From 2659796e8b4c99ecc370e866502a8b3441557e00 Mon Sep 17 00:00:00 2001 From: June Date: Mon, 22 Jan 2024 22:02:33 +0100 Subject: [PATCH] Migrate to wiki.hamburg.ccc.de --- inventories/chaosknoten/host_vars/wiki.yaml | 3 + .../nginx/acme_challenge.conf | 1 + .../public-reverse-proxy/nginx/nginx.conf | 1 + .../configs/wiki/nginx/wiki.ccchh.net.conf | 44 +--------- .../wiki/nginx/wiki.hamburg.ccc.de.conf | 85 +++++++++++++++++++ 5 files changed, 92 insertions(+), 42 deletions(-) create mode 100644 playbooks/files/chaosknoten/configs/wiki/nginx/wiki.hamburg.ccc.de.conf diff --git a/inventories/chaosknoten/host_vars/wiki.yaml b/inventories/chaosknoten/host_vars/wiki.yaml index 456d05b..f1ac980 100644 --- a/inventories/chaosknoten/host_vars/wiki.yaml +++ b/inventories/chaosknoten/host_vars/wiki.yaml @@ -2,8 +2,11 @@ nginx__version_spec: "" nginx__configurations: - name: wiki.ccchh.net content: "{{ lookup('ansible.builtin.file', 'chaosknoten/configs/wiki/nginx/wiki.ccchh.net.conf') }}" + - name: wiki.hamburg.ccc.de + content: "{{ lookup('ansible.builtin.file', 'chaosknoten/configs/wiki/nginx/wiki.hamburg.ccc.de.conf') }}" certbot__version_spec: "" certbot__acme_account_email_address: j+letsencrypt-ccchh@jsts.xyz certbot__certificate_domains: - "wiki.ccchh.net" + - "wiki.hamburg.ccc.de" diff --git a/playbooks/files/chaosknoten/configs/public-reverse-proxy/nginx/acme_challenge.conf b/playbooks/files/chaosknoten/configs/public-reverse-proxy/nginx/acme_challenge.conf index e04696c..f550057 100644 --- a/playbooks/files/chaosknoten/configs/public-reverse-proxy/nginx/acme_challenge.conf +++ b/playbooks/files/chaosknoten/configs/public-reverse-proxy/nginx/acme_challenge.conf @@ -5,6 +5,7 @@ map $host $upstream_acme_challenge_host { keycloak-admin.hamburg.ccc.de 172.31.17.144:31820; grafana.hamburg.ccc.de 172.31.17.145:31820; wiki.ccchh.net 172.31.17.146:31820; + wiki.hamburg.ccc.de 172.31.17.146:31820; onlyoffice.hamburg.ccc.de 172.31.17.147:31820; hackertours.hamburg.ccc.de 172.31.17.148:31820; netbox.hamburg.ccc.de 172.31.17.149:31820; diff --git a/playbooks/files/chaosknoten/configs/public-reverse-proxy/nginx/nginx.conf b/playbooks/files/chaosknoten/configs/public-reverse-proxy/nginx/nginx.conf index 8d89b01..a2191d7 100644 --- a/playbooks/files/chaosknoten/configs/public-reverse-proxy/nginx/nginx.conf +++ b/playbooks/files/chaosknoten/configs/public-reverse-proxy/nginx/nginx.conf @@ -24,6 +24,7 @@ stream { keycloak-admin.hamburg.ccc.de 172.31.17.144:8444; grafana.hamburg.ccc.de 172.31.17.145:8443; wiki.ccchh.net 172.31.17.146:8443; + wiki.hamburg.ccc.de 172.31.17.146:8443; onlyoffice.hamburg.ccc.de 172.31.17.147:8443; hackertours.hamburg.ccc.de 172.31.17.148:8443; netbox.hamburg.ccc.de 172.31.17.149:8443; diff --git a/playbooks/files/chaosknoten/configs/wiki/nginx/wiki.ccchh.net.conf b/playbooks/files/chaosknoten/configs/wiki/nginx/wiki.ccchh.net.conf index d0e0de6..43b7234 100644 --- a/playbooks/files/chaosknoten/configs/wiki/nginx/wiki.ccchh.net.conf +++ b/playbooks/files/chaosknoten/configs/wiki/nginx/wiki.ccchh.net.conf @@ -21,46 +21,6 @@ server { # HSTS (ngx_http_headers_module is required) (63072000 seconds) add_header Strict-Transport-Security "max-age=63072000" always; - - # Maximum file upload size is 20MB - change accordingly if needed - # See: https://www.dokuwiki.org/faq:uploadsize - client_max_body_size 20M; - client_body_buffer_size 128k; - - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - # This is https in any case. - proxy_set_header X-Forwarded-Proto https; - - root /var/www/dokuwiki; - index doku.php; - - #Remember to comment the below out when you're installing, and uncomment it when done. - location ~ /(conf/|bin/|inc/|vendor/|install.php) { deny all; } - - #Support for X-Accel-Redirect - location ~ ^/data/ { internal ; } - - location ~ ^/lib.*\.(js|css|gif|png|ico|jpg|jpeg)$ { - expires 365d; - } - - location / { try_files $uri $uri/ @dokuwiki; } - - location @dokuwiki { - # rewrites "doku.php/" out of the URLs if you set the userwrite setting to .htaccess in dokuwiki config page - rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; - rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; - rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; - rewrite ^/(.*) /doku.php?id=$1&$args last; - } - - location ~ \.php$ { - try_files $uri $uri/ /doku.php; - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param REDIRECT_STATUS 200; - fastcgi_pass unix:/var/run/php/php-fpm-dokuwiki.sock; - } + + return 302 https://wiki.hamburg.ccc.de/; } diff --git a/playbooks/files/chaosknoten/configs/wiki/nginx/wiki.hamburg.ccc.de.conf b/playbooks/files/chaosknoten/configs/wiki/nginx/wiki.hamburg.ccc.de.conf new file mode 100644 index 0000000..814a553 --- /dev/null +++ b/playbooks/files/chaosknoten/configs/wiki/nginx/wiki.hamburg.ccc.de.conf @@ -0,0 +1,85 @@ +# partly generated 2022-01-08, Mozilla Guideline v5.6, nginx 1.17.7, OpenSSL 1.1.1k, intermediate configuration +# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6 +server { + # Listen on a custom port for the proxy protocol. + listen 8443 ssl http2 proxy_protocol; + # Make use of the ngx_http_realip_module to set the $remote_addr and + # $remote_port to the client address and client port, when using proxy + # protocol. + # First set our proxy protocol proxy as trusted. + set_real_ip_from 172.31.17.140; + # Then tell the realip_module to get the addreses from the proxy protocol + # header. + real_ip_header proxy_protocol; + + server_name wiki.hamburg.ccc.de; + + ssl_certificate /etc/letsencrypt/live/wiki.hamburg.ccc.de/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/wiki.hamburg.ccc.de/privkey.pem; + # verify chain of trust of OCSP response using Root CA and Intermediate certs + ssl_trusted_certificate /etc/letsencrypt/live/wiki.hamburg.ccc.de/chain.pem; + + # HSTS (ngx_http_headers_module is required) (63072000 seconds) + add_header Strict-Transport-Security "max-age=63072000" always; + + # Maximum file upload size is 20MB - change accordingly if needed + # See: https://www.dokuwiki.org/faq:uploadsize + client_max_body_size 20M; + client_body_buffer_size 128k; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + # This is https in any case. + proxy_set_header X-Forwarded-Proto https; + + root /var/www/dokuwiki; + index doku.php; + + #Remember to comment the below out when you're installing, and uncomment it when done. + location ~ /(conf/|bin/|inc/|vendor/|install.php) { deny all; } + + #Support for X-Accel-Redirect + location ~ ^/data/ { internal ; } + + location ~ ^/lib.*\.(js|css|gif|png|ico|jpg|jpeg)$ { + expires 365d; + } + + location / { try_files $uri $uri/ @dokuwiki; } + + location @dokuwiki { + # rewrites "doku.php/" out of the URLs if you set the userwrite setting to .htaccess in dokuwiki config page + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1&$args last; + } + + location ~ \.php$ { + try_files $uri $uri/ /doku.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param REDIRECT_STATUS 200; + fastcgi_pass unix:/var/run/php/php-fpm-dokuwiki.sock; + } + + + ### Wiki-Migration redirects: + # Redirect MediaWikis Main_Page. + location = /Main_Page { + return 302 https://$host; + } + + location /ChaosVPN { + return 302 https://oldwiki.hamburg.ccc.de$uri; + } + + location ~ /EH(07|09|11) { + return 302 https://oldwiki.hamburg.ccc.de$uri; + } + + location /Easter { + return 302 https://oldwiki.hamburg.ccc.de$uri; + } +}