APACHE_LOG_DIR}/wiki_error.log - - # Possible values include: debug, info, notice, warn, error, crit, - # alert, emerg. - LogLevel warn - - CustomLog ${APACHE_LOG_DIR}/wiki_ssl_access.log combined - SSLEngine on - SSLProtocol all -SSLv2 -SSLv3 - - SSLOptions +StdEnvVars - - - SSLOptions +StdEnvVars - - Include /etc/letsencrypt/options-ssl-apache.conf - SSLCertificateFile /etc/letsencrypt/live/moellein.homeip.net/cert.pem - SSLCertificateKeyFile /etc/letsencrypt/live/moellein.homeip.net/privkey.pem - SSLCertificateChainFile /etc/letsencrypt/live/moellein.homeip.net/chain.pem - SSLOpenSSLConfCmd DHParameters /etc/letsencrypt/live/moellein.homeip.net/dhparams_2048.pem - -