Add a Dockerfile for frontend test container; adapt code to simplify synchronization or Docker linkage
This commit is contained in:
parent
6c69867bcc
commit
bca09af2e0
@ -19,6 +19,7 @@ RUN apt-get -y update && \
|
|||||||
libwww-perl \
|
libwww-perl \
|
||||||
libdigest-whirlpool-perl \
|
libdigest-whirlpool-perl \
|
||||||
pwgen \
|
pwgen \
|
||||||
|
curl \
|
||||||
openssl \
|
openssl \
|
||||||
cpanminus \
|
cpanminus \
|
||||||
build-essential \
|
build-essential \
|
||||||
@ -59,5 +60,5 @@ RUN chmod 777 /var/www/fic-server/onyx/cache/ /var/www/fic-server/onyx/cache/tem
|
|||||||
# ENVIRONNEMENT #######################################################
|
# ENVIRONNEMENT #######################################################
|
||||||
|
|
||||||
EXPOSE 80/tcp 443/tcp
|
EXPOSE 80/tcp 443/tcp
|
||||||
VOLUME ["/var/www/fic-server/out","/var/www/fic-server/files","/var/www/fic-server/submissions"]
|
VOLUME ["/var/www/fic-server/out","/var/www/fic-server/files","/var/www/fic-server/submission","/var/www/fic-server/misc/shared"]
|
||||||
CMD ["sh", "-c", "chown -R www-data:www-data /var/www/fic-server/misc /var/www/fic-server/submission; cd /var/www/fic-server/misc; if ! [ -f server.crt ]; then bash ./CA.sh -newserver; fi; service nginx start && service php5-fpm start && service mysql start && mkdir files && ../gen_hash_link_files.sh --copy ../files-in ../files && (../launch_local.sh &); /bin/bash"]
|
CMD ["sh", "-c", "chown -R www-data:www-data /var/www/fic-server/misc /var/www/fic-server/submission; cd /var/www/fic-server/misc; if ! [ -f server.crt ]; then ./CA.sh -newserver; fi; ./CA.sh -gencrl && service nginx start && service php5-fpm start && service mysql start && ../gen_hash_link_files.sh --copy ../files-in ../files && ../nginx_gen_team.sh > ../misc/shared/nginx-teams.conf && (../launch_local.sh &); /bin/bash"]
|
||||||
|
@ -42,6 +42,14 @@ environment, you can run the following command:
|
|||||||
mysql -u root fic < /var/www/fic-server/db/feed.sql
|
mysql -u root fic < /var/www/fic-server/db/feed.sql
|
||||||
|
|
||||||
|
|
||||||
|
### Frontend container
|
||||||
|
|
||||||
|
To run the frontend on the same machine as the backend (but in another
|
||||||
|
container), run the following command:
|
||||||
|
|
||||||
|
docker run -P -ti --volumes-from BACKEND_CNTNR_NAME FRONTEND_IMG
|
||||||
|
|
||||||
|
|
||||||
Production Environnement
|
Production Environnement
|
||||||
------------------------
|
------------------------
|
||||||
|
|
||||||
|
30
front/Dockerfile
Normal file
30
front/Dockerfile
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
# DOCKER-VERSION 1.1.0
|
||||||
|
|
||||||
|
# /!\ WARNING: the container generated through this Dockerfile is made only for development purpose; it is NOT SAFE or production ready.
|
||||||
|
|
||||||
|
FROM debian:wheezy
|
||||||
|
MAINTAINER Pierre-Olivier Mercier <nemunaire@nemunai.re>
|
||||||
|
|
||||||
|
# Install packages ####################################################
|
||||||
|
|
||||||
|
RUN apt-get -y update && \
|
||||||
|
apt-get install -y \
|
||||||
|
nginx-full \
|
||||||
|
php5-fpm \
|
||||||
|
php5-mcrypt \
|
||||||
|
&& \
|
||||||
|
apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
|
||||||
|
|
||||||
|
# Copying files #######################################################
|
||||||
|
|
||||||
|
ADD . /var/www/fic-server/front/
|
||||||
|
|
||||||
|
# Configure softwares #################################################
|
||||||
|
|
||||||
|
RUN ln -sf /var/www/fic-server/front/nginx.conf /etc/nginx/sites-enabled/default
|
||||||
|
RUN ln -sf /var/www/fic-server/front/php-fpm.conf /etc/php5/fpm/pool.d/www.conf
|
||||||
|
|
||||||
|
# ENVIRONNEMENT #######################################################
|
||||||
|
|
||||||
|
EXPOSE 80/tcp 443/tcp
|
||||||
|
CMD ["sh", "-c", "service nginx start && service php5-fpm start && /bin/bash"]
|
108
front/nginx.conf
Normal file
108
front/nginx.conf
Normal file
@ -0,0 +1,108 @@
|
|||||||
|
server_tokens off;
|
||||||
|
client_header_buffer_size 512;
|
||||||
|
client_max_body_size 512;
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 80 default;
|
||||||
|
listen [::]:80 ipv6only=on default;
|
||||||
|
|
||||||
|
rewrite ^ https://$host$uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 443 ssl;
|
||||||
|
listen [::]:443 ipv6only=on ssl;
|
||||||
|
|
||||||
|
root /var/www/fic-server/out/htdocs/;
|
||||||
|
|
||||||
|
access_log /var/log/nginx/fic.access_log;
|
||||||
|
error_log /var/log/nginx/fic.error_log;
|
||||||
|
|
||||||
|
ssl_certificate /var/www/fic-server/misc/shared/server.crt;
|
||||||
|
ssl_certificate_key /var/www/fic-server/misc/shared/server.key;
|
||||||
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||||
|
ssl_prefer_server_ciphers on;
|
||||||
|
# ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!ADH:!AECDH:!MD5:!DSS;
|
||||||
|
ssl_ciphers AES256+EECDH:AES256+EDH;
|
||||||
|
ssl_client_certificate /var/www/fic-server/misc/shared/cacert.crt;
|
||||||
|
ssl_verify_client optional;
|
||||||
|
ssl_crl /var/www/fic-server/misc/shared/crl.pem;
|
||||||
|
|
||||||
|
add_header Strict-Transport-Security "max-age=2592000; includeSubdomains";
|
||||||
|
add_header X-Frame-Options DENY;
|
||||||
|
add_header X-Content-Type-Options nosniff;
|
||||||
|
|
||||||
|
error_page 400 /errors/400/index.html;
|
||||||
|
error_page 403 /errors/403/index.html;
|
||||||
|
error_page 404 /errors/404/index.html;
|
||||||
|
error_page 413 414 /errors/413/index.html;
|
||||||
|
error_page 500 503 /errors/500/index.html;
|
||||||
|
error_page 502 504 /errors/502/index.html;
|
||||||
|
|
||||||
|
location /
|
||||||
|
{
|
||||||
|
default_type text/html;
|
||||||
|
expires epoch;
|
||||||
|
|
||||||
|
set $team 0;
|
||||||
|
|
||||||
|
include /var/www/fic-server/misc/shared/nginx-teams.conf;
|
||||||
|
|
||||||
|
if ($team) {
|
||||||
|
root /var/www/fic-server/out/teams/$team$1;
|
||||||
|
rewrite ^/([0-9]+-?[a-zA-Z0-9_-]*)/([a-zA-Z0-9_]+)/submission$ /submission.php?team=$team&theme=$1&exercice=$2 last;
|
||||||
|
}
|
||||||
|
if ($team = 0) {
|
||||||
|
root /var/www/fic-server/out/htdocs/;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
location /errors
|
||||||
|
{
|
||||||
|
root /var/www/fic-server/out/;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /connected
|
||||||
|
{
|
||||||
|
return 403;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /files
|
||||||
|
{
|
||||||
|
root /var/www/fic-server/;
|
||||||
|
|
||||||
|
# option to accelerate file delivery, require a custom nginx
|
||||||
|
#aio on;
|
||||||
|
directio 512;
|
||||||
|
output_buffers 1 128k;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~* \favicon.ico$ {
|
||||||
|
root /var/www/fic-server/out/htdocs/;
|
||||||
|
access_log off;
|
||||||
|
expires 1d;
|
||||||
|
add_header Cache-Control public;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ ^/(assets|img|js|css|fonts)/ {
|
||||||
|
root /var/www/fic-server/out/htdocs/;
|
||||||
|
access_log off;
|
||||||
|
expires 7d;
|
||||||
|
add_header Cache-Control public;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ /(\.ht|\.git|\.svn|\.onyx) {
|
||||||
|
return 403;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /submission.php
|
||||||
|
{
|
||||||
|
root /var/www/fic-server/front/;
|
||||||
|
|
||||||
|
limit_rate 4k;
|
||||||
|
|
||||||
|
include /etc/nginx/fastcgi_params;
|
||||||
|
fastcgi_pass unix:/var/run/php-fpm.sock;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
81
front/php-fpm.conf
Normal file
81
front/php-fpm.conf
Normal file
@ -0,0 +1,81 @@
|
|||||||
|
; Start a new pool named 'www'.
|
||||||
|
; the variable $pool can we used in any directive and will be replaced by the
|
||||||
|
; pool name ('www' here)
|
||||||
|
[www]
|
||||||
|
|
||||||
|
; Unix user/group of processes
|
||||||
|
; Note: The user is mandatory. If the group is not set, the default user's group
|
||||||
|
; will be used.
|
||||||
|
user = www-data
|
||||||
|
group = www-data
|
||||||
|
|
||||||
|
; The address on which to accept FastCGI requests.
|
||||||
|
; Valid syntaxes are:
|
||||||
|
; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific address on
|
||||||
|
; a specific port;
|
||||||
|
; 'port' - to listen on a TCP socket to all addresses on a
|
||||||
|
; specific port;
|
||||||
|
; '/path/to/unix/socket' - to listen on a unix socket.
|
||||||
|
; Note: This value is mandatory.
|
||||||
|
listen = /var/run/php-fpm.sock
|
||||||
|
|
||||||
|
; Set permissions for unix socket, if one is used. In Linux, read/write
|
||||||
|
; permissions must be set in order to allow connections from a web server. Many
|
||||||
|
; BSD-derived systems allow connections regardless of permissions.
|
||||||
|
; Default Values: user and group are set as the running user
|
||||||
|
; mode is set to 0666
|
||||||
|
listen.owner = www-data
|
||||||
|
listen.group = www-data
|
||||||
|
listen.mode = 0640
|
||||||
|
|
||||||
|
; Choose how the process manager will control the number of child processes.
|
||||||
|
; Possible Values:
|
||||||
|
; static - a fixed number (pm.max_children) of child processes;
|
||||||
|
; dynamic - the number of child processes are set dynamically based on the
|
||||||
|
; following directives. With this process management, there will be
|
||||||
|
; always at least 1 children.
|
||||||
|
; pm.max_children - the maximum number of children that can
|
||||||
|
; be alive at the same time.
|
||||||
|
; pm.start_servers - the number of children created on startup.
|
||||||
|
; pm.min_spare_servers - the minimum number of children in 'idle'
|
||||||
|
; state (waiting to process). If the number
|
||||||
|
; of 'idle' processes is less than this
|
||||||
|
; number then some children will be created.
|
||||||
|
; pm.max_spare_servers - the maximum number of children in 'idle'
|
||||||
|
; state (waiting to process). If the number
|
||||||
|
; of 'idle' processes is greater than this
|
||||||
|
; number then some children will be killed.
|
||||||
|
; ondemand - no children are created at startup. Children will be forked when
|
||||||
|
; new requests will connect. The following parameter are used:
|
||||||
|
; pm.max_children - the maximum number of children that
|
||||||
|
; can be alive at the same time.
|
||||||
|
; pm.process_idle_timeout - The number of seconds after which
|
||||||
|
; an idle process will be killed.
|
||||||
|
; Note: This value is mandatory.
|
||||||
|
pm = dynamic
|
||||||
|
|
||||||
|
; The number of child processes to be created when pm is set to 'static' and the
|
||||||
|
; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
|
||||||
|
; This value sets the limit on the number of simultaneous requests that will be
|
||||||
|
; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
|
||||||
|
; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
|
||||||
|
; CGI. The below defaults are based on a server without much resources. Don't
|
||||||
|
; forget to tweak pm.* to fit your needs.
|
||||||
|
; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
|
||||||
|
; Note: This value is mandatory.
|
||||||
|
pm.max_children = 200
|
||||||
|
|
||||||
|
; The number of child processes created on startup.
|
||||||
|
; Note: Used only when pm is set to 'dynamic'
|
||||||
|
; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
|
||||||
|
pm.start_servers = 10
|
||||||
|
|
||||||
|
; The desired minimum number of idle server processes.
|
||||||
|
; Note: Used only when pm is set to 'dynamic'
|
||||||
|
; Note: Mandatory when pm is set to 'dynamic'
|
||||||
|
pm.min_spare_servers = 5
|
||||||
|
|
||||||
|
; The desired maximum number of idle server processes.
|
||||||
|
; Note: Used only when pm is set to 'dynamic'
|
||||||
|
; Note: Mandatory when pm is set to 'dynamic'
|
||||||
|
pm.max_spare_servers = 10
|
@ -5,15 +5,15 @@ if (!function_exists("show_submission_result"))
|
|||||||
{
|
{
|
||||||
function show_submission_result($path)
|
function show_submission_result($path)
|
||||||
{
|
{
|
||||||
if (file_exists(__DIR__."/teams/".$path."/index.html"))
|
if (file_exists(__DIR__."/../out/teams/".$path."/index.html"))
|
||||||
print file_get_contents(__DIR__."/teams/".$path."/index.html");
|
print file_get_contents(__DIR__."/../out/teams/".$path."/index.html");
|
||||||
else
|
else
|
||||||
header("HTTP/1.1 403 Forbidden");
|
header("HTTP/1.1 403 Forbidden");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$filename = intval($_GET["team"])."-".intval($_GET["theme"])."-".urlencode($_GET["exercice"]);
|
$filename = intval($_GET["team"])."-".intval($_GET["theme"])."-".urlencode($_GET["exercice"]);
|
||||||
$file = __DIR__."/submission/".$filename;
|
$file = __DIR__."/../submission/".$filename;
|
||||||
|
|
||||||
|
|
||||||
if (file_exists($file))
|
if (file_exists($file))
|
137
misc/CA.sh
137
misc/CA.sh
@ -10,10 +10,15 @@ if [ -z "${OPENSSL_CONF}" ]; then
|
|||||||
OPENSSL_CONF=openssl.cnf
|
OPENSSL_CONF=openssl.cnf
|
||||||
fi
|
fi
|
||||||
|
|
||||||
CAKEY=./cakey.key
|
CAKEY=${TOP_DIR}/private/cakey.key
|
||||||
CAREQ=./careq.csr
|
CAREQ=${TOP_DIR}/careq.csr
|
||||||
CACERT=./cacert.crt
|
CACRT=./shared/cacert.crt
|
||||||
|
|
||||||
|
SRVKEY=./shared/server.key
|
||||||
|
SRVREQ=./shared/server.csr
|
||||||
|
SRVCRT=./shared/server.crt
|
||||||
|
|
||||||
|
# Generate certificates valid for:
|
||||||
DAYS=2
|
DAYS=2
|
||||||
|
|
||||||
if [ -z "$PS1" ]
|
if [ -z "$PS1" ]
|
||||||
@ -42,12 +47,13 @@ usage()
|
|||||||
clean()
|
clean()
|
||||||
{
|
{
|
||||||
if [ "$1" = "ca" ]; then
|
if [ "$1" = "ca" ]; then
|
||||||
rm -rf ${TOP_DIR}
|
rm -rf ${TOP_DIR} ./shared/*
|
||||||
mkdir -p ${TOP_DIR}/certs
|
mkdir -p ${TOP_DIR}/certs
|
||||||
mkdir -p ${TOP_DIR}/crl
|
mkdir -p ${TOP_DIR}/crl
|
||||||
mkdir -p ${TOP_DIR}/newcerts
|
mkdir -p ${TOP_DIR}/newcerts
|
||||||
mkdir -p ${TOP_DIR}/private
|
mkdir -p ${TOP_DIR}/private
|
||||||
mkdir -p ${TOP_DIR}/pkcs
|
mkdir -p ${TOP_DIR}/pkcs
|
||||||
|
mkdir -p ./shared
|
||||||
echo "01" > ${TOP_DIR}/crlnumber
|
echo "01" > ${TOP_DIR}/crlnumber
|
||||||
elif [ "$1" = "client" ]; then
|
elif [ "$1" = "client" ]; then
|
||||||
rm -rf ${TOP_DIR}/${2}.key ${TOP_DIR}/${2}.csr
|
rm -rf ${TOP_DIR}/${2}.key ${TOP_DIR}/${2}.csr
|
||||||
@ -57,10 +63,10 @@ clean()
|
|||||||
|
|
||||||
gen_crl()
|
gen_crl()
|
||||||
{
|
{
|
||||||
echo $ECHO_OPTS "${GREEN}Generate crl.pem${COLOR_RST}"
|
echo $ECHO_OPTS "${GREEN}Generate shared/crl.pem${COLOR_RST}"
|
||||||
openssl ca -config ${OPENSSL_CONF} -gencrl -out ${TOP_DIR}/crl.pem > $OUTPUT 2>&1
|
if ! openssl ca -config ${OPENSSL_CONF} -gencrl -out shared/crl.pem > $OUTPUT 2>&1
|
||||||
if [ $? -ne 0 ]; then
|
then
|
||||||
echo $ECHO_OPTS "${RED}Generate crl.pem failed"
|
echo $ECHO_OPTS "${RED}Generate shared/crl.pem failed"
|
||||||
cat $OUTPUT
|
cat $OUTPUT
|
||||||
exit 5
|
exit 5
|
||||||
fi
|
fi
|
||||||
@ -72,9 +78,7 @@ OUTPUT=$(mktemp)
|
|||||||
|
|
||||||
case $1 in
|
case $1 in
|
||||||
"-newca" )
|
"-newca" )
|
||||||
echo -n $ECHO_OPTS "${GREEN}Create the directories, take care this will delete"
|
echo $ECHO_OPTS "${GREEN}Create the directories, take care this will delete the old directories ${COLOR_RST}"
|
||||||
echo $ECHO_OPTS " the old directories ${COLOR_RST}"
|
|
||||||
# sleep 1; echo -n "1 "; sleep 1; echo -n "2 "; sleep 1; echo "3"
|
|
||||||
|
|
||||||
clean "ca"
|
clean "ca"
|
||||||
touch ${TOP_DIR}/index.txt
|
touch ${TOP_DIR}/index.txt
|
||||||
@ -92,30 +96,30 @@ case $1 in
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
pass=`pwgen -n -B -y 12 1`
|
pass=`pwgen -n -B -y 12 1`
|
||||||
openssl req -batch -new -keyout ${TOP_DIR}/private/${CAKEY} \
|
if ! openssl req -batch -new -keyout ${CAKEY} \
|
||||||
-out ${TOP_DIR}/${CAREQ} -passout pass:$pass \
|
-out ${CAREQ} -passout pass:$pass \
|
||||||
-config $OPENSSL_CONF -extensions CORE_CA > $OUTPUT 2>&1
|
-config ${OPENSSL_CONF} -extensions CORE_CA > $OUTPUT 2>&1
|
||||||
if [ $? -ne 0 ]; then
|
then
|
||||||
cat $OUTPUT
|
cat $OUTPUT
|
||||||
clean "ca"
|
clean "ca"
|
||||||
exit 4
|
exit 4
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# This line deleted the passphase for the FIC 2014 automatisation
|
# This line deleted the passphase for the FIC 2014 automatisation
|
||||||
openssl rsa -passin pass:$pass -in ${TOP_DIR}/private/${CAKEY} \
|
if ! openssl rsa -passin pass:$pass -in ${CAKEY} \
|
||||||
-out ${TOP_DIR}/private/${CAKEY} > $OUTPUT 2>&1
|
-out ${CAKEY} > $OUTPUT 2>&1
|
||||||
if [ $? -ne 0 ]; then
|
then
|
||||||
cat $OUTPUT
|
cat $OUTPUT
|
||||||
clean "ca"
|
clean "ca"
|
||||||
exit 4
|
exit 4
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo $ECHO_OPTS "${GREEN}Self signes the CA certificate${COLOR_RST}"
|
echo $ECHO_OPTS "${GREEN}Self signes the CA certificate${COLOR_RST}"
|
||||||
openssl ca -batch -create_serial -out ${TOP_DIR}/${CACERT} \
|
if ! openssl ca -batch -create_serial -out ${CACRT} \
|
||||||
-days ${DAYS} -keyfile ${TOP_DIR}/private/${CAKEY} \
|
-days ${DAYS} -keyfile ${CAKEY} \
|
||||||
-selfsign -extensions CORE_CA -config ${OPENSSL_CONF} \
|
-selfsign -extensions CORE_CA -config ${OPENSSL_CONF} \
|
||||||
-infiles ${TOP_DIR}/${CAREQ} > $OUTPUT 2>&1
|
-infiles ${CAREQ} > $OUTPUT 2>&1
|
||||||
if [ $? -ne 0 ]; then
|
then
|
||||||
cat $OUTPUT
|
cat $OUTPUT
|
||||||
clean "ca"
|
clean "ca"
|
||||||
exit 4
|
exit 4
|
||||||
@ -124,46 +128,45 @@ case $1 in
|
|||||||
|
|
||||||
"-newserver" )
|
"-newserver" )
|
||||||
echo $ECHO_OPTS "${GREEN}Making the Server key and cert${COLOR_RST}"
|
echo $ECHO_OPTS "${GREEN}Making the Server key and cert${COLOR_RST}"
|
||||||
if ! [ -f ${TOP_DIR}/private/${CAKEY} ]; then
|
if ! [ -f ${CAKEY} ]; then
|
||||||
echo $ECHO_OPTS "${RED}Can not found the CA's key${COLOR_RST}"
|
echo $ECHO_OPTS "${RED}Can not found the CA's key${COLOR_RST}"
|
||||||
exit 2
|
exit 2
|
||||||
fi
|
fi
|
||||||
sed -i 's/=.*#COMMONNAME/=10.226.3.70#COMMONNAME/' $OPENSSL_CONF
|
sed -i 's/=.*#COMMONNAME/=10.226.3.70#COMMONNAME/' $OPENSSL_CONF
|
||||||
openssl req -batch -new -keyout server.key -out server.csr \
|
if ! openssl req -batch -new -keyout ${SRVKEY} -out ${SRVREQ} \
|
||||||
-days ${DAYS} -config ${OPENSSL_CONF} -extensions SERVER_SSL > $OUTPUT 2>&1
|
-days ${DAYS} -config ${OPENSSL_CONF} -extensions SERVER_SSL > $OUTPUT 2>&1
|
||||||
if [ $? -ne 0 ]; then
|
then
|
||||||
cat $OUTPUT
|
cat $OUTPUT
|
||||||
exit 4
|
exit 4
|
||||||
fi
|
fi
|
||||||
echo $ECHO_OPTS "${GREEN}Signing the Server crt${COLOR_RST}"
|
echo $ECHO_OPTS "${GREEN}Signing the Server crt${COLOR_RST}"
|
||||||
openssl ca -policy policy_match -config ${OPENSSL_CONF} \
|
if ! openssl ca -policy policy_match -config ${OPENSSL_CONF} \
|
||||||
-out server.crt -extensions SERVER_SSL -infiles server.csr
|
-out ${SRVCRT} -extensions SERVER_SSL -infiles ${SRVREQ}
|
||||||
if [ $? -ne 0 ]; then
|
then
|
||||||
echo $ECHO_OPTS "${RED}Signing failed for new server${COLOR_RST}"
|
echo $ECHO_OPTS "${RED}Signing failed for new server${COLOR_RST}"
|
||||||
rm -rf server.key server.crt server.csr
|
rm -f ${SRVKEY} ${SRVREQ} ${SRVCRT}
|
||||||
cat $OUTPUT
|
cat $OUTPUT
|
||||||
exit 3
|
exit 3
|
||||||
else
|
else
|
||||||
rm server.csr # remove ?
|
rm ${SRVREQ}
|
||||||
echo $ECHO_OPTS "${GREEN}Signed certificate is in server.crt${COLOR_RST}"
|
echo $ECHO_OPTS "${GREEN}Signed certificate is in ${SRVCRT}${COLOR_RST}"
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
|
|
||||||
"-revokeserver" )
|
"-revokeserver" )
|
||||||
echo $ECHO_OPTS "${GREEN}Revocate server certificate${COLOR_RST}"
|
echo $ECHO_OPTS "${GREEN}Revocate server certificate${COLOR_RST}"
|
||||||
if ! [ -f ${TOP_DIR}/private/${CAKEY} ]; then
|
if ! [ -f ${CAKEY} ]; then
|
||||||
echo $ECHO_OPTS "${RED}Can not found the CA's key${COLOR_RST}"
|
echo $ECHO_OPTS "${RED}Can not found the CA's key${COLOR_RST}"
|
||||||
exit 2
|
exit 2
|
||||||
fi
|
fi
|
||||||
openssl ca -revoke server.crt -config ${OPENSSL_CONF}\
|
if ! openssl ca -revoke ${SRVCRT} -config ${OPENSSL_CONF} \
|
||||||
-keyfile ${TOP_DIR}/private/${CAKEY} \
|
-keyfile ${CAKEY} -cert ${CACRT} > $OUTPUT 2>&1
|
||||||
-cert ${TOP_DIR}/${CACERT} > $OUTPUT 2>&1
|
then
|
||||||
if [ $? -ne 0 ]; then
|
|
||||||
echo $ECHO_OPTS "${RED}Server certificate revocation failed${COLOR_RST}"
|
echo $ECHO_OPTS "${RED}Server certificate revocation failed${COLOR_RST}"
|
||||||
cat $OUTPUT
|
cat $OUTPUT
|
||||||
exit 4
|
exit 4
|
||||||
fi
|
fi
|
||||||
rm server.crt server.key
|
rm ${SRVKEY} ${SRVCRT}
|
||||||
|
|
||||||
gen_crl
|
gen_crl
|
||||||
;;
|
;;
|
||||||
@ -173,13 +176,20 @@ case $1 in
|
|||||||
echo "Usage: $0 -newclient NAME"
|
echo "Usage: $0 -newclient NAME"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
CLTNAM=$2
|
||||||
|
CLTREQ=${TOP_DIR}/${CLTNAM}.csr
|
||||||
|
CLTCRT=${TOP_DIR}/${CLTNAM}.crt
|
||||||
|
CLTKEY=${TOP_DIR}/${CLTNAM}.key
|
||||||
|
CLTP12=${TOP_DIR}/pkcs/${CLTNAM}.p12
|
||||||
|
|
||||||
echo "=============================================================="
|
echo "=============================================================="
|
||||||
echo $ECHO_OPTS "${GREEN}Making the client key and csr of ${BOLD}${2}${END_BOLD}${COLOR_RST}"
|
echo $ECHO_OPTS "${GREEN}Making the client key and csr of ${BOLD}${2}${END_BOLD}${COLOR_RST}"
|
||||||
|
|
||||||
ESCAPED=$(echo "${TOP_DIR}" | sed 's/[\/\.]/\\&/g')
|
ESCAPED=$(echo "${TOP_DIR}" | sed 's/[\/\.]/\\&/g')
|
||||||
sed -i "s/=.*#DIR/= ${ESCAPED} #DIR/" $OPENSSL_CONF
|
sed -i "s/=.*#DIR/= ${ESCAPED} #DIR/" $OPENSSL_CONF
|
||||||
|
|
||||||
if ! [ -f ${TOP_DIR}/private/${CAKEY} ]; then
|
if ! [ -f ${CAKEY} ]; then
|
||||||
echo $ECHO_OPTS "${RED}Can not found the CA's key${COLOR_RST}"
|
echo $ECHO_OPTS "${RED}Can not found the CA's key${COLOR_RST}"
|
||||||
exit 2
|
exit 2
|
||||||
fi
|
fi
|
||||||
@ -193,39 +203,39 @@ case $1 in
|
|||||||
|
|
||||||
pass=`pwgen -n -B -y 12 1`
|
pass=`pwgen -n -B -y 12 1`
|
||||||
|
|
||||||
openssl req -batch -new -keyout ${TOP_DIR}/${2}.key -out ${TOP_DIR}/${2}.csr \
|
if ! openssl req -batch -new -keyout "${CLTKEY}" -out "${CLTREQ}" \
|
||||||
-config ${OPENSSL_CONF} -passout pass:$pass -days ${DAYS} -extensions CLIENT_SSL > $OUTPUT 2>&1
|
-config ${OPENSSL_CONF} -passout pass:$pass -days ${DAYS} -extensions CLIENT_SSL > $OUTPUT 2>&1
|
||||||
if [ $? -ne 0 ]; then
|
then
|
||||||
cat $OUTPUT
|
cat $OUTPUT
|
||||||
clean "client" $2
|
clean "client" ${CLTNAM}
|
||||||
exit 4
|
exit 4
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo $ECHO_OPTS "${GREEN}Signing the Client crt${COLOR_RST}"
|
echo $ECHO_OPTS "${GREEN}Signing the Client crt${COLOR_RST}"
|
||||||
openssl ca -batch -policy policy_match -out ${TOP_DIR}/${2}.crt \
|
if ! openssl ca -batch -policy policy_match -out "${CLTCRT}" \
|
||||||
-config ${OPENSSL_CONF} -extensions CLIENT_SSL -infiles ${TOP_DIR}/${2}.csr > $OUTPUT 2>&1
|
-config ${OPENSSL_CONF} -extensions CLIENT_SSL -infiles "${CLTREQ}" > $OUTPUT 2>&1
|
||||||
if [ $? -ne 0 ]; then
|
then
|
||||||
echo $ECHO_OPTS "${RED}Signing failed for $2 ${COLOR_RST}"
|
echo $ECHO_OPTS "${RED}Signing failed for $2 ${COLOR_RST}"
|
||||||
cat $OUTPUT
|
cat $OUTPUT
|
||||||
clean "client" $2
|
clean "client" ${CLTNAM}
|
||||||
exit 3
|
exit 3
|
||||||
fi
|
fi
|
||||||
echo $ECHO_OPTS "${GREEN}Export the Client files to pkcs12${COLOR_RST}"
|
echo $ECHO_OPTS "${GREEN}Export the Client files to pkcs12${COLOR_RST}"
|
||||||
openssl pkcs12 -export -inkey ${TOP_DIR}/${2}.key -in ${TOP_DIR}/${2}.crt -name ${2} \
|
if ! openssl pkcs12 -export -inkey "${CLTKEY}" -in "${CLTCRT}" -name ${2} \
|
||||||
-passin pass:$pass -out ${TOP_DIR}/pkcs/${2}.p12 \
|
-passin pass:$pass -out "${CLTP12}" \
|
||||||
-passout pass:$pass > $OUTPUT 2>&1
|
-passout pass:$pass > $OUTPUT 2>&1
|
||||||
if [ $? -ne 0 ]; then
|
then
|
||||||
echo $ECHO_OPTS "${RED}pkcs12 export failed for ${BOLD}$2${END_BOLD}${COLOR_RST}"
|
echo $ECHO_OPTS "${RED}pkcs12 export failed for ${BOLD}$2${END_BOLD}${COLOR_RST}"
|
||||||
cat $OUTPUT
|
cat $OUTPUT
|
||||||
clean "client" $2
|
clean "client" ${CLTNAM}
|
||||||
exit 4
|
exit 4
|
||||||
else
|
else
|
||||||
echo $ECHO_OPTS "Exported pkcs12 file is ${2}.p12"
|
echo $ECHO_OPTS "Exported pkcs12 file is ${CLTP12}"
|
||||||
fi
|
fi
|
||||||
mv ${TOP_DIR}/${2}.crt ${TOP_DIR}/certs
|
mv ${CLTCRT} ${TOP_DIR}/certs
|
||||||
echo "$2:$pass" >> ${TOP_DIR}/../teams.pass
|
echo "$CLTNAM:$pass" >> ${TOP_DIR}/../teams.pass
|
||||||
echo "$pass"
|
echo "$CLTNAM:$pass"
|
||||||
clean "client" $2
|
clean "client" ${CLTNAM}
|
||||||
;;
|
;;
|
||||||
|
|
||||||
"-revoke" )
|
"-revoke" )
|
||||||
@ -233,17 +243,20 @@ case $1 in
|
|||||||
echo "Usage: $0 -revoke NAME"
|
echo "Usage: $0 -revoke NAME"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
echo $ECHO_OPTS "${GREEN}Revocate ${BOLD}${2}${END_BOLD}${COLOR_RST}"
|
|
||||||
openssl ca -revoke ${TOP_DIR}/certs/${2}.crt -config ${OPENSSL_CONF}\
|
CLTNAM=$2
|
||||||
-keyfile ${TOP_DIR}/private/${CAKEY} \
|
CLTCRT=${TOP_DIR}/${CLTNAM}.crt
|
||||||
-cert ${TOP_DIR}/${CACERT} > $OUTPUT 2>&1
|
CLTP12=${TOP_DIR}/pkcs/${CLTNAM}.p12
|
||||||
if [ $? -ne 0 ]; then
|
|
||||||
echo $ECHO_OPTS "${RED}Revocation failed for ${BOLD}${2}${END_BOLD}${COLOR_RST}"
|
echo $ECHO_OPTS "${GREEN}Revocate ${BOLD}${CLTNAM}${END_BOLD}${COLOR_RST}"
|
||||||
|
if ! openssl ca -revoke ${CLTCRT} -config ${OPENSSL_CONF}\
|
||||||
|
-keyfile ${CAKEY} -cert ${CACRT} > $OUTPUT 2>&1
|
||||||
|
then
|
||||||
|
echo $ECHO_OPTS "${RED}Revocation failed for ${BOLD}${CLTNAM}${END_BOLD}${COLOR_RST}"
|
||||||
cat $OUTPUT
|
cat $OUTPUT
|
||||||
exit 4
|
exit 4
|
||||||
fi
|
fi
|
||||||
rm ${TOP_DIR}/certs/${2}.crt
|
rm "${CLTCRT}" "${CLTP12}"
|
||||||
rm ${TOP_DIR}/pkcs/${2}.p12
|
|
||||||
|
|
||||||
gen_crl
|
gen_crl
|
||||||
;;
|
;;
|
||||||
|
@ -47,11 +47,11 @@ database = $dir/index.txt # database index file.
|
|||||||
# several ctificates with same subject.
|
# several ctificates with same subject.
|
||||||
new_certs_dir = $dir/newcerts # default place for new certs.
|
new_certs_dir = $dir/newcerts # default place for new certs.
|
||||||
|
|
||||||
certificate = $dir/cacert.crt # The CA certificate
|
certificate = $dir/../shared/cacert.crt # The CA certificate
|
||||||
serial = $dir/serial # The current serial number
|
serial = $dir/serial # The current serial number
|
||||||
crlnumber = $dir/crlnumber # the current crl number
|
crlnumber = $dir/crlnumber # the current crl number
|
||||||
# must be commented out to leave a V1 CRL
|
# must be commented out to leave a V1 CRL
|
||||||
crl = $dir/crl.pem # The current CRL
|
crl = $dir/../shared/crl.pem # The current CRL
|
||||||
private_key = $dir/private/cakey.key # The private key
|
private_key = $dir/private/cakey.key # The private key
|
||||||
RANDFILE = $dir/private/.rand # private random number file
|
RANDFILE = $dir/private/.rand # private random number file
|
||||||
|
|
||||||
|
@ -2,11 +2,12 @@ server {
|
|||||||
listen 443 ssl;
|
listen 443 ssl;
|
||||||
listen [::]:443 ipv6only=on ssl;
|
listen [::]:443 ipv6only=on ssl;
|
||||||
|
|
||||||
ssl_certificate /var/www/fic-server/misc/server.crt;
|
ssl_certificate /var/www/fic-server/misc/shared/server.crt;
|
||||||
ssl_certificate_key /var/www/fic-server/misc/server.key;
|
ssl_certificate_key /var/www/fic-server/misc/shared/server.key;
|
||||||
# ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||||
# ssl_prefer_server_ciphers on;
|
ssl_prefer_server_ciphers on;
|
||||||
# ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!ADH:!AECDH:!MD5:!DSS;
|
# ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!ADH:!AECDH:!MD5:!DSS;
|
||||||
|
ssl_ciphers AES256+EECDH:AES256+EDH;
|
||||||
|
|
||||||
include /var/www/fic-server/nginx-server-common.conf;
|
include /var/www/fic-server/nginx-server-common.conf;
|
||||||
}
|
}
|
||||||
|
131
nginx.conf
131
nginx.conf
@ -1,131 +0,0 @@
|
|||||||
server_tokens off;
|
|
||||||
client_header_buffer_size 512;
|
|
||||||
client_max_body_size 512;
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 80 default;
|
|
||||||
listen [::]:80 ipv6only=on default;
|
|
||||||
|
|
||||||
rewrite ^ https://$host$uri;
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 443 ssl;
|
|
||||||
listen [::]:443 ipv6only=on ssl;
|
|
||||||
|
|
||||||
root /var/www/fic-server/htdocs/;
|
|
||||||
|
|
||||||
server_tokens off;
|
|
||||||
|
|
||||||
access_log /var/log/nginx/fic.access_log;
|
|
||||||
error_log /var/log/nginx/fic.error_log;
|
|
||||||
|
|
||||||
ssl_certificate /var/www/fic-server/server.crt;
|
|
||||||
ssl_certificate_key /var/www/fic-server/server.key;
|
|
||||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
|
||||||
ssl_prefer_server_ciphers on;
|
|
||||||
# ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!ADH:!AECDH:!MD5:!DSS;
|
|
||||||
ssl_ciphers AES256+EECDH:AES256+EDH;
|
|
||||||
ssl_client_certificate /var/www/fic-server/cacert.crt;
|
|
||||||
ssl_verify_client optional;
|
|
||||||
ssl_crl /var/www/fic-server/crl.pem;
|
|
||||||
|
|
||||||
add_header Strict-Transport-Security "max-age=2592000; includeSubdomains";
|
|
||||||
add_header X-Frame-Options DENY;
|
|
||||||
add_header X-Content-Type-Options nosniff;
|
|
||||||
|
|
||||||
error_page 400 /errors/400/index.html;
|
|
||||||
error_page 403 /errors/403/index.html;
|
|
||||||
error_page 404 /errors/404/index.html;
|
|
||||||
error_page 413 414 /errors/413/index.html;
|
|
||||||
error_page 500 503 /errors/500/index.html;
|
|
||||||
error_page 502 504 /errors/502/index.html;
|
|
||||||
|
|
||||||
location /
|
|
||||||
{
|
|
||||||
default_type text/html;
|
|
||||||
expires epoch;
|
|
||||||
|
|
||||||
set $team 0;
|
|
||||||
|
|
||||||
if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Amin_Martin/") { set $team 343; }
|
|
||||||
if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Bernard_Angoustures/") { set $team 344; }
|
|
||||||
if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Cacace_Diallo/") { set $team 345; }
|
|
||||||
if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Delaporte_Notebaert/") { set $team 346; }
|
|
||||||
if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Dibe/") { set $team 347; }
|
|
||||||
if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Dubief_Roccia/") { set $team 348; }
|
|
||||||
if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Ezzahoui/") { set $team 349; }
|
|
||||||
if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Fall/") { set $team 350; }
|
|
||||||
if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Guerin_Chapiron/") { set $team 351; }
|
|
||||||
if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Hugot_Hincelin/") { set $team 352; }
|
|
||||||
if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Jawor_Giraud/") { set $team 353; }
|
|
||||||
if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Konan/") { set $team 354; }
|
|
||||||
if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Le_Mignan_Yadaba/") { set $team 355; }
|
|
||||||
if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Michel-villaz_Gzenayi/") { set $team 356; }
|
|
||||||
if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Muller_Perrin/") { set $team 357; }
|
|
||||||
if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Pourcelot/") { set $team 358; }
|
|
||||||
if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Quint_Kaczmarek/") { set $team 359; }
|
|
||||||
if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Ruff_Czarny/") { set $team 360; }
|
|
||||||
if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Sinet_Girault/") { set $team 361; }
|
|
||||||
if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Therrode/") { set $team 362; }
|
|
||||||
if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Sabono_Calmeji/") { set $team 363; }
|
|
||||||
if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Renaud_Vandemeulebroucke/") { set $team 364; }
|
|
||||||
if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=De_Priest_Tjonck/") { set $team 365; }
|
|
||||||
|
|
||||||
if ($team) {
|
|
||||||
root /var/www/fic-server/teams/$team$1;
|
|
||||||
rewrite ^/([0-9]+-?[a-zA-Z0-9_-]*)/([a-zA-Z0-9_]+)/submission$ /submission.php?team=$team&theme=$1&exercice=$2 last;
|
|
||||||
}
|
|
||||||
if ($team = 0) {
|
|
||||||
root /var/www/fic-server/htdocs/;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
location /errors
|
|
||||||
{
|
|
||||||
root /var/www/fic-server/;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /connected
|
|
||||||
{
|
|
||||||
return 403;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /files
|
|
||||||
{
|
|
||||||
root /var/www/fic-server/;
|
|
||||||
|
|
||||||
aio on;
|
|
||||||
directio 512;
|
|
||||||
output_buffers 1 128k;
|
|
||||||
}
|
|
||||||
|
|
||||||
location ~* \favicon.ico$ {
|
|
||||||
root /var/www/fic-server/htdocs/;
|
|
||||||
access_log off;
|
|
||||||
expires 1d;
|
|
||||||
add_header Cache-Control public;
|
|
||||||
}
|
|
||||||
|
|
||||||
location ~ ^/(assets|img|js|css|fonts)/ {
|
|
||||||
root /var/www/fic-server/htdocs/;
|
|
||||||
access_log off;
|
|
||||||
expires 7d;
|
|
||||||
add_header Cache-Control public;
|
|
||||||
}
|
|
||||||
|
|
||||||
location ~ /(\.ht|\.git|\.svn|\.onyx) {
|
|
||||||
return 403;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /submission.php
|
|
||||||
{
|
|
||||||
root /var/www/fic-server/;
|
|
||||||
|
|
||||||
limit_rate 4k;
|
|
||||||
|
|
||||||
include /etc/nginx/fastcgi.conf;
|
|
||||||
fastcgi_pass unix:/var/run/php-fpm.sock;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
4
nginx_gen_team.sh
Normal file → Executable file
4
nginx_gen_team.sh
Normal file → Executable file
@ -3,4 +3,6 @@
|
|||||||
# Generate from database (exported XML from the website) the part of nginx
|
# Generate from database (exported XML from the website) the part of nginx
|
||||||
# configuration file authenticating teams
|
# configuration file authenticating teams
|
||||||
|
|
||||||
curl http://localhost/admin/teams/export 2> /dev/null | grep "<name id" | sed -E 's@^.*id="([0-9]+)".*>(.*)<.*$@ if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=\2/") { set $team \1; }@'
|
cd $(dirname "$0")
|
||||||
|
|
||||||
|
curl http://localhost/$(grep prefix_admin onyx/config/root.xml | sed -E 's@.*<var.*>(.*)</var>.*@\1@')/teams/export 2> /dev/null | grep "<name id" | sed -E 's@^.*id="([0-9]+)".*>(.*)<.*$@ if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=\2/") { set $team \1; }@'
|
||||||
|
@ -22,7 +22,7 @@ if (is_writable($misc_dir) && !is_dir("$misc_dir/pki/"))
|
|||||||
|
|
||||||
$template->assign("cert_writable", is_writable("$misc_dir/pki/"));
|
$template->assign("cert_writable", is_writable("$misc_dir/pki/"));
|
||||||
|
|
||||||
$ca_file = "$misc_dir/pki/cacert.crt";
|
$ca_file = "$misc_dir/shared/cacert.crt";
|
||||||
if (file_exists($ca_file))
|
if (file_exists($ca_file))
|
||||||
{
|
{
|
||||||
if (!is_readable($ca_file))
|
if (!is_readable($ca_file))
|
||||||
@ -32,7 +32,7 @@ if (file_exists($ca_file))
|
|||||||
openssl_x509_parse(file_get_contents($ca_file)));
|
openssl_x509_parse(file_get_contents($ca_file)));
|
||||||
}
|
}
|
||||||
|
|
||||||
$srv_file = "$misc_dir/server.crt";
|
$srv_file = "$misc_dir/shared/server.crt";
|
||||||
if (file_exists($srv_file))
|
if (file_exists($srv_file))
|
||||||
{
|
{
|
||||||
if (!is_readable($srv_file))
|
if (!is_readable($srv_file))
|
||||||
|
@ -14,7 +14,7 @@ if (!empty($_FILES["inputFile"]['tmp_name']))
|
|||||||
return "admin/import_users";
|
return "admin/import_users";
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!file_exists("$misc_dir/pki/cacert.crt"))
|
if (!file_exists("$misc_dir/shared/cacert.crt"))
|
||||||
{
|
{
|
||||||
erreur("The root certificate file not found, please create this first");
|
erreur("The root certificate file not found, please create this first");
|
||||||
return "admin/import_users";
|
return "admin/import_users";
|
||||||
|
@ -51,7 +51,7 @@ if (isset($VAR['submission_dir']))
|
|||||||
$_GET["theme"] = $p[2];
|
$_GET["theme"] = $p[2];
|
||||||
$_GET["exercice"] = $p[3];
|
$_GET["exercice"] = $p[3];
|
||||||
|
|
||||||
require("../submission.php");
|
require("../front/submission.php");
|
||||||
}
|
}
|
||||||
|
|
||||||
// Fallback error
|
// Fallback error
|
||||||
|
@ -21,11 +21,9 @@ then
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# Synchronize HTML pages
|
# Synchronize HTML pages
|
||||||
rsync -e ssh -av $OPTS out/errors "$FRONTEND_HOSTNAME":~/
|
rsync -e ssh -av $OPTS out "$FRONTEND_HOSTNAME":~/
|
||||||
rsync -e ssh -av $OPTS out/htdocs "$FRONTEND_HOSTNAME":~/
|
|
||||||
rsync -e ssh -av $OPTS out/teams "$FRONTEND_HOSTNAME":~/
|
|
||||||
rsync -e ssh -avL $OPTS files "$FRONTEND_HOSTNAME":~/
|
rsync -e ssh -avL $OPTS files "$FRONTEND_HOSTNAME":~/
|
||||||
rsync -e ssh -av $OPTS nginx.conf submission.php misc/server.crt misc/server.key misc/pki/cacert.crt misc/pki/crl.pem "$FRONTEND_HOSTNAME":~/
|
rsync -e ssh -av $OPTS front/ misc/shared/ "$FRONTEND_HOSTNAME":~/
|
||||||
|
|
||||||
# Synchronize submissions
|
# Synchronize submissions
|
||||||
rsync -e ssh -av "$FRONTEND_HOSTNAME":~/submission/ submission/
|
rsync -e ssh -av "$FRONTEND_HOSTNAME":~/submission/ submission/
|
||||||
|
Loading…
Reference in New Issue
Block a user