From 8913fc49b4d001d54ab5224b3cd9a69f29fc43a4 Mon Sep 17 00:00:00 2001
From: mhoellein <mario@hoellein.online>
Date: Thu, 23 Dec 2021 15:07:21 +0100
Subject: [PATCH] saving uncommitted changes in /etc prior to apt run

---
 .etckeeper                                    |  5 ++
 apache2/sites-available/collabora.conf        | 45 ++++++++++--------
 .../sites-available/office.hoellein.online    | 47 +++++++++++++++++++
 letsencrypt/csr/3184_csr-certbot.pem          | 16 +++++++
 letsencrypt/csr/3185_csr-certbot.pem          | 16 +++++++
 letsencrypt/keys/3184_key-certbot.pem         | 28 +++++++++++
 letsencrypt/keys/3185_key-certbot.pem         | 28 +++++++++++
 7 files changed, 165 insertions(+), 20 deletions(-)
 create mode 100644 apache2/sites-available/office.hoellein.online
 create mode 100644 letsencrypt/csr/3184_csr-certbot.pem
 create mode 100644 letsencrypt/csr/3185_csr-certbot.pem
 create mode 100644 letsencrypt/keys/3184_key-certbot.pem
 create mode 100644 letsencrypt/keys/3185_key-certbot.pem

diff --git a/.etckeeper b/.etckeeper
index be7d101a5..c509910e7 100755
--- a/.etckeeper
+++ b/.etckeeper
@@ -492,6 +492,7 @@ maybe chmod 0644 'apache2/sites-available/icinga.conf'
 maybe chmod 0644 'apache2/sites-available/mail.hoellein.online.conf'
 maybe chmod 0644 'apache2/sites-available/nextcloud.conf'
 maybe chmod 0644 'apache2/sites-available/nextcloud_siedlerverein.conf'
+maybe chmod 0644 'apache2/sites-available/office.hoellein.online'
 maybe chmod 0644 'apache2/sites-available/piwik.conf'
 maybe chmod 0644 'apache2/sites-available/rainloop.conf'
 maybe chmod 0644 'apache2/sites-available/siedlerverein.conf'
@@ -5367,6 +5368,8 @@ maybe chmod 0644 'letsencrypt/csr/3180_csr-certbot.pem'
 maybe chmod 0644 'letsencrypt/csr/3181_csr-certbot.pem'
 maybe chmod 0644 'letsencrypt/csr/3182_csr-certbot.pem'
 maybe chmod 0644 'letsencrypt/csr/3183_csr-certbot.pem'
+maybe chmod 0644 'letsencrypt/csr/3184_csr-certbot.pem'
+maybe chmod 0644 'letsencrypt/csr/3185_csr-certbot.pem'
 maybe chmod 0700 'letsencrypt/keys'
 maybe chmod 0600 'letsencrypt/keys/0000_key-certbot.pem'
 maybe chmod 0600 'letsencrypt/keys/0001_key-certbot.pem'
@@ -8552,6 +8555,8 @@ maybe chmod 0600 'letsencrypt/keys/3180_key-certbot.pem'
 maybe chmod 0600 'letsencrypt/keys/3181_key-certbot.pem'
 maybe chmod 0600 'letsencrypt/keys/3182_key-certbot.pem'
 maybe chmod 0600 'letsencrypt/keys/3183_key-certbot.pem'
+maybe chmod 0600 'letsencrypt/keys/3184_key-certbot.pem'
+maybe chmod 0600 'letsencrypt/keys/3185_key-certbot.pem'
 maybe chmod 0700 'letsencrypt/live'
 maybe chmod 0644 'letsencrypt/live/README'
 maybe chmod 0755 'letsencrypt/live/collabora.hoellein.online'
diff --git a/apache2/sites-available/collabora.conf b/apache2/sites-available/collabora.conf
index bc83835db..c5b1aca04 100644
--- a/apache2/sites-available/collabora.conf
+++ b/apache2/sites-available/collabora.conf
@@ -16,27 +16,32 @@
         SSLProxyCheckPeerCN Off
         SSLProxyCheckPeerName Off
 
-        # Make sure to keep the host
-        ProxyPreserveHost On
+	# keep the host
+	ProxyPreserveHost On
+	
+	# static html, js, images, etc. served from coolwsd
+	# browser is the client part of LibreOffice Online
+	ProxyPass           /browser https://127.0.0.1:9980/browser retry=0
+	ProxyPassReverse    /browser https://127.0.0.1:9980/browser
+	
+	# WOPI discovery URL
+	ProxyPass           /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
+	ProxyPassReverse    /hosting/discovery https://127.0.0.1:9980/hosting/discovery
+	
+	# Main websocket
+	ProxyPassMatch "/cool/(.*)/ws$" wss://127.0.0.1:9980/cool/$1/ws nocanon
+	
+	# Admin Console websocket
+	ProxyPass   /cool/adminws wss://127.0.0.1:9980/cool/adminws
+	
+	# Download as, Fullscreen presentation and Image upload operations
+	ProxyPass           /cool https://127.0.0.1:9980/cool
+	ProxyPassReverse    /cool https://127.0.0.1:9980/cool
+	
+	# Endpoint with information about availability of various features
+	ProxyPass           /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities retry=0
+	ProxyPassReverse    /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities
 
-        # static html, js, images, etc. served from loolwsd
-        # loleaflet is the client part of LibreOffice Online
-        ProxyPass /loleaflet https://127.0.0.1:9980/loleaflet retry=0
-        ProxyPassReverse /loleaflet https://127.0.0.1:9980/loleaflet
-
-        # WOPI discovery URL
-        ProxyPass /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
-        ProxyPassReverse /hosting/discovery https://127.0.0.1:9980/hosting/discovery
-
-        # Main websocket
-        ProxyPassMatch "/lool/(.*)/ws$" wss://127.0.0.1:9980/lool/$1/ws nocanon
-
-        # Admin Console websocket
-        ProxyPass /lool/adminws wss://127.0.0.1:9980/lool/adminws
-
-        # Download as, Fullscreen presentation and Image upload operations
-        ProxyPass /lool https://127.0.0.1:9980/lool
-        ProxyPassReverse /lool https://127.0.0.1:9980/lool
 
 	SSLCertificateFile /etc/letsencrypt/live/collabora.hoellein.online/cert.pem
 	SSLCertificateKeyFile /etc/letsencrypt/live/collabora.hoellein.online/privkey.pem
diff --git a/apache2/sites-available/office.hoellein.online b/apache2/sites-available/office.hoellein.online
new file mode 100644
index 000000000..8b9e077e9
--- /dev/null
+++ b/apache2/sites-available/office.hoellein.online
@@ -0,0 +1,47 @@
+<VirtualHost *:443>
+ServerName office.hoellein.online:443
+
+# SSL configuration, you may want to take the easy route instead and use Lets Encrypt!
+SSLEngine on
+SSLCertificateFile /path/to/signed_certificate
+SSLCertificateChainFile /path/to/intermediate_certificate
+SSLCertificateKeyFile /path/to/private/key
+SSLProtocol             all -SSLv2 -SSLv3
+SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
+SSLHonorCipherOrder     on
+
+# Encoded slashes need to be allowed
+AllowEncodedSlashes NoDecode
+
+# Container uses a unique non-signed certificate
+SSLProxyEngine On
+SSLProxyVerify None
+SSLProxyCheckPeerCN Off
+SSLProxyCheckPeerName Off
+
+# keep the host
+ProxyPreserveHost On
+
+# static html, js, images, etc. served from coolwsd
+# browser is the client part of LibreOffice Online
+ProxyPass           /browser https://127.0.0.1:9980/browser retry=0
+ProxyPassReverse    /browser https://127.0.0.1:9980/browser
+
+# WOPI discovery URL
+ProxyPass           /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
+ProxyPassReverse    /hosting/discovery https://127.0.0.1:9980/hosting/discovery
+
+# Main websocket
+ProxyPassMatch "/cool/(.*)/ws$" wss://127.0.0.1:9980/cool/$1/ws nocanon
+
+# Admin Console websocket
+ProxyPass   /cool/adminws wss://127.0.0.1:9980/cool/adminws
+
+# Download as, Fullscreen presentation and Image upload operations
+ProxyPass           /cool https://127.0.0.1:9980/cool
+ProxyPassReverse    /cool https://127.0.0.1:9980/cool
+
+# Endpoint with information about availability of various features
+ProxyPass           /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities retry=0
+ProxyPassReverse    /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities
+</VirtualHost>
diff --git a/letsencrypt/csr/3184_csr-certbot.pem b/letsencrypt/csr/3184_csr-certbot.pem
new file mode 100644
index 000000000..349f0b54b
--- /dev/null
+++ b/letsencrypt/csr/3184_csr-certbot.pem
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICeTCCAWECAQIwADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMp9
+MyLf/Qa+D8GY+6taizvAOqeeyh/yu6l/7CCRTjWvRl6XlQgEPwI1wlXfhqCM6ScQ
+kc9sNNmL0Ob1poWqtP3jtTBRyYjTNjQUm0YAvlbESNH8e6/eiSAVCKBM1jqZqch9
+VlwGIcEoAsbz1BrHu81AALiLRlKE70AMAnrW+SyTCD/0md2VJzsGErH4V7r1UmjV
+meCPZqYQaXY75Z8P8+p0wmG7HWbcx0IrVHaLYgKZl0UG4OSOE+rXpM/UfTClTQO5
+LVEXIQBVnF4kQjVUD44z/BQu1zh+xJzILOejX35fl+v6umqgAIJFkUaH1wz6I9Sm
+Fi0mWZKm6uE111fGmc8CAwEAAaA0MDIGCSqGSIb3DQEJDjElMCMwIQYDVR0RBBow
+GIIWb2ZmaWNlLmhvZWxsZWluLm9ubGluZTANBgkqhkiG9w0BAQsFAAOCAQEAMVc0
+IitHuxk8uHPLg1arJXbjUox3Mt2NgL/zskDPsPfy8XlDlZR9xH+9otv6+jpAyJfc
+5u1FYO5iQi4D/GIAN4TziaCRcPii4MKoVdHmfDUEkSgh39Tv6gNKWep/Q0cvP+ke
+FrbNNgnMQpE52P7XtG/ki9YGrvnUx0A5Y5Vb4+VAIa9tPBBmgr6Up4HWcZ+VwTEu
+2/aJ9F/QvjQArFlwVFjLx3CR+rrjP+xgmAc4IjDklCA/m4j0eVuRj8GigQkrlw92
+xQ2JNqfLemTqxd3agFJMRx2eaoA3LzHBnTWw0Z6ACticbP4crEYuhH+6H8MCveYt
+UoUaySr7ormoZ8xfuA==
+-----END CERTIFICATE REQUEST-----
diff --git a/letsencrypt/csr/3185_csr-certbot.pem b/letsencrypt/csr/3185_csr-certbot.pem
new file mode 100644
index 000000000..5584f8583
--- /dev/null
+++ b/letsencrypt/csr/3185_csr-certbot.pem
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICeTCCAWECAQIwADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALth
+I1F9g3J65PsOwD7zdFBXtuytSnsykn9XKrORzMt6Xw9eLL3od1szrweo3OmGKoVV
+DkYHOSCrJVwg0vzlFYvJbe3iADnzjp5Lm0p9opaoSznCJBLMhMVF+CwhbsAc9PkB
+Uo5F8H4MXLr92BwvcX+mYbgBBKuL8bZkj3g/ywGl1FFl32d1JS+KZMOsJNFIMHAg
+SwsXZ221jp9hZCZGaEdJAW4E4JqmvTk0eKTLvpnE+FOx4L03Yu5ETkKSP1sdNcCk
+onD3O/Jj6B2Y1tVk7iMw6cRUbTS4e7nf4qzr4N9wOWK3HVKOKG+4xc+a0UkOci51
++z7IQasIAjloe0Z3XH8CAwEAAaA0MDIGCSqGSIb3DQEJDjElMCMwIQYDVR0RBBow
+GIIWb2ZmaWNlLmhvZWxsZWluLm9ubGluZTANBgkqhkiG9w0BAQsFAAOCAQEALnk8
+BYHkfq3Y7tbBxaBmD5Q9w96JeW81bVR9gBCeYK7VV1DFOfmGWX8tvI6OobGT6dJx
+L6llOn4rZV/krEX1H3XmvapcSpxesPi0CsnmYlhY1Myk/dQitrbNO4YtgsJ39REQ
+0fjHQrBelE3o+Xnb7YrRpW/Pbl2sCNqVARYgZ0xkJOSoSs9ZluJyTkIgcA23pphO
+tGboUokNeKZ3q8pAOpy+e3ouMgqFo39btqbC4ekC+E9quAuqOCnNANFo8VR//ZkI
+jQpNzTC2xxVg1dd3C8Wu0EXeNgXlnxtP3I19YlhiN6IHhoDvlnl1tbDpKkDnxoRN
+MdRraziH/5OBP9EMKA==
+-----END CERTIFICATE REQUEST-----
diff --git a/letsencrypt/keys/3184_key-certbot.pem b/letsencrypt/keys/3184_key-certbot.pem
new file mode 100644
index 000000000..bedffa4ff
--- /dev/null
+++ b/letsencrypt/keys/3184_key-certbot.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDKfTMi3/0Gvg/B
+mPurWos7wDqnnsof8rupf+wgkU41r0Zel5UIBD8CNcJV34agjOknEJHPbDTZi9Dm
+9aaFqrT947UwUcmI0zY0FJtGAL5WxEjR/Huv3okgFQigTNY6manIfVZcBiHBKALG
+89Qax7vNQAC4i0ZShO9ADAJ61vkskwg/9JndlSc7BhKx+Fe69VJo1Zngj2amEGl2
+O+WfD/PqdMJhux1m3MdCK1R2i2ICmZdFBuDkjhPq16TP1H0wpU0DuS1RFyEAVZxe
+JEI1VA+OM/wULtc4fsScyCzno19+X5fr+rpqoACCRZFGh9cM+iPUphYtJlmSpurh
+NddXxpnPAgMBAAECggEBAI3igMx1KzVoRF4htmdxgJKTtgXyLCuKyJiSvIBtkOHp
+OWPaz2DYqNYBmXTWtd0WH+FxqNoxNi8h23Wat959qWkl/7Yl+RPY++gucEbzCmx+
+CZCqXHj1dBx44JyCerKBLgkAWl0NJuXUBW4nOH6zahL+QAMQBGyaHZNBVxOAQwVJ
+mlzgTvDTCPkPcIsLCvZv0mWjpPHx1fbLah+EMPuPmqivR3aD6gcbhDe0sl9UIEB7
+bxuJxvboywvX5Xv3kboQpFm5RJ1FZF7RtS4nZHB6x9uWpZNj2UQEA6u8zxFeEeBL
+WuY/4USHhBwaC1V56msQBjI5ZeijJdLaj5xT+nZ+t3ECgYEA7kRHouFLhehB/oBs
+rnS8y+0LzwWgoTkJl0J0Ugwnh+tqyMO6B1vKlSa6d+MZ1UXyBPHJQrjaP/6UOlod
+PjCujYW8xxaoF4vz1tBFhvFvKU0kcfaTVWkTgmCIwMAHSI8tcBtnwgpFiG+7BIXC
+MTmdFP/egS3dSiZtPhsbxcGMmq0CgYEA2Y8+nBFFU+EkBWsAGtsD+U1t1y1x0jA4
+u0kBlW0QUvm7cw6VJXUDv/ykK6LCjVMPmOL+z5HSE4PjnQL+jxlILjP6jsw2GWh8
+MhUnJ4DzyCvRgl3dQyEgF3Tqy2QzNkMQx2W/eE03fW/4yVdZHAlhLRmpmcezNeYs
+tKPrlSsvsesCgYEApqYfLK9DcX9HWUhdu49u1XsQvVWESf9o0+DpFtHlfE2OPKmZ
+Hbh38uZJmby/vsnTQt4SFJbSH9xhtIZ+2ZaXH+kgZmdUXlPG0sKNPprzUwHfsc3y
+stRxjskSHS6yaW+rKjQg2Djy9UCgn8MmVeOkGKH18IgxtME3uy6euCxtuWkCgYAQ
+E7jRuakA4NNTnyub0HGDu8gRLaeKm8ulc2itjSi2qQPEJeC5quMDDf1nyBhOb0Po
+zWV9G06F6KoqUS1Uj864s1ihss+QoxsCbHO/RJU/RpWt55fRPSJs+VPcgeQS73PO
++GLk1ffyyhJ9dnn8S2kl9w6EcbB5nC/TjYV8OXvFzwKBgQC6OhDxxAiX1MQoGpfZ
+oHsc8+cuVH1E853RqgsxtaQdOFLPhYPb5WkbIspXH71ZuSBZJfvAVtdFvAjQ8WKb
+ZSaOgr/fGnY5Npm90/t52oTMtmXUQbo90bn/CABoe//9r0e6eX6MYtwynXSHr5rv
+div5jZ5lqtWcwugYNxmcsWf0IA==
+-----END PRIVATE KEY-----
diff --git a/letsencrypt/keys/3185_key-certbot.pem b/letsencrypt/keys/3185_key-certbot.pem
new file mode 100644
index 000000000..26972de2e
--- /dev/null
+++ b/letsencrypt/keys/3185_key-certbot.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC7YSNRfYNyeuT7
+DsA+83RQV7bsrUp7MpJ/VyqzkczLel8PXiy96HdbM68HqNzphiqFVQ5GBzkgqyVc
+INL85RWLyW3t4gA5846eS5tKfaKWqEs5wiQSzITFRfgsIW7AHPT5AVKORfB+DFy6
+/dgcL3F/pmG4AQSri/G2ZI94P8sBpdRRZd9ndSUvimTDrCTRSDBwIEsLF2dttY6f
+YWQmRmhHSQFuBOCapr05NHiky76ZxPhTseC9N2LuRE5Ckj9bHTXApKJw9zvyY+gd
+mNbVZO4jMOnEVG00uHu53+Ks6+DfcDlitx1SjihvuMXPmtFJDnIudfs+yEGrCAI5
+aHtGd1x/AgMBAAECggEAUyBq3LID6HugrcgDfWnfxezD2AegrTroRtnStcsOwY5O
+MbEjxDQnDyzEj29YYbkFkBUFugdmTpnefxqIv2yZvGPmAsxqMUtdj9gW0lseEBwl
+E0CPZE+a7zF1QY6rZUrzWqw9haR9Zk3xrXsDrq1Ver3DSDAbdEcnOjUueLhERTwa
+7dBWqFWlSlxbjnVPa59iQE2F4CScoRu8Ie2UPYFDMbc0rUVtqpJnWfiJQa2n2SBC
+4FWDr5JuKeWoW7fx4Ir7meeIO+4GMEYFtUqbUJ7L9Em7G8Om6sH+HuYX8E3jfXD3
+QxU0kDvu2WoHbm9YeDlkxISDKNyXuVkZsgQY+q7N0QKBgQDv1Dr+E/NXpwVjYSZY
+nqS4aeiY3Qyj+/lJ+O3mopPvN4LWLL6AvKppjEBbgFSdLXC7OMgdO959lwMRc7XE
+drdOKuknv3+0IRDzqMtMG9X2qN9AZjVDgq+2zTLWsf3/FT9tMC9pUqgR9ZyFhcgM
+i0YYpx0FVuv8WsNgccmwl/lj1QKBgQDIA47C48j4GN+uZfLya+HhcSGceCjDtf1P
+OCSl1RQUjSfL8bX/XO/uD61zZT7RM5+FvfsBAhy92xYtoi5xD7YwPKZYhDlUhDT7
+gaNTJ1t4JXC/vLMZuCeUVHyF8feWSHO12X0WVxCo6W89oAlDpP0VacBD2qep8F+D
+evb5myPtAwKBgQC2XHFzC2aIquas940563+i/l0wBz16X7nh5pe3PL4yMsqY4rME
+nvERiuTQ7tboIUpMAlQf7osygiaCGbMILaEangRmBfYr2MzUCfBz8eKTSTtg85bi
+u7eyz3stx3A0i0qMUwxqEMDdzx3yZZSE/U4SptepXLvaSoWvizZqwlSO9QKBgAI4
+x+UyUpEu9Y0iZMh8mk2+y/jI/Orvopi2rvGIpGh2CPMjBDqJ9cBXPD4D6ea5BBSg
+P6GLPHZ/cIehPZLT8donUlG5ZkmiDlSc5AuQbFuxTsdSeUrX2Ni0940lWvK4a1Ch
+0dnlrbGypiGxHWk68/TA7/nQ+/vPR8BWJVgweP2xAoGBAINs2hpV8JwvFU9OtW0y
+mW0SVmnR3ZaUmgFknHVGz40c4RjjSfwGZNTrP74yUCELExK4OWPpDgSRt6zv0Hq6
+w1DoumwNRbJBj7noavS8D35Wxy3+oZAInBlDSnZwbkT5FCxN0vDOElnwf1TmGt8V
+ZQXZ5QE21m8sFtOSU7xZkAeb
+-----END PRIVATE KEY-----
-- 
2.43.0