diff options
Diffstat (limited to 'server')
-rwxr-xr-x | server/bin/checkperms | 12 | ||||
-rwxr-xr-x | server/bin/setsmbpass | 10 | ||||
-rw-r--r-- | server/etc/apache-console3.conf.tmpl | 58 | ||||
-rw-r--r-- | server/etc/apache.conf.tmpl | 52 |
4 files changed, 59 insertions, 73 deletions
diff --git a/server/bin/checkperms b/server/bin/checkperms index 5c558c45..ca9e1d7d 100755 --- a/server/bin/checkperms +++ b/server/bin/checkperms @@ -46,16 +46,16 @@ find $OPENGNSYS_DIR/images -maxdepth 1 -type f -exec chmod 664 {} \; find $OPENGNSYS_DIR/client/{interfaceAdm,scripts} ! -name "*.txt" -exec chmod +x {} \; chown $OPENGNSYS_USER:$OPENGNSYS_USER $OPENGNSYS_DIR/client/interfaceAdm/CambiarAcceso chmod 700 $OPENGNSYS_DIR/client/interfaceAdm/CambiarAcceso -chown root:root $OPENGNSYS_DIR/etc/{ogAdmServer,ogAdmAgent}*.cfg -chmod 600 $OPENGNSYS_DIR/etc/{ogAdmServer,ogAdmAgent}*.cfg -chown root:$APACHE_GROUP $OPENGNSYS_DIR/{www/controlacceso*.php,etc/ogAdmRepo*.cfg} -chmod 640 $OPENGNSYS_DIR/{www/controlacceso*.php,etc/ogAdmRepo*.cfg} -chown -R $APACHE_USER:$APACHE_GROUP $OPENGNSYS_DIR/www/images/{fotos,iconos} +rm -fr $OPENGNSYS_DIR/www3/backend/var/cache/* +mkdir -p $OPENGNSYS_DIR/www3/backend/var/{cache,logs} +chown -R $OPENGNSYS_USER:$OPENGNSYS_USER $OPENGNSYS_DIR/www3 +chown -R $APACHE_USER:$APACHE_GROUP $OPENGNSYS_DIR/www3/backend/var +chmod 777 $OPENGNSYS_DIR/www3/backend/var/{cache,logs} mkdir -p $OPENGNSYS_DIR/www/{api,tmp} chown -R $APACHE_USER:$APACHE_GROUP $OPENGNSYS_DIR/www/{api,tmp} chown -R $APACHE_USER:$APACHE_GROUP $OPENGNSYS_DIR/tftpboot/menu.lst chown -R :$OPENGNSYS_USER $OPENGNSYS_DIR/tftpboot/ogLive* find -L $OPENGNSYS_DIR/tftpboot -type d -exec chmod 755 {} \; find -L $OPENGNSYS_DIR/tftpboot -type f -exec chmod 644 {} \; -chown $APACHE_USER:$APACHE_GROUP $OPENGNSYS_DIR/log/{ogagent,remotepc,rest}.log +#chown $APACHE_USER:$APACHE_GROUP $OPENGNSYS_DIR/log/{ogagent,remotepc,rest}.log diff --git a/server/bin/setsmbpass b/server/bin/setsmbpass index 2162b3be..57c354d7 100755 --- a/server/bin/setsmbpass +++ b/server/bin/setsmbpass @@ -19,6 +19,7 @@ PROG=$(basename "$0") PATH=$PATH:$(dirname "$(realpath "$0")") OPENGNSYS=${OPENGNSYS:-"/opt/opengnsys"} +OGCFGFILE=$OPENGNSYS/etc/opengnsys.json SAMBAUSER="opengnsys" # Usuario por defecto. TFTPDIR=$OPENGNSYS/tftpboot INITRD=oginitrd.img @@ -88,8 +89,13 @@ for OGLIVE in $LIST; do # FIN CĂ“DIGO TEMPORAL. # Ticket 565, preparar acceso Rsync cliente. echo "$SAMBAPASS" > scripts/passrsync - chown root.root scripts/passrsync - chmod 400 scripts/passrsync + # Guardar tokens de seguridad. + cat << EOT > scripts/client.cfg +CLIENTID=$(jq -r .client.id $OGCFGFILE) +CLIENTSECRET=$(jq -r .client.secret $OGCFGFILE) +EOT + chown root.root scripts/passrsync scripts/client.cfg + chmod 400 scripts/passrsync scripts/client.cfg # Generar Initrd del cliente. find . | cpio -H newc -oa | gzip -9c > "$CLIENTINITRD" else diff --git a/server/etc/apache-console3.conf.tmpl b/server/etc/apache-console3.conf.tmpl deleted file mode 100644 index 91b61cfb..00000000 --- a/server/etc/apache-console3.conf.tmpl +++ /dev/null @@ -1,58 +0,0 @@ -# OpenGnsys Web Admin Console 3 template configuration for Apache. - -Alias /opengnsys/v3 CONSOLEDIR3 - -# PHP-FPM configuration -<IfModule proxy_fcgi_module> - <FilesMatch ".+\.ph(p[3457]?|t|tml)$"> - SetHandler "proxy:fcgi://127.0.0.1:9000" - </FilesMatch> -</IfModule> - -RewriteEngine On - -# Redirect HTTP to HTTPS and default configuration. -<Directory CONSOLEDIR3> - RewriteCond %{HTTPS} !=on - RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R] - Require all granted - Options -Indexes +FollowSymLinks - DirectoryIndex index.html index.php - AddType octet/stream .pkg -</Directory> - -# Redirect HTTP to HTTPS and RESTful configuration. -<Directory CONSOLEDIR3/backend/web> - #RewriteBase /opengnsys3/rest/web - #RewriteRule .? - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] - #RewriteCond %{HTTPS} !=on - #RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R] - #RewriteCond %{REQUEST_FILENAME} !-f - #RewriteRule ^ index.php [QSA,L] - DirectoryIndex app.php - - <IfModule mod_rewrite.c> - RewriteEngine On - RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$ - RewriteRule ^(.*) - [E=BASE:%1] - - # Sets the HTTP_AUTHORIZATION header removed by apache - RewriteCond %{HTTP:Authorization} . - RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] - - RewriteCond %{ENV:REDIRECT_STATUS} ^$ - RewriteRule ^app\.php(/(.*)|$) %{ENV:BASE}/$2 [R=301,L] - - RewriteCond %{REQUEST_FILENAME} -f - RewriteRule .? - [L] - - # Rewrite all other queries to the front controller. - RewriteRule .? %{ENV:BASE}/app.php [L] - </IfModule> - - <IfModule !mod_rewrite.c> - <IfModule mod_alias.c> - RedirectMatch 302 ^/$ /app.php/ - </IfModule> - </IfModule> -</Directory> diff --git a/server/etc/apache.conf.tmpl b/server/etc/apache.conf.tmpl index edb3fda8..099d9ea5 100644 --- a/server/etc/apache.conf.tmpl +++ b/server/etc/apache.conf.tmpl @@ -21,12 +21,50 @@ RewriteEngine On AddType octet/stream .pkg </Directory> +Alias /opengnsys3 CONSOLEDIR3 + +# Redirect HTTP to HTTPS and default configuration. +<Directory CONSOLEDIR3> + RewriteCond %{HTTPS} !=on + RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R] + Require all granted + Options -Indexes +FollowSymLinks + DirectoryIndex index.html index.php + AddType octet/stream .pkg +</Directory> + # Redirect HTTP to HTTPS and RESTful configuration. -<Directory CONSOLEDIR/rest> - RewriteBase /opengnsys/rest/ - RewriteRule .? - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] - RewriteCond %{HTTPS} !=on - RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R] - RewriteCond %{REQUEST_FILENAME} !-f - RewriteRule ^ index.php [QSA,L] +<Directory CONSOLEDIR3/backend/web> + #RewriteBase /opengnsys3/rest/web + #RewriteRule .? - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] + #RewriteCond %{HTTPS} !=on + #RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R] + #RewriteCond %{REQUEST_FILENAME} !-f + #RewriteRule ^ index.php [QSA,L] + DirectoryIndex app.php + + <IfModule mod_rewrite.c> + RewriteEngine On + RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$ + RewriteRule ^(.*) - [E=BASE:%1] + + # Sets the HTTP_AUTHORIZATION header removed by apache + RewriteCond %{HTTP:Authorization} . + RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] + + RewriteCond %{ENV:REDIRECT_STATUS} ^$ + RewriteRule ^app\.php(/(.*)|$) %{ENV:BASE}/$2 [R=301,L] + + RewriteCond %{REQUEST_FILENAME} -f + RewriteRule .? - [L] + + # Rewrite all other queries to the front controller. + RewriteRule .? %{ENV:BASE}/app.php [L] + </IfModule> + + <IfModule !mod_rewrite.c> + <IfModule mod_alias.c> + RedirectMatch 302 ^/$ /app.php/ + </IfModule> + </IfModule> </Directory> |