Installation du sondage

  • Se rendre dans /var/www/html
cd /var/www/html
  • Récupération de l’archive
wget https://framagit.org/framasoft/framadate/framadate/-/archive/1.1.10/framadate-1.1.10.zip
  • Extraire l’archive dans framadate
unzip framadate-1.1.10.zip
mv framadate-1.1.10 framadate
  • Appliquer les permissions

Pour composer qui écrira dans /var/www/.composer

chown -R www-data: /var/www/
  • Supprimer l’archive
rm framadate-1.1.10.zip
  • Se déplacer dans framadate
cd framadate
  • Création du fichier de log
sudo -u www-data touch admin/stdout.log
sudo chmod 600 admin/stdout.log
  • Installation de composer

  • cd /var/www/html/framadate

php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
php -r "if (hash_file('sha384', 'composer-setup.php') === 'c31c1e292ad7be5f49291169c0ac8f683499edddcfd4e42232982d0fd193004208a58ff6f353fde0012d35fdd72bc394') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
php composer-setup.php
php -r "unlink('composer-setup.php');"
  • Installation des dépendences par composer
mv composer.phar /usr/local/bin/composer
sudo -u www-data composer install

Et voilà ! On passe à Nginx et apache2

Cas d’un reverse proxy avec nginx

Configuration de NGINX :

server {
    listen      80;
    server_name URL;
    return 301  https://URL$request_uri;
}

server {
    listen      443 ssl http2;
    server_name URL;

    # Let's Encrypt:
    ssl_certificate     /etc/letsencrypt/live/URL/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/URL/privkey.pem;

    # Add common Conf:
    include /etc/nginx/RVPRX_common.conf; # Options génériques de NGINX communes à tous les conteneurs - Généré par https://ssl-config.mozilla.org/
    add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src 'self'";
    add_header Referrer-Policy "strict-origin";

    # LOGS
    gzip on;
    access_log /var/log/nginx/URL_access.log;
    error_log  /var/log/nginx/URL_error.log;

    location ~^/(\.git)/{
		deny all;
    }
	location ~ /\. {
		deny all;
	}	

	location ~ ^/composer\.json.*$|^/composer\.lock.*$|^/php\.ini.*$|^/.*\.sh {
		deny all;
	}

    location / { 
        rewrite "^/admin$" "/admin/" permanent;	
        rewrite "^/([a-zA-Z0-9-]+)$" "/studs.php?poll=$1" last;
        rewrite "^/([a-zA-Z0-9-]+)/action/([a-zA-Z_-]+)/(.+)$" "/studs.php?poll=$1&$2=$3" last;
        rewrite "^/([a-zA-Z0-9-]+)/vote/([a-zA-Z0-9]{16})$" "/studs.php?poll=$1&vote=$2" last;
        rewrite "^/([a-zA-Z0-9]{24})/admin$" "/adminstuds.php?poll=$1" last;
        rewrite "^/([a-zA-Z0-9]{24})/admin/vote/([a-zA-Z0-9]{16})$" "/adminstuds.php?poll=$1&vote=$2" last;
        rewrite "^/([a-zA-Z0-9]{24})/admin/action/([a-zA-Z_-]+)(/([A-Za-z0-9]+))?$" "/adminstuds.php?poll=$1&$2=$4" last;
        proxy_pass http://<IP PRIVE DU CONTENEUR>;
    }

}
nginx -t
systemctl reload nginx

Sur le conteneur ou vm

  • Fichier de configuration d’apache2

Remplacer URL par la votre

<VirtualHost *:80>
	# The ServerName directive sets the request scheme, hostname and port that
	# the server uses to identify itself. This is used when creating
	# redirection URLs. In the context of virtual hosts, the ServerName
	# specifies what hostname must appear in the request's Host: header to
	# match this virtual host. For the default virtual host (this file) this
	# value is not decisive as it is used as a last resort host regardless.
	# However, you must set it for any further virtual host explicitly.
	#ServerName www.example.com

	ServerAdmin webmaster@localhost
	ServerName URL
	DocumentRoot /var/www/html/framadate

	# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
	# error, crit, alert, emerg.
	# It is also possible to configure the loglevel for particular
	# modules, e.g.
	#LogLevel info ssl:warn

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

    <Directory /var/www/html/framadate>
        AllowOverride All
    </Directory>

	# For most configuration files from conf-available/, which are
	# enabled or disabled at a global level, it is possible to
	# include a line for only one particular virtual host. For example the
	# following line enables the CGI configuration for this host only
	# after it has been globally disabled with "a2disconf".
	#Include conf-available/serve-cgi-bin.conf
</VirtualHost>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

Postfix

  • vim /etc/postfix/master.cf
   -o smtpd_relay_restrictions=check_relay_domains