From 8cab91f51abd07d3f3474a7908ee0db0a91496e6 Mon Sep 17 00:00:00 2001 From: nemunaire Date: Tue, 13 Jan 2015 17:58:33 +0100 Subject: [PATCH] Remove misc directory --- .gitignore | 1 - Dockerfile | 19 +++++++------------ README.md | 12 ++++++------ backup.sh | 3 ++- check.pl | 4 ++-- front/nginx.conf | 10 +++++----- gen_site.pl | 2 +- nginx-server.conf | 4 ++-- onyx/config/sample.root.xml | 2 +- onyx/include/admin/chrono.php | 4 ++-- onyx/include/admin/home.php | 4 ++-- onyx/include/common.php | 4 ++-- pki/CA.sh | 4 ++-- pki/openssl.cnf | 2 +- synchro.sh | 2 +- 15 files changed, 36 insertions(+), 41 deletions(-) diff --git a/.gitignore b/.gitignore index c6e9d82c..ce41b890 100644 --- a/.gitignore +++ b/.gitignore @@ -9,5 +9,4 @@ onyx/config/root.xml onyx/db/*.profile.php onyx/tpl/*/*.html submission/* -misc/openssl.cnf libmcrypt-perl_2.5.7.0-1_amd64.deb diff --git a/Dockerfile b/Dockerfile index c90b0ab8..1b99827a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -24,11 +24,11 @@ RUN apt-get -y update && \ && \ apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* -RUN useradd -d /var/www/fic-server/misc/ -M -N -g www-data synchro +RUN useradd -d /var/www/fic-server -M -N -g www-data synchro # Copying files ####################################################### -WORKDIR /var/www/fic-server/misc +WORKDIR /var/www/fic-server ADD . /var/www/fic-server/ @@ -49,22 +49,17 @@ RUN ln -sf /var/www/fic-server/onyx/config/sample.root.xml /var/www/fic-server/o # ENVIRONNEMENT ####################################################### EXPOSE 80/tcp 443/tcp -VOLUME ["/var/www/fic-server/out","/var/www/fic-server/files","/var/www/fic-server/submission","/var/www/fic-server/misc/shared"] +VOLUME ["/var/www/fic-server/out","/var/www/fic-server/files","/var/www/fic-server/submission","/var/www/fic-server/shared"] CMD mkdir -p /var/www/fic-server/logs; \ - chown -R www-data:www-data /var/www/fic-server/misc; \ + chown -R www-data:www-data /var/www/fic-server/shared /var/www/fic-server/PKI; \ chown -R synchro:www-data /var/www/fic-server/submission /var/www/fic-server/logs /var/www/fic-server/out; \ chmod 660 /var/www/fic-server/submission; \ - if ! [ -f server.crt ]; \ - then \ - bash ./CA.sh -newserver; \ - fi; \ - bash ./CA.sh -gencrl && \ service nginx start && \ service php5-fpm start && \ service mysql start && \ - ../nginx_gen_team.sh > ../misc/shared/nginx-teams.conf && \ + ./nginx_gen_team.sh > ./shared/nginx-teams.conf && \ echo 'Copying files...' && \ - ../gen_hash_link_files.sh --copy ../files-in ../files; \ - (../launch_local.sh &); \ + ./gen_hash_link_files.sh --copy ./files-in ./files; \ + (./launch_local.sh &); \ /bin/bash diff --git a/README.md b/README.md index e8186912..a28a9c7d 100644 --- a/README.md +++ b/README.md @@ -30,7 +30,7 @@ characters. This key is used to generate the server certificate. When you see: ``` -root@xxxxxxxxxxxx:/var/www/fic-server/misc# +root@xxxxxxxxxxxx:/var/www/fic-server# ``` congratulations, the container is running! @@ -99,11 +99,11 @@ CONNTRACK states. Main Docker backend container relies on several other container: -* MySQL database ; -* Database storage (as data only container) ; -* PKI storage ; -* PKI shared storage ; -* challenge files containers ; +* MySQL database; +* Database storage (as data only container); +* PKI storage; +* PKI shared storage; +* challenge files containers; * the backend. To have a fully working backend: diff --git a/backup.sh b/backup.sh index 3af478fa..03b25030 100755 --- a/backup.sh +++ b/backup.sh @@ -20,7 +20,8 @@ then mysqldump -u backup --password="$BCKP_PASS" fic > "$TO_BCKP"/db/`date +%Y%m%d-%H%M`.sql - rsync -avL misc "$TO_BCKP" + rsync -avL shared "$TO_BCKP" + rsync -avL pki "$TO_BCKP" rsync -avL .git "$TO_BCKP" rsync -avL logs "$TO_BCKP" rsync -avL /var/log "$TO_BCKP" diff --git a/check.pl b/check.pl index bc3ec707..64bad518 100755 --- a/check.pl +++ b/check.pl @@ -63,9 +63,9 @@ for my $p (<$conf>) close $conf; my $end_time = 1999999999; -if (-f "$root/misc/challenge_started") +if (-f "$root/shared/challenge_started") { - open my $conf, "<", "$root/misc/challenge_started"; + open my $conf, "<", "$root/shared/challenge_started"; $end_time = <$conf>; close $conf; chomp($end_time); diff --git a/front/nginx.conf b/front/nginx.conf index a7ea76e9..699820df 100644 --- a/front/nginx.conf +++ b/front/nginx.conf @@ -18,15 +18,15 @@ server { access_log /var/log/nginx/fic.access_log; error_log /var/log/nginx/fic.error_log; - ssl_certificate /var/www/fic-server/misc/shared/server.crt; - ssl_certificate_key /var/www/fic-server/misc/shared/server.key; + ssl_certificate /var/www/fic-server/shared/server.crt; + ssl_certificate_key /var/www/fic-server/shared/server.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; # ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!ADH:!AECDH:!MD5:!DSS; ssl_ciphers AES256+EECDH:AES256+EDH; - ssl_client_certificate /var/www/fic-server/misc/shared/cacert.crt; + ssl_client_certificate /var/www/fic-server/shared/cacert.crt; ssl_verify_client optional; - ssl_crl /var/www/fic-server/misc/shared/crl.pem; + ssl_crl /var/www/fic-server/shared/crl.pem; add_header Strict-Transport-Security "max-age=2592000; includeSubdomains"; add_header X-Frame-Options DENY; @@ -46,7 +46,7 @@ server { set $team 0; - include /var/www/fic-server/misc/shared/nginx-teams.conf; + include /var/www/fic-server/shared/nginx-teams.conf; if ($team) { root /var/www/fic-server/out/teams/$team$1; diff --git a/gen_site.pl b/gen_site.pl index 0345b674..bcfb3399 100755 --- a/gen_site.pl +++ b/gen_site.pl @@ -184,7 +184,7 @@ sub manage elsif (/^RT(E(A(M(S)?)?)?)?/) { if (-x "nginx_gen_team.sh") { - qx(./nginx_gen_team.sh > ./misc/shared/nginx-teams.conf) + qx(./nginx_gen_team.sh > ./shared/nginx-teams.conf) } else { say "Unable to find nginx_gen_team.sh" } diff --git a/nginx-server.conf b/nginx-server.conf index 250949e9..36fe7e31 100644 --- a/nginx-server.conf +++ b/nginx-server.conf @@ -2,8 +2,8 @@ server { listen 443 ssl; listen [::]:443 ipv6only=on ssl; - ssl_certificate /var/www/fic-server/misc/shared/server.crt; - ssl_certificate_key /var/www/fic-server/misc/shared/server.key; + ssl_certificate /var/www/fic-server/shared/server.crt; + ssl_certificate_key /var/www/fic-server/shared/server.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; # ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!ADH:!AECDH:!MD5:!DSS; diff --git a/onyx/config/sample.root.xml b/onyx/config/sample.root.xml index eceae299..b77fa14a 100644 --- a/onyx/config/sample.root.xml +++ b/onyx/config/sample.root.xml @@ -3,7 +3,7 @@ 1386827772 /var/www/fic-server/files/ - /var/www/fic-server/misc/ + /var/www/fic-server/ /var/www/fic-server/submission/ /tmp/scheduler.sock challenge-public diff --git a/onyx/include/admin/chrono.php b/onyx/include/admin/chrono.php index a134f47a..f86bbb1d 100644 --- a/onyx/include/admin/chrono.php +++ b/onyx/include/admin/chrono.php @@ -9,12 +9,12 @@ if (count($p) > 2) switch($p[2]) { case "start": - file_put_contents($VAR["misc_dir"]."/challenge_started", time() + (intval($_POST["time"]) - 240) * 60); + file_put_contents($VAR["misc_dir"]."/shared/challenge_started", time() + (intval($_POST["time"]) - 240) * 60); pipe_backend_scheduler("resetreset:HOME:all:SY"); break; case "init": - unlink($VAR["misc_dir"]."/challenge_started"); + unlink($VAR["misc_dir"]."/shared/challenge_started"); pipe_backend_scheduler("resetreset:HOME:all:SY"); break; } diff --git a/onyx/include/admin/home.php b/onyx/include/admin/home.php index 9f1c1b71..971f7f86 100644 --- a/onyx/include/admin/home.php +++ b/onyx/include/admin/home.php @@ -5,9 +5,9 @@ if(!defined('ONYX')) exit; if (isset($VAR['misc_dir'])) { $misc_dir = $VAR['misc_dir']; - if (!is_writable($misc_dir)) + if (!is_writable("$misc_dir/shared")) { - erreur("Dossier misc/ non accessible en écriture. ($misc_dir)"); + erreur("Dossier shared/ non accessible en écriture. ($misc_dir)"); return "admin/home"; } } diff --git a/onyx/include/common.php b/onyx/include/common.php index dc38c1d8..80ca4622 100644 --- a/onyx/include/common.php +++ b/onyx/include/common.php @@ -15,9 +15,9 @@ $template = new Template(); $template->assign("ERRmessage", false); -if (is_file($VAR["misc_dir"]."/challenge_started")) +if (is_file($VAR["misc_dir"]."/shared/challenge_started")) { - $VAR["start_challenge"] = intval(file_get_contents($VAR["misc_dir"]."/challenge_started")); + $VAR["start_challenge"] = intval(file_get_contents($VAR["misc_dir"]."/shared/challenge_started")); $VAR["end_challenge"] = $VAR["start_challenge"] + 14400; $template->assign("END", $VAR['end_challenge']); } diff --git a/pki/CA.sh b/pki/CA.sh index 596a6a8a..53fef8f1 100644 --- a/pki/CA.sh +++ b/pki/CA.sh @@ -3,10 +3,10 @@ cd $(dirname "$0") if [ -z "${PKI_BASEDIR}" ]; then - PKI_BASEDIR=pki + PKI_BASEDIR=$(dirname `pwd`) # equivalent to $(realpath `pwd`/.. fi -PKI_DIR=${PKI_BASEDIR}/pki +PKI_DIR=${PKI_BASEDIR}/PKI SHARED_DIR=${PKI_BASEDIR}/shared OPENSSL_CONF=`pwd`/openssl.cnf diff --git a/pki/openssl.cnf b/pki/openssl.cnf index a90cd294..c88fa734 100644 --- a/pki/openssl.cnf +++ b/pki/openssl.cnf @@ -39,7 +39,7 @@ default_ca = CA_default # The default ca section #################################################################### [ CA_default ] -dir = /var/www/fic-server/misc//pki #DIR # Where everything is kept +dir = /var/www/fic-server/pki #DIR # Where everything is kept certs = $dir/certs # Where the issued certs are kept crl_dir = $dir/crl # Where the issued crl are kept database = $dir/index.txt # database index file. diff --git a/synchro.sh b/synchro.sh index 06c4de68..cb66e751 100755 --- a/synchro.sh +++ b/synchro.sh @@ -23,7 +23,7 @@ fi # Synchronize HTML pages rsync -e ssh -av $OPTS out "$FRONTEND_HOSTNAME":~/ rsync -e ssh -avL $OPTS files "$FRONTEND_HOSTNAME":~/ -rsync -e ssh -av $OPTS front/ misc/shared/ "$FRONTEND_HOSTNAME":~/ +rsync -e ssh -av $OPTS front/ shared/ "$FRONTEND_HOSTNAME":~/ # Synchronize submissions rsync -e ssh -av "$FRONTEND_HOSTNAME":~/submission/ submission/