/deploy/config - Annotate - SoundSoftware Code Site

To check out this repository please hg clone the following URL, or open the URL using EasyMercurial or your preferred Mercurial client.

Mercurial

Statistics Download as Zip

root / deploy / config @ 1606:16325d2ab2dd

-:07deb8466f65
+            Chris
 # Apache config with SSL and admin auth stubbed in. You must provide
 # the key/cert and auth files.
 # Note this has been updated for Apache 2.4, which introduced a number
 # of (welcome) changes to access control directives.
 PerlLoadModule Apache::Authn::SoundSoftware
 <VirtualHost *:80>
         ServerName code.soundsoftware.ac.uk
         ServerAdmin chris.cannam@soundsoftware.ac.uk
         DocumentRoot /var/www/code/public
         PassengerRestartDir restart_files
         PassengerHighPerformance on
         PassengerMaxRequests 50000
         PassengerStatThrottleRate 5
 	PassengerFriendlyErrorPages off
         RailsSpawnMethod smart
         ExpiresDefault "access plus 1 minute"
         # Redirect all activity to secure site
         Redirect seeother / "https://code.soundsoftware.ac.uk/"
         <DirectoryMatch "^/.*/\.svn/">
                 Require all denied
         </DirectoryMatch>
         <DirectoryMatch "^/.*/\.hg/">
                 Require all denied
         </DirectoryMatch>
         <DirectoryMatch "^/.*/\.git/">
                 Require all denied
         </DirectoryMatch>
         <Directory /var/www/code/public>
                 Options -MultiViews
 	</Directory>
 	ErrorLog /var/log/apache2/code-error.log
 	CustomLog /var/log/apache2/code-access.log vhost_combined
         LogLevel warn
         ServerSignature Off
 </VirtualHost>
-:18643ab36008
+<VirtualHost *:443>
-:07deb8466f65
+        ServerName code.soundsoftware.ac.uk
         ServerAdmin chris.cannam@soundsoftware.ac.uk
-:18643ab36008
+        SSLEngine on
 	SSLCertificateFile /etc/apache2/certs/code.soundsoftware.ac.uk.crt
 	SSLCertificateKeyFile /etc/apache2/certs/code.soundsoftware.ac.uk.key
 	SSLCertificateChainFile /etc/apache2/certs/code.soundsoftware.ac.uk.ca-bundle
 	SSLVerifyClient none
 	SSLProtocol all -SSLv2 -SSLv3
 	SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
-:07deb8466f65
+        DocumentRoot /var/www/code/public
         PassengerRestartDir restart_files
         PassengerHighPerformance on
         PassengerMaxRequests 50000
         PassengerStatThrottleRate 5
 	PassengerStartTimeout 60
 	PassengerFriendlyErrorPages off
         RailsSpawnMethod smart
         ExpiresDefault "access plus 1 minute"
         <Location /sys>
 		AuthType Basic
 		AuthUserFile "/etc/apache2/auth/user.htpasswd"
 		AuthName "code.soundsoftware.ac.uk"
 		Require user user
 	</Location>
 	<Location /admin>
 		AuthType Digest
 		AuthUserFile "/etc/apache2/auth/admin.htdigest"
 		AuthName "code.soundsoftware.ac.uk admin interface"
 		Require user admin
 	</Location>
         <DirectoryMatch "^/.*/\.svn/">
                 Require all denied
         </DirectoryMatch>
         <DirectoryMatch "^/.*/\.hg/">
                 Require all denied
         </DirectoryMatch>
         <DirectoryMatch "^/.*/\.git/">
                 Require all denied
         </DirectoryMatch>
         <Directory /var/www/code/public>
                 Options -MultiViews
 	</Directory>
         <Directory /var/www/code/public/themes/soundsoftware/stylesheets/fonts>
 		# Avoid other sites embedding our fonts
 		RewriteEngine on
 		RewriteCond %{HTTP_REFERER} !^$
 		RewriteCond %{HTTP_REFERER} !^http(s)?://code.soundsoftware.ac.uk/.*$ [NC]
 		RewriteRule \.(ttf|woff|eot|otf|svg|zip|gz|html|txt)$ - [F]
 	</Directory>
 	ScriptAlias /hg "/var/hg/index.cgi"
 	<Location /hg>
                	AuthName "Mercurial"
                 AuthType Basic
                 Require valid-user
 		PerlAccessHandler Apache::Authn::SoundSoftware::access_handler
       		PerlAuthenHandler Apache::Authn::SoundSoftware::authen_handler
 		PerlSetVar HTTPS "on"
 		SoundSoftwareDSN "dbi:Pg:database=code;host=localhost"
     		SoundSoftwareDbUser "code"
      		SoundSoftwareDbPass "INSERT_DATABASE_PASSWORD_HERE"
 		SoundSoftwareRepoPrefix "/var/hg/"
                 SoundSoftwareSslRequired "on"
 		Options +ExecCGI
 		AddHandler cgi-script .cgi
 		ExpiresDefault now
         </Location>
 	Alias /git "/var/files/git-mirror"
 	<Directory "/var/files/git-mirror">
 		Options -Indexes +FollowSymLinks
                 Require all granted
 	</Directory>
 	<Directory ~ "/var/files/git-mirror/.*\.workdir">
                 Require all denied
 	</Directory>
 	<Directory ~ "/var/files/git-mirror/__.*">
                 Require all denied
 	</Directory>
 	ErrorLog /var/log/apache2/code-error.log
 	CustomLog /var/log/apache2/code-access.log vhost_combined
         LogLevel warn
         ServerSignature Off
 </VirtualHost>
-:ae2f71010562
+            Chris
 # A test Apache config. Lacks SSL, lacks a desirable extra layer of
 # authentication for admin interface paths. Do not deploy this.
-:83412a0a2389
+# Note this has been updated for Apache 2.4, which introduced a number
 # of (welcome) changes to access control directives.
-:ae2f71010562
+PerlLoadModule Apache::Authn::SoundSoftware
 <VirtualHost *:80>
         ServerName code.soundsoftware.ac.uk
         ServerAdmin chris.cannam@soundsoftware.ac.uk
         DocumentRoot /var/www/code/public
         PassengerRestartDir restart_files
         PassengerHighPerformance on
         PassengerMaxRequests 50000
         PassengerStatThrottleRate 5
 	PassengerStartTimeout 60
-:4c2b25b7e85f
+	PassengerFriendlyErrorPages on
-:ae2f71010562
+        RailsSpawnMethod smart
         ExpiresDefault "access plus 1 minute"
-:c18460da6620
+#        <Location /sys>
 #		AuthType Basic
 #		AuthUserFile "/etc/apache2/auth/user.htpasswd"
 #		AuthName "code.soundsoftware.ac.uk"
 #		Require user user
 #	</Location>
 #	<Location /admin>
 #		AuthType Digest
 #		AuthUserFile "/etc/apache2/auth/admin.htdigest"
 #		AuthName "code.soundsoftware.ac.uk admin interface"
 #		Require user admin
 #	</Location>
-:ae2f71010562
+        <DirectoryMatch "^/.*/\.svn/">
-:83412a0a2389
+                Require all denied
-:ae2f71010562
+        </DirectoryMatch>
         <DirectoryMatch "^/.*/\.hg/">
-:83412a0a2389
+                Require all denied
-:ae2f71010562
+        </DirectoryMatch>
         <DirectoryMatch "^/.*/\.git/">
-:83412a0a2389
+                Require all denied
-:ae2f71010562
+        </DirectoryMatch>
         <Directory /var/www/code/public>
                 Options -MultiViews
 	</Directory>
         <Directory /var/www/code/public/themes/soundsoftware/stylesheets/fonts>
 		# Avoid other sites embedding our fonts
 		RewriteEngine on
 		RewriteCond %{HTTP_REFERER} !^$
 		RewriteCond %{HTTP_REFERER} !^http(s)?://code.soundsoftware.ac.uk/.*$ [NC]
 		RewriteRule \.(ttf|woff|eot|otf|svg|zip|gz|html|txt)$ - [F]
 	</Directory>
 	ScriptAlias /hg "/var/hg/index.cgi"
 	<Location /hg>
                	AuthName "Mercurial"
                 AuthType Basic
                 Require valid-user
 		PerlAccessHandler Apache::Authn::SoundSoftware::access_handler
       		PerlAuthenHandler Apache::Authn::SoundSoftware::authen_handler
-:07deb8466f65
+		PerlSetVar HTTPS "off"
-:ae2f71010562
+		SoundSoftwareDSN "dbi:Pg:database=code;host=localhost"
     		SoundSoftwareDbUser "code"
-:83412a0a2389
+     		SoundSoftwareDbPass "INSERT_DATABASE_PASSWORD_HERE"
-:ae2f71010562
+		SoundSoftwareRepoPrefix "/var/hg/"
-:d1de6986e429
+                #!!! "on" in production please!:
                 SoundSoftwareSslRequired "off"
-:ae2f71010562
+		Options +ExecCGI
 		AddHandler cgi-script .cgi
 		ExpiresDefault now
         </Location>
 	Alias /git "/var/files/git-mirror"
 	<Directory "/var/files/git-mirror">
 		Options -Indexes +FollowSymLinks
-:83412a0a2389
+                Require all granted
-:ae2f71010562
+	</Directory>
 	<Directory ~ "/var/files/git-mirror/.*\.workdir">
-:83412a0a2389
+                Require all denied
-:ae2f71010562
+	</Directory>
 	<Directory ~ "/var/files/git-mirror/__.*">
-:83412a0a2389
+                Require all denied
-:ae2f71010562
+	</Directory>
 	ErrorLog /var/log/apache2/code-error.log
 	CustomLog /var/log/apache2/code-access.log vhost_combined
         LogLevel warn
         ServerSignature Off
 </VirtualHost>
-:d0d59d12db94
+#!/bin/sh
-:c18460da6620
+            Chris
-:d0d59d12db94
+outfile="/var/files/backups/postgres-dumpall-`date +%Y%m%d%H%M`"
-:c18460da6620
+            Chris
-:d0d59d12db94
+oldmask=`umask`
 umask 0277
-:c18460da6620
+            Chris
-:d0d59d12db94
+su postgres -c /usr/bin/pg_dumpall > "$outfile" && bzip2 "$outfile"
-:c18460da6620
+            Chris
-:d0d59d12db94
+umask "$oldmask"
 #!/bin/bash
-:c18460da6620
+            Chris
-:d0d59d12db94
+cd /tmp
-:c18460da6620
+            Chris
-:d0d59d12db94
+/var/www/code/docgen/extract-docs.sh
-:c18460da6620
+            Chris
-:d0d59d12db94
+#!/bin/bash
-:c18460da6620
+            Chris
-:d0d59d12db94
+sudo -u code sh -c "cd /var/www/code ; ./script/rails runner -e production extra/soundsoftware/get-statistics.rb >> log/statistics.log"
-:c18460da6620
+            Chris
-:d0d59d12db94
+#!/bin/bash
-:c18460da6620
+            Chris
-:d0d59d12db94
+tail -2 /var/log/external-repos.log
 #!/bin/bash
-:c18460da6620
+## No longer used - this site is now static
 # /usr/bin/wget -O - -q -t 1 http://www.soundsoftware.ac.uk/cron.php
-:d0d59d12db94
+#!/bin/bash
-:c18460da6620
+            Chris
-:d0d59d12db94
+sudo -u code sh -c "cd /var/www/code ; ./script/rails runner \"Repository.fetch_changesets\" -e production 2>&1 | grep -v 'Not trusting' | grep -v 'svn:' | grep -v 'working copy' | grep -v 'deprecated' | grep -v 'version_requirements'"
 exit 0
-:c18460da6620
+            Chris
-:d0d59d12db94
+#!/bin/bash
-:c18460da6620
+            Chris
-:d0d59d12db94
+sudo -H -u www-data /var/www/code/reposman/run-external.sh
-:c18460da6620
+            Chris
-:d0d59d12db94
+#!/bin/sh
-:c18460da6620
+            Chris
-:d0d59d12db94
+rm -f /var/www/code/tmp/cache/*/*/views*explore*
 #!/bin/bash
-:c18460da6620
+            Chris
-:d0d59d12db94
+logfile="/var/www/code/log/export-git.log"
-:c18460da6620
+            Chris
-:d0d59d12db94
+sudo -u code sh -c "cd /tmp ; /var/www/code/extra/soundsoftware/export-git.sh production /var/hg /var/files/git-mirror >> $logfile 2>&1"
-:c18460da6620
+            Chris
-:d0d59d12db94
+#!/bin/bash
-:c18460da6620
+            Chris
-:d0d59d12db94
+sudo -u www-data /var/www/code/reposman/run-reposman.sh
 #!/bin/sh
-:45b0571b684d
+cd /
-:d0d59d12db94
+for location in var/www etc/apache2 etc/cron.*; do
 	target="/var/files/backups/`echo $location | sed 's,/,_,g'`-`date +%Y%m%d%H%M`"
 	oldmask=`umask`
 	umask 0277
 	tar cjf "$target".tar.bz2 "$location"
 	umask "$oldmask"
 done
-:ae2f71010562
+production:
   adapter: postgresql
   database: code
   host: localhost
   username: code
-:83412a0a2389
+  password: "INSERT_DATABASE_PASSWORD_HERE"
-:ae2f71010562
+            Chris
-:d1de6986e429
+[paths]
 / = /var/hg/*
 [web]
 allow_archive = gz, zip, bz2
 allow_push = *
 #!/usr/bin/env python
+#
 # An example CGI script to export multiple hgweb repos, edit as necessary
 # adjust python path if not a system-wide install:
 #import sys
 #sys.path.insert(0, "/path/to/python/lib")
 # enable importing on demand to reduce startup time
 from mercurial import demandimport; demandimport.enable()
 # Uncomment to send python tracebacks to the browser if an error occurs:
 import cgitb
 cgitb.enable()
 # If you'd like to serve pages with UTF-8 instead of your default
 # locale charset, you can do so by uncommenting the following lines.
 # Note that this will cause your .hgrc files to be interpreted in
 # UTF-8 and all your repo files to be displayed using UTF-8.
+#
 import os
 os.environ["HGENCODING"] = "UTF-8"
 from mercurial.hgweb.hgwebdir_mod import hgwebdir
 import mercurial.hgweb.wsgicgi as wsgicgi
 # The config file looks like this.  You can have paths to individual
 # repos, collections of repos in a directory tree, or both.
+#
 # [paths]
 # virtual/path1 = /real/path1
 # virtual/path2 = /real/path2
 # virtual/root = /real/root/*
 # / = /real/root2/*
 # virtual/root2 = /real/root2/**
+#
 # [collections]
 # /prefix/to/strip/off = /root/of/tree/full/of/repos
+#
 # paths example:
+#
 # * First two lines mount one repository into one virtual path, like
 # '/real/path1' into 'virtual/path1'.
+#
 # * The third entry mounts every mercurial repository found in '/real/root'
 # in 'virtual/root'. This format is preferred over the [collections] one,
 # since using absolute paths as configuration keys is not supported on every
 # platform (especially on Windows).
+#
 # * The fourth entry is a special case mounting all repositories in
 # /'real/root2' in the root of the virtual directory.
+#
 # * The fifth entry recursively finds all repositories under the real root,
 # and mounts them using their relative path (to given real root) under the
 # virtual root.
+#
 # collections example: say directory tree /foo contains repos /foo/bar,
 # /foo/quux/baz.  Give this config section:
 #   [collections]
 #   /foo = /foo
 # Then repos will list as bar and quux/baz.
+#
 # Alternatively you can pass a list of ('virtual/path', '/real/path') tuples
 # or use a dictionary with entries like 'virtual/path': '/real/path'
 application = hgwebdir('hgweb.config')
 wsgicgi.launch(application)
-:d0d59d12db94
+# see "man logrotate" for details
 # rotate log files weekly
 weekly
-:c18460da6620
+# use the syslog group by default, since this is the owning group
 # of /var/log/syslog.
 su root syslog
-:d0d59d12db94
+# keep 4 weeks worth of backlogs
 rotate 4
 # create new (empty) log files after rotating old ones
 create
 # uncomment this if you want your log files compressed
 #compress
 # packages drop log rotation information into this directory
 include /etc/logrotate.d
 # no packages own wtmp, or btmp -- we'll rotate them here
 /var/log/wtmp {
     missingok
     monthly
     create 0664 root utmp
     rotate 1
+}
 /var/log/btmp {
     missingok
     monthly
     create 0660 root utmp
     rotate 1
+}
 # system-specific logs may be configured here
 /var/www/code/log/*.log {
 	weekly
 	missingok
 	rotate 52
 	compress
 	delaycompress
 	create 640 code code
 	sharedscripts
 	postrotate
 		touch /var/www/code/restart_files/restart.txt
 	endscript
+}
 /var/log/reposman.log {
         weekly
         missingok
         rotate 52
         compress
         delaycompress
         create 640 www-data code
         sharedscripts
+}
 /var/log/external-repos.log {
         weekly
         missingok
         rotate 52
         compress
         delaycompress
         create 640 www-data code
         sharedscripts
+}
-:4c2b25b7e85f
+PassengerMaxPoolSize 60
 LoadModule passenger_module /var/lib/gems/2.3.0/gems/passenger-4.0.60/buildout/apache2/mod_passenger.so
 PassengerRoot /var/lib/gems/2.3.0/gems/passenger-4.0.60
 PassengerDefaultRuby /usr/bin/ruby2.3
 # Apache::DBI is supposed to be a transparent replacement for Perl DBI with
 # better performance when multiple connections are made with common DSN, user
 # and password
 PerlModule Apache::DBI
-:c18460da6620
+#!/bin/bash
 logfile=/var/log/external-repos.log
+(
 flock -s 200
 echo >> $logfile
 date >> $logfile
 /var/www/code/reposman/convert-external-repos.rb \
 	-s /var/hg \
-:83412a0a2389
+	-r INSERT_API_SCHEME_HERE://INSERT_API_HOST_HERE/ \
-:c18460da6620
+	-k INSERT_API_KEY_HERE \
 	-v \
-:83412a0a2389
+	--http-user=INSERT_API_USER_HERE \
 	--http-pass=INSERT_API_PASSWORD_HERE \
-:c18460da6620
+        -c "/var/www/code/reposman/update-external-repo.sh" \
 	>> $logfile 2>&1
 date >> $logfile
 echo Done >> $logfile
 )200>>$logfile
 #!/bin/bash
 logfile=/var/log/reposman.log
+(
 flock -s 200
 echo >> $logfile
 /var/www/code/reposman/reposman-soundsoftware.rb \
 	-s /var/hg \
-:83412a0a2389
+	-r INSERT_API_SCHEME_HERE://INSERT_API_HOST_HERE/ \
-:c18460da6620
+	-k INSERT_API_KEY_HERE \
-:83412a0a2389
+	--http-user=INSERT_API_USER_HERE \
 	--http-pass=INSERT_API_PASSWORD_HERE \
-:c18460da6620
+	-o www-data \
 	-g code \
 	-c "/var/www/code/reposman/run-hginit.sh" \
 	--scm=Mercurial \
 	>> $logfile 2>&1
 )200>>$logfile
-:16325d2ab2dd
+<VirtualHost *:80>
         ServerName soundsoftware.ac.uk
 	ServerAlias www.soundsoftware.ac.uk
         ServerAdmin chris.cannam@eecs.qmul.ac.uk
         DocumentRoot /var/www/soundsoftware-static/soundsoftware.ac.uk
 	ErrorLog /var/log/apache2/soundsoftware-error.log
 	CustomLog /var/log/apache2/soundsoftware-access.log vhost_combined
 	<Directory /var/www/soundsoftware-static/soundsoftware.ac.uk>
 		RewriteEngine on
 		RewriteCond %{REQUEST_FILENAME} !-d
 		RewriteCond %{REQUEST_FILENAME}\.html -f
 		RewriteRule ^(.*)$ $1.html
 	</Directory>
 	<FilesMatch "^.*\.(install|inc)$">
 	     Order Deny,Allow
 	     deny from all
 	</FilesMatch>
         <DirectoryMatch "\.(hg|svn|git)">
                 Order allow,deny
                 Deny from all
                 Satisfy All
         </DirectoryMatch>
 	LogLevel warn
 	ServerSignature Off
 </VirtualHost>
 <VirtualHost *:443>
 	# We don't serve SSL: redirect to the code site
 	ServerName soundsoftware.ac.uk
         ServerAlias www.soundsoftware.ac.uk
         ServerAdmin chris.cannam@eecs.qmul.ac.uk
 	SSLEngine on
 	SSLCertificateFile /etc/apache2/certs/code.soundsoftware.ac.uk.crt
 	SSLCertificateKeyFile /etc/apache2/certs/code.soundsoftware.ac.uk.key
 	SSLCertificateChainFile /etc/apache2/certs/code.soundsoftware.ac.uk.ca-bundle
 	SSLVerifyClient none
 	SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
         DocumentRoot /var/www/soundsoftware-static/soundsoftware.ac.uk
 	Redirect permanent / https://code.soundsoftware.ac.uk/
         ErrorLog /var/log/apache2/code-error.log
         CustomLog /var/log/apache2/code-access.log vhost_combined
         LogLevel warn
         ServerSignature Off
 </VirtualHost>

SoundSoftware Project »

SoundSoftware Code Site

root / deploy / config @ 1606:16325d2ab2dd