Installation du sondage

cd /var/www/html
  • Récupération de l’archive
wget https://framasoft.frama.io/framadate/latest.zip -P /tmp
OU
wget https://framagit.org/framasoft/framadate/framadate/uploads/267cf0e390950019c5176bd2cf6da865/framadate-1.1.10.zip -P /tmp
  • Extraire l’archive dans framadate
sudo -u www-data unzip /tmp/framadate-1.1.10.zip
  • Appliquer les permissions
chown -R www-data: framadate
  • Supprimer l’archive
rm /tmp/framadate-1.1.10.zip
  • Se déplacer dans framadate
cd framadate
  • Création du fichier de log
sudo -u www-data touch admin/stdout.
sudo chmod 600 admin/stdout.log

Sur le reverse proxy

Configuration de NGINX :

server {
    listen      80;
    server_name URL;
    return 301  https://URL$request_uri;
}

server {
    listen      443 ssl http2;
    server_name URL;

    # Let's Encrypt:
    ssl_certificate     /etc/letsencrypt/live/URL/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/URL/privkey.pem;

    # Add common Conf:
    include /etc/nginx/RVPRX_common.conf;
    add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src 'self'";
    add_header Referrer-Policy "strict-origin";

    # LOGS
    gzip on;
    access_log /var/log/nginx/URL_access.log;
    error_log  /var/log/nginx/URL_error.log;

    location ~^/(\.git)/{
		deny all;
    }
	location ~ /\. {
		deny all;
	}	

	location ~ ^/composer\.json.*$|^/composer\.lock.*$|^/php\.ini.*$|^/.*\.sh {
		deny all;
	}

    location / { 
        rewrite "^/admin$" "/admin/" permanent;	
        rewrite "^/([a-zA-Z0-9-]+)$" "/studs.php?poll=$1" last;
        rewrite "^/([a-zA-Z0-9-]+)/action/([a-zA-Z_-]+)/(.+)$" "/studs.php?poll=$1&$2=$3" last;
        rewrite "^/([a-zA-Z0-9-]+)/vote/([a-zA-Z0-9]{16})$" "/studs.php?poll=$1&vote=$2" last;
        rewrite "^/([a-zA-Z0-9]{24})/admin$" "/adminstuds.php?poll=$1" last;
        rewrite "^/([a-zA-Z0-9]{24})/admin/vote/([a-zA-Z0-9]{16})$" "/adminstuds.php?poll=$1&vote=$2" last;
        rewrite "^/([a-zA-Z0-9]{24})/admin/action/([a-zA-Z_-]+)(/([A-Za-z0-9]+))?$" "/adminstuds.php?poll=$1&$2=$4" last;
        proxy_pass http://<IP PRIVE DU CONTENEUR>;
    }

}

Création d’un nouveau certificat pour votre site

systemctl reload nginx

Sur le conteneur

  • Fichier de configuration d’apache2
<VirtualHost *:80>
	# The ServerName directive sets the request scheme, hostname and port that
	# the server uses to identify itself. This is used when creating
	# redirection URLs. In the context of virtual hosts, the ServerName
	# specifies what hostname must appear in the request's Host: header to
	# match this virtual host. For the default virtual host (this file) this
	# value is not decisive as it is used as a last resort host regardless.
	# However, you must set it for any further virtual host explicitly.
	#ServerName www.example.com

	ServerAdmin webmaster@localhost
	ServerName URL
	DocumentRoot /var/www/html/framadate

	# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
	# error, crit, alert, emerg.
	# It is also possible to configure the loglevel for particular
	# modules, e.g.
	#LogLevel info ssl:warn

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

    <Directory /var/www/html/framadate>
        AllowOverride All
    </Directory>

	# For most configuration files from conf-available/, which are
	# enabled or disabled at a global level, it is possible to
	# include a line for only one particular virtual host. For example the
	# following line enables the CGI configuration for this host only
	# after it has been globally disabled with "a2disconf".
	#Include conf-available/serve-cgi-bin.conf
</VirtualHost>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet