From 55b4c265791820840d02f45506f5c6423a269a90 Mon Sep 17 00:00:00 2001 From: Ludovic CHEVALIER Date: Fri, 2 Oct 2015 16:42:31 +0200 Subject: [PATCH] =?utf8?q?Suppression=C2=A0:=20=20=20=20=20=20=20=20etc/ng?= =?utf8?q?inx/site.d/lhc-stats?= MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit --- etc/gitolite | 2 +- etc/nginx/site.d/lhc-stats-tls/local.conf | 25 ------ etc/nginx/site.d/lhc-stats-tls/local.sh | 10 --- etc/nginx/site.d/lhc-stats-tls/site.conf | 1 - etc/nginx/site.d/lhc-stats-tls/x509_host | 1 - etc/nginx/site.d/lhc-stats/http.conf | 28 ------ etc/nginx/site.d/lhc-stats/local.conf | 5 -- etc/nginx/site.d/lhc-stats/local.sh | 5 -- etc/nginx/site.d/lhc-stats/site.conf | 82 ------------------ etc/openssl/stats.heureux-cyclage.org/ca | 1 - .../stats.heureux-cyclage.org/host.cfg | 70 --------------- .../stats.heureux-cyclage.org/user.cfg | 14 --- var/pub/openpgp/trustdb.gpg | Bin 1880 -> 1880 bytes 13 files changed, 1 insertion(+), 243 deletions(-) delete mode 100644 etc/nginx/site.d/lhc-stats-tls/local.conf delete mode 100644 etc/nginx/site.d/lhc-stats-tls/local.sh delete mode 120000 etc/nginx/site.d/lhc-stats-tls/site.conf delete mode 100644 etc/nginx/site.d/lhc-stats-tls/x509_host delete mode 100644 etc/nginx/site.d/lhc-stats/http.conf delete mode 100644 etc/nginx/site.d/lhc-stats/local.conf delete mode 100644 etc/nginx/site.d/lhc-stats/local.sh delete mode 100644 etc/nginx/site.d/lhc-stats/site.conf delete mode 120000 etc/openssl/stats.heureux-cyclage.org/ca delete mode 100644 etc/openssl/stats.heureux-cyclage.org/host.cfg delete mode 100644 etc/openssl/stats.heureux-cyclage.org/user.cfg diff --git a/etc/gitolite b/etc/gitolite index 358ee61..982cf37 160000 --- a/etc/gitolite +++ b/etc/gitolite @@ -1 +1 @@ -Subproject commit 358ee61dbcf66af8c5f48fc9c3e5f2a97576926e +Subproject commit 982cf378c7b8f9da0a0cb68a81842794e71fb8d0 diff --git a/etc/nginx/site.d/lhc-stats-tls/local.conf b/etc/nginx/site.d/lhc-stats-tls/local.conf deleted file mode 100644 index 6905300..0000000 --- a/etc/nginx/site.d/lhc-stats-tls/local.conf +++ /dev/null @@ -1,25 +0,0 @@ -listen 443; -include /etc/nginx/conf.d/ssl.conf; -ssl_certificate /etc/nginx/x509.d/lhc-stats-tls/crt.pem; -ssl_certificate_key /etc/nginx/x509.d/lhc-stats-tls/key.pem; - -location = /index.php { - ## Relay all index.php requests to fastcgi. - include /etc/nginx/conf.d/fastcgi.conf; - add_header X-Piwik-Cache $upstream_cache_status; - expires epoch; - fastcgi_cache microcache; - fastcgi_cache_bypass $lhc_stats_no_cache; - fastcgi_cache_use_stale error timeout invalid_header updating http_500; - fastcgi_cache_valid 200 301 5m; - fastcgi_cache_valid 302 3m; - fastcgi_cache_valid 404 1m; - fastcgi_ignore_headers Cache-Control Expires; - fastcgi_index index.php; - fastcgi_no_cache $lhc_stats_no_cache; - fastcgi_param REDIRECT_STATUS 200; - - fastcgi_pass php_fpm_lhc_stats; - } - -# vim: ft=sh diff --git a/etc/nginx/site.d/lhc-stats-tls/local.sh b/etc/nginx/site.d/lhc-stats-tls/local.sh deleted file mode 100644 index 56fd0be..0000000 --- a/etc/nginx/site.d/lhc-stats-tls/local.sh +++ /dev/null @@ -1,10 +0,0 @@ -hint="run before: remote/runit-configure nginx -- $site" -assert "sudo test -f /etc/nginx/x509.d/\"$site\"/key.pem" hint - -sudo install -m 664 -o www -g www \ - "$tool"/var/pub/x509/stats.heureux-cyclage.org/crt+ca.pem \ - /etc/nginx/x509.d/"$site"/crt.pem - -sudo rmdir ~www-data/"$site" || true -sudo ln -fns "${site%-tls}" ~www-data/"$site" - diff --git a/etc/nginx/site.d/lhc-stats-tls/site.conf b/etc/nginx/site.d/lhc-stats-tls/site.conf deleted file mode 120000 index e581615..0000000 --- a/etc/nginx/site.d/lhc-stats-tls/site.conf +++ /dev/null @@ -1 +0,0 @@ -../lhc-stats/site.conf \ No newline at end of file diff --git a/etc/nginx/site.d/lhc-stats-tls/x509_host b/etc/nginx/site.d/lhc-stats-tls/x509_host deleted file mode 100644 index b06782d..0000000 --- a/etc/nginx/site.d/lhc-stats-tls/x509_host +++ /dev/null @@ -1 +0,0 @@ -stats.heureux-cyclage.org diff --git a/etc/nginx/site.d/lhc-stats/http.conf b/etc/nginx/site.d/lhc-stats/http.conf deleted file mode 100644 index eed8b10..0000000 --- a/etc/nginx/site.d/lhc-stats/http.conf +++ /dev/null @@ -1,28 +0,0 @@ -upstream php_fpm_lhc_stats { - server unix:/run/php5/fpm/lhc_stats; - } - -map $request_method $lhc_stats_no_cache { - # NOTE: if non GET/HEAD, don't cache. - default 1; - HEAD 0; - GET 0; - } -map $arg_module $lhc_stats_no_cache { - ## When we go through installation - ## or when we're on the dashboard for specific tasks. - Installation 1; # when invoking the installation module. - ~[^\&]*(?:Dashboard|Live|Goals|Admin|Manager) 1; # some tasks - } -map $arg_action $lhc_stats_no_cache { - ## The first installation steps don't invoke the installation module. - systemCheck 1; - databaseSetup 1; - } -map $http_cookie $lhc_stats_no_cache { - ## Testing for the session cookie being present. - ## If there is then no caching is to be done. - ~PIWIK_SESSID 1; # Piwik session cookie - } - -# vim: ft=sh diff --git a/etc/nginx/site.d/lhc-stats/local.conf b/etc/nginx/site.d/lhc-stats/local.conf deleted file mode 100644 index b5f622c..0000000 --- a/etc/nginx/site.d/lhc-stats/local.conf +++ /dev/null @@ -1,5 +0,0 @@ -listen 80; - -location = /index.php { - return 302 "https://$http_host/index.php"; - } diff --git a/etc/nginx/site.d/lhc-stats/local.sh b/etc/nginx/site.d/lhc-stats/local.sh deleted file mode 100644 index 39f1725..0000000 --- a/etc/nginx/site.d/lhc-stats/local.sh +++ /dev/null @@ -1,5 +0,0 @@ -pool=lhc_stats -sudo adduser php_"$pool" www-"$site" -sudo adduser www-"$site"-tls www-"$site" -"$tool"/local/mysql-user-create php_"$pool" -"$tool"/local/mysql-database-create php_"$pool" diff --git a/etc/nginx/site.d/lhc-stats/site.conf b/etc/nginx/site.d/lhc-stats/site.conf deleted file mode 100644 index a70dfea..0000000 --- a/etc/nginx/site.d/lhc-stats/site.conf +++ /dev/null @@ -1,82 +0,0 @@ -server_name stats.heureux-cyclage.org; - -client_body_buffer_size 8k; -client_max_body_size 10m; - -if ($bad_bot) { - return 444; - } -#if ($bad_referer) { -# return 444; -# } - -#location ~ /\. { -# access_log off; -# deny all; -# log_not_found off; -# } -location ~* ^.+\.(?:css|gif|jpe?g|js|png|swf)$ { - ## Defining the valid referers. - ## Disallow any usage of piwik assets if referer is non valid. - valid_referers none blocked - server_names - .cyclocoop.org - .heureux-cyclage.org - .ptitvelo.net - .velosenville.org - .wiklou.org; - if ($invalid_referer) { - return 444; - } - - expires max; - # NOTE: Static files use the OS buffer cache. - open_file_cache max=500 inactive=120s; - open_file_cache_errors off; - open_file_cache_min_uses 2; - open_file_cache_valid 45s; - tcp_nodelay off; - } -location = /favicon.ico { - ## Support for favicon. Return a 204 (No Content) if the favicon doesn't exist. - try_files /favicon.ico =204; - } -location / { - ## Try all locations and relay to index.php as a fallback. - try_files $uri /index.php?$query_string; - } -location = /piwik.php { - ## Relay all piwik.php requests to fastcgi. - include /etc/nginx/conf.d/fastcgi.conf; - add_header X-Piwik-Long-Cache $upstream_cache_status; - expires epoch; - fastcgi_cache microcache; - fastcgi_cache_bypass $lhc_stats_no_cache; - fastcgi_cache_use_stale error timeout invalid_header updating http_500; - fastcgi_cache_valid 200 301 2h; - fastcgi_cache_valid 302 30m; - fastcgi_cache_valid 404 10m; - fastcgi_ignore_headers Cache-Control Expires; - fastcgi_no_cache $lhc_stats_no_cache; - fastcgi_param REDIRECT_STATUS 200; - - fastcgi_pass php_fpm_lhc_stats; - } -location ~* ^.+\.php$ { - ## Any other attempt to access PHP files redirects to the root. - return 302 /; - } -location ~* (?:DESIGN|(?:gpl|README|LICENSE)[^.]*|LEGALNOTICE)(?:\.txt)*$ { - ## Redirect to the root if attempting to access a txt file. - return 302 /; - } -location ~* \.(?:bat|git|ini|sh|svn[^.]*|txt|tpl|xml)$ { - ## Disallow access to several helper files. - return 404; - } -location = /robots.txt { - ## No crawling of this site for bots that obey robots.txt. - return 200 "User-agent: *\nDisallow: /\n"; - } - -# vim: ft=sh diff --git a/etc/openssl/stats.heureux-cyclage.org/ca b/etc/openssl/stats.heureux-cyclage.org/ca deleted file mode 120000 index 6d4a070..0000000 --- a/etc/openssl/stats.heureux-cyclage.org/ca +++ /dev/null @@ -1 +0,0 @@ -../heureux-cyclage.org \ No newline at end of file diff --git a/etc/openssl/stats.heureux-cyclage.org/host.cfg b/etc/openssl/stats.heureux-cyclage.org/host.cfg deleted file mode 100644 index 0cbab4e..0000000 --- a/etc/openssl/stats.heureux-cyclage.org/host.cfg +++ /dev/null @@ -1,70 +0,0 @@ - SERVICE = stats - RANDFILE = var/sec/x509/openssl.rand - oid_section = extra_oids -[ extra_oids ] - # NOTE: pour une éventuelle validation étendue (Extended Validation (EV)) - jurisdictionOfIncorporationLocalityName = 1.3.6.1.4.1.311.60.2.1.1 - jurisdictionOfIncorporationStateOrProvinceName = 1.3.6.1.4.1.311.60.2.1.2 - jurisdictionOfIncorporationCountryName = 1.3.6.1.4.1.311.60.2.1.3 -[ req ] - prompt = no - distinguished_name = distinguished_name - string_mask = pkix - #x509_extensions = root_extensions - #req_extensions = extension - #attributes = req_attributes -[ distinguished_name ] - countryName = $ENV::x509_country - stateOrProvinceName = $ENV::x509_state_or_province - localityName = $ENV::x509_state_or_province - 0.organizationName = $ENV::x509_organization - organizationalUnitName = Service de statistiques - commonName = $SERVICE.$ENV::x509_host - businessCategory = $ENV::x509_business_category - jurisdictionOfIncorporationLocalityName = $ENV::x509_state_or_province - jurisdictionOfIncorporationStateOrProvinceName = $ENV::x509_state_or_province - jurisdictionOfIncorporationCountryName = $ENV::x509_country -[ extensions ] - basicConstraints = critical,CA:FALSE,pathlen:0 - keyUsage = keyEncipherment - subjectAltName = email:contact+$SERVICE@$ENV::x509_host,DNS:$SERVICE.$ENV::x509_host - subjectKeyIdentifier = hash - issuerAltName = issuer:copy - authorityKeyIdentifier = keyid:always,issuer:always - authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/x509/crt.pem - crlDistributionPoints = URI:http://www.$ENV::x509_host/x509/$SERVICE/crl.pem - certificatePolicies = @certificate_policies -[ self_signed_extensions ] - basicConstraints = critical,CA:TRUE,pathlen:0 - keyUsage = keyCertSign,cRLSign,digitalSignature,keyEncipherment - subjectAltName = email:contact+$SERVICE@$ENV::x509_host,DNS:$SERVICE.$ENV::x509_host - subjectKeyIdentifier = hash - issuerAltName = issuer:copy - authorityKeyIdentifier = keyid:always,issuer:always - authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/x509/$SERVICE/crt.pem - crlDistributionPoints = URI:http://www.$ENV::x509_host/x509/$SERVICE/crl.pem -[ user_extensions ] - basicConstraints = critical,CA:FALSE,pathlen:0 - keyUsage = digitalSignature,keyEncipherment - subjectAltName = email:$ENV::user@$ENV::x509_host - subjectKeyIdentifier = hash - issuerAltName = issuer:copy - authorityKeyIdentifier = keyid:always,issuer:always - authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/x509/$SERVICE/crt.pem -[ certificate_policies ] - policyIdentifier = 1.2.250.1.42 - CPS.1 = https://www.$ENV::x509_host/x509/cps -[ ca ] - private_key = var/sec/x509/$ENV::x509/key.pem - dir = var/pub/x509/$ENV::x509 - crl_dir = $dir - crlnumber = $dir/crl.num - crl = $dir/crl.pem - database = $dir/idx.txt -[ self_signed_ca ] - private_key = var/sec/x509/$ENV::x509/key.pem - dir = var/pub/x509/$ENV::x509 - crl_dir = $dir - crlnumber = $dir/crl.self-signed.num - crl = $dir/crl.self-signed.pem - database = $dir/idx.self-signed.txt diff --git a/etc/openssl/stats.heureux-cyclage.org/user.cfg b/etc/openssl/stats.heureux-cyclage.org/user.cfg deleted file mode 100644 index bdb56cb..0000000 --- a/etc/openssl/stats.heureux-cyclage.org/user.cfg +++ /dev/null @@ -1,14 +0,0 @@ - SERVICE = stats - HOME = . - RANDFILE = var/sec/x509/openssl.rand -[ req ] - prompt = no - distinguished_name = user_distinguished_name - string_mask = pkix -[ user_distinguished_name ] - countryName = $ENV::x509_country - stateOrProvinceName = $ENV::x509_state_or_province - #localityName = - 0.organizationName = $ENV::x509_organization - organizationalUnitName = Certificat utilisateurice du service de statistiques - commonName = $ENV::user diff --git a/var/pub/openpgp/trustdb.gpg b/var/pub/openpgp/trustdb.gpg index 06d643f30d83443ef53e6672a6a1615bc1f28df2..87f0eb09a58c57042da5a77d0c8345dd45f998e0 100644 GIT binary patch delta 32 mcmcb?cY{xaF})z2nUxU;7#Kny$mu1&?=+ZbD7;bKkR1Sw0SKJ{ delta 32 mcmcb?cY{xaF})z2nUxU;7#M;aAH59SCM!MBP