From 84dd5a1932e631bf521547ff15b37bd6f5a0ac36 Mon Sep 17 00:00:00 2001
From: Dmitry <b4tm4n@mail.ru>
Date: Mon, 8 May 2023 19:51:12 +0300
Subject: [PATCH] add files src

---
 config/src/apache-proxy          | 58 ++++++++++++++++++++++++++++++++
 config/src/srv1cv83-ras@.service | 20 +++++++++++
 config/src/srv1cv83@.service     | 57 +++++++++++++++++++++++++++++++
 3 files changed, 135 insertions(+)
 create mode 100644 config/src/apache-proxy
 create mode 100644 config/src/srv1cv83-ras@.service
 create mode 100644 config/src/srv1cv83@.service

diff --git a/config/src/apache-proxy b/config/src/apache-proxy
new file mode 100644
index 0000000..83d9833
--- /dev/null
+++ b/config/src/apache-proxy
@@ -0,0 +1,58 @@
+upstream apache {
+    server 127.0.0.1:33380;
+    keepalive 64;
+}
+
+server_tokens off;
+
+limit_conn_zone $binary_remote_addr zone=perip:10m;
+limit_conn_zone $server_name zone=perserver:10m;
+
+client_body_buffer_size  16K;
+client_header_buffer_size 4k;
+client_max_body_size 1024M;
+large_client_header_buffers 2 32k;
+
+# intermediate configuration
+ssl_protocols TLSv1.2 TLSv1.3;
+ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+#ssl_prefer_server_ciphers off;
+
+ssl_session_cache shared:SSL:50m;
+ssl_ecdh_curve secp384r1;
+
+resolver 8.8.8.8;
+
+#gzip on;
+gzip_types text/plain application/json text/css application/javascript application/x-javascript text/javascript text/xml application/xml application/rss+xml application/atom+x$
+gzip_min_length 1000;
+gzip_proxied any;
+
+add_header X-Frame-Options SAMEORIGIN;
+add_header X-Content-Type-Options nosniff;
+add_header X-XSS-Protection "1; mode=block";
+
+server {
+    listen       80 default_server;
+    listen       [::]:80 default_server;
+    listen       443 ssl http2;
+    listen       [::]:443 ssl http2;
+    server_name  localhost;
+    
+    ssl_certificate      /etc/nginx/ssl/cert.pem;
+    ssl_certificate_key  /etc/nginx/ssl/key.pem;
+    
+    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
+    
+    limit_conn perip 128;
+    
+    location / {
+        proxy_redirect          off;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        Host $host;
+        proxy_http_version      1.1;
+        proxy_set_header        Connection "";
+        proxy_pass              http://apache/;
+    }
+}
diff --git a/config/src/srv1cv83-ras@.service b/config/src/srv1cv83-ras@.service
new file mode 100644
index 0000000..5d35a08
--- /dev/null
+++ b/config/src/srv1cv83-ras@.service
@@ -0,0 +1,20 @@
+[Unit]
+Description=1C:Enterprise Remote Administration Service (%I)
+Requires=network.target
+After=network.target remote-fs.target nss-lookup.target
+
+[Service]
+Type=simple
+User=usr1cv8
+Group=grp1cv8
+
+ExecStart=/bin/sh -exc "exec /opt/1cv8/x86_64/%I/ras cluster --port=1545"
+KillSignal=SIGINT
+PrivateTmp=true
+Restart=on-failure
+RestartSec=5
+
+[Install]
+DefaultInstance=current
+WantedBy=multi-user.target
+
diff --git a/config/src/srv1cv83@.service b/config/src/srv1cv83@.service
new file mode 100644
index 0000000..0c32e69
--- /dev/null
+++ b/config/src/srv1cv83@.service
@@ -0,0 +1,57 @@
+[Unit]
+Description=1C:Enterprise Server 8.3 (%I)
+Requires=network.target
+
+[Service]
+Type=simple
+User=usr1cv8
+Group=grp1cv8
+
+# Path to directory with claster data
+Environment=SRV1CV8_DATA=/home/usr1cv8/.1cv8/1C/1cv8/
+
+# Number of the cluster port created by default during first
+# launch of ragent
+Environment=SRV1CV8_PORT=1540
+
+# Number of cluster agent main port. This port is used by the
+# cluster console to address the central server. Cluster agent
+# port is also specified as the IP port of the working server.
+Environment=SRV1CV8_REGPORT=1541
+
+# Port range for connection pool
+Environment=SRV1CV8_RANGE=1560:1591
+
+# Security level:
+# 0 - unprotected connections
+# 1 - protected connections only for the time of user
+#    authentication
+# 2 - permanently protected connections
+Environment=SRV1CV8_SECLEV=0
+
+# 1C:Enterprise server configuration debug mode
+# blank - default - debug mode is off
+# -debug - debug mode is on
+#
+Environment=SRV1CV8_DEBUG=
+
+# Check period for connection loss detector, milliseconds
+Environment=SRV1CV8_PING_PERIOD=1000
+
+# Response timeout for connection loss detector, milliseconds
+Environment=SRV1CV8_PING_TIMEOUT=5000
+
+# 1C:Enterprise server keytab file.
+# default - usr1cv83.keytab file in 1C:Enterprise server
+#          installation directory
+Environment=KRB5_KTNAME=/opt/1cv8/x86_64/%I/usr1cv8.keytab
+
+ExecStart=/bin/sh -c "/opt/1cv8/x86_64/%I/ragent -d ${SRV1CV8_DATA} -port ${SRV1CV8_PORT} -regport ${SRV1CV8_REGPORT} -range ${SRV1CV8_RANGE} \
+-seclev ${SRV1CV8_SECLEV} -pingPeriod ${SRV1CV8_PING_PERIOD} -pingTimeout ${SRV1CV8_PING_TIMEOUT} ${SRV1CV8_DEBUG}"
+Restart=always
+RestartSec=5
+PrivateTmp=no
+
+[Install]
+DefaultInstance=current
+WantedBy=multi-user.target
\ No newline at end of file