-Subproject commit 4ac4b07f646286a986b96ae5036c56835df13593
+Subproject commit e356e0f68b432a3b61d90e3169a1ba5a83972f29
--- /dev/null
+listen 80;
--- /dev/null
+pool=cyclo_letabli
+sudo adduser php_"$pool" www-"$site"
+sudo adduser www-"$site" sftp
+
+sudo rmdir ~www-data/"$site" || true
+sudo install -d -m 2750 -o root -g www-"$site" \
+ ~www-data/"$site"
+sudo install -d -m 2750 -o www-"$site" -g www-"$site" \
+ ~www-data/"$site"/etc \
+ ~www-data/"$site"/etc/ssh
+sudo install -d -m 2770 -o www-"$site" -g www-"$site" \
+ ~www-data/"$site"/www
+
+"$tool"/local/runit-sv-configure postgres
+"$tool"/local/runit-sv-start postgres
+while ! sudo -u postgres psql </dev/null
+do sleep 1; done
+
+"$tool"/local/postgresql-user-create "$pool"
+"$tool"/local/postgresql-database-create "$pool"
+"$tool"/local/postgresql-schema-create "$pool"
+sudo -u postgres psql -AqtX --set ON_ERROR_STOP=1 "$pool" <<-EOF
+ GRANT USAGE ON SCHEMA pg_catalog TO $pool;
+ EOF
--- /dev/null
+server_name
+ letabli.cyclocoop.org
+ letabli.org;
+root /home/www/data/cyclo-letabli/www;
+
+location / {
+ index index.html index.htm index.php;
+ }
+location ~* ^.+\.(css|gif|html|ico|jpeg|js|jpg|png|txt|xml)$ {
+ access_log off;
+ expires 30d;
+ log_not_found off;
+ }
+location ~ /\. {
+ access_log off;
+ deny all;
+ log_not_found off;
+ }
+location ~ \.php(|/.+)$ {
+ include /etc/nginx/conf.d/fastcgi.conf;
+ set $no_cache "0";
+ if ($request_method !~ ^(GET|HEAD)$) {
+ # NOTE: if non GET/HEAD, don't cache and mark user as uncacheable for 1 second via cookie.
+ set $no_cache "1";
+ }
+ if ($no_cache = "1") {
+ # NOTE: drop no cache cookie if need be (for some reason, add_header fails if included in prior if-block).
+ add_header Set-Cookie "_mcnc=1; Max-Age=2; Path=/";
+ add_header X-Microcachable "0";
+ }
+ if ($http_cookie ~* "_mcnc") {
+ # NOTE: bypass cache if no-cache cookie is set
+ set $no_cache "1";
+ }
+ fastcgi_cache_bypass $no_cache;
+ fastcgi_cache_use_stale updating;
+ fastcgi_cache_valid 200 10s;
+ fastcgi_cache_valid 404 10m;
+ fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
+ fastcgi_index index.php;
+ fastcgi_no_cache $no_cache;
+ fastcgi_param REDIRECT_STATUS 200;
+ # NOTE: PHP only, required if PHP was built with --enable-force-cgi-redirect
+ fastcgi_pass_header Cookie;
+ fastcgi_pass_header Set-Cookie;
+ fastcgi_split_path_info ^(.+\.php)(/.+)$;
+
+ fastcgi_pass unix:/run/php5/fpm/cyclo_letabli;
+ }
+
+# vim: ft=sh
paris20.garradin A IP4(GRESILLE)
imap A IP4(GRESILLE)
irc A IP4(GRESILLE)
+letabli A IP4(GRESILLE)
mail A IP4(GRESILLE)
mx A IP4(GRESILLE)
notifications A IP4(GRESILLE)
--- /dev/null
+php_admin_value[extension] = curl.so
+php_admin_value[extension] = pdo_pgsql.so
+php_admin_value[extension] = pgsql.so
+pm.max_children = 15
+pm.max_requests = 200
+pm.max_spare_servers = 5
+pm.min_spare_servers = 1
+pm.process_idle_timeout = 60s
+pm.start_servers = 1
+request_slowlog_timeout = 5s
+request_terminate_timeout = 120s
+rlimit_core = unlimited
+rlimit_files = 131072
+security.limit_extensions = .php
sudo adduser www log-www
#sudo adduser log log-www
usermod --home /home/www/data www-data
-sudo install -d -m 751 -o www -g www \
+sudo install -d -m 751 -o root -g www \
/home/www
sudo install -d -m 750 -o www -g www \
/home/www/etc
-sudo install -d -m 1771 -o www-data -g www-data \
+sudo install -d -m 1751 -o root -g www-data \
/home/www/data
sudo install -d -m 1771 -o log-www -g log-www \
/home/www/log