Date: Friday, July 9, 2021 @ 18:45:09 Author: arojas Revision: 976275
archrelease: copy trunk to community-staging-x86_64 Added: hiawatha/repos/community-staging-x86_64/ hiawatha/repos/community-staging-x86_64/PKGBUILD (from rev 976274, hiawatha/trunk/PKGBUILD) hiawatha/repos/community-staging-x86_64/hiawatha.conf.sample (from rev 976274, hiawatha/trunk/hiawatha.conf.sample) hiawatha/repos/community-staging-x86_64/hiawatha.service (from rev 976274, hiawatha/trunk/hiawatha.service) hiawatha/repos/community-staging-x86_64/lefh-renew.service (from rev 976274, hiawatha/trunk/lefh-renew.service) hiawatha/repos/community-staging-x86_64/lefh-renew.timer (from rev 976274, hiawatha/trunk/lefh-renew.timer) ----------------------+ PKGBUILD | 98 ++++++++++++++++++++++++++++++++++++++++++ hiawatha.conf.sample | 114 +++++++++++++++++++++++++++++++++++++++++++++++++ hiawatha.service | 16 ++++++ lefh-renew.service | 9 +++ lefh-renew.timer | 11 ++++ 5 files changed, 248 insertions(+) Copied: hiawatha/repos/community-staging-x86_64/PKGBUILD (from rev 976274, hiawatha/trunk/PKGBUILD) =================================================================== --- community-staging-x86_64/PKGBUILD (rev 0) +++ community-staging-x86_64/PKGBUILD 2021-07-09 18:45:09 UTC (rev 976275) @@ -0,0 +1,98 @@ +# Maintainer: Kyle Keen <keen...@gmail.com> +# Contributor: Kurt Marasco <celilo _at_ lavabit _dot_ com> +# Contributor: Pascal Ernster <aur at hardfalcon dot net> +# Contributor: Kewl <kewl at alto dot eu dot org> + +pkgname=hiawatha +pkgver=10.12 +pkgrel=1 +pkgdesc="Secure and advanced webserver" +url="https://www.hiawatha-webserver.org/" +arch=('x86_64') +license=('GPL2') +depends=('libxslt' 'mbedtls' 'libxcrypt') +optdepends=('php-fpm: PHP fastcgi' + 'php: letsencrypt/lefh') +makedepends=('cmake') +backup=('etc/hiawatha/hiawatha.conf' + 'etc/hiawatha/cgi-wrapper.conf' + 'etc/hiawatha/mimetype.conf') +source=("https://www.hiawatha-webserver.org/files/$pkgname-$pkgver.tar.gz" + 'hiawatha.conf.sample' + 'hiawatha.service' + 'lefh-renew.service' + 'lefh-renew.timer') +sha256sums=('61bf41146c51244769984135529fcffd0f6cb92be18dc12d460effc42f19f50d' + '4671d2586cbe3cd6497b16ff422c6143cdab40641ef3c9c4988c478351a8f5e7' + 'b5a2671703b52eec376cfc4697b86aafa4f7fdd9b2b9203798e2117770bafa53' + 'db1d647d86370583c24ae7a37feab78e3f0015d441ff5bc8f9b32e1a91ec4c8e' + 'd12c5a68c293f66d95ae4df704ea349adbad972fb25475ab1a0a24fb42bfc70b') + +prepare() { + cd "$srcdir/$pkgname-$pkgver" + sed -i 's/www-data/http/g' extra/logrotate.in + + # Update stock hiawatha.conf + sed -e 's|#ServerId = www-data|ServerId = http|' \ + -e 's|/var/www/|/srv/http/|g' \ + -e 's|//|/|g' \ + -e 's|#CGIextension = cgi|&\n#TriggerOnCGIstatus = no|g' \ + -e 's|ConnectTo = 127.0.0.1:2005|ConnectTo = 127.0.0.1:9000|g' \ + -e 's|# Extension = php|&\n# SessionTimeout = 30|g' \ + -e 's|#ErrorHandler = 404:/error.cgi|&\n#UseGZfile = yes|g' \ + -i config/hiawatha.conf.in + + sed -e 's|/etc/init.d/hiawatha restart|systemctl restart hiawatha.service|' \ + -i extra/letsencrypt/letsencrypt.conf.in +} + +build() { + cd "$srcdir/$pkgname-$pkgver" + mkdir -p build + cd build + + cmake ../ -DCMAKE_INSTALL_PREFIX="/" \ + -DCMAKE_INSTALL_BINDIR="/usr/bin" \ + -DCMAKE_INSTALL_SBINDIR="/usr/bin" \ + -DCMAKE_INSTALL_SYSCONFDIR="/etc/hiawatha" \ + -DCMAKE_INSTALL_LIBDIR="/usr/lib" \ + -DCMAKE_INSTALL_MANDIR="/usr/share/man" \ + -DCONFIG_DIR="/etc/hiawatha" \ + -DLOG_DIR="/var/log/hiawatha" \ + -DPID_DIR="/run" \ + -DENABLE_TLS=ON \ + -DUSE_SYSTEM_MBEDTLS=ON \ + -DENABLE_MONITOR=ON \ + -DWEBROOT_DIR="/srv/http/hiawatha" \ + -DWORK_DIR="/var/lib/hiawatha" + + make + + # Features enabled by default + # -DENABLE_CACHE + # -DENABLE_IPV6 + # -DENABLE_RPROXY + # -DENABLE_TOOLKIT + # -DENABLE_XSLT + + # Features disabled by default + # -DENABLE_DEBUG + # -DENABLE_TOMAHAWK +} + +package() { + cd "$srcdir/$pkgname-$pkgver/build" + make DESTDIR="$pkgdir/" install + + rmdir "$pkgdir/run" + rm "$pkgdir/srv/http/hiawatha/index.html" + rmdir -p --ignore-fail-on-non-empty "$pkgdir/srv/http/hiawatha" + + install -Dm644 logrotate.d/hiawatha "$pkgdir/etc/logrotate.d/hiawatha" + cd "$srcdir" + install -Dm644 hiawatha.service "$pkgdir/usr/lib/systemd/system/hiawatha.service" + install -Dm644 lefh-renew.service "$pkgdir/usr/lib/systemd/system/lefh-renew.service" + install -Dm644 lefh-renew.timer "$pkgdir/usr/lib/systemd/system/lefh-renew.timer" + install -Dm644 hiawatha.conf.sample "$pkgdir/etc/hiawatha/" +} + Copied: hiawatha/repos/community-staging-x86_64/hiawatha.conf.sample (from rev 976274, hiawatha/trunk/hiawatha.conf.sample) =================================================================== --- community-staging-x86_64/hiawatha.conf.sample (rev 0) +++ community-staging-x86_64/hiawatha.conf.sample 2021-07-09 18:45:09 UTC (rev 976275) @@ -0,0 +1,114 @@ +# Hiawatha main configuration file +# This is a basic sample configuration file that sets up a: +# 1) Default web site at /srv/http/hiawatha (Note: fast CGI is not active on default site) +# 2) Virtual host for phpmyadmin at /srv/http/phpMyAdmin +# note: you must install phpmyadmin, mysql, php-mcrypt, and php-cgi separately. Be sure that extensions +# mcrypt.so and mysql.so are enabled in your php.ini. +# Also add phpmyadmin to your hosts file +# 3) FastCGI server + + +# GENERAL SETTINGS +ServerId = http +ConnectionsTotal = 150 +ConnectionsPerIP = 10 +SystemLogfile = /var/log/hiawatha/system.log +GarbageLogfile = /var/log/hiawatha/garbage.log + + +# BINDING SETTINGS +# A binding is where a client can connect to. +# +Binding { + Port = 80 +} + + + +### The following fast CGI daemons require php-fpm using a UNIX socket and TCP port, respectively. +# ACTIVATE a FastCGI server for php (using UNIX socket) +FastCGIserver { + FastCGIid = PHP5 + ConnectTo = /run/php-fpm/php-fpm.sock + Extension = php + SessionTimeout = 30 +} + +# ACTIVATE a FastCGI server for php (using IP-address and TCP port) +#FastCGIserver { +# FastCGIid = PHP5 +# ConnectTo = 127.0.0.1:9000 +# Extension = php +# SessionTimeout = 30 +#} + + +# DEFAULT WEBSITE +# It is wise to use your IP address as the hostname of the default website +# and give it a blank webpage. By doing so, automated webscanners won't find +# your possible vulnerable website. +# +Hostname = 127.0.0.1 +WebsiteRoot = /srv/http/hiawatha +StartFile = index.html +AccessLogfile = /var/log/hiawatha/access.log +ErrorLogfile = /var/log/hiawatha/error.log +#ErrorHandler = 404:/error.cgi +UseXSLT = yes + + +# VIRTUAL HOSTS +VirtualHost { + + # If you set WebsiteRoot to /usr/share/webapps/phpMyAdmin you don't need followsymlinks + # I symlinked the phpMyAdmin folder to '/srv/http/phpMyAdmin' so that I can easily remember where it's located but + # still set 'WebsiteRoot' to the real source directory. You could point WebsiteRoot to the + # symlinked directory, but you will have to set 'FollowSymlinks = yes' for that to function properly + + #FollowSymlinks = yes + #WebsiteRoot = /srv/http/phpMyAdmin + WebsiteRoot = /usr/share/webapps/phpMyAdmin + Hostname = phpmyadmin + AccessLogfile = /var/log/hiawatha/phpmyadmin/access.log + ErrorLogfile = /var/log/hiawatha/phpmyadmin/error.log + StartFile = index.php + UseFastCGI = PHP5 + +} + +# Add some more + +#VirtualHost { +# Hostname = www.my-domain.com +# WebsiteRoot = /svr/http/my-domain/public +# StartFile = index.php +# AccessLogfile = /svr/http/my-domain/log/access.log +# ErrorLogfile = /svr/http/my-domain/log/error.log +# TimeForCGI = 5 +# UseFastCGI = PHP5 +# UseToolkit = banshee +#} + + +#Additional settings for monitoring + +UrlToolkit { + ToolkitID = banshee + RequestURI isfile Return + Match ^/(css|files|images|js)/ Return + Match ^/(favicon.ico|robots.txt|sitemap.xml)$ Return + Match .*\?(.*) Rewrite /index.php?$1 + Match .* Rewrite /index.php +} + +VirtualHost { + Hostname = monitor.domain.com + WebsiteRoot = /svr/http/monitor/public + AccessLogfile = /svr/http/monitor/logfiles/access.log + ErrorLogfile = /svr/http/monitor/logfiles/error.log + StartFile = index.php +# ExecuteCGI = yes + UseFastCGI = PHP5 # Use if you use PHP as a FastCGI daemon + TimeForCGI = 15 + UseToolkit = banshee +} Copied: hiawatha/repos/community-staging-x86_64/hiawatha.service (from rev 976274, hiawatha/trunk/hiawatha.service) =================================================================== --- community-staging-x86_64/hiawatha.service (rev 0) +++ community-staging-x86_64/hiawatha.service 2021-07-09 18:45:09 UTC (rev 976275) @@ -0,0 +1,16 @@ +[Unit] +Description=Hiawatha Web Server +After=network.target remote-fs.target nss-lookup.target + +[Service] +Type=simple +SyslogIdentifier=hiawatha +ExecStartPre=/usr/bin/wigwam +ExecStart=/usr/bin/hiawatha -d +TimeoutSec=10 +#(doesn't like this setting. Can't find files) PrivateTmp=true +LimitNOFILE=infinity +CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER CAP_FSETID CAP_SETGID CAP_SETUID + +[Install] +WantedBy=multi-user.target Copied: hiawatha/repos/community-staging-x86_64/lefh-renew.service (from rev 976274, hiawatha/trunk/lefh-renew.service) =================================================================== --- community-staging-x86_64/lefh-renew.service (rev 0) +++ community-staging-x86_64/lefh-renew.service 2021-07-09 18:45:09 UTC (rev 976275) @@ -0,0 +1,9 @@ +[Unit] +Description=Renew Let's Encrypt certificates for Hiawatha +Wants=network-online.target +After=network-online.target + +[Service] +Environment=HOME=%h +Type=oneshot +ExecStart=/usr/bin/lefh renew restart Copied: hiawatha/repos/community-staging-x86_64/lefh-renew.timer (from rev 976274, hiawatha/trunk/lefh-renew.timer) =================================================================== --- community-staging-x86_64/lefh-renew.timer (rev 0) +++ community-staging-x86_64/lefh-renew.timer 2021-07-09 18:45:09 UTC (rev 976275) @@ -0,0 +1,11 @@ +[Unit] +Description=Daily renewal of Let's Encrypt's certificates + +[Timer] +OnCalendar=daily +# Be kind to the Let's Encrypt servers: add a random delay of 12 hours +RandomizedDelaySec=12h +Persistent=true + +[Install] +WantedBy=timers.target