diff --git a/syspass/.gitignore b/syspass/.gitignore deleted file mode 100644 index f428ebbab..000000000 --- a/syspass/.gitignore +++ /dev/null @@ -1,4 +0,0 @@ -docker-compose-*.yml -/.project -/build/* -!/build/build-vendor.sh diff --git a/syspass/build/build-vendor.sh b/syspass/build/build-vendor.sh deleted file mode 100755 index 903887239..000000000 --- a/syspass/build/build-vendor.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/usr/bin/env bash -# -# Build vendor package for offline installations -# - -APP_DIR="$(pwd)/app" -SYSPASS_REPO="https://github.com/nuxsmin/sysPass.git" -COMPOSER_OPTS="--ignore-platform-reqs --no-interaction --no-plugins --no-scripts --prefer-dist --no-dev --optimize-autoloader --classmap-authoritative --working-dir" -COMPOSER_IMAGE="composer:1.8" -VENDOR_PACKAGE="vendor.tar.gz" - -if [ ! -d "${APP_DIR}" ]; then - git clone -b master ${SYSPASS_REPO} ${APP_DIR} -else - git pull --no-tags ${APP_DIR} master -fi - -[[ -e ${VENDOR_PACKAGE} ]] && rm -rf ${VENDOR_PACKAGE} - -docker run --rm -v "${APP_DIR}":/app -u 1000 ${COMPOSER_IMAGE} composer install ${COMPOSER_OPTS} /app - -pushd ${APP_DIR} > /dev/null - -tar czf ../${VENDOR_PACKAGE} vendor/ - -popd > /dev/null diff --git a/syspass/common/build.sh b/syspass/common/build.sh deleted file mode 100755 index 3fdaf5c1b..000000000 --- a/syspass/common/build.sh +++ /dev/null @@ -1,50 +0,0 @@ -#!/bin/bash - -BUILDS=`find ../ -type d -name sysPass-*` -BRANCH="master" -VERSION="3.1.2" -BUILD_NUMBER="19030701" - -build_env() { - for BUILD in ${BUILDS}; do - TAG=`echo ${BUILD} | cut -d'-' -f2` - - echo "Building env for ${TAG} (${BUILD})" - - cp -af entrypoint.sh syspass.conf ${BUILD}/ - - sed -i 's/SYSPASS_BRANCH="[a-z0-9\.]\+"/SYSPASS_BRANCH="'${BRANCH}'"/i; - s/version=[a-z0-9\.\-]\+/version='${VERSION}'/i; - s/build=[0-9]\+/build='${BUILD_NUMBER}'/' ${BUILD}/Dockerfile - done - - find ../ -name docker-compose.yml | while read FILE; do - sed -i 's/syspass:[0-9\.]\+\(-rc[0-9]\+\)\?/syspass:'${VERSION}'/' ${FILE} - done -} - -build_docker() { - for BUILD in ${BUILDS}; do - TAG="${VERSION}-`echo ${BUILD} | cut -d'-' -f2`" - - echo "Building Docker for ${TAG} (${BUILD})" - - docker build --tag syspass:${TAG} ${BUILD} - done - - echo "Cleaning up Docker images (dangling)" - docker images --filter dangling=true --format {{.ID}} | xargs docker rmi -} - -case $1 in - "env") - build_env - ;; - "docker") - build_env - build_docker - ;; - *) - echo "Usage: $0 [env|docker]" - ;; -esac diff --git a/syspass/common/entrypoint.sh b/syspass/common/entrypoint.sh deleted file mode 100755 index 762b71be1..000000000 --- a/syspass/common/entrypoint.sh +++ /dev/null @@ -1,130 +0,0 @@ -#!/bin/bash - -COLOR_NC='\033[0m' -COLOR_YELLOW='\033[0;33m' -COLOR_RED='\033[0;31m' -COLOR_GREEN='\033[0;32m' - -XDEBUG_REMOTE_HOST=${XDEBUG_REMOTE_HOST:-"172.17.0.1"} -XDEBUG_IDE_KEY=${XDEBUG_IDE_KEY:-"ide"} - -COMPOSER_OPTIONS="--working-dir ${SYSPASS_DIR} --classmap-authoritative" - -GOSU="gosu ${SYSPASS_UID}" - -if [ -e /usr/local/sbin/init-functions ]; then - . /usr/local/sbin/init-functions -fi - -setup_app () { - if [ -e "${SYSPASS_DIR}/index.php" ]; then - echo -e "${COLOR_YELLOW}setup_app: Setting up permissions${COLOR_NC}" - - RW_DIRS="${SYSPASS_DIR}/app/config \ - ${SYSPASS_DIR}/app/backup \ - ${SYSPASS_DIR}/app/cache \ - ${SYSPASS_DIR}/app/resources \ - ${SYSPASS_DIR}/app/temp" - - chown ${APACHE_RUN_USER}:${SYSPASS_UID} -R ${RW_DIRS} - - chmod 750 ${RW_DIRS} - - chown ${SYSPASS_UID}:${SYSPASS_UID} -R \ - ${SYSPASS_DIR}/app/modules/*/plugins \ - ${SYSPASS_DIR}/composer.json \ - ${SYSPASS_DIR}/composer.lock \ - ${SYSPASS_DIR}/vendor - fi -} - -setup_locales() { - if [ ! -e ".setup" ]; then - LOCALE_GEN="/etc/locale.gen" - - echo -e "${COLOR_YELLOW}setup_locales: Setting up locales${COLOR_NC}" - - echo -e "\n### sysPass locales" >> $LOCALE_GEN - echo "es_ES.UTF-8 UTF-8" >> $LOCALE_GEN - echo "en_US.UTF-8 UTF-8" >> $LOCALE_GEN - echo "en_GB.UTF-8 UTF-8" >> $LOCALE_GEN - echo "de_DE.UTF-8 UTF-8" >> $LOCALE_GEN - echo "ca_ES.UTF-8 UTF-8" >> $LOCALE_GEN - echo "fr_FR.UTF-8 UTF-8" >> $LOCALE_GEN - echo "ru_RU.UTF-8 UTF-8" >> $LOCALE_GEN - echo "pl_PL.UTF-8 UTF-8" >> $LOCALE_GEN - echo "nl_NL.UTF-8 UTF-8" >> $LOCALE_GEN - echo "pt_BR.UTF-8 UTF-8" >> $LOCALE_GEN - echo "da.UTF-8 UTF-8" >> $LOCALE_GEN - echo "it_IT.UTF-8 UTF-8" >> $LOCALE_GEN - echo "fo.UTF-8 UTF-8" >> $LOCALE_GEN - - echo 'LANG="en_US.UTF-8"' > /etc/default/locale - - dpkg-reconfigure --frontend=noninteractive locales - - update-locale LANG=en_US.UTF-8 - - export LANG=en_US.UTF-8 - - echo "1" > .setup - else - echo -e "${COLOR_YELLOW}setup_locales: Locales already set up${COLOR_NC}" - fi -} - -run_composer () { - pushd ${SYSPASS_DIR} - - if [ -e "./composer.lock" -a -e "composer.json" ]; then - echo -e "${COLOR_YELLOW}run_composer: Running composer${COLOR_NC}" - - ${GOSU} composer "$@" ${COMPOSER_OPTIONS} - else - echo -e "${COLOR_RED}run_composer: Error, composer not set up${COLOR_NC}" - fi - - popd -} - -setup_composer_extensions () { - if [ -n "${COMPOSER_EXTENSIONS}" ]; then - echo -e "${COLOR_YELLOW}setup_composer_extensions: ${COMPOSER_EXTENSIONS}${COLOR_NC}" - - run_composer require ${COMPOSER_EXTENSIONS} --update-no-dev - fi -} - -echo -e "${COLOR_YELLOW}entrypoint: Starting with UID : ${SYSPASS_UID}${COLOR_NC}" -id ${SYSPASS_UID} > /dev/null 2>&1 || useradd --shell /bin/bash -u ${SYSPASS_UID} -o -c "" -m user -export HOME=${SYSPASS_DIR} - -setup_app - -case "$1" in - "apache") - setup_composer_extensions - setup_locales - setup_apache - - SELF_IP_ADDRESS=$(grep $HOSTNAME /etc/hosts | cut -f1) - - echo -e "${COLOR_GREEN}######" - echo -e "sysPass environment installed and configured. Please point your browser to https://${SELF_IP_ADDRESS} to start the installation" - echo -e "######${COLOR_NC}" - echo -e "${COLOR_YELLOW}entrypoint: Starting Apache${COLOR_NC}" - - run_apache - ;; - "update") - run_composer update - ;; - "composer") - shift - run_composer "$@" - ;; - *) - echo -e "${COLOR_YELLOW}entrypoint: Starting $@${COLOR_NC}" - exec ${GOSU} "$@" - ;; -esac diff --git a/syspass/common/syspass.conf b/syspass/common/syspass.conf deleted file mode 100644 index 2988abfd2..000000000 --- a/syspass/common/syspass.conf +++ /dev/null @@ -1,184 +0,0 @@ -RedirectMatch "^/$" "/index.php" - - - DirectoryIndex index.php - Options -Indexes -FollowSymLinks -Includes -ExecCGI - - - Require expr "%{REQUEST_URI} =~ m#.*/index\.php(\?r=)?#" - Require expr "%{REQUEST_URI} =~ m#.*/api\.php$#" - Require expr "%{REQUEST_URI} =~ m#^$#" - - - -# -# Require all granted -# - - - Require all granted - - - - # the server uses to identify itself. This is used when creating - # redirection URLs. In the context of virtual hosts, the ServerName - # specifies what hostname must appear in the request's Host: header to - # match this virtual host. For the default virtual host (this file) this - # value is not decisive as it is used as a last resort host regardless. - # However, you must set it for any further virtual host explicitly. - #ServerName www.example.com - - ServerAdmin webmaster@localhost - DocumentRoot /var/www/html/sysPass - - # Available loglevels: trace8, ..., trace1, debug, info, notice, warn, - # error, crit, alert, emerg. - # It is also possible to configure the loglevel for particular - # modules, e.g. - #LogLevel info ssl:warn - - ErrorLog ${APACHE_LOG_DIR}/error.log - CustomLog ${APACHE_LOG_DIR}/access.log combined - - - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteCond %{ENV:USE_SSL} "=yes" - RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L] - - - - - - ServerAdmin webmaster@localhost - DocumentRoot /var/www/html/sysPass - - # Available loglevels: trace8, ..., trace1, debug, info, notice, warn, - # error, crit, alert, emerg. - # It is also possible to configure the loglevel for particular - # modules, e.g. - #LogLevel info ssl:warn - - ErrorLog ${APACHE_LOG_DIR}/error.log - CustomLog ${APACHE_LOG_DIR}/access.log combined - - # For most configuration files from conf-available/, which are - # enabled or disabled at a global level, it is possible to - # include a line for only one particular virtual host. For example the - # following line enables the CGI configuration for this host only - # after it has been globally disabled with "a2disconf". - #Include conf-available/serve-cgi-bin.conf - - # SSL Engine Switch: - # Enable/Disable SSL for this virtual host. - SSLEngine on - - # A self-signed (snakeoil) certificate can be created by installing - # the ssl-cert package. See - # /usr/share/doc/apache2/README.Debian.gz for more info. - # If both key and certificate are stored in the same file, only the - # SSLCertificateFile directive is needed. - SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem - SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key - - # Server Certificate Chain: - # Point SSLCertificateChainFile at a file containing the - # concatenation of PEM encoded CA certificates which form the - # certificate chain for the server certificate. Alternatively - # the referenced file can be the same as SSLCertificateFile - # when the CA certificates are directly appended to the server - # certificate for convinience. - #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt - - # Certificate Authority (CA): - # Set the CA certificate verification path where to find CA - # certificates for client authentication or alternatively one - # huge file containing all of them (file must be PEM encoded) - # Note: Inside SSLCACertificatePath you need hash symlinks - # to point to the certificate files. Use the provided - # Makefile to update the hash symlinks after changes. - #SSLCACertificatePath /etc/ssl/certs/ - #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt - - # Certificate Revocation Lists (CRL): - # Set the CA revocation path where to find CA CRLs for client - # authentication or alternatively one huge file containing all - # of them (file must be PEM encoded) - # Note: Inside SSLCARevocationPath you need hash symlinks - # to point to the certificate files. Use the provided - # Makefile to update the hash symlinks after changes. - #SSLCARevocationPath /etc/apache2/ssl.crl/ - #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl - - # Client Authentication (Type): - # Client certificate verification type and depth. Types are - # none, optional, require and optional_no_ca. Depth is a - # number which specifies how deeply to verify the certificate - # issuer chain before deciding the certificate is not valid. - #SSLVerifyClient require - #SSLVerifyDepth 10 - - # SSL Engine Options: - # Set various options for the SSL engine. - # o FakeBasicAuth: - # Translate the client X.509 into a Basic Authorisation. This means that - # the standard Auth/DBMAuth methods can be used for access control. The - # user name is the `one line' version of the client's X.509 certificate. - # Note that no password is obtained from the user. Every entry in the user - # file needs this password: `xxj31ZMTZzkVA'. - # o ExportCertData: - # This exports two additional environment variables: SSL_CLIENT_CERT and - # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the - # server (always existing) and the client (only existing when client - # authentication is used). This can be used to import the certificates - # into CGI scripts. - # o StdEnvVars: - # This exports the standard SSL/TLS related `SSL_*' environment variables. - # Per default this exportation is switched off for performance reasons, - # because the extraction step is an expensive operation and is usually - # useless for serving static content. So one usually enables the - # exportation for CGI and SSI requests only. - # o OptRenegotiate: - # This enables optimized SSL connection renegotiation handling when SSL - # directives are used in per-directory context. - #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire - - SSLOptions +StdEnvVars - - - SSLOptions +StdEnvVars - - - # SSL Protocol Adjustments: - # The safe and default but still SSL/TLS standard compliant shutdown - # approach is that mod_ssl sends the close notify alert but doesn't wait for - # the close notify alert from client. When you need a different shutdown - # approach you can use one of the following variables: - # o ssl-unclean-shutdown: - # This forces an unclean shutdown when the connection is closed, i.e. no - # SSL close notify alert is send or allowed to received. This violates - # the SSL/TLS standard but is needed for some brain-dead browsers. Use - # this when you receive I/O errors because of the standard approach where - # mod_ssl sends the close notify alert. - # o ssl-accurate-shutdown: - # This forces an accurate shutdown when the connection is closed, i.e. a - # SSL close notify alert is send and mod_ssl waits for the close notify - # alert of the client. This is 100% SSL/TLS standard compliant, but in - # practice often causes hanging connections with brain-dead browsers. Use - # this only for browsers where you know that their SSL implementation - # works correctly. - # Notice: Most problems of broken clients are also related to the HTTP - # keep-alive facility, so you usually additionally want to disable - # keep-alive for those clients, too. Use variable "nokeepalive" for this. - # Similarly, one has to force some clients to use HTTP/1.0 to workaround - # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and - # "force-response-1.0" for this. - BrowserMatch "MSIE [2-6]" \ - nokeepalive ssl-unclean-shutdown \ - downgrade-1.0 force-response-1.0 - # MSIE 7 and newer should be able to use keepalive - BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown - - - -# vim: syntax=apache ts=2 sw=2 sts=2 sr noet diff --git a/syspass/docker-compose.yml b/syspass/docker-compose.yml deleted file mode 100644 index 0e1f80b51..000000000 --- a/syspass/docker-compose.yml +++ /dev/null @@ -1,31 +0,0 @@ -version: '2' -services: - app: - container_name: syspass-app - image: syspass/syspass:3.1.2 - restart: always - ports: - - "80" - - "443" - links: - - db - volumes: - - syspass-config:/var/www/html/sysPass/app/config - - syspass-backup:/var/www/html/sysPass/app/backup - environment: - - USE_SSL=yes - db: - container_name: syspass-db - restart: always - image: mariadb:10.2 - environment: - - MYSQL_ROOT_PASSWORD=syspass - ports: - - "3306" - volumes: - - syspass-db:/var/lib/mysql - -volumes: - syspass-config: {} - syspass-backup: {} - syspass-db: {} diff --git a/syspass/sysPass-php7.0/Dockerfile b/syspass/sysPass-php7.0/Dockerfile deleted file mode 100644 index 04789ef0d..000000000 --- a/syspass/sysPass-php7.0/Dockerfile +++ /dev/null @@ -1,87 +0,0 @@ -# -# https://syspass.org -# https://doc.syspass.org -# -FROM composer:1.7 as bootstrap - -ENV SYSPASS_BRANCH="master" - -RUN git clone --branch ${SYSPASS_BRANCH} https://github.com/nuxsmin/sysPass.git \ - && composer install \ - --ignore-platform-reqs \ - --no-interaction \ - --no-plugins \ - --no-scripts \ - --prefer-dist \ - --no-dev \ - --classmap-authoritative \ - --working-dir /app/sysPass - -FROM debian:stretch as app - -LABEL maintainer=nuxsmin@syspass.org version=3.1.2 php=7.0 environment=production - -RUN apt-get update \ - && DEBIAN_FRONTEND=noninteractive apt-get -y install \ - locales \ - apache2 \ - libapache2-mod-php7.0 \ - php-pear \ - php7.0 \ - php7.0-cgi \ - php7.0-cli \ - php7.0-common \ - php7.0-fpm \ - php7.0-gd \ - php7.0-json \ - php7.0-mysql \ - php7.0-readline \ - php7.0-curl \ - php7.0-intl \ - php7.0-ldap \ - php7.0-mcrypt \ - php7.0-xml \ - php7.0-mbstring \ - git \ - gosu \ - unzip \ - && apt-get clean \ - && rm -r /var/lib/apt/lists/* - -ENV APACHE_RUN_USER="www-data" \ - APACHE_RUN_GROUP="www-data" \ - APACHE_LOG_DIR="/var/log/apache2" \ - APACHE_LOCK_DIR="/var/lock/apache2" \ - APACHE_PID_FILE="/var/run/apache2.pid" \ - SYSPASS_DIR="/var/www/html/sysPass" \ - SYSPASS_UID=9001 - -WORKDIR /var/www/html - -LABEL build=19030701 - -# Custom sysPass Apache config with SSL by default -COPY ["syspass.conf", "/etc/apache2/sites-available/"] - -# Custom entrypoint -COPY entrypoint.sh init-functions /usr/local/sbin/ - -RUN chmod 755 /usr/local/sbin/entrypoint.sh \ - && a2dissite 000-default default-ssl \ - && a2ensite syspass \ - && a2enmod proxy_fcgi setenvif ssl rewrite \ - && a2enconf php7.0-fpm \ - && ln -sf /dev/stdout ${APACHE_LOG_DIR}/access.log \ - && ln -sf /dev/stderr ${APACHE_LOG_DIR}/error.log - -# sysPass dependencies -COPY --from=bootstrap /app/sysPass/ ${SYSPASS_DIR}/ - -# Composer binary -COPY --from=bootstrap /usr/bin/composer /usr/bin/ - -EXPOSE 80 443 - -ENTRYPOINT ["/usr/local/sbin/entrypoint.sh"] - -CMD ["apache"] diff --git a/syspass/sysPass-php7.0/docker-compose.yml b/syspass/sysPass-php7.0/docker-compose.yml deleted file mode 100644 index 93a5a11f7..000000000 --- a/syspass/sysPass-php7.0/docker-compose.yml +++ /dev/null @@ -1,29 +0,0 @@ -version: '2' -services: - app: - container_name: syspass-app - image: syspass/syspass:3.1.2 - restart: always - ports: - - "80" - - "443" - links: - - db - volumes: - - syspass-config:/var/www/html/sysPass/app/config - - syspass-backup:/var/www/html/sysPass/app/backup - db: - container_name: syspass-db - restart: always - image: mariadb:10.2 - environment: - - MYSQL_ROOT_PASSWORD=syspass - ports: - - "3306" - volumes: - - syspass-db:/var/lib/mysql - -volumes: - syspass-config: {} - syspass-backup: {} - syspass-db: {} diff --git a/syspass/sysPass-php7.0/entrypoint.sh b/syspass/sysPass-php7.0/entrypoint.sh deleted file mode 100755 index 762b71be1..000000000 --- a/syspass/sysPass-php7.0/entrypoint.sh +++ /dev/null @@ -1,130 +0,0 @@ -#!/bin/bash - -COLOR_NC='\033[0m' -COLOR_YELLOW='\033[0;33m' -COLOR_RED='\033[0;31m' -COLOR_GREEN='\033[0;32m' - -XDEBUG_REMOTE_HOST=${XDEBUG_REMOTE_HOST:-"172.17.0.1"} -XDEBUG_IDE_KEY=${XDEBUG_IDE_KEY:-"ide"} - -COMPOSER_OPTIONS="--working-dir ${SYSPASS_DIR} --classmap-authoritative" - -GOSU="gosu ${SYSPASS_UID}" - -if [ -e /usr/local/sbin/init-functions ]; then - . /usr/local/sbin/init-functions -fi - -setup_app () { - if [ -e "${SYSPASS_DIR}/index.php" ]; then - echo -e "${COLOR_YELLOW}setup_app: Setting up permissions${COLOR_NC}" - - RW_DIRS="${SYSPASS_DIR}/app/config \ - ${SYSPASS_DIR}/app/backup \ - ${SYSPASS_DIR}/app/cache \ - ${SYSPASS_DIR}/app/resources \ - ${SYSPASS_DIR}/app/temp" - - chown ${APACHE_RUN_USER}:${SYSPASS_UID} -R ${RW_DIRS} - - chmod 750 ${RW_DIRS} - - chown ${SYSPASS_UID}:${SYSPASS_UID} -R \ - ${SYSPASS_DIR}/app/modules/*/plugins \ - ${SYSPASS_DIR}/composer.json \ - ${SYSPASS_DIR}/composer.lock \ - ${SYSPASS_DIR}/vendor - fi -} - -setup_locales() { - if [ ! -e ".setup" ]; then - LOCALE_GEN="/etc/locale.gen" - - echo -e "${COLOR_YELLOW}setup_locales: Setting up locales${COLOR_NC}" - - echo -e "\n### sysPass locales" >> $LOCALE_GEN - echo "es_ES.UTF-8 UTF-8" >> $LOCALE_GEN - echo "en_US.UTF-8 UTF-8" >> $LOCALE_GEN - echo "en_GB.UTF-8 UTF-8" >> $LOCALE_GEN - echo "de_DE.UTF-8 UTF-8" >> $LOCALE_GEN - echo "ca_ES.UTF-8 UTF-8" >> $LOCALE_GEN - echo "fr_FR.UTF-8 UTF-8" >> $LOCALE_GEN - echo "ru_RU.UTF-8 UTF-8" >> $LOCALE_GEN - echo "pl_PL.UTF-8 UTF-8" >> $LOCALE_GEN - echo "nl_NL.UTF-8 UTF-8" >> $LOCALE_GEN - echo "pt_BR.UTF-8 UTF-8" >> $LOCALE_GEN - echo "da.UTF-8 UTF-8" >> $LOCALE_GEN - echo "it_IT.UTF-8 UTF-8" >> $LOCALE_GEN - echo "fo.UTF-8 UTF-8" >> $LOCALE_GEN - - echo 'LANG="en_US.UTF-8"' > /etc/default/locale - - dpkg-reconfigure --frontend=noninteractive locales - - update-locale LANG=en_US.UTF-8 - - export LANG=en_US.UTF-8 - - echo "1" > .setup - else - echo -e "${COLOR_YELLOW}setup_locales: Locales already set up${COLOR_NC}" - fi -} - -run_composer () { - pushd ${SYSPASS_DIR} - - if [ -e "./composer.lock" -a -e "composer.json" ]; then - echo -e "${COLOR_YELLOW}run_composer: Running composer${COLOR_NC}" - - ${GOSU} composer "$@" ${COMPOSER_OPTIONS} - else - echo -e "${COLOR_RED}run_composer: Error, composer not set up${COLOR_NC}" - fi - - popd -} - -setup_composer_extensions () { - if [ -n "${COMPOSER_EXTENSIONS}" ]; then - echo -e "${COLOR_YELLOW}setup_composer_extensions: ${COMPOSER_EXTENSIONS}${COLOR_NC}" - - run_composer require ${COMPOSER_EXTENSIONS} --update-no-dev - fi -} - -echo -e "${COLOR_YELLOW}entrypoint: Starting with UID : ${SYSPASS_UID}${COLOR_NC}" -id ${SYSPASS_UID} > /dev/null 2>&1 || useradd --shell /bin/bash -u ${SYSPASS_UID} -o -c "" -m user -export HOME=${SYSPASS_DIR} - -setup_app - -case "$1" in - "apache") - setup_composer_extensions - setup_locales - setup_apache - - SELF_IP_ADDRESS=$(grep $HOSTNAME /etc/hosts | cut -f1) - - echo -e "${COLOR_GREEN}######" - echo -e "sysPass environment installed and configured. Please point your browser to https://${SELF_IP_ADDRESS} to start the installation" - echo -e "######${COLOR_NC}" - echo -e "${COLOR_YELLOW}entrypoint: Starting Apache${COLOR_NC}" - - run_apache - ;; - "update") - run_composer update - ;; - "composer") - shift - run_composer "$@" - ;; - *) - echo -e "${COLOR_YELLOW}entrypoint: Starting $@${COLOR_NC}" - exec ${GOSU} "$@" - ;; -esac diff --git a/syspass/sysPass-php7.0/init-functions b/syspass/sysPass-php7.0/init-functions deleted file mode 100644 index 119900847..000000000 --- a/syspass/sysPass-php7.0/init-functions +++ /dev/null @@ -1,10 +0,0 @@ -setup_apache () { - return 0 -} - -run_apache () { - # Apache gets grumpy about PID files pre-existing - rm -f ${APACHE_PID_FILE} - - exec /usr/sbin/apache2ctl -DFOREGROUND -} diff --git a/syspass/sysPass-php7.0/syspass.conf b/syspass/sysPass-php7.0/syspass.conf deleted file mode 100644 index 2988abfd2..000000000 --- a/syspass/sysPass-php7.0/syspass.conf +++ /dev/null @@ -1,184 +0,0 @@ -RedirectMatch "^/$" "/index.php" - - - DirectoryIndex index.php - Options -Indexes -FollowSymLinks -Includes -ExecCGI - - - Require expr "%{REQUEST_URI} =~ m#.*/index\.php(\?r=)?#" - Require expr "%{REQUEST_URI} =~ m#.*/api\.php$#" - Require expr "%{REQUEST_URI} =~ m#^$#" - - - -# -# Require all granted -# - - - Require all granted - - - - # the server uses to identify itself. This is used when creating - # redirection URLs. In the context of virtual hosts, the ServerName - # specifies what hostname must appear in the request's Host: header to - # match this virtual host. For the default virtual host (this file) this - # value is not decisive as it is used as a last resort host regardless. - # However, you must set it for any further virtual host explicitly. - #ServerName www.example.com - - ServerAdmin webmaster@localhost - DocumentRoot /var/www/html/sysPass - - # Available loglevels: trace8, ..., trace1, debug, info, notice, warn, - # error, crit, alert, emerg. - # It is also possible to configure the loglevel for particular - # modules, e.g. - #LogLevel info ssl:warn - - ErrorLog ${APACHE_LOG_DIR}/error.log - CustomLog ${APACHE_LOG_DIR}/access.log combined - - - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteCond %{ENV:USE_SSL} "=yes" - RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L] - - - - - - ServerAdmin webmaster@localhost - DocumentRoot /var/www/html/sysPass - - # Available loglevels: trace8, ..., trace1, debug, info, notice, warn, - # error, crit, alert, emerg. - # It is also possible to configure the loglevel for particular - # modules, e.g. - #LogLevel info ssl:warn - - ErrorLog ${APACHE_LOG_DIR}/error.log - CustomLog ${APACHE_LOG_DIR}/access.log combined - - # For most configuration files from conf-available/, which are - # enabled or disabled at a global level, it is possible to - # include a line for only one particular virtual host. For example the - # following line enables the CGI configuration for this host only - # after it has been globally disabled with "a2disconf". - #Include conf-available/serve-cgi-bin.conf - - # SSL Engine Switch: - # Enable/Disable SSL for this virtual host. - SSLEngine on - - # A self-signed (snakeoil) certificate can be created by installing - # the ssl-cert package. See - # /usr/share/doc/apache2/README.Debian.gz for more info. - # If both key and certificate are stored in the same file, only the - # SSLCertificateFile directive is needed. - SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem - SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key - - # Server Certificate Chain: - # Point SSLCertificateChainFile at a file containing the - # concatenation of PEM encoded CA certificates which form the - # certificate chain for the server certificate. Alternatively - # the referenced file can be the same as SSLCertificateFile - # when the CA certificates are directly appended to the server - # certificate for convinience. - #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt - - # Certificate Authority (CA): - # Set the CA certificate verification path where to find CA - # certificates for client authentication or alternatively one - # huge file containing all of them (file must be PEM encoded) - # Note: Inside SSLCACertificatePath you need hash symlinks - # to point to the certificate files. Use the provided - # Makefile to update the hash symlinks after changes. - #SSLCACertificatePath /etc/ssl/certs/ - #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt - - # Certificate Revocation Lists (CRL): - # Set the CA revocation path where to find CA CRLs for client - # authentication or alternatively one huge file containing all - # of them (file must be PEM encoded) - # Note: Inside SSLCARevocationPath you need hash symlinks - # to point to the certificate files. Use the provided - # Makefile to update the hash symlinks after changes. - #SSLCARevocationPath /etc/apache2/ssl.crl/ - #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl - - # Client Authentication (Type): - # Client certificate verification type and depth. Types are - # none, optional, require and optional_no_ca. Depth is a - # number which specifies how deeply to verify the certificate - # issuer chain before deciding the certificate is not valid. - #SSLVerifyClient require - #SSLVerifyDepth 10 - - # SSL Engine Options: - # Set various options for the SSL engine. - # o FakeBasicAuth: - # Translate the client X.509 into a Basic Authorisation. This means that - # the standard Auth/DBMAuth methods can be used for access control. The - # user name is the `one line' version of the client's X.509 certificate. - # Note that no password is obtained from the user. Every entry in the user - # file needs this password: `xxj31ZMTZzkVA'. - # o ExportCertData: - # This exports two additional environment variables: SSL_CLIENT_CERT and - # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the - # server (always existing) and the client (only existing when client - # authentication is used). This can be used to import the certificates - # into CGI scripts. - # o StdEnvVars: - # This exports the standard SSL/TLS related `SSL_*' environment variables. - # Per default this exportation is switched off for performance reasons, - # because the extraction step is an expensive operation and is usually - # useless for serving static content. So one usually enables the - # exportation for CGI and SSI requests only. - # o OptRenegotiate: - # This enables optimized SSL connection renegotiation handling when SSL - # directives are used in per-directory context. - #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire - - SSLOptions +StdEnvVars - - - SSLOptions +StdEnvVars - - - # SSL Protocol Adjustments: - # The safe and default but still SSL/TLS standard compliant shutdown - # approach is that mod_ssl sends the close notify alert but doesn't wait for - # the close notify alert from client. When you need a different shutdown - # approach you can use one of the following variables: - # o ssl-unclean-shutdown: - # This forces an unclean shutdown when the connection is closed, i.e. no - # SSL close notify alert is send or allowed to received. This violates - # the SSL/TLS standard but is needed for some brain-dead browsers. Use - # this when you receive I/O errors because of the standard approach where - # mod_ssl sends the close notify alert. - # o ssl-accurate-shutdown: - # This forces an accurate shutdown when the connection is closed, i.e. a - # SSL close notify alert is send and mod_ssl waits for the close notify - # alert of the client. This is 100% SSL/TLS standard compliant, but in - # practice often causes hanging connections with brain-dead browsers. Use - # this only for browsers where you know that their SSL implementation - # works correctly. - # Notice: Most problems of broken clients are also related to the HTTP - # keep-alive facility, so you usually additionally want to disable - # keep-alive for those clients, too. Use variable "nokeepalive" for this. - # Similarly, one has to force some clients to use HTTP/1.0 to workaround - # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and - # "force-response-1.0" for this. - BrowserMatch "MSIE [2-6]" \ - nokeepalive ssl-unclean-shutdown \ - downgrade-1.0 force-response-1.0 - # MSIE 7 and newer should be able to use keepalive - BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown - - - -# vim: syntax=apache ts=2 sw=2 sts=2 sr noet diff --git a/syspass/sysPass-php7.0_dev/20-xdebug.ini b/syspass/sysPass-php7.0_dev/20-xdebug.ini deleted file mode 100644 index e9f48c289..000000000 --- a/syspass/sysPass-php7.0_dev/20-xdebug.ini +++ /dev/null @@ -1,43 +0,0 @@ -zend_extension=xdebug.so - -[debug] -; Remote settings -xdebug.remote_autostart=off -xdebug.remote_enable=on -xdebug.remote_handler=dbgp -xdebug.remote_mode=req -xdebug.remote_host=__XDEBUG_REMOTE_HOST__ -xdebug.remote_port=9000 -;xdebug.remote_log=/tmp/xdebug.log - -; General -xdebug.auto_trace=off -xdebug.collect_includes=on -xdebug.collect_params=off -xdebug.collect_return=off -xdebug.default_enable=on -xdebug.extended_info=1 -xdebug.manual_url=http://www.php.net -xdebug.show_local_vars=0 -xdebug.show_mem_delta=1 -xdebug.max_nesting_level=100 -xdebug.idekey=__XDEBUG_IDE_KEY__ -xdebug.force_display_errors=1 - -; Trace options -xdebug.trace_format=0 -xdebug.trace_output_dir=/tmp -xdebug.trace_options=0 -xdebug.trace_output_name=crc32 - -; Profiling -xdebug.profiler_append=1 -xdebug.profiler_enable=0 -xdebug.profiler_enable_trigger=1 -xdebug.profiler_output_dir=/tmp -xdebug.profiler_output_name=cachegring.out.%t -;xdebug.profiler_output_name=cachegring.out.%p -;xdebug.profiler_output_name=cachegring.out -;xdebug.profiler_output_name=cachegring.out.%R.%t - -xdebug.var_display_max_depth=5 diff --git a/syspass/sysPass-php7.0_dev/Dockerfile b/syspass/sysPass-php7.0_dev/Dockerfile deleted file mode 100644 index fc61436e6..000000000 --- a/syspass/sysPass-php7.0_dev/Dockerfile +++ /dev/null @@ -1,91 +0,0 @@ -# -# https://syspass.org -# https://doc.syspass.org -# -FROM composer:1.7 as bootstrap - -ENV SYSPASS_BRANCH="master" - -RUN git clone --branch ${SYSPASS_BRANCH} https://github.com/nuxsmin/sysPass.git \ - && composer install \ - --ignore-platform-reqs \ - --no-interaction \ - --no-plugins \ - --no-scripts \ - --prefer-dist \ - --optimize-autoloader \ - --working-dir /app/sysPass - -FROM debian:stretch as app - -LABEL maintainer=nuxsmin@syspass.org version=3.1.2 php=7.0 environment=debug - -RUN apt-get update \ - && DEBIAN_FRONTEND=noninteractive apt-get -y install \ - locales \ - apache2 \ - libapache2-mod-php7.0 \ - php-pear \ - php7.0 \ - php7.0-cgi \ - php7.0-cli \ - php7.0-common \ - php7.0-fpm \ - php7.0-gd \ - php7.0-json \ - php7.0-mysql \ - php7.0-readline \ - php7.0-curl \ - php7.0-intl \ - php7.0-ldap \ - php7.0-mcrypt \ - php7.0-xml \ - php7.0-mbstring \ - php7.0-xdebug \ - git \ - gosu \ - unzip \ - && apt-get clean \ - && rm -r /var/lib/apt/lists/* - -ENV APACHE_RUN_USER="www-data" \ - APACHE_RUN_GROUP="www-data" \ - APACHE_LOG_DIR="/var/log/apache2" \ - APACHE_LOCK_DIR="/var/lock/apache2" \ - APACHE_PID_FILE="/var/run/apache2.pid" \ - SYSPASS_DIR="/var/www/html/sysPass" \ - SYSPASS_UID=9001 \ - SYSPASS_DEV=0 - -WORKDIR /var/www/html - -LABEL build=19030701 - -# Custom sysPass Apache config with SSL by default -COPY ["syspass.conf", "/etc/apache2/sites-available/"] - -# Xdebug module config -COPY 20-xdebug.ini /etc/php/7.0/apache2/conf.d/20-xdebug.ini - -# Custom entrypoint -COPY entrypoint.sh init-functions /usr/local/sbin/ - -RUN chmod 755 /usr/local/sbin/entrypoint.sh \ - && a2dissite 000-default default-ssl \ - && a2ensite syspass \ - && a2enmod proxy_fcgi setenvif ssl rewrite \ - && a2enconf php7.0-fpm \ - && ln -sf /dev/stdout ${APACHE_LOG_DIR}/access.log \ - && ln -sf /dev/stderr ${APACHE_LOG_DIR}/error.log - -# sysPass dependencies -COPY --from=bootstrap /app/sysPass/ ${SYSPASS_DIR}/ - -# Composer binary -COPY --from=bootstrap /usr/bin/composer /usr/bin/ - -EXPOSE 80 443 - -ENTRYPOINT ["/usr/local/sbin/entrypoint.sh"] - -CMD ["apache"] diff --git a/syspass/sysPass-php7.0_dev/docker-compose.yml b/syspass/sysPass-php7.0_dev/docker-compose.yml deleted file mode 100644 index bc86b7ae3..000000000 --- a/syspass/sysPass-php7.0_dev/docker-compose.yml +++ /dev/null @@ -1,29 +0,0 @@ -version: '2' -services: - app: - container_name: syspass-app - image: syspass/syspass:3.1.2-dev - restart: always - ports: - - "80" - - "443" - links: - - db - volumes: - - syspass-config:/var/www/html/sysPass/app/config - - syspass-backup:/var/www/html/sysPass/app/backup - db: - container_name: syspass-db - restart: always - image: mariadb:10.2 - environment: - - MYSQL_ROOT_PASSWORD=syspass - ports: - - "3306" - volumes: - - syspass-db:/var/lib/mysql - -volumes: - syspass-config: {} - syspass-backup: {} - syspass-db: {} diff --git a/syspass/sysPass-php7.0_dev/entrypoint.sh b/syspass/sysPass-php7.0_dev/entrypoint.sh deleted file mode 100755 index 762b71be1..000000000 --- a/syspass/sysPass-php7.0_dev/entrypoint.sh +++ /dev/null @@ -1,130 +0,0 @@ -#!/bin/bash - -COLOR_NC='\033[0m' -COLOR_YELLOW='\033[0;33m' -COLOR_RED='\033[0;31m' -COLOR_GREEN='\033[0;32m' - -XDEBUG_REMOTE_HOST=${XDEBUG_REMOTE_HOST:-"172.17.0.1"} -XDEBUG_IDE_KEY=${XDEBUG_IDE_KEY:-"ide"} - -COMPOSER_OPTIONS="--working-dir ${SYSPASS_DIR} --classmap-authoritative" - -GOSU="gosu ${SYSPASS_UID}" - -if [ -e /usr/local/sbin/init-functions ]; then - . /usr/local/sbin/init-functions -fi - -setup_app () { - if [ -e "${SYSPASS_DIR}/index.php" ]; then - echo -e "${COLOR_YELLOW}setup_app: Setting up permissions${COLOR_NC}" - - RW_DIRS="${SYSPASS_DIR}/app/config \ - ${SYSPASS_DIR}/app/backup \ - ${SYSPASS_DIR}/app/cache \ - ${SYSPASS_DIR}/app/resources \ - ${SYSPASS_DIR}/app/temp" - - chown ${APACHE_RUN_USER}:${SYSPASS_UID} -R ${RW_DIRS} - - chmod 750 ${RW_DIRS} - - chown ${SYSPASS_UID}:${SYSPASS_UID} -R \ - ${SYSPASS_DIR}/app/modules/*/plugins \ - ${SYSPASS_DIR}/composer.json \ - ${SYSPASS_DIR}/composer.lock \ - ${SYSPASS_DIR}/vendor - fi -} - -setup_locales() { - if [ ! -e ".setup" ]; then - LOCALE_GEN="/etc/locale.gen" - - echo -e "${COLOR_YELLOW}setup_locales: Setting up locales${COLOR_NC}" - - echo -e "\n### sysPass locales" >> $LOCALE_GEN - echo "es_ES.UTF-8 UTF-8" >> $LOCALE_GEN - echo "en_US.UTF-8 UTF-8" >> $LOCALE_GEN - echo "en_GB.UTF-8 UTF-8" >> $LOCALE_GEN - echo "de_DE.UTF-8 UTF-8" >> $LOCALE_GEN - echo "ca_ES.UTF-8 UTF-8" >> $LOCALE_GEN - echo "fr_FR.UTF-8 UTF-8" >> $LOCALE_GEN - echo "ru_RU.UTF-8 UTF-8" >> $LOCALE_GEN - echo "pl_PL.UTF-8 UTF-8" >> $LOCALE_GEN - echo "nl_NL.UTF-8 UTF-8" >> $LOCALE_GEN - echo "pt_BR.UTF-8 UTF-8" >> $LOCALE_GEN - echo "da.UTF-8 UTF-8" >> $LOCALE_GEN - echo "it_IT.UTF-8 UTF-8" >> $LOCALE_GEN - echo "fo.UTF-8 UTF-8" >> $LOCALE_GEN - - echo 'LANG="en_US.UTF-8"' > /etc/default/locale - - dpkg-reconfigure --frontend=noninteractive locales - - update-locale LANG=en_US.UTF-8 - - export LANG=en_US.UTF-8 - - echo "1" > .setup - else - echo -e "${COLOR_YELLOW}setup_locales: Locales already set up${COLOR_NC}" - fi -} - -run_composer () { - pushd ${SYSPASS_DIR} - - if [ -e "./composer.lock" -a -e "composer.json" ]; then - echo -e "${COLOR_YELLOW}run_composer: Running composer${COLOR_NC}" - - ${GOSU} composer "$@" ${COMPOSER_OPTIONS} - else - echo -e "${COLOR_RED}run_composer: Error, composer not set up${COLOR_NC}" - fi - - popd -} - -setup_composer_extensions () { - if [ -n "${COMPOSER_EXTENSIONS}" ]; then - echo -e "${COLOR_YELLOW}setup_composer_extensions: ${COMPOSER_EXTENSIONS}${COLOR_NC}" - - run_composer require ${COMPOSER_EXTENSIONS} --update-no-dev - fi -} - -echo -e "${COLOR_YELLOW}entrypoint: Starting with UID : ${SYSPASS_UID}${COLOR_NC}" -id ${SYSPASS_UID} > /dev/null 2>&1 || useradd --shell /bin/bash -u ${SYSPASS_UID} -o -c "" -m user -export HOME=${SYSPASS_DIR} - -setup_app - -case "$1" in - "apache") - setup_composer_extensions - setup_locales - setup_apache - - SELF_IP_ADDRESS=$(grep $HOSTNAME /etc/hosts | cut -f1) - - echo -e "${COLOR_GREEN}######" - echo -e "sysPass environment installed and configured. Please point your browser to https://${SELF_IP_ADDRESS} to start the installation" - echo -e "######${COLOR_NC}" - echo -e "${COLOR_YELLOW}entrypoint: Starting Apache${COLOR_NC}" - - run_apache - ;; - "update") - run_composer update - ;; - "composer") - shift - run_composer "$@" - ;; - *) - echo -e "${COLOR_YELLOW}entrypoint: Starting $@${COLOR_NC}" - exec ${GOSU} "$@" - ;; -esac diff --git a/syspass/sysPass-php7.0_dev/init-functions b/syspass/sysPass-php7.0_dev/init-functions deleted file mode 100644 index 94c7a7952..000000000 --- a/syspass/sysPass-php7.0_dev/init-functions +++ /dev/null @@ -1,19 +0,0 @@ -if [ ${SYSPASS_DEV} -eq 1 ]; then - COMPOSER_OPTIONS="--working-dir ${SYSPASS_DIR} --optimize-autoloader --dev" -fi - -setup_apache () { - if [ ! -e "/etc/php/7.0/apache2/conf.d/20-xdebug.ini" -o ${SYSPASS_DEV} -eq 0 ]; then - return 0 - fi - - echo -e "${COLOR_YELLOW}setup_apache: Setting up xdebug variables${COLOR_NC}" - sed -i 's/__XDEBUG_REMOTE_HOST__/'"$XDEBUG_REMOTE_HOST"'/; s/__XDEBUG_IDE_KEY__/'"$XDEBUG_IDE_KEY"'/' /etc/php/7.0/apache2/conf.d/20-xdebug.ini -} - -run_apache () { - # Apache gets grumpy about PID files pre-existing - rm -f ${APACHE_PID_FILE} - - exec /usr/sbin/apache2ctl -DFOREGROUND -} diff --git a/syspass/sysPass-php7.0_dev/syspass.conf b/syspass/sysPass-php7.0_dev/syspass.conf deleted file mode 100644 index 2988abfd2..000000000 --- a/syspass/sysPass-php7.0_dev/syspass.conf +++ /dev/null @@ -1,184 +0,0 @@ -RedirectMatch "^/$" "/index.php" - - - DirectoryIndex index.php - Options -Indexes -FollowSymLinks -Includes -ExecCGI - - - Require expr "%{REQUEST_URI} =~ m#.*/index\.php(\?r=)?#" - Require expr "%{REQUEST_URI} =~ m#.*/api\.php$#" - Require expr "%{REQUEST_URI} =~ m#^$#" - - - -# -# Require all granted -# - - - Require all granted - - - - # the server uses to identify itself. This is used when creating - # redirection URLs. In the context of virtual hosts, the ServerName - # specifies what hostname must appear in the request's Host: header to - # match this virtual host. For the default virtual host (this file) this - # value is not decisive as it is used as a last resort host regardless. - # However, you must set it for any further virtual host explicitly. - #ServerName www.example.com - - ServerAdmin webmaster@localhost - DocumentRoot /var/www/html/sysPass - - # Available loglevels: trace8, ..., trace1, debug, info, notice, warn, - # error, crit, alert, emerg. - # It is also possible to configure the loglevel for particular - # modules, e.g. - #LogLevel info ssl:warn - - ErrorLog ${APACHE_LOG_DIR}/error.log - CustomLog ${APACHE_LOG_DIR}/access.log combined - - - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteCond %{ENV:USE_SSL} "=yes" - RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L] - - - - - - ServerAdmin webmaster@localhost - DocumentRoot /var/www/html/sysPass - - # Available loglevels: trace8, ..., trace1, debug, info, notice, warn, - # error, crit, alert, emerg. - # It is also possible to configure the loglevel for particular - # modules, e.g. - #LogLevel info ssl:warn - - ErrorLog ${APACHE_LOG_DIR}/error.log - CustomLog ${APACHE_LOG_DIR}/access.log combined - - # For most configuration files from conf-available/, which are - # enabled or disabled at a global level, it is possible to - # include a line for only one particular virtual host. For example the - # following line enables the CGI configuration for this host only - # after it has been globally disabled with "a2disconf". - #Include conf-available/serve-cgi-bin.conf - - # SSL Engine Switch: - # Enable/Disable SSL for this virtual host. - SSLEngine on - - # A self-signed (snakeoil) certificate can be created by installing - # the ssl-cert package. See - # /usr/share/doc/apache2/README.Debian.gz for more info. - # If both key and certificate are stored in the same file, only the - # SSLCertificateFile directive is needed. - SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem - SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key - - # Server Certificate Chain: - # Point SSLCertificateChainFile at a file containing the - # concatenation of PEM encoded CA certificates which form the - # certificate chain for the server certificate. Alternatively - # the referenced file can be the same as SSLCertificateFile - # when the CA certificates are directly appended to the server - # certificate for convinience. - #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt - - # Certificate Authority (CA): - # Set the CA certificate verification path where to find CA - # certificates for client authentication or alternatively one - # huge file containing all of them (file must be PEM encoded) - # Note: Inside SSLCACertificatePath you need hash symlinks - # to point to the certificate files. Use the provided - # Makefile to update the hash symlinks after changes. - #SSLCACertificatePath /etc/ssl/certs/ - #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt - - # Certificate Revocation Lists (CRL): - # Set the CA revocation path where to find CA CRLs for client - # authentication or alternatively one huge file containing all - # of them (file must be PEM encoded) - # Note: Inside SSLCARevocationPath you need hash symlinks - # to point to the certificate files. Use the provided - # Makefile to update the hash symlinks after changes. - #SSLCARevocationPath /etc/apache2/ssl.crl/ - #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl - - # Client Authentication (Type): - # Client certificate verification type and depth. Types are - # none, optional, require and optional_no_ca. Depth is a - # number which specifies how deeply to verify the certificate - # issuer chain before deciding the certificate is not valid. - #SSLVerifyClient require - #SSLVerifyDepth 10 - - # SSL Engine Options: - # Set various options for the SSL engine. - # o FakeBasicAuth: - # Translate the client X.509 into a Basic Authorisation. This means that - # the standard Auth/DBMAuth methods can be used for access control. The - # user name is the `one line' version of the client's X.509 certificate. - # Note that no password is obtained from the user. Every entry in the user - # file needs this password: `xxj31ZMTZzkVA'. - # o ExportCertData: - # This exports two additional environment variables: SSL_CLIENT_CERT and - # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the - # server (always existing) and the client (only existing when client - # authentication is used). This can be used to import the certificates - # into CGI scripts. - # o StdEnvVars: - # This exports the standard SSL/TLS related `SSL_*' environment variables. - # Per default this exportation is switched off for performance reasons, - # because the extraction step is an expensive operation and is usually - # useless for serving static content. So one usually enables the - # exportation for CGI and SSI requests only. - # o OptRenegotiate: - # This enables optimized SSL connection renegotiation handling when SSL - # directives are used in per-directory context. - #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire - - SSLOptions +StdEnvVars - - - SSLOptions +StdEnvVars - - - # SSL Protocol Adjustments: - # The safe and default but still SSL/TLS standard compliant shutdown - # approach is that mod_ssl sends the close notify alert but doesn't wait for - # the close notify alert from client. When you need a different shutdown - # approach you can use one of the following variables: - # o ssl-unclean-shutdown: - # This forces an unclean shutdown when the connection is closed, i.e. no - # SSL close notify alert is send or allowed to received. This violates - # the SSL/TLS standard but is needed for some brain-dead browsers. Use - # this when you receive I/O errors because of the standard approach where - # mod_ssl sends the close notify alert. - # o ssl-accurate-shutdown: - # This forces an accurate shutdown when the connection is closed, i.e. a - # SSL close notify alert is send and mod_ssl waits for the close notify - # alert of the client. This is 100% SSL/TLS standard compliant, but in - # practice often causes hanging connections with brain-dead browsers. Use - # this only for browsers where you know that their SSL implementation - # works correctly. - # Notice: Most problems of broken clients are also related to the HTTP - # keep-alive facility, so you usually additionally want to disable - # keep-alive for those clients, too. Use variable "nokeepalive" for this. - # Similarly, one has to force some clients to use HTTP/1.0 to workaround - # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and - # "force-response-1.0" for this. - BrowserMatch "MSIE [2-6]" \ - nokeepalive ssl-unclean-shutdown \ - downgrade-1.0 force-response-1.0 - # MSIE 7 and newer should be able to use keepalive - BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown - - - -# vim: syntax=apache ts=2 sw=2 sts=2 sr noet diff --git a/syspass/sysPass-php7.1/Dockerfile b/syspass/sysPass-php7.1/Dockerfile deleted file mode 100644 index b8e5540f2..000000000 --- a/syspass/sysPass-php7.1/Dockerfile +++ /dev/null @@ -1,79 +0,0 @@ -# -# https://syspass.org -# https://doc.syspass.org -# - -FROM composer:1.7 as bootstrap - -ENV SYSPASS_BRANCH="master" - -RUN git clone --branch ${SYSPASS_BRANCH} https://github.com/nuxsmin/sysPass.git \ - && composer install \ - --ignore-platform-reqs \ - --no-interaction \ - --no-plugins \ - --no-scripts \ - --prefer-dist \ - --optimize-autoloader \ - --working-dir /app/sysPass - -FROM php:7.1-apache-stretch as app - -LABEL maintainer=nuxsmin@syspass.org version=3.1.2 php=7.1 - -RUN apt-get update \ - && DEBIAN_FRONTEND=noninteractive apt-get -y install \ - locales \ - git \ - gosu \ - libicu-dev \ - libldb-dev \ - libldap2-dev \ - libfreetype6-dev \ - libjpeg62-turbo-dev \ - libpng-dev \ - unzip \ - ssl-cert \ - && apt-get clean \ - && rm -r /var/lib/apt/lists/* \ - && pecl install xdebug-2.6.0 \ - && docker-php-ext-configure gd --with-freetype-dir=/usr/include/ --with-jpeg-dir=/usr/include/ \ - && docker-php-ext-install -j$(nproc) ldap intl gettext pdo_mysql opcache gd \ - && docker-php-ext-enable ldap xdebug intl pdo_mysql - -ENV APACHE_RUN_USER="www-data" \ - SYSPASS_DIR="/var/www/html/sysPass" \ - SYSPASS_UID=9001 \ - SYSPASS_DEV=0 - -WORKDIR /var/www/html - -LABEL build=19030701 - -# Custom sysPass Apache config with SSL by default -COPY ["syspass.conf", "/etc/apache2/sites-available/"] - -# Xdebug module config -COPY xdebug.ini /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini - -# Custom entrypoint -COPY entrypoint.sh init-functions /usr/local/sbin/ - -RUN chmod 755 /usr/local/sbin/entrypoint.sh \ - && a2dissite 000-default default-ssl \ - && a2ensite syspass \ - && a2enmod proxy_fcgi setenvif ssl rewrite \ - && ln -sf /dev/stdout ${APACHE_LOG_DIR}/access.log \ - && ln -sf /dev/stderr ${APACHE_LOG_DIR}/error.log - -# sysPass dependencies -COPY --from=bootstrap /app/sysPass/ ${SYSPASS_DIR}/ - -# Composer binary -COPY --from=bootstrap /usr/bin/composer /usr/bin/ - -EXPOSE 80 443 - -ENTRYPOINT ["/usr/local/sbin/entrypoint.sh"] - -CMD ["apache"] diff --git a/syspass/sysPass-php7.1/docker-compose.yml b/syspass/sysPass-php7.1/docker-compose.yml deleted file mode 100644 index 936b0018f..000000000 --- a/syspass/sysPass-php7.1/docker-compose.yml +++ /dev/null @@ -1,24 +0,0 @@ -version: '2' -services: - app: - container_name: syspass-app - image: syspass/syspass:3.1.2-php7.1 - restart: always - ports: - - "80" - - "443" - links: - - db - volumes: - - /var/www/html/sysPass/app/config - - /var/www/html/sysPass/app/backup - db: - container_name: syspass-db - restart: always - image: mariadb:10.2 - environment: - - MYSQL_ROOT_PASSWORD=syspass - ports: - - "3306" - volumes: - - /var/lib/mysql diff --git a/syspass/sysPass-php7.1/entrypoint.sh b/syspass/sysPass-php7.1/entrypoint.sh deleted file mode 100755 index 762b71be1..000000000 --- a/syspass/sysPass-php7.1/entrypoint.sh +++ /dev/null @@ -1,130 +0,0 @@ -#!/bin/bash - -COLOR_NC='\033[0m' -COLOR_YELLOW='\033[0;33m' -COLOR_RED='\033[0;31m' -COLOR_GREEN='\033[0;32m' - -XDEBUG_REMOTE_HOST=${XDEBUG_REMOTE_HOST:-"172.17.0.1"} -XDEBUG_IDE_KEY=${XDEBUG_IDE_KEY:-"ide"} - -COMPOSER_OPTIONS="--working-dir ${SYSPASS_DIR} --classmap-authoritative" - -GOSU="gosu ${SYSPASS_UID}" - -if [ -e /usr/local/sbin/init-functions ]; then - . /usr/local/sbin/init-functions -fi - -setup_app () { - if [ -e "${SYSPASS_DIR}/index.php" ]; then - echo -e "${COLOR_YELLOW}setup_app: Setting up permissions${COLOR_NC}" - - RW_DIRS="${SYSPASS_DIR}/app/config \ - ${SYSPASS_DIR}/app/backup \ - ${SYSPASS_DIR}/app/cache \ - ${SYSPASS_DIR}/app/resources \ - ${SYSPASS_DIR}/app/temp" - - chown ${APACHE_RUN_USER}:${SYSPASS_UID} -R ${RW_DIRS} - - chmod 750 ${RW_DIRS} - - chown ${SYSPASS_UID}:${SYSPASS_UID} -R \ - ${SYSPASS_DIR}/app/modules/*/plugins \ - ${SYSPASS_DIR}/composer.json \ - ${SYSPASS_DIR}/composer.lock \ - ${SYSPASS_DIR}/vendor - fi -} - -setup_locales() { - if [ ! -e ".setup" ]; then - LOCALE_GEN="/etc/locale.gen" - - echo -e "${COLOR_YELLOW}setup_locales: Setting up locales${COLOR_NC}" - - echo -e "\n### sysPass locales" >> $LOCALE_GEN - echo "es_ES.UTF-8 UTF-8" >> $LOCALE_GEN - echo "en_US.UTF-8 UTF-8" >> $LOCALE_GEN - echo "en_GB.UTF-8 UTF-8" >> $LOCALE_GEN - echo "de_DE.UTF-8 UTF-8" >> $LOCALE_GEN - echo "ca_ES.UTF-8 UTF-8" >> $LOCALE_GEN - echo "fr_FR.UTF-8 UTF-8" >> $LOCALE_GEN - echo "ru_RU.UTF-8 UTF-8" >> $LOCALE_GEN - echo "pl_PL.UTF-8 UTF-8" >> $LOCALE_GEN - echo "nl_NL.UTF-8 UTF-8" >> $LOCALE_GEN - echo "pt_BR.UTF-8 UTF-8" >> $LOCALE_GEN - echo "da.UTF-8 UTF-8" >> $LOCALE_GEN - echo "it_IT.UTF-8 UTF-8" >> $LOCALE_GEN - echo "fo.UTF-8 UTF-8" >> $LOCALE_GEN - - echo 'LANG="en_US.UTF-8"' > /etc/default/locale - - dpkg-reconfigure --frontend=noninteractive locales - - update-locale LANG=en_US.UTF-8 - - export LANG=en_US.UTF-8 - - echo "1" > .setup - else - echo -e "${COLOR_YELLOW}setup_locales: Locales already set up${COLOR_NC}" - fi -} - -run_composer () { - pushd ${SYSPASS_DIR} - - if [ -e "./composer.lock" -a -e "composer.json" ]; then - echo -e "${COLOR_YELLOW}run_composer: Running composer${COLOR_NC}" - - ${GOSU} composer "$@" ${COMPOSER_OPTIONS} - else - echo -e "${COLOR_RED}run_composer: Error, composer not set up${COLOR_NC}" - fi - - popd -} - -setup_composer_extensions () { - if [ -n "${COMPOSER_EXTENSIONS}" ]; then - echo -e "${COLOR_YELLOW}setup_composer_extensions: ${COMPOSER_EXTENSIONS}${COLOR_NC}" - - run_composer require ${COMPOSER_EXTENSIONS} --update-no-dev - fi -} - -echo -e "${COLOR_YELLOW}entrypoint: Starting with UID : ${SYSPASS_UID}${COLOR_NC}" -id ${SYSPASS_UID} > /dev/null 2>&1 || useradd --shell /bin/bash -u ${SYSPASS_UID} -o -c "" -m user -export HOME=${SYSPASS_DIR} - -setup_app - -case "$1" in - "apache") - setup_composer_extensions - setup_locales - setup_apache - - SELF_IP_ADDRESS=$(grep $HOSTNAME /etc/hosts | cut -f1) - - echo -e "${COLOR_GREEN}######" - echo -e "sysPass environment installed and configured. Please point your browser to https://${SELF_IP_ADDRESS} to start the installation" - echo -e "######${COLOR_NC}" - echo -e "${COLOR_YELLOW}entrypoint: Starting Apache${COLOR_NC}" - - run_apache - ;; - "update") - run_composer update - ;; - "composer") - shift - run_composer "$@" - ;; - *) - echo -e "${COLOR_YELLOW}entrypoint: Starting $@${COLOR_NC}" - exec ${GOSU} "$@" - ;; -esac diff --git a/syspass/sysPass-php7.1/init-functions b/syspass/sysPass-php7.1/init-functions deleted file mode 100644 index e34a182ca..000000000 --- a/syspass/sysPass-php7.1/init-functions +++ /dev/null @@ -1,17 +0,0 @@ -if [ ${SYSPASS_DEV} -eq 1 ]; then - COMPOSER_OPTIONS="--working-dir ${SYSPASS_DIR} --optimize-autoloader --dev" -fi - -setup_apache () { - if [ ${SYSPASS_DEV} -eq 0 ]; then - return 0 - fi - - echo -e "${COLOR_YELLOW}setup_apache: Setting up xdebug variables${COLOR_NC}" - sed -i 's/__XDEBUG_REMOTE_HOST__/'"$XDEBUG_REMOTE_HOST"'/' /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini - sed -i 's/__XDEBUG_IDE_KEY__/'"$XDEBUG_IDE_KEY"'/' /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini -} - -run_apache () { - apache2-foreground -} diff --git a/syspass/sysPass-php7.1/syspass.conf b/syspass/sysPass-php7.1/syspass.conf deleted file mode 100644 index 2988abfd2..000000000 --- a/syspass/sysPass-php7.1/syspass.conf +++ /dev/null @@ -1,184 +0,0 @@ -RedirectMatch "^/$" "/index.php" - - - DirectoryIndex index.php - Options -Indexes -FollowSymLinks -Includes -ExecCGI - - - Require expr "%{REQUEST_URI} =~ m#.*/index\.php(\?r=)?#" - Require expr "%{REQUEST_URI} =~ m#.*/api\.php$#" - Require expr "%{REQUEST_URI} =~ m#^$#" - - - -# -# Require all granted -# - - - Require all granted - - - - # the server uses to identify itself. This is used when creating - # redirection URLs. In the context of virtual hosts, the ServerName - # specifies what hostname must appear in the request's Host: header to - # match this virtual host. For the default virtual host (this file) this - # value is not decisive as it is used as a last resort host regardless. - # However, you must set it for any further virtual host explicitly. - #ServerName www.example.com - - ServerAdmin webmaster@localhost - DocumentRoot /var/www/html/sysPass - - # Available loglevels: trace8, ..., trace1, debug, info, notice, warn, - # error, crit, alert, emerg. - # It is also possible to configure the loglevel for particular - # modules, e.g. - #LogLevel info ssl:warn - - ErrorLog ${APACHE_LOG_DIR}/error.log - CustomLog ${APACHE_LOG_DIR}/access.log combined - - - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteCond %{ENV:USE_SSL} "=yes" - RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L] - - - - - - ServerAdmin webmaster@localhost - DocumentRoot /var/www/html/sysPass - - # Available loglevels: trace8, ..., trace1, debug, info, notice, warn, - # error, crit, alert, emerg. - # It is also possible to configure the loglevel for particular - # modules, e.g. - #LogLevel info ssl:warn - - ErrorLog ${APACHE_LOG_DIR}/error.log - CustomLog ${APACHE_LOG_DIR}/access.log combined - - # For most configuration files from conf-available/, which are - # enabled or disabled at a global level, it is possible to - # include a line for only one particular virtual host. For example the - # following line enables the CGI configuration for this host only - # after it has been globally disabled with "a2disconf". - #Include conf-available/serve-cgi-bin.conf - - # SSL Engine Switch: - # Enable/Disable SSL for this virtual host. - SSLEngine on - - # A self-signed (snakeoil) certificate can be created by installing - # the ssl-cert package. See - # /usr/share/doc/apache2/README.Debian.gz for more info. - # If both key and certificate are stored in the same file, only the - # SSLCertificateFile directive is needed. - SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem - SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key - - # Server Certificate Chain: - # Point SSLCertificateChainFile at a file containing the - # concatenation of PEM encoded CA certificates which form the - # certificate chain for the server certificate. Alternatively - # the referenced file can be the same as SSLCertificateFile - # when the CA certificates are directly appended to the server - # certificate for convinience. - #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt - - # Certificate Authority (CA): - # Set the CA certificate verification path where to find CA - # certificates for client authentication or alternatively one - # huge file containing all of them (file must be PEM encoded) - # Note: Inside SSLCACertificatePath you need hash symlinks - # to point to the certificate files. Use the provided - # Makefile to update the hash symlinks after changes. - #SSLCACertificatePath /etc/ssl/certs/ - #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt - - # Certificate Revocation Lists (CRL): - # Set the CA revocation path where to find CA CRLs for client - # authentication or alternatively one huge file containing all - # of them (file must be PEM encoded) - # Note: Inside SSLCARevocationPath you need hash symlinks - # to point to the certificate files. Use the provided - # Makefile to update the hash symlinks after changes. - #SSLCARevocationPath /etc/apache2/ssl.crl/ - #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl - - # Client Authentication (Type): - # Client certificate verification type and depth. Types are - # none, optional, require and optional_no_ca. Depth is a - # number which specifies how deeply to verify the certificate - # issuer chain before deciding the certificate is not valid. - #SSLVerifyClient require - #SSLVerifyDepth 10 - - # SSL Engine Options: - # Set various options for the SSL engine. - # o FakeBasicAuth: - # Translate the client X.509 into a Basic Authorisation. This means that - # the standard Auth/DBMAuth methods can be used for access control. The - # user name is the `one line' version of the client's X.509 certificate. - # Note that no password is obtained from the user. Every entry in the user - # file needs this password: `xxj31ZMTZzkVA'. - # o ExportCertData: - # This exports two additional environment variables: SSL_CLIENT_CERT and - # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the - # server (always existing) and the client (only existing when client - # authentication is used). This can be used to import the certificates - # into CGI scripts. - # o StdEnvVars: - # This exports the standard SSL/TLS related `SSL_*' environment variables. - # Per default this exportation is switched off for performance reasons, - # because the extraction step is an expensive operation and is usually - # useless for serving static content. So one usually enables the - # exportation for CGI and SSI requests only. - # o OptRenegotiate: - # This enables optimized SSL connection renegotiation handling when SSL - # directives are used in per-directory context. - #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire - - SSLOptions +StdEnvVars - - - SSLOptions +StdEnvVars - - - # SSL Protocol Adjustments: - # The safe and default but still SSL/TLS standard compliant shutdown - # approach is that mod_ssl sends the close notify alert but doesn't wait for - # the close notify alert from client. When you need a different shutdown - # approach you can use one of the following variables: - # o ssl-unclean-shutdown: - # This forces an unclean shutdown when the connection is closed, i.e. no - # SSL close notify alert is send or allowed to received. This violates - # the SSL/TLS standard but is needed for some brain-dead browsers. Use - # this when you receive I/O errors because of the standard approach where - # mod_ssl sends the close notify alert. - # o ssl-accurate-shutdown: - # This forces an accurate shutdown when the connection is closed, i.e. a - # SSL close notify alert is send and mod_ssl waits for the close notify - # alert of the client. This is 100% SSL/TLS standard compliant, but in - # practice often causes hanging connections with brain-dead browsers. Use - # this only for browsers where you know that their SSL implementation - # works correctly. - # Notice: Most problems of broken clients are also related to the HTTP - # keep-alive facility, so you usually additionally want to disable - # keep-alive for those clients, too. Use variable "nokeepalive" for this. - # Similarly, one has to force some clients to use HTTP/1.0 to workaround - # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and - # "force-response-1.0" for this. - BrowserMatch "MSIE [2-6]" \ - nokeepalive ssl-unclean-shutdown \ - downgrade-1.0 force-response-1.0 - # MSIE 7 and newer should be able to use keepalive - BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown - - - -# vim: syntax=apache ts=2 sw=2 sts=2 sr noet diff --git a/syspass/sysPass-php7.1/xdebug.ini b/syspass/sysPass-php7.1/xdebug.ini deleted file mode 100644 index 53bf97293..000000000 --- a/syspass/sysPass-php7.1/xdebug.ini +++ /dev/null @@ -1,44 +0,0 @@ -; zend_extension=xdebug.so -zend_extension=/usr/local/lib/php/extensions/no-debug-non-zts-20170718/xdebug.so - -[debug] -; Remote settings -xdebug.remote_autostart=off -xdebug.remote_enable=on -xdebug.remote_handler=dbgp -xdebug.remote_mode=req -xdebug.remote_host=__XDEBUG_REMOTE_HOST__ -xdebug.remote_port=9000 -;xdebug.remote_log=/tmp/xdebug.log - -; General -xdebug.auto_trace=off -xdebug.collect_includes=on -xdebug.collect_params=off -xdebug.collect_return=off -xdebug.default_enable=on -xdebug.extended_info=1 -xdebug.manual_url=http://www.php.net -xdebug.show_local_vars=0 -xdebug.show_mem_delta=1 -xdebug.max_nesting_level=100 -xdebug.idekey=__XDEBUG_IDE_KEY__ -xdebug.force_display_errors=1 - -; Trace options -xdebug.trace_format=0 -xdebug.trace_output_dir=/tmp -xdebug.trace_options=0 -xdebug.trace_output_name=crc32 - -; Profiling -xdebug.profiler_append=1 -xdebug.profiler_enable=0 -xdebug.profiler_enable_trigger=1 -xdebug.profiler_output_dir=/tmp -xdebug.profiler_output_name=cachegring.out.%t -;xdebug.profiler_output_name=cachegring.out.%p -;xdebug.profiler_output_name=cachegring.out -;xdebug.profiler_output_name=cachegring.out.%R.%t - -xdebug.var_display_max_depth=5 diff --git a/syspass/sysPass-php7.2/Dockerfile b/syspass/sysPass-php7.2/Dockerfile deleted file mode 100644 index b6966bfbc..000000000 --- a/syspass/sysPass-php7.2/Dockerfile +++ /dev/null @@ -1,79 +0,0 @@ -# -# https://syspass.org -# https://doc.syspass.org -# - -FROM composer:1.7 as bootstrap - -ENV SYSPASS_BRANCH="master" - -RUN git clone --branch ${SYSPASS_BRANCH} https://github.com/nuxsmin/sysPass.git \ - && composer install \ - --ignore-platform-reqs \ - --no-interaction \ - --no-plugins \ - --no-scripts \ - --prefer-dist \ - --optimize-autoloader \ - --working-dir /app/sysPass - -FROM php:7.2-apache-stretch as app - -LABEL maintainer=nuxsmin@syspass.org version=3.1.2 php=7.2 - -RUN apt-get update \ - && DEBIAN_FRONTEND=noninteractive apt-get -y install \ - locales \ - git \ - gosu \ - libicu-dev \ - libldb-dev \ - libldap2-dev \ - libfreetype6-dev \ - libjpeg62-turbo-dev \ - libpng-dev \ - unzip \ - ssl-cert \ - && apt-get clean \ - && rm -r /var/lib/apt/lists/* \ - && pecl install xdebug-2.6.0 \ - && docker-php-ext-configure gd --with-freetype-dir=/usr/include/ --with-jpeg-dir=/usr/include/ \ - && docker-php-ext-install -j$(nproc) ldap intl gettext pdo_mysql opcache gd \ - && docker-php-ext-enable ldap xdebug intl pdo_mysql - -ENV APACHE_RUN_USER="www-data" \ - SYSPASS_DIR="/var/www/html/sysPass" \ - SYSPASS_UID=9001 \ - SYSPASS_DEV=0 - -WORKDIR /var/www/html - -LABEL build=19030701 - -# Custom sysPass Apache config with SSL by default -COPY ["syspass.conf", "/etc/apache2/sites-available/"] - -# Xdebug module config -COPY xdebug.ini /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini - -# Custom entrypoint -COPY entrypoint.sh init-functions /usr/local/sbin/ - -RUN chmod 755 /usr/local/sbin/entrypoint.sh \ - && a2dissite 000-default default-ssl \ - && a2ensite syspass \ - && a2enmod proxy_fcgi setenvif ssl rewrite \ - && ln -sf /dev/stdout ${APACHE_LOG_DIR}/access.log \ - && ln -sf /dev/stderr ${APACHE_LOG_DIR}/error.log - -# sysPass dependencies -COPY --from=bootstrap /app/sysPass/ ${SYSPASS_DIR}/ - -# Composer binary -COPY --from=bootstrap /usr/bin/composer /usr/bin/ - -EXPOSE 80 443 - -ENTRYPOINT ["/usr/local/sbin/entrypoint.sh"] - -CMD ["apache"] diff --git a/syspass/sysPass-php7.2/docker-compose.yml b/syspass/sysPass-php7.2/docker-compose.yml deleted file mode 100644 index ad7e58c46..000000000 --- a/syspass/sysPass-php7.2/docker-compose.yml +++ /dev/null @@ -1,24 +0,0 @@ -version: '2' -services: - app: - container_name: syspass-app - image: syspass/syspass:3.1.2-php7.2 - restart: always - ports: - - "80" - - "443" - links: - - db - volumes: - - /var/www/html/sysPass/app/config - - /var/www/html/sysPass/app/backup - db: - container_name: syspass-db - restart: always - image: mariadb:10.2 - environment: - - MYSQL_ROOT_PASSWORD=syspass - ports: - - "3306" - volumes: - - /var/lib/mysql diff --git a/syspass/sysPass-php7.2/entrypoint.sh b/syspass/sysPass-php7.2/entrypoint.sh deleted file mode 100755 index 762b71be1..000000000 --- a/syspass/sysPass-php7.2/entrypoint.sh +++ /dev/null @@ -1,130 +0,0 @@ -#!/bin/bash - -COLOR_NC='\033[0m' -COLOR_YELLOW='\033[0;33m' -COLOR_RED='\033[0;31m' -COLOR_GREEN='\033[0;32m' - -XDEBUG_REMOTE_HOST=${XDEBUG_REMOTE_HOST:-"172.17.0.1"} -XDEBUG_IDE_KEY=${XDEBUG_IDE_KEY:-"ide"} - -COMPOSER_OPTIONS="--working-dir ${SYSPASS_DIR} --classmap-authoritative" - -GOSU="gosu ${SYSPASS_UID}" - -if [ -e /usr/local/sbin/init-functions ]; then - . /usr/local/sbin/init-functions -fi - -setup_app () { - if [ -e "${SYSPASS_DIR}/index.php" ]; then - echo -e "${COLOR_YELLOW}setup_app: Setting up permissions${COLOR_NC}" - - RW_DIRS="${SYSPASS_DIR}/app/config \ - ${SYSPASS_DIR}/app/backup \ - ${SYSPASS_DIR}/app/cache \ - ${SYSPASS_DIR}/app/resources \ - ${SYSPASS_DIR}/app/temp" - - chown ${APACHE_RUN_USER}:${SYSPASS_UID} -R ${RW_DIRS} - - chmod 750 ${RW_DIRS} - - chown ${SYSPASS_UID}:${SYSPASS_UID} -R \ - ${SYSPASS_DIR}/app/modules/*/plugins \ - ${SYSPASS_DIR}/composer.json \ - ${SYSPASS_DIR}/composer.lock \ - ${SYSPASS_DIR}/vendor - fi -} - -setup_locales() { - if [ ! -e ".setup" ]; then - LOCALE_GEN="/etc/locale.gen" - - echo -e "${COLOR_YELLOW}setup_locales: Setting up locales${COLOR_NC}" - - echo -e "\n### sysPass locales" >> $LOCALE_GEN - echo "es_ES.UTF-8 UTF-8" >> $LOCALE_GEN - echo "en_US.UTF-8 UTF-8" >> $LOCALE_GEN - echo "en_GB.UTF-8 UTF-8" >> $LOCALE_GEN - echo "de_DE.UTF-8 UTF-8" >> $LOCALE_GEN - echo "ca_ES.UTF-8 UTF-8" >> $LOCALE_GEN - echo "fr_FR.UTF-8 UTF-8" >> $LOCALE_GEN - echo "ru_RU.UTF-8 UTF-8" >> $LOCALE_GEN - echo "pl_PL.UTF-8 UTF-8" >> $LOCALE_GEN - echo "nl_NL.UTF-8 UTF-8" >> $LOCALE_GEN - echo "pt_BR.UTF-8 UTF-8" >> $LOCALE_GEN - echo "da.UTF-8 UTF-8" >> $LOCALE_GEN - echo "it_IT.UTF-8 UTF-8" >> $LOCALE_GEN - echo "fo.UTF-8 UTF-8" >> $LOCALE_GEN - - echo 'LANG="en_US.UTF-8"' > /etc/default/locale - - dpkg-reconfigure --frontend=noninteractive locales - - update-locale LANG=en_US.UTF-8 - - export LANG=en_US.UTF-8 - - echo "1" > .setup - else - echo -e "${COLOR_YELLOW}setup_locales: Locales already set up${COLOR_NC}" - fi -} - -run_composer () { - pushd ${SYSPASS_DIR} - - if [ -e "./composer.lock" -a -e "composer.json" ]; then - echo -e "${COLOR_YELLOW}run_composer: Running composer${COLOR_NC}" - - ${GOSU} composer "$@" ${COMPOSER_OPTIONS} - else - echo -e "${COLOR_RED}run_composer: Error, composer not set up${COLOR_NC}" - fi - - popd -} - -setup_composer_extensions () { - if [ -n "${COMPOSER_EXTENSIONS}" ]; then - echo -e "${COLOR_YELLOW}setup_composer_extensions: ${COMPOSER_EXTENSIONS}${COLOR_NC}" - - run_composer require ${COMPOSER_EXTENSIONS} --update-no-dev - fi -} - -echo -e "${COLOR_YELLOW}entrypoint: Starting with UID : ${SYSPASS_UID}${COLOR_NC}" -id ${SYSPASS_UID} > /dev/null 2>&1 || useradd --shell /bin/bash -u ${SYSPASS_UID} -o -c "" -m user -export HOME=${SYSPASS_DIR} - -setup_app - -case "$1" in - "apache") - setup_composer_extensions - setup_locales - setup_apache - - SELF_IP_ADDRESS=$(grep $HOSTNAME /etc/hosts | cut -f1) - - echo -e "${COLOR_GREEN}######" - echo -e "sysPass environment installed and configured. Please point your browser to https://${SELF_IP_ADDRESS} to start the installation" - echo -e "######${COLOR_NC}" - echo -e "${COLOR_YELLOW}entrypoint: Starting Apache${COLOR_NC}" - - run_apache - ;; - "update") - run_composer update - ;; - "composer") - shift - run_composer "$@" - ;; - *) - echo -e "${COLOR_YELLOW}entrypoint: Starting $@${COLOR_NC}" - exec ${GOSU} "$@" - ;; -esac diff --git a/syspass/sysPass-php7.2/init-functions b/syspass/sysPass-php7.2/init-functions deleted file mode 100644 index e34a182ca..000000000 --- a/syspass/sysPass-php7.2/init-functions +++ /dev/null @@ -1,17 +0,0 @@ -if [ ${SYSPASS_DEV} -eq 1 ]; then - COMPOSER_OPTIONS="--working-dir ${SYSPASS_DIR} --optimize-autoloader --dev" -fi - -setup_apache () { - if [ ${SYSPASS_DEV} -eq 0 ]; then - return 0 - fi - - echo -e "${COLOR_YELLOW}setup_apache: Setting up xdebug variables${COLOR_NC}" - sed -i 's/__XDEBUG_REMOTE_HOST__/'"$XDEBUG_REMOTE_HOST"'/' /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini - sed -i 's/__XDEBUG_IDE_KEY__/'"$XDEBUG_IDE_KEY"'/' /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini -} - -run_apache () { - apache2-foreground -} diff --git a/syspass/sysPass-php7.2/syspass.conf b/syspass/sysPass-php7.2/syspass.conf deleted file mode 100644 index 2988abfd2..000000000 --- a/syspass/sysPass-php7.2/syspass.conf +++ /dev/null @@ -1,184 +0,0 @@ -RedirectMatch "^/$" "/index.php" - - - DirectoryIndex index.php - Options -Indexes -FollowSymLinks -Includes -ExecCGI - - - Require expr "%{REQUEST_URI} =~ m#.*/index\.php(\?r=)?#" - Require expr "%{REQUEST_URI} =~ m#.*/api\.php$#" - Require expr "%{REQUEST_URI} =~ m#^$#" - - - -# -# Require all granted -# - - - Require all granted - - - - # the server uses to identify itself. This is used when creating - # redirection URLs. In the context of virtual hosts, the ServerName - # specifies what hostname must appear in the request's Host: header to - # match this virtual host. For the default virtual host (this file) this - # value is not decisive as it is used as a last resort host regardless. - # However, you must set it for any further virtual host explicitly. - #ServerName www.example.com - - ServerAdmin webmaster@localhost - DocumentRoot /var/www/html/sysPass - - # Available loglevels: trace8, ..., trace1, debug, info, notice, warn, - # error, crit, alert, emerg. - # It is also possible to configure the loglevel for particular - # modules, e.g. - #LogLevel info ssl:warn - - ErrorLog ${APACHE_LOG_DIR}/error.log - CustomLog ${APACHE_LOG_DIR}/access.log combined - - - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteCond %{ENV:USE_SSL} "=yes" - RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L] - - - - - - ServerAdmin webmaster@localhost - DocumentRoot /var/www/html/sysPass - - # Available loglevels: trace8, ..., trace1, debug, info, notice, warn, - # error, crit, alert, emerg. - # It is also possible to configure the loglevel for particular - # modules, e.g. - #LogLevel info ssl:warn - - ErrorLog ${APACHE_LOG_DIR}/error.log - CustomLog ${APACHE_LOG_DIR}/access.log combined - - # For most configuration files from conf-available/, which are - # enabled or disabled at a global level, it is possible to - # include a line for only one particular virtual host. For example the - # following line enables the CGI configuration for this host only - # after it has been globally disabled with "a2disconf". - #Include conf-available/serve-cgi-bin.conf - - # SSL Engine Switch: - # Enable/Disable SSL for this virtual host. - SSLEngine on - - # A self-signed (snakeoil) certificate can be created by installing - # the ssl-cert package. See - # /usr/share/doc/apache2/README.Debian.gz for more info. - # If both key and certificate are stored in the same file, only the - # SSLCertificateFile directive is needed. - SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem - SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key - - # Server Certificate Chain: - # Point SSLCertificateChainFile at a file containing the - # concatenation of PEM encoded CA certificates which form the - # certificate chain for the server certificate. Alternatively - # the referenced file can be the same as SSLCertificateFile - # when the CA certificates are directly appended to the server - # certificate for convinience. - #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt - - # Certificate Authority (CA): - # Set the CA certificate verification path where to find CA - # certificates for client authentication or alternatively one - # huge file containing all of them (file must be PEM encoded) - # Note: Inside SSLCACertificatePath you need hash symlinks - # to point to the certificate files. Use the provided - # Makefile to update the hash symlinks after changes. - #SSLCACertificatePath /etc/ssl/certs/ - #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt - - # Certificate Revocation Lists (CRL): - # Set the CA revocation path where to find CA CRLs for client - # authentication or alternatively one huge file containing all - # of them (file must be PEM encoded) - # Note: Inside SSLCARevocationPath you need hash symlinks - # to point to the certificate files. Use the provided - # Makefile to update the hash symlinks after changes. - #SSLCARevocationPath /etc/apache2/ssl.crl/ - #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl - - # Client Authentication (Type): - # Client certificate verification type and depth. Types are - # none, optional, require and optional_no_ca. Depth is a - # number which specifies how deeply to verify the certificate - # issuer chain before deciding the certificate is not valid. - #SSLVerifyClient require - #SSLVerifyDepth 10 - - # SSL Engine Options: - # Set various options for the SSL engine. - # o FakeBasicAuth: - # Translate the client X.509 into a Basic Authorisation. This means that - # the standard Auth/DBMAuth methods can be used for access control. The - # user name is the `one line' version of the client's X.509 certificate. - # Note that no password is obtained from the user. Every entry in the user - # file needs this password: `xxj31ZMTZzkVA'. - # o ExportCertData: - # This exports two additional environment variables: SSL_CLIENT_CERT and - # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the - # server (always existing) and the client (only existing when client - # authentication is used). This can be used to import the certificates - # into CGI scripts. - # o StdEnvVars: - # This exports the standard SSL/TLS related `SSL_*' environment variables. - # Per default this exportation is switched off for performance reasons, - # because the extraction step is an expensive operation and is usually - # useless for serving static content. So one usually enables the - # exportation for CGI and SSI requests only. - # o OptRenegotiate: - # This enables optimized SSL connection renegotiation handling when SSL - # directives are used in per-directory context. - #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire - - SSLOptions +StdEnvVars - - - SSLOptions +StdEnvVars - - - # SSL Protocol Adjustments: - # The safe and default but still SSL/TLS standard compliant shutdown - # approach is that mod_ssl sends the close notify alert but doesn't wait for - # the close notify alert from client. When you need a different shutdown - # approach you can use one of the following variables: - # o ssl-unclean-shutdown: - # This forces an unclean shutdown when the connection is closed, i.e. no - # SSL close notify alert is send or allowed to received. This violates - # the SSL/TLS standard but is needed for some brain-dead browsers. Use - # this when you receive I/O errors because of the standard approach where - # mod_ssl sends the close notify alert. - # o ssl-accurate-shutdown: - # This forces an accurate shutdown when the connection is closed, i.e. a - # SSL close notify alert is send and mod_ssl waits for the close notify - # alert of the client. This is 100% SSL/TLS standard compliant, but in - # practice often causes hanging connections with brain-dead browsers. Use - # this only for browsers where you know that their SSL implementation - # works correctly. - # Notice: Most problems of broken clients are also related to the HTTP - # keep-alive facility, so you usually additionally want to disable - # keep-alive for those clients, too. Use variable "nokeepalive" for this. - # Similarly, one has to force some clients to use HTTP/1.0 to workaround - # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and - # "force-response-1.0" for this. - BrowserMatch "MSIE [2-6]" \ - nokeepalive ssl-unclean-shutdown \ - downgrade-1.0 force-response-1.0 - # MSIE 7 and newer should be able to use keepalive - BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown - - - -# vim: syntax=apache ts=2 sw=2 sts=2 sr noet diff --git a/syspass/sysPass-php7.2/xdebug.ini b/syspass/sysPass-php7.2/xdebug.ini deleted file mode 100644 index 53bf97293..000000000 --- a/syspass/sysPass-php7.2/xdebug.ini +++ /dev/null @@ -1,44 +0,0 @@ -; zend_extension=xdebug.so -zend_extension=/usr/local/lib/php/extensions/no-debug-non-zts-20170718/xdebug.so - -[debug] -; Remote settings -xdebug.remote_autostart=off -xdebug.remote_enable=on -xdebug.remote_handler=dbgp -xdebug.remote_mode=req -xdebug.remote_host=__XDEBUG_REMOTE_HOST__ -xdebug.remote_port=9000 -;xdebug.remote_log=/tmp/xdebug.log - -; General -xdebug.auto_trace=off -xdebug.collect_includes=on -xdebug.collect_params=off -xdebug.collect_return=off -xdebug.default_enable=on -xdebug.extended_info=1 -xdebug.manual_url=http://www.php.net -xdebug.show_local_vars=0 -xdebug.show_mem_delta=1 -xdebug.max_nesting_level=100 -xdebug.idekey=__XDEBUG_IDE_KEY__ -xdebug.force_display_errors=1 - -; Trace options -xdebug.trace_format=0 -xdebug.trace_output_dir=/tmp -xdebug.trace_options=0 -xdebug.trace_output_name=crc32 - -; Profiling -xdebug.profiler_append=1 -xdebug.profiler_enable=0 -xdebug.profiler_enable_trigger=1 -xdebug.profiler_output_dir=/tmp -xdebug.profiler_output_name=cachegring.out.%t -;xdebug.profiler_output_name=cachegring.out.%p -;xdebug.profiler_output_name=cachegring.out -;xdebug.profiler_output_name=cachegring.out.%R.%t - -xdebug.var_display_max_depth=5 diff --git a/syspass/sysPass-php7.3/Dockerfile b/syspass/sysPass-php7.3/Dockerfile index 375efc030..6966c589d 100644 --- a/syspass/sysPass-php7.3/Dockerfile +++ b/syspass/sysPass-php7.3/Dockerfile @@ -3,7 +3,7 @@ # https://doc.syspass.org # -FROM composer:1.7 as bootstrap +FROM composer:2.0 as bootstrap ENV SYSPASS_BRANCH="master" @@ -17,10 +17,32 @@ RUN git clone --branch ${SYSPASS_BRANCH} https://github.com/nuxsmin/sysPass.git --optimize-autoloader \ --working-dir /app/sysPass -FROM php:7.3-apache-stretch as app +FROM php:7.3-apache-buster as app LABEL maintainer=nuxsmin@syspass.org version=3.1.2 php=7.3 +################################################################## +# adding normal sources list +################################################################## +RUN rm /etc/apt/sources.list +COPY sources.list /etc/apt/sources.list + +################################################################## +# installing php repo + smbclient +################################################################## +RUN wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg +RUN sh -c 'echo "deb https://packages.sury.org/php/ buster main" > /etc/apt/sources.list.d/php.list' +RUN apt update -y && apt install -y --allow-unauthenticated smbclient libsmbclient libsmbclient-dev +RUN pecl install smbclient +RUN docker-php-ext-enable smbclient + +################################################################## +# smb fix +################################################################## +RUN rm -frv /etc/samba/smb.conf /usr/share/samba/smb.conf +ADD smb.conf /etc/samba/ +ADD smb.conf /usr/share/samba/ + RUN apt-get update \ && apt-get install -y \ locales \ diff --git a/syspass/sysPass-php7.3/Makefile b/syspass/sysPass-php7.3/Makefile new file mode 100644 index 000000000..ae076bb34 --- /dev/null +++ b/syspass/sysPass-php7.3/Makefile @@ -0,0 +1,7 @@ +all: spphp +spphp: + docker build --compress -t epicmorg/syspass:php7.3 . + docker push epicmorg/syspass:php7.3 + + docker build --compress -t epicmorg/syspass:latest . + docker push epicmorg/syspass:latest diff --git a/syspass/sysPass-php7.3/smb.conf b/syspass/sysPass-php7.3/smb.conf new file mode 100644 index 000000000..9346a22f4 --- /dev/null +++ b/syspass/sysPass-php7.3/smb.conf @@ -0,0 +1,239 @@ +# +# Sample configuration file for the Samba suite for Debian GNU/Linux. +# +# +# This is the main Samba configuration file. You should read the +# smb.conf(5) manual page in order to understand the options listed +# here. Samba has a huge number of configurable options most of which +# are not shown in this example +# +# Some options that are often worth tuning have been included as +# commented-out examples in this file. +# - When such options are commented with ";", the proposed setting +# differs from the default Samba behaviour +# - When commented with "#", the proposed setting is the default +# behaviour of Samba but the option is considered important +# enough to be mentioned here +# +# NOTE: Whenever you modify this file you should run the command +# "testparm" to check that you have not made any basic syntactic +# errors. + +#======================= Global Settings ======================= + +[global] +client min protocol = SMB2 +client max protocol = SMB3 + + +## Browsing/Identification ### + +# Change this to the workgroup/NT-domain name your Samba server will part of + workgroup = WORKGROUP + +#### Networking #### + +# The specific set of interfaces / networks to bind to +# This can be either the interface name or an IP address/netmask; +# interface names are normally preferred +; interfaces = 127.0.0.0/8 eth0 + +# Only bind to the named interfaces and/or networks; you must use the +# 'interfaces' option above to use this. +# It is recommended that you enable this feature if your Samba machine is +# not protected by a firewall or is a firewall itself. However, this +# option cannot handle dynamic or non-broadcast interfaces correctly. +; bind interfaces only = yes + + + +#### Debugging/Accounting #### + +# This tells Samba to use a separate log file for each machine +# that connects + log file = /var/log/samba/log.%m + +# Cap the size of the individual log files (in KiB). + max log size = 1000 + +# We want Samba to only log to /var/log/samba/log.{smbd,nmbd}. +# Append syslog@1 if you want important messages to be sent to syslog too. + logging = file + +# Do something sensible when Samba crashes: mail the admin a backtrace + panic action = /usr/share/samba/panic-action %d + + +####### Authentication ####### + +# Server role. Defines in which mode Samba will operate. Possible +# values are "standalone server", "member server", "classic primary +# domain controller", "classic backup domain controller", "active +# directory domain controller". +# +# Most people will want "standalone server" or "member server". +# Running as "active directory domain controller" will require first +# running "samba-tool domain provision" to wipe databases and create a +# new domain. + server role = standalone server + + obey pam restrictions = yes + +# This boolean parameter controls whether Samba attempts to sync the Unix +# password with the SMB password when the encrypted SMB password in the +# passdb is changed. + unix password sync = yes + +# For Unix password sync to work on a Debian GNU/Linux system, the following +# parameters must be set (thanks to Ian Kahan < for +# sending the correct chat script for the passwd program in Debian Sarge). + passwd program = /usr/bin/passwd %u + passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . + +# This boolean controls whether PAM will be used for password changes +# when requested by an SMB client instead of the program listed in +# 'passwd program'. The default is 'no'. + pam password change = yes + +# This option controls how unsuccessful authentication attempts are mapped +# to anonymous connections + map to guest = bad user + +########## Domains ########### + +# +# The following settings only takes effect if 'server role = primary +# classic domain controller', 'server role = backup domain controller' +# or 'domain logons' is set +# + +# It specifies the location of the user's +# profile directory from the client point of view) The following +# required a [profiles] share to be setup on the samba server (see +# below) +; logon path = \\%N\profiles\%U +# Another common choice is storing the profile in the user's home directory +# (this is Samba's default) +# logon path = \\%N\%U\profile + +# The following setting only takes effect if 'domain logons' is set +# It specifies the location of a user's home directory (from the client +# point of view) +; logon drive = H: +# logon home = \\%N\%U + +# The following setting only takes effect if 'domain logons' is set +# It specifies the script to run during logon. The script must be stored +# in the [netlogon] share +# NOTE: Must be store in 'DOS' file format convention +; logon script = logon.cmd + +# This allows Unix users to be created on the domain controller via the SAMR +# RPC pipe. The example command creates a user account with a disabled Unix +# password; please adapt to your needs +; add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u + +# This allows machine accounts to be created on the domain controller via the +# SAMR RPC pipe. +# The following assumes a "machines" group exists on the system +; add machine script = /usr/sbin/useradd -g machines -c "%u machine account" -d /var/lib/samba -s /bin/false %u + +# This allows Unix groups to be created on the domain controller via the SAMR +# RPC pipe. +; add group script = /usr/sbin/addgroup --force-badname %g + +############ Misc ############ + +# Using the following line enables you to customise your configuration +# on a per machine basis. The %m gets replaced with the netbios name +# of the machine that is connecting +; include = /home/samba/etc/smb.conf.%m + +# Some defaults for winbind (make sure you're not using the ranges +# for something else.) +; idmap config * : backend = tdb +; idmap config * : range = 3000-7999 +; idmap config YOURDOMAINHERE : backend = tdb +; idmap config YOURDOMAINHERE : range = 100000-999999 +; template shell = /bin/bash + +# Setup usershare options to enable non-root users to share folders +# with the net usershare command. + +# Maximum number of usershare. 0 means that usershare is disabled. +# usershare max shares = 100 + +# Allow users who've been granted usershare privileges to create +# public shares, not just authenticated ones + usershare allow guests = yes + +#======================= Share Definitions ======================= + +[homes] + comment = Home Directories + browseable = no + +# By default, the home directories are exported read-only. Change the +# next parameter to 'no' if you want to be able to write to them. + read only = yes + +# File creation mask is set to 0700 for security reasons. If you want to +# create files with group=rw permissions, set next parameter to 0775. + create mask = 0700 + +# Directory creation mask is set to 0700 for security reasons. If you want to +# create dirs. with group=rw permissions, set next parameter to 0775. + directory mask = 0700 + +# By default, \\server\username shares can be connected to by anyone +# with access to the samba server. +# The following parameter makes sure that only "username" can connect +# to \\server\username +# This might need tweaking when using external authentication schemes + valid users = %S + +# Un-comment the following and create the netlogon directory for Domain Logons +# (you need to configure Samba to act as a domain controller too.) +;[netlogon] +; comment = Network Logon Service +; path = /home/samba/netlogon +; guest ok = yes +; read only = yes + +# Un-comment the following and create the profiles directory to store +# users profiles (see the "logon path" option above) +# (you need to configure Samba to act as a domain controller too.) +# The path below should be writable by all users so that their +# profile directory may be created the first time they log on +;[profiles] +; comment = Users profiles +; path = /home/samba/profiles +; guest ok = no +; browseable = no +; create mask = 0600 +; directory mask = 0700 + +[printers] + comment = All Printers + browseable = no + path = /var/spool/samba + printable = yes + guest ok = no + read only = yes + create mask = 0700 + +# Windows clients look for this share name as a source of downloadable +# printer drivers +[print$] + comment = Printer Drivers + path = /var/lib/samba/printers + browseable = yes + read only = yes + guest ok = no +# Uncomment to allow remote administration of Windows print drivers. +# You may need to replace 'lpadmin' with the name of the group your +# admin users are members of. +# Please note that you also need to set appropriate Unix permissions +# to the drivers directory for these users to have write rights in it +; write list = root, @lpadmin + diff --git a/syspass/sysPass-php7.3/sources.list b/syspass/sysPass-php7.3/sources.list new file mode 100644 index 000000000..fd3092816 --- /dev/null +++ b/syspass/sysPass-php7.3/sources.list @@ -0,0 +1,19 @@ +#main +deb http://ftp.ru.debian.org/debian/ buster main contrib non-free +deb-src http://ftp.ru.debian.org/debian/ buster main contrib non-free +deb http://ftp.ru.debian.org/debian/ buster-updates main contrib non-free +deb-src http://ftp.ru.debian.org/debian/ buster-updates main contrib non-free +deb http://ftp.ru.debian.org/debian/ buster-backports main contrib non-free +deb-src http://ftp.ru.debian.org/debian/ buster-backports main contrib non-free +deb http://ftp.ru.debian.org/debian/ buster-proposed-updates main contrib non-free +deb-src http://ftp.ru.debian.org/debian/ buster-proposed-updates main contrib non-free + +#security +deb http://ftp.ru.debian.org/debian-security/ buster/updates main contrib non-free +deb-src http://ftp.ru.debian.org/debian-security/ buster/updates main contrib non-free + +##multimedia +#deb http://ftp.ru.debian.org/debian-multimedia/ buster main non-free +#deb-src http://ftp.ru.debian.org/debian-multimedia/ buster main non-free +#deb http://ftp.ru.debian.org/debian-multimedia/ buster-backports main +#deb-src http://ftp.ru.debian.org/debian-multimedia/ buster-backports main diff --git a/websites/php7.3/Makefile b/websites/php7.3/Makefile index 38efee62d..ca36d57f7 100644 --- a/websites/php7.3/Makefile +++ b/websites/php7.3/Makefile @@ -1,4 +1,4 @@ all: php php: docker build --compress -t epicmorg/websites:php7.3 . - docker push epicmorg/websites:php7.2 + docker push epicmorg/websites:php7.3