diff --git a/shallow-server/Dockerfile b/shallow-server/Dockerfile index f0b87d73..f978cee1 100644 --- a/shallow-server/Dockerfile +++ b/shallow-server/Dockerfile @@ -41,6 +41,8 @@ ADD ssl/dhparam.pem /etc/ssl/certs/ ADD ssl/default-ssl.conf /etc/apache2/conf-available/ssl-params.conf ADD ssl/nextcloud.crt /etc/ssl/certs/nextcloud.crt ADD ssl/nextcloud.key /etc/ssl/private/nextcloud.key +ADD ssl/dev-test-key.crt /etc/ssl/certs/dev-test-key.crt +ADD ssl/dev-test-key.key /etc/ssl/private/dev-test-key.key ADD ssl/default-ssl.conf /etc/apache2/sites-available/default-ssl.conf ADD default-nextcloud.conf /etc/apache2/sites-enabled/default-nextcloud.conf ADD nextcloud.ini /etc/php/8.1/apache2/conf.d/nextcloud.ini diff --git a/shallow-server/initnc.sh b/shallow-server/initnc.sh index 823d67d8..33a4e2a1 100755 --- a/shallow-server/initnc.sh +++ b/shallow-server/initnc.sh @@ -6,7 +6,7 @@ export BRANCH=${BRANCH:=master} cd /var/www/html/ # Run 'apt-get update' to unlock files. This seems neccessary on self hosted runners with fuse-overlayfs, -# otherwise git checkout will error out with 'file exists' error. Needs to be run here, doesn't work when +# otherwise git checkout will error out with 'file exists' error. Needs to be run here, doesn't work when # done inside the Dockerfile apt-get update @@ -40,7 +40,7 @@ else fi -if test -z "$REDIS" +if test -z "$REDIS" then echo "\$REDIS not set, ignoring..." else diff --git a/shallow-server/run.sh b/shallow-server/run.sh index 634f1d40..43cb8dfe 100755 --- a/shallow-server/run.sh +++ b/shallow-server/run.sh @@ -3,6 +3,8 @@ set -e cd /var/www/html/ +echo "Listen 8080" >> /etc/apache2/ports.conf + . /etc/apache2/envvars # allow php and apache2 to create their run socket diff --git a/shallow-server/ssl/default-ssl.conf b/shallow-server/ssl/default-ssl.conf index a3834c5c..0a7b637e 100644 --- a/shallow-server/ssl/default-ssl.conf +++ b/shallow-server/ssl/default-ssl.conf @@ -24,4 +24,37 @@ downgrade-1.0 force-response-1.0 + + + ServerAdmin webmaster@localhost + + DocumentRoot /var/www/html + + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log combined + + SSLEngine on + + SSLCertificateFile /etc/ssl/certs/nextcloud.crt + SSLCertificateKeyFile /etc/ssl/private/nextcloud.key + + # client cert + ## This is for local development testing only! + SSLCACertificateFile /etc/ssl/certs/dev-test-key.crt + SSLCertificateKeyFile /etc/ssl/private/dev-test-key.key + SSLVerifyClient require + SSLVerifyDepth 10 + + + SSLOptions +StdEnvVars + + + SSLOptions +StdEnvVars + + + BrowserMatch "MSIE [2-6]" \ + nokeepalive ssl-unclean-shutdown \ + downgrade-1.0 force-response-1.0 + + diff --git a/shallow-server/ssl/dev-test-key-legacy.p12 b/shallow-server/ssl/dev-test-key-legacy.p12 new file mode 100644 index 00000000..ee300f67 Binary files /dev/null and b/shallow-server/ssl/dev-test-key-legacy.p12 differ diff --git a/shallow-server/ssl/dev-test-key.crt b/shallow-server/ssl/dev-test-key.crt new file mode 100644 index 00000000..d8009c84 --- /dev/null +++ b/shallow-server/ssl/dev-test-key.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIC/jCCAeYCAWUwDQYJKoZIhvcNAQELBQAwRTELMAkGA1UEBhMCQVUxEzARBgNV +BAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0 +ZDAeFw0yMzEyMTgxMzM2NDZaFw0yNDEyMTcxMzM2NDZaMEUxCzAJBgNVBAYTAkFV +MRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRz +IFB0eSBMdGQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD3jKLeOiSB +aJAT97e6InHWGJPZpQLaVMF2QvV4Qo5bG6erlK9+AWsRjXUAddO/8K66PMNRI1Yg +8lv/2bajzyC6bKJEi+C5FidAY0yfaKmDrEIVTtMPQoMriFUwxOAiupfsQsr8qo78 +tP9hgL44u6VgSirH29EoFpi+UD92Y2NYM+RSNMWFaBubidq2q6+3LeSmfbG3UF3x +dfgRudSzWwU/sNdHn3a0avZ2LdubJnYDRsKtMzsRyfYttLHtKInpD+jHoQ8mX6st +zrDTbVoPCiEQFsBKbB0ZZk5QC9MpB7RSFNy9x+gywHzu2PKhqdoI7KHKULMJRUXF +K4rRJO7gA857AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIZb9ClWoDKH0kdSstSH +hxSkrbrkpKOLUGnkZqEfi1mm4wLCreJjZl7ETg9PceqvYmqf+BC1VQsmPZ3Kd2vI +8HtmJ3KpAUgz3gcl4GctKKQRNWMXaX1p9beuS6C9e0bE1+zXWs0+gvs4+0Im55XP +wsbUWz90Ne/eZo7zM3uYBCIJSuWrXSZqXRuX4XCY57Y3NiL94ORaar7BJp2VrL1I +lvYLXsH1TgRzuJGq+2kTIsXioyVsnIIy91WfZKgWIHG0ta9UKoJdm57QQWAG8sLY +OOgANBJwDvtYvilmiFajpNVy7x9pGxq8kaUi4KNh5otu8bmCON7SErSXMj+xAuwd +KLU= +-----END CERTIFICATE----- diff --git a/shallow-server/ssl/dev-test-key.csr b/shallow-server/ssl/dev-test-key.csr new file mode 100644 index 00000000..abae8d00 --- /dev/null +++ b/shallow-server/ssl/dev-test-key.csr @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICijCCAXICAQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx +ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAPeMot46JIFokBP3t7oicdYYk9mlAtpUwXZC9XhC +jlsbp6uUr34BaxGNdQB107/wrro8w1EjViDyW//ZtqPPILpsokSL4LkWJ0BjTJ9o +qYOsQhVO0w9CgyuIVTDE4CK6l+xCyvyqjvy0/2GAvji7pWBKKsfb0SgWmL5QP3Zj +Y1gz5FI0xYVoG5uJ2rarr7ct5KZ9sbdQXfF1+BG51LNbBT+w10efdrRq9nYt25sm +dgNGwq0zOxHJ9i20se0oiekP6MehDyZfqy3OsNNtWg8KIRAWwEpsHRlmTlAL0ykH +tFIU3L3H6DLAfO7Y8qGp2gjsocpQswlFRcUritEk7uADznsCAwEAAaAAMA0GCSqG +SIb3DQEBCwUAA4IBAQAEyqpbulAtsCRSvukliH1VRqwA759+ySXTl05PKHfK313m +9JkoOGSfQX7j5aJwPyGfPhh3OjlzVX0PK6FaNrXloXSkcsgB5lVxCsk5Fw3bq1sj +bZA/Vv7CMF5mFmkIdRl9xJ5m5j5z+w8GQosOMPr/avSBaVncA/cqhd3vx0ZmiE7p +V/qI9w8xTu6CNkdtTrqTz5cveuIkqOwqUcdxtHqhSuoz0RGWAk6FJ6FRY8Ml3iAP +ZC6vGbu/k5YHo4xPB7V8b8yRLh9/5FIVpBgfYSgyvwSedOV2DdrDHQmFtol+ym/d +14gMprNeRH7o0/FaVUu/JxpQdPy8hP6YQR/o/ASC +-----END CERTIFICATE REQUEST----- diff --git a/shallow-server/ssl/dev-test-key.key b/shallow-server/ssl/dev-test-key.key new file mode 100644 index 00000000..e43a7923 --- /dev/null +++ b/shallow-server/ssl/dev-test-key.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQD3jKLeOiSBaJAT +97e6InHWGJPZpQLaVMF2QvV4Qo5bG6erlK9+AWsRjXUAddO/8K66PMNRI1Yg8lv/ +2bajzyC6bKJEi+C5FidAY0yfaKmDrEIVTtMPQoMriFUwxOAiupfsQsr8qo78tP9h +gL44u6VgSirH29EoFpi+UD92Y2NYM+RSNMWFaBubidq2q6+3LeSmfbG3UF3xdfgR +udSzWwU/sNdHn3a0avZ2LdubJnYDRsKtMzsRyfYttLHtKInpD+jHoQ8mX6stzrDT +bVoPCiEQFsBKbB0ZZk5QC9MpB7RSFNy9x+gywHzu2PKhqdoI7KHKULMJRUXFK4rR +JO7gA857AgMBAAECggEAGMG3AhF/gspMamrM3tprVwrTMnd8Wbhoi/q1+4ZwdS/G +rMlXDvt2U+WOjMgRMAdnz1acqUR8QcRAgM2q+dE7nS6YaybasmKYSf9ZnjGZ46y6 +WSYubmlrnn1pGPz/dgms1Y3NKMf9Onb2zq9Q7ByRX+1a6kI+CyEjZRkNF7pofjKp +VCy623TJIPEml3P2Anxst2ZwglwPcu52IDt3yqssQ0SfX25g04uU6Tem0MClvDLO +iMYjFNPWT8Xek3HiwlvWHvQzrcJzdo+hc9XU4gxynCRtxcWTd2+2lJTIJW24vTcc +VW3aNIdA95GMFZHrM/0c5s40ZBKo21fjw/TCPlQg6QKBgQD9oQirpfimfKk8AQdQ +XLeqrm/NY4SmID901eHTOgNW7x1QT9LqfgsV449agQ85J12oo3JicfVOLrcloO8F +Z9zPxoWOvn8qlbJXecDNVqaO3lK9uyc6mNhu1ljItEZTdpamF9LudEv0UkgVWI19 +8XeMA/gnPAT2t/nkbu+AzWhVcwKBgQD53Q2K5WflcHKvzo9LhsORkN3zS3k05DFS +cPyOwi7Bkr2K9oG7oGxzELgWNRUDCBC0gDGC6RUu1+eaS3BAQJk88miZX2BkiUcS +mj9Hn3MmQ5aPwCNRMfrQkBXsU6bEGkKoz12IFioApATj2yBuRVA+WpjeafsASeiB +6jmCp0cg2QKBgGIqsAZv6PvXiFE3PLN4D4a6mX9vo2oBVU5NcmilLaG6TyhEnSgx +vOyt9VBcX54JhJC/IojD/uRR5IVl8t2uw6KP/iWvydybsDl3YI6ZmUH2/yN8isR9 +YFgWEqssS4QGhGypD/VHghaAunG4ops6mMDS0HuvGWS89LXb0kuSNW3NAoGAc2no +F4BfvVtznkGLbxeQvmxsGTWDhyrgnXQTNN39OuzNIKM8ya4QahYO8jMSwZO4I6gT +NqTzY+/Wyy6NayBrp/tQ1Yd4vveqHK2jDTJZvhL6OOxHY/nyIORtO/xny61VnSQr +z/Bs9l7M43MUR9s8dZDji9joV/nLrDbE2dTqxgECgYB8+QH+PiRXO2zwqDp5AOiP +sfGY/+mNd33Hniuh7eZCEoBFopgvP/Hcz+Fo6oaOZapKP120x3rYsNQxgOUvr4Z+ +sKqsWqUqMy/yKwD8WIFp5BeNam4/duItoEDntx79LAwbTQB0nZxoyPAuU5A2x2dC +TAWBlEw8g/ePIHm3cPiQMg== +-----END PRIVATE KEY----- diff --git a/shallow-server/ssl/dev-test-key.p12 b/shallow-server/ssl/dev-test-key.p12 new file mode 100644 index 00000000..33ed260e Binary files /dev/null and b/shallow-server/ssl/dev-test-key.p12 differ