mirror of
https://github.com/iiab/iiab.git
synced 2025-02-14 12:12:12 +00:00
CUPS: Fix box/print URLs, Secure box/print/admin URLs, Lint NGINX .conf's
This commit is contained in:
root
parent
bb116d48cc
commit
0cd7ccc816
14 changed files with 179 additions and 157 deletions
|
|
@ -1,38 +1,29 @@
|
|||
# 2021-07-11: (1) WE NEED TO GET http://box:631 AND http://box.lan:631 WORKING.
|
||||
# /var/log/cups/error_log* shows "400 Bad Request" errors as follows:
|
||||
#
|
||||
# Request from "localhost" using invalid Host: field "box:631".
|
||||
# Request from "localhost" using invalid Host: field "box.lan:631".
|
||||
#
|
||||
# (2) WE NEED NGINX PROXY TO GET http://box/print WORKING RELIABLY ON ALL OS's.
|
||||
|
||||
- name: Install 'cups' package
|
||||
package:
|
||||
name: cups
|
||||
state: present
|
||||
|
||||
- name: Add user '{{ iiab_admin_user }}' to Linux group 'lpadmin' for remote administration (or modify default 'SystemGroup lpadmin' in /etc/cups/cups-files.conf -- in coordination with ~14 '@SYSTEM' lines in /etc/cups/cupsd.conf)
|
||||
command: "gpasswd -a {{ iiab_admin_user | quote }} lpadmin" # iiab-admin
|
||||
#command: "gpasswd -d {{ iiab_admin_user | quote }} lpadmin"
|
||||
# 2021-07-12: LET'S STICK CLOSE TO THE DEFAULT /etc/cups/cupsd.conf SO WE CAN
|
||||
# SKIP MOST OF THE NEXT ~100 LINES, THX TO NEW NGINX (cups/templates/cups.conf)
|
||||
|
||||
# # WARNING: 'apt install cups' AND 'apt install --reinstall cups'
|
||||
# # UNFORTUNATELY DO *NOT* RECREATE /etc/cups/cupsd.conf IF A PRIOR
|
||||
# # INSTALL OF CUPS EXISTED! SO OPTION #1 OR #2 ARE NEEDED BELOW:
|
||||
|
||||
# WARNING: 'apt install cups' AND 'apt install --reinstall cups'
|
||||
# UNFORTUNATELY DO *NOT* RECREATE /etc/cups/cupsd.conf IF A PRIOR
|
||||
# INSTALL OF CUPS EXISTED! SO OPTION #1 OR #2 ARE NEEDED BELOW:
|
||||
# # OPTION #1: OLD WAY (BRITTLE)
|
||||
# #
|
||||
# # - name: Install our own /etc/cups/cupsd.conf from template, to permit local LAN admin
|
||||
# # template:
|
||||
# # src: cupsd.conf.j2
|
||||
# # dest: /etc/cups/cupsd.conf
|
||||
|
||||
# OPTION #1: OLD WAY (BRITTLE)
|
||||
#
|
||||
# - name: Install our own /etc/cups/cupsd.conf from template, to permit local LAN admin
|
||||
# template:
|
||||
# src: cupsd.conf.j2
|
||||
# dest: /etc/cups/cupsd.conf
|
||||
# # OPTION #2: NEW WAY (MORE FUTURE-PROOF, WE HOPE!)
|
||||
|
||||
# OPTION #2: NEW WAY (MORE FUTURE-PROOF, WE HOPE!)
|
||||
# # - name: FILE /etc/cups/cupsd.conf WILL BE CREATED BY THE ~2 STANZAS BELOW...
|
||||
# # meta: noop
|
||||
|
||||
- name: FILE /etc/cups/cupsd.conf WILL BE CREATED BY THE ~5 STANZAS BELOW...
|
||||
meta: noop
|
||||
# - debug:
|
||||
# msg: FILE /etc/cups/cupsd.conf WILL BE CREATED BY THE ~5 STANZAS BELOW...
|
||||
# # - debug:
|
||||
# # msg: FILE /etc/cups/cupsd.conf WILL BE CREATED BY THE ~5 STANZAS BELOW...
|
||||
|
||||
- name: Copy /usr/share/cups/cupsd.conf.default to /etc/cups/cupsd.conf (root:lp, 0640) -- a timestamped backup of the prior 'cupsd.conf' is saved in /etc/cups
|
||||
copy:
|
||||
|
|
@ -43,58 +34,87 @@
|
|||
mode: 0640
|
||||
backup: yes
|
||||
|
||||
- name: (Re)Start 'cups' and 'cups-browsed' systemd services -- CUPS DAEMON MUST BE RUNNING FOR 'cupsctl' COMMAND JUST BELOW
|
||||
systemd:
|
||||
daemon_reload: yes
|
||||
name: "{{ item }}"
|
||||
state: restarted
|
||||
with_items:
|
||||
- cups
|
||||
- cups-browsed
|
||||
|
||||
- name: Run 'cupsctl --remote-admin --share-printers --user-cancel-any --debug-logging' for /var/log/cups/error_log (if cups_enabled) -- REPEATED USE OF 'cupsctl' COMMANDS CAN *DAMAGE* /etc/cups/cupsd.conf BY ADDING DUPLICATE LINES (AND WORSE!) -- SO PLEASE ALSO MANUALLY RUN 'sudo cupsctl' AND 'sudo cupsd -t' TO VERIFY /etc/cups/cupsd.conf
|
||||
command: cupsctl --remote-admin --share-printers --user-cancel-any --debug-logging
|
||||
|
||||
# 2021-07-11: BOTH FLAGS *CANNOT* BE USED TOGETHER -- CHOOSE ONE OR THE OTHER:
|
||||
# (1) '--remote-admin' AS ABOVE, OR (2) '--remote-any' AS BELOW.
|
||||
# (RUN 'cupsctl' WITHOUT PARAMETERS TO CONFIRM THIS!)
|
||||
|
||||
# - name: Run 'cupsctl --remote-any --share-printers --user-cancel-any --debug-logging' for /var/log/cups/error_log (if cups_enabled) -- REPEATED USE OF 'cupsctl' COMMANDS CAN *DAMAGE* /etc/cups/cupsd.conf BY ADDING DUPLICATE LINES (AND WORSE!) -- SO PLEASE ALSO MANUALLY RUN 'sudo cupsctl' AND 'sudo cupsd -t' TO VERIFY /etc/cups/cupsd.conf
|
||||
# command: cupsctl --remote-any --share-printers --user-cancel-any --debug-logging
|
||||
|
||||
# 2021-07-11: In theory 'cupsctl' stanzas could be put in enable-or-disable.yml
|
||||
# BUT LET'S AVOID THAT -- AS REPEATED USE OF 'cupsctl' COMMANDS CAN *DAMAGE*
|
||||
# /etc/cups/cupsd.conf BY ADDING DUPLICATE LINES (AND WORSE!)
|
||||
# 2021-07-12: lineinfile fails to insert the needed lines, as these same 2 lines
|
||||
# already appear throughout /etc/cups/cupsd.conf -- so we use blockinfile below.
|
||||
#
|
||||
# FYI repeated use of 'cupsctl' commands also removes comments and blank lines.
|
||||
# - name: Insert 2 lines into /etc/cups/cupsd.conf to LOCK DOWN URL'S LIKE http://box/print/admin -- REQUIRING '{{ iiab_admin_user }}' AND ITS LINUX PASSWORD (to avoid accidental damage to /etc/cups/cupsd.conf and other CUPS settings)
|
||||
# lineinfile:
|
||||
# path: /etc/cups/cupsd.conf
|
||||
# #regexp:
|
||||
# line: "{{ item }}"
|
||||
# insertafter: '^<Location /admin>$'
|
||||
# with_items:
|
||||
# - " Require user @SYSTEM" # Will appear BELOW, in /etc/cups/cupsd.conf
|
||||
# - " AuthType Default" # Will appear ABOVE, in /etc/cups/cupsd.conf
|
||||
|
||||
- name: Insert 2-line block into /etc/cups/cupsd.conf to LOCK DOWN URL'S LIKE http://box/print/admin -- REQUIRING '{{ iiab_admin_user }}' AND ITS LINUX PASSWORD (to avoid accidental damage to /etc/cups/cupsd.conf and other CUPS settings)
|
||||
blockinfile:
|
||||
path: /etc/cups/cupsd.conf
|
||||
insertafter: '^<Location /admin>$'
|
||||
block: |2 # Indent with 2 spaces, and surround block with 2 comment lines: "# BEGIN ANSIBLE MANAGED BLOCK", "# END ANSIBLE MANAGED BLOCK"
|
||||
AuthType Default
|
||||
Require user @SYSTEM
|
||||
|
||||
- name: Add user '{{ iiab_admin_user }}' to Linux group 'lpadmin' for web administration (or modify default 'SystemGroup lpadmin' in /etc/cups/cups-files.conf -- in coordination with ~14 -> ~15 '@SYSTEM' lines in /etc/cups/cupsd.conf)
|
||||
command: "gpasswd -a {{ iiab_admin_user | quote }} lpadmin" # iiab-admin
|
||||
#command: "gpasswd -d {{ iiab_admin_user | quote }} lpadmin"
|
||||
|
||||
# - name: (Re)Start 'cups' and 'cups-browsed' systemd services -- CUPS DAEMON MUST BE RUNNING FOR 'cupsctl' COMMAND JUST BELOW
|
||||
# systemd:
|
||||
# daemon_reload: yes
|
||||
# name: "{{ item }}"
|
||||
# state: restarted
|
||||
# with_items:
|
||||
# - cups
|
||||
# - cups-browsed
|
||||
|
||||
# 2021-07-12: 'cupsctl --remote-admin && systemctl restart cups' enables
|
||||
# http://10.8.0.x:631 -- but this is even less useful than ever, now that
|
||||
# http://10.8.0.x/print works -- thx to the new /etc/nginx/conf.d/cups.conf
|
||||
#
|
||||
# - name: Run 'cupsctl --no-remote-admin --no-remote-any --no-share-printers --no-user-cancel-any --no-debug-logging' (if not cups_enabled) -- REPEATED USE OF 'cupsctl' COMMANDS CAN *DAMAGE* /etc/cups/cupsd.conf BY ADDING DUPLICATE LINES (AND WORSE!) -- SO PLEASE ALSO MANUALLY RUN 'sudo cupsctl' AND 'sudo cupsd -t' TO VERIFY /etc/cups/cupsd.conf
|
||||
# command: cupsctl --no-remote-admin --no-remote-any --no-share-printers --no-user-cancel-any --no-debug-logging
|
||||
# when: not cups_enabled
|
||||
# - name: Run 'cupsctl --remote-admin --share-printers --user-cancel-any --debug-logging' for /var/log/cups/error_log (if cups_enabled) -- REPEATED USE OF 'cupsctl' COMMANDS CAN *DAMAGE* /etc/cups/cupsd.conf BY ADDING DUPLICATE LINES (AND WORSE!) -- SO PLEASE ALSO MANUALLY RUN 'sudo cupsctl' AND 'sudo cupsd -t' TO VERIFY /etc/cups/cupsd.conf
|
||||
# command: cupsctl --remote-admin --share-printers --user-cancel-any --debug-logging
|
||||
|
||||
- name: "2021-07-11: UNFORTUNATELY http://box:631 AND http://box/print DO NOT YET WORK RELIABLY -- CUPS NEEDS TO WORK FROM MANY MORE URL'S THAN JUST http://localhost:631 AND http://192.168.0.x:631 AND http://172.18.96.1:631 -- please help us find the correct directive(s) for /etc/cups/cupsd.conf and /etc/nginx/conf.d/cups.conf followed by 'systemctl restart cups' and 'systemctl restart nginx'"
|
||||
lineinfile:
|
||||
path: /etc/cups/cupsd.conf
|
||||
line: "{{ item }}"
|
||||
insertbefore: '^Listen .*/run/cups/cups.sock$' # Also matches old form: '^Listen /var/run/cups/cups.sock$'
|
||||
with_items:
|
||||
- "#ServerAlias *"
|
||||
- "#ServerName {{ iiab_hostname }}.{{ iiab_domain }}" # box.lan
|
||||
- "#Listen {{ lan_ip }}:631" # 172.18.96.1
|
||||
- "Listen 127.0.0.1:631"
|
||||
- "#Listen 0.0.0.0:631"
|
||||
- "#Listen *:631"
|
||||
# # 2021-07-11: BOTH FLAGS *CANNOT* BE USED TOGETHER -- CHOOSE ONE OR THE OTHER:
|
||||
# # (1) '--remote-admin' AS ABOVE, OR (2) '--remote-any' AS BELOW.
|
||||
# # (RUN 'cupsctl' WITHOUT PARAMETERS TO CONFIRM THIS!)
|
||||
|
||||
- name: "OPTIONAL: Change 'MaxLogSize 0' (no log rotation) to 'MaxLogSize 1m' (log rotation at 1MB) in /etc/cups/cupsd.conf (EITHER WAY LOG BLOAT IS A RISK!)"
|
||||
lineinfile:
|
||||
path: /etc/cups/cupsd.conf
|
||||
regexp: '^MaxLogSize '
|
||||
insertbefore: 'Listen '
|
||||
firstmatch: yes
|
||||
line: "MaxLogSize 1m" # CUPS Documentation (claims!) log rotation at "1m" is the default. But In Practice: 'MaxLogSize 0' (no log rotation) is now part of /usr/share/cups/cupsd.conf.default
|
||||
# # - name: Run 'cupsctl --remote-any --share-printers --user-cancel-any --debug-logging' for /var/log/cups/error_log (if cups_enabled) -- REPEATED USE OF 'cupsctl' COMMANDS CAN *DAMAGE* /etc/cups/cupsd.conf BY ADDING DUPLICATE LINES (AND WORSE!) -- SO PLEASE ALSO MANUALLY RUN 'sudo cupsctl' AND 'sudo cupsd -t' TO VERIFY /etc/cups/cupsd.conf
|
||||
# # command: cupsctl --remote-any --share-printers --user-cancel-any --debug-logging
|
||||
|
||||
# REMINDER: 3 systemd services should be restarted (cups, cups-browsed, nginx)
|
||||
# within enable-or-disable.yml, so /etc/cups/cupsd.conf (ETC) take effect!
|
||||
# # 2021-07-11: In theory 'cupsctl' stanzas could be put in enable-or-disable.yml
|
||||
# # BUT LET'S AVOID THAT -- AS REPEATED USE OF 'cupsctl' COMMANDS CAN *DAMAGE*
|
||||
# # /etc/cups/cupsd.conf BY ADDING DUPLICATE LINES (AND WORSE!)
|
||||
# #
|
||||
# # FYI repeated use of 'cupsctl' commands also removes comments and blank lines.
|
||||
# #
|
||||
# # - name: Run 'cupsctl --no-remote-admin --no-remote-any --no-share-printers --no-user-cancel-any --no-debug-logging' (if not cups_enabled) -- REPEATED USE OF 'cupsctl' COMMANDS CAN *DAMAGE* /etc/cups/cupsd.conf BY ADDING DUPLICATE LINES (AND WORSE!) -- SO PLEASE ALSO MANUALLY RUN 'sudo cupsctl' AND 'sudo cupsd -t' TO VERIFY /etc/cups/cupsd.conf
|
||||
# # command: cupsctl --no-remote-admin --no-remote-any --no-share-printers --no-user-cancel-any --no-debug-logging
|
||||
# # when: not cups_enabled
|
||||
|
||||
# - name: "2021-07-12: EXPERIMENTALLY ADD DIRECTIVES TO /etc/cups/cupsd.conf followed by 'systemctl restart cups'. As should no longer be nec thanks to NEW cups/templates/cups.conf for /etc/nginx/conf.d/cups.conf (followed by 'systemctl restart nginx'). Which FIXED URL'S LIKE: http://box/print, http://box.lan/print, http://192.168.0.x/print, http://172.18.96.1/print and http://10.8.0.x/print (WITH OR WITHOUT THE TRAILING SLASH!) RECAP: (1) So be it that these 2 URL'S STILL DON'T WORK: http://box:631, http://box.lan:631 (due to CUPS' internal web server's overly stringent hostname checks, i.e. '400 Bad Request') -- (2) While these 2 URL'S STILL DO WORK: http://localhost:631, http://127.0.0.1:631 -- (3) Whereas these 3 URL'S NO LONGER WORK: http://192.168.0.x:631, http://172.18.96.1:631, http://10.8.0.x:631 (now that we're suddenly hewing closer to the default /etc/cups/cupsd.conf)"
|
||||
# lineinfile:
|
||||
# path: /etc/cups/cupsd.conf
|
||||
# line: "{{ item }}"
|
||||
# insertbefore: '^Listen .*/run/cups/cups.sock$' # Also matches old form: '^Listen /var/run/cups/cups.sock$'
|
||||
# with_items:
|
||||
# - "#ServerAlias *"
|
||||
# - "#ServerName {{ iiab_hostname }}.{{ iiab_domain }}" # box.lan
|
||||
# - "#Listen {{ lan_ip }}:631" # 172.18.96.1
|
||||
# - "Listen 127.0.0.1:631"
|
||||
# - "#Listen 0.0.0.0:631"
|
||||
# - "#Listen *:631"
|
||||
|
||||
# - name: "OPTIONAL: Change 'MaxLogSize 0' (no log rotation) to 'MaxLogSize 1m' (log rotation at 1MB) in /etc/cups/cupsd.conf (EITHER WAY LOG BLOAT IS A RISK!)"
|
||||
# lineinfile:
|
||||
# path: /etc/cups/cupsd.conf
|
||||
# regexp: '^MaxLogSize '
|
||||
# insertbefore: 'Listen '
|
||||
# firstmatch: yes
|
||||
# line: "MaxLogSize 1m" # CUPS Documentation (claims!) log rotation at "1m" is the default. But In Practice: 'MaxLogSize 0' (no log rotation) is now part of /usr/share/cups/cupsd.conf.default
|
||||
|
||||
# REMINDER: 3 SYSTEMD SERVICES WILL BE RESTARTED (cups, cups-browsed, nginx)
|
||||
# LATER IN enable-or-disable.yml, SO /etc/cups/cupsd.conf (ETC) TAKE EFFECT!
|
||||
|
||||
|
||||
# RECORD CUPS AS INSTALLED
|
||||
|
|
|
|||
|
|
@ -1,10 +1,4 @@
|
|||
# Administer CUPS at http://box:631
|
||||
# Above URL does NOT work over OpenVPN (ANYONE KNOW WHY?)
|
||||
|
||||
# TO DO:
|
||||
#
|
||||
# - CREATE /etc/nginx/conf.d/cups-nginx.conf as SHIM to Apache on port 8090.
|
||||
# SEE OTHERS @ https://github.com/iiab/iiab/blob/master/roles/nginx/README.md
|
||||
# ADMINISTER CUPS AT http://box/print/admin WITH iiab-admin + ITS LINUX PASSWORD
|
||||
|
||||
|
||||
# "How do i fail a task in Ansible if the variable contains a boolean value?
|
||||
|
|
|
|||
|
|
@ -1,10 +1,10 @@
|
|||
- name: Enable http://box/print and http://box/cups via NGINX, by installing {{ nginx_conf_dir }}/cups.conf from template
|
||||
- name: Enable http://box/print via NGINX, by installing {{ nginx_conf_dir }}/cups.conf from template
|
||||
template:
|
||||
src: cups.conf
|
||||
dest: "{{ nginx_conf_dir }}/cups.conf" # /etc/nginx/conf.d
|
||||
when: cups_enabled
|
||||
|
||||
- name: Disable http://box/print and http://box/cups via NGINX, by removing {{ nginx_conf_dir }}/cups.conf
|
||||
- name: Disable http://box/print via NGINX, by removing {{ nginx_conf_dir }}/cups.conf
|
||||
file:
|
||||
path: "{{ nginx_conf_dir }}/cups.conf"
|
||||
state: absent
|
||||
|
|
|
|||
|
|
@ -1,25 +1,30 @@
|
|||
location = /print {
|
||||
return 301 /print/; # "Moved Permanently" redirect
|
||||
#rewrite /print /print/; # Faster, if links are fixed!
|
||||
}
|
||||
|
||||
location ~ /print/(.*) {
|
||||
proxy_pass http://127.0.0.1:631/$1;
|
||||
proxy_set_header Host '127.0.0.1';
|
||||
proxy_cache_bypass $http_upgrade;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
|
||||
|
||||
sub_filter ' href="/' ' href="/print/';
|
||||
sub_filter ' action="/' ' action="/print/';
|
||||
sub_filter ' src="/' ' src="/print/';
|
||||
sub_filter_types *;
|
||||
sub_filter_once off;
|
||||
}
|
||||
}
|
||||
|
||||
location ~ /cups/(.*) {
|
||||
proxy_pass http://127.0.0.1:631/$1;
|
||||
proxy_set_header Host '127.0.0.1';
|
||||
proxy_cache_bypass $http_upgrade;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
|
||||
sub_filter ' href="/' ' href="/cups/';
|
||||
sub_filter ' action="/' ' action="/cups/';
|
||||
sub_filter ' src="/' ' src="/cups/';
|
||||
sub_filter_types *;
|
||||
sub_filter_once off;
|
||||
}
|
||||
# location ~ /cups/(.*) {
|
||||
# proxy_pass http://127.0.0.1:631/$1;
|
||||
# proxy_set_header Host '127.0.0.1';
|
||||
# proxy_cache_bypass $http_upgrade;
|
||||
# proxy_set_header X-Real-IP $remote_addr;
|
||||
#
|
||||
# sub_filter ' href="/' ' href="/cups/';
|
||||
# sub_filter ' action="/' ' action="/cups/';
|
||||
# sub_filter ' src="/' ' src="/cups/';
|
||||
# sub_filter_types *;
|
||||
# sub_filter_once off;
|
||||
# }
|
||||
|
|
|
|||
|
|
@ -1,3 +1,3 @@
|
|||
location {{ gitea_url }}/ {
|
||||
proxy_pass http://127.0.0.1:{{ gitea_port }}/;
|
||||
proxy_pass http://127.0.0.1:{{ gitea_port }}/;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,11 +1,11 @@
|
|||
location {{ kiwix_url }} {
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Connection "";
|
||||
proxy_connect_timeout {{ kiwix_nginx_timeout }};
|
||||
proxy_send_timeout {{ kiwix_nginx_timeout }};
|
||||
proxy_read_timeout {{ kiwix_nginx_timeout }};
|
||||
send_timeout {{ kiwix_nginx_timeout }};
|
||||
proxy_pass http://127.0.0.1:3000;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Connection "";
|
||||
proxy_connect_timeout {{ kiwix_nginx_timeout }};
|
||||
proxy_send_timeout {{ kiwix_nginx_timeout }};
|
||||
proxy_read_timeout {{ kiwix_nginx_timeout }};
|
||||
send_timeout {{ kiwix_nginx_timeout }};
|
||||
proxy_pass http://127.0.0.1:3000;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
location {{ kolibri_url }} {
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Scheme $scheme;
|
||||
proxy_set_header X-Script-Name {{ kolibri_url_without_slash }};
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Scheme $scheme;
|
||||
proxy_set_header X-Script-Name {{ kolibri_url_without_slash }};
|
||||
proxy_pass http://127.0.0.1:8009;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,14 +1,14 @@
|
|||
location = {{ lokole_url }}/favicon.ico {
|
||||
alias {{ lokole_venv }}/lib/python{{ python_ver }}/site-packages/opwen_email_client/webapp/static/favicon.ico;
|
||||
alias {{ lokole_venv }}/lib/python{{ python_ver }}/site-packages/opwen_email_client/webapp/static/favicon.ico;
|
||||
}
|
||||
|
||||
location ~ ^{{ lokole_url }}/static/(.*)$ {
|
||||
alias {{ lokole_venv }}/lib/python{{ python_ver }}/site-packages/opwen_email_client/webapp/static/$1;
|
||||
alias {{ lokole_venv }}/lib/python{{ python_ver }}/site-packages/opwen_email_client/webapp/static/$1;
|
||||
}
|
||||
|
||||
location {{ lokole_url }}/ {
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_pass http://unix:/{{ lokole_domain_socket }};
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_pass http://unix:/{{ lokole_domain_socket }};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -5,25 +5,28 @@
|
|||
# $wgUsePathInfo = true;
|
||||
|
||||
location ~ ^/{{ mediawiki_symlink }}/(index|load|api|thumb|opensearch_desc)\.php$ {
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_pass php; # or whatever port your PHP-FPM listens on
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_pass php; # or whatever port your PHP-FPM listens on
|
||||
}
|
||||
|
||||
# Images
|
||||
location /{{ mediawiki_symlink }}/images {
|
||||
# Separate location for images/ so .php execution won't apply
|
||||
}
|
||||
|
||||
location /{{ mediawiki_symlink }}/images/deleted {
|
||||
# Deny access to deleted images folder
|
||||
deny all;
|
||||
}
|
||||
|
||||
# MediaWiki assets (usually images)
|
||||
location ~ ^/{{ mediawiki_symlink }}/resources/(assets|lib|src) {
|
||||
try_files $uri 404;
|
||||
add_header Cache-Control "public";
|
||||
expires 7d;
|
||||
}
|
||||
|
||||
# Assets, scripts and styles from skins and extensions
|
||||
location ~ ^/{{ mediawiki_symlink }}/(skins|extensions)/.+\.(css|js|gif|jpg|jpeg|png|svg|ttf|woff|woff2)$ {
|
||||
try_files $uri 404;
|
||||
|
|
@ -31,16 +34,15 @@ location ~ ^/{{ mediawiki_symlink }}/(skins|extensions)/.+\.(css|js|gif|jpg|jpeg
|
|||
expires 7d;
|
||||
}
|
||||
|
||||
|
||||
## Uncomment the following code if you wish to use the installer/updater
|
||||
## installer/updater
|
||||
#location /{{ mediawiki_symlink }}/mw-config/ {
|
||||
# # Do this inside of a location so it can be negated
|
||||
# location ~ \.php$ {
|
||||
# include /etc/nginx/fastcgi_params;
|
||||
# fastcgi_param SCRIPT_FILENAME $document_root/{{ mediawiki_symlink }}/mw-config/$fastcgi_script_name;
|
||||
# fastcgi_pass 127.0.0.1:9000; # or whatever port your PHP-FPM listens on
|
||||
# }
|
||||
# # Do this inside of a location so it can be negated
|
||||
# location ~ \.php$ {
|
||||
# include /etc/nginx/fastcgi_params;
|
||||
# fastcgi_param SCRIPT_FILENAME $document_root/{{ mediawiki_symlink }}/mw-config/$fastcgi_script_name;
|
||||
# fastcgi_pass 127.0.0.1:9000; # or whatever port your PHP-FPM listens on
|
||||
# }
|
||||
#}
|
||||
|
||||
# Handling for the article path (pretty URLs)
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
location /munin {
|
||||
alias /var/cache/munin/www/ ;
|
||||
try_files $uri $uri/ /index.html;
|
||||
location /munin {
|
||||
alias /var/cache/munin/www/ ;
|
||||
try_files $uri $uri/ /index.html;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -30,11 +30,11 @@ location /js-menu/ {
|
|||
location /software/ {
|
||||
fancyindex on; # Enable fancy indexes.
|
||||
fancyindex_exact_size off; # Output human-readable file sizes.
|
||||
location ~* \.(apk)$ {
|
||||
location ~* \.(apk)$ {
|
||||
add_header Content-Type application/vnd.android.package-archive;
|
||||
}
|
||||
}
|
||||
|
||||
location ~* \.(zim)$ {
|
||||
location ~* \.(zim)$ {
|
||||
add_header Content-Type application/zip;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,7 +1,8 @@
|
|||
# For downloadable regional vector tilesets
|
||||
location ~ ^/maps {
|
||||
rewrite ^/maps(.*)$ /osm-vector-maps/viewer$1;
|
||||
rewrite ^/maps(.*)$ /osm-vector-maps/viewer$1;
|
||||
}
|
||||
|
||||
location ~ ^/osm-vector-maps(.*)\.php(.*)$ {
|
||||
alias /library/www/osm-vector-maps$1.php$2; # /library/www/osm-vector-maps
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
|
|
@ -11,10 +12,11 @@ location ~ ^/osm-vector-maps(.*)\.php(.*)$ {
|
|||
fastcgi_index index.html;
|
||||
include fastcgi_params;
|
||||
fastcgi_split_path_info ^(.+\.php)(.*)$;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $2;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $2;
|
||||
}
|
||||
|
||||
location ~ ^/osm-vector-maps/ {
|
||||
root /library/www;
|
||||
root /library/www;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,9 +2,9 @@
|
|||
# If you need to change this, edit /etc/iiab/local_vars.yml prior to installing
|
||||
|
||||
location /sugarizer {
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Scheme $scheme;
|
||||
proxy_set_header X-Script-Name /sugarizer;
|
||||
proxy_pass http://127.0.0.1:{{ sugarizer_port }};
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Scheme $scheme;
|
||||
proxy_set_header X-Script-Name /sugarizer;
|
||||
proxy_pass http://127.0.0.1:{{ sugarizer_port }};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,20 +1,19 @@
|
|||
location {{ wp_url }} {
|
||||
location {{ wp_url }} {
|
||||
#rewrite_log on;
|
||||
root {{ content_base }};
|
||||
try_files $uri $uri/ /wordpress/index.php$is_args$args;
|
||||
|
||||
|
||||
location ~ .*\.php$ {
|
||||
|
||||
include fastcgi_params;
|
||||
fastcgi_pass php;
|
||||
fastcgi_index index.php;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
}
|
||||
|
||||
location ~ ^({{ wp_url }})(/.*)/$ {
|
||||
include fastcgi_params;
|
||||
fastcgi_pass php;
|
||||
fastcgi_index index.php;
|
||||
fastcgi_param SCRIPT_FILENAME {{ wp_abs_path }}/index.php;
|
||||
}
|
||||
include fastcgi_params;
|
||||
fastcgi_pass php;
|
||||
fastcgi_index index.php;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
}
|
||||
|
||||
location ~ ^({{ wp_url }})(/.*)/$ {
|
||||
include fastcgi_params;
|
||||
fastcgi_pass php;
|
||||
fastcgi_index index.php;
|
||||
fastcgi_param SCRIPT_FILENAME {{ wp_abs_path }}/index.php;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue