commit 69131abf70965f3da35ddbf0fb6a1ddc22b05469 Author: root Date: Wed Apr 9 00:31:46 2025 +0200 initial commit diff --git a/README.install b/README.install new file mode 100644 index 0000000..2d0052d --- /dev/null +++ b/README.install @@ -0,0 +1,3 @@ + +apt install trac +apt install subversion subversion-tools diff --git a/README.log b/README.log new file mode 100644 index 0000000..b0b266a --- /dev/null +++ b/README.log @@ -0,0 +1,8 @@ +# ---- +# user trac logo on environment sites +# --- + +TRAC_PARENT_DIR=/data/trac + +perl -i -n -p -e s"#^((src\s+=\s+)site/your_project_logo.png)#\#\1\n\2common/trac_logo_mini.png#" \ + ${TRAC_PARENT_DIR}/*/conf/trac.ini diff --git a/README.systemd-service b/README.systemd-service new file mode 100644 index 0000000..659696d --- /dev/null +++ b/README.systemd-service @@ -0,0 +1,16 @@ +[Unit] +Description=Trac Standalone Server +After=network.target + +[Service] +Type=simple +User=www-data +Group=www-data +Environment="TRAC_ENV_PARENT_DIR=/data/trac" +#ExecStart=/usr/bin/tracd --port 8051 --user=www-data --group=www-data --auth=*,/data/trac/.trac.htdigest,trac /data/trac +ExecStart=/usr/bin/tracd --port 8051 --auth=*,/data/trac/.trac.htdigest,trac /data/trac +Restart=on-failure +RestartSec=5s + +[Install] +WantedBy=multi-user.target diff --git a/README.vhos-nginx b/README.vhos-nginx new file mode 100644 index 0000000..baf4f0e --- /dev/null +++ b/README.vhos-nginx @@ -0,0 +1,91 @@ + +## +# You should look at the following URL's in order to grasp a solid understanding +# of Nginx configuration files in order to fully unleash the power of Nginx. +# https://www.nginx.com/resources/wiki/start/ +# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ +# https://wiki.debian.org/Nginx/DirectoryStructure +# +# In most cases, administrators will remove this file from sites-enabled/ and +# leave it as reference inside of sites-available where it will continue to be +# updated by the nginx packaging team. +# +# This file will automatically load configuration files provided by other +# applications, such as Drupal or Wordpress. These applications will be made +# available underneath a path with that package name, such as /drupal8. +# +# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. +## +server { + listen 80; + listen [::]:80; + server_name trac.wf.netz; + + # Enforce HTTPS + return 301 https://$server_name$request_uri; +} + +# Default server configuration +# +server { + + listen 443 ssl http2; + listen [::]:443 ssl http2; + + + # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits + # + # To generate a dhparam.pem file, run in a terminal + # openssl dhparam -dsaparam -out /etc/nginx/ssl/dhparam.pem 2048 + # + ssl_dhparam /etc/nginx/ssl/dhparam.pem; + + # Eable session resumption to improve https performance + ssl_session_cache shared:MozSSL:10m; # about 40000 sessions + ssl_session_timeout 10m; + ssl_session_tickets off; + + #ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # omit SSLv3 because of POODLE + # omit SSLv3 because of POODLE + # omit TLSv1 TLSv1.1 + ssl_protocols TLSv1.2 TLSv1.3; + + ssl_ecdh_curve X25519:prime256v1:secp384r1; + ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305; + + ssl_prefer_server_ciphers off; + + # OCSP stapling + ssl_stapling on; + ssl_stapling_verify on; + + root /usr/lib/python3/dist-packages/trac/htdocs; + #root /var/www/trac/htdocs; + + # Add index.php to the list if you are using PHP + index index.html index.htm index.nginx-debian.html; + + server_name trac.wf.netz; + + # HSTS (ngx_http_headers_module is required) (63072000 seconds) + add_header Strict-Transport-Security "max-age=63072000" always; + + add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive"; + + location / { + + # Make sure client_max_body_size is large enough, otherwise there would + # be "413 Request Entity Too Large" error when uploading large files. + client_max_body_size 512M; + + proxy_pass http://localhost:8051; + + proxy_set_header Connection $http_connection; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} +