##############################################
# owncloud
##############################################
Alias /owncloud /var/www/owncloud
Options +FollowSymLinks
AllowOverride None
order deny,allow
allow from all
# AuthType Basic
# AuthName “owncloud”
# AuthUserFile /etc/apache2/htpasswd
# Require user olkn
############################################################
# acidbase config
##############################################
Alias /acidbase “/var/www/acidbase”
Options +FollowSymLinks
AllowOverride None
order deny,allow
deny from all
allow from 192.168.4.0/255.255.255.0
AuthType Basic
AuthName “acidbase”
AuthUserFile /etc/apache2/htpasswd
Require user olkn
php_flag magic_quotes_gpc Off
php_flag track_vars On
php_value include_path .:/usr/share/php
##############################################
# cacti website for traffic graphing
##############################################
Alias /cacti /var/www/cacti/site
Options +FollowSymLinks
AllowOverride None
order allow,deny
allow from all
AddType application/x-httpd-php .php
php_flag magic_quotes_gpc Off
php_flag short_open_tag On
php_flag register_globals Off
php_flag register_argc_argv On
php_flag track_vars On
# this setting is necessary for some locales
php_value mbstring.func_overload 0
php_value include_path .
DirectoryIndex index.php
##############################################
# anyterm proxy
##############################################
ProxyPass http://192.168.4.200:5000/
ProxyPassReverse http://192.168.4.200:5000/
AuthType Basic
AuthName “anyterm”
AuthUserFile /etc/apache2/htpasswd
Require user olkn
##############################################
# proxy website for glype
##############################################
Alias /proxy /var/www/glype
Order Deny,Allow
Allow from all
AllowOverride All
##############################################
# webdav Freigabe
##############################################
Alias /webdav /var/www/webdav
ForceType text/plain
AllowOverride None
SSLRequireSSL
dav on
AuthType Basic
AuthName “WebDav”
AuthUserFile /etc/apache2/htpasswd
Require user olkn
##############################################
# Tine2.0 installation
##############################################
Alias /tine /var/www/tine
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
# tine needs some memory
php_admin_value memory_limit 64M
# tine insists on this
php_admin_flag magic_quotes_gpc off
RewriteEngine on
RewriteRule /Microsoft-Server-ActiveSync(.*) /var/www/tine/index.php$1 [E=REDIRECT_ACTIVESYNC:true,E=REMOTE_USER:%{HTTP:Authorization}]
To create a read only root file system we need to know which processes access which files and which files must be accessible. So here is a list of files to take care of. Everything below /var is assumed of being accessible as it makes no sense from my point of view to restrict access for everything, which could nevertheless also be achieved by following this instructions.
There are already some special file systems available in a standard linux installation, so we do not need to take care about:
So we finally will have:
/ root as extended fs read only mounted
/var as exteneded fs mounted read writable
/tmp as temp fs ounted read writable
And now to the tricks. We need to take care about /etc as there are some files which need special preparation:
adjtime – should be linked to somewhere beyond /var; /etc/init.d/hwclockfirst.sh and hwclock.sh should be adjusted to show the option –noadjtime
blkid.tab – should be linked to somewhere beyond /var; the environement variable BLKID_FILE must be set to /var/local/blkid.tab in /etc/environment
mtab – Create a symlink from /etc/mtab to /proc/self/mounts
network/run – ifupdown links /etc/network/run to /dev/shm/network in postinst if /dev/shm exists and /etc/network/run does not; my installation was not successful without an existing network/run/ifstates, so I copied the complete directory once the network was up and running.
nologin – This should already be a symlink to /var/lib/initscripts/nologin
resolv.conf – no problem with static nameserver configurations
passwd, shadow – may be modified by user interaction
apt-get could be modified to remount before installing anything:
DPkg {
// Auto re-mounting of a readonly /
Pre-Invoke { "mount -o remount,rw /"; };
Post-Invoke { "test ${NO_APT_REMOUNT:-no} = yes || mount -o remount,ro / || true"; };
};
Use lsof to find processes blocking the readonly mount.
There are some additional tricks to check:
USB install:
zcat android-x86-….img.gz |dd of=/dev/sdb
How to wake up:
the following keys are working: ESC, Menu, left, right, up, down
to wake up the machine the keys must be pressed for at least one second
you may use the mouse wheel to unlock the screen
if you encounter graphics problems you may use the following options:
kernel initrd=/initrd.img root=/dev/ram0
androidboot_hardware=generic_x86 acpi_sleep=s3_bios,s3_mode video=-16 SRC=DATA=DPI=240
the parameter xforcevesa enables VESA graphics driver for X
nomodeset disables the kernel mode setting
Both options may be used to play around and getting graphics to work.
Navigation:
HOME – windows key left
BACK – ESC
MENU – menu-key
Here is a config for apache to enable reverse proxy access to a pyload webinterface I found on the net:
ServerSignature off
RedirectMatch ^/(.*)$ https://pyload…/$1
Options FollowSymLinks
AllowOverride None
ErrorLog /var/log/apache/pyload_error.log
LogLevel emerg
CustomLog /var/log/apache/pyload_error.log combined