catalinux / rocketgit (public) (License: Affero GPLv3) (since 2015-03-19) (hash sha1)
Main RocketGit repo
Clone URLs: https://rocketgit.com/user/catalinux/rocketgit ssh://rocketgit@ssh.rocketgit.com/user/catalinux/rocketgit git://git.rocketgit.com/user/catalinux/rocketgit
v0.0 v0.1 v0.10 v0.11 v0.12 v0.13 v0.14 v0.15 v0.17 v0.18 v0.19 v0.2 v0.20 v0.21 v0.22 v0.23 v0.24 v0.25 v0.27 v0.28 v0.29 v0.31 v0.32 v0.33 v0.34 v0.35 v0.36 v0.38 v0.39 v0.40 v0.41 v0.42 v0.43 v0.44 v0.45 v0.46 v0.47 v0.48 v0.49 v0.50 v0.51 v0.52 v0.53 v0.54 v0.55 v0.56 v0.57 v0.58 v0.60 v0.61 v0.62 v0.63 v0.64 v0.65 v0.66 v0.67 v0.68 v0.69 v0.70 v0.71 v0.72 v0.73 v0.77 v0.78 v0.79 v0.80 group1/branch1 group2/subgroup1/branch2 main master release
List of commits:
Subject Hash Author Date (UTC)
nginx preparations in .spec file and remove hard dependency on a web server 9aac8ca0a8cb26da4552b9e55f1d4d6b3a4a5d14 Catalin(ux) M. BOIE 2017-06-25 07:46:46
compare: added 'LDAP groups' item and 'Product distribution/evaluation' category ee0b6e752dd575ca1f2b94b7d1c9156db89e40c7 Catalin(ux) M. BOIE 2017-06-25 07:44:45
Improved the installation documentation (add added nginx) 7282afb958acad6e7a4399442b306df59a9b02c0 Catalin(ux) M. BOIE 2017-06-25 07:43:15
Docker fixes 16b1c0adb4518db3a1498c1e30d5a409b692b2bb Catalin(ux) M. BOIE 2017-06-25 07:36:09
Disabled repo 'Stats' menu because of performance issues da34324ac9972bac872916aef29d1d4e0b8f0499 Catalin(ux) M. BOIE 2017-06-09 17:50:54
Manually free memory to improve performance d6b93c1dc2aef248fba8d5f4a34e57ad3433f82f Catalin(ux) M. BOIE 2017-06-09 17:37:37
Add a random id to all requests to be able to identify them in the logs 1a487eb279fb2f77db64dbee1b2c1067b548899b Catalin(ux) M. BOIE 2017-05-29 17:09:20
Docker improvements and 'make docker' to easy testing 2171599842a90282c24845d41965ef6f7893342c Catalin(ux) M. BOIE 2017-05-28 10:09:21
Improved apache sample configuration de04d409f25a6f5d1fe304069753144c17c4f631 Catalin(ux) M. BOIE 2017-05-28 10:07:47
Use the database only after we setup the connection 26487d0f17f510d26ef182b6c0938022b0730752 Catalin(ux) M. BOIE 2017-05-25 16:39:53
Bump version to 0.68 02b4708f1cdad67a810f7f1808364774e8ac4831 Catalin(ux) M. BOIE 2017-05-25 14:33:17
Small debug of schema_ver 990ad6c4fad455a284a19ed2a60e80442c4ac9d8 Catalin(ux) M. BOIE 2017-05-25 14:32:54
TODO updates ea0e06ee96761e3220ac7a27ede1669c7501b9ba Catalin(ux) M. BOIE 2017-05-25 14:29:43
Prepare env to use base_url d6c009c120fce4df47a7651a94619142c8992d52 Catalin(ux) M. BOIE 2017-05-24 19:05:08
Use base_url function instead of the obsolete web_url variable a821ee84f3dcf7294ee569dbc2da8b442cb60f29 Catalin(ux) M. BOIE 2017-05-24 19:03:49
Declare state as loaded only if I can really save it in cache 10c2fcf9b78d6eb568e81ec34addfa2246d32618 Catalin(ux) M. BOIE 2017-05-24 18:53:25
Small texts fixes 9f7998f23276d44435bd3319099d13bcb40c6b7e Catalin(ux) M. BOIE 2017-05-24 18:51:50
Improved http tests by using persistent connections 9b77048af3f73f8bf30128d5b07a2bae28315d45 Catalin(ux) M. BOIE 2017-05-24 18:48:50
Big change allowing http and https to work in parallel 3f1836953c50735c7860da1f951eb82a42a1940b Catalin(ux) M. BOIE 2017-05-24 15:19:39
Do not generate an internal error if the user has no e-mail 6c355fe874750a9b5f454cbeeea28b5cf0f00236 Catalin(ux) M. BOIE 2017-05-06 10:55:41
Commit 9aac8ca0a8cb26da4552b9e55f1d4d6b3a4a5d14 - nginx preparations in .spec file and remove hard dependency on a web server
Author: Catalin(ux) M. BOIE
Author date (UTC): 2017-06-25 07:46
Committer name: Catalin(ux) M. BOIE
Committer date (UTC): 2017-06-25 07:46
Parent(s): ee0b6e752dd575ca1f2b94b7d1c9156db89e40c7
Signer:
Signing key:
Signing status: N
Tree: a75fe87062d572b011312000028de63871f64217
File Lines added Lines deleted
Makefile.in 10 4
rocketgit.spec.in 4 9
samples/nginx.conf 100 16
File Makefile.in changed (mode: 100644) (index 226558b..61b7d07)
... ... install: all
33 33 @mkdir -pv $(I_ETC)/cron.d @mkdir -pv $(I_ETC)/cron.d
34 34 cp -vd --no-clobber samples/cron $(I_ETC)/cron.d/$(PRJ) cp -vd --no-clobber samples/cron $(I_ETC)/cron.d/$(PRJ)
35 35 @mkdir -pv $(I_ETC)/httpd/conf.d @mkdir -pv $(I_ETC)/httpd/conf.d
36 cp -vd --no-clobber samples/rg.conf $(I_ETC)/httpd/conf.d/$(PRJ).conf
36 cp -vd samples/rg.conf $(I_ETC)/httpd/conf.d/$(PRJ).conf.sample
37 cp -vd samples/nginx.conf $(I_ETC)/nginx/conf.d/$(PRJ).conf.sample
37 38 @mkdir -pv $(I_ETC)/$(PRJ) @mkdir -pv $(I_ETC)/$(PRJ)
38 cp -vd --no-clobber samples/config.php $(I_ETC)/$(PRJ)/
39 39 cp -vd samples/config.php $(I_ETC)/$(PRJ)/config.php.sample cp -vd samples/config.php $(I_ETC)/$(PRJ)/config.php.sample
40 cp -vd --no-clobber samples/config.php $(I_ETC)/$(PRJ)/
40 41 cp -vd --no-clobber samples/php-fpm.conf $(I_ETC)/$(PRJ)/ cp -vd --no-clobber samples/php-fpm.conf $(I_ETC)/$(PRJ)/
41 42 cp -vd --no-clobber samples/pool.conf $(I_ETC)/$(PRJ)/ cp -vd --no-clobber samples/pool.conf $(I_ETC)/$(PRJ)/
42 @mkdir -pv $(I_ETC)/logrotate.d
43 cp -vd samples/logrotate $(I_ETC)/logrotate.d/$(PRJ)
44 43 @mkdir -pv $(I_USR)/lib/systemd/system/ @mkdir -pv $(I_USR)/lib/systemd/system/
45 44 cp -vd samples/rocketgit-fpm.service $(I_USR)/lib/systemd/system/rocketgit-fpm.service cp -vd samples/rocketgit-fpm.service $(I_USR)/lib/systemd/system/rocketgit-fpm.service
46 45 @ @
 
... ... push:
86 85 docker: docker:
87 86 @docker run --name rp --tty --detach \ @docker run --name rp --tty --detach \
88 87 rocketgit/rocketgit-postgresql rocketgit/rocketgit-postgresql
88 @(cd docker && sh prepare.sh)
89 89 @docker run --name rg --tty --publish-all --link rp --detach \ @docker run --name rg --tty --publish-all --link rp --detach \
90 90 --volume ${PWD}:/usr/share/rocketgit:ro \ --volume ${PWD}:/usr/share/rocketgit:ro \
91 --volume ${PWD}/docker/prepare/nginx.conf:/etc/nginx/conf.d/rocketgit.conf \
91 92 rocketgit/rocketgit rocketgit/rocketgit
93 @echo "Exported ports:"
92 94 docker port rg docker port rg
95 @echo
96 @echo "Add in your /etc/hosts file the docker IP and 'drg' name."
97 @echo
98 @echo "To attach to the rg machine: docker exec --tty --interactive rg bash"
93 99
94 100 .PHONY: docker-stop .PHONY: docker-stop
95 101 docker-stop: docker-stop:
File rocketgit.spec.in changed (mode: 100644) (index 5815fe0..dd0d012)
... ... Source: http://kernel.embedromix.ro/us/rocketgit/%{name}-%{version}.tar.gz
14 14 URL: https://rocketgit.com/ URL: https://rocketgit.com/
15 15 BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot
16 16 BuildArch: noarch BuildArch: noarch
17 Requires: httpd, mod_ssl, php-fpm, php-cli, php-pgsql, xinetd
18 Requires: git, cronie, postgresql-server
17 Requires: httpd-filesystem, nginx-filesystem, php-fpm, php-cli, php-pgsql
18 Requires: git, cronie, xinetd
19 19 Requires: util-linux Requires: util-linux
20 20 # SELinux stuff # SELinux stuff
21 21 # https://fedoraproject.org/wiki/SELinux_Policy_Modules_Packaging_Draft?rd=PackagingDrafts/SELinux/PolicyModules # https://fedoraproject.org/wiki/SELinux_Policy_Modules_Packaging_Draft?rd=PackagingDrafts/SELinux/PolicyModules
22 22 BuildRequires: checkpolicy, selinux-policy-devel, hardlink, systemd, php-cli BuildRequires: checkpolicy, selinux-policy-devel, hardlink, systemd, php-cli
23 # Needed for Fedora <= 19
24 %if "%{selinux_policyver}" != ""
25 Requires: selinux-policy >= %{selinux_policyver}
26 %endif
27 23 Requires(pre): shadow-utils Requires(pre): shadow-utils
28 24 Requires(post): /usr/sbin/semodule, /sbin/restorecon, /sbin/fixfiles Requires(post): /usr/sbin/semodule, /sbin/restorecon, /sbin/fixfiles
29 25 Requires(postun): /usr/sbin/semodule, /sbin/restorecon, /sbin/fixfiles Requires(postun): /usr/sbin/semodule, /sbin/restorecon, /sbin/fixfiles
 
... ... done
50 46
51 47 if [ $1 -ne 0 ]; then if [ $1 -ne 0 ]; then
52 48 /sbin/service xinetd reload &>/dev/null || : /sbin/service xinetd reload &>/dev/null || :
53 /sbin/service httpd reload &>/dev/null || :
54 49 fi fi
55 50 %systemd_post @PRJ@-fpm.service %systemd_post @PRJ@-fpm.service
56 51
 
... ... rm -rf ${RPM_BUILD_ROOT}
89 84 %doc README LICENSE Changelog TODO selinux/@PRJ@.* samples/* %doc README LICENSE Changelog TODO selinux/@PRJ@.* samples/*
90 85 %attr(0700,rocketgit,rocketgit) %dir @ETC@/@PRJ@ %attr(0700,rocketgit,rocketgit) %dir @ETC@/@PRJ@
91 86 @ETC@/@PRJ@/config.php.sample @ETC@/@PRJ@/config.php.sample
92 @ETC@/logrotate.d/rocketgit
87 @ETC@/httpd/conf.d/rocketgit.conf.sample
88 @ETC@/nginx/conf.d/rocketgit.conf.sample
93 89 %config(noreplace) @ETC@/@PRJ@/config.php %config(noreplace) @ETC@/@PRJ@/config.php
94 90 %config(noreplace) @ETC@/@PRJ@/php-fpm.conf %config(noreplace) @ETC@/@PRJ@/php-fpm.conf
95 91 %config(noreplace) @ETC@/@PRJ@/pool.conf %config(noreplace) @ETC@/@PRJ@/pool.conf
96 92 %config(noreplace) @ETC@/cron.d/rocketgit %config(noreplace) @ETC@/cron.d/rocketgit
97 93 %config(noreplace) @ETC@/xinetd.d/rocketgit %config(noreplace) @ETC@/xinetd.d/rocketgit
98 %config(noreplace) @ETC@/httpd/conf.d/rocketgit.conf
99 94 %attr(0700,rocketgit,rocketgit) %dir @VAR_LOG@/@PRJ@ %attr(0700,rocketgit,rocketgit) %dir @VAR_LOG@/@PRJ@
100 95 %attr(0755,root,root) %dir @VAR_LIB@/@PRJ@ %attr(0755,root,root) %dir @VAR_LIB@/@PRJ@
101 96 %attr(0700,rocketgit,rocketgit) %dir @VAR_LIB@/@PRJ@/locks %attr(0700,rocketgit,rocketgit) %dir @VAR_LIB@/@PRJ@/locks
File samples/nginx.conf changed (mode: 100644) (index 933629a..0a57d7e)
1 upstream rg-php-fpm {
2 server unix:/run/php-fpm/rocketgit.sock;
3 }
1 #upstream rg-php-fpm {
2 # server unix:/run/php-fpm/rocketgit.sock;
3 #}
4 4
5 # HTTP server
5 6 server { server {
6 listen 9002;
7 listen [::]:9002;
8 server_name rg.domain.tld;
9 # TODO: ServerAlias equivalent?
7 listen 80 backlog=128 rcvbuf=64k;
8 listen [::]:80 backlog=128 rcvbuf=64k;
9 server_name rg.domain.tld # add here, space separated, more names;
10 10 server_tokens off; server_tokens off;
11 11 root /usr/share/rocketgit/root; root /usr/share/rocketgit/root;
12 12
13 # TODO - is ok in this context?
14 client_max_body_size 1000m;
15 # more than that is written into a file first
16 client_body_buffer_size 128k;
17
18 # timeouts
19 client_body_timeout 10;
20 client_header_timeout 10;
13 21 keepalive_timeout 10; keepalive_timeout 10;
22 send_timeout 10;
14 23
15 client_max_body_size 1m;
24 # Security (ClickJacking)
25 add_header X-Frame-Options DENY;
16 26
17 27 access_log /var/log/nginx/rg-access.log; access_log /var/log/nginx/rg-access.log;
18 28 error_log /var/log/nginx/rg-error.log; error_log /var/log/nginx/rg-error.log;
19 29
30 if ($request_method !~ ^(GET|HEAD|POST|OPTIONS)$) { return 444; }
31
32 # Force the use of only one name even if we have more aliases.
33 # Before un-commenting it, change SERVERNAME and PORT to real values
34 #if ($host != SERVERNAME) {
35 # rewrite ^/?(.*)$ http://SERVERNAME:PORT/$1 permanent;
36 #}
37
20 38 location ~ ^/(favicon\.ico|themes/.*|robots\.txt|\.well-known/.*)$ { location ~ ^/(favicon\.ico|themes/.*|robots\.txt|\.well-known/.*)$ {
21 # TODO: what to put here?
22 expires max;
39 expires 1d;
23 40 } }
24 41
25 42 location / { location / {
26 client_max_body_size 0;
27 client_body_buffer_size 128k;
28 43 gzip off; gzip off;
29 44
30 # To allow streaming of the chunked request data to fpm
31 # TODO: we cannot do this now because php-fpm does not know
32 # to decode chunked encoding!
33 #fastcgi_request_buffering off;
45 # To be able to know that the client closed the connection
46 # TODO: equivalent for apache?
47 fastcgi_ignore_client_abort off;
48
49 # To allow streaming of the response data to client
50 fastcgi_buffering off;
51
52 # TODO
53 fastcgi_keep_conn on;
54
55 include /etc/nginx/fastcgi_params;
56 fastcgi_param SCRIPT_FILENAME $document_root/index.php$fastcgi_script_name;
57
58 fastcgi_pass unix:/run/php-fpm/rocketgit.sock;
59 }
60 }
61
62 # HTTPS server
63 server {
64 listen 443 ssl backlog=128 rcvbuf=64k;
65 listen [::]:443 ssl backlog=128 rcvbuf=64k;
66 server_name rg.domain.tld # add here, space separated, more names;
67 server_tokens off;
68 root /usr/share/rocketgit/root;
69
70 # TODO - is ok in this context?
71 client_max_body_size 1000m;
72 # more than that is written into a file first
73 client_body_buffer_size 128k;
74
75 # timeouts
76 client_body_timeout 10;
77 client_header_timeout 10;
78 keepalive_timeout 10;
79 send_timeout 10;
80
81 # Security (ClickJacking)
82 add_header X-Frame-Options DENY;
83 add_header Strict-Transport-Security "max-age=31536000";
84
85 access_log /var/log/nginx/rg-ssl-access.log;
86 error_log /var/log/nginx/rg-ssl-error.log;
87
88 if ($request_method !~ ^(GET|HEAD|POST|OPTIONS)$) { return 444; }
89
90 # Force the use of only one name even if we have more aliases.
91 # Before un-commenting it, change SERVERNAME and PORT to real values
92 #if ($host != SERVERNAME) {
93 # rewrite ^/?(.*)$ http://SERVERNAME:PORT/$1 permanent;
94 #}
95
96 location ~ ^/(favicon\.ico|themes/.*|robots\.txt|\.well-known/.*)$ {
97 expires 1d;
98 }
99
100 location / {
101 gzip off;
34 102
35 103 # To be able to know that the client closed the connection # To be able to know that the client closed the connection
36 104 # TODO: equivalent for apache? # TODO: equivalent for apache?
 
... ... server {
47 115
48 116 fastcgi_pass unix:/run/php-fpm/rocketgit.sock; fastcgi_pass unix:/run/php-fpm/rocketgit.sock;
49 117 } }
118
119 ssl_certificate /etc/pki/tls/certs/localhost.crt;
120 ssl_certificate_key /etc/pki/tls/private/localhost.key;
121 ssl_prefer_server_ciphers on;
122 # Specify the cyphers to get an A+ on Qualys (ssllabs.com); recommended
123 # https://www.digicert.com/ssl-support/ssl-enabling-perfect-forward-secrecy.htm
124 ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4";
125 ssl_protocols TLSv1.2;
126 ssl_session_cache shared:SSL:1m;
127 ssl_session_timeout 5m;
128
129 # https://developer.mozilla.org/en-US/docs/Web/HTTP/Public_Key_Pinning
130 # To generate pin-sha256 string: openssl s_client -servername <server> -connect <server>:443 | openssl x509 -pubkey -noout | openssl rsa -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64
131 # add_header Public-Key-Pins "pin-sha256=\"base64+primary==\"; pin-sha256=\"base64+backup==\"; max-age=5184000; includeSubDomains; report-uri=\"https://www.example.org/hpkp-report\""
132 # add_header Public-Key-Pins-Report-Only ... # to not block users!
133
50 134 } }
Hints:
Before first commit, do not forget to setup your git environment:
git config --global user.name "your_name_here"
git config --global user.email "your@email_here"

Clone this repository using HTTP(S):
git clone https://rocketgit.com/user/catalinux/rocketgit

Clone this repository using ssh (do not forget to upload a key first):
git clone ssh://rocketgit@ssh.rocketgit.com/user/catalinux/rocketgit

Clone this repository using git:
git clone git://git.rocketgit.com/user/catalinux/rocketgit

You are allowed to anonymously push to this repository.
This means that your pushed commits will automatically be transformed into a merge request:
... clone the repository ...
... make some changes and some commits ...
git push origin main