fic/server
2
0
Fork 0
Code Issues Pull Requests 10 Releases Wiki Activity

Merge branch 'master' of ssh://nout/fic2014-server

Browse Source
This commit is contained in:
Némunaire 2013-12-11 18:11:21 +01:00
commit c9cc7b36a9
9 changed files with 120 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
gen_site.sh
View File

@ -7,4 +7,4 @@ cd `dirname "$0"`
mkdir -p out mkdir -p out
cd out cd out
wget -c -m http://$BASEURL/ http://$BASEURL/connected/ wget -c -m https://$BASEURL/ https://$BASEURL/connected/

7
htdocs/index.php
View File

@ -2,8 +2,9 @@
//Inclusion de l'API Onyx //Inclusion de l'API Onyx
require_once(trim(file_get_contents('./.onyx'))); require_once(trim(file_get_contents('./.onyx')));
define("SALT_USER", "connected"); define("SALT_PUBLIC", $VAR["prefix_public"]);
define("SALT_ADMIN", "admin"); define("SALT_USER", $VAR["prefix_teams"]);
define("SALT_ADMIN", $VAR["prefix_admin"]);
//On active le débogage si l'on est sur le domaine de debug //On active le débogage si l'on est sur le domaine de debug
@ -13,6 +14,8 @@ if ($_SERVER["SERVER_NAME"] == "localhost" || $_SERVER["SERVER_NAME"] == "fic" |
//Chargement de tout le nécessaire pour le site //Chargement de tout le nécessaire pour le site
require_once("common.php"); require_once("common.php");
$template->assign("SALT_CDN",SALT_PUBLIC);
$template->assign("SALT_PUBLIC",SALT_PUBLIC);
$template->assign("SALT_USER",SALT_USER); $template->assign("SALT_USER",SALT_USER);
$template->assign("SALT_ADMIN",SALT_ADMIN); $template->assign("SALT_ADMIN",SALT_ADMIN);

6
misc/openssl.cnf
View File

@ -39,7 +39,7 @@ default_ca = CA_default # The default ca section
#################################################################### ####################################################################
[ CA_default ] [ CA_default ]
dir = fic_pki #DIR # Where everything is kept dir = /srv/fic2014-server/misc//pki #DIR # Where everything is kept
certs = $dir/certs # Where the issued certs are kept certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file. database = $dir/index.txt # database index file.
@ -147,7 +147,7 @@ organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default = SRS organizationalUnitName_default = SRS
commonName = Common Name (e.g. server FQDN or YOUR name) commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_default = toto#COMMONNAME commonName_default = FIC2014 Server #COMMONNAME
commonName_max = 64 commonName_max = 64
emailAddress = Email Address emailAddress = Email Address
@ -176,7 +176,7 @@ basicConstraints=CA:FALSE
# the certificate can be used for anything *except* object signing. # the certificate can be used for anything *except* object signing.
# This is OK for an SSL server. # This is OK for an SSL server.
nsCertType = client #CERTTYPE nsCertType = server #CERTTYPE
# For an object signing certificate this would be used. # For an object signing certificate this would be used.
# nsCertType = objsign # nsCertType = objsign

43
nginx-server-common.conf Normal file
View File

@ -0,0 +1,43 @@
access_log /var/log/nginx/fic.access_log;
error_log /var/log/nginx/fic.error_log;
root /var/www/fic2014-server/htdocs;
index index.php;
add_header Strict-Transport-Security "max-age=2592000; includeSubdomains";
location / {
if (-f $request_filename) {
break;
}
if (-d $request_filename) {
break;
}
rewrite ^/(.*)$ /index.php?p=$1 last;
}
location ~* \favicon.ico$ {
access_log off;
expires 1d;
add_header Cache-Control public;
}
location ~ ^/(img|js|css)/ {
access_log off;
expires 7d;
add_header Cache-Control public;
}
location ~ /(\.ht|\.git|\.svn|\.onyx) {
return 403;
}
location ~ .*.php$
{
if (!-e $document_root$document_uri) { return 404; }
include /etc/nginx/fastcgi.conf;
fastcgi_pass unix:/var/run/fastcgi/php-fpm.sock;
fastcgi_index index.php;
break;
}

18
nginx-server.conf Normal file
View File

@ -0,0 +1,18 @@
server {
listen 443 ssl;
listen [::]:443 ipv6only=on ssl;
ssl_certificate /var/www/fic2014-server/misc/server.crt;
ssl_certificate_key /var/www/fic2014-server/misc/server.key;
# ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# ssl_prefer_server_ciphers on;
# ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!ADH:!AECDH:!MD5:!DSS;
include /var/www/fic2014-server/nginx-server-common.conf;
}
server {
listen [::1]:80 ipv6only=on;
include /var/www/fic2014-server/nginx-server-common.conf;
}

62
nginx.conf
View File

@ -1,46 +1,58 @@
server { server {
listen 80; listen 443 ssl;
listen [::]:80; listen [::]:443 ipv6only=on ssl;
server_name fic fic.p0m.fr fic.nemunai.re;
root /var/www/fic2014-server/htdocs/;
access_log /var/log/nginx/fic.access_log; access_log /var/log/nginx/fic.access_log;
error_log /var/log/nginx/fic.error_log debug; error_log /var/log/nginx/fic.error_log;
root /var/www/fic2014-server/htdocs; ssl_certificate /var/www/fic2014-server/misc/server.crt;
ssl_certificate_key /var/www/fic2014-server/misc/server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!ADH:!AECDH:!MD5:!DSS;
ssl_client_certificate /var/www/fic2014-server/misc/pki/cacert.crt;
ssl_verify_client on;
add_header Strict-Transport-Security "max-age=2592000; includeSubdomains";
location / { location /
if (-f $request_filename) { {
break; default_type text/html;
} if ($ssl_client_s_dn !~ "/C=FR/ST=France/O=Epita/OU=SRS/")
if (-d $request_filename) { {
break; return 401;
} }
rewrite ^/(.*)$ /index.php?p=$1 last; if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Team1/") {
root /var/www/fic2014-server/htdocs/connected/166$1;
rewrite ^/submission-([0-9]+)-([0-9]+).html$ /submission.php?team=166&theme=$1&exercice=$2 last;
}
} }
location ~* \favicon.ico$ { location ~* \favicon.ico$ {
access_log off; access_log off;
expires 1d; expires 1d;
add_header Cache-Control public; add_header Cache-Control public;
} }
location ~ ^/(img|js|css)/ { location ~ ^/(img|js|css)/ {
access_log off; access_log off;
expires 7d; expires 7d;
add_header Cache-Control public; add_header Cache-Control public;
} }
location ~ /(\.ht|\.git|\.svn|\.onyx) { location ~ /(\.ht|\.git|\.svn|\.onyx) {
deny all; return 403;
} }
location ~ .*.php$ location /submission.php
{ {
if (!-e $document_root$document_uri) { return 404; } root /var/www/fic2014-server/;
include /etc/nginx/fastcgi.conf; include /etc/nginx/fastcgi.conf;
fastcgi_pass 127.0.0.1:9000; fastcgi_pass unix:/var/run/fastcgi/php-fpm.sock;
fastcgi_index index.php;
break; break;
} }
} }

9
onyx/config/sample.root.xml
View File

@ -1,7 +1,12 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<configs active="1" root="/var/www/jacobdelafon/htdocs/" cache="1"> <configs active="1" root="/var/www/fic2014-server/htdocs/" cache="1">
<config match="index.php"> <config match="index.php">
<var name="end_challenge">1381441316</var> <var name="end_challenge">1386827772</var>
<var name="misc_dir">/var/www/fic2014-server/misc/</var>
<var name="submission_dir">/var/www/fic2014-server/submission/</var>
<var name="prefix_public">challenge-public</var>
<var name="prefix_teams">challenge</var>
<var name="prefix_admin">challenge-admin</var>
<var name="chrono"><![CDATA[<!--Page générée en: $ secondes.-->]]></var> <var name="chrono"><![CDATA[<!--Page générée en: $ secondes.-->]]></var>
</config> </config>
<config match="*"> <config match="*">

6
onyx/tpl/bootstrap/clock.tpl
View File

@ -1,11 +1,11 @@
<div class="clock"> <div class="clock">
<div id="ficlogo"> <div id="ficlogo">
<a href="/"> <a href="{$SALT_PUBLIC}/">
<img src="/img/challenge.jpg" alt="Forum International de la Cybersécurité"> <img src="{$SALT_CDN}/img/challenge.jpg" alt="Forum International de la Cybersécurité">
</a> </a>
</div> </div>
<div id="epitalogo"> <div id="epitalogo">
<img src="/img/epita.png" alt="Epita"> <img src="{$SALT_CDN}/img/epita.png" alt="Epita">
</div> </div>
<div id="Date"></div> <div id="Date"></div>
<ul> <ul>

6
onyx/tpl/bootstrap/layout.tpl
View File

@ -5,7 +5,7 @@
<title>{block name=title}Challenge FIC2014{/block}</title> <title>{block name=title}Challenge FIC2014{/block}</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="viewport" content="width=device-width, initial-scale=1.0">
<!-- Bootstrap --> <!-- Bootstrap -->
<link href="/css/bootstrap.min.css" rel="stylesheet" media="screen"> <link href="{$SALT_CDN}/css/bootstrap.min.css" rel="stylesheet" media="screen">
<!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries --> <!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
<!--[if lt IE 9]> <!--[if lt IE 9]>
@ -13,7 +13,7 @@
<script src="../../assets/js/respond.min.js"></script> <script src="../../assets/js/respond.min.js"></script>
<![endif]--> <![endif]-->
<link rel="shortcut icon" type="image/x-icon" href="/favicon.ico"> <link rel="shortcut icon" type="image/x-icon" href="{$SALT_CDN}/favicon.ico">
<meta name="author" content="EPITA Laboratoire SRS"> <meta name="author" content="EPITA Laboratoire SRS">
<meta name="robots" content="all"> <meta name="robots" content="all">
<meta name="language" content="{$smarty.const.LANG}"> <meta name="language" content="{$smarty.const.LANG}">
@ -38,7 +38,7 @@
</footer> </footer>
<!-- jQuery (necessary for Bootstrap's JavaScript plugins) --> <!-- jQuery (necessary for Bootstrap's JavaScript plugins) -->
<script src="/js/jquery.min.js"></script> <script src="{$SALT_CDN}/js/jquery.min.js"></script>
<!-- Include all compiled plugins (below), or include individual files as needed --> <!-- Include all compiled plugins (below), or include individual files as needed -->
<script src="/js/bootstrap.min.js"></script> <script src="/js/bootstrap.min.js"></script>
{block name=end}{/block} {block name=end}{/block}