Various alterations, deletions and additions after running my idlers successfully without path on non-Yunohost
This commit is contained in:
Boudewijn
parent
2657cc1e48
commit
eeb0102d9a
5 changed files with 22 additions and 68 deletions
|
|
@ -1,10 +1,10 @@
|
|||
APP_NAME=Lychee
|
||||
APP_NAME=My Idlers
|
||||
APP_ENV=production
|
||||
APP_KEY=
|
||||
APP_DEBUG=false
|
||||
APP_URL=https://__DOMAIN__
|
||||
#APP_FORCE_HTTPS=false
|
||||
APP_DIR=__PATH__/
|
||||
#APP_DIR=__PATH__/
|
||||
|
||||
|
||||
# DB_CONNECTION can be sqlite, mysql or pgsql. For sqlite the other entries are
|
||||
|
|
|
|||
|
|
@ -1,23 +1,24 @@
|
|||
#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
|
||||
location __PATH__/ {
|
||||
# I'm unable to get it to work in a subdir; disable for now
|
||||
#rewrite ^/__PATH__$ /__PATH__/ permanent;
|
||||
|
||||
# Path to source
|
||||
alias __INSTALL_DIR__/;
|
||||
location / {
|
||||
#alias /var/www/__APP__/public/;
|
||||
alias __INSTALL_DIR__/public/;
|
||||
|
||||
index index.php;
|
||||
client_max_body_size 256M;
|
||||
|
||||
try_files $uri $uri/ __PATH__/index.php;
|
||||
|
||||
#Laravel: append $query_string
|
||||
try_files $uri $uri/ /index.php?$query_string;
|
||||
|
||||
location ~ [^/]\.php(/|$) {
|
||||
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
fastcgi_pass unix:/var/run/php/php__PHP_VERSION__-fpm-__APP__.sock;
|
||||
|
||||
fastcgi_index index.php;
|
||||
include fastcgi_params;
|
||||
fastcgi_param REMOTE_USER $remote_user;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
fastcgi_param SCRIPT_FILENAME $request_filename;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_pass_header Authorization;
|
||||
}
|
||||
|
||||
|
|
@ -25,6 +26,6 @@ location __PATH__/ {
|
|||
include conf.d/yunohost_panel.conf.inc;
|
||||
}
|
||||
|
||||
location __PATH__/api/ {
|
||||
try_files $uri $uri/ __PATH__/api/index.php;
|
||||
}
|
||||
location /api/ {
|
||||
try_files $uri $uri/ /api/index.php?$query_string;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,49 +0,0 @@
|
|||
[Unit]
|
||||
Description=Run my idlers via laravel/artisan
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
User=__APP__
|
||||
Group=__APP__
|
||||
WorkingDirectory=__INSTALL_DIR__/
|
||||
ExecStart=__INSTALL_DIR__/script
|
||||
StandardOutput=append:/var/log/__APP__/__APP__.log
|
||||
StandardError=inherit
|
||||
|
||||
### Depending on specificities of your service/app, you may need to tweak these
|
||||
### .. but this should be a good baseline
|
||||
# Sandboxing options to harden security
|
||||
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
|
||||
NoNewPrivileges=yes
|
||||
PrivateTmp=yes
|
||||
PrivateDevices=yes
|
||||
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
|
||||
RestrictNamespaces=yes
|
||||
RestrictRealtime=yes
|
||||
DevicePolicy=closed
|
||||
ProtectClock=yes
|
||||
ProtectHostname=yes
|
||||
ProtectProc=invisible
|
||||
ProtectSystem=full
|
||||
ProtectControlGroups=yes
|
||||
ProtectKernelModules=yes
|
||||
ProtectKernelTunables=yes
|
||||
LockPersonality=yes
|
||||
SystemCallArchitectures=native
|
||||
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged
|
||||
|
||||
# Denying access to capabilities that should not be relevant for webapps
|
||||
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
|
||||
CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
|
||||
CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
|
||||
CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
|
||||
CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
|
||||
CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
|
||||
CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
|
||||
CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
|
||||
CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
|
||||
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
|
@ -36,13 +36,14 @@ ram.runtime = "100M"
|
|||
[install.domain]
|
||||
type = "domain"
|
||||
|
||||
[install.path]
|
||||
type = "path"
|
||||
default = "/idlers"
|
||||
# unable to get this to work, disable for now
|
||||
# [install.path]
|
||||
# type = "path"
|
||||
# default = "/idlers"
|
||||
|
||||
[install.init_main_permission]
|
||||
type = "group"
|
||||
default = "visitors"
|
||||
default = "all_users"
|
||||
|
||||
# for now no credentials configured, make it install first
|
||||
# [install.admin]
|
||||
|
|
|
|||
|
|
@ -4,3 +4,4 @@
|
|||
# COMMON VARIABLES AND CUSTOM HELPERS
|
||||
#=================================================
|
||||
composer_version="2.5.5"
|
||||
php_version="8.3"
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue