2 files changed, 93 insertions, 0 deletions
diff --git a/data/kanboard/config.php b/data/kanboard/config.php
new file mode 100644
index 0000000..b8a8d69
--- /dev/null
+++ b/data/kanboard/config.php
@@ -0,0 +1,59 @@
+<?php
+// Data folder (must be writeable by the web server user and absolute)
+define('DATA_DIR', '/var/www/app/data');
+// Enable/Disable debug
+define('DEBUG', false);
+// Available log drivers: syslog, stderr, stdout, system or file
+define('LOG_DRIVER', 'system');
+// Plugins directory
+define('PLUGINS_DIR', __DIR__.DIRECTORY_SEPARATOR.'plugins');
+// Available cache drivers are "file" and "memory"
+define('CACHE_DRIVER', 'memory');
+// Enable/disable the reverse proxy authentication
+define('REVERSE_PROXY_AUTH', true);
+// Header name to use for the username
+define('REVERSE_PROXY_USER_HEADER', 'HTTP_REMOTE_USER');
+// Username of the admin, by default blank
+define('REVERSE_PROXY_DEFAULT_ADMIN', 'samadmin');
+// Header name to use for the user email
+define('REVERSE_PROXY_EMAIL_HEADER', 'HTTP_REMOTE_EMAIL');
+// Header name to use for the user full name
+define('REVERSE_PROXY_FULLNAME_HEADER', 'HTTP_REMOTE_NAME');
+// Default domain to use for setting the email address
+define('REVERSE_PROXY_DEFAULT_DOMAIN', 'chudnick.com');
+// Enable/disable remember me authentication
+define('REMEMBER_ME_AUTH', true);
+// Hide login form, useful if all your users use Google/Github/ReverseProxy authentication
+define('HIDE_LOGIN_FORM', true);
+// Disabling logout (useful for external SSO authentication)
+define('DISABLE_LOGOUT', true);
+// Enable captcha after 3 authentication failure
+define('BRUTEFORCE_CAPTCHA', 3);
+// Lock the account after 6 authentication failure
+define('BRUTEFORCE_LOCKDOWN', 6);
+// Lock account duration in minute
+define('BRUTEFORCE_LOCKDOWN_DURATION', 15);
+// Session duration in second (0 = until the browser is closed)
+// See http://php.net/manual/en/session.configuration.php#ini.session.cookie-lifetime
+define('SESSION_DURATION', 0);
+// Session handler: db or php
+define('SESSION_HANDLER', 'db');
diff --git a/data/kanboard/kanboard.conf.j2 b/data/kanboard/kanboard.conf.j2
new file mode 100644
index 0000000..a9746a6
--- /dev/null
+++ b/data/kanboard/kanboard.conf.j2
@@ -0,0 +1,34 @@
+server {
+        listen 443 ssl;
+        server_name {{ kanboard_server_name }};
+    ssl_certificate /etc/letsencrypt/live/chudnick.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/chudnick.com/privkey.pem;
+    add_header Strict-Transport-Security "max-age=31536000" always;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+    # Security / XSS Mitigation Headers
+    add_header X-Frame-Options "SAMEORIGIN";
+    add_header X-XSS-Protection "1; mode=block";
+    add_header X-Content-Type-Options "nosniff";
+        # authelia
+        include /etc/nginx/snippets/authelia-location.conf;
+    location / {
+                #authelia
+                include /etc/nginx/snippets/proxy.conf;
+        include /etc/nginx/snippets/authelia-authrequest.conf;
+        proxy_pass http://127.0.0.1:{{ kanboard_external_port }}/;
+    }
+}
+server {
+    listen 80;
+    listen [::]:80;
+        server_name {{ kanboard_server_name }};
+        return 301 https://$host$request_uri;
+}

diff --git a/data/kanboard/config.php b/data/kanboard/config.php new file mode 100644 index 0000000..b8a8d69 --- /dev/null +++ b/data/kanboard/config.php
@@ -0,0 +1,59 @@
	1	<?php
	2
	3	// Data folder (must be writeable by the web server user and absolute)
	4	define('DATA_DIR', '/var/www/app/data');
	5
	6	// Enable/Disable debug
	7	define('DEBUG', false);
	8
	9	// Available log drivers: syslog, stderr, stdout, system or file
	10	define('LOG_DRIVER', 'system');
	11
	12	// Plugins directory
	13	define('PLUGINS_DIR', __DIR__.DIRECTORY_SEPARATOR.'plugins');
	14
	15	// Available cache drivers are "file" and "memory"
	16	define('CACHE_DRIVER', 'memory');
	17
	18	// Enable/disable the reverse proxy authentication
	19	define('REVERSE_PROXY_AUTH', true);
	20
	21	// Header name to use for the username
	22	define('REVERSE_PROXY_USER_HEADER', 'HTTP_REMOTE_USER');
	23
	24	// Username of the admin, by default blank
	25	define('REVERSE_PROXY_DEFAULT_ADMIN', 'samadmin');
	26
	27	// Header name to use for the user email
	28	define('REVERSE_PROXY_EMAIL_HEADER', 'HTTP_REMOTE_EMAIL');
	29
	30	// Header name to use for the user full name
	31	define('REVERSE_PROXY_FULLNAME_HEADER', 'HTTP_REMOTE_NAME');
	32
	33	// Default domain to use for setting the email address
	34	define('REVERSE_PROXY_DEFAULT_DOMAIN', 'chudnick.com');
	35
	36	// Enable/disable remember me authentication
	37	define('REMEMBER_ME_AUTH', true);
	38
	39	// Hide login form, useful if all your users use Google/Github/ReverseProxy authentication
	40	define('HIDE_LOGIN_FORM', true);
	41
	42	// Disabling logout (useful for external SSO authentication)
	43	define('DISABLE_LOGOUT', true);
	44
	45	// Enable captcha after 3 authentication failure
	46	define('BRUTEFORCE_CAPTCHA', 3);
	47
	48	// Lock the account after 6 authentication failure
	49	define('BRUTEFORCE_LOCKDOWN', 6);
	50
	51	// Lock account duration in minute
	52	define('BRUTEFORCE_LOCKDOWN_DURATION', 15);
	53
	54	// Session duration in second (0 = until the browser is closed)
	55	// See http://php.net/manual/en/session.configuration.php#ini.session.cookie-lifetime
	56	define('SESSION_DURATION', 0);
	57
	58	// Session handler: db or php
	59	define('SESSION_HANDLER', 'db');


diff --git a/data/kanboard/kanboard.conf.j2 b/data/kanboard/kanboard.conf.j2 new file mode 100644 index 0000000..a9746a6 --- /dev/null +++ b/data/kanboard/kanboard.conf.j2
@@ -0,0 +1,34 @@
	1	server {
	2	listen 443 ssl;
	3	server_name {{ kanboard_server_name }};
	4
	5	ssl_certificate /etc/letsencrypt/live/chudnick.com/fullchain.pem;
	6	ssl_certificate_key /etc/letsencrypt/live/chudnick.com/privkey.pem;
	7	add_header Strict-Transport-Security "max-age=31536000" always;
	8	ssl_stapling on;
	9	ssl_stapling_verify on;
	10
	11	# Security / XSS Mitigation Headers
	12	add_header X-Frame-Options "SAMEORIGIN";
	13	add_header X-XSS-Protection "1; mode=block";
	14	add_header X-Content-Type-Options "nosniff";
	15
	16	# authelia
	17	include /etc/nginx/snippets/authelia-location.conf;
	18
	19	location / {
	20	#authelia
	21	include /etc/nginx/snippets/proxy.conf;
	22	include /etc/nginx/snippets/authelia-authrequest.conf;
	23
	24	proxy_pass http://127.0.0.1:{{ kanboard_external_port }}/;
	25	}
	26
	27	}
	28
	29	server {
	30	listen 80;
	31	listen [::]:80;
	32	server_name {{ kanboard_server_name }};
	33	return 301 https://$host$request_uri;
	34	}