William/Personal-Rancher-Catalog
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' into 'develop/gogs'

Browse Source 
# Conflicts:
#   templates/Gogs/0/rancher-compose.yml
This commit is contained in:
William Miceli
2019-02-06 20:27:39 -05:00
parent 794f59fec8 2b5208d2e3
commit b139037863
76 changed files with 5314 additions and 292 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
README.md
View File

@@ -1,3 +1,61 @@
# WilliamMiceli's Personal Rancher Catalog # WilliamMiceli's Personal Rancher Catalog
My personal rancher catalog to make my own life just a little bit easier. My personal rancher catalog to make my own life just a little bit easier.
Hopefully it can also be of use to others as well!
## TODO List
* Have DATA_DIR be optional
* Include logos for all stacks
* Include descriptions and setup instructions for all stacks
## Stack Completion Statuses
- [ ] Adminer ([Docker Hub](https://hub.docker.com/_/adminer) | [Website](https://www.adminer.org/en/))
- [x] Apache Guacamole ([Docker Hub](https://hub.docker.com/r/guacamole/guacamole) | [Website](https://guacamole.apache.org/))
- [x] Bind ([Docker Hub](https://hub.docker.com/r/sameersbn/bind))
- [ ] Discourse ([Docker Hub](https://hub.docker.com/_/discourse) | [Website](https://www.discourse.org/))
- [ ] Drupal ([Docker Hub](https://hub.docker.com/_/drupal) | [Website](https://www.drupal.org/))
- [ ] Eclipse Che ([Docker Hub](https://hub.docker.com/_/eclipse-che) | [Website](https://www.eclipse.org/che/))
- [ ] Emby ([Docker Hub](https://hub.docker.com/r/emby/embyserver) | [Website](https://emby.media/))
- [x] Ghost ([Docker Hub](https://hub.docker.com/_/ghost) | [Website](https://ghost.org/))
- [ ] Gitea ([Docker Hub](https://hub.docker.com/r/gitea/gitea) | [Website](https://gitea.io/en-us/))
- [ ] GitPitch Pro ([Docker Hub](https://hub.docker.com/_/gitpitch-pro) | [Website](https://gitpitch.com/))
- [ ] Gogs ([Docker Hub](https://hub.docker.com/r/gogs/gogs) | [Website](https://gogs.io/))
- [ ] Grafana ([Docker Hub](https://hub.docker.com/r/grafana/grafana) | [Website](https://grafana.com/))
- [x] HTTPD ([Docker Hub](https://hub.docker.com/_/httpd) | [Website](http://httpd.apache.org/))
- [x] InvoiceNinja ([Docker Hub](https://hub.docker.com/r/invoiceninja/invoiceninja) | [Website](https://www.invoiceninja.org/))
- [ ] Joomla ([Docker Hub](https://hub.docker.com/_/joomla) | [Website](https://www.joomla.org/))
- [ ] Logstash ([Docker Hub](https://hub.docker.com/_/logstash) | [Website](https://www.elastic.co/products/logstash))
- [ ] Matomo ([Docker Hub](https://hub.docker.com/_/matomo) | [Website](https://matomo.org/))
- [ ] MediaWiki ([Docker Hub](https://hub.docker.com/_/mediawiki) | [Website](https://www.mediawiki.org/))
- [ ] Memcached ([Docker Hub](https://hub.docker.com/_/memcached) | [Website](https://www.memcached.org/))
- [ ] MySQL ([Docker Hub](https://hub.docker.com/_/mysql) | [Website](https://www.mysql.com/))
- [x] Nextcloud ([Docker Hub](https://hub.docker.com/_/nextcloud) | [Website](https://nextcloud.com/))
- [ ] Nginx ([Docker Hub](https://hub.docker.com/_/nginx) | [Website](https://www.nginx.com/))
- [ ] Node RED ([Docker Hub](https://hub.docker.com/r/nodered/node-red-docker) | [Website](https://nodered.org/))
- [x] OpenProject ([Docker Hub](https://hub.docker.com/r/openproject/community) | [Website](https://www.openproject.org/))
- [x] PHPMyAdmin ([Docker Hub](https://hub.docker.com/r/phpmyadmin/phpmyadmin) | [Website](https://www.phpmyadmin.net/))
- [ ] PostgreSQL ([Docker Hub](https://hub.docker.com/_/postgres) | [Website](https://www.postgresql.org/))
- [ ] Redis ([Docker Hub](https://hub.docker.com/_/redis) | [Website](https://redis.io/))
- [ ] Redmine ([Docker Hub](https://hub.docker.com/_/redmine) | [Website](http://www.redmine.org/))
- [ ] Rocket.Chat ([Docker Hub](https://hub.docker.com/_/rocketchat) | [Website](https://rocket.chat/))
- [x] Snipe-IT ([Docker Hub](https://hub.docker.com/r/snipe/snipe-it) | [Website](https://snipeitapp.com/))
- [x] Traefik ([Docker Hub](https://hub.docker.com/_/traefik) | [Website](https://traefik.io/))
- [x] WordPress ([Docker Hub](https://hub.docker.com/_/wordpress) | [Website](https://wordpress.com/))
- [x] XWiki ([Docker Hub](https://hub.docker.com/_/xwiki) | [Website](https://www.xwiki.org/))
- [ ] YOURLS ([Docker Hub](https://hub.docker.com/_/yourls) | [Website](http://yourls.org/))
### Will Complete at a Later Date
- [ ] Pydio Cells ([Docker Hub](https://hub.docker.com/r/pydio/cells/) | [Website](https://pydio.com/en/))
- [ ] Transmission ([Docker Hub](https://hub.docker.com/r/linuxserver/transmission) | [Website](https://transmissionbt.com/))
## Notices
* I use Traefik for routing all traffic to/from my services, and although it's an awesome piece of software, it's biggest limitation (to me) is that it cannot be a reverse proxy for SSH connections until [TCP connections are implemented](https://github.com/containous/traefik/issues/10). Until then, all of my own systems simply have SSH disabled, since I can't even test out if it would work for someone else using a different setup.
## Using These Templates For Non-Rancher Configurations
* Rancher provides networking for stacks, so any declarations to `networks` and `expose` are ignored (excluding `ports`).
* Instead, network policies can be created within Rancher's "Environments"

2
templates/Bind/0/docker-compose.yml
View File

@@ -23,4 +23,4 @@ services:
{{- end}} {{- end}}
restart: on-failure restart: on-failure
volumes: volumes:
- /RancherCattleData/${DATA_DIR}/Data:/data - /RancherCattle/${DATA_DIR}/Data:/data

2
templates/Bind/0/rancher-compose.yml
View File

@@ -11,7 +11,7 @@ catalog:
- variable: "HOST_LABEL" - variable: "HOST_LABEL"
label: "Host Label Key/Value Pair" label: "Host Label Key/Value Pair"
description: | description: |
The Key/Value pair on the host which Bind should be deployed. The Key/Value pair of the host which Bind should be deployed.
default: "host.id=Controller" default: "host.id=Controller"
required: false required: false
type: string type: string

2
templates/Ghost/0/rancher-compose.yml
View File

@@ -12,7 +12,7 @@ catalog:
- variable: "HOST_LABEL" - variable: "HOST_LABEL"
label: "Host Label Key/Value Pair" label: "Host Label Key/Value Pair"
description: | description: |
The Key/Value pair on the host which the stack should be deployed. The Key/Value pair of the host which the stack should be deployed.
default: "host.id=Host1" default: "host.id=Host1"
required: false required: false
type: string type: string

0
templates/Gitlab-CE/0/README.md → templates/GitLab-CE/0/README.md
View File

0
templates/Gitlab-CE/0/docker-compose.yml → templates/GitLab-CE/0/docker-compose.yml
View File

0
templates/Gitlab-CE/0/rancher-compose.yml → templates/GitLab-CE/0/rancher-compose.yml
View File

0
templates/Gitlab-CE/catalogIcon-gitlab.svg → templates/GitLab-CE/catalogIcon-gitlab.svg
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 15 KiB

After

Width:  |  Height:  |  Size: 15 KiB

0
templates/Gitlab-CE/config.yml → templates/GitLab-CE/config.yml
View File

4
templates/Gogs/0/rancher-compose.yml
View File

@@ -11,7 +11,7 @@ catalog:
- variable: "HOST_LABEL" - variable: "HOST_LABEL"
label: "Host Label Key/Value Pair" label: "Host Label Key/Value Pair"
description: | description: |
The Label Key/Value pair on the host which containers should be deployed The Label Key/Value pair of the host which containers should be deployed
default: "host.id=Host1" default: "host.id=Host1"
required: false required: false
type: string type: string
@@ -33,7 +33,7 @@ catalog:
type: password type: password
- variable: "DB_USER_PASS" - variable: "DB_USER_PASS"
label: "MySQL User Password" label: "Database User Password"
description: | description: |
A secure password to be used by the "gogs_user" database user. A secure password to be used by the "gogs_user" database user.
# default: # default:

17
templates/Guacamole/0/README.md
View File

@@ -1 +1,16 @@
# Guacamole # Guacamole
## Initial Setup
On the "guacamole" container, run:
`/opt/guacamole/bin/initdb.sh --mysql > /setup/initdb.sql`
On the "mysql" container, run:
`cat /setup/initdb.sql | mysql -u root -p guacamole_db`
## Post-Installation
Make sure you create your own user account and delete the "guacadmin" user (or at very least change the password)
## TODO
* Allow adding extensions

129
templates/Guacamole/0/docker-compose.yml
View File

@@ -1,49 +1,80 @@
database-data: version: '2'
image: busybox
labels: services:
io.rancher.container.start_once: 'true' guacamole:
net: none image: guacamole/guacamole:latest
entrypoint: /bin/true dns:
volumes: - 1.1.1.1
- /var/lib/mysql - 1.0.0.1
- /docker-entrypoint-initdb.d environment:
database: GUACD_HOSTNAME: guacd
image: mariadb MYSQL_HOSTNAME: mysql
environment: MYSQL_DATABASE: guacamole_db
MYSQL_DATABASE: ${guacamole_db} MYSQL_USER: guacamole_user
MYSQL_ONETIME_PASSWORD: 'true' MYSQL_PASSWORD: ${DB_USER_PASS}
MYSQL_PASSWORD: ${guacamole_password} labels:
MYSQL_RANDOM_ROOT_PASSWORD: 'true' io.rancher.container.pull_image: always
MYSQL_USER: ${guacamole_user} {{- if .Values.HOST_LABEL}}
volumes_from: io.rancher.scheduler.affinity:host_label: ${HOST_LABEL}
- database-data {{- end}}
labels: traefik.enable: true
io.rancher.sidekicks: setup-get-db-script, database-data ### Start HTTP Segment (Each EntryPoint has it's own segment, that way on initial HTTP connection, the prefix isn't added twice)
setup-get-db-script: traefik.http.frontend.entryPoints: http
image: glyptodon/guacamole:0.9.10-incubating traefik.http.frontend.headers.SSLRedirect: true
net: none traefik.http.frontend.rule: Host:${TRAEFIK_HOSTNAME}
volumes_from: traefik.http.port: "8080"
- database-data ### End HTTP Segment
command: ### Start HTTPS Segment
- bash traefik.https.frontend.entryPoints: https
- -c traefik.https.frontend.headers.forceSTSHeader: true
- /opt/guacamole/bin/initdb.sh --mysql > /docker-entrypoint-initdb.d/initdb.sql traefik.https.frontend.headers.referrerPolicy: no-referrer # Security enhancement (Prevents leaking of referer information)
labels: traefik.https.frontend.headers.STSPreload: true
io.rancher.container.start_once: 'true' traefik.https.frontend.headers.STSSeconds: 15552000
guacd: traefik.https.frontend.rule: "Host:${TRAEFIK_HOSTNAME}; AddPrefix:/guacamole"
image: glyptodon/guacd:0.9.10-incubating traefik.https.port: "8080"
guacamole: ### End HTTPS Segment
image: glyptodon/guacamole:0.9.10-incubating links:
environment: - guacd
MYSQL_DATABASE: ${guacamole_db} - mysql
MYSQL_HOSTNAME: database restart: on-failure
MYSQL_PASSWORD: ${guacamole_password} volumes:
MYSQL_USER: ${guacamole_user} - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system
links: - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system
- guacd:guacd - /RancherCattle/${DATA_DIR}/Setup:/setup # Used to make initial setup much simpler
ports: guacd:
- ${public_port}:8080/tcp image: guacamole/guacd:latest
command: dns:
- /bin/bash - 1.1.1.1
- -c - 1.0.0.1
- cd /usr/local/tomcat/webapps;rm -rf ROOT/; ln -s guacamole.war ROOT.war; /opt/guacamole/bin/start.sh; labels:
io.rancher.container.pull_image: always
{{- if .Values.HOST_LABEL}}
io.rancher.scheduler.affinity:host_label: ${HOST_LABEL}
{{- end}}
traefik.enable: false
restart: on-failure
volumes:
- /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system
- /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system
mysql:
image: mysql:5
dns:
- 1.1.1.1
- 1.0.0.1
environment:
MYSQL_DATABASE: guacamole_db
MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASS}
MYSQL_USER: guacamole_user
MYSQL_PASSWORD: ${DB_USER_PASS}
labels:
io.rancher.container.pull_image: always
{{- if .Values.HOST_LABEL}}
io.rancher.scheduler.affinity:host_label: ${HOST_LABEL}
{{- end}}
traefik.enable: false
restart: on-failure
volumes:
- /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system
- /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system
- /RancherCattle/${DATA_DIR}/Database:/var/lib/mysql
- /RancherCattle/${DATA_DIR}/Setup:/setup # Used to make initial setup much simpler

91
templates/Guacamole/0/rancher-compose.yml
View File

@@ -6,70 +6,45 @@ catalog:
# minimum_rancher_version: # minimum_rancher_version:
# maximum_rancher_version: # maximum_rancher_version:
# upgrade_from: # upgrade_from:
# uuid:
questions: questions:
- variable: "guacamole_db" - variable: "HOST_LABEL"
label: "MySQL Database Name" label: "Host Label Key/Value Pair"
description: "Your MYSQL guacamole database name" description: |
default: "guacamole_db" The Key/Value pair of the host which the stack should be deployed.
required: true default: "host.id=Controller"
type: "string" required: false
type: string
- variable: "guacamole_user" - variable: "TRAEFIK_HOSTNAME"
label: "MySQL Database User" label: "Public Hostname"
description: "Your MYSQL guacamole user name" description: |
The FQDN which Traefik should use to provide public access.
default: "subdomain.domain.tld"
required: true required: true
default: "guacamole_user" type: string
type: "string"
- variable: "guacamole_password" - variable: "DB_ROOT_PASS"
label: "MySQL Database Password" label: "Database Root Password"
description: "Your MYSQL guacamole user password. Defaults to \"guacamole_password\"" description: |
A secure password to be used by the "root" user.
# default:
required: true required: true
default: "guacamole_password" type: password
type: "password"
- variable: "public_port" - variable: "DB_USER_PASS"
label: "Public Port" label: "Database User Password"
description: "The public port that Guacamole listens on, defaults to 8080" description: |
A secure password to be used by the "guacamole_user" user.
# default:
required: true required: true
default: 8080 type: password
type: "int"
services: - variable: "DATA_DIR"
guacamole: label: "Data Directory"
scale: 1 description: |
health_check: The directory to store persistent data for the stack.
healthy_threshold: 2 default: "Personal/Guacamole"
response_timeout: 2000 required: true
port: 8080 type: string
unhealthy_threshold: 3
initializing_timeout: 60000
interval: 2000
strategy: recreate
request_line: GET "/guacamole" "HTTP/1.0"
reinitializing_timeout: 60000
guacd:
scale: 1
health_check:
healthy_threshold: 2
response_timeout: 2000
port: 4822
unhealthy_threshold: 3
initializing_timeout: 60000
interval: 2000
strategy: recreate
reinitializing_timeout: 60000
setup-get-db-script:
scale: 1
database:
scale: 1
health_check:
healthy_threshold: 2
response_timeout: 2000
port: 3306
unhealthy_threshold: 3
initializing_timeout: 60000
interval: 2000
strategy: recreate
reinitializing_timeout: 60000

4
templates/Guacamole/config.yml
View File

@@ -1,7 +1,7 @@
name: Apache Guacamole name: Apache Guacamole
description: | description: |
Status: NOT READY A clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH.
# version: version: latest
#category: #category:
maintainer: WilliamMiceli maintainer: WilliamMiceli
# license: # license:

7
templates/HTTPD/0/README.md Normal file
View File

@@ -0,0 +1,7 @@
# httpd
https://docs.docker.com/samples/library/httpd/
# ToDo's
* Add better trusted proxies configuration

44
templates/HTTPD/0/docker-compose.yml Normal file
View File

@@ -0,0 +1,44 @@
version: '2'
services:
httpd:
image: httpd:alpine
dns:
- 1.1.1.1
- 1.0.0.1
labels:
io.rancher.container.pull_image: always
{{- if .Values.HOST_LABEL}}
io.rancher.scheduler.affinity:host_label: ${HOST_LABEL}
{{- end}}
{{- if .Values.TRAEFIK_HOST}}
traefik.enable: true
### Start Web Segment
traefik.frontend.entryPoints: http,https
traefik.frontend.headers.forceSTSHeader: true
traefik.frontend.headers.referrerPolicy: no-referrer
traefik.frontend.headers.SSLRedirect: true
traefik.frontend.headers.STSPreload: true
traefik.frontend.headers.STSSeconds: 15552000
traefik.frontend.rule: Host:${TRAEFIK_HOST}
traefik.port: "80"
### End Web Segment
{{- else}}
traefik.enable: false
{{- end}}
networks:
- public-proxy
{{- if .Values.WEB_PORT}}
ports:
- "${WEB_PORT}:80"
{{- end}}
restart: on-failure
volumes:
{{- if eq .Values.PERSIST_CONF "true"}}
- /RancherCattle/${DATA_DIR}/Configuration:/usr/local/apache2/conf
{{- end}}
- /RancherCattle/${DATA_DIR}/Public-HTML:/usr/local/apache2/htdocs/
networks:
public-proxy:
external: true

51
templates/HTTPD/0/rancher-compose.yml Normal file
View File

@@ -0,0 +1,51 @@
version: '2'
catalog:
name: Apache httpd
version: latest
# description:
# minimum_rancher_version:
# maximum_rancher_version:
# upgrade_from:
questions:
- variable: "HOST_LABEL"
label: "Host Label Key/Value Pair"
description: |
The Label Key/Value pair of the host which containers should be deployed
default: "host.id=Host1"
required: false
type: string
- variable: "TRAEFIK_HOST"
label: "Public Host Domain"
description: |
The host that Traefik will use to provide public access.
Leaving this empty will disable Traefik on this stack.
default: "subdomain.domain.tld"
required: false
type: string
- variable: "WEB_PORT"
label: "Web Port"
description: |
The port to locally access the web interface on.
Leaving this empty will disable opening any port on the host system.
default: "10900"
required: false
type: int
- variable: "PERSIST_CONF"
label: "Persistent Configuration"
description: |
Have a persistent "conf" directory.
default: true
required: true
type: boolean
- variable: "DATA_DIR"
label: "Data Directory"
description: |
The directory to store persistent data for the stack.
default: "Personal/HTTPD"
required: true
type: string

93
templates/HTTPD/Default/conf/extra/httpd-autoindex.conf Normal file
View File

@@ -0,0 +1,93 @@
#
# Directives controlling the display of server-generated directory listings.
#
# Required modules: mod_authz_core, mod_authz_host,
# mod_autoindex, mod_alias
#
# To see the listing of a directory, the Options directive for the
# directory must include "Indexes", and the directory must not contain
# a file matching those listed in the DirectoryIndex directive.
#
#
# IndexOptions: Controls the appearance of server-generated directory
# listings.
#
IndexOptions FancyIndexing HTMLTable VersionSort
# We include the /icons/ alias for FancyIndexed directory listings. If
# you do not use FancyIndexing, you may comment this out.
#
Alias /icons/ "/usr/local/apache2/icons/"
<Directory "/usr/local/apache2/icons">
Options Indexes MultiViews
AllowOverride None
Require all granted
</Directory>
#
# AddIcon* directives tell the server which icon to show for different
# files or filename extensions. These are only displayed for
# FancyIndexed directories.
#
AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*
AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core
AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^
#
# DefaultIcon is which icon to show for files which do not have an icon
# explicitly set.
#
DefaultIcon /icons/unknown.gif
#
# AddDescription allows you to place a short description after a file in
# server-generated indexes. These are only displayed for FancyIndexed
# directories.
# Format: AddDescription "description" filename
#
#AddDescription "GZIP compressed document" .gz
#AddDescription "tar archive" .tar
#AddDescription "GZIP compressed tar archive" .tgz
#
# ReadmeName is the name of the README file the server will look for by
# default, and append to directory listings.
#
# HeaderName is the name of a file which should be prepended to
# directory indexes.
ReadmeName README.html
HeaderName HEADER.html
#
# IndexIgnore is a set of filenames which directory indexing should ignore
# and not include in the listing. Shell-style wildcarding is permitted.
#
IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t

50
templates/HTTPD/Default/conf/extra/httpd-dav.conf Normal file
View File

@@ -0,0 +1,50 @@
#
# Distributed authoring and versioning (WebDAV)
#
# Required modules: mod_alias, mod_auth_digest, mod_authn_core, mod_authn_file,
# mod_authz_core, mod_authz_user, mod_dav, mod_dav_fs,
# mod_setenvif
# The following example gives DAV write access to a directory called
# "uploads" under the ServerRoot directory.
#
# The User/Group specified in httpd.conf needs to have write permissions
# on the directory where the DavLockDB is placed and on any directory where
# "Dav On" is specified.
DavLockDB "/usr/local/apache2/var/DavLock"
Alias /uploads "/usr/local/apache2/uploads"
<Directory "/usr/local/apache2/uploads">
Dav On
AuthType Digest
AuthName DAV-upload
# You can use the htdigest program to create the password database:
# htdigest -c "/usr/local/apache2/user.passwd" DAV-upload admin
AuthUserFile "/usr/local/apache2/user.passwd"
AuthDigestProvider file
# Allow universal read-access, but writes are restricted
# to the admin user.
<RequireAny>
Require method GET POST OPTIONS
Require user admin
</RequireAny>
</Directory>
#
# The following directives disable redirects on non-GET requests for
# a directory that does not include the trailing slash. This fixes a
# problem with several clients that do not appropriately handle
# redirects for folders with DAV methods.
#
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "MS FrontPage" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[01234]" redirect-carefully
BrowserMatch "^gnome-vfs/1.0" redirect-carefully
BrowserMatch "^XML Spy" redirect-carefully
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
BrowserMatch " Konqueror/4" redirect-carefully

90
templates/HTTPD/Default/conf/extra/httpd-default.conf Normal file
View File

@@ -0,0 +1,90 @@
#
# This configuration file reflects default settings for Apache HTTP Server.
#
# You may change these, but chances are that you may not need to.
#
#
# Timeout: The number of seconds before receives and sends time out.
#
Timeout 60
#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive On
#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
MaxKeepAliveRequests 100
#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
KeepAliveTimeout 5
#
# UseCanonicalName: Determines how Apache constructs self-referencing
# URLs and the SERVER_NAME and SERVER_PORT variables.
# When set "Off", Apache will use the Hostname and Port supplied
# by the client. When set "On", Apache will use the value of the
# ServerName directive.
#
UseCanonicalName Off
#
# AccessFileName: The name of the file to look for in each directory
# for additional configuration directives. See also the AllowOverride
# directive.
#
AccessFileName .htaccess
#
# ServerTokens
# This directive configures what you return as the Server HTTP response
# Header. The default is 'Full' which sends information about the OS-Type
# and compiled in modules.
# Set to one of: Full | OS | Minor | Minimal | Major | Prod
# where Full conveys the most information, and Prod the least.
#
ServerTokens Full
#
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (internal error documents, FTP directory
# listings, mod_status and mod_info output etc., but not CGI generated
# documents or custom error documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of: On | Off | EMail
#
ServerSignature Off
#
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., www.apache.org (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on, since enabling it means that
# each client request will result in AT LEAST one lookup request to the
# nameserver.
#
HostnameLookups Off
#
# Set a timeout for how long the client may take to send the request header
# and body.
# The default for the headers is header=20-40,MinRate=500, which means wait
# for the first byte of headers for 20 seconds. If some data arrives,
# increase the timeout corresponding to a data rate of 500 bytes/s, but not
# above 40 seconds.
# The default for the request body is body=20,MinRate=500, which is the same
# but has no upper limit for the timeout.
# To disable, set to header=0 body=0
#
<IfModule reqtimeout_module>
RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500
</IfModule>

36
templates/HTTPD/Default/conf/extra/httpd-info.conf Normal file
View File

@@ -0,0 +1,36 @@
#
# Get information about the requests being processed by the server
# and the configuration of the server.
#
# Required modules: mod_authz_core, mod_authz_host,
# mod_info (for the server-info handler),
# mod_status (for the server-status handler)
#
# Allow server status reports generated by mod_status,
# with the URL of http://servername/server-status
# Change the ".example.com" to match your domain to enable.
<Location /server-status>
SetHandler server-status
Require host .example.com
Require ip 127
</Location>
#
# ExtendedStatus controls whether Apache will generate "full" status
# information (ExtendedStatus On) or just basic information (ExtendedStatus
# Off) when the "server-status" handler is called. The default is Off.
#
#ExtendedStatus On
#
# Allow remote server configuration reports, with the URL of
# http://servername/server-info (requires that mod_info.c be loaded).
# Change the ".example.com" to match your domain to enable.
#
<Location /server-info>
SetHandler server-info
Require host .example.com
Require ip 127
</Location>

141
templates/HTTPD/Default/conf/extra/httpd-languages.conf Normal file
View File

@@ -0,0 +1,141 @@
#
# Settings for hosting different languages.
#
# Required modules: mod_mime, mod_negotiation
# DefaultLanguage and AddLanguage allows you to specify the language of
# a document. You can then use content negotiation to give a browser a
# file in a language the user can understand.
#
# Specify a default language. This means that all data
# going out without a specific language tag (see below) will
# be marked with this one. You probably do NOT want to set
# this unless you are sure it is correct for all cases.
#
# * It is generally better to not mark a page as
# * being a certain language than marking it with the wrong
# * language!
#
# DefaultLanguage nl
#
# Note 1: The suffix does not have to be the same as the language
# keyword --- those with documents in Polish (whose net-standard
# language code is pl) may wish to use "AddLanguage pl .po" to
# avoid the ambiguity with the common suffix for perl scripts.
#
# Note 2: The example entries below illustrate that in some cases
# the two character 'Language' abbreviation is not identical to
# the two character 'Country' code for its country,
# E.g. 'Danmark/dk' versus 'Danish/da'.
#
# Note 3: In the case of 'ltz' we violate the RFC by using a three char
# specifier. There is 'work in progress' to fix this and get
# the reference data for rfc1766 cleaned up.
#
# Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl)
# English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de)
# Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja)
# Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn)
# Norwegian (no) - Polish (pl) - Portugese (pt)
# Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv)
# Turkish (tr) - Simplified Chinese (zh-CN) - Spanish (es)
# Traditional Chinese (zh-TW)
#
AddLanguage ca .ca
AddLanguage cs .cz .cs
AddLanguage da .dk
AddLanguage de .de
AddLanguage el .el
AddLanguage en .en
AddLanguage eo .eo
AddLanguage es .es
AddLanguage et .et
AddLanguage fr .fr
AddLanguage he .he
AddLanguage hr .hr
AddLanguage it .it
AddLanguage ja .ja
AddLanguage ko .ko
AddLanguage ltz .ltz
AddLanguage nl .nl
AddLanguage nn .nn
AddLanguage no .no
AddLanguage pl .po
AddLanguage pt .pt
AddLanguage pt-BR .pt-br
AddLanguage ru .ru
AddLanguage sv .sv
AddLanguage tr .tr
AddLanguage zh-CN .zh-cn
AddLanguage zh-TW .zh-tw
# LanguagePriority allows you to give precedence to some languages
# in case of a tie during content negotiation.
#
# Just list the languages in decreasing order of preference. We have
# more or less alphabetized them here. You probably want to change this.
#
LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv tr zh-CN zh-TW
#
# ForceLanguagePriority allows you to serve a result page rather than
# MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback)
# [in case no accepted languages matched the available variants]
#
ForceLanguagePriority Prefer Fallback
#
# Commonly used filename extensions to character sets. You probably
# want to avoid clashes with the language extensions, unless you
# are good at carefully testing your setup after each change.
# See http://www.iana.org/assignments/character-sets for the
# official list of charset names and their respective RFCs.
#
AddCharset us-ascii.ascii .us-ascii
AddCharset ISO-8859-1 .iso8859-1 .latin1
AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen
AddCharset ISO-8859-3 .iso8859-3 .latin3
AddCharset ISO-8859-4 .iso8859-4 .latin4
AddCharset ISO-8859-5 .iso8859-5 .cyr .iso-ru
AddCharset ISO-8859-6 .iso8859-6 .arb .arabic
AddCharset ISO-8859-7 .iso8859-7 .grk .greek
AddCharset ISO-8859-8 .iso8859-8 .heb .hebrew
AddCharset ISO-8859-9 .iso8859-9 .latin5 .trk
AddCharset ISO-8859-10 .iso8859-10 .latin6
AddCharset ISO-8859-13 .iso8859-13
AddCharset ISO-8859-14 .iso8859-14 .latin8
AddCharset ISO-8859-15 .iso8859-15 .latin9
AddCharset ISO-8859-16 .iso8859-16 .latin10
AddCharset ISO-2022-JP .iso2022-jp .jis
AddCharset ISO-2022-KR .iso2022-kr .kis
AddCharset ISO-2022-CN .iso2022-cn .cis
AddCharset Big5.Big5 .big5 .b5
AddCharset cn-Big5 .cn-big5
# For russian, more than one charset is used (depends on client, mostly):
AddCharset WINDOWS-1251 .cp-1251 .win-1251
AddCharset CP866 .cp866
AddCharset KOI8 .koi8
AddCharset KOI8-E .koi8-e
AddCharset KOI8-r .koi8-r .koi8-ru
AddCharset KOI8-U .koi8-u
AddCharset KOI8-ru .koi8-uk .ua
AddCharset ISO-10646-UCS-2 .ucs2
AddCharset ISO-10646-UCS-4 .ucs4
AddCharset UTF-7 .utf7
AddCharset UTF-8 .utf8
AddCharset UTF-16 .utf16
AddCharset UTF-16BE .utf16be
AddCharset UTF-16LE .utf16le
AddCharset UTF-32 .utf32
AddCharset UTF-32BE .utf32be
AddCharset UTF-32LE .utf32le
AddCharset euc-cn .euc-cn
AddCharset euc-gb .euc-gb
AddCharset euc-jp .euc-jp
AddCharset euc-kr .euc-kr
#Not sure how euc-tw got in - IANA doesn't list it???
AddCharset EUC-TW .euc-tw
AddCharset gb2312 .gb2312 .gb
AddCharset iso-10646-ucs-2 .ucs-2 .iso-10646-ucs-2
AddCharset iso-10646-ucs-4 .ucs-4 .iso-10646-ucs-4
AddCharset shift_jis .shift_jis .sjis

38
templates/HTTPD/Default/conf/extra/httpd-manual.conf Normal file
View File

@@ -0,0 +1,38 @@
#
# Provide access to the documentation on your server as
# http://yourserver.example.com/manual/
# The documentation is always available at
# http://httpd.apache.org/docs/2.4/
#
# Required modules: mod_alias, mod_authz_core, mod_authz_host,
# mod_setenvif, mod_negotiation
#
AliasMatch ^/manual(?:/(?:da|de|en|es|fr|ja|ko|pt-br|ru|tr|zh-cn))?(/.*)?$ "/usr/local/apache2/manual$1"
<Directory "/usr/local/apache2/manual">
Options Indexes
AllowOverride None
Require all granted
<Files *.html>
SetHandler type-map
</Files>
# .tr is text/troff in mime.types!
RemoveType tr
# Traditionally, used .dk filename extension for da language
AddLanguage da .da
SetEnvIf Request_URI ^/manual/(da|de|en|es|fr|ja|ko|pt-br|ru|tr|zh-cn)/ prefer-language=$1
RedirectMatch 301 ^/manual(?:/(da|de|en|es|fr|ja|ko|pt-br|ru|tr|zh-cn)){2,}(/.*)?$ /manual/$1$2
# Reflect the greatest effort in translation (most content available),
# inferring greater attention to detail (potentially false assumption,
# counting translations presently in-sync would be more helpful.)
# Use caution counting; safest pattern is '*.xml.XX'. Recent .xml source
# document count: 266 214 110 94 82 25 22 18 4 1 1
LanguagePriority en fr ko ja tr es de zh-cn pt-br da ru
ForceLanguagePriority Prefer Fallback
</Directory>

119
templates/HTTPD/Default/conf/extra/httpd-mpm.conf Normal file
View File

@@ -0,0 +1,119 @@
#
# Server-Pool Management (MPM specific)
#
#
# PidFile: The file in which the server should record its process
# identification number when it starts.
#
# Note that this is the default PidFile for most MPMs.
#
<IfModule !mpm_netware_module>
PidFile "logs/httpd.pid"
</IfModule>
#
# Only one of the below sections will be relevant on your
# installed httpd. Use "apachectl -l" to find out the
# active mpm.
#
# prefork MPM
# StartServers: number of server processes to start
# MinSpareServers: minimum number of server processes which are kept spare
# MaxSpareServers: maximum number of server processes which are kept spare
# MaxRequestWorkers: maximum number of server processes allowed to start
# MaxConnectionsPerChild: maximum number of connections a server process serves
# before terminating
<IfModule mpm_prefork_module>
StartServers 5
MinSpareServers 5
MaxSpareServers 10
MaxRequestWorkers 250
MaxConnectionsPerChild 0
</IfModule>
# worker MPM
# StartServers: initial number of server processes to start
# MinSpareThreads: minimum number of worker threads which are kept spare
# MaxSpareThreads: maximum number of worker threads which are kept spare
# ThreadsPerChild: constant number of worker threads in each server process
# MaxRequestWorkers: maximum number of worker threads
# MaxConnectionsPerChild: maximum number of connections a server process serves
# before terminating
<IfModule mpm_worker_module>
StartServers 3
MinSpareThreads 75
MaxSpareThreads 250
ThreadsPerChild 25
MaxRequestWorkers 400
MaxConnectionsPerChild 0
</IfModule>
# event MPM
# StartServers: initial number of server processes to start
# MinSpareThreads: minimum number of worker threads which are kept spare
# MaxSpareThreads: maximum number of worker threads which are kept spare
# ThreadsPerChild: constant number of worker threads in each server process
# MaxRequestWorkers: maximum number of worker threads
# MaxConnectionsPerChild: maximum number of connections a server process serves
# before terminating
<IfModule mpm_event_module>
StartServers 3
MinSpareThreads 75
MaxSpareThreads 250
ThreadsPerChild 25
MaxRequestWorkers 400
MaxConnectionsPerChild 0
</IfModule>
# NetWare MPM
# ThreadStackSize: Stack size allocated for each worker thread
# StartThreads: Number of worker threads launched at server startup
# MinSpareThreads: Minimum number of idle threads, to handle request spikes
# MaxSpareThreads: Maximum number of idle threads
# MaxThreads: Maximum number of worker threads alive at the same time
# MaxConnectionsPerChild: Maximum number of connections a thread serves. It
# is recommended that the default value of 0 be set
# for this directive on NetWare. This will allow the
# thread to continue to service requests indefinitely.
<IfModule mpm_netware_module>
ThreadStackSize 65536
StartThreads 250
MinSpareThreads 25
MaxSpareThreads 250
MaxThreads 1000
MaxConnectionsPerChild 0
</IfModule>
# OS/2 MPM
# StartServers: Number of server processes to maintain
# MinSpareThreads: Minimum number of idle threads per process,
# to handle request spikes
# MaxSpareThreads: Maximum number of idle threads per process
# MaxConnectionsPerChild: Maximum number of connections per server process
<IfModule mpm_mpmt_os2_module>
StartServers 2
MinSpareThreads 5
MaxSpareThreads 10
MaxConnectionsPerChild 0
</IfModule>
# WinNT MPM
# ThreadsPerChild: constant number of worker threads in the server process
# MaxConnectionsPerChild: maximum number of connections a server process serves
<IfModule mpm_winnt_module>
ThreadsPerChild 150
MaxConnectionsPerChild 0
</IfModule>
# The maximum number of free Kbytes that every allocator is allowed
# to hold without calling free(). In threaded MPMs, every thread has its own
# allocator. When not set, or when set to zero, the threshold will be set to
# unlimited.
<IfModule !mpm_netware_module>
MaxMemFree 2048
</IfModule>
<IfModule mpm_netware_module>
MaxMemFree 100
</IfModule>

52
templates/HTTPD/Default/conf/extra/httpd-multilang-errordoc.conf Normal file
View File

@@ -0,0 +1,52 @@
#
# The configuration below implements multi-language error documents through
# content-negotiation.
#
# Required modules: mod_alias, mod_authz_core, mod_authz_host,
# mod_include, mod_negotiation
#
# We use Alias to redirect any /error/HTTP_<error>.html.var response to
# our collection of by-error message multi-language collections. We use
# includes to substitute the appropriate text.
#
# You can modify the messages' appearance without changing any of the
# default HTTP_<error>.html.var files by adding the line:
#
# Alias /error/include/ "/your/include/path/"
#
# which allows you to create your own set of files by starting with the
# /usr/local/apache2/error/include/ files and copying them to /your/include/path/,
# even on a per-VirtualHost basis. The default include files will display
# your Apache version number and your ServerAdmin email address regardless
# of the setting of ServerSignature.
Alias /error/ "/usr/local/apache2/error/"
<Directory "/usr/local/apache2/error">
AllowOverride None
Options IncludesNoExec
AddOutputFilter Includes html
AddHandler type-map var
Require all granted
LanguagePriority en cs de es fr it ja ko nl pl pt-br ro sv tr
ForceLanguagePriority Prefer Fallback
</Directory>
ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
ErrorDocument 410 /error/HTTP_GONE.html.var
ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var

290
templates/HTTPD/Default/conf/extra/httpd-ssl.conf Normal file
View File

@@ -0,0 +1,290 @@
#
# This is the Apache server configuration file providing SSL support.
# It contains the configuration directives to instruct the server how to
# serve pages over an https connection. For detailed information about these
# directives see <URL:http://httpd.apache.org/docs/2.4/mod/mod_ssl.html>
#
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
#
# Required modules: mod_log_config, mod_setenvif, mod_ssl,
# socache_shmcb_module (for default value of SSLSessionCache)
#
# Pseudo Random Number Generator (PRNG):
# Configure one or more sources to seed the PRNG of the SSL library.
# The seed data should be of good random quality.
# WARNING! On some platforms /dev/random blocks if not enough entropy
# is available. This means you then cannot use the /dev/random device
# because it would lead to very long connection times (as long as
# it requires to make more entropy available). But usually those
# platforms additionally provide a /dev/urandom device which doesn't
# block. So, if available, use this one instead. Read the mod_ssl User
# Manual for more details.
#
#SSLRandomSeed startup file:/dev/random 512
#SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/random 512
#SSLRandomSeed connect file:/dev/urandom 512
#
# When we also provide SSL we have to listen to the
# standard HTTP port (see above) and to the HTTPS port
#
Listen 443
##
## SSL Global Context
##
## All SSL configuration in this context applies both to
## the main server and all SSL-enabled virtual hosts.
##
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate,
# and that httpd will negotiate as the client of a proxied server.
# See the OpenSSL documentation for a complete list of ciphers, and
# ensure these follow appropriate best practices for this deployment.
# httpd 2.2.30, 2.4.13 and later force-disable aNULL, eNULL and EXP ciphers,
# while OpenSSL disabled these by default in 0.9.8zf/1.0.0r/1.0.1m/1.0.2a.
SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
# By the end of 2016, only TLSv1.2 ciphers should remain in use.
# Older ciphers should be disallowed as soon as possible, while the
# kRSA ciphers do not offer forward secrecy. These changes inhibit
# older clients (such as IE6 SP2 or IE8 on Windows XP, or other legacy
# non-browser tooling) from successfully connecting.
#
# To restrict mod_ssl to use only TLSv1.2 ciphers, and disable
# those protocols which do not support forward secrecy, replace
# the SSLCipherSuite and SSLProxyCipherSuite directives above with
# the following two directives, as soon as practical.
# SSLCipherSuite HIGH:MEDIUM:!SSLv3:!kRSA
# SSLProxyCipherSuite HIGH:MEDIUM:!SSLv3:!kRSA
# User agents such as web browsers are not configured for the user's
# own preference of either security or performance, therefore this
# must be the prerogative of the web server administrator who manages
# cpu load versus confidentiality, so enforce the server's cipher order.
SSLHonorCipherOrder on
# SSL Protocol support:
# List the protocol versions which clients are allowed to connect with.
# Disable SSLv3 by default (cf. RFC 7525 3.1.1). TLSv1 (1.0) should be
# disabled as quickly as practical. By the end of 2016, only the TLSv1.2
# protocol or later should remain in use.
SSLProtocol all -SSLv3
SSLProxyProtocol all -SSLv3
# Pass Phrase Dialog:
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin' is an internal
# terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog builtin
# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
# to use and second the expiring timeout (in seconds).
#SSLSessionCache "dbm:/usr/local/apache2/logs/ssl_scache"
SSLSessionCache "shmcb:/usr/local/apache2/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
# OCSP Stapling (requires OpenSSL 0.9.8h or later)
#
# This feature is disabled by default and requires at least
# the two directives SSLUseStapling and SSLStaplingCache.
# Refer to the documentation on OCSP Stapling in the SSL/TLS
# How-To for more information.
#
# Enable stapling for all SSL-enabled servers:
#SSLUseStapling On
# Define a relatively small cache for OCSP Stapling using
# the same mechanism that is used for the SSL session cache
# above. If stapling is used with more than a few certificates,
# the size may need to be increased. (AH01929 will be logged.)
#SSLStaplingCache "shmcb:/usr/local/apache2/logs/ssl_stapling(32768)"
# Seconds before valid OCSP responses are expired from the cache
#SSLStaplingStandardCacheTimeout 3600
# Seconds before invalid OCSP responses are expired from the cache
#SSLStaplingErrorCacheTimeout 600
##
## SSL Virtual Host Context
##
<VirtualHost _default_:443>
# General setup for the virtual host
DocumentRoot "/usr/local/apache2/htdocs"
ServerName www.example.com:443
ServerAdmin you@example.com
ErrorLog "/usr/local/apache2/logs/error_log"
TransferLog "/usr/local/apache2/logs/access_log"
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. Keep
# in mind that if you have both an RSA and a DSA certificate you
# can configure both in parallel (to also allow the use of DSA
# ciphers, etc.)
# Some ECC cipher suites (http://www.ietf.org/rfc/rfc4492.txt)
# require an ECC certificate which can also be configured in
# parallel.
SSLCertificateFile "/usr/local/apache2/conf/server.crt"
#SSLCertificateFile "/usr/local/apache2/conf/server-dsa.crt"
#SSLCertificateFile "/usr/local/apache2/conf/server-ecc.crt"
# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
# ECC keys, when in use, can also be configured in parallel
SSLCertificateKeyFile "/usr/local/apache2/conf/server.key"
#SSLCertificateKeyFile "/usr/local/apache2/conf/server-dsa.key"
#SSLCertificateKeyFile "/usr/local/apache2/conf/server-ecc.key"
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convenience.
#SSLCertificateChainFile "/usr/local/apache2/conf/server-ca.crt"
# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
# Note: Inside SSLCACertificatePath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCACertificatePath "/usr/local/apache2/conf/ssl.crt"
#SSLCACertificateFile "/usr/local/apache2/conf/ssl.crt/ca-bundle.crt"
# Certificate Revocation Lists (CRL):
# Set the CA revocation path where to find CA CRLs for client
# authentication or alternatively one huge file containing all
# of them (file must be PEM encoded).
# The CRL checking mode needs to be configured explicitly
# through SSLCARevocationCheck (defaults to "none" otherwise).
# Note: Inside SSLCARevocationPath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCARevocationPath "/usr/local/apache2/conf/ssl.crl"
#SSLCARevocationFile "/usr/local/apache2/conf/ssl.crl/ca-bundle.crl"
#SSLCARevocationCheck chain
# Client Authentication (Type):
# Client certificate verification type and depth. Types are
# none, optional, require and optional_no_ca. Depth is a
# number which specifies how deeply to verify the certificate
# issuer chain before deciding the certificate is not valid.
#SSLVerifyClient require
#SSLVerifyDepth 10
# TLS-SRP mutual authentication:
# Enable TLS-SRP and set the path to the OpenSSL SRP verifier
# file (containing login information for SRP user accounts).
# Requires OpenSSL 1.0.1 or newer. See the mod_ssl FAQ for
# detailed instructions on creating this file. Example:
# "openssl srp -srpvfile /usr/local/apache2/conf/passwd.srpv -add username"
#SSLSRPVerifierFile "/usr/local/apache2/conf/passwd.srpv"
# Access Control:
# With SSLRequire you can do per-directory access control based
# on arbitrary complex boolean expressions containing server
# variable checks and other lookup directives. The syntax is a
# mixture between C and Perl. See the mod_ssl documentation
# for more details.
#<Location />
#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#</Location>
# SSL Engine Options:
# Set various options for the SSL engine.
# o FakeBasicAuth:
# Translate the client X.509 into a Basic Authorisation. This means that
# the standard Auth/DBMAuth methods can be used for access control. The
# user name is the `one line' version of the client's X.509 certificate.
# Note that no password is obtained from the user. Every entry in the user
# file needs this password: `xxj31ZMTZzkVA'.
# o ExportCertData:
# This exports two additional environment variables: SSL_CLIENT_CERT and
# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
# server (always existing) and the client (only existing when client
# authentication is used). This can be used to import the certificates
# into CGI scripts.
# o StdEnvVars:
# This exports the standard SSL/TLS related `SSL_*' environment variables.
# Per default this exportation is switched off for performance reasons,
# because the extraction step is an expensive operation and is usually
# useless for serving static content. So one usually enables the
# exportation for CGI and SSI requests only.
# o StrictRequire:
# This denies access when "SSLRequireSSL" or "SSLRequire" applied even
# under a "Satisfy any" situation, i.e. when it applies access is denied
# and no other module can change it.
# o OptRenegotiate:
# This enables optimized SSL connection renegotiation handling when SSL
# directives are used in per-directory context.
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/usr/local/apache2/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
# SSL Protocol Adjustments:
# The safe and default but still SSL/TLS standard compliant shutdown
# approach is that mod_ssl sends the close notify alert but doesn't wait for
# the close notify alert from client. When you need a different shutdown
# approach you can use one of the following variables:
# o ssl-unclean-shutdown:
# This forces an unclean shutdown when the connection is closed, i.e. no
# SSL close notify alert is sent or allowed to be received. This violates
# the SSL/TLS standard but is needed for some brain-dead browsers. Use
# this when you receive I/O errors because of the standard approach where
# mod_ssl sends the close notify alert.
# o ssl-accurate-shutdown:
# This forces an accurate shutdown when the connection is closed, i.e. a
# SSL close notify alert is send and mod_ssl waits for the close notify
# alert of the client. This is 100% SSL/TLS standard compliant, but in
# practice often causes hanging connections with brain-dead browsers. Use
# this only for browsers where you know that their SSL implementation
# works correctly.
# Notice: Most problems of broken clients are also related to the HTTP
# keep-alive facility, so you usually additionally want to disable
# keep-alive for those clients, too. Use variable "nokeepalive" for this.
# Similarly, one has to force some clients to use HTTP/1.0 to workaround
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
# "force-response-1.0" for this.
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# Per-Server Logging:
# The home of a custom SSL log file. Use this when you want a
# compact non-error SSL logfile on a virtual host basis.
CustomLog "/usr/local/apache2/logs/ssl_request_log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

21
templates/HTTPD/Default/conf/extra/httpd-userdir.conf Normal file
View File

@@ -0,0 +1,21 @@
# Settings for user home directories
#
# Required module: mod_authz_core, mod_authz_host, mod_userdir
#
# UserDir: The name of the directory that is appended onto a user's home
# directory if a ~user request is received. Note that you must also set
# the default access control for these directories, as in the example below.
#
UserDir public_html
#
# Control access to UserDir directories. The following is an example
# for a site where these directories are restricted to read-only.
#
<Directory "/home/*/public_html">
AllowOverride FileInfo AuthConfig Limit Indexes
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
Require method GET POST OPTIONS
</Directory>

41
templates/HTTPD/Default/conf/extra/httpd-vhosts.conf Normal file
View File

@@ -0,0 +1,41 @@
# Virtual Hosts
#
# Required modules: mod_log_config
# If you want to maintain multiple domains/hostnames on your
# machine you can setup VirtualHost containers for them. Most configurations
# use only name-based virtual hosts so the server doesn't need to worry about
# IP addresses. This is indicated by the asterisks in the directives below.
#
# Please see the documentation at
# <URL:http://httpd.apache.org/docs/2.4/vhosts/>
# for further details before you try to setup virtual hosts.
#
# You may use the command line option '-S' to verify your virtual host
# configuration.
#
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for all requests that do not
# match a ServerName or ServerAlias in any <VirtualHost> block.
#
<VirtualHost *:80>
ServerAdmin webmaster@dummy-host.example.com
DocumentRoot "/usr/local/apache2/docs/dummy-host.example.com"
ServerName dummy-host.example.com
ServerAlias www.dummy-host.example.com
ErrorLog "logs/dummy-host.example.com-error_log"
CustomLog "logs/dummy-host.example.com-access_log" common
</VirtualHost>
<VirtualHost *:80>
ServerAdmin webmaster@dummy-host2.example.com
DocumentRoot "/usr/local/apache2/docs/dummy-host2.example.com"
ServerName dummy-host2.example.com
ErrorLog "logs/dummy-host2.example.com-error_log"
CustomLog "logs/dummy-host2.example.com-access_log" common
</VirtualHost>

90
templates/HTTPD/Default/conf/extra/proxy-html.conf Normal file
View File

@@ -0,0 +1,90 @@
# Configuration example.
#
# For detailed information about these directives see
# <URL:http://httpd.apache.org/docs/2.4/mod/mod_proxy_html.html>
# and for mod_xml2enc see
# <URL:http://httpd.apache.org/docs/2.4/mod/mod_xml2enc.html>
#
# First, to load the module with its prerequisites. Note: mod_xml2enc
# is not always necessary, but without it mod_proxy_html is likely to
# mangle pages in encodings other than ASCII or Unicode (utf-8).
#
# For Unix-family systems:
# LoadFile /usr/lib/libxml2.so
# LoadModule proxy_html_module modules/mod_proxy_html.so
# LoadModule xml2enc_module modules/mod_xml2enc.so
#
# For Windows (I don't know if there's a standard path for the libraries)
# LoadFile C:/path/zlib.dll
# LoadFile C:/path/iconv.dll
# LoadFile C:/path/libxml2.dll
# LoadModule proxy_html_module modules/mod_proxy_html.so
# LoadModule xml2enc_module modules/mod_xml2enc.so
#
# All knowledge of HTML links has been removed from the mod_proxy_html
# code itself, and is instead read from httpd.conf (or included file)
# at server startup. So you MUST declare it. This will normally be
# at top level, but can also be used in a <Location>.
#
# Here's the declaration for W3C HTML 4.01 and XHTML 1.0
ProxyHTMLLinks a href
ProxyHTMLLinks area href
ProxyHTMLLinks link href
ProxyHTMLLinks img src longdesc usemap
ProxyHTMLLinks object classid codebase data usemap
ProxyHTMLLinks q cite
ProxyHTMLLinks blockquote cite
ProxyHTMLLinks ins cite
ProxyHTMLLinks del cite
ProxyHTMLLinks form action
ProxyHTMLLinks input src usemap
ProxyHTMLLinks head profile
ProxyHTMLLinks base href
ProxyHTMLLinks script src for
# To support scripting events (with ProxyHTMLExtended On),
# you'll need to declare them too.
ProxyHTMLEvents onclick ondblclick onmousedown onmouseup \
onmouseover onmousemove onmouseout onkeypress \
onkeydown onkeyup onfocus onblur onload \
onunload onsubmit onreset onselect onchange
# If you need to support legacy (pre-1998, aka "transitional") HTML or XHTML,
# you'll need to uncomment the following deprecated link attributes.
# Note that these are enabled in earlier mod_proxy_html versions
#
# ProxyHTMLLinks frame src longdesc
# ProxyHTMLLinks iframe src longdesc
# ProxyHTMLLinks body background
# ProxyHTMLLinks applet codebase
#
# If you're dealing with proprietary HTML variants,
# declare your own URL attributes here as required.
#
# ProxyHTMLLinks myelement myattr otherattr
#
###########
# EXAMPLE #
###########
#
# To define the URL /my-gateway/ as a gateway to an appserver with address
# http://some.app.intranet/ on a private network, after loading the
# modules and including this configuration file:
#
# ProxyRequests Off <-- this is an important security setting
# ProxyPass /my-gateway/ http://some.app.intranet/
# <Location /my-gateway/>
# ProxyPassReverse /
# ProxyHTMLEnable On
# ProxyHTMLURLMap http://some.app.intranet/ /my-gateway/
# ProxyHTMLURLMap / /my-gateway/
# </Location>
#
# Many (though not all) real-life setups are more complex.
#
# See the documentation at
# http://apache.webthing.com/mod_proxy_html/
# and the tutorial at
# http://www.apachetutor.org/admin/reverseproxies

548
templates/HTTPD/Default/conf/httpd.conf Normal file
View File

@@ -0,0 +1,548 @@
#
# This is the main Apache HTTP server configuration file. It contains the
# configuration directives that give the server its instructions.
# See <URL:http://httpd.apache.org/docs/2.4/> for detailed information.
# In particular, see
# <URL:http://httpd.apache.org/docs/2.4/mod/directives.html>
# for a discussion of each configuration directive.
#
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
#
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path. If the filenames do *not* begin
# with "/", the value of ServerRoot is prepended -- so "logs/access_log"
# with ServerRoot set to "/usr/local/apache2" will be interpreted by the
# server as "/usr/local/apache2/logs/access_log", whereas "/logs/access_log"
# will be interpreted as '/logs/access_log'.
#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# Do not add a slash at the end of the directory path. If you point
# ServerRoot at a non-local disk, be sure to specify a local disk on the
# Mutex directive, if file-based mutexes are used. If you wish to share the
# same ServerRoot for multiple httpd daemons, you will need to change at
# least PidFile.
#
ServerRoot "/usr/local/apache2"
#
# Mutex: Allows you to set the mutex mechanism and mutex file directory
# for individual mutexes, or change the global defaults
#
# Uncomment and change the directory if mutexes are file-based and the default
# mutex file directory is not on a local disk or is not appropriate for some
# other reason.
#
# Mutex default:logs
#
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
Listen 80
#
# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
#
# Example:
# LoadModule foo_module modules/mod_foo.so
#
LoadModule mpm_event_module modules/mod_mpm_event.so
#LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
#LoadModule mpm_worker_module modules/mod_mpm_worker.so
LoadModule authn_file_module modules/mod_authn_file.so
#LoadModule authn_dbm_module modules/mod_authn_dbm.so
#LoadModule authn_anon_module modules/mod_authn_anon.so
#LoadModule authn_dbd_module modules/mod_authn_dbd.so
#LoadModule authn_socache_module modules/mod_authn_socache.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_user_module modules/mod_authz_user.so
#LoadModule authz_dbm_module modules/mod_authz_dbm.so
#LoadModule authz_owner_module modules/mod_authz_owner.so
#LoadModule authz_dbd_module modules/mod_authz_dbd.so
LoadModule authz_core_module modules/mod_authz_core.so
#LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
#LoadModule authnz_fcgi_module modules/mod_authnz_fcgi.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule auth_basic_module modules/mod_auth_basic.so
#LoadModule auth_form_module modules/mod_auth_form.so
#LoadModule auth_digest_module modules/mod_auth_digest.so
#LoadModule allowmethods_module modules/mod_allowmethods.so
#LoadModule isapi_module modules/mod_isapi.so
#LoadModule file_cache_module modules/mod_file_cache.so
#LoadModule cache_module modules/mod_cache.so
#LoadModule cache_disk_module modules/mod_cache_disk.so
#LoadModule cache_socache_module modules/mod_cache_socache.so
#LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
#LoadModule socache_dbm_module modules/mod_socache_dbm.so
#LoadModule socache_memcache_module modules/mod_socache_memcache.so
#LoadModule watchdog_module modules/mod_watchdog.so
#LoadModule macro_module modules/mod_macro.so
#LoadModule dbd_module modules/mod_dbd.so
#LoadModule bucketeer_module modules/mod_bucketeer.so
#LoadModule dumpio_module modules/mod_dumpio.so
#LoadModule echo_module modules/mod_echo.so
#LoadModule example_hooks_module modules/mod_example_hooks.so
#LoadModule case_filter_module modules/mod_case_filter.so
#LoadModule case_filter_in_module modules/mod_case_filter_in.so
#LoadModule example_ipc_module modules/mod_example_ipc.so
#LoadModule buffer_module modules/mod_buffer.so
#LoadModule data_module modules/mod_data.so
#LoadModule ratelimit_module modules/mod_ratelimit.so
LoadModule reqtimeout_module modules/mod_reqtimeout.so
#LoadModule ext_filter_module modules/mod_ext_filter.so
#LoadModule request_module modules/mod_request.so
#LoadModule include_module modules/mod_include.so
LoadModule filter_module modules/mod_filter.so
#LoadModule reflector_module modules/mod_reflector.so
#LoadModule substitute_module modules/mod_substitute.so
#LoadModule sed_module modules/mod_sed.so
#LoadModule charset_lite_module modules/mod_charset_lite.so
#LoadModule deflate_module modules/mod_deflate.so
#LoadModule xml2enc_module modules/mod_xml2enc.so
#LoadModule proxy_html_module modules/mod_proxy_html.so
LoadModule mime_module modules/mod_mime.so
#LoadModule ldap_module modules/mod_ldap.so
LoadModule log_config_module modules/mod_log_config.so
#LoadModule log_debug_module modules/mod_log_debug.so
#LoadModule log_forensic_module modules/mod_log_forensic.so
#LoadModule logio_module modules/mod_logio.so
#LoadModule lua_module modules/mod_lua.so
LoadModule env_module modules/mod_env.so
#LoadModule mime_magic_module modules/mod_mime_magic.so
#LoadModule cern_meta_module modules/mod_cern_meta.so
#LoadModule expires_module modules/mod_expires.so
LoadModule headers_module modules/mod_headers.so
#LoadModule ident_module modules/mod_ident.so
#LoadModule usertrack_module modules/mod_usertrack.so
#LoadModule unique_id_module modules/mod_unique_id.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
#LoadModule remoteip_module modules/mod_remoteip.so
#LoadModule proxy_module modules/mod_proxy.so
#LoadModule proxy_connect_module modules/mod_proxy_connect.so
#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
#LoadModule proxy_http_module modules/mod_proxy_http.so
#LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
#LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
#LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so
#LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so
#LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
#LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
#LoadModule proxy_express_module modules/mod_proxy_express.so
#LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so
#LoadModule session_module modules/mod_session.so
#LoadModule session_cookie_module modules/mod_session_cookie.so
#LoadModule session_crypto_module modules/mod_session_crypto.so
#LoadModule session_dbd_module modules/mod_session_dbd.so
#LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
#LoadModule slotmem_plain_module modules/mod_slotmem_plain.so
#LoadModule ssl_module modules/mod_ssl.so
#LoadModule optional_hook_export_module modules/mod_optional_hook_export.so
#LoadModule optional_hook_import_module modules/mod_optional_hook_import.so
#LoadModule optional_fn_import_module modules/mod_optional_fn_import.so
#LoadModule optional_fn_export_module modules/mod_optional_fn_export.so
#LoadModule dialup_module modules/mod_dialup.so
#LoadModule http2_module modules/mod_http2.so
#LoadModule proxy_http2_module modules/mod_proxy_http2.so
#LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so
#LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so
#LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so
#LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so
LoadModule unixd_module modules/mod_unixd.so
#LoadModule heartbeat_module modules/mod_heartbeat.so
#LoadModule heartmonitor_module modules/mod_heartmonitor.so
#LoadModule dav_module modules/mod_dav.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
#LoadModule asis_module modules/mod_asis.so
#LoadModule info_module modules/mod_info.so
#LoadModule suexec_module modules/mod_suexec.so
<IfModule !mpm_prefork_module>
#LoadModule cgid_module modules/mod_cgid.so
</IfModule>
<IfModule mpm_prefork_module>
#LoadModule cgi_module modules/mod_cgi.so
</IfModule>
#LoadModule dav_fs_module modules/mod_dav_fs.so
#LoadModule dav_lock_module modules/mod_dav_lock.so
#LoadModule vhost_alias_module modules/mod_vhost_alias.so
#LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
#LoadModule imagemap_module modules/mod_imagemap.so
#LoadModule actions_module modules/mod_actions.so
#LoadModule speling_module modules/mod_speling.so
#LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
#LoadModule rewrite_module modules/mod_rewrite.so
<IfModule unixd_module>
#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
#
User daemon
Group daemon
</IfModule>
# 'Main' server configuration
#
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
# <VirtualHost> definition. These values also provide defaults for
# any <VirtualHost> containers you may define later in the file.
#
# All of these directives may appear inside <VirtualHost> containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
#
#
# ServerAdmin: Your address, where problems with the server should be
# e-mailed. This address appears on some server-generated pages, such
# as error documents. e.g. admin@your-domain.com
#
ServerAdmin you@example.com
#
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
#
# If your host doesn't have a registered DNS name, enter its IP address here.
#
#ServerName www.example.com:80
#
# Deny access to the entirety of your server's filesystem. You must
# explicitly permit access to web content directories in other
# <Directory> blocks below.
#
<Directory />
AllowOverride none
Require all denied
</Directory>
#
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
#
#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "/usr/local/apache2/htdocs"
<Directory "/usr/local/apache2/htdocs">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.4/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# AllowOverride FileInfo AuthConfig Limit
#
AllowOverride None
#
# Controls who can get stuff from this server.
#
Require all granted
</Directory>
#
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<Files ".ht*">
Require all denied
</Files>
#
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog "logs/error_log"
#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
LogLevel warn
<IfModule log_config_module>
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
# You need to enable mod_logio.c to use %I and %O
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
#
# The location and format of the access logfile (Common Logfile Format).
# If you do not define any access logfiles within a <VirtualHost>
# container, they will be logged here. Contrariwise, if you *do*
# define per-<VirtualHost> access logfiles, transactions will be
# logged therein and *not* in this file.
#
CustomLog "logs/access_log" common
#
# If you prefer a logfile with access, agent, and referer information
# (Combined Logfile Format) you can use the following directive.
#
#CustomLog "logs/access_log" combined
</IfModule>
<IfModule alias_module>
#
# Redirect: Allows you to tell clients about documents that used to
# exist in your server's namespace, but do not anymore. The client
# will make a new request for the document at its new location.
# Example:
# Redirect permanent /foo http://www.example.com/bar
#
# Alias: Maps web paths into filesystem paths and is used to
# access content that does not live under the DocumentRoot.
# Example:
# Alias /webpath /full/filesystem/path
#
# If you include a trailing / on /webpath then the server will
# require it to be present in the URL. You will also likely
# need to provide a <Directory> section to allow access to
# the filesystem path.
#
# ScriptAlias: This controls which directories contain server scripts.
# ScriptAliases are essentially the same as Aliases, except that
# documents in the target directory are treated as applications and
# run by the server when requested rather than as documents sent to the
# client. The same rules about trailing "/" apply to ScriptAlias
# directives as to Alias.
#
ScriptAlias /cgi-bin/ "/usr/local/apache2/cgi-bin/"
</IfModule>
<IfModule cgid_module>
#
# ScriptSock: On threaded servers, designate the path to the UNIX
# socket used to communicate with the CGI daemon of mod_cgid.
#
#Scriptsock cgisock
</IfModule>
#
# "/usr/local/apache2/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
#
<Directory "/usr/local/apache2/cgi-bin">
AllowOverride None
Options None
Require all granted
</Directory>
<IfModule headers_module>
#
# Avoid passing HTTP_PROXY environment to CGI's on this or any proxied
# backend servers which have lingering "httpoxy" defects.
# 'Proxy' request header is undefined by the IETF, not listed by IANA
#
RequestHeader unset Proxy early
</IfModule>
<IfModule mime_module>
#
# TypesConfig points to the file containing the list of mappings from
# filename extension to MIME-type.
#
TypesConfig conf/mime.types
#
# AddType allows you to add to or override the MIME configuration
# file specified in TypesConfig for specific file types.
#
#AddType application/x-gzip .tgz
#
# AddEncoding allows you to have certain browsers uncompress
# information on the fly. Note: Not all browsers support this.
#
#AddEncoding x-compress .Z
#AddEncoding x-gzip .gz .tgz
#
# If the AddEncoding directives above are commented-out, then you
# probably should define those extensions to indicate media types:
#
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
#
# AddHandler allows you to map certain file extensions to "handlers":
# actions unrelated to filetype. These can be either built into the server
# or added with the Action directive (see below)
#
# To use CGI scripts outside of ScriptAliased directories:
# (You will also need to add "ExecCGI" to the "Options" directive.)
#
#AddHandler cgi-script .cgi
# For type maps (negotiated resources):
#AddHandler type-map var
#
# Filters allow you to process content before it is sent to the client.
#
# To parse .shtml files for server-side includes (SSI):
# (You will also need to add "Includes" to the "Options" directive.)
#
#AddType text/html .shtml
#AddOutputFilter INCLUDES .shtml
</IfModule>
#
# The mod_mime_magic module allows the server to use various hints from the
# contents of the file itself to determine its type. The MIMEMagicFile
# directive tells the module where the hint definitions are located.
#
#MIMEMagicFile conf/magic
#
# Customizable error responses come in three flavors:
# 1) plain text 2) local redirects 3) external redirects
#
# Some examples:
#ErrorDocument 500 "The server made a boo boo."
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402 http://www.example.com/subscription_info.html
#
#
# MaxRanges: Maximum number of Ranges in a request before
# returning the entire resource, or one of the special
# values 'default', 'none' or 'unlimited'.
# Default setting is to accept 200 Ranges.
#MaxRanges unlimited
#
# EnableMMAP and EnableSendfile: On systems that support it,
# memory-mapping or the sendfile syscall may be used to deliver
# files. This usually improves server performance, but must
# be turned off when serving from networked-mounted
# filesystems or if support for these functions is otherwise
# broken on your system.
# Defaults: EnableMMAP On, EnableSendfile Off
#
#EnableMMAP off
#EnableSendfile on
# Supplemental configuration
#
# The configuration files in the conf/extra/ directory can be
# included to add extra features or to modify the default configuration of
# the server, or you may simply copy their contents here and change as
# necessary.
# Server-pool management (MPM specific)
#Include conf/extra/httpd-mpm.conf
# Multi-language error messages
#Include conf/extra/httpd-multilang-errordoc.conf
# Fancy directory listings
#Include conf/extra/httpd-autoindex.conf
# Language settings
#Include conf/extra/httpd-languages.conf
# User home directories
#Include conf/extra/httpd-userdir.conf
# Real-time info on requests and configuration
#Include conf/extra/httpd-info.conf
# Virtual hosts
#Include conf/extra/httpd-vhosts.conf
# Local access to the Apache HTTP Server Manual
#Include conf/extra/httpd-manual.conf
# Distributed authoring and versioning (WebDAV)
#Include conf/extra/httpd-dav.conf
# Various default settings
#Include conf/extra/httpd-default.conf
# Configure mod_proxy_html to understand HTML4/XHTML1
<IfModule proxy_html_module>
Include conf/extra/proxy-html.conf
</IfModule>
# Secure (SSL/TLS) connections
#Include conf/extra/httpd-ssl.conf
#
# Note: The following must must be present to support
# starting without SSL on platforms with no /dev/random equivalent
# but a statically compiled-in mod_ssl.
#
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>

385
templates/HTTPD/Default/conf/magic.txt Normal file
View File

@@ -0,0 +1,385 @@
# Magic data for mod_mime_magic Apache module (originally for file(1) command)
# The module is described in /manual/mod/mod_mime_magic.html
#
# The format is 4-5 columns:
# Column #1: byte number to begin checking from, ">" indicates continuation
# Column #2: type of data to match
# Column #3: contents of data to match
# Column #4: MIME type of result
# Column #5: MIME encoding of result (optional)
#------------------------------------------------------------------------------
# Localstuff: file(1) magic for locally observed files
# Add any locally observed files here.
#------------------------------------------------------------------------------
# end local stuff
#------------------------------------------------------------------------------
#------------------------------------------------------------------------------
# Java
0 short 0xcafe
>2 short 0xbabe application/java
#------------------------------------------------------------------------------
# audio: file(1) magic for sound formats
#
# from Jan Nicolai Langfeldt <janl@ifi.uio.no>,
#
# Sun/NeXT audio data
0 string .snd
>12 belong 1 audio/basic
>12 belong 2 audio/basic
>12 belong 3 audio/basic
>12 belong 4 audio/basic
>12 belong 5 audio/basic
>12 belong 6 audio/basic
>12 belong 7 audio/basic
>12 belong 23 audio/x-adpcm
# DEC systems (e.g. DECstation 5000) use a variant of the Sun/NeXT format
# that uses little-endian encoding and has a different magic number
# (0x0064732E in little-endian encoding).
0 lelong 0x0064732E
>12 lelong 1 audio/x-dec-basic
>12 lelong 2 audio/x-dec-basic
>12 lelong 3 audio/x-dec-basic
>12 lelong 4 audio/x-dec-basic
>12 lelong 5 audio/x-dec-basic
>12 lelong 6 audio/x-dec-basic
>12 lelong 7 audio/x-dec-basic
# compressed (G.721 ADPCM)
>12 lelong 23 audio/x-dec-adpcm
# Bytes 0-3 of AIFF, AIFF-C, & 8SVX audio files are "FORM"
# AIFF audio data
8 string AIFF audio/x-aiff
# AIFF-C audio data
8 string AIFC audio/x-aiff
# IFF/8SVX audio data
8 string 8SVX audio/x-aiff
# Creative Labs AUDIO stuff
# Standard MIDI data
0 string MThd audio/unknown
#>9 byte >0 (format %d)
#>11 byte >1 using %d channels
# Creative Music (CMF) data
0 string CTMF audio/unknown
# SoundBlaster instrument data
0 string SBI audio/unknown
# Creative Labs voice data
0 string Creative\ Voice\ File audio/unknown
## is this next line right? it came this way...
#>19 byte 0x1A
#>23 byte >0 - version %d
#>22 byte >0 \b.%d
# [GRR 950115: is this also Creative Labs? Guessing that first line
# should be string instead of unknown-endian long...]
#0 long 0x4e54524b MultiTrack sound data
#0 string NTRK MultiTrack sound data
#>4 long x - version %ld
# Microsoft WAVE format (*.wav)
# [GRR 950115: probably all of the shorts and longs should be leshort/lelong]
# Microsoft RIFF
0 string RIFF audio/unknown
# - WAVE format
>8 string WAVE audio/x-wav
# MPEG audio.
0 beshort&0xfff0 0xfff0 audio/mpeg
# C64 SID Music files, from Linus Walleij <triad@df.lth.se>
0 string PSID audio/prs.sid
#------------------------------------------------------------------------------
# c-lang: file(1) magic for C programs or various scripts
#
# XPM icons (Greg Roelofs, newt@uchicago.edu)
# ideally should go into "images", but entries below would tag XPM as C source
0 string /*\ XPM image/x-xbm 7bit
# this first will upset you if you're a PL/1 shop... (are there any left?)
# in which case rm it; ascmagic will catch real C programs
# C or REXX program text
0 string /* text/plain
# C++ program text
0 string // text/plain
#------------------------------------------------------------------------------
# compress: file(1) magic for pure-compression formats (no archives)
#
# compress, gzip, pack, compact, huf, squeeze, crunch, freeze, yabba, whap, etc.
#
# Formats for various forms of compressed data
# Formats for "compress" proper have been moved into "compress.c",
# because it tries to uncompress it to figure out what's inside.
# standard unix compress
0 string \037\235 application/octet-stream x-compress
# gzip (GNU zip, not to be confused with [Info-ZIP/PKWARE] zip archiver)
0 string \037\213 application/octet-stream x-gzip
# According to gzip.h, this is the correct byte order for packed data.
0 string \037\036 application/octet-stream
#
# This magic number is byte-order-independent.
#
0 short 017437 application/octet-stream
# XXX - why *two* entries for "compacted data", one of which is
# byte-order independent, and one of which is byte-order dependent?
#
# compacted data
0 short 0x1fff application/octet-stream
0 string \377\037 application/octet-stream
# huf output
0 short 0145405 application/octet-stream
# Squeeze and Crunch...
# These numbers were gleaned from the Unix versions of the programs to
# handle these formats. Note that I can only uncrunch, not crunch, and
# I didn't have a crunched file handy, so the crunch number is untested.
# Keith Waclena <keith@cerberus.uchicago.edu>
#0 leshort 0x76FF squeezed data (CP/M, DOS)
#0 leshort 0x76FE crunched data (CP/M, DOS)
# Freeze
#0 string \037\237 Frozen file 2.1
#0 string \037\236 Frozen file 1.0 (or gzip 0.5)
# lzh?
#0 string \037\240 LZH compressed data
#------------------------------------------------------------------------------
# frame: file(1) magic for FrameMaker files
#
# This stuff came on a FrameMaker demo tape, most of which is
# copyright, but this file is "published" as witness the following:
#
0 string \<MakerFile application/x-frame
0 string \<MIFFile application/x-frame
0 string \<MakerDictionary application/x-frame
0 string \<MakerScreenFon application/x-frame
0 string \<MML application/x-frame
0 string \<Book application/x-frame
0 string \<Maker application/x-frame
#------------------------------------------------------------------------------
# html: file(1) magic for HTML (HyperText Markup Language) docs
#
# from Daniel Quinlan <quinlan@yggdrasil.com>
# and Anna Shergold <anna@inext.co.uk>
#
0 string \<!DOCTYPE\ HTML text/html
0 string \<!doctype\ html text/html
0 string \<HEAD text/html
0 string \<head text/html
0 string \<TITLE text/html
0 string \<title text/html
0 string \<html text/html
0 string \<HTML text/html
0 string \<!-- text/html
0 string \<h1 text/html
0 string \<H1 text/html
# XML eXtensible Markup Language, from Linus Walleij <triad@df.lth.se>
0 string \<?xml text/xml
#------------------------------------------------------------------------------
# images: file(1) magic for image formats (see also "c-lang" for XPM bitmaps)
#
# originally from jef@helios.ee.lbl.gov (Jef Poskanzer),
# additions by janl@ifi.uio.no as well as others. Jan also suggested
# merging several one- and two-line files into here.
#
# XXX - byte order for GIF and TIFF fields?
# [GRR: TIFF allows both byte orders; GIF is probably little-endian]
#
# [GRR: what the hell is this doing in here?]
#0 string xbtoa btoa'd file
# PBMPLUS
# PBM file
0 string P1 image/x-portable-bitmap 7bit
# PGM file
0 string P2 image/x-portable-greymap 7bit
# PPM file
0 string P3 image/x-portable-pixmap 7bit
# PBM "rawbits" file
0 string P4 image/x-portable-bitmap
# PGM "rawbits" file
0 string P5 image/x-portable-greymap
# PPM "rawbits" file
0 string P6 image/x-portable-pixmap
# NIFF (Navy Interchange File Format, a modification of TIFF)
# [GRR: this *must* go before TIFF]
0 string IIN1 image/x-niff
# TIFF and friends
# TIFF file, big-endian
0 string MM image/tiff
# TIFF file, little-endian
0 string II image/tiff
# possible GIF replacements; none yet released!
# (Greg Roelofs, newt@uchicago.edu)
#
# GRR 950115: this was mine ("Zip GIF"):
# ZIF image (GIF+deflate alpha)
0 string GIF94z image/unknown
#
# GRR 950115: this is Jeremy Wohl's Free Graphics Format (better):
# FGF image (GIF+deflate beta)
0 string FGF95a image/unknown
#
# GRR 950115: this is Thomas Boutell's Portable Bitmap Format proposal
# (best; not yet implemented):
# PBF image (deflate compression)
0 string PBF image/unknown
# GIF
0 string GIF image/gif
# JPEG images
0 beshort 0xffd8 image/jpeg
# PC bitmaps (OS/2, Windoze BMP files) (Greg Roelofs, newt@uchicago.edu)
0 string BM image/bmp
#>14 byte 12 (OS/2 1.x format)
#>14 byte 64 (OS/2 2.x format)
#>14 byte 40 (Windows 3.x format)
#0 string IC icon
#0 string PI pointer
#0 string CI color icon
#0 string CP color pointer
#0 string BA bitmap array
0 string \x89PNG image/png
0 string FWS application/x-shockwave-flash
0 string CWS application/x-shockwave-flash
#------------------------------------------------------------------------------
# lisp: file(1) magic for lisp programs
#
# various lisp types, from Daniel Quinlan (quinlan@yggdrasil.com)
0 string ;; text/plain 8bit
# Emacs 18 - this is always correct, but not very magical.
0 string \012( application/x-elc
# Emacs 19
0 string ;ELC\023\000\000\000 application/x-elc
#------------------------------------------------------------------------------
# mail.news: file(1) magic for mail and news
#
# There are tests to ascmagic.c to cope with mail and news.
0 string Relay-Version: message/rfc822 7bit
0 string #!\ rnews message/rfc822 7bit
0 string N#!\ rnews message/rfc822 7bit
0 string Forward\ to message/rfc822 7bit
0 string Pipe\ to message/rfc822 7bit
0 string Return-Path: message/rfc822 7bit
0 string Path: message/news 8bit
0 string Xref: message/news 8bit
0 string From: message/rfc822 7bit
0 string Article message/news 8bit
#------------------------------------------------------------------------------
# msword: file(1) magic for MS Word files
#
# Contributor claims:
# Reversed-engineered MS Word magic numbers
#
0 string \376\067\0\043 application/msword
0 string \333\245-\0\0\0 application/msword
# disable this one because it applies also to other
# Office/OLE documents for which msword is not correct. See PR#2608.
#0 string \320\317\021\340\241\261 application/msword
#------------------------------------------------------------------------------
# printer: file(1) magic for printer-formatted files
#
# PostScript
0 string %! application/postscript
0 string \004%! application/postscript
# Acrobat
# (due to clamen@cs.cmu.edu)
0 string %PDF- application/pdf
#------------------------------------------------------------------------------
# sc: file(1) magic for "sc" spreadsheet
#
38 string Spreadsheet application/x-sc
#------------------------------------------------------------------------------
# tex: file(1) magic for TeX files
#
# XXX - needs byte-endian stuff (big-endian and little-endian DVI?)
#
# From <conklin@talisman.kaleida.com>
# Although we may know the offset of certain text fields in TeX DVI
# and font files, we can't use them reliably because they are not
# zero terminated. [but we do anyway, christos]
0 string \367\002 application/x-dvi
#0 string \367\203 TeX generic font data
#0 string \367\131 TeX packed font data
#0 string \367\312 TeX virtual font data
#0 string This\ is\ TeX, TeX transcript text
#0 string This\ is\ METAFONT, METAFONT transcript text
# There is no way to detect TeX Font Metric (*.tfm) files without
# breaking them apart and reading the data. The following patterns
# match most *.tfm files generated by METAFONT or afm2tfm.
#2 string \000\021 TeX font metric data
#2 string \000\022 TeX font metric data
#>34 string >\0 (%s)
# Texinfo and GNU Info, from Daniel Quinlan (quinlan@yggdrasil.com)
#0 string \\input\ texinfo Texinfo source text
#0 string This\ is\ Info\ file GNU Info text
# correct TeX magic for Linux (and maybe more)
# from Peter Tobias (tobias@server.et-inf.fho-emden.de)
#
0 leshort 0x02f7 application/x-dvi
# RTF - Rich Text Format
0 string {\\rtf application/rtf
#------------------------------------------------------------------------------
# animation: file(1) magic for animation/movie formats
#
# animation formats, originally from vax@ccwf.cc.utexas.edu (VaX#n8)
# MPEG file
0 string \000\000\001\263 video/mpeg
#
# The contributor claims:
# I couldn't find a real magic number for these, however, this
# -appears- to work. Note that it might catch other files, too,
# so BE CAREFUL!
#
# Note that title and author appear in the two 20-byte chunks
# at decimal offsets 2 and 22, respectively, but they are XOR'ed with
# 255 (hex FF)! DL format SUCKS BIG ROCKS.
#
# DL file version 1 , medium format (160x100, 4 images/screen)
0 byte 1 video/unknown
0 byte 2 video/unknown
# Quicktime video, from Linus Walleij <triad@df.lth.se>
# from Apple quicktime file format documentation.
4 string moov video/quicktime
4 string mdat video/quicktime

1855
templates/HTTPD/Default/conf/mime.types Normal file
View File

File diff suppressed because it is too large Load Diff

8
templates/HTTPD/config.yml Normal file
View File

@@ -0,0 +1,8 @@
name: Apache httpd
description: |
A Web server application notable for playing a key role in the initial growth of the World Wide Web.
version: latest
# category:
maintainer: WilliamMiceli
# license:
# projectURL:

49
templates/InvoiceNinja/0/README.md
View File

@@ -6,20 +6,47 @@
[Docker Page](https://hub.docker.com/r/invoiceninja/invoiceninja/) [Docker Page](https://hub.docker.com/r/invoiceninja/invoiceninja/)
## From Website ## Description
Free Open-Source Invoicing Free Open-Source Invoicing
Expenses & time-tracking built with Laravel
### Pre-Installation: Expenses & time-tracking built with Laravel
Make sure that you have a "nginx.conf" file for the nginx container. ## Pre-Deployment
Copying the default one located [on their GitHub](https://github.com/invoiceninja/dockerfiles/blob/master/docker-compose/nginx.conf) should be sufficient.
You may need to "chmod -R 777 storage" in the "App" container. ### Optional Features Preparation
Google Maps: #### Google Maps Integration
Get an API Key [Here](https://developers.google.com/maps/documentation/javascript/get-api-key) first.
Then add GOOGLE_MAPS_API_KEY=<your key> in your .env file.
If using without HTTPS (like using the direct IP instead of through Traefik), please take out the line: "fastcgi_param HTTPS 1;" from your nginx.conf 1. [Get an API Key Here](https://developers.google.com/maps/documentation/javascript/get-api-key).
2. Insert `GOOGLE_MAPS_API_KEY=<Your API Key>` into your .env file.
### Required Configuration Files
* Place a "nginx.conf" file in the `<Stack Directory>/Configuration` directory.
* An Example can be found in the "Resources" directory for this catalog item.
* This file has been modified for this configuration, based on the [Example](https://github.com/invoiceninja/dockerfiles/blob/master/docker-compose/nginx.conf) located in the official GitHub repository.
* Place a ".env" file in the `<Stack Directory>/Configuration` directory.
* An example can be found in the "Resources" directory for this catalog item.
* This file has been modified for this configuration, based on the ".env.example" file provided within the container image.
* [A Configuration Guide](https://invoice-ninja.readthedocs.io/en/latest/configure.html) related to environment variables, along with the [Full Example](https://github.com/invoiceninja/invoiceninja/blob/master/.env.example) from the official GitHub repository.
## Tips
* With this configuration, DO NOT enable "Require HTTPS", as the connection between Traefik and InvoiceNinja is over non-SSL HTTP, and is not setup for internal HTTPS.
## Backing Up Your Instance
### Complete Backup
Through the MySQL container, run a MySQL Dump.
(Will complete this later)
### Easy Backup
The web interface provides an easy backup method by exporting to a JSON file, which saves most information.
## TODO
* Add more integration instructions
* Add better trusted proxies configuration

107
templates/InvoiceNinja/0/Resources/.env Normal file
View File

@@ -0,0 +1,107 @@
APP_ENV=production
APP_DEBUG=false
APP_URL=http://www.ninja.test
APP_KEY=SomeRandomStringSomeRandomString
APP_CIPHER=AES-256-CBC
APP_LOCALE=en
DB_TYPE=mysql
DB_STRICT=false
DB_HOST=localhost
DB_DATABASE=ninja_db
DB_USERNAME=ninja_user
DB_PASSWORD=
MAIL_DRIVER=smtp
MAIL_PORT=587
MAIL_ENCRYPTION=tls
MAIL_HOST=
MAIL_USERNAME=
MAIL_FROM_ADDRESS=
MAIL_FROM_NAME=
MAIL_PASSWORD=
MAILGUN_DOMAIN=
MAILGUN_SECRET=
#POSTMARK_API_TOKEN=
PHANTOMJS_CLOUD_KEY='a-demo-key-with-low-quota-per-ip-address'
#PHANTOMJS_BIN_PATH=/usr/local/bin/phantomjs
LOG=single
REQUIRE_HTTPS=false
API_SECRET=password
#TRUSTED_PROXIES=
#SESSION_DRIVER=
#SESSION_DOMAIN=
#SESSION_ENCRYPT=
#SESSION_SECURE=
#CACHE_DRIVER=
#CACHE_HOST=
#REDIS_HOST=
#CACHE_PORT1=
#CACHE_PORT2=
#GOOGLE_CLIENT_ID=
#GOOGLE_CLIENT_SECRET=
#GOOGLE_OAUTH_REDIRECT=http://ninja.test/auth/google
GOOGLE_MAPS_ENABLED=true
#GOOGLE_MAPS_API_KEY=
# Create a cookie to stay logged in
#REMEMBER_ME_ENABLED=true
# Immediately expire cookie on the browser closing
#SESSION_EXPIRE_ON_CLOSE=false
# The app automatically logs the user out after this number of seconds
#AUTO_LOGOUT_SECONDS=28800
#S3_KEY=
#S3_SECRET=
#S3_REGION=
#S3_BUCKET=
#RACKSPACE_USERNAME=
#RACKSPACE_KEY=
#RACKSPACE_CONTAINER=
#RACKSPACE_REGION=
#RACKSPACE_TEMP_URL_SECRET=
# If this is set to anything, the URL secret will be set the next
# time a file is downloaded through the client portal.
# Only set this temporarily, as it slows things down.
#RACKSPACE_TEMP_URL_SECRET_SET=
#DOCUMENT_FILESYSTEM=
#MAX_DOCUMENT_SIZE # KB
#MAX_EMAIL_DOCUMENTS_SIZE # Total KB
#MAX_ZIP_DOCUMENTS_SIZE # Total KB (uncompressed)
#DOCUMENT_PREVIEW_SIZE # Pixels
WEPAY_CLIENT_ID=
WEPAY_CLIENT_SECRET=
WEPAY_ENVIRONMENT=production # production or stage
WEPAY_AUTO_UPDATE=true # Requires permission from WePay
WEPAY_FEE_PAYER=payee
WEPAY_APP_FEE_CC_MULTIPLIER=0
WEPAY_APP_FEE_ACH_MULTIPLIER=0
WEPAY_APP_FEE_FIXED=0
WEPAY_THEME='{"name":"Invoice Ninja","primary_color":"0b4d78","secondary_color":"0b4d78","background_color":"f8f8f8","button_color":"33b753"}' # See https://www.wepay.com/developer/reference/structures#theme
BLUEVINE_PARTNER_UNIQUE_ID=
BLUEVINE_PARTNER_TOKEN=
CLOUDFLARE_DNS_ENABLED=false
CLOUDFLARE_API_KEY=
CLOUDFLARE_EMAIL=
CLOUDFLARE_TARGET_IP_ADDRESS=
CLOUDFLARE_ZONE_IDS={}

52
templates/InvoiceNinja/0/docker-compose.yml
View File

@@ -1,4 +1,5 @@
version: '2' version: '2'
services: services:
invoiceninja: invoiceninja:
image: invoiceninja/invoiceninja:latest image: invoiceninja/invoiceninja:latest
@@ -10,13 +11,16 @@ services:
{{- if (.Values.HOST_LABEL)}} {{- if (.Values.HOST_LABEL)}}
io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} io.rancher.scheduler.affinity:host_label: ${HOST_LABEL}
{{- end}} {{- end}}
traefik.enable: false
links: links:
- mysql - mysql
restart: on-failure restart: on-failure
volumes: volumes:
- /RancherCattleConfig/${DATA_DIR}/.env:/var/www/app/.env - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system
- /RancherCattleData/${DATA_DIR}/Logo:/var/www/app/public/logo - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system
- /RancherCattleData/${DATA_DIR}/Storage:/var/www/app/storage - /RancherCattle/${DATA_DIR}/Configuration/Invoice Ninja/.env:/var/www/app/.env
- /RancherCattle/${DATA_DIR}/Logo:/var/www/app/public/logo
- /RancherCattle/${DATA_DIR}/Storage:/var/www/app/storage
cron: cron:
image: invoiceninja/invoiceninja:latest image: invoiceninja/invoiceninja:latest
dns: dns:
@@ -37,6 +41,7 @@ services:
{{- if .Values.HOST_LABEL}} {{- if .Values.HOST_LABEL}}
io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} io.rancher.scheduler.affinity:host_label: ${HOST_LABEL}
{{- end}} {{- end}}
traefik.enable: false
links: links:
- mysql - mysql
restart: on-failure restart: on-failure
@@ -50,7 +55,7 @@ services:
environment: environment:
MYSQL_DATABASE: ninja_db MYSQL_DATABASE: ninja_db
MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASS} MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASS}
MYSQL_USER: ninja MYSQL_USER: ninja # Will eventually rename to "ninja_user"
MYSQL_PASSWORD: ${DB_USER_PASS} MYSQL_PASSWORD: ${DB_USER_PASS}
labels: labels:
io.rancher.container.pull_image: always io.rancher.container.pull_image: always
@@ -60,7 +65,9 @@ services:
traefik.enable: false traefik.enable: false
restart: on-failure restart: on-failure
volumes: volumes:
- /RancherCattleData/${DATA_DIR}/Database:/var/lib/mysql - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system
- /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system
- /RancherCattle/${DATA_DIR}/Database:/var/lib/mysql
nginx: nginx:
image: nginx image: nginx
dns: dns:
@@ -71,31 +78,22 @@ services:
{{- if .Values.HOST_LABEL}} {{- if .Values.HOST_LABEL}}
io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} io.rancher.scheduler.affinity:host_label: ${HOST_LABEL}
{{- end}} {{- end}}
{{- if .Values.TRAEFIK_HOST}}
traefik.enable: true traefik.enable: true
traefik.frontend.rule: Host:${TRAEFIK_HOST} ### Start Web Segment
traefik.frontend.entryPoints: http,https traefik.web.frontend.entryPoints: http,https
traefik.frontend.headers.forceSTSHeader: true traefik.web.frontend.headers.forceSTSHeader: true
traefik.frontend.headers.SSLRedirect: true traefik.web.frontend.headers.referrerPolicy: no-referrer # Security enhancement (Prevents leaking of referer information)
traefik.frontend.headers.STSPreload: true traefik.web.frontend.headers.SSLRedirect: true
traefik.frontend.headers.STSSeconds: 15552000 traefik.web.frontend.headers.STSPreload: true
traefik.port: "80" traefik.web.frontend.headers.STSSeconds: 15552000
{{- else}} traefik.web.frontend.rule: Host:${TRAEFIK_HOST}
traefik.enable: false traefik.web.port: "80"
{{- end}} ### End Web Segment
io.rancher.sidekicks: invoiceninja,cron io.rancher.sidekicks: invoiceninja, cron
links: links:
- invoiceninja - invoiceninja
networks:
- public-proxy
ports:
- "${WEB_PORT}:80"
restart: on-failure restart: on-failure
volumes: volumes:
- /RancherCattleConfig/${DATA_DIR}/nginx.conf:/etc/nginx/nginx.conf:ro - /RancherCattle/${DATA_DIR}/Configuration/NGINX/nginx.conf:/etc/nginx/nginx.conf:ro
volumes_from: volumes_from:
- invoiceninja - invoiceninja
networks:
public-proxy:
external: true

27
templates/InvoiceNinja/0/rancher-compose.yml
View File

@@ -11,7 +11,7 @@ catalog:
- variable: "HOST_LABEL" - variable: "HOST_LABEL"
label: "Host Label Key/Value Pair" label: "Host Label Key/Value Pair"
description: | description: |
The Label Key/Value pair on the host which InvoiceNinja should be deployed The Label Key/Value pair of the host which InvoiceNinja should be deployed
default: "host.id=Host1" default: "host.id=Host1"
required: false required: false
type: string type: string
@@ -20,19 +20,26 @@ catalog:
label: "Public Host Domain" label: "Public Host Domain"
description: | description: |
The host that Traefik will use to provide public access. The host that Traefik will use to provide public access.
Leaving this empty will disable Traefik on this stack.
default: "subdomain.domain.tld" default: "subdomain.domain.tld"
required: false
type: string
- variable: "WEB_PORT"
label: "Local Web Port"
description: |
The port to locally access the web interface on.
default: "10200"
required: true required: true
type: string type: string
- variable: "DB_ROOT_PASS"
label: "Database Root Password"
description: |
A secure password to be used by the "root" database user.
# default:
required: true
type: password
- variable: "DB_USER_PASS"
label: "Database User Password"
description: |
A secure password to be used by the "ninja" database user.
# default:
required: true
type: password
- variable: DATA_DIR - variable: DATA_DIR
label: "Data Directory" label: "Data Directory"
description: | description: |

23
templates/Nextcloud/0/README.md
View File

@@ -1 +1,22 @@
# Nextcloud # Nextcloud
## Pre-Requisites
* Traefik deployed
## Useful Tools
* [Official Security Check](https://scan.nextcloud.com/)
## Easy Redis Setup
Copy the "redis.config.php" file into your Configuration directory.
You may need to restart your stack for it to pick up.
You can monitor if it is working by opening a shell terminal on your Redis container and using `redis-cli MONITOR`
## To-Do's
* Explain how to manually setup Redis
* Fix Cron container, does not yet properly execute yet
* Better setup trusted_proxies
* [Documentation Reference](https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/reverse_proxy_configuration.html?highlight=reverse%20proxy)

79
templates/Nextcloud/0/docker-compose.yml
View File

@@ -1,55 +1,78 @@
version: '2' version: '2'
services: services:
# cron:
# image: nextcloud:stable-apache
# dns: # Using Cloudflare DNS
# - 1.1.1.1
# - 1.0.0.1
# entrypoint: | # www-data uid: 82
# sh -c 'sh -s <<EOF
# trap "break;exit" SIGHUP SIGINT SIGTERM
# while /bin/true; do
# su -s "/bin/sh" -c "/usr/local/bin/php /var/www/html/cron.php" www-data
# echo $$(date) - Running cron finished
# sleep 900
# done
# EOF'
# restart: on-failure
# user: "www-data"
# volumes_from:
# - nginx
nextcloud: nextcloud:
image: nextcloud:stable-apache image: nextcloud:stable-apache
dns: dns: # Using Cloudflare DNS
- 1.1.1.1 - 1.1.1.1
- 1.0.0.1 - 1.0.0.1
environment: environment:
MYSQL_HOST: mysql MYSQL_HOST: mysql
MYSQL_DATABASE: nextcloud MYSQL_DATABASE: nextcloud_db
MYSQL_USER: nextcloud_user MYSQL_USER: nextcloud_user
MYSQL_PASSWORD: ${DB_USER_PASS} MYSQL_PASSWORD: ${DB_USER_PASS}
NEXTCLOUD_ADMIN_USER: ${NC_ADMIN} NEXTCLOUD_ADMIN_USER: ${NC_ADMIN}
NEXTCLOUD_ADMIN_PASSWORD: ${NC_ADMIN_PASS} NEXTCLOUD_ADMIN_PASSWORD: ${NC_ADMIN_PASS}
NEXTCLOUD_TRUSTED_DOMAINS: ${TRAEFIK_HOST}
labels: labels:
io.rancher.container.pull_image: always io.rancher.container.pull_image: always
{{- if .Values.HOST_LABEL}} {{- if .Values.HOST_LABEL}}
io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} io.rancher.scheduler.affinity:host_label: ${HOST_LABEL}
{{- end}} {{- end}}
{{- if .Values.TRAEFIK_HOST}} # io.rancher.sidekicks: cron
traefik.enable: true traefik.enable: true
traefik.frontend.rule: Host:${TRAEFIK_HOST} ### Start Nextcloud Segment
traefik.frontend.entryPoints: http,https traefik.nextcloud.frontend.entryPoints: http,https
traefik.frontend.headers.forceSTSHeader: true traefik.nextcloud.frontend.headers.forceSTSHeader: true
traefik.frontend.headers.SSLRedirect: true traefik.nextcloud.frontend.headers.referrerPolicy: no-referrer # Security enhancement (Prevents leaking of referer information)
traefik.frontend.headers.STSPreload: true traefik.nextcloud.frontend.headers.SSLRedirect: true
traefik.frontend.headers.STSSeconds: 15552000 traefik.nextcloud.frontend.headers.STSPreload: true
traefik.port: "80" traefik.nextcloud.frontend.headers.STSSeconds: 15552000
{{- else}} traefik.nextcloud.frontend.rule: Host:${TRAEFIK_HOST}
traefik.enable: false traefik.nextcloud.port: "80"
{{- end}} ### End Nextcloud Segment
links: links:
- mysql - mysql
{{- if eq .Values.REDIS "true"}} {{- if eq .Values.REDIS "true"}}
- redis - redis
{{- end}} {{- end}}
networks: {{- if .Values.WEB_PORT}}
- public-proxy
ports: ports:
- "${WEB_PORT}:80" - "${WEB_PORT}:80"
{{- end}}
restart: on-failure restart: on-failure
volumes: volumes:
- /RancherCattleData/${DATA_DIR}/Application:/var/www/html - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system
- /RancherCattleData/${DATA_DIR}/UserData:/var/www/html/data - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system
- /RancherCattle/${DATA_DIR}/Apps:/var/www/html/custom_apps # Nextcloud apps
- /RancherCattle/${DATA_DIR}/Configuration:/var/www/html/config # Nextcloud configuration files
- /RancherCattle/${DATA_DIR}/Nextcloud:/var/www/html # Nextcloud site
- /RancherCattle/${DATA_DIR}/UserData:/var/www/html/data # Users' data file
mysql: mysql:
image: mysql:5 image: mysql:5
dns: dns: # Using Cloudflare DNS
- 1.1.1.1 - 1.1.1.1
- 1.0.0.1 - 1.0.0.1
environment: environment:
MYSQL_DATABASE: nextcloud MYSQL_DATABASE: nextcloud_db
MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASS} MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASS}
MYSQL_USER: nextcloud_user MYSQL_USER: nextcloud_user
MYSQL_PASSWORD: ${DB_USER_PASS} MYSQL_PASSWORD: ${DB_USER_PASS}
@@ -58,22 +81,26 @@ services:
{{- if .Values.HOST_LABEL}} {{- if .Values.HOST_LABEL}}
io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} io.rancher.scheduler.affinity:host_label: ${HOST_LABEL}
{{- end}} {{- end}}
traefik.enable: false
restart: on-failure restart: on-failure
volumes: volumes:
- /RancherCattleData/${DATA_DIR}/Database:/var/lib/mysql - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system
- /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system
- /RancherCattle/${DATA_DIR}/Database:/var/lib/mysql
{{- if eq .Values.REDIS "true"}} {{- if eq .Values.REDIS "true"}}
redis: redis:
image: redis:latest image: redis:alpine
dns: dns: # Using Cloudflare DNS
- 1.1.1.1 - 1.1.1.1
- 1.0.0.1 - 1.0.0.1
labels: labels:
io.rancher.container.pull_image: always
{{- if .Values.HOST_LABEL}} {{- if .Values.HOST_LABEL}}
io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} io.rancher.scheduler.affinity:host_label: ${HOST_LABEL}
{{- end}} {{- end}}
traefik.enable: false
restart: on-failure restart: on-failure
volumes:
- /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system
- /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system
{{- end}} {{- end}}
networks:
public-proxy:
external: true

32
templates/Nextcloud/0/rancher-compose.yml
View File

@@ -11,7 +11,7 @@ catalog:
- variable: "HOST_LABEL" - variable: "HOST_LABEL"
label: "Host Label Key/Value Pair" label: "Host Label Key/Value Pair"
description: | description: |
The Label Key/Value pair on the host which containers should be deployed The Label Key/Value pair of the host which containers should be deployed
default: "host.id=Host1" default: "host.id=Host1"
required: false required: false
type: string type: string
@@ -20,7 +20,6 @@ catalog:
label: "Public Host Domain" label: "Public Host Domain"
description: | description: |
The host that Traefik will use to provide public access. The host that Traefik will use to provide public access.
Leaving this empty will disable Traefik on this stack.
default: "subdomain.domain.tld" default: "subdomain.domain.tld"
required: false required: false
type: string type: string
@@ -29,22 +28,23 @@ catalog:
label: "Web Port" label: "Web Port"
description: | description: |
The port to locally access the web interface on. The port to locally access the web interface on.
Leaving this empty will disable opening any port on the host system.
default: "10100" default: "10100"
required: true required: false
type: string type: string
- variable: "DB_ROOT_PASS" - variable: "DB_ROOT_PASS"
label: "MySQL Root Password" label: "Database Root Password"
description: | description: |
A secure password to be used by the "root" MySQL user. A secure password to be used by the "root" database user.
# default: # default:
required: true required: true
type: password type: password
- variable: "DB_USER_PASS" - variable: "DB_USER_PASS"
label: "MySQL User Password" label: "Database User Password"
description: | description: |
A secure password to be used by the "nextcloud_user" MySQL user. A secure password to be used by the "nextcloud_user" database user.
# default: # default:
required: true required: true
type: password type: password
@@ -68,7 +68,7 @@ catalog:
- variable: "REDIS" - variable: "REDIS"
label: "Enable Redis" label: "Enable Redis"
description: | description: |
Add a Redis container for memory caching. Must be setup manually. Add a Redis container for memory caching. Additional setup required, see README.
default: true default: true
required: true required: true
type: boolean type: boolean
@@ -79,18 +79,4 @@ catalog:
The directory to store persistent data for the stack. The directory to store persistent data for the stack.
default: "Personal/Nextcloud" default: "Personal/Nextcloud"
required: true required: true
type: string type: string
services:
nextcloud:
scale: 1
# health_check:
# port: ${HOST_HTTP_PORT}
# request_line: GET /healthcheck HTTP/1.0
# interval: 5000
# response_timeout: 2000
# healthy_threshold: 2
# unhealthy_threshold: 3
# strategy: none
mysql:
scale: 1

8
templates/Nextcloud/0/redis.config.php Normal file
View File

@@ -0,0 +1,8 @@
<?php
$CONFIG = array (
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
'host' => 'redis',
'port' => 6379,
),
);

14
templates/Nginx/0/README.md Normal file
View File

@@ -0,0 +1,14 @@
# Nginx
### Will continue this in the future
https://store.docker.com/_/nginx
### Full Example nginx.conf
https://www.nginx.com/resources/wiki/start/topics/examples/full/
## ToDo's
* Add better trusted proxies configuration

44
templates/Nginx/0/docker-compose.yml Normal file
View File

@@ -0,0 +1,44 @@
version: '2'
services:
nginx:
image: nginx:alpine
dns:
- 1.1.1.1
- 1.0.0.1
labels:
io.rancher.container.pull_image: always
{{- if .Values.HOST_LABEL}}
io.rancher.scheduler.affinity:host_label: ${HOST_LABEL}
{{- end}}
{{- if .Values.TRAEFIK_HOST}}
traefik.enable: true
### Start Web Segment
traefik.frontend.entryPoints: http,https
traefik.frontend.headers.forceSTSHeader: true
traefik.frontend.headers.referrerPolicy: no-referrer
traefik.frontend.headers.SSLRedirect: true
traefik.frontend.headers.STSPreload: true
traefik.frontend.headers.STSSeconds: 15552000
traefik.frontend.rule: Host:${TRAEFIK_HOST}
traefik.port: "80"
### End Web Segment
{{- else}}
traefik.enable: false
{{- end}}
networks:
- public-proxy
{{- if .Values.WEB_PORT}}
ports:
- "${WEB_PORT}:80"
{{- end}}
restart: on-failure
volumes:
{{- if eq .Values.PERSIST_CONF "true"}}
- /RancherCattle/${DATA_DIR}/Configuration:/etc/nginx
{{- end}}
- /RancherCattle/${DATA_DIR}/HTML:/usr/share/nginx/html
networks:
public-proxy:
external: true

51
templates/Nginx/0/rancher-compose.yml Normal file
View File

@@ -0,0 +1,51 @@
version: '2'
catalog:
name: Nginx
version: latest
# description:
# minimum_rancher_version:
# maximum_rancher_version:
# upgrade_from:
questions:
- variable: "HOST_LABEL"
label: "Host Label Key/Value Pair"
description: |
The Label Key/Value pair of the host which containers should be deployed
default: "host.id=Host1"
required: false
type: string
- variable: "TRAEFIK_HOST"
label: "Public Host Domain"
description: |
The host that Traefik will use to provide public access.
Leaving this empty will disable Traefik on this stack.
default: "subdomain.domain.tld"
required: false
type: string
- variable: "WEB_PORT"
label: "Web Port"
description: |
The port to locally access the web interface on.
Leaving this empty will disable opening any port on the host system.
default: "11000"
required: false
type: int
- variable: "PERSIST_CONF"
label: "Persistent Configuration"
description: |
Have a persistent congiguration directory.
default: true
required: true
type: boolean
- variable: "DATA_DIR"
label: "Data Directory"
description: |
The directory to store persistent data for the stack.
default: "Personal/Nginx"
required: true
type: string

7
templates/Nginx/Examples/Official-Full/README.md Normal file
View File

@@ -0,0 +1,7 @@
# Full Configuration Example
These example files were directly copied from:
https://www.nginx.com/resources/wiki/start/topics/examples/full/
They are **NOT** configured for this configuration, simply a generic reference.
Last updated: 9 December 2018

21
templates/Nginx/Examples/Official-Full/fastcgi.conf Normal file
View File

@@ -0,0 +1,21 @@
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_index index.php;
fastcgi_param REDIRECT_STATUS 200;

48
templates/Nginx/Examples/Official-Full/mime.types Normal file
View File

@@ -0,0 +1,48 @@
types {
text/html html htm shtml;
text/css css;
text/xml xml rss;
image/gif gif;
image/jpeg jpeg jpg;
application/x-javascript js;
text/plain txt;
text/x-component htc;
text/mathml mml;
image/png png;
image/x-icon ico;
image/x-jng jng;
image/vnd.wap.wbmp wbmp;
application/java-archive jar war ear;
application/mac-binhex40 hqx;
application/pdf pdf;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/zip zip;
application/octet-stream deb;
application/octet-stream bin exe dll;
application/octet-stream dmg;
application/octet-stream eot;
application/octet-stream iso img;
application/octet-stream msi msp msm;
audio/mpeg mp3;
audio/x-realaudio ra;
video/mpeg mpeg mpg;
video/quicktime mov;
video/x-flv flv;
video/x-msvideo avi;
video/x-ms-wmv wmv;
video/x-ms-asf asx asf;
video/x-mng mng;
}

70
templates/Nginx/Examples/Official-Full/nginx.conf Normal file
View File

@@ -0,0 +1,70 @@
user www www; ## Default: nobody
worker_processes 5; ## Default: 1
error_log logs/error.log;
pid logs/nginx.pid;
worker_rlimit_nofile 8192;
events {
worker_connections 4096; ## Default: 1024
}
http {
include conf/mime.types;
include /etc/nginx/proxy.conf;
include /etc/nginx/fastcgi.conf;
index index.html index.htm index.php;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] $status '
'"$request" $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
sendfile on;
tcp_nopush on;
server_names_hash_bucket_size 128; # this seems to be required for some vhosts
server { # php/fastcgi
listen 80;
server_name domain1.com www.domain1.com;
access_log logs/domain1.access.log main;
root html;
location ~ \.php$ {
fastcgi_pass 127.0.0.1:1025;
}
}
server { # simple reverse-proxy
listen 80;
server_name domain2.com www.domain2.com;
access_log logs/domain2.access.log main;
# serve static files
location ~ ^/(images|javascript|js|css|flash|media|static)/ {
root /var/www/virtual/big.server.com/htdocs;
expires 30d;
}
# pass requests for dynamic content to rails/turbogears/zope, et al
location / {
proxy_pass http://127.0.0.1:8080;
}
}
upstream big_server_com {
server 127.0.0.3:8000 weight=5;
server 127.0.0.3:8001 weight=5;
server 192.168.0.1:8000;
server 192.168.0.1:8001;
}
server { # simple load balancing
listen 80;
server_name big.server.com;
access_log logs/big.server.access.log main;
location / {
proxy_pass http://big_server_com;
}
}
}

10
templates/Nginx/Examples/Official-Full/proxy.conf Normal file
View File

@@ -0,0 +1,10 @@
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffers 32 4k;

3
templates/Nginx/Examples/SimpleStatic/README.md Normal file
View File

@@ -0,0 +1,3 @@
# Simple Static Content Example
This is an extremely simple configuration that works, close to what the default configuration would do.
This example does work with this Docker configuration, so it can simply be copied into the correct directory.

48
templates/Nginx/Examples/SimpleStatic/mime.types Normal file
View File

@@ -0,0 +1,48 @@
types {
text/html html htm shtml;
text/css css;
text/xml xml rss;
image/gif gif;
image/jpeg jpeg jpg;
application/x-javascript js;
text/plain txt;
text/x-component htc;
text/mathml mml;
image/png png;
image/x-icon ico;
image/x-jng jng;
image/vnd.wap.wbmp wbmp;
application/java-archive jar war ear;
application/mac-binhex40 hqx;
application/pdf pdf;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/zip zip;
application/octet-stream deb;
application/octet-stream bin exe dll;
application/octet-stream dmg;
application/octet-stream eot;
application/octet-stream iso img;
application/octet-stream msi msp msm;
audio/mpeg mp3;
audio/x-realaudio ra;
video/mpeg mpeg mpg;
video/quicktime mov;
video/x-flv flv;
video/x-msvideo avi;
video/x-ms-wmv wmv;
video/x-ms-asf asx asf;
video/x-mng mng;
}

25
templates/Nginx/Examples/SimpleStatic/nginx.conf Normal file
View File

@@ -0,0 +1,25 @@
user nobody;
worker_processes 5; ## Default: 1
worker_rlimit_nofile 8192;
events {
worker_connections 4096; ## Default: 1024
}
http {
include /etc/nginx/mime.types;
index index.html;
default_type application/octet-stream;
sendfile on;
tcp_nopush on;
server {
listen 80;
server_name _;
# serve static files
location / {
root /usr/share/nginx/html;
}
}

8
templates/Nginx/config.yml Normal file
View File

@@ -0,0 +1,8 @@
name: Nginx
description: |
A web server with a strong focus on high concurrency, performance and low memory usage.
version: latest
# category:
maintainer: WilliamMiceli
# license:
# projectURL:

10
templates/OpenProject/0/README.md
View File

@@ -1 +1,9 @@
# OpenProject # OpenProject
https://github.com/opf/openproject/blob/dev/docs/configuration/configuration.md
##### Default admin login
User: admin
Pass: admin
Please make sure to set "https" mode within system settings after setup is completed.

72
templates/OpenProject/0/docker-compose.yml
View File

@@ -1,23 +1,59 @@
version: '2' version: '2'
services: services:
openproject: memcached:
image: openproject/community:7 image: memcached:latest
volumes_from: dns:
- openproject-data - 1.1.1.1
ports: - 1.0.0.1
- ${OPENPROJECT_PORT}:80
labels: labels:
io.rancher.container.pull_image: always io.rancher.container.pull_image: always
io.rancher.sidekicks: openproject-data {{- if .Values.HOST_LABEL}}
io.rancher.container.hostname_override: container_name io.rancher.scheduler.affinity:host_label: ${HOST_LABEL}
openproject-data: {{- end}}
image: openproject/community:7 restart: on-failure
entrypoint: openproject:
- /bin/true image: openproject/community:latest
volumes: dns:
- /var/lib/postgresql/9.4/main - 1.1.1.1
- /var/log/supervisor - 1.0.0.1
- /var/db/openproject environment:
CACHE_MEMCACHE_SERVER: memcached
CACHE_NAMESPACE: openproject
SECRET_KEY_BASE: ${SECRET_KEY}
labels: labels:
io.rancher.container.start_once: 'true' io.rancher.container.pull_image: always
io.rancher.container.hostname_override: container_name {{- if .Values.HOST_LABEL}}
io.rancher.scheduler.affinity:host_label: ${HOST_LABEL}
{{- end}}
{{- if .Values.TRAEFIK_HOST}}
traefik.enable: true
### Start Web Segment
traefik.web.frontend.entryPoints: http,https
traefik.web.frontend.headers.forceSTSHeader: true
traefik.web.frontend.headers.SSLRedirect: true
traefik.web.frontend.headers.STSPreload: true
traefik.web.frontend.headers.STSSeconds: 15552000
traefik.web.frontend.redirect.entryPoint: https
traefik.web.frontend.redirect.permanent: true
traefik.web.frontend.rule: Host:${TRAEFIK_HOST}
traefik.web.port: "80"
### End Web Segment
{{- else}}
traefik.enable: false
{{- end}}
links:
- memcached
networks:
- public-proxy # Used for the connection to the Traefik container for public access
ports:
- "${WEB_PORT}:80"
restart: on-failure
volumes:
- /RancherCattleData/${DATA_DIR}/Database:/var/lib/postgresql/9.6/main
- /RancherCattleData/${DATA_DIR}/Logs:/var/log/supervisor
- /RancherCattleData/${DATA_DIR}/Static:/var/db/openproject
networks:
public-proxy:
external: true

52
templates/OpenProject/0/rancher-compose.yml
View File

@@ -6,18 +6,46 @@ catalog:
# minimum_rancher_version: # minimum_rancher_version:
# maximum_rancher_version: # maximum_rancher_version:
# upgrade_from: # upgrade_from:
# uuid:
questions: questions:
- variable: OPENPROJECT_PORT - variable: "HOST_LABEL"
label: Port label: "Host Label Key/Value Pair"
default: 80 description: |
required: true The Key/Value pair of the host which the stack should be deployed.
type: int default: "host.id=Host1"
required: false
type: string
services: - variable: "TRAEFIK_HOST"
openproject: label: "Public Host Domain"
scale: 1 description: |
start_on_create: true The host that Traefik will use to provide public access.
openproject-data: Leaving this empty will disable Traefik on this stack.
scale: 1 default: "subdomain.domain.tld"
start_on_create: true required: false
type: string
- variable: "WEB_PORT"
label: "Local Web Port"
description: |
The port to locally access the web interface on.
default: "10800"
required: true
type: string
- variable: "SECRET_KEY"
label: "Secret Key Base"
description: |
A randomly generated string for encryption purposes
# default:
required: true
type: password
- variable: "DATA_DIR"
label: "Data Directory"
description: |
The directory to store persistent data for the stack.
default: "Personal/OpenProject"
required: true
type: string

4
templates/OpenProject/config.yml
View File

@@ -1,7 +1,7 @@
name: OpenProject name: OpenProject
description: | description: |
Status: NOT READY A web-based project management system for location-independent team collaboration.
# version: version: latest
category: Productivity category: Productivity
maintainer: WilliamMiceli maintainer: WilliamMiceli
# license: # license:

3
templates/PHPMyAdmin/0/README.md Normal file
View File

@@ -0,0 +1,3 @@
# phpMyAdmin
https://hub.docker.com/r/phpmyadmin/phpmyadmin/

36
templates/PHPMyAdmin/0/docker-compose.yml Normal file
View File

@@ -0,0 +1,36 @@
version: '2'
services:
phpmyadmin:
image: phpmyadmin/phpmyadmin:latest
dns:
- 1.1.1.1
- 1.0.0.1
environment:
PMA_ARBITRARY: 1 # Allows the user to specify any arbitrary server using address/hostname and port
{{- if .Values.SERVICE_LINK_1}}
external_links:
- ${SERVICE_LINK_1}{{- if .Values.SERVICE_LINK_1_ALIAS}}:${SERVICE_LINK_1_ALIAS}{{- end}}
{{- if .Values.SERVICE_LINK_2}}
- ${SERVICE_LINK_2}{{- if .Values.SERVICE_LINK_2_ALIAS}}:${SERVICE_LINK_2_ALIAS}{{- end}}
{{- end}}
{{- if .Values.SERVICE_LINK_3}}
- ${SERVICE_LINK_3}{{- if .Values.SERVICE_LINK_3_ALIAS}}:${SERVICE_LINK_3_ALIAS}{{- end}}
{{- end}}
{{- end}}
labels:
io.rancher.container.pull_image: always
{{- if .Values.HOST_LABEL}}
io.rancher.scheduler.affinity:host_label: ${HOST_LABEL}
{{- end}}
traefik.enable: true
### Start Web Segment
traefik.web.frontend.entryPoints: http,https
traefik.web.frontend.headers.forceSTSHeader: true
traefik.web.frontend.headers.SSLRedirect: true
traefik.web.frontend.headers.STSPreload: true
traefik.web.frontend.headers.STSSeconds: 15552000
traefik.web.frontend.rule: Host:${TRAEFIK_HOST}
traefik.web.port: "80"
### End Web Segment
restart: on-failure

71
templates/PHPMyAdmin/0/rancher-compose.yml Normal file
View File

@@ -0,0 +1,71 @@
version: '2'
catalog:
name: PHPMyAdmin
version: latest
# description:
# minimum_rancher_version:
# maximum_rancher_version:
# upgrade_from:
# uuid:
questions:
- variable: "HOST_LABEL"
label: "Host Label Key/Value Pair"
description: |
The Key/Value pair of the host which the stack should be deployed.
default: "host.id=Host1"
required: false
type: string
- variable: "TRAEFIK_HOST"
label: "Public Host Domain"
description: |
The host that Traefik will use to provide public access.
default: "subdomain.domain.tld"
required: true
type: string
- variable: "SERVICE_LINK_1"
label: "Service 1"
description: |
(Optional) Create a link to another service
required: false
type: service
- variable: "SERVICE_LINK_1_ALIAS"
label: "Service 1 Alias"
description: |
(Optional) Create an alias for the service
# default:
required: false
type: string
- variable: "SERVICE_LINK_2"
label: "Service 2"
description: |
(Optional) Create a link to another service
required: false
type: service
- variable: "SERVICE_LINK_2_ALIAS"
label: "Service 2 Alias"
description: |
(Optional) Create an alias for the service
# default:
required: false
type: string
- variable: "SERVICE_LINK_3"
label: "Service 3"
description: |
(Optional) Create a link to another service
required: false
type: service
- variable: "SERVICE_LINK_3_ALIAS"
label: "Service 3 Alias"
description: |
(Optional) Create an alias for the service
# default:
required: false
type: string

8
templates/PHPMyAdmin/config.yml Normal file
View File

@@ -0,0 +1,8 @@
name: phpMyAdmin
description: |
A free and open source administration tool for MySQL and MariaDB.
version: latest
category: Database Administration
maintainer: WilliamMiceli
# license:
# projectURL:

7
templates/Snipe-IT/0/README.md
View File

@@ -4,4 +4,9 @@
### Generate Your App Key Using: ### Generate Your App Key Using:
`php artisan key:generate` `php artisan key:generate`
https://snipe-it.readme.io/docs/generate-your-app-key https://snipe-it.readme.io/docs/generate-your-app-key
### After upgrading to a later version, use:
`php artisan migrate`
Also use if upon starting for the first time, and you get an error, as this may fix it

37
templates/Snipe-IT/0/docker-compose.yml
View File

@@ -3,47 +3,60 @@ services:
snipe-it: snipe-it:
image: snipe/snipe-it:latest image: snipe/snipe-it:latest
depends_on:
- mysql
dns: dns:
- 1.1.1.1 - 1.1.1.1
- 1.0.0.1 - 1.0.0.1
environment: environment:
APP_ENV: production APP_ENV: production # [ development | production ]
APP_DEBUG: false APP_DEBUG: false
APP_URL: ${URL}:${WEB_PORT} APP_URL: https://${TRAEFIK_HOST} # No port number needed
APP_KEY: ${APP_KEY} APP_KEY: ${APP_KEY}
MYSQL_HOST: mysql MYSQL_HOST: mysql
MYSQL_DATABASE: snipeit MYSQL_DATABASE: snipeit_db
MYSQL_USER: snipe_user MYSQL_USER: snipeit_user
MYSQL_PASSWORD: ${DB_USER_PASS} MYSQL_PASSWORD: ${DB_USER_PASS}
labels: labels:
io.rancher.container.pull_image: always io.rancher.container.pull_image: always
{{- if .Values.HOST_LABEL}} {{- if .Values.HOST_LABEL}}
io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} io.rancher.scheduler.affinity:host_label: ${HOST_LABEL}
{{- end}} {{- end}}
traefik.enable: true
### Start Web Segment
traefik.web.frontend.entryPoints: http,https
traefik.web.frontend.headers.forceSTSHeader: true
traefik.web.frontend.headers.referrerPolicy: no-referrer # Security enhancement (Prevents leaking of referer information)
traefik.web.frontend.headers.SSLRedirect: true
traefik.web.frontend.headers.STSPreload: true
traefik.web.frontend.headers.STSSeconds: 15552000
traefik.web.frontend.rule: Host:${TRAEFIK_HOST}
traefik.web.port: "80"
### End Web Segment
links: links:
- mysql - mysql
ports:
- "${WEB_PORT}:80"
restart: on-failure restart: on-failure
volumes: volumes:
- /RancherCattleData/${DATA_DIR}/Application:/var/lib/snipeit - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system
- /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system
- /RancherCattle/${DATA_DIR}/Application:/var/lib/snipeit
- /RancherCattle/${DATA_DIR}/Backups:/var/www/html/storage/app/backups
mysql: mysql:
image: mysql:5 image: mysql:5
dns: dns:
- 1.1.1.1 - 1.1.1.1
- 1.0.0.1 - 1.0.0.1
environment: environment:
MYSQL_DATABASE: snipeit MYSQL_DATABASE: snipeit_db
MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASS} MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASS}
MYSQL_USER: snipe_user MYSQL_USER: snipeit_user
MYSQL_PASSWORD: ${DB_USER_PASS} MYSQL_PASSWORD: ${DB_USER_PASS}
labels: labels:
io.rancher.container.pull_image: always io.rancher.container.pull_image: always
{{- if (.Values.HOST_LABEL)}} {{- if (.Values.HOST_LABEL)}}
io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} io.rancher.scheduler.affinity:host_label: ${HOST_LABEL}
{{- end}} {{- end}}
traefik.enable: false
restart: on-failure restart: on-failure
volumes: volumes:
- /RancherCattleData/${DATA_DIR}/Database:/var/lib/mysql - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system
- /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system
- /RancherCattle/${DATA_DIR}/Database:/var/lib/mysql

30
templates/Snipe-IT/0/rancher-compose.yml
View File

@@ -1,6 +1,6 @@
version: '2' version: '2'
catalog: catalog:
name: SnipeIT name: Snipe-IT
version: latest version: latest
# description: # description:
# minimum_rancher_version: # minimum_rancher_version:
@@ -11,24 +11,16 @@ catalog:
- variable: "HOST_LABEL" - variable: "HOST_LABEL"
label: "Host Label Key/Value Pair" label: "Host Label Key/Value Pair"
description: | description: |
The Label Key/Value pair on the host which containers should be deployed The Label Key/Value pair of the host which containers should be deployed
default: "host.id=Host1" default: "host.id=Host1"
required: false required: false
type: string type: string
- variable: "URL" - variable: "TRAEFIK_HOST"
label: "URL" label: "Public Host Domain"
description: | description: |
The domain or hostname the service can be accessed at. The host that Traefik will use to provide public access.
default: "http://localhost" default: "subdomain.domain.tld"
required: true
type: string
- variable: "WEB_PORT"
label: "Local Web Port"
description: |
The port to locally access the web interface on.
default: "10300"
required: true required: true
type: string type: string
@@ -41,17 +33,17 @@ catalog:
type: string type: string
- variable: "DB_ROOT_PASS" - variable: "DB_ROOT_PASS"
label: "MySQL Root Password" label: "Database Root Password"
description: | description: |
A secure password to be used by the "root" MySQL user. A secure password to be used by the "root" database user.
# default: # default:
required: true required: true
type: password type: password
- variable: "DB_USER_PASS" - variable: "DB_USER_PASS"
label: "MySQL User Password" label: "Database User Password"
description: | description: |
A secure password to be used by the "snipe_user" MySQL user. A secure password to be used by the "snipeit_user" database user.
# default: # default:
required: true required: true
type: password type: password
@@ -59,6 +51,6 @@ catalog:
- variable: "APP_KEY" - variable: "APP_KEY"
label: "Encryption Key" label: "Encryption Key"
description: | description: |
A random 32-Character string which will be used for encryption. See README.
required: true required: true
type: password type: password

2
templates/Snipe-IT/config.yml
View File

@@ -1,6 +1,6 @@
name: Snipe-IT name: Snipe-IT
description: | description: |
Status: NOT READY Free, open source IT asset and license management system.
version: latest version: latest
category: Asset Management category: Asset Management
maintainer: WilliamMiceli maintainer: WilliamMiceli

12
templates/Traefik/0/README.md
View File

@@ -1 +1,11 @@
# Traefik # Traefik
## About
## Pre-Depoloyment
* Create a "traefik.toml" file to configure Traefik how you would like for it to function
* This will go in the `<Stack Directory>/Configuration` directory
* Examples for what it should contain:
* [Docker](https://docs.traefik.io/configuration/backends/docker/)
* [Rancher](https://docs.traefik.io/configuration/backends/rancher/)

15
templates/Traefik/0/docker-compose.yml
View File

@@ -14,20 +14,17 @@ services:
{{- if (.Values.HOST_LABEL)}} {{- if (.Values.HOST_LABEL)}}
io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} io.rancher.scheduler.affinity:host_label: ${HOST_LABEL}
{{- end}} {{- end}}
networks:
- public-proxy # This is used for connecting to other containers, which need to be part of this network as well
ports: ports:
- "${DASHBOARD_PORT}:8080"
- "80:80" # HTTP - "80:80" # HTTP
- "443:443" # HTTPS - "443:443" # HTTPS
- "1022:22" # SSH - "1022:22" # SSH
- "5050:5050" # Eclipse Che Multi-User Required - "5050:5050" # Eclipse Che Multi-User Required
- "${DASHBOARD_PORT}:8080"
restart: always restart: always
volumes: volumes:
- /var/run/docker.sock:/var/run/docker.sock - /var/run/docker.sock:/var/run/docker.sock
- /RancherCattleConfig/${DATA_DIR}/traefik.toml:/traefik.toml - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system
- /RancherCattleConfig/${DATA_DIR}/acme:/etc/traefik/acme # For Let's Encrypt certificates - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system
- /RancherCattleConfig/${DATA_DIR}/logs:/external/logs - /RancherCattle/${DATA_DIR}/Configuration/traefik.toml:/traefik.toml
- /RancherCattle/${DATA_DIR}/LetsEncrypt/acme.json:/acme.json # For Let's Encrypt certificates
networks: - /RancherCattle/${DATA_DIR}/Logs:/external/logs
public-proxy:

4
templates/Traefik/0/rancher-compose.yml
View File

@@ -12,7 +12,7 @@ catalog:
- variable: "HOST_LABEL" - variable: "HOST_LABEL"
label: "Host Label Key/Value Pair" label: "Host Label Key/Value Pair"
description: | description: |
The Key/Value pair on the host which the stack should be deployed. The Key/Value pair of the host which the stack should be deployed.
default: "host.id=Proxy1" default: "host.id=Proxy1"
required: false required: false
type: string type: string
@@ -21,7 +21,7 @@ catalog:
label: "Dashboard Port" label: "Dashboard Port"
description: | description: |
The port to access the dashboard interface on. The port to access the dashboard interface on.
default: "1200" default: "10"
required: true required: true
type: string type: string

5
templates/WordPress/0/README.md Normal file
View File

@@ -0,0 +1,5 @@
# WordPress
## ToDo's
* Add better trusted proxies configuration

56
templates/WordPress/0/docker-compose.yml Normal file
View File

@@ -0,0 +1,56 @@
version: '2'
services:
wordpress:
image: wordpress:latest
dns:
- 1.1.1.1
- 1.0.0.1
environment:
WORDPRESS_DB_HOST: mysql
WORDPRESS_DB_NAME: wordpress_db
WORDPRESS_DB_USER: wordpress_user
WORDPRESS_DB_PASSWORD: ${DB_USER_PASS}
labels:
io.rancher.container.pull_image: always
{{- if .Values.HOST_LABEL}}
io.rancher.scheduler.affinity:host_label: ${HOST_LABEL}
{{- end}}
traefik.enable: true
### Start Web Segment
traefik.web.frontend.entryPoints: http,https
traefik.web.frontend.headers.forceSTSHeader: true
traefik.web.frontend.headers.referrerPolicy: no-referrer # Security enhancement (Prevents leaking of referer information)
traefik.web.frontend.headers.SSLRedirect: true
traefik.web.frontend.headers.STSPreload: true
traefik.web.frontend.headers.STSSeconds: 15552000
traefik.web.frontend.rule: Host:${TRAEFIK_HOST}
traefik.web.port: "80"
### End Web Segment
links:
- mysql
restart: on-failure
volumes:
- /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system
- /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system
- /RancherCattle/${DATA_DIR}/Wordpress:/var/www/html
mysql:
image: mysql:5
dns:
- 1.1.1.1
- 1.0.0.1
environment:
MYSQL_DATABASE: wordpress_db
MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASS}
MYSQL_USER: wordpress_user
MYSQL_PASSWORD: ${DB_USER_PASS}
labels:
io.rancher.container.pull_image: always
{{- if .Values.HOST_LABEL}}
io.rancher.scheduler.affinity:host_label: ${HOST_LABEL}
{{- end}}
restart: on-failure
volumes:
- /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system
- /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system
- /RancherCattle/${DATA_DIR}/Database:/var/lib/mysql

49
templates/WordPress/0/rancher-compose.yml Normal file
View File

@@ -0,0 +1,49 @@
version: '2'
catalog:
name: WordPress
version: latest
# description:
# minimum_rancher_version:
# maximum_rancher_version:
# upgrade_from:
questions:
- variable: "HOST_LABEL"
label: "Host Label Key/Value Pair"
description: |
The Label Key/Value pair of the host which containers should be deployed
default: "host.id=Host1"
required: false
type: string
- variable: "TRAEFIK_HOST"
label: "Public Host Domain"
description: |
The host that Traefik will use to provide public access.
default: "subdomain.domain.tld"
required: true
type: string
- variable: "DB_ROOT_PASS"
label: "Database Root Password"
description: |
A secure password to be used by the "root" database user.
# default:
required: true
type: password
- variable: "DB_USER_PASS"
label: "MySQL User Password"
description: |
A secure password to be used by the "wordpress_user" database user.
# default:
required: true
type: password
- variable: "DATA_DIR"
label: "Data Directory"
description: |
The directory to store persistent data for the stack.
default: "Personal/Wordpress"
required: true
type: string

8
templates/WordPress/config.yml Normal file
View File

@@ -0,0 +1,8 @@
name: WordPress
description: |
Status: EXPERIMENTAL
version: latest
# category:
maintainer: WilliamMiceli
# license:
# projectURL:

15
templates/XWiki/0/README.md Normal file
View File

@@ -0,0 +1,15 @@
# XWiki
## Will continue this later
<https://store.docker.com/_/xwiki>
## Popular Configuration Articles
* [https://www.xwiki.org/xwiki/bin/view/Documentation/AdminGuide/Configuration/]
* [https://www.xwiki.org/xwiki/bin/view/Documentation/AdminGuide/Virtualization/]
* [https://www.xwiki.org/xwiki/bin/view/Documentation/AdminGuide/ShortURLs/]
### TODO
* Fix issue with some page assets being delivered over http instead of https
* Document setting up domain DNS for [wildcard Let's Encrypt certificates](https://docs.traefik.io/configuration/acme/#wildcard-domains)

57
templates/XWiki/0/docker-compose.yml Normal file
View File

@@ -0,0 +1,57 @@
version: '2'
services:
xwiki:
image: xwiki:stable-postgres-tomcat
dns:
- 1.1.1.1
- 1.0.0.1
environment:
DB_HOST: postgresql
DB_DATABASE: xwiki_db
DB_USER: xwiki_user
DB_PASSWORD: ${DB_USER_PASS}
labels:
io.rancher.container.pull_image: always
{{- if .Values.HOST_LABEL}}
io.rancher.scheduler.affinity:host_label: ${HOST_LABEL}
{{- end}}
traefik.enable: true
### Start Web Segment
traefik.web.frontend.entryPoints: http, https
traefik.web.frontend.headers.forceSTSHeader: true
traefik.web.frontend.headers.referrerPolicy: no-referrer
traefik.web.frontend.headers.SSLRedirect: true
traefik.web.frontend.headers.STSPreload: true
traefik.web.frontend.headers.STSSeconds: 15552000
traefik.web.frontend.rule: "Host:${TRAEFIK_HOST}" # HostRegexp:${TRAEFIK_HOST},{subdomain:.+}.
traefik.web.port: "8080"
### End Web Segment
links:
- postgresql
restart: on-failure
volumes:
- /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system
- /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system
- /RancherCattle/${DATA_DIR}/XWiki:/usr/local/xwiki
postgresql:
image: postgres:alpine
dns:
- 1.1.1.1
- 1.0.0.1
environment:
POSTGRES_INITDB_ARGS: "--encoding=UTF8"
POSTGRES_DB: xwiki_db
POSTGRES_ROOT_PASSWORD: ${DB_ROOT_PASS}
POSTGRES_USER: xwiki_user
POSTGRES_PASSWORD: ${DB_USER_PASS}
labels:
io.rancher.container.pull_image: always
{{- if .Values.HOST_LABEL}}
io.rancher.scheduler.affinity:host_label: ${HOST_LABEL}
{{- end}}
restart: on-failure
volumes:
- /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system
- /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system
- /RancherCattle/${DATA_DIR}/Database:/var/lib/postgresql/data

49
templates/XWiki/0/rancher-compose.yml Normal file
View File

@@ -0,0 +1,49 @@
version: '2'
catalog:
name: XWiki
version: latest
# description:
# minimum_rancher_version:
# maximum_rancher_version:
# upgrade_from:
questions:
- variable: "HOST_LABEL"
label: "Host Label Key/Value Pair"
description: |
The Label Key/Value pair of the host which containers should be deployed
default: "host.id=Host3"
required: false
type: string
- variable: "TRAEFIK_HOST"
label: "Public Host Domain"
description: |
The host that Traefik will use to provide public access.
default: "subdomain.domain.tld"
required: true
type: string
- variable: "DB_ROOT_PASS"
label: "Database Root Password"
description: |
A secure password to be used by the "root" database user.
# default:
required: true
type: password
- variable: "DB_USER_PASS"
label: "Database User Password"
description: |
A secure password to be used by the "xwiki_user" database user.
# default:
required: true
type: password
- variable: "DATA_DIR"
label: "Data Directory"
description: |
The directory to store persistent data for the stack.
default: "Personal/XWiki"
required: true
type: string

8
templates/XWiki/config.yml Normal file
View File

@@ -0,0 +1,8 @@
name: XWiki
description: |
Status: EXPERIMENTAL
version: latest
category: Wiki
maintainer: WilliamMiceli
# license:
# projectURL: