Initial commit - forked from the corresponding Smartfront repositories.

2023-09-11 18:01:37 +02:00
commit 7803630c76
53 changed files with 12259 additions and 0 deletions
--- a/.templates/apache2/apache2.conf
+++ b/.templates/apache2/apache2.conf
@ -0,0 +1,95 @@
+# Apache2 configuration for a virtualhost proxied to a Docker service.
+# Uses https://github.com/acmesh-official/acme.sh to manage SSL certificates.
+
+<VirtualHost *:80 >
+    ServerAdmin         webmaster@$PAR_SERVERNAME
+    ServerName          $PAR_SERVERNAME
+#   ServerAlias         $PAR_SERVERNAMES
+    DocumentRoot	/var/www/html
+
+    # Common log settings.
+    ErrorLog            $PAR_SERVICE/logs/web/error.log
+    CustomLog           $PAR_SERVICE/logs/web/access.log combined
+
+    # Custom error messages.
+    <IfModule mod_macro.c>
+	<Macro try_other $response>
+	    ErrorDocument $response "<span style='font-size: x-large'>Sorry try <a href='http://$PAR_SERVERNAME/$PAR_LOCATION'>http://$PAR_SERVERNAME/$PAR_LOCATION</a> instead.</span>"
+	</Macro>
+	<Macro try_later $response>
+	    ErrorDocument $response "<span style='font-size: x-large'>Sorry something went wrong. Try again a bit later.<br>\
+                                     You may report this at <a href='mailto:webmaster@$PAR_SERVERNAME'>webmaster@$PAR_SERVERNAME</a>.</span>"
+	</Macro>
+    </IfModule>
+
+    # Permanent redirect to https.
+    <IfModule mod_rewrite.c>
+#	RewriteEngine On
+#	RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
+    </IfModule>
+
+    # No static service.
+    # Sequence matters: http://httpd.apache.org/docs/2.4/sections.html#file-and-web
+#   <Location />
+#	Require all denied
+#	# Custom error message.
+#	<IfModule mod_macro.c>
+#    	    Use try_other 403
+#    	    Use try_other 404
+#	</IfModule>
+#   </Location>
+
+    # Let's Encrypt (acme.sh) support.
+    <Location /.well-known/>
+	<IfModule mod_proxy.c>
+            Require all granted
+            ProxyPreserveHost On
+    	    ProxyPass http://$PAR_ACMEHOST:$PAR_ACMEPORT/
+	    ProxyPassReverse http://$PAR_ACMEHOST:$PAR_ACMEPORT/
+	    # Custom error message.
+	    <IfModule mod_macro.c>
+        	Use try_later 500
+        	Use try_later 502
+        	Use try_later 503
+        	Use try_later 504
+	    </IfModule>
+	</IfModule>
+	<IfModule !mod_proxy.c>
+	    # Custom error message.
+	    <IfModule mod_macro.c>
+        	Use try_other 403
+        	Use try_other 404
+	    </IfModule>
+	</IfModule>
+    </Location>
+
+    <Location /$PAR_LOCATION>
+	<IfModule mod_proxy.c>
+            Require all granted
+            ProxyPreserveHost On
+    	    ProxyPass http://$PAR_PROXYHOST:$PAR_PROXYPORT/$PAR_LOCATION
+	    ProxyPassReverse http://$PAR_PROXYHOST:$PAR_PROXYPORT/$PAR_LOCATION
+	    # Custom error message.
+	    <IfModule mod_macro.c>
+        	Use try_later 500
+        	Use try_later 502
+        	Use try_later 503
+        	Use try_later 504
+	    </IfModule>
+	</IfModule>
+	<IfModule !mod_proxy.c>
+	    # Custom error message.
+	    <IfModule mod_macro.c>
+        	Use try_later 403
+        	Use try_later 404
+	    </IfModule>
+	</IfModule>
+    </Location>
+
+    # XSS protection
+    <IfModule mod_headers.c>
+        Header set X-Frame-Options SAMEORIGIN
+        Header set X-Content-Type-Options nosniff
+    </IfModule>
+
+</Virtualhost>
--- a/.templates/apache2/apache2_ssl.conf
+++ b/.templates/apache2/apache2_ssl.conf
@ -0,0 +1,111 @@
+# Apache2 SSL configuration for a virtualhost proxied to a Docker service.
+# Uses https://github.com/acmesh-official/acme.sh to manage SSL certificates.
+
+<IfModule mod_ssl.c>
+    <VirtualHost *:443 >
+	ServerAdmin     webmaster@$PAR_SERVERNAME
+	ServerName      $PAR_SERVERNAME
+#   	ServerAlias     $PAR_SERVERNAMES
+	DocumentRoot	/var/www/html
+
+	# Common log settings.
+	ErrorLog            $PAR_SERVICE/logs/web/error.log
+	CustomLog           $PAR_SERVICE/logs/web/access.log combined
+
+	# Custom error messages.
+	<IfModule mod_macro.c>
+	    <Macro try_other $response>
+		ErrorDocument $response "<span style='font-size: x-large'>Sorry try <a href='http://$PAR_SERVERNAME/$PAR_LOCATION'>http://$PAR_SERVERNAME/$PAR_LOCATION</a> instead.</span>"
+	    </Macro>
+	    <Macro try_later $response>
+		ErrorDocument $response "<span style='font-size: x-large'>Sorry something went wrong. Try again a bit later.<br>\
+        	                         You may report this at <a href='mailto:webmaster@$PAR_SERVERNAME'>webmaster@$PAR_SERVERNAME</a>.</span>"
+	    </Macro>
+        </IfModule>
+
+	# No static service.
+	# Sequence matters: http://httpd.apache.org/docs/2.4/sections.html#file-and-web
+#	<Location />
+#	    Require all denied
+#	    # Custom error message.
+#	    <IfModule mod_macro.c>
+#    		Use try_other 403
+#    		Use try_other 404
+#	    </IfModule>
+#	</Location>
+
+	# Let's Encrypt (acme.sh) support.
+	<Location /.well-known/>
+	    <IfModule mod_proxy.c>
+        	Require all granted
+        	ProxyPreserveHost On
+    		ProxyPass http://$PAR_ACMEHOST:$PAR_ACMEPORT/
+		ProxyPassReverse http://$PAR_ACMEHOST:$PAR_ACMEPORT/
+		# Custom error message.
+		<IfModule mod_macro.c>
+        	    Use try_later 500
+        	    Use try_later 502
+        	    Use try_later 503
+        	    Use try_later 504
+		</IfModule>
+	    </IfModule>
+	    <IfModule !mod_proxy.c>
+		# Custom error message.
+		<IfModule mod_macro.c>
+        	    Use try_other 403
+        	    Use try_other 404
+		</IfModule>
+	    </IfModule>
+	</Location>
+
+        <Location /$PAR_LOCATION>
+	    <IfModule mod_proxy.c>
+        	Require all granted
+        	ProxyPreserveHost On
+    		ProxyPass http://$PAR_PROXYHOST:$PAR_PROXYPORT/$PAR_LOCATION
+		ProxyPassReverse http://$PAR_PROXYHOST:$PAR_PROXYPORT/$PAR_LOCATION
+		# Custom error message.
+		<IfModule mod_macro.c>
+        	    Use try_later 500
+        	    Use try_later 502
+        	    Use try_later 503
+        	    Use try_later 504
+		</IfModule>
+	    </IfModule>
+	    <IfModule !mod_proxy.c>
+		# Custom error message.
+		<IfModule mod_macro.c>
+        	    Use try_later 403
+        	    Use try_later 404
+		</IfModule>
+	    </IfModule>
+	</Location>
+
+	##################################################################################
+	# The SSL part
+	# https://ssl-config.mozilla.org/
+
+	SSLEngine on
+	SSLCertificateFile	$PAR_SERVICE/configs/acme/$PAR_SERVERNAME/fullchain.cer
+	SSLCertificateKeyFile   $PAR_SERVICE/configs/acme/$PAR_SERVERNAME/$PAR_SERVERNAME.key
+
+	# Settings to achieve 'A' grade on https://www.ssllabs.com/ssltest/
+	SSLProtocol             all -SSLv3 -TLSv1 -TLSv1.1
+	SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
+	SSLHonorCipherOrder     off
+	SSLSessionTickets       off
+
+	# HTTP/2, if available.
+	<IfModule mod_http2.c>
+	    Protocols h2 http/1.1
+	</IfModule>
+
+	# HTTP Strict Transport Security and XSS protection.
+        <IfModule mod_headers.c>
+	    Header always set Strict-Transport-Security "max-age=63072000"
+	    Header set X-Frame-Options SAMEORIGIN
+	    Header set X-Content-Type-Options nosniff
+	</IfModule>
+
+    </Virtualhost>
+</IfModule>
--- a/.templates/apache2/sites-available/services.conf
+++ b/.templates/apache2/sites-available/services.conf
@ -0,0 +1,2 @@
+# Includes the Docker services' configurations.
+IncludeOptional $PAR_SERVICEBASE/.apache2/*.conf