add files src
This commit is contained in:
parent
ca654b51cf
commit
84dd5a1932
58
config/src/apache-proxy
Normal file
58
config/src/apache-proxy
Normal file
@ -0,0 +1,58 @@
|
|||||||
|
upstream apache {
|
||||||
|
server 127.0.0.1:33380;
|
||||||
|
keepalive 64;
|
||||||
|
}
|
||||||
|
|
||||||
|
server_tokens off;
|
||||||
|
|
||||||
|
limit_conn_zone $binary_remote_addr zone=perip:10m;
|
||||||
|
limit_conn_zone $server_name zone=perserver:10m;
|
||||||
|
|
||||||
|
client_body_buffer_size 16K;
|
||||||
|
client_header_buffer_size 4k;
|
||||||
|
client_max_body_size 1024M;
|
||||||
|
large_client_header_buffers 2 32k;
|
||||||
|
|
||||||
|
# intermediate configuration
|
||||||
|
ssl_protocols TLSv1.2 TLSv1.3;
|
||||||
|
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
||||||
|
#ssl_prefer_server_ciphers off;
|
||||||
|
|
||||||
|
ssl_session_cache shared:SSL:50m;
|
||||||
|
ssl_ecdh_curve secp384r1;
|
||||||
|
|
||||||
|
resolver 8.8.8.8;
|
||||||
|
|
||||||
|
#gzip on;
|
||||||
|
gzip_types text/plain application/json text/css application/javascript application/x-javascript text/javascript text/xml application/xml application/rss+xml application/atom+x$
|
||||||
|
gzip_min_length 1000;
|
||||||
|
gzip_proxied any;
|
||||||
|
|
||||||
|
add_header X-Frame-Options SAMEORIGIN;
|
||||||
|
add_header X-Content-Type-Options nosniff;
|
||||||
|
add_header X-XSS-Protection "1; mode=block";
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 80 default_server;
|
||||||
|
listen [::]:80 default_server;
|
||||||
|
listen 443 ssl http2;
|
||||||
|
listen [::]:443 ssl http2;
|
||||||
|
server_name localhost;
|
||||||
|
|
||||||
|
ssl_certificate /etc/nginx/ssl/cert.pem;
|
||||||
|
ssl_certificate_key /etc/nginx/ssl/key.pem;
|
||||||
|
|
||||||
|
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
|
||||||
|
|
||||||
|
limit_conn perip 128;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_redirect off;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Connection "";
|
||||||
|
proxy_pass http://apache/;
|
||||||
|
}
|
||||||
|
}
|
||||||
20
config/src/srv1cv83-ras@.service
Normal file
20
config/src/srv1cv83-ras@.service
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=1C:Enterprise Remote Administration Service (%I)
|
||||||
|
Requires=network.target
|
||||||
|
After=network.target remote-fs.target nss-lookup.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=simple
|
||||||
|
User=usr1cv8
|
||||||
|
Group=grp1cv8
|
||||||
|
|
||||||
|
ExecStart=/bin/sh -exc "exec /opt/1cv8/x86_64/%I/ras cluster --port=1545"
|
||||||
|
KillSignal=SIGINT
|
||||||
|
PrivateTmp=true
|
||||||
|
Restart=on-failure
|
||||||
|
RestartSec=5
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
DefaultInstance=current
|
||||||
|
WantedBy=multi-user.target
|
||||||
|
|
||||||
57
config/src/srv1cv83@.service
Normal file
57
config/src/srv1cv83@.service
Normal file
@ -0,0 +1,57 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=1C:Enterprise Server 8.3 (%I)
|
||||||
|
Requires=network.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=simple
|
||||||
|
User=usr1cv8
|
||||||
|
Group=grp1cv8
|
||||||
|
|
||||||
|
# Path to directory with claster data
|
||||||
|
Environment=SRV1CV8_DATA=/home/usr1cv8/.1cv8/1C/1cv8/
|
||||||
|
|
||||||
|
# Number of the cluster port created by default during first
|
||||||
|
# launch of ragent
|
||||||
|
Environment=SRV1CV8_PORT=1540
|
||||||
|
|
||||||
|
# Number of cluster agent main port. This port is used by the
|
||||||
|
# cluster console to address the central server. Cluster agent
|
||||||
|
# port is also specified as the IP port of the working server.
|
||||||
|
Environment=SRV1CV8_REGPORT=1541
|
||||||
|
|
||||||
|
# Port range for connection pool
|
||||||
|
Environment=SRV1CV8_RANGE=1560:1591
|
||||||
|
|
||||||
|
# Security level:
|
||||||
|
# 0 - unprotected connections
|
||||||
|
# 1 - protected connections only for the time of user
|
||||||
|
# authentication
|
||||||
|
# 2 - permanently protected connections
|
||||||
|
Environment=SRV1CV8_SECLEV=0
|
||||||
|
|
||||||
|
# 1C:Enterprise server configuration debug mode
|
||||||
|
# blank - default - debug mode is off
|
||||||
|
# -debug - debug mode is on
|
||||||
|
#
|
||||||
|
Environment=SRV1CV8_DEBUG=
|
||||||
|
|
||||||
|
# Check period for connection loss detector, milliseconds
|
||||||
|
Environment=SRV1CV8_PING_PERIOD=1000
|
||||||
|
|
||||||
|
# Response timeout for connection loss detector, milliseconds
|
||||||
|
Environment=SRV1CV8_PING_TIMEOUT=5000
|
||||||
|
|
||||||
|
# 1C:Enterprise server keytab file.
|
||||||
|
# default - usr1cv83.keytab file in 1C:Enterprise server
|
||||||
|
# installation directory
|
||||||
|
Environment=KRB5_KTNAME=/opt/1cv8/x86_64/%I/usr1cv8.keytab
|
||||||
|
|
||||||
|
ExecStart=/bin/sh -c "/opt/1cv8/x86_64/%I/ragent -d ${SRV1CV8_DATA} -port ${SRV1CV8_PORT} -regport ${SRV1CV8_REGPORT} -range ${SRV1CV8_RANGE} \
|
||||||
|
-seclev ${SRV1CV8_SECLEV} -pingPeriod ${SRV1CV8_PING_PERIOD} -pingTimeout ${SRV1CV8_PING_TIMEOUT} ${SRV1CV8_DEBUG}"
|
||||||
|
Restart=always
|
||||||
|
RestartSec=5
|
||||||
|
PrivateTmp=no
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
DefaultInstance=current
|
||||||
|
WantedBy=multi-user.target
|
||||||
Loading…
Reference in New Issue
Block a user