From c7180fdbc9205c57ce61f0999db73d16c4303f74 Mon Sep 17 00:00:00 2001 From: mhoellein Date: Wed, 8 Jul 2020 22:49:45 +0200 Subject: [PATCH] saving uncommitted changes in /etc prior to apt run --- .etckeeper | 2 + apache2/sites-available/icinga.conf | 32 ++++++- .../http_icinga.online-le-ssl.conf | 1 - icingaweb2/setup.token | 1 + mysql/FROZEN | 1 - mysql/mysql.conf.d/mysqld.cnf | 92 +++++++------------ 6 files changed, 64 insertions(+), 65 deletions(-) delete mode 120000 apache2/sites-enabled/http_icinga.online-le-ssl.conf create mode 100644 icingaweb2/setup.token delete mode 120000 mysql/FROZEN diff --git a/.etckeeper b/.etckeeper index f520847b9..180df5194 100755 --- a/.etckeeper +++ b/.etckeeper @@ -1292,6 +1292,8 @@ maybe chgrp 'icingaweb2' 'icingaweb2/modules' maybe chmod 2770 'icingaweb2/modules' maybe chmod 0755 'icingaweb2/modules/translation' maybe chmod 0644 'icingaweb2/modules/translation/config.ini' +maybe chgrp 'icingaweb2' 'icingaweb2/setup.token' +maybe chmod 0660 'icingaweb2/setup.token' maybe chmod 0755 'init' maybe chmod 0755 'init.d' maybe chmod 0755 'init.d/acpid' diff --git a/apache2/sites-available/icinga.conf b/apache2/sites-available/icinga.conf index a292b42e1..354772b0e 100644 --- a/apache2/sites-available/icinga.conf +++ b/apache2/sites-available/icinga.conf @@ -1,10 +1,37 @@ + + Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains; preload" + Header set Referrer-Policy "no-referrer" ServerAdmin admin@hoellein.online - DocumentRoot /var/www/icinga2/ - ServerName icinga.hoellein.online + DocumentRoot /usr/share/icingaweb2/public + ServerName icinga.hoellein.online:443 ServerAlias www.icinga.hoellein.online + + Options SymLinksIfOwnerMatch + AllowOverride None + + SetEnv ICINGAWEB_CONFIGDIR "/etc/icingaweb2" + + EnableSendfile Off + +# +# RewriteEngine on +# RewriteBase /icingaweb2/ +# RewriteCond %{REQUEST_FILENAME} -s [OR] +# RewriteCond %{REQUEST_FILENAME} -l [OR] +# RewriteCond %{REQUEST_FILENAME} -d +# RewriteRule ^.*$ - [NC,L] +# RewriteRule ^.*$ index.php [NC,L] +# + + + DirectoryIndex error_norewrite.html + ErrorDocument 404 /error_norewrite.html + + + Options FollowSymLinks AllowOverride all @@ -32,4 +59,3 @@ SSLCertificateKeyFile /etc/letsencrypt/live/icinga.hoellein.online/privkey.pem - diff --git a/apache2/sites-enabled/http_icinga.online-le-ssl.conf b/apache2/sites-enabled/http_icinga.online-le-ssl.conf deleted file mode 120000 index 268b10717..000000000 --- a/apache2/sites-enabled/http_icinga.online-le-ssl.conf +++ /dev/null @@ -1 +0,0 @@ -/etc/apache2/sites-available/http_icinga.online-le-ssl.conf \ No newline at end of file diff --git a/icingaweb2/setup.token b/icingaweb2/setup.token new file mode 100644 index 000000000..09ba1e25c --- /dev/null +++ b/icingaweb2/setup.token @@ -0,0 +1 @@ +efa4ae68497204b8 \ No newline at end of file diff --git a/mysql/FROZEN b/mysql/FROZEN deleted file mode 120000 index 2bc63aea9..000000000 --- a/mysql/FROZEN +++ /dev/null @@ -1 +0,0 @@ -../../usr/share/doc/mysql-common/frozen-mode/downgrade \ No newline at end of file diff --git a/mysql/mysql.conf.d/mysqld.cnf b/mysql/mysql.conf.d/mysqld.cnf index b4aa9dbc5..f5de296b3 100644 --- a/mysql/mysql.conf.d/mysqld.cnf +++ b/mysql/mysql.conf.d/mysqld.cnf @@ -1,10 +1,6 @@ # # The MySQL database server configuration file. # -# You can copy this to one of: -# - "/etc/mysql/my.cnf" to set global options, -# - "~/.my.cnf" to set user-specific options. -# # One can use all long options that the program supports. # Run program with --help to get a list of available options and with # --print-defaults to see which it would actually understand and use. @@ -12,31 +8,23 @@ # For explanations see # http://dev.mysql.com/doc/mysql/en/server-system-variables.html -# This will be passed to all mysql clients -# It has been reported that passwords should be enclosed with ticks/quotes -# escpecially if they contain "#" chars... -# Remember to edit /etc/mysql/debian.cnf when changing the socket location. - # Here is entries for some specific programs # The following values assume you have at least 32M ram -[mysqld_safe] -socket = /var/run/mysqld/mysqld.sock -nice = 0 - [mysqld] # # * Basic Settings # user = mysql -pid-file = /var/run/mysqld/mysqld.pid -socket = /var/run/mysqld/mysqld.sock -port = 3306 -basedir = /usr -datadir = /var/lib/mysql -tmpdir = /tmp -lc-messages-dir = /usr/share/mysql -skip-external-locking +# pid-file = /var/run/mysqld/mysqld.pid +# socket = /var/run/mysqld/mysqld.sock +# port = 3306 +# datadir = /var/lib/mysql + + +# If MySQL is running as a replication slave, this should be +# changed. Ref https://dev.mysql.com/doc/refman/8.0/en/server-system-variables.html#sysvar_tmpdir +# tmpdir = /tmp # # Instead of skip-networking the default is now to listen only on # localhost which is more compatible and is not less secure. @@ -45,61 +33,45 @@ bind-address = 127.0.0.1 # * Fine Tuning # key_buffer_size = 16M -max_allowed_packet = 16M -thread_stack = 192K -thread_cache_size = 8 +# max_allowed_packet = 64M +# thread_stack = 256K + +# thread_cache_size = -1 + # This replaces the startup script and checks MyISAM tables if needed # the first time they are touched myisam-recover-options = BACKUP -#max_connections = 100 -#table_open_cache = 64 -#thread_concurrency = 10 -# -# * Query Cache Configuration -# -query_cache_limit = 1M -query_cache_size = 16M + +# max_connections = 151 + +# table_open_cache = 4000 + # # * Logging and Replication # # Both location gets rotated by the cronjob. +# +# Log all queries # Be aware that this log type is a performance killer. -# As of 5.1 you can enable the log at runtime! -#general_log_file = /var/log/mysql/mysql.log -#general_log = 1 +# general_log_file = /var/log/mysql/query.log +# general_log = 1 # # Error log - should be very few entries. # log_error = /var/log/mysql/error.log # # Here you can see queries with especially long duration -#slow_query_log = 1 -#slow_query_log_file = /var/log/mysql/mysql-slow.log -#long_query_time = 2 -#log-queries-not-using-indexes +# slow_query_log = 1 +# slow_query_log_file = /var/log/mysql/mysql-slow.log +# long_query_time = 2 +# log-queries-not-using-indexes # # The following can be used as easy to replay backup logs or for replication. # note: if you are setting up a replication slave, see README.Debian about # other settings you may need to change. -#server-id = 1 -#log_bin = /var/log/mysql/mysql-bin.log -expire_logs_days = 10 +# server-id = 1 +# log_bin = /var/log/mysql/mysql-bin.log +# binlog_expire_logs_seconds = 2592000 max_binlog_size = 100M -#binlog_do_db = include_database_name -#binlog_ignore_db = include_database_name -# -# * InnoDB -# -# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/. -# Read the manual for more InnoDB related options. There are many! -# -# * Security Features -# -# Read the manual, too, if you want chroot! -# chroot = /var/lib/mysql/ -# -# For generating SSL certificates I recommend the OpenSSL GUI "tinyca". -# -# ssl-ca=/etc/mysql/cacert.pem -# ssl-cert=/etc/mysql/server-cert.pem -# ssl-key=/etc/mysql/server-key.pem +# binlog_do_db = include_database_name +# binlog_ignore_db = include_database_name -- 2.43.0