initial commit

README.install

@@ -0,0 +1,3 @@
+
+apt install trac
+apt install subversion subversion-tools

README.log

@@ -0,0 +1,8 @@
+# ----
+# user trac logo on environment sites
+# ---
+
+TRAC_PARENT_DIR=/data/trac
+
+perl -i -n -p -e s"#^((src\s+=\s+)site/your_project_logo.png)#\#\1\n\2common/trac_logo_mini.png#" \
+   ${TRAC_PARENT_DIR}/*/conf/trac.ini

README.systemd-service

@@ -0,0 +1,16 @@
+[Unit]
+Description=Trac Standalone Server
+After=network.target
+
+[Service]
+Type=simple
+User=www-data
+Group=www-data
+Environment="TRAC_ENV_PARENT_DIR=/data/trac"
+#ExecStart=/usr/bin/tracd --port 8051 --user=www-data --group=www-data --auth=*,/data/trac/.trac.htdigest,trac /data/trac
+ExecStart=/usr/bin/tracd --port 8051 --auth=*,/data/trac/.trac.htdigest,trac /data/trac
+Restart=on-failure
+RestartSec=5s
+
+[Install]
+WantedBy=multi-user.target

README.vhos-nginx

@@ -0,0 +1,91 @@
+
+##
+# You should look at the following URL's in order to grasp a solid understanding
+# of Nginx configuration files in order to fully unleash the power of Nginx.
+# https://www.nginx.com/resources/wiki/start/
+# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
+# https://wiki.debian.org/Nginx/DirectoryStructure
+#
+# In most cases, administrators will remove this file from sites-enabled/ and
+# leave it as reference inside of sites-available where it will continue to be
+# updated by the nginx packaging team.
+#
+# This file will automatically load configuration files provided by other
+# applications, such as Drupal or Wordpress. These applications will be made
+# available underneath a path with that package name, such as /drupal8.
+#
+# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
+##
+server {
+   listen 80;
+   listen [::]:80;
+   server_name trac.wf.netz;
+
+   # Enforce HTTPS
+   return 301 https://$server_name$request_uri;
+}
+
+# Default server configuration
+#
+server {
+
+   listen 443      ssl http2;
+   listen [::]:443 ssl http2;
+
+
+   # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
+   #
+   # To generate a dhparam.pem file, run in a terminal
+   #    openssl dhparam -dsaparam -out /etc/nginx/ssl/dhparam.pem 2048
+   #
+   ssl_dhparam /etc/nginx/ssl/dhparam.pem;
+
+   # Eable session resumption to improve https performance
+   ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
+   ssl_session_timeout 10m;
+   ssl_session_tickets off;
+
+   #ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # omit SSLv3 because of POODLE
+   # omit SSLv3 because of POODLE
+   # omit  TLSv1 TLSv1.1
+   ssl_protocols TLSv1.2 TLSv1.3;
+
+   ssl_ecdh_curve X25519:prime256v1:secp384r1;
+   ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
+
+   ssl_prefer_server_ciphers off;
+
+   # OCSP stapling
+   ssl_stapling on;
+   ssl_stapling_verify on;
+
+	root /usr/lib/python3/dist-packages/trac/htdocs;
+	#root /var/www/trac/htdocs;
+
+	# Add index.php to the list if you are using PHP
+	index index.html index.htm index.nginx-debian.html;
+
+	server_name trac.wf.netz;
+
+   # HSTS (ngx_http_headers_module is required) (63072000 seconds)
+   add_header Strict-Transport-Security "max-age=63072000" always;
+
+   add_header  X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
+
+	location / {
+
+      # Make sure client_max_body_size is large enough, otherwise there would 
+      # be "413 Request Entity Too Large" error when uploading large files.
+      client_max_body_size 512M;
+
+      proxy_pass http://localhost:8051;
+
+      proxy_set_header Connection $http_connection;
+      proxy_set_header Upgrade $http_upgrade;
+      proxy_set_header Host $host;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto $scheme;
+	}
+}
+