update

2023-12-18 17:16:09 +01:00 · 2023-12-18 17:16:09 +01:00 · 2ba6247a58
commit 2ba6247a58
parent 0f42ce46b4
15 changed files with 142 additions and 4 deletions
--- a/services/builder.rimarima.fr/deploy_http.sh
+++ b/services/builder.rimarima.fr/deploy_http.sh
@ -0,0 +1,13 @@
 #!/bin/bash
 set -euo pipefail
 set -a
 . "$SECRET_DIR/.env"
 set +a
 git_update.sh -d "$HTTP_DIR" -b main "https://git.jean-cloud.net/adrian/rimarima"
 rclone_ncloud_publiclink.sh "$HTTP_DIR/content"
 podman build . -f hugobuilder.dockerfile -t $JC_SERVICE/builder
 podman run --rm -v $HTTP_DIR:/srv $JC_SERVICE/builder
--- a/services/builder.rimarima.fr/hugobuilder.dockerfile
+++ b/services/builder.rimarima.fr/hugobuilder.dockerfile
@ -0,0 +1,10 @@
 from alpine:edge
 RUN apk update && \
    apk upgrade && \
    apk --no-cache add hugo tzdata && \
    rm -rf /var/cache/apk/*
 WORKDIR /srv
 ENTRYPOINT ["hugo", "--ignoreCache"]
--- a/services/builder.rimarima.fr/index.html
+++ b/services/builder.rimarima.fr/index.html
@ -0,0 +1,22 @@
 <!DOCTYPE html>
 <html style="height:100%;">
 	<head>
 		<meta charset="utf8" />
 	</head>
 	<body style="height:100%;">
 		<nav style="height:5%; margin:0;">
 			<span>Voici votre site avant publication.</span>
 			<button onclick="setFrameUrl('/buildscript/build')">Assembler</button>
 			<button onclick="setFrameUrl('/')">Voir</button>
 			<button onclick="setFrameUrl('/buildscript/publish')">Publier</button>
 		</nav>
 		<iframe id="myframe" style="width:100%; height:93%" src="/" title="Site publique"></iframe> 
 		<script type="text/javascript">
 			function setFrameUrl (url) {
 				document.getElementById('myframe').src = '';
 				document.getElementById('myframe').contentWindow.document.write("<html><body>Chargement…</body></html>");;
 				document.getElementById('myframe').src = url;
 			}
 		</script>
 	</body>
 </html>
--- a/services/builder.rimarima.fr/nginx_server.conf
+++ b/services/builder.rimarima.fr/nginx_server.conf
@ -0,0 +1,27 @@
 server {    
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
 	server_name $JC_SERVICE;
    ssl_certificate $JC_CERT/fullchain.pem;
    ssl_certificate_key $JC_CERT/privkey.pem;           
    auth_basic "Entrez votre identifiant et mot de passe";    
    auth_basic_user_file "$SECRET_DIR/user.htpasswd";
    location /buildscript/ {
 	    include /etc/nginx/fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $DOCKER_DIR/server.sh;
        fastcgi_pass unix:/var/run/fcgiwrap.socket;
    }
 	location / {
 		index index.html;
 		root $HTTP_DIR/public;
 		try_files $uri $uri/ =404;
 	}
 	location /builderui {
 		root $DOCKER_DIR;
 		try_files /index.html =404;
 	}
 }
--- a/services/builder.rimarima.fr/server.sh
+++ b/services/builder.rimarima.fr/server.sh
@ -0,0 +1,16 @@
 #!/bin/bash
 echo "Content-type: text/html"
 echo ""
 action="$(echo "$DOCUMENT_URI" | tr -d '/\;!&<>?#[]()"*')"
 set -a
 . .env
 set +a
 "./deploy_http.sh" 2>&1
 ret="$?"
 if [ "$ret" -ne 0 ] ; then
 	echo 'Error'
 fi
--- a/services/copaines.jean-cloud.net/deploy_http.sh
+++ b/services/copaines.jean-cloud.net/deploy_http.sh
@ -0,0 +1,3 @@
 #!/bin/bash
 echo '[sftp.jean-cloud.net]:2929 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5WLG4HbhHMWZySQkCOfMyJ8HAojyJJ66prhn/WSh1T6vyi/oWuodhN5fzIenEpKrmIzXLLfFa8Q9YuEYmcwNGp0FrTnATDYLABL530DBsCQzA5S+fLecY0iLHEkluuJCcX2+cNpu7ytzgbEzHFDRDkd6RgI1cBL5smCnbxfrJSvfLR0VvihQJNZKPYEFHxt9euGkHhKilwbXa4VEtfY8GfMK18dGlM+K2nRu4G+ckoNzx9K2RdwAqUyj1WFLrS+FYY8EbHlffWf4WES32tSeyd6z3rF0jFoN83ojZ0nPfcch10tWklfRc2RcoItde9p0bR/Cgz2SI1nZT9EcBhrpqGkucLsx/xvcxXd/puQDe9svBq1vgWRuub7e6Q40v8Lhl5dTGJutKLWbCg9udonaUIR/LudSnSgEGrDoz/Yjx8Iytj9+tLj9C+rRASfUnHnTRjsVKJG3Ofx+YHhWs0gLJcV06EvM+PBgZOCnegcPrssi0OE+I5HtDixTkaBNQPHXfKcGqlSEPRmqEuwsvdcv7vOfWJn1ufmKpoaLXWPrX+U4gZYSMHrhieqdcieT8wSu/YJa8gBM5qkK1WMOYxwYzLU5q9H4g9sJfFqk14cvQk47Tb+nTLlFoYZvunATBAxQuNuMo8+scu0BuIqinB5SjO6bwF3nJUCigs8BTmo95Pw==' >> ~/.ssh/known_hosts
 scp -i "$SECRET_DIR/sftp.sshprivkey" -rP 2929 copaines@sftp.jean-cloud.net:public/* "$HTTP_DIR"
--- a/services/copaines.jean-cloud.net/docker-compose.yml
+++ b/services/copaines.jean-cloud.net/docker-compose.yml
@ -1,2 +0,0 @@
 version: '3.1'
--- a/services/copaines.jean-cloud.net/nginx_server.conf
+++ b/services/copaines.jean-cloud.net/nginx_server.conf
@ -24,7 +24,7 @@ server {
  server_name copaines.jean-cloud.net www.copaines.jean-cloud.net;
  location /  {
-    root /data/copaines.jean-cloud.net/static;
+    root $HTTP_DIR;
    try_files $uri $uri/ =404;
  }
 }
--- a/services/gypsylyonfestival.com/deploy.sh
+++ b/services/gypsylyonfestival.com/deploy.sh
@ -0,0 +1,4 @@
 #!/bin/bash
 set -euo pipefail
 #docker run -u 33 --rm -v "$HTTP_DIR:/usr/local/app" docker.io/jeancloud/pelican-rclone-builder
--- a/services/gypsylyonfestival.com/deploy_http.sh
+++ b/services/gypsylyonfestival.com/deploy_http.sh
@ -0,0 +1,2 @@
 #!/bin/bash
 scp -i "$SECRET_DIR/sftp.sshprivkey" -rP 2929 gypsy@sftp.jean-cloud.net:public/* "$HTTP_DIR"
--- a/services/gypsylyonfestival.com/nginx_server.conf
+++ b/services/gypsylyonfestival.com/nginx_server.conf
@ -5,7 +5,7 @@ server {
  ssl_certificate_key $JC_CERT/privkey.pem;
  #server_name gypsylyonfestival.com www.gypsylyonfestival.com;
  server_name gypsy.jean-cloud.net;
-  root /data/gypsylyonfestival.com/output;
+  root $HTTP_DIR;
  # Security headers
  # We can create a file with the base security headers and include it.
--- a/services/radio.karnaval.fr/nginx_server.conf
+++ b/services/radio.karnaval.fr/nginx_server.conf
@ -0,0 +1,11 @@
 server {
 	listen 443 ssl;
 	listen [::]:443 ssl;
 	server_name radio.karnaval.fr;
 	ssl_certificate     $JC_CERT/fullchain.pem;
    ssl_certificate_key $JC_CERT/privkey.pem;
 	location  / {
 		return 301 https://radionimaitre.oma-radio.fr$request_uri;
 	}
 }
--- a/services/rimarima.fr/.env
+++ b/services/rimarima.fr/.env
@ -0,0 +1,2 @@
 GIT_SOURCE_REPO="https://git.jean-cloud.net/adrian/rimarima"
 CLOUD_LOCAL_PATH=content
--- a/services/rimarima.fr/deploy_http.sh
+++ b/services/rimarima.fr/deploy_http.sh
@ -0,0 +1,8 @@
 #!/bin/bash
 set -euo pipefail
 set -a
 . "$SECRET_DIR/.env"
 set +a
 git_update.sh -d "$HTTP_DIR" -b main "$GIT_SOURCE_REPO"
 hugo_rclone.sh "$HTTP_DIR"
--- a/services/rimarima.fr/nginx_server.conf
+++ b/services/rimarima.fr/nginx_server.conf
@ -0,0 +1,22 @@
 server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  ssl_certificate $JC_CERT/fullchain.pem;
  ssl_certificate_key $JC_CERT/privkey.pem;
  server_name $JC_SERVICE www.$JC_SERVICE;
  root $HTTP_DIR/public/;
  # Security headers
  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
  add_header Content-Security-Policy "default-src 'none';frame-ancestors 'none'; script-src 'self'; img-src 'self'; font-src 'self'; object-src 'none'; style-src 'self'; base-uri 'self'; form-action 'self';" always;
  add_header X-Content-Type-Options "nosniff";
  add_header X-Frame-Options SAMEORIGIN always;
  add_header X-XSS-Protection "1; mode=block" always;
  add_header Referrer-Policy "strict-origin-when-cross-origin";
  add_header Permissions-Policy "geolocation='none';midi='none';notifications='none';push='none';microphone='none';camera='none';magnetometer='none';gyroscope='none';speaker='self';vibrate='none';fullscreen='self';payment='none';";
  location / {
          index index.html;
          try_files $uri $uri/ =404;
  }
 }
		`@ -0,0 +1,2 @@`
							`#!/bin/bash`
							`scp -i "$SECRET_DIR/sftp.sshprivkey" -rP 2929 gypsy@sftp.jean-cloud.net:public/* "$HTTP_DIR"`
		`@ -0,0 +1,2 @@`
							`GIT_SOURCE_REPO="https://git.jean-cloud.net/adrian/rimarima"`
							`CLOUD_LOCAL_PATH=content`