Attempt to source my previous template in this template.

2023-01-28 09:11:51 +00:00 · 2023-01-28 09:11:51 +00:00 · 3e85e215c9
commit 3e85e215c9
parent 9ed350de5c
2 changed files with 43 additions and 18 deletions
--- a/28
+++ b/28
@ -1,22 +1,14 @@
+INCLUDE https://github.com/s-daveb/ip6jail.template.git

-ARG SSH_PORT
+CMD mkdir -pv /usr/local/etc/bastille 2> /dev/null
+CMD mkdir -pv /usr/local/etc/lighttpd/ssl 2> /dev/null
+CMD mkdir -pv  /usr/local/www/data 2> /dev/null

-CP root /
-CP etc /
+PKG lighthttpd

-RENDER /etc/rc.conf.local
-RENDER /etc/ssh/sshd_config
+SYSRC lighttpd_enable=\"YES\"
+SYSRC lighttpd_instances=\"proxy\"
+SYSRC lighttpd_proxy_conf=\"/usr/local/etc/lighttpd-proxy.conf\"
+SYSRC lighttpd_proxy_pidfile=\"/var/run/http-proxy.pid\"

-
-CMD ssh-keygen -A
-SERVICE routing stop
-SERVICE netif restart
-SERVICE routing restart
-
-PKG bootstrap
-
-SERVICE sshd restart
-
-PKG git vim mosh 
-
-CMD ifconfig vnet0 | grep inet6
+SERVICE lighttpd restart
--- a/etc/lighttpd-proxy.conf
+++ b/etc/lighttpd-proxy.conf
@ -0,0 +1,33 @@
+
+server.modules = ("mod_proxy", "mod_openssl", "mod_setenv", "mod_redirect")
+
+server.bind = "[::]"
+server.name = "${FQDN}"
+
+server.v4mapped = "disable"
+server.use-ipv6 = "enable"
+
+server.core-files = "disable"
+server.document-root = "/usr/local/www" + "/data"
+server.tag = "lighttpd"
+
+server.pid-file = "/var/run/http-proxy.pid"
+
+$SERVER["socket"] == "[::]:443" {
+	ssl.engine = "enable"
+	ssl.pemfile = "/usr/local/etc/lighttpd/ssl/web.pem"
+	ssl.ca-file = "/usr/local/etc/lighttpd/ssl/chain.pem"
+}
+
+$HTTP["scheme"] == "http" {
+	url.redirect-code = 307
+	url.redirect = ("/(.*)" => "https://gitea.beniquez.me/$1")
+}
+
+$HTTP["host"] == "${FQDN}" {
+    server.errorlog =  "/var/log/lighttpd/proxy.error.log"
+    proxy.server = ( 
+		"" => (( "host" => "127.0.0.1",
+			 "port" => 8080 ))
+    ) 
+}