## Machine virtuelle GESTION Cette machine est destinée à accueillir le logiciel de comptabilité et gestion des membres de l'association. ### Matériel virtuel CPU : 4 RAM : 3000 Mio Stockage de masse : 50 Gio ### Logiciel Système d'exploitation : Debian GNU/Linux-libre 11 (Bullseye) Noyau : Linux-libre LTS (`linux-libre-lts` des dépôts https://linux-libre.fsfla.org) Sécurités de la maintenance : `etckeeper`, `mollyguard`, `git`, `tig`, `screen` Compta et gestion des membres : `garradin` Mail Transfer Agent : `postfix` ### Caractéristiques notables Domaine : gestion.a-lec.org Adresse ipv4 publique : 80.67.179.96 Adresse ipv4 interne : 192.169.1.236 Adresse ipv6 publique : 2001:910:1360::1ab ### Configuration serveur web (nginx)
server { server_name coffre.a-lec.org; set_real_ip_from 192.169.1.1; real_ip_header proxy_protocol; # Allow large attachments client_max_body_size 128M; location / { proxy_pass http://127.0.0.1:8000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } location /notifications/hub { proxy_pass http://127.0.0.1:3012; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } location /notifications/hub/negotiate { proxy_pass http://127.0.0.1:8000; } listen 443 ssl http2 proxy_protocol; # managed by Certbot listen [::]:443 ssl http2; # managed by Certbot ssl_certificate /etc/letsencrypt/live/coffre.a-lec.org/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/coffre.a-lec.org/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } server { if ($host = coffre.a-lec.org) { return 302 https://$host$request_uri; } # managed by Certbot server_name coffre.a-lec.org; listen 80; return 404; # managed by Certbot } server { root /usr/share/garradin/www; # Remplacer par le chemin adéquat vers le dossier public de garradin (ici c'est le défaut du paquet Debian) server_name gestion.a-lec.org; # Remplacer par votre nom de domaine set_real_ip_from 192.169.1.1; real_ip_header proxy_protocol; location / { try_files $uri $uri/ /_route.php?$query_string; index index.php /_route.php; } location ~ \.php { try_files $uri $uri/ /_route.php?$query_string; include fastcgi.conf; #fastcgi_pass 127.0.0.1:9000; # Si vous utilisez PHP-FPM (ou autre) en mode TCP et non sur une socket fastcgi_pass unix:/var/run/php/php7.4-garradin.sock; # Si vous utilisez PHP-FPM en mode socket } listen 443 ssl proxy_protocol; # managed by Certbot listen [::]:443 ssl; ssl_certificate /etc/letsencrypt/live/gestion.a-lec.org/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/gestion.a-lec.org/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } server { if ($host = gestion.a-lec.org) { return 302 https://$host$request_uri; } # managed by Certbot listen 80; listen [::]:80; server_name gestion.a-lec.org; return 404; # managed by Certbot }