Commit b87bd6f4 authored by Bernhard Geier's avatar Bernhard Geier

Init

parents

Too many changes to show.

To preserve performance only 1000 of 1000+ files are displayed.
Nein, hier stehen keine Passwörter :)
Die echten Passwörter wurden ersetzt durch:
SHAREPHPPASSWORDBINGO
SHAREPHPPASSWORDBYTEWERK
DATABASENAME
DATABASEUSER
DATABASEPASSWORD
TURNSERVERPASSWORD
\ No newline at end of file
Doku: https://wiki.bytewerk.org/index.php?title=XMPP-Server
# Für Prosody
# - wird nur zum Erstellen des LetsEncrypt-Zertifikats "conference.bingo-ev.de" benötigt
<VirtualHost *:80>
ServerName conference.bingo-ev.de
ServerAdmin webmaster@bingo-ev.de
DocumentRoot /srv/var/www/vhosts/conference.bingo-ev.de
# Logging
ErrorLog /var/log/apache2/conference.bingo-ev.de-error_log
CustomLog "|/usr/bin/python3 /usr/local/Anonip.git/anonip.py --skip-private --output /var/log/apache2/conference.bingo-ev.de-access_log" combined env=!dontlog
# don't loose time with IP address lookups
HostnameLookups Off
# needed for named virtual hosts
UseCanonicalName Off
# Weiterleiten zu HTTPS
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]
</VirtualHost>
<VirtualHost *:443>
ServerName conference.bingo-ev.de
ServerAdmin webmaster@bingo-ev.de
DocumentRoot /srv/var/www/vhosts/conference.bingo-ev.de
# Logging
ErrorLog /var/log/apache2/conference.bingo-ev.de-error_log
CustomLog "|/usr/bin/python3 /usr/local/Anonip.git/anonip.py --skip-private --output /var/log/apache2/conference.bingo-ev.de-access_log" combined env=!dontlog
# don't loose time with IP address lookups
HostnameLookups Off
# needed for named virtual hosts
UseCanonicalName Off
# LetsEncrypt
SSLCertificateFile /etc/letsencrypt/live/conference.bingo-ev.de/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/conference.bingo-ev.de/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
Redirect 301 / https://jabber.bingo-ev.de/
</VirtualHost>
# Für Prosody
# - wird nur zum Erstellen des LetsEncrypt-Zertifikats "conference.bytewerk.org" benötigt
<VirtualHost *:80>
ServerName conference.bytewerk.org
ServerAdmin webmaster@bytewerk.org
DocumentRoot /srv/var/www/vhosts/conference.bytewerk.org
# Logging
ErrorLog /var/log/apache2/conference.bytewerk.org-error_log
CustomLog "|/usr/bin/python3 /usr/local/Anonip.git/anonip.py --skip-private --output /var/log/apache2/conference.bytewerk.org-access_log" combined env=!dontlog
# don't loose time with IP address lookups
HostnameLookups Off
# needed for named virtual hosts
UseCanonicalName Off
# Weiterleiten zu HTTPS
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]
</VirtualHost>
<VirtualHost *:443>
ServerName conference.bytewerk.org
ServerAdmin webmaster@bytewerk.org
DocumentRoot /srv/var/www/vhosts/conference.bytewerk.org
# Logging
ErrorLog /var/log/apache2/conference.bytewerk.org-error_log
CustomLog "|/usr/bin/python3 /usr/local/Anonip.git/anonip.py --skip-private --output /var/log/apache2/conference.bytewerk.org-access_log" combined env=!dontlog
# don't loose time with IP address lookups
HostnameLookups Off
# needed for named virtual hosts
UseCanonicalName Off
# LetsEncrypt
SSLCertificateFile /etc/letsencrypt/live/conference.bytewerk.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/conference.bytewerk.org/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
Redirect 301 / https://jabber.bytewerk.org/
</VirtualHost>
# Für Prosody
# - wird nur zum Erstellen des LetsEncrypt-Zertifikats "proxy.bytewerk.org" benötigt
<VirtualHost *:80>
ServerName proxy.bytewerk.org
ServerAdmin webmaster@bytewerk.org
DocumentRoot /srv/var/www/vhosts/proxy.bytewerk.org
# Logging
ErrorLog /var/log/apache2/proxy.bytewerk.org-error_log
CustomLog "|/usr/bin/python3 /usr/local/Anonip.git/anonip.py --skip-private --output /var/log/apache2/proxy.bytewerk.org-access_log" combined env=!dontlog
# don't loose time with IP address lookups
HostnameLookups Off
# needed for named virtual hosts
UseCanonicalName Off
# Weiterleiten zu HTTPS
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]
</VirtualHost>
<VirtualHost *:443>
ServerName proxy.bytewerk.org
ServerAdmin webmaster@bytewerk.org
DocumentRoot /srv/var/www/vhosts/proxy.bytewerk.org
# Logging
ErrorLog /var/log/apache2/proxy.bytewerk.org-error_log
CustomLog "|/usr/bin/python3 /usr/local/Anonip.git/anonip.py --skip-private --output /var/log/apache2/proxy.bytewerk.org-access_log" combined env=!dontlog
# don't loose time with IP address lookups
HostnameLookups Off
# needed for named virtual hosts
UseCanonicalName Off
# LetsEncrypt
SSLCertificateFile /etc/letsencrypt/live/proxy.bytewerk.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/proxy.bytewerk.org/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
Redirect 301 / https://jabber.bytewerk.org/
</VirtualHost>
# Für Prosody
# - wird nur zum Erstellen des LetsEncrypt-Zertifikats "proxy65.bingo-ev.de" benötigt
<VirtualHost *:80>
ServerName proxy65.bingo-ev.de
ServerAdmin webmaster@bingo-ev.de
DocumentRoot /srv/var/www/vhosts/proxy65.bingo-ev.de
# Logging
ErrorLog /var/log/apache2/proxy65.bingo-ev.de-error_log
CustomLog "|/usr/bin/python3 /usr/local/Anonip.git/anonip.py --skip-private --output /var/log/apache2/proxy65.bingo-ev.de-access_log" combined env=!dontlog
# don't loose time with IP address lookups
HostnameLookups Off
# needed for named virtual hosts
UseCanonicalName Off
# Weiterleiten zu HTTPS
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]
</VirtualHost>
<VirtualHost *:443>
ServerName proxy65.bingo-ev.de
ServerAdmin webmaster@bingo-ev.de
DocumentRoot /srv/var/www/vhosts/proxy65.bingo-ev.de
# Logging
ErrorLog /var/log/apache2/proxy65.bingo-ev.de-error_log
CustomLog "|/usr/bin/python3 /usr/local/Anonip.git/anonip.py --skip-private --output /var/log/apache2/proxy65.bingo-ev.de-access_log" combined env=!dontlog
# don't loose time with IP address lookups
HostnameLookups Off
# needed for named virtual hosts
UseCanonicalName Off
# LetsEncrypt
SSLCertificateFile /etc/letsencrypt/live/proxy65.bingo-ev.de/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/proxy65.bingo-ev.de/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
Redirect 301 / https://jabber.bingo-ev.de/
</VirtualHost>
# Für Prosody
# - wird nur zum Erstellen des LetsEncrypt-Zertifikats "pubsub.bingo-ev.de" benötigt
<VirtualHost *:80>
ServerName pubsub.bingo-ev.de
ServerAdmin webmaster@bingo-ev.de
DocumentRoot /srv/var/www/vhosts/pubsub.bingo-ev.de
# Logging
ErrorLog /var/log/apache2/pubsub.bingo-ev.de-error_log
CustomLog "|/usr/bin/python3 /usr/local/Anonip.git/anonip.py --skip-private --output /var/log/apache2/pubsub.bingo-ev.de-access_log" combined env=!dontlog
# don't loose time with IP address lookups
HostnameLookups Off
# needed for named virtual hosts
UseCanonicalName Off
# Weiterleiten zu HTTPS
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]
</VirtualHost>
<VirtualHost *:443>
ServerName pubsub.bingo-ev.de
ServerAdmin webmaster@bingo-ev.de
DocumentRoot /srv/var/www/vhosts/pubsub.bingo-ev.de
# Logging
ErrorLog /var/log/apache2/pubsub.bingo-ev.de-error_log
CustomLog "|/usr/bin/python3 /usr/local/Anonip.git/anonip.py --skip-private --output /var/log/apache2/pubsub.bingo-ev.de-access_log" combined env=!dontlog
# don't loose time with IP address lookups
HostnameLookups Off
# needed for named virtual hosts
UseCanonicalName Off
# LetsEncrypt
SSLCertificateFile /etc/letsencrypt/live/pubsub.bingo-ev.de/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/pubsub.bingo-ev.de/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
Redirect 301 / https://jabber.bingo-ev.de/
</VirtualHost>
# Für Prosody
# - wird nur zum Erstellen des LetsEncrypt-Zertifikats "pubsub.bytewerk.org" benötigt
<VirtualHost *:80>
ServerName pubsub.bytewerk.org
ServerAdmin webmaster@bytewerk.org
DocumentRoot /srv/var/www/vhosts/pubsub.bytewerk.org
# Logging
ErrorLog /var/log/apache2/pubsub.bytewerk.org-error_log
CustomLog "|/usr/bin/python3 /usr/local/Anonip.git/anonip.py --skip-private --output /var/log/apache2/pubsub.bytewerk.org-access_log" combined env=!dontlog
# don't loose time with IP address lookups
HostnameLookups Off
# needed for named virtual hosts
UseCanonicalName Off
# Weiterleiten zu HTTPS
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]
</VirtualHost>
<VirtualHost *:443>
ServerName pubsub.bytewerk.org
ServerAdmin webmaster@bytewerk.org
DocumentRoot /srv/var/www/vhosts/pubsub.bytewerk.org
# Logging
ErrorLog /var/log/apache2/pubsub.bytewerk.org-error_log
CustomLog "|/usr/bin/python3 /usr/local/Anonip.git/anonip.py --skip-private --output /var/log/apache2/pubsub.bytewerk.org-access_log" combined env=!dontlog
# don't loose time with IP address lookups
HostnameLookups Off
# needed for named virtual hosts
UseCanonicalName Off
# LetsEncrypt
SSLCertificateFile /etc/letsencrypt/live/pubsub.bytewerk.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/pubsub.bytewerk.org/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
Redirect 301 / https://jabber.bytewerk.org/
</VirtualHost>
# Für Prosody:
# - LetsEncrypt-Zertifikat für upload.bingo-ev.de
# - mod_upload_external/mod_upload (XEP-0363)
<VirtualHost *:80>
ServerName upload.bingo-ev.de
ServerAdmin webmaster@bingo-ev.de
DocumentRoot /srv/var/www/vhosts/upload.bingo-ev.de
#DocumentRoot /var/www/jabber/upload
# Logging
ErrorLog /var/log/apache2/upload.bingo-ev.de-error_log
CustomLog "|/usr/bin/python3 /usr/local/Anonip.git/anonip.py --skip-private --output /var/log/apache2/upload.bingo-ev.de-access_log" combined env=!dontlog
# don't loose time with IP address lookups
HostnameLookups Off
# needed for named virtual hosts
UseCanonicalName Off
# Weiterleiten zu HTTPS
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]
</VirtualHost>
<VirtualHost *:443>
ServerName upload.bingo-ev.de
ServerAdmin webmaster@bingo-ev.de
DocumentRoot /srv/var/www/vhosts/upload.bingo-ev.de
# Logging
ErrorLog /var/log/apache2/upload.bingo-ev.de-error_log
CustomLog "|/usr/bin/python3 /usr/local/Anonip.git/anonip.py --skip-private --output /var/log/apache2/upload.bingo-ev.de-access_log" combined env=!dontlog
# don't loose time with IP address lookups
HostnameLookups Off
# needed for named virtual hosts
UseCanonicalName Off
# LetsEncrypt
SSLCertificateFile /etc/letsencrypt/live/upload.bingo-ev.de/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/upload.bingo-ev.de/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
####################################
# PHP
Include /etc/apache2/conf.d/mod_php7.conf
<Directory /srv/var/www/vhosts/upload.bingo-ev.de>
Require all granted
# share.php changes the Headers, SymLinksIfOwnerMatch allows that
Options +SymLinksIfOwnerMatch
# Allow cross site requests - Movim does an OPTION request where share.php cannot set the appropriate Headers
SetEnvIf Request_Method "^OPTIONS$" METHOD_OPTIONS
Header always set Access-Control-Allow-Origin "*" env=METHOD_OPTIONS
Header always set Access-Control-Allow-Headers "Content-Type" env=METHOD_OPTIONS
Header always set Access-Control-Allow-Methods "OPTIONS, PUT, GET" env=METHOD_OPTIONS
<Files *.php>
# Für Upload-Skript share_v2.php (aus mod_upload_external)
# Ein Upload darf max. eine Stunde dauern
php_value max_input_time 3600
php_value max_execution_time 3600
</Files>
# modify status code of preflight request
RewriteEngine On
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]
</Directory>
</VirtualHost>
# Für Prosody:
# - LetsEncrypt-Zertifikat für upload.bytewerk.org
# - mod_upload_external/mod_upload (XEP-0363)
<VirtualHost *:80>
ServerName upload.bytewerk.org
ServerAdmin webmaster@bytewerk.org
DocumentRoot /srv/var/www/vhosts/upload.bytewerk.org
#DocumentRoot /var/www/jabber/upload
# Logging
ErrorLog /var/log/apache2/upload.bytewerk.org-error_log
CustomLog "|/usr/bin/python3 /usr/local/Anonip.git/anonip.py --skip-private --output /var/log/apache2/upload.bytewerk.org-access_log" combined env=!dontlog
# don't loose time with IP address lookups
HostnameLookups Off
# needed for named virtual hosts
UseCanonicalName Off
# Weiterleiten zu HTTPS
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]
</VirtualHost>
<VirtualHost *:443>
ServerName upload.bytewerk.org
ServerAdmin webmaster@bytewerk.org
DocumentRoot /srv/var/www/vhosts/upload.bytewerk.org
# Logging
ErrorLog /var/log/apache2/upload.bytewerk.org-error_log
CustomLog "|/usr/bin/python3 /usr/local/Anonip.git/anonip.py --skip-private --output /var/log/apache2/upload.bytewerk.org-access_log" combined env=!dontlog
# don't loose time with IP address lookups
HostnameLookups Off
# needed for named virtual hosts
UseCanonicalName Off
# LetsEncrypt
SSLCertificateFile /etc/letsencrypt/live/upload.bytewerk.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/upload.bytewerk.org/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
####################################
# PHP
Include /etc/apache2/conf.d/mod_php7.conf
<Directory /srv/var/www/vhosts/upload.bytewerk.org>
Require all granted
# share.php changes the Headers, SymLinksIfOwnerMatch allows that
Options +SymLinksIfOwnerMatch
# Allow cross site requests - Movim does an OPTION request where share.php cannot set the appropriate Headers
SetEnvIf Request_Method "^OPTIONS$" METHOD_OPTIONS
Header always set Access-Control-Allow-Origin "*" env=METHOD_OPTIONS
Header always set Access-Control-Allow-Headers "Content-Type" env=METHOD_OPTIONS
Header always set Access-Control-Allow-Methods "OPTIONS, PUT, GET" env=METHOD_OPTIONS
<Files *.php>
# Für Upload-Skript share_v2.php (aus mod_upload_external)
# Ein Upload darf max. eine Stunde dauern
php_value max_input_time 3600
php_value max_execution_time 3600
</Files>
# modify status code of preflight request
RewriteEngine On
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]
</Directory>
</VirtualHost>
# Für Prosody:
# - LetsEncrypt-Zertifikat xmpp.bytewerk.org
# - Reverse Proxy für BOSH (unter https://xmpp.bytewerk.org/http-bind)
# - Reverse Proxy für BOSH-Autoconfiguration (XEP-0156)
# - Reverse Proxy für Websocket
# - Reverse Proxy für Pastebin (TODO!)
<VirtualHost *:80>
ServerName xmpp.bytewerk.org
ServerAdmin webmaster@bytewerk.org
DocumentRoot /srv/var/www/vhosts/xmpp.bytewerk.org
# Logging
ErrorLog /var/log/apache2/xmpp.bytewerk.org-error_log
CustomLog "|/usr/bin/python3 /usr/local/Anonip.git/anonip.py --skip-private --output /var/log/apache2/xmpp.bytewerk.org-access_log" combined env=!dontlog
# don't loose time with IP address lookups
HostnameLookups Off
# needed for named virtual hosts
UseCanonicalName Off
###############################
# "Well-Known" URIs for service discovery (XEP-0156) autogenerated with Prosody's http_altconnect
# http_altconnect setzt selbst CORS-Header
RewriteEngine On
RewriteCond %{REQUEST_URI} "^/.well-known/host-meta(\.json)?$"
RewriteRule ^(.*)$ "http://localhost:5280/$1" [P]
###############################
# Weiterleiten zu HTTPS
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]
</VirtualHost>
<VirtualHost *:443>
ServerName xmpp.bytewerk.org
ServerAdmin webmaster@bytewerk.org
DocumentRoot /srv/var/www/vhosts/xmpp.bytewerk.org
# enable HTTP/2, if available
Protocols h2 http/1.1
# Logging
ErrorLog /var/log/apache2/xmpp.bytewerk.org-error_log
CustomLog "|/usr/bin/python3 /usr/local/Anonip.git/anonip.py --skip-private --output /var/log/apache2/xmpp.bytewerk.org-access_log" combined env=!dontlog
# don't loose time with IP address lookups
HostnameLookups Off
# needed for named virtual hosts
UseCanonicalName Off
# LetsEncrypt
SSLCertificateFile /etc/letsencrypt/live/xmpp.bytewerk.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/xmpp.bytewerk.org/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
###############################
# Static root page
<Location "/">
Require all granted
DirectoryIndex index.html
</Location>
#### Prosody ####
# Reverse Proxy für BOSH und Websocket
ProxyTimeout 900
# BOSH
<Location "/http-bind">
ProxyPreserveHost on
ProxyPass http://localhost:5280/http-bind
ProxyPassReverse http://localhost:5280/http-bind
</Location>