blob: c7807cee3f6007f076915fd154031a0a3f2a33f2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
|
. ${BUILDFILE%/*}/common.sh
pkgver=20161112
package() {
preamble
# #### Wiki
depends+=(
# PHP
config-mgmt-certbot
config-mgmt-nginx
config-mgmt-uwsgi
uwsgi-plugin-php
php-apcu-bc
php-intl
# External
mariadb
imagemagick
# Deployment
git
)
add-file -m755 etc/ssl/misc/certbot-get.d/10-wiki <<EOF
#!/bin/bash
echo wiki.{parabola.nu,parabolagnulinux.org}
EOF
add-file etc/nginx/sites/server-wiki_parabola_nu.conf <<EOF
# -*- Mode: nginx; nginx-indent-level: 8; indent-tabs-mode: t -*-
server {
server_name wiki.parabola.nu;
listen 443 ssl http2;
listen [::]:443 ssl http2;
error_log /var/log/nginx/nginx.http.wiki_parabola_nu.error.log error;
access_log /var/log/nginx/nginx.http.wiki_parabola_nu.access.log specific;
location = /favicon.ico {
alias /srv/http/\$server_name/skins/ArchLinux/favicon.ico;
}
location = /robots.txt {
alias /srv/http/\$server_name/robots.txt;
}
index index.php;
location / { root /var/empty; try_files /bogus @rewrite; }
location /images/ { }
location /skins/ { }
location /resources/ { }
location /api.php { root /var/empty; try_files /bogus @php; }
location /api.php5 { root /var/empty; try_files /bogus @php; }
location /img_auth.php { root /var/empty; try_files /bogus @php; }
location /img_auth.php5 { root /var/empty; try_files /bogus @php; }
location /index.php { root /var/empty; try_files /bogus @php; }
location /index.php5 { root /var/empty; try_files /bogus @php; }
location /load.php { root /var/empty; try_files /bogus @php; }
location /load.php5 { root /var/empty; try_files /bogus @php; }
location /opensearch_desc.php { root /var/empty; try_files /bogus @php; }
location /opensearch_desc.php5 { root /var/empty; try_files /bogus @php; }
location /profileinfo.php { root /var/empty; try_files /bogus @php; }
location /thumb.php { root /var/empty; try_files /bogus @php; }
location /thumb.php5 { root /var/empty; try_files /bogus @php; }
location /thumb_handler.php { root /var/empty; try_files /bogus @php; }
location /thumb_handler.php5 { root /var/empty; try_files /bogus @php; }
location /wiki.phtml { root /var/empty; try_files /bogus @php; }
location @rewrite {
rewrite ^/(.*)\$ /index.php?title=\$1&\$args;
}
location @php {
uwsgi_cache_key \$host\$request_uri;
uwsgi_cache_valid 5m;
#uwsgi_cache one;
include uwsgi_params;
uwsgi_modifier1 14; # Standard PHP request
uwsgi_pass unix:/run/uwsgi/wiki.sock;
}
}
EOF
depends+=(
cronie
)
add-file etc/cron.spool/wiki <<EOF
0 0 * * * /srv/http/wiki.parabola.nu/FunnyQuestion.conf.php.sh
EOF
add-file etc/uwsgi/wiki.ini <<EOF
[uwsgi]
master = true
processes = 4
uid = %n
gid = http
plugins = php
# Native code is faster than PHP fallback code
php-set = extension=intl.so
# Required for MediaWiki
php-set = extension=iconv.so
php-set = extension=mysqli.so
# Enable OPcache bytecode caching
php-set = zend_extension=opcache.so
# Enable APCu object caching (related to LocalSettings.php:$wgMainCacheType=CACHE_ACCEL)
php-set = extension=apcu.so
php-set = extension=apc.so
# Restrict the files that can be opened:
# - /srv/http/wiki.parabola.nu: duh, the PHP code
# - /usr/bin: to check for diff3, imagemagick, et c.
# - /tmp: eh?
php-set = open_basedir=/srv/http/wiki.parabola.nu:/usr/bin:/tmp
EOF
add-unit etc/systemd/system/sockets.target.wants/uwsgi@wiki.socket
postamble
}
|