From: Christian Heller Date: Tue, 31 Mar 2020 21:03:31 +0000 (+0200) Subject: Add dumpsite setup. X-Git-Url: https://plomlompom.com/repos/todos?a=commitdiff_plain;h=792e3fed828682fec088f47f29e8fadf453cc723;p=config Add dumpsite setup. --- diff --git a/buster/apt-mark/dumpsite b/buster/apt-mark/dumpsite new file mode 100644 index 0000000..6cab441 --- /dev/null +++ b/buster/apt-mark/dumpsite @@ -0,0 +1 @@ +pwgen diff --git a/buster/etc_files/dumpsite/etc/nginx/sites-available/dumpsite.nginx b/buster/etc_files/dumpsite/etc/nginx/sites-available/dumpsite.nginx new file mode 100644 index 0000000..bb723d2 --- /dev/null +++ b/buster/etc_files/dumpsite/etc/nginx/sites-available/dumpsite.nginx @@ -0,0 +1,18 @@ +server { + listen 443 ssl; + server_name REPLACE_fqdn_ECALPER; + ssl_certificate /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/privkey.pem; + root /var/www-dump/; + index index.html index.htm index.nginx-debian.html; + + location /dump/ { + autoindex on; + } + + location /geheim/ { + auth_basic "geheim geheim"; + auth_basic_user_file /var/www-dump/password_geheim; + autoindex on; + } +} diff --git a/buster/setup_scripts/setup_dumpsite.sh b/buster/setup_scripts/setup_dumpsite.sh new file mode 100755 index 0000000..7d0a464 --- /dev/null +++ b/buster/setup_scripts/setup_dumpsite.sh @@ -0,0 +1,38 @@ +#!/bin/sh +set -e +set -x +w +if [ "$#" -ne 2 ]; then + echo 'Need domain name and mail.' + false +fi +domain="$1" +mail="$2" + +# Install configs, set up firewall. +config_tree_prefix="${HOME}/config/buster" +./install_for_target.sh web dumpsite +./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" web dumpsite +nft -f /etc/nftables.conf + +# Set up letsencrypt certificate. TODO: Is it auto-renewed? +ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default +certbot --nginx --agree-tos --redirect --no-eff-email -m "${mail}" -d "${domain}" +rm /etc/nginx/sites-enabled/default + +# Set up dump dirs. +mkdir /var/www-dump +chown plom:plom /var/www-dump +dump_dir=dump +geheim_dir=geheim +su -lc "mkdir ${dump_dir} ${geheim_dir}" +su -lc "ln -s ${dump_dir} /var/www-dump/${dump_dir}" plom +su -lc "ln -s ${geheim_dir} /var/www-dump/${geheim_dir}" plom +password_geheim=$(pwgen -1) +echo "foo:${password_geheim}" > /var/www-dump/password_geheim + +# Prepare NGINX. +sed -i "s/REPLACE_fqdn_ECALPER/${domain}/g" /etc/nginx/sites-available/dumpsite.nginx +ln -s /etc/nginx/sites-available/dumpsite.nginx /etc/nginx/sites-enabled/dumpsite.nginx + +service nginx restart diff --git a/buster/setup_scripts/setup_website.sh b/buster/setup_scripts/setup_website.sh index a79468a..5c8d00c 100755 --- a/buster/setup_scripts/setup_website.sh +++ b/buster/setup_scripts/setup_website.sh @@ -1,7 +1,5 @@ #!/bin/sh set -e -set -x -# Heavily inspired by if [ "$#" -ne 4 ]; then echo 'Need domain name and mail and old server IP and key ID as argument.' @@ -35,7 +33,7 @@ sed -i "s/REPLACE_fqdn_ECALPER/${domain}/g" /etc/gitweb.conf sed -i "s/REPLACE_fqdn_ECALPER/${domain}/g" /etc/nginx/sites-available/website.nginx ln -s /etc/nginx/sites-available/website.nginx /etc/nginx/sites-enabled/website.nginx -# Set up website. +# Set up website. TODO: use non-/var/www dir for better separation to dump site rm -rf /var/www mkdir /var/www chown plom:plom /var/www