Merge branch 'master' of http://git.lattuga.net/torn/cable-service

Signal-Server.sh

@@ -4,7 +4,7 @@
 #
 # (torn, 2017-01-19)
 
-jar="/home/cable/Signal-Server/target/TextSecureServer-1.21.jar"
+jar="/home/cable/Signal-Server/target/TextSecureServer-1.22+1.jar"
 conf="/home/cable/Signal-Server/config/production.yml"
 
 /bin/java -jar "$jar" server "$conf"

cable.conf

@@ -15,16 +15,39 @@
 	SSLCertificateFile /home/cable/certificati/whisper.crt
 	SSLCertificateKeyFile /home/cable/certificati/whisper.key
 	Include /etc/letsencrypt/options-ssl-apache.conf
-	#SSLCertificateChainFile /home/cable/certificati/whisper.crt
+	#SSLCACertificateFile /home/cable/certificati/rootCA.crt
+
+	# Doesn't make sense for self-signed certificates:
+	SSLUseStapling Off
 
 	# Per proxare websocket (ws://) serve questa roba:
-	#
 	# https://httpd.apache.org/docs/2.4/mod/mod_proxy_wstunnel.html
+	#
+	# Con ProxyPass non sono riuscito a fare il proxy http+websocket.
+	# Ho provato con solo "ProxyPass ws://127.0.0.1:4242/" e anche
+	# mettendo un ProxyPass per http:// e uno per ws://, non va.
+	# Alla fine ho trovato la soluzione usando mod_rewrite leggendo
+	# di gente che ha avuto lo stesso problema (con altri software):
+	#
+	# https://stackoverflow.com/questions/27526281/websockets-and-apache-proxy-how-to-configure-mod-proxy-wstunnel
+	#
+	# Forse non ottimale, ma comunque in produzione lo farei con nginx...
 
-	ProxyVia On
-	ProxyPreserveHost On
-	ProxyPass / ws://127.0.0.1:4242/
-	ProxyPassReverse / ws://127.0.0.1:4242/
+	RewriteEngine On
+	RewriteCond %{HTTP:Upgrade} =websocket [NC]
+	RewriteRule /(.*)           ws://127.0.0.1:4242/$1 [P,L]
+	RewriteCond %{HTTP:Upgrade} !=websocket [NC]
+	RewriteRule /(.*)           http://127.0.0.1:4242/$1 [P,L]
+
+	ProxyPassReverse / http://127.0.0.1:4242/
+
+	CustomLog "/var/log/httpd/cable/cable-service.cable.im.access.log" combined
+	ErrorLog "/var/log/httpd/cable/cable-service.cable.im.error.log"
+	LogLevel warn
+
+	# Production:
+	#CustomLog "/dev/null"
+	#ErrorLog "/dev/null"
 </VirtualHost>
 
 
@@ -47,6 +70,14 @@
 	ProxyPreserveHost On
 	ProxyPass / http://127.0.0.1:4242/
 	ProxyPassReverse / http://127.0.0.1:4242/
+
+	CustomLog "/var/log/httpd/cable/cable-service-ca.cable.im.access.log" combined
+	ErrorLog "/var/log/httpd/cable/cable-service-ca.cable.im.error.log"
+	LogLevel warn
+
+	# Production:
+	#CustomLog "/dev/null"
+	#ErrorLog "/dev/null"
 </VirtualHost>
 
 
@@ -83,6 +114,14 @@
 		Order allow,deny
 		Allow from all
 	</Proxy>
+
+	CustomLog "/var/log/httpd/cable/giphy-proxy.cable.im.access.log" combined
+	ErrorLog "/var/log/httpd/cable/giphy-proxy.cable.im.error.log"
+	LogLevel warn
+
+	# Production:
+	#CustomLog "/dev/null"
+	#ErrorLog "/dev/null"
 </VirtualHost>
 
 
@@ -99,7 +138,7 @@
 
 	DocumentRoot "/var/www/adminer/"
 
-	<Directory />
+	<Directory /var/www/adminer/>
 		AuthType Basic
 		AuthUserFile "/var/www/adminer/.htpasswd"
 		AuthName "Adminer"
@@ -111,5 +150,35 @@
 		Order deny,allow
 		Deny from all
 	</Files>
+
+	CustomLog "/var/log/httpd/cable/db.cable.im.access.log" combined
+	ErrorLog "/var/log/httpd/cable/db.cable.im.error.log"
+	LogLevel warn
+</VirtualHost>
+
+
+### Minio
+
+<VirtualHost *:443>
+	ServerName s3.cable.im
+	SSLEngine On
+
+	SSLCertificateFile /etc/letsencrypt/live/s3.cable.im/cert.pem
+	SSLCertificateKeyFile /etc/letsencrypt/live/s3.cable.im/privkey.pem
+	Include /etc/letsencrypt/options-ssl-apache.conf
+	SSLCertificateChainFile /etc/letsencrypt/live/s3.cable.im/chain.pem
+
+	ProxyVia On
+	ProxyPreserveHost On
+	ProxyPass / http://127.0.0.1:9000/
+	ProxyPassReverse / http://127.0.0.1:9000/
+
+	CustomLog "/var/log/httpd/cable/s3.cable.im.access.log" combined
+	ErrorLog "/var/log/httpd/cable/s3.cable.im.error.log"
+	LogLevel warn
+
+	# Production:
+	#CustomLog "/dev/null"
+	#ErrorLog "/dev/null"
 </VirtualHost>
 

minio.env

@@ -0,0 +1,8 @@
+# Local export path.
+MINIO_VOLUMES="/home/cable/minio/buckets/"
+
+# Options
+MINIO_OPTS="-C /home/cable/minio/conf/ --address 127.0.0.1:9000 --quiet"
+
+MINIO_BROWSER=off
+

minio.service

@@ -0,0 +1,40 @@
+[Unit]
+Description=Minio
+Documentation=https://docs.minio.io
+Wants=network-online.target
+After=network-online.target
+
+[Service]
+WorkingDirectory=/home/cable/minio/
+
+EnvironmentFile=-/home/cable/minio/minio.env
+ExecStartPre=/bin/bash -c "[ -n \"${MINIO_VOLUMES}\" ] || echo \"Variable MINIO_VOLUMES\""
+ExecStart=/home/cable/minio/minio server $MINIO_OPTS $MINIO_VOLUMES
+
+User=cable
+Group=cable
+PermissionsStartOnly=true
+
+StandardOutput=journal
+StandardError=inherit
+
+# Specifies the maximum file descriptor number that can be opened by this process
+LimitNOFILE=65536
+
+# Disable timeout logic and wait until process is stopped
+TimeoutStopSec=0
+
+# SIGTERM signal is used to stop Minio
+KillSignal=SIGTERM
+
+SendSIGKILL=no
+
+SuccessExitStatus=0
+
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
+
+# Built for ${project.name}-${project.version} (${project.name})
+

noise2cable.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
 
 ### Change the applicationId (i.d., rename the app)
 
@@ -65,7 +65,7 @@ sed -i 's/"org\.thoughtcrime\.securesms"/"im.cable.cableim"/' \
 	res/xml/syncadapter.xml
 
 
-### Change the giphy api key.
+### Change the giphy api key and proxy address
 
 # Let's use the public beta key for now
 # See: https://github.com/Giphy/GiphyAPI
@@ -74,3 +74,14 @@ sed -i 's/3o6ZsYH6U6Eri53TXy/dc6zaTOxFJmzC/' \
 	src/org/thoughtcrime/securesms/giph/net/GiphyGifLoader.java \
 	src/org/thoughtcrime/securesms/giph/net/GiphyStickerLoader.java
 
+sed -i '/GIPHY_PROXY_HOST/ s/giphy-proxy-production\.whispersystems\.org/giphy-proxy.cable.im/' build.gradle 
+
+
+### Change the logo appearance
+
+mogrify -modulate 100,70,50 \
+	artwork/logo-*.png \
+	res/*/icon.png \
+	res/*/icon_dialog.png \
+	res/*/lockscreen_watermark_*.png
+