dockerfiles/commul-customization/webpage/index.html → dockerfiles/nginx/html/index.html

@@ -36,11 +36,11 @@
 				<a href="https://clarin-dev.eurac.edu/repository/xmlui/" class="button">
 					<span id="buttontext">Continue to the repository</span></a>
 			</div>
-			<p><a href="http://www.eurac.edu">Eurac Research</a> is a private non-profit research center located in the heart of the Alps in Bolzano, South Tyrol. It is funded by the local and regional government and through external projects. Today, over 25 years after it was funded, more than 400 scientists from over 30 countries work here in a wide number of different research fields.</p>
+			<p><a href="http://www.eurac.edu">Eurac Research</a> is a private non-profit research center located in the heart of the Alps in Bolzano, South Tyrol. It is funded by the local and regional government and through external projects. Today, over 30 years after it was funded, more than 700 scientists from over 35 countries work here in a wide number of different research fields.</p>
 
 <p>The <a href="http://www.eurac.edu/linguistics">Institute for Applied Linguistics</a> is one of the many institutes at Eurac Research. It is working mainly on the fields of terminology, translation studies, variety linguistics, corpus linguistics, sociolinguistics, lexicography and computational linguistics. Special interests lie in the fields of Learner Corpora, Computer-mediated Communication (CMC) and the specific situation of German in the multilingual region of South Tyrol.</p>
 
-<p><a href="https://www.clarin.eu">CLARIN</a> is a pan-European project organised as an European Research Infrastructure Consortium (ERIC) with about 20 participating member countries. Its ultimate objective is to advance research in the humanities and social sciences by giving researchers unified single sign-on access to a platform which integrates language-based resources and advanced tools at a European level.</p>
+<p><a href="https://www.clarin.eu">CLARIN</a> is a pan-European project organised as a European Research Infrastructure Consortium (ERIC) with over 20 participating member countries. Its ultimate objective is to advance research in the humanities and social sciences by giving researchers unified single sign-on access to a platform which integrates language-based resources and advanced tools at a European level.</p>
 
 <p><a href="https://clarin-dev.eurac.edu/repository/xmlui/page/about">Read More...</a></p>
 		</div>

dockerfiles/commul-customization/nginx.conf → dockerfiles/nginx/nginx.conf

@@ -65,5 +65,5 @@ http {
         text/xml
         text/x-component;
 
-    include	 default-ssl;
+    include	 nginx.default.conf;
 }

dockerfiles/commul-customization/default-ssl → dockerfiles/nginx/nginx.default.conf

@@ -4,9 +4,11 @@ upstream tomcats {
 }
 
 server {
-  listen 80;
-  listen [::]:80;
-  server_name clarin-dev.eurac.edu;
+  listen 443;
+  listen [::]:443;
+  server_name clarin-dev.eurac.edu localhost;
+
+  root  /opt/nginx/html;
 
   location /repository/oai {
 
@@ -22,29 +24,6 @@ server {
 
   }
 
-  location / {
-    return 301 https://$server_name$request_uri;
-  }
-}
-
-server {
-  listen 443;
-  server_name clarin-dev.eurac.edu localhost;
-
-  root  /opt/nginx/html;
-  index index.html index.htm;
-
-  ssl on;
-  ssl_certificate /etc/ssl/clarin/clarin-dev_eurac_edu.crt;
-  ssl_certificate_key /etc/ssl/clarin/clarin-dev.key;
-
-  ssl_protocols        TLSv1 TLSv1.1 TLSv1.2;
-  ssl_ciphers RC4:HIGH:!aNULL:!MD5;
-  ssl_prefer_server_ciphers on;
-  keepalive_timeout    70;
-  ssl_session_cache    shared:SSL:10m;
-  ssl_session_timeout  10m;
-
   add_header 'Access-Control-Allow-Origin' "*";
   add_header 'Access-Control-Allow-Credentials' 'true';
 
@@ -81,10 +60,6 @@ server {
 
   location / {
     index index.html index.htm;
-
-    if ($HTTP_X_SCHEME = "http") {
-        rewrite ^ https://$http_host$request_uri permanent;
-    }
   }
 
   location /php/aa-statistics.php {
@@ -130,10 +105,6 @@ server {
 
   }
 
-  # define aai location
-  location /aai {
-    alias /opt/repository/sources/lindat-aai-discovery; }
-
   # add path your repository path that will be protected by shibboleth
   location /repository/xmlui/shibboleth-login {
     include repository_auth;

dockerfiles/commul-customization/repository_auth → dockerfiles/nginx/repository_auth

@@ -19,9 +19,11 @@ more_clear_input_headers
 more_clear_input_headers 'affiliation' 'assurance' 'cn' 'eduPersonOrgUnitDN' 'eduPersonStudyiProgramme' 'eduPersonStudySubject' 'entitlement' 'eppn' 'givenName' 'mail' 'o' 'ou' 'persistent-id' 'sn' 'telephoneNumber' 'unscoped-affiliation';
 
 # Require https and will redirect
-if ($https != "on") {
-  return 301 https://$http_host$request_uri;
-}
+#if ($https != "on") {
+#  return 301 https://$http_host$request_uri;
+#}
+# FIXME: reverse proxy-ing -> check connection params to revproxy and enforce
+# http->https i if *there* is no https.
 
 shib_request /shibauthorizer;
 shib_request_use_headers on;

dockerfiles/commul-customization/robots-clarin.txt → dockerfiles/nginx/robots-clarin.txt

@@ -16,6 +16,8 @@ Disallow: /repository/xmlui/forgot
 Disallow: /repository/xmlui/login
 Disallow: /repository/xmlui/register
 Disallow: /repository/xmlui/search-filter
+Disallow: /repository/*allzip$
+Disallow: /repository/oai/requeststripped
 Disallow: /Shibboleth.sso
 #
 # Optionally uncomment the following line ONLY if sitemaps are working

dockerfiles/commul-customization/shibboleth2.xml → dockerfiles/nginx/shibboleth2.xml

@@ -24,10 +24,10 @@
     <RequestMapper type="XML">
     <RequestMap>
         <Host name="clarin-dev.eurac.edu"
-                authType="shibboleth"
-                requireSession="true"
-		exportAssertion="true"
-                redirectToSSL="443">
+            authType="shibboleth"
+            requireSession="true"
+            exportAssertion="true"
+            redirectToSSL="443">
             <Path name="/secure" />
         </Host>
 
@@ -36,9 +36,9 @@
 
     <!-- The ApplicationDefaults element is where most of Shibboleth's SAML bits are defined. -->
     <ApplicationDefaults entityID="https://clarin-dev.eurac.edu/Shibboleth.sso/Metadata"
-                         REMOTE_USER="eppn persistent-id targeted-id"
-			 sessionHook="/php/aa-statistics.php"
-                         cipherSuites="ECDHE+AESGCM:ECDHE:!aNULL:!eNULL:!LOW:!EXPORT:!RC4:!SHA:!SSLv2">
+        REMOTE_USER="eppn persistent-id targeted-id"
+        sessionHook="/php/aa-statistics.php"
+        cipherSuites="ECDHE+AESGCM:ECDHE:!aNULL:!eNULL:!LOW:!EXPORT:!RC4:!SHA:!SSLv2">
 
         <!--
         Controls session lifetimes, address checks, cookie handling, and the protocol handlers.
@@ -50,13 +50,14 @@
         security of your site. Stealing sessions via cookie theft is much easier with this disabled.
         -->
         <Sessions lifetime="28800"
-		  timeout="3600"
-		  relayState="ss:mem"
-                  checkAddress="false"
-                  handlerSSL="true"
-		  cookieProps="https"
-		  exportLocation="/GetAssertion"
-                  exportACL="127.0.0.1">
+            timeout="3600"
+            relayState="ss:mem"
+            checkAddress="false"
+            handlerSSL="false"
+            cookieProps="https"
+            exportLocation="/GetAssertion"
+            exportACL="127.0.0.1"
+            redirectLimit="exact">
 
             <!--
             Configures SSO for a default IdP. To allow for >1 IdP, remove
@@ -65,8 +66,8 @@
             You can also override entityID on /Login query string, or in RequestMap/htaccess.
             -->
             <SSO
-		discoveryProtocol="SAMLDS" discoveryURL="https://discovery.clarin.eu/discojuice">
-              SAML2 SAML1
+                discoveryProtocol="SAMLDS" discoveryURL="https://discovery.clarin.eu/discojuice">
+                SAML2 SAML1
             </SSO>
 
 <!--            <SSO entityID="https://idp.eurac.edu/idp/shibboleth">