Friendica/friendica
Friendica/friendica
1
0
Fork 1
mirror of https://git.friendi.ca/friendica/friendica.git synced 2025-06-17 03:25:15 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

revertig file movements

Browse source
This commit is contained in:
Tobias Diekershoff 2018-05-15 19:23:13 +02:00
parent f6d4d83bd1
commit b74f9e07bc
4 changed files with 0 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

31
doc/server-config/readme.txt
View file

@ -1,31 +0,0 @@
sample-Lighttpd.config
sample-nginx.config
Sample configuration files to use Friendica with Lighttpd
or Nginx. Pleas check software documentation to know how modify
these examples to make them work on your server.
sample-systemd.timer
sample-systemd.service
Sample systemd unit files to start worker.php periodically.
Please place them in the correct location for your system,
typically this is /etc/systemd/system/friendicaworker.timer
and /etc/systemd/system/friendicaworker.service.
Please report problems and improvements to
!helpers@forum.friendi.ca and @utzer@social.yl.ms or open an
issue in Github (https://github.com/friendica/friendica/issues).
This is for usage of systemd instead of cron to start the worker.php
periodically, the solution is work-in-progress and can surely be improved.
home.css
home.html
Example files to customize the landing page of your Friendica node.
The home.html file contains the text of the page, the home.css file
the style information. The login box will be added according to the
other system settings.
Both files have to be placed in the base directory of your Friendica
installation to be used for the landing page.

138
doc/server-config/sample-Lighttpd.config
View file

@ -1,138 +0,0 @@
Below is a sample config for Lighttpd that
seems to work well on Debian Squeeze, with "lighttpd/1.4.28 (ssl)"
The idea is: if someone enters the bare URL for my site, 'example.com',
they get redirected to https://example.com/index.html, which is simply a
page with two links on it: https://wordpress.example.com and
https://friendica.example.com.
If someone enters https://example.com, they get redirected to
https://wordpress.example.com/main/, which is the 'main' blog in a Word
Press 'network install' of the 'subdirectory' variety.
I thought it might be nice to offer people who join my Friendica
instance their own blogs, if they like.
One can obtain free, signed, single subdomain SSL certificates from
StartCom CA, which upon checking I noticed was already installed in both
Firefox and Google Chromium. Info at http://cert.startcom.org/ . So I
got one for each site, and have Lighty use the appropriate cert based on
the requested URL.
Enjoy!
On Debian Jessie with lighttpd 1.4.35-4 there was a problem encountered
between curl (which is used by Friendica in the background) and lighttp.
This problem caused requests being served with an error code of 417 in
the logs and no delivery of postings from the contacts.
One can solve the issue by adding
server.reject-expect-100-with-417 = "disable"
to the lighttpd configuratiion file (e.g. in the beginning with the
other 'server.xxx' settings.
---------------( config starts )-----------------
debug.log-request-handling = "disable"
debug.log-condition-handling = "disable"
server.modules = (
"mod_access",
"mod_alias",
"mod_compress",
"mod_redirect",
"mod_fastcgi",
"mod_rewrite"
)
server.document-root = "/var/www"
server.upload-dirs = ( "/var/cache/lighttpd/uploads" )
server.errorlog = "/var/log/lighttpd/error.log"
server.pid-file = "/var/run/lighttpd.pid"
server.username = "www-data"
server.groupname = "www-data"
# enable SSL
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/ssl/wordpress.pem"
ssl.ca-file = "/etc/lighttpd/ssl/ca.pem"
# fix for problem between curl and lighttpd
server.reject-expect-100-with-417 = "disable"
# Send everybody to landing page:
$SERVER["socket"] == ":80" {
$HTTP["scheme"] == "http" {
$HTTP["host"] =~ ".*" {
# This next redirect doesn't appear to ever execute in Firefox
# (sometimes, anyway -- caching issue?), but it does seem to
# reliably in Google's Chromium browser. If I change it here
# and restart Lighty, Firefox still goes to the URL in the
# last 'else' below. Or something.
Sometimes.
server.document-root = "/var/www"
url.redirect = (".*" => "https://example.com")
}
}
}
else $SERVER["socket"] == ":443" {
$HTTP["scheme"] == "https" {
$HTTP["host"] == "wordpress.example.com" {
server.document-root = "/var/www/wordpress"
ssl.pemfile = "/etc/lighttpd/ssl/wordpress.pem"
# include "wpmu-rewrites.conf"
url.rewrite-if-not-file = (
"^/(.*/)?files/$" => "/index.php",
"^/(.*/)?files/(.*)" => "/wp-includes/ms-files.php?file=$2",
"^(/wp-admin/.*)" => "$1",
"^/([_0-9a-zA-Z-]+/)?(wp-.*)" => "/$2",
"^/([_0-9a-zA-Z-]+/)?(.*\.php)" => "/$2",
"^/(.*)/?$" => "/index.php/$1"
)
}
else $HTTP["host"] == "friendica.example.com" {
server.document-root = "/var/www/friendica"
ssl.pemfile = "/etc/lighttpd/ssl/friendica.pem"
# Got the following 'Drupal Clean URL'after Mike suggested trying
# something along those lines, from http://drupal.org/node/1414950
url.rewrite-if-not-file = (
"^\/([^\?]*)\?(.*)$" => "/index.php?q=$1&$2",
"^\/(.*)$" => "/index.php?q=$1"
)
}
else $HTTP["host"] !~ "(friendica.example.com|wordpress.example.com)" {
server.document-root = "/var/www/wordpress"
ssl.pemfile = "/etc/lighttpd/ssl/wordpress.pem"
url.redirect = (".*" => "https://wordpress.example.com/main/")
}
}
}
index-file.names = ( "index.php", "index.html",
"index.htm", "default.htm",
"index.lighttpd.html" )
url.access-deny = ( "~", ".inc" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
include_shell "/usr/share/lighttpd/use-ipv6.pl"
dir-listing.encoding = "utf-8"
server.dir-listing = "disable"
#compress.cache-dir = "/var/cache/lighttpd/compress/"
#compress.filetype = ( "application/x-javascript", "text/css", "text/html", "text/p\lain" )
include_shell "/usr/share/lighttpd/create-mime.assign.pl"
include_shell "/usr/share/lighttpd/include-conf-enabled.pl"
---------------( config ends )-----------------

37
doc/server-config/sample-nginx-reverse-proxy.config
View file

@ -1,37 +0,0 @@
#
# Example of NGINX as reverse-proxy terminating an HTTPS connection.
#
# This is not a complete NGINX config.
#
# Please refer to NGINX docs
#
# Note provided by Gabe R.: if you are using nginx as proxy server for Apache2
# make sure your nginx config DOES NOT contain the following
# -----
# location ~ /.well-known {
# allow all;
# }
# -----
...
server {
...
# assuming Friendica runs on port 8080
location / {
if ( $scheme != https ) {
# Force Redirect to HTTPS
return 302 https://$host$uri;
}
proxy_pass http://localhost:8080;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Forwarded "for=$proxy_add_x_forwarded_for; proto=$scheme";
}
...
}

141
doc/server-config/sample-nginx.config
View file

@ -1,141 +0,0 @@
##
# Friendica Nginx configuration
# by Olaf Conradi
#
# On Debian based distributions you can add this file to
# /etc/nginx/sites-available
#
# Then customize to your needs. To enable the configuration
# symlink it to /etc/nginx/sites-enabled and reload Nginx using
#
# service nginx reload
##
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
#
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
##
##
# This configuration assumes your domain is example.net
# You have a separate subdomain friendica.example.net
# You want all Friendica traffic to be https
# You have an SSL certificate and key for your subdomain
# You have PHP FastCGI Process Manager (php5-fpm) running on localhost
# You have Friendica installed in /var/www/friendica
##
server {
listen 80;
server_name friendica.example.net;
index index.php;
root /var/www/friendica;
rewrite ^ https://friendica.example.net$request_uri? permanent;
}
##
# Configure Friendica with SSL
#
# All requests are routed to the front controller
# except for certain known file types like images, css, etc.
# Those are served statically whenever possible with a
# fall back to the front controller (needed for avatars, for example)
##
server {
listen 443 ssl;
server_name friendica.example.net;
ssl on;
#Traditional SSL
ssl_certificate /etc/nginx/ssl/friendica.example.net.chain.pem;
ssl_certificate_key /etc/nginx/ssl/example.net.key;
# If you have used letsencrypt as your SSL provider, remove the previous two lines, and uncomment the following two (adjusting the path) instead.
# ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
ssl_prefer_server_ciphers on;
fastcgi_param HTTPS on;
index index.php;
charset utf-8;
root /var/www/friendica;
access_log /var/log/nginx/friendica.log;
#Uncomment the following line to include a standard configuration file
#Note that the most specific rule wins and your standard configuration
#will therefore *add* to this file, but not override it.
#include standard.conf
# allow uploads up to 20MB in size
client_max_body_size 20m;
client_body_buffer_size 128k;
# rewrite to front controller as default rule
location / {
if ($is_args != "") {
rewrite ^/(.*) /index.php?pagename=$uri&$args last;
}
rewrite ^/(.*) /index.php?pagename=$uri last;
}
# make sure webfinger and other well known services aren't blocked
# by denying dot files and rewrite request to the front controller
location ^~ /.well-known/ {
allow all;
rewrite ^/(.*) /index.php?pagename=$uri&$args last;
}
# statically serve these file types when possible
# otherwise fall back to front controller
# allow browser to cache them
# added .htm for advanced source code editor library
location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {
expires 30d;
try_files $uri /index.php?pagename=$uri&$args;
}
# block these file types
location ~* \.(tpl|md|tgz|log|out)$ {
deny all;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
# or a unix socket
location ~* \.php$ {
# Zero-day exploit defense.
# http://forum.nginx.org/read.php?2,88845,page=3
# Won't work properly (404 error) if the file is not stored on this
# server, which is entirely possible with php-fpm/php-fcgi.
# Comment the 'try_files' line out if you set up php-fpm/php-fcgi on
# another machine. And then cross your fingers that you won't get hacked.
try_files $uri =404;
# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# With php5-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# With php5-fpm:
fastcgi_pass unix:/var/run/php5-fpm.sock;
include fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
# deny access to all dot files
location ~ /\. {
deny all;
}
}