initial commit of file from CVS for smeserver-dokuwiki on Sat Sep 7 20:19:56 AEST 2024

2024-09-07 20:19:56 +10:00
parent 591af675cf
commit c17236d1fb
17 changed files with 547 additions and 2 deletions
--- a/root/etc/e-smith/templates/etc/dokuwiki/local.protected.php/10auth
+++ b/root/etc/e-smith/templates/etc/dokuwiki/local.protected.php/10auth
@@ -0,0 +1,49 @@
+{
+
+use esmith::util;
+my $base = esmith::util::ldapBase($DomainName);
+my $auth = $dokuwiki{'Authentication'} || 'ldap';
+my $ldapPort = $ldap{'TCPPort'} || '389';
+
+if ($auth eq 'internal'){
+    $OUT .=<<"EOF";
+
+\$conf['authtype'] = 'authplain';
+
+EOF
+
+}
+elsif ($auth eq 'ldap'){
+    $OUT .=<<"EOF";
+
+\$conf['authtype'] = 'authldap';
+
+EOF
+
+}
+elsif ($auth eq 'LemonLDAP'){
+    $OUT .=<<"EOF";
+
+\$conf['authtype'] = 'authhttpldap';
+
+EOF
+
+}
+
+if ($auth eq 'LemonLDAP' or $auth eq 'ldap'){
+    $OUT .=<<"EOF";
+
+\$conf['plugin'][\$conf['authtype']]['server'] = "ldap://localhost:$ldapPort";
+\$conf['plugin'][\$conf['authtype']]['version'] = '3';
+\$conf['plugin'][\$conf['authtype']]['usertree'] = 'ou=Users,$base';
+\$conf['plugin'][\$conf['authtype']]['grouptree'] = 'ou=Groups,$base';
+\$conf['plugin'][\$conf['authtype']]['userfilter'] = '(&(uid=%{user})(objectClass=inetOrgPerson))';
+\$conf['plugin'][\$conf['authtype']]['groupfilter'] = '(&(objectClass=mailboxRelatedObject)(memberUid=%{user}))';
+\$conf['plugin'][\$conf['authtype']]['groupkey'] = 'cn';
+
+EOF
+
+}
+
+}
+
--- a/root/etc/e-smith/templates/etc/dokuwiki/local.protected.php/20acl
+++ b/root/etc/e-smith/templates/etc/dokuwiki/local.protected.php/20acl
@@ -0,0 +1,11 @@
+
+$conf['useacl'] = 1;
+
+{
+
+if (system('egrep -q "^[^#/].*\[\'superuser\'\]" /etc/dokuwiki/local.php') != 0){
+    $OUT .= '$conf[\'superuser\'] = \'admin\';';
+}
+
+}
+
--- a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/68FastCGIConfig20Dokuwiki
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/68FastCGIConfig20Dokuwiki
@@ -0,0 +1,9 @@
+{
+if ($fastcgi_mod eq 'mod_fastcgi'){
+  $OUT .=<<_EOF;
+Action phpdokuwiki-fastcgi /php-cgi-bin/phpdokuwiki-wrapper
+Alias /php-cgi-bin/phpdokuwiki-wrapper /var/www/php-cgi-bin/phpdokuwiki-wrapper
+FastCgiExternalServer /var/www/php-cgi-bin/phpdokuwiki-wrapper -socket /var/run/php-fpm/php__PHP_VERSION__-dokuwiki.sock -pass-header Authorization -idle-timeout 120
+_EOF
+}
+}
--- a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/98Dokuwiki
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/98Dokuwiki
@@ -0,0 +1,103 @@
+{
+
+if (($dokuwiki{'status'} || 'disabled') eq 'enabled'){
+    my $alias = (($dokuwiki{'AliasOnPrimary'} || 'enabled') eq 'enabled' ) ? 'Alias /dokuwiki /usr/share/dokuwiki':'';
+    my $allow = (($dokuwiki{'access'} || 'private') eq 'public') ? 'all granted':"ip $localAccess $externalSSLAccess";
+    my $auth = (($dokuwiki{'Authentication'} || 'internal') eq 'http') ? "AuthName \"Dokuwiki\"\n" .
+                    "    AuthType Basic\n" .
+                    "    AuthBasicProvider external\n" .
+                    "    AuthExternal pwauth\n" : '';
+    my $ssl = (($dokuwiki{'RequireSSL'} || 'enabled') =~ m/^(enabled|yes|on)$/i) ? 
+        'SSLRequireSSL on':'# SSL is not enforced';
+    my $maxsize = $dokuwiki{'MaxUploadSize'} || '200';
+    $maxsize .= 'M' unless ($maxsize =~ m/M$/);
+    my $php =<<_EOF;
+
+    AddType application/x-httpd-php .php
+    php_admin_value open_basedir /usr/share/dokuwiki:/var/lib/dokuwiki:/etc/dokuwiki:/dev/urandom
+    php_admin_value memory_limit 128M
+    php_admin_value upload_max_filesize $maxsize
+    php_admin_value post_max_size $maxsize
+    php_admin_value upload_tmp_dir /var/lib/dokuwiki/data/tmp
+    php_admin_value session.save_path /var/lib/dokuwiki/data/tmp
+
+_EOF
+    if ($fastcgi_mod eq 'mod_fastcgi'){
+        $php = "AddHandler phpdokuwiki-fastcgi .php\n";
+    }
+    elsif ($fastcgi_mod eq 'mod_proxy_fcgi'){
+        $php =<<_EOF;
+
+    <FilesMatch \\.php\$>
+        SetHandler "proxy:unix:/var/run/php-fpm/php74-dokuwiki.sock|fcgi://localhost"
+    </FilesMatch>
+_EOF
+    }
+
+    $OUT .=<<_EOF;
+
+$alias
+
+<Directory /usr/share/dokuwiki>
+    AllowOverride None
+    Options +FollowSymlinks
+    $ssl
+_EOF
+
+    if ( $auth ) {
+	$OUT .= "    $auth\n" .
+		"    <RequireAll>\n" .
+		"        Require $allow\n" .
+                "        Require valid-user\n" .
+		"    </RequireAll>\n";
+    } else {
+	$OUT .= "Require $allow\n";
+    }
+
+    $OUT .=<<_EOF;
+    $php
+</Directory>
+
+<Directory /usr/share/dokuwiki/inc>
+    Require all denied
+</Directory>
+
+<Directory /usr/share/dokuwiki/inc/lang>
+    Require all denied
+</Directory>
+
+<Directory /usr/share/dokuwiki/lib/_fla>
+    ## no access to the fla directory
+    Require all denied
+</Directory>
+
+## no access to the conf directory
+<Directory /etc/dokuwiki>
+    Require all denied
+</Directory>
+<Directory /usr/share/dokuwiki/conf>
+    Require all denied
+</Directory>
+
+## no access to the data directory
+<Directory /usr/share/dokuwiki/data>
+    Require all denied
+</Directory>
+<Directory /var/lib/dokuwiki>
+    Require all denied
+</Directory>
+
+
+_EOF
+
+} else {
+    $OUT .=<<'EOF';
+
+# Dokuwiki is disabled
+# You can enable it with
+# db configuration setprop dokuwiki status enabled
+# signal-event webapps-update
+
+EOF
+}
+}
--- a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/61redirDokuwiki
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/61redirDokuwiki
@@ -0,0 +1,15 @@
+{
+my $sslport = $modSSL{'TCPPort'} || '443';
+my $alias = $dokuwiki{'AliasOnPrimary'} || 'enabled';
+my $requiressl = $dokuwiki{'RequireSSL'} || 'yes';
+
+if (($port ne $sslport) && ($requiressl =~ m/^(enabled|yes|on|1|login)$/i) && ($alias ne 'disabled')){
+
+    ## Redirect Web Address to Secure Address
+    $OUT .= "    RewriteEngine on\n";
+    $OUT .= "    RewriteCond %{QUERY_STRING} do=login\n" if ($requiressl eq 'login');
+    $OUT .= "    RewriteRule ^/dokuwiki(/.*|\$) https://%{HTTP_HOST}/dokuwiki\$1 \[L,R\]\n";
+
+}
+}
+
--- a/root/etc/e-smith/templates/etc/php-fpm.d/www.conf/20Dokuwiki
+++ b/root/etc/e-smith/templates/etc/php-fpm.d/www.conf/20Dokuwiki
@@ -0,0 +1,50 @@
+{
+
+if ($PHP_VERSION eq '__PHP_VERSION__'){
+  if (($dokuwiki{'status'} || 'disabled') eq 'enabled'){
+    my $max_upload_size = ($dokuwiki{MaxUploadSize} || '20') . 'M';
+    my $id = 'dokuwiki';
+    $OUT .=<<_EOF;
+
+[php$PHP_VERSION-$id]
+user = www
+group = www
+listen.owner = root
+listen.group = www
+listen.mode = 0660
+listen = /var/run/php-fpm/php$PHP_VERSION-$id.sock
+pm = dynamic
+pm.max_children = 15
+pm.start_servers = 3
+pm.min_spare_servers = 3
+pm.max_spare_servers = 4
+pm.max_requests = 1000
+php_admin_value[session.save_path] = /var/lib/php/$id/session
+php_admin_value[opcache.file_cache]  = /var/lib/php/$id/opcache
+php_admin_value[upload_tmp_dir] = /var/lib/php/$id/tmp
+php_admin_value[error_log] = /var/log/php/$id/error.log
+slowlog = /var/log/php/dl/slow.log
+php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f php@{ $DomainName }
+php_admin_flag[display_errors] = off
+php_admin_flag[log_errors] = on
+php_admin_value[error_log] = syslog
+php_admin_value[memory_limit] = 128M
+php_admin_value[max_execution_time] = 60
+php_admin_value[post_max_size] = $max_upload_size
+php_admin_value[upload_max_filesize] = $max_upload_size
+php_admin_value[disable_functions] = system, show_source, symlink, exec, dl, shell_exec, passthru, phpinfo, escapeshellarg, escapeshellcmd
+php_admin_value[open_basedir] = /usr/share/dokuwiki:/var/lib/dokuwiki:/etc/dokuwiki:/dev/urandom
+php_admin_flag[allow_url_fopen] = on
+php_admin_flag[file_upload] = on
+php_admin_flag[session.cookie_httponly] = on
+php_admin_flag[allow_url_include] = off
+php_admin_value[session.save_handler] = files
+
+_EOF
+
+  }
+  else{
+    $OUT .= '; Dl is disabled';
+  }
+}
+}