[arch-commits] Commit in hiawatha/repos (6 files)
Kyle Keen
kkeen at archlinux.org
Sun Aug 19 02:22:16 UTC 2018
Date: Sunday, August 19, 2018 @ 02:22:16
Author: kkeen
Revision: 372734
archrelease: copy trunk to community-staging-x86_64
Added:
hiawatha/repos/community-staging-x86_64/
hiawatha/repos/community-staging-x86_64/PKGBUILD
(from rev 372733, hiawatha/trunk/PKGBUILD)
hiawatha/repos/community-staging-x86_64/hiawatha.conf.sample
(from rev 372733, hiawatha/trunk/hiawatha.conf.sample)
hiawatha/repos/community-staging-x86_64/hiawatha.service
(from rev 372733, hiawatha/trunk/hiawatha.service)
hiawatha/repos/community-staging-x86_64/letsencrypt-renew.service
(from rev 372733, hiawatha/trunk/letsencrypt-renew.service)
hiawatha/repos/community-staging-x86_64/letsencrypt-renew.timer
(from rev 372733, hiawatha/trunk/letsencrypt-renew.timer)
---------------------------+
PKGBUILD | 103 +++++++++++++++++++++++++++++++++++++++
hiawatha.conf.sample | 114 ++++++++++++++++++++++++++++++++++++++++++++
hiawatha.service | 16 ++++++
letsencrypt-renew.service | 8 +++
letsencrypt-renew.timer | 11 ++++
5 files changed, 252 insertions(+)
Copied: hiawatha/repos/community-staging-x86_64/PKGBUILD (from rev 372733, hiawatha/trunk/PKGBUILD)
===================================================================
--- community-staging-x86_64/PKGBUILD (rev 0)
+++ community-staging-x86_64/PKGBUILD 2018-08-19 02:22:16 UTC (rev 372734)
@@ -0,0 +1,103 @@
+# $Id$
+# Maintainer: Kyle Keen <keenerd at gmail.com>
+# Contributor: Kurt Marasco <celilo _at_ lavabit _dot_ com>
+# Contributor: Pascal Ernster <aur at hardfalcon dot net>
+
+pkgname=hiawatha
+pkgver=10.8.2
+pkgrel=1
+pkgdesc="Secure and advanced webserver"
+url="https://www.hiawatha-webserver.org/"
+arch=('x86_64')
+license=('GPL2')
+depends=('libxslt' 'mbedtls')
+optdepends=('php-fpm: PHP fastcgi'
+ 'php: letsencrypt')
+makedepends=('cmake')
+backup=(
+ 'etc/hiawatha/hiawatha.conf'
+ 'etc/hiawatha/cgi-wrapper.conf'
+ 'etc/hiawatha/mimetype.conf'
+)
+
+source=(
+ "https://www.hiawatha-webserver.org/files/$pkgname-$pkgver.tar.gz"
+ 'hiawatha.conf.sample'
+ 'hiawatha.service'
+ 'letsencrypt-renew.service'
+ 'letsencrypt-renew.timer'
+)
+sha256sums=('282e586113a1ffaececfd093a3da83c9f6de67e8d76853f25c546fdca9f013c7'
+ '4671d2586cbe3cd6497b16ff422c6143cdab40641ef3c9c4988c478351a8f5e7'
+ 'fb789b12bb6246237b15a9244f58317abdd53e5ca4eb55880e40a498b2237155'
+ '7f903aadf1e7e4bf449c9a647f160051358ef1e2db328afffc7f3a5c204f8ea5'
+ 'a1d5371e886bdd697c9d040125aa5b117d6efe36bb6ee77b57004d893f2bc410')
+
+
+prepare() {
+ cd "$srcdir/$pkgname-$pkgver"
+ sed -i 's/www-data/http/g' extra/logrotate.in
+}
+
+build() {
+ cd "$srcdir/$pkgname-$pkgver"
+ mkdir -p build
+ cd build
+
+ cmake ../ -DCMAKE_INSTALL_PREFIX="/" \
+ -DCMAKE_INSTALL_BINDIR="/usr/bin" \
+ -DCMAKE_INSTALL_SBINDIR="/usr/bin" \
+ -DCMAKE_INSTALL_SYSCONFDIR="/etc/hiawatha" \
+ -DCMAKE_INSTALL_LIBDIR="/usr/lib" \
+ -DCMAKE_INSTALL_MANDIR="/usr/share/man" \
+ -DCONFIG_DIR="/etc/hiawatha" \
+ -DLOG_DIR="/var/log/hiawatha" \
+ -DPID_DIR="/run" \
+ -DENABLE_TLS=ON \
+ -DUSE_SYSTEM_MBEDTLS=ON \
+ -DENABLE_MONITOR=ON \
+ -DWEBROOT_DIR="/srv/http/hiawatha" \
+ -DWORK_DIR="/var/lib/hiawatha"
+
+ make
+
+ # Features enabled by default
+ # -DENABLE_CACHE
+ # -DENABLE_IPV6
+ # -DENABLE_RPROXY
+ # -DENABLE_TOOLKIT
+ # -DENABLE_XSLT
+
+ # Features disabled by default
+ # -DENABLE_DEBUG
+ # -DENABLE_TOMAHAWK
+}
+
+package() {
+ cd "$srcdir/$pkgname-$pkgver/build"
+ make DESTDIR="$pkgdir/" install
+
+ rmdir "$pkgdir/run"
+ rm "$pkgdir/srv/http/hiawatha/index.html"
+ rmdir -p --ignore-fail-on-non-empty "$pkgdir/srv/http/hiawatha"
+
+ # Update stock hiawatha.conf
+ sed -e 's|#ServerId = www-data|ServerId = http|' \
+ -e 's|/var/www/|/srv/http/|g' \
+ -e 's|//|/|g' \
+ -e 's|#CGIextension = cgi|&\n#TriggerOnCGIstatus = no|g' \
+ -e 's|ConnectTo = 127.0.0.1:2005|ConnectTo = 127.0.0.1:9000|g' \
+ -e 's|# Extension = php|&\n# SessionTimeout = 30|g' \
+ -e 's|#ErrorHandler = 404:/error.cgi|&\n#UseGZfile = yes|g' \
+ -i "$pkgdir/etc/hiawatha/hiawatha.conf"
+
+ install -Dm644 logrotate.d/hiawatha "$pkgdir/etc/logrotate.d/hiawatha"
+ install -Dm644 "$srcdir/hiawatha.service" "$pkgdir/usr/lib/systemd/system/hiawatha.service"
+ install -Dm644 "$srcdir/hiawatha.conf.sample" "$pkgdir/etc/hiawatha/"
+
+ mkdir -p "$pkgdir/usr/share/hiawatha/"
+ cd "$srcdir/$pkgname-$pkgver/extra/"
+ cp "$srcdir/letsencrypt-renew."* letsencrypt/
+ tar -caf "$pkgdir/usr/share/hiawatha/letsencrypt.tar.gz" letsencrypt/*
+}
+
Copied: hiawatha/repos/community-staging-x86_64/hiawatha.conf.sample (from rev 372733, hiawatha/trunk/hiawatha.conf.sample)
===================================================================
--- community-staging-x86_64/hiawatha.conf.sample (rev 0)
+++ community-staging-x86_64/hiawatha.conf.sample 2018-08-19 02:22:16 UTC (rev 372734)
@@ -0,0 +1,114 @@
+# Hiawatha main configuration file
+# This is a basic sample configuration file that sets up a:
+# 1) Default web site at /srv/http/hiawatha (Note: fast CGI is not active on default site)
+# 2) Virtual host for phpmyadmin at /srv/http/phpMyAdmin
+# note: you must install phpmyadmin, mysql, php-mcrypt, and php-cgi separately. Be sure that extensions
+# mcrypt.so and mysql.so are enabled in your php.ini.
+# Also add phpmyadmin to your hosts file
+# 3) FastCGI server
+
+
+# GENERAL SETTINGS
+ServerId = http
+ConnectionsTotal = 150
+ConnectionsPerIP = 10
+SystemLogfile = /var/log/hiawatha/system.log
+GarbageLogfile = /var/log/hiawatha/garbage.log
+
+
+# BINDING SETTINGS
+# A binding is where a client can connect to.
+#
+Binding {
+ Port = 80
+}
+
+
+
+### The following fast CGI daemons require php-fpm using a UNIX socket and TCP port, respectively.
+# ACTIVATE a FastCGI server for php (using UNIX socket)
+FastCGIserver {
+ FastCGIid = PHP5
+ ConnectTo = /run/php-fpm/php-fpm.sock
+ Extension = php
+ SessionTimeout = 30
+}
+
+# ACTIVATE a FastCGI server for php (using IP-address and TCP port)
+#FastCGIserver {
+# FastCGIid = PHP5
+# ConnectTo = 127.0.0.1:9000
+# Extension = php
+# SessionTimeout = 30
+#}
+
+
+# DEFAULT WEBSITE
+# It is wise to use your IP address as the hostname of the default website
+# and give it a blank webpage. By doing so, automated webscanners won't find
+# your possible vulnerable website.
+#
+Hostname = 127.0.0.1
+WebsiteRoot = /srv/http/hiawatha
+StartFile = index.html
+AccessLogfile = /var/log/hiawatha/access.log
+ErrorLogfile = /var/log/hiawatha/error.log
+#ErrorHandler = 404:/error.cgi
+UseXSLT = yes
+
+
+# VIRTUAL HOSTS
+VirtualHost {
+
+ # If you set WebsiteRoot to /usr/share/webapps/phpMyAdmin you don't need followsymlinks
+ # I symlinked the phpMyAdmin folder to '/srv/http/phpMyAdmin' so that I can easily remember where it's located but
+ # still set 'WebsiteRoot' to the real source directory. You could point WebsiteRoot to the
+ # symlinked directory, but you will have to set 'FollowSymlinks = yes' for that to function properly
+
+ #FollowSymlinks = yes
+ #WebsiteRoot = /srv/http/phpMyAdmin
+ WebsiteRoot = /usr/share/webapps/phpMyAdmin
+ Hostname = phpmyadmin
+ AccessLogfile = /var/log/hiawatha/phpmyadmin/access.log
+ ErrorLogfile = /var/log/hiawatha/phpmyadmin/error.log
+ StartFile = index.php
+ UseFastCGI = PHP5
+
+}
+
+# Add some more
+
+#VirtualHost {
+# Hostname = www.my-domain.com
+# WebsiteRoot = /svr/http/my-domain/public
+# StartFile = index.php
+# AccessLogfile = /svr/http/my-domain/log/access.log
+# ErrorLogfile = /svr/http/my-domain/log/error.log
+# TimeForCGI = 5
+# UseFastCGI = PHP5
+# UseToolkit = banshee
+#}
+
+
+#Additional settings for monitoring
+
+UrlToolkit {
+ ToolkitID = banshee
+ RequestURI isfile Return
+ Match ^/(css|files|images|js)/ Return
+ Match ^/(favicon.ico|robots.txt|sitemap.xml)$ Return
+ Match .*\?(.*) Rewrite /index.php?$1
+ Match .* Rewrite /index.php
+}
+
+VirtualHost {
+ Hostname = monitor.domain.com
+ WebsiteRoot = /svr/http/monitor/public
+ AccessLogfile = /svr/http/monitor/logfiles/access.log
+ ErrorLogfile = /svr/http/monitor/logfiles/error.log
+ StartFile = index.php
+# ExecuteCGI = yes
+ UseFastCGI = PHP5 # Use if you use PHP as a FastCGI daemon
+ TimeForCGI = 15
+ UseToolkit = banshee
+}
Copied: hiawatha/repos/community-staging-x86_64/hiawatha.service (from rev 372733, hiawatha/trunk/hiawatha.service)
===================================================================
--- community-staging-x86_64/hiawatha.service (rev 0)
+++ community-staging-x86_64/hiawatha.service 2018-08-19 02:22:16 UTC (rev 372734)
@@ -0,0 +1,16 @@
+[Unit]
+Description=Hiawatha Web Server
+After=network.target remote-fs.target nss-lookup.target
+
+[Service]
+Type=simple
+SyslogIdentifier=hiawatha
+ExecStartPre=/usr/bin/hiawatha -k ; /usr/bin/wigwam
+ExecStart= /usr/bin/hiawatha -d
+TimeoutSec=10
+#(doesn't like this setting. Can't find files) PrivateTmp=true
+LimitNOFILE=infinity
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER CAP_FSETID CAP_SETGID CAP_SETUID
+
+[Install]
+WantedBy=multi-user.target
Copied: hiawatha/repos/community-staging-x86_64/letsencrypt-renew.service (from rev 372733, hiawatha/trunk/letsencrypt-renew.service)
===================================================================
--- community-staging-x86_64/letsencrypt-renew.service (rev 0)
+++ community-staging-x86_64/letsencrypt-renew.service 2018-08-19 02:22:16 UTC (rev 372734)
@@ -0,0 +1,8 @@
+[Unit]
+Description=Renew Let's Encrypt certificates
+Wants=network-online.target
+After=network-online.target
+
+[Service]
+Type=oneshot
+ExecStart=/root/letsencrypt/letsencrypt renew restart
Copied: hiawatha/repos/community-staging-x86_64/letsencrypt-renew.timer (from rev 372733, hiawatha/trunk/letsencrypt-renew.timer)
===================================================================
--- community-staging-x86_64/letsencrypt-renew.timer (rev 0)
+++ community-staging-x86_64/letsencrypt-renew.timer 2018-08-19 02:22:16 UTC (rev 372734)
@@ -0,0 +1,11 @@
+[Unit]
+Description=Daily renewal of Let's Encrypt's certificates
+
+[Timer]
+OnCalendar=daily
+# Be kind to the Let's Encrypt servers: add a random delay of 0–3600 seconds
+RandomizedDelaySec=3600
+Persistent=true
+
+[Install]
+WantedBy=timers.target
More information about the arch-commits
mailing list