Initial commit
This commit is contained in:
commit
35acb4920e
|
@ -0,0 +1,4 @@
|
||||||
|
/mkosi.cache/
|
||||||
|
/mkosi.passphrase
|
||||||
|
/mkosi.passwd
|
||||||
|
/mkosi.skeleton/root/.ssh/authorized_keys
|
|
@ -0,0 +1,28 @@
|
||||||
|
[Validation]
|
||||||
|
Autologin = yes
|
||||||
|
|
||||||
|
[Output]
|
||||||
|
Format = directory
|
||||||
|
|
||||||
|
[Content]
|
||||||
|
BasePackages = yes
|
||||||
|
WithDocs = yes
|
||||||
|
WithNetwork = yes
|
||||||
|
Packages =
|
||||||
|
tor
|
||||||
|
torsocks
|
||||||
|
openssl
|
||||||
|
certbot
|
||||||
|
nginx
|
||||||
|
php-fpm
|
||||||
|
knot
|
||||||
|
cargo
|
||||||
|
sudo
|
||||||
|
git
|
||||||
|
man-db
|
||||||
|
curl
|
||||||
|
lsof
|
||||||
|
tree
|
||||||
|
vim
|
||||||
|
htop
|
||||||
|
ncdu
|
|
@ -0,0 +1,15 @@
|
||||||
|
[Distribution]
|
||||||
|
Distribution = arch
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
[Output]
|
||||||
|
Output = /var/lib/machines/niver-arch
|
||||||
|
|
||||||
|
[Content]
|
||||||
|
Packages =
|
||||||
|
nginx-mod-headers-more
|
||||||
|
certbot-nginx
|
||||||
|
php-sqlite
|
||||||
|
openssh
|
||||||
|
iputils
|
|
@ -0,0 +1,17 @@
|
||||||
|
[Distribution]
|
||||||
|
Distribution = debian
|
||||||
|
Release = bullseye
|
||||||
|
Mirror = https://deb.debian.org/debian
|
||||||
|
|
||||||
|
[Output]
|
||||||
|
Output = /var/lib/machines/niver-debian
|
||||||
|
|
||||||
|
[Content]
|
||||||
|
Packages =
|
||||||
|
apt-transport-tor
|
||||||
|
libnginx-mod-http-headers-more-filter
|
||||||
|
python3-certbot-nginx
|
||||||
|
knot-dnsutils
|
||||||
|
php-sqlite3
|
||||||
|
openssh-server
|
||||||
|
iputils-ping
|
|
@ -0,0 +1,32 @@
|
||||||
|
# Configuration export (Knot DNS 3.1.7)
|
||||||
|
|
||||||
|
server:
|
||||||
|
version: "Knot"
|
||||||
|
nsid: "Niver"
|
||||||
|
rundir: "/run/knot"
|
||||||
|
user: "knot:knot"
|
||||||
|
listen: [ "::@42053", "0.0.0.0@42053" ]
|
||||||
|
|
||||||
|
log:
|
||||||
|
- target: "/var/log/knot/knot.log"
|
||||||
|
any: "debug"
|
||||||
|
|
||||||
|
database:
|
||||||
|
storage: "/var/lib/knot"
|
||||||
|
|
||||||
|
policy:
|
||||||
|
- id: "niver"
|
||||||
|
algorithm: "ed25519"
|
||||||
|
nsec3: "on"
|
||||||
|
|
||||||
|
template:
|
||||||
|
- id: "niver"
|
||||||
|
storage: "/srv/ns"
|
||||||
|
file: "%s.zone"
|
||||||
|
zonefile-load: "difference"
|
||||||
|
dnssec-signing: "on"
|
||||||
|
dnssec-policy: "niver"
|
||||||
|
|
||||||
|
zone:
|
||||||
|
- domain: "niver.test."
|
||||||
|
template: "niver"
|
|
@ -0,0 +1,26 @@
|
||||||
|
server {
|
||||||
|
listen [::1]:42443 ssl http2 default_server;
|
||||||
|
listen 127.0.0.1:42443 ssl http2 default_server;
|
||||||
|
|
||||||
|
ssl_certificate /etc/ssl/certs/niver.crt;
|
||||||
|
ssl_certificate_key /etc/ssl/private/niver.key;
|
||||||
|
#ssl_stapling off;
|
||||||
|
|
||||||
|
root /srv/php/errors;
|
||||||
|
try_files index.php index.html $uri $uri/;
|
||||||
|
index index.php index.html;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
root /srv/php/errors;
|
||||||
|
try_files /index.php =500;
|
||||||
|
index index.php;
|
||||||
|
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||||
|
fastcgi_pass unix:/run/php-fpm/errors.sock;
|
||||||
|
include /etc/nginx/inc/fastcgi.conf;
|
||||||
|
}
|
||||||
|
|
||||||
|
include /etc/nginx/inc/tls.conf;
|
||||||
|
include /etc/nginx/inc/errors.conf;
|
||||||
|
|
||||||
|
more_set_headers "Content-Security-Policy : default-src 'none'; frame-ancestors 'none';";
|
||||||
|
}
|
|
@ -0,0 +1,17 @@
|
||||||
|
server {
|
||||||
|
listen [::1]:42080 default_server;
|
||||||
|
listen 127.0.0.1:42080 default_server;
|
||||||
|
|
||||||
|
return 403; # Don't allow unsecure HTTP requests
|
||||||
|
|
||||||
|
# Display an explanation page
|
||||||
|
error_page 403 @http403;
|
||||||
|
location @http403 {
|
||||||
|
root /srv/php/errors;
|
||||||
|
try_files /http.php =500;
|
||||||
|
index http.php;
|
||||||
|
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||||
|
fastcgi_pass unix:/run/php-fpm/errors.sock;
|
||||||
|
include inc/fastcgi.conf;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,72 @@
|
||||||
|
recursive_error_pages on;
|
||||||
|
|
||||||
|
# 403 Forbidden
|
||||||
|
error_page 403 @403;
|
||||||
|
location @403 {
|
||||||
|
root /srv/php/errors;
|
||||||
|
try_files /403.html =500;
|
||||||
|
}
|
||||||
|
|
||||||
|
# 404 Not Found
|
||||||
|
error_page 404 @local404;
|
||||||
|
location @local404 {
|
||||||
|
try_files /404.html /404.md /404.gmi @niver404;
|
||||||
|
}
|
||||||
|
location @niver404 {
|
||||||
|
root /srv/php/errors;
|
||||||
|
try_files /404.php =500;
|
||||||
|
index /404.php;
|
||||||
|
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||||
|
fastcgi_pass unix:/run/php-fpm/errors.sock;
|
||||||
|
include inc/fastcgi.conf;
|
||||||
|
fastcgi_index /404.php;
|
||||||
|
}
|
||||||
|
|
||||||
|
# 405 Method Not Allowed
|
||||||
|
error_page 405 @405;
|
||||||
|
location @405 {
|
||||||
|
root /srv/php/errors;
|
||||||
|
try_files /405.html =500;
|
||||||
|
}
|
||||||
|
|
||||||
|
# 410 Gone
|
||||||
|
error_page 410 @410;
|
||||||
|
location @410 {
|
||||||
|
root /srv/php/errors;
|
||||||
|
try_files /410.html =500;
|
||||||
|
}
|
||||||
|
|
||||||
|
# 418 I'm a teapot
|
||||||
|
error_page 418 @418;
|
||||||
|
location @418 {
|
||||||
|
root /srv/php/errors;
|
||||||
|
try_files /418.html =500;
|
||||||
|
}
|
||||||
|
|
||||||
|
# 500 Internal Server Error
|
||||||
|
error_page 500 @500;
|
||||||
|
location @500 {
|
||||||
|
root /srv/php/errors;
|
||||||
|
try_files /500.html =500;
|
||||||
|
}
|
||||||
|
|
||||||
|
# 502 Bad Gateway
|
||||||
|
error_page 502 @502;
|
||||||
|
location @502 {
|
||||||
|
root /srv/php/errors;
|
||||||
|
try_files /502.html =500;
|
||||||
|
}
|
||||||
|
|
||||||
|
# 503 Service Unavailable
|
||||||
|
error_page 503 @503;
|
||||||
|
location @503 {
|
||||||
|
root /srv/php/errors;
|
||||||
|
try_files /503.html =500;
|
||||||
|
}
|
||||||
|
|
||||||
|
# 504 Gateway Timeout
|
||||||
|
error_page 504 @504;
|
||||||
|
location @504 {
|
||||||
|
root /srv/php/errors;
|
||||||
|
try_files /504.html =500;
|
||||||
|
}
|
|
@ -0,0 +1,26 @@
|
||||||
|
|
||||||
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||||
|
fastcgi_param QUERY_STRING $query_string;
|
||||||
|
fastcgi_param REQUEST_METHOD $request_method;
|
||||||
|
fastcgi_param CONTENT_TYPE $content_type;
|
||||||
|
fastcgi_param CONTENT_LENGTH $content_length;
|
||||||
|
|
||||||
|
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
|
||||||
|
fastcgi_param REQUEST_URI $request_uri;
|
||||||
|
fastcgi_param DOCUMENT_URI $document_uri;
|
||||||
|
fastcgi_param DOCUMENT_ROOT $document_root;
|
||||||
|
fastcgi_param SERVER_PROTOCOL $server_protocol;
|
||||||
|
fastcgi_param REQUEST_SCHEME $scheme;
|
||||||
|
fastcgi_param HTTPS $https if_not_empty;
|
||||||
|
|
||||||
|
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
|
||||||
|
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
|
||||||
|
|
||||||
|
fastcgi_param REMOTE_ADDR $remote_addr;
|
||||||
|
fastcgi_param REMOTE_PORT $remote_port;
|
||||||
|
fastcgi_param SERVER_ADDR $server_addr;
|
||||||
|
fastcgi_param SERVER_PORT $server_port;
|
||||||
|
fastcgi_param SERVER_NAME $server_name;
|
||||||
|
|
||||||
|
# PHP only, required if PHP was built with --enable-force-cgi-redirect
|
||||||
|
fastcgi_param REDIRECT_STATUS 200;
|
|
@ -0,0 +1,11 @@
|
||||||
|
-----BEGIN DH PARAMETERS-----
|
||||||
|
MIIBiAKCAYEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
|
||||||
|
+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
|
||||||
|
87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
|
||||||
|
YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
|
||||||
|
7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
|
||||||
|
ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3
|
||||||
|
7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32
|
||||||
|
nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZsYu
|
||||||
|
N///////////AgEC
|
||||||
|
-----END DH PARAMETERS-----
|
|
@ -0,0 +1,13 @@
|
||||||
|
-----BEGIN DH PARAMETERS-----
|
||||||
|
MIICCAKCAgEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
|
||||||
|
+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
|
||||||
|
87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
|
||||||
|
YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
|
||||||
|
7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
|
||||||
|
ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3
|
||||||
|
7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32
|
||||||
|
nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e
|
||||||
|
8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qx
|
||||||
|
iu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0K
|
||||||
|
zAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eZV9q//////////8CAQI=
|
||||||
|
-----END DH PARAMETERS-----
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,5 @@
|
||||||
|
more_set_headers "Content-Security-Policy : default-src 'self'; object-src 'none'; frame-ancestors 'none'; form-action 'none';";
|
||||||
|
|
||||||
|
default_type text/plain;
|
||||||
|
|
||||||
|
include inc/tls.conf;
|
|
@ -0,0 +1,16 @@
|
||||||
|
more_set_headers "X-Content-Type-Options : nosniff";
|
||||||
|
#more_set_headers "X-XSS-Protection : 1; mode=block";
|
||||||
|
#more_set_headers "X-Download-Options : noopen";
|
||||||
|
#more_set_headers "X-Permitted-Cross-Domain-Policies : none";
|
||||||
|
#more_set_headers "X-Frame-Options : DENY";
|
||||||
|
more_set_headers "Referrer-Policy : no-referrer";
|
||||||
|
more_set_headers "Strict-Transport-Security : max-age=94608000; includeSubDomains; preload";
|
||||||
|
more_clear_headers Server;
|
||||||
|
|
||||||
|
ssl_prefer_server_ciphers off;
|
||||||
|
|
||||||
|
ssl_session_timeout 1d;
|
||||||
|
ssl_session_cache shared:SSL:50m;
|
||||||
|
ssl_session_tickets off;
|
||||||
|
|
||||||
|
ssl_early_data off;
|
|
@ -0,0 +1,5 @@
|
||||||
|
ssl_protocols TLSv1.2 TLSv1.3;
|
||||||
|
ssl_ciphers ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384;
|
||||||
|
ssl_ecdh_curve X25519:X448;
|
||||||
|
|
||||||
|
include inc/security.conf;
|
|
@ -0,0 +1,6 @@
|
||||||
|
ssl_protocols TLSv1.2 TLSv1.3;
|
||||||
|
ssl_ciphers ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-CCM8:DHE-RSA-AES256-CCM8:DHE-RSA-AES128-CCM:DHE-RSA-AES256-CCM;
|
||||||
|
ssl_ecdh_curve X25519:X448:secp521r1:secp384r1:prime256v1;
|
||||||
|
ssl_dhparam inc/ffdhe3072.pem;
|
||||||
|
|
||||||
|
include inc/security.conf;
|
|
@ -0,0 +1,4 @@
|
||||||
|
ssl_protocols TLSv1.3;
|
||||||
|
ssl_ecdh_curve X25519:X448;
|
||||||
|
|
||||||
|
include inc/security.conf;
|
|
@ -0,0 +1,4 @@
|
||||||
|
ssl_protocols TLSv1.3;
|
||||||
|
ssl_ecdh_curve X25519:X448;
|
||||||
|
|
||||||
|
include inc/security.conf;
|
|
@ -0,0 +1,84 @@
|
||||||
|
types {
|
||||||
|
text/plain txt;
|
||||||
|
application/octet-stream bin;
|
||||||
|
|
||||||
|
# Hypertext
|
||||||
|
text/gemini gmi;
|
||||||
|
text/markdown md;
|
||||||
|
text/html html;
|
||||||
|
|
||||||
|
# Misc
|
||||||
|
text/css css;
|
||||||
|
text/javascript js;
|
||||||
|
text/csv csv;
|
||||||
|
text/calendar ics ifb;
|
||||||
|
text/vtt vtt;
|
||||||
|
text/dns zone soa;
|
||||||
|
application/mbox mbox;
|
||||||
|
application/x-bittorrent torrent;
|
||||||
|
|
||||||
|
# Compressed
|
||||||
|
application/gzip gz;
|
||||||
|
application/zip zip;
|
||||||
|
application/epub+zip epub;
|
||||||
|
application/pdf pdf;
|
||||||
|
|
||||||
|
# JSON
|
||||||
|
application/json json;
|
||||||
|
application/ld+json jsonld;
|
||||||
|
application/manifest+json webmanifest;
|
||||||
|
|
||||||
|
# XML
|
||||||
|
application/xml xml;
|
||||||
|
application/xhtml+xml xhtml;
|
||||||
|
application/atom+xml atom;
|
||||||
|
application/atomcat+xml atomcat;
|
||||||
|
application/atomsvc+xml atomsvc;
|
||||||
|
application/rss+xml rss;
|
||||||
|
application/mathml+xml mml;
|
||||||
|
application/emotionml+xml emotionml;
|
||||||
|
|
||||||
|
# OpenDocument
|
||||||
|
application/vnd.oasis.opendocument.chart odc;
|
||||||
|
application/vnd.oasis.opendocument.chart-template otc;
|
||||||
|
application/vnd.oasis.opendocument.database odb;
|
||||||
|
application/vnd.oasis.opendocument.formula odf;
|
||||||
|
application/vnd.oasis.opendocument.formula-template otf;
|
||||||
|
application/vnd.oasis.opendocument.graphics odg;
|
||||||
|
application/vnd.oasis.opendocument.graphics-template otg;
|
||||||
|
application/vnd.oasis.opendocument.image odi;
|
||||||
|
application/vnd.oasis.opendocument.image-template oti;
|
||||||
|
application/vnd.oasis.opendocument.presentation odp;
|
||||||
|
application/vnd.oasis.opendocument.presentation-template otp;
|
||||||
|
application/vnd.oasis.opendocument.spreadsheet ods;
|
||||||
|
application/vnd.oasis.opendocument.spreadsheet-template ots;
|
||||||
|
application/vnd.oasis.opendocument.text odt;
|
||||||
|
application/vnd.oasis.opendocument.text-master odm;
|
||||||
|
application/vnd.oasis.opendocument.text-template ott;
|
||||||
|
application/vnd.oasis.opendocument.text-web oth;
|
||||||
|
|
||||||
|
# Font
|
||||||
|
font/woff woff;
|
||||||
|
font/woff2 woff2;
|
||||||
|
|
||||||
|
# Image
|
||||||
|
image/png png;
|
||||||
|
image/gif gif;
|
||||||
|
image/jpeg jpeg jpg;
|
||||||
|
image/svg+xml svg svgz;
|
||||||
|
image/webp webp;
|
||||||
|
image/avif avif;
|
||||||
|
image/openraster ora;
|
||||||
|
|
||||||
|
# Audio
|
||||||
|
audio/opus opus;
|
||||||
|
audio/ogg ogg oga spx;
|
||||||
|
audio/mpeg mp3;
|
||||||
|
audio/webm weba;
|
||||||
|
audio/flac flac;
|
||||||
|
|
||||||
|
# Video
|
||||||
|
video/ogg ogv;
|
||||||
|
video/webm webm;
|
||||||
|
video/mp4 mp4;
|
||||||
|
}
|
|
@ -0,0 +1,42 @@
|
||||||
|
load_module "/usr/lib/nginx/modules/ngx_http_headers_more_filter_module.so";
|
||||||
|
worker_processes auto;
|
||||||
|
user nginx nginx;
|
||||||
|
|
||||||
|
events {
|
||||||
|
worker_connections 1024;
|
||||||
|
}
|
||||||
|
|
||||||
|
http {
|
||||||
|
types_hash_bucket_size 128; # Default: 64
|
||||||
|
types_hash_max_size 1024; # Default: 1024
|
||||||
|
server_names_hash_bucket_size 128;
|
||||||
|
|
||||||
|
# Performance optimisation
|
||||||
|
sendfile on;
|
||||||
|
tcp_nopush on;
|
||||||
|
|
||||||
|
# Correct Content-Type header
|
||||||
|
charset utf-8;
|
||||||
|
default_type text/plain;
|
||||||
|
include inc/types.conf;
|
||||||
|
|
||||||
|
# Serve file.gz instead of file if available
|
||||||
|
gzip_static on;
|
||||||
|
|
||||||
|
# Logging
|
||||||
|
log_format niver '|$time_local| [$remote_addr]@$server_name {$ssl_protocol $ssl_cipher} "$request" $status $body_bytes_sent "$http_user_agent"';
|
||||||
|
access_log /var/log/nginx/access.log niver;
|
||||||
|
error_log /var/log/nginx/error.log notice;
|
||||||
|
|
||||||
|
# Possible security threats
|
||||||
|
server_tokens off;
|
||||||
|
etag off;
|
||||||
|
autoindex off;
|
||||||
|
gzip off;
|
||||||
|
|
||||||
|
# Include other configuration
|
||||||
|
include sites/*.conf;
|
||||||
|
include ht/*.conf;
|
||||||
|
include default-server.conf;
|
||||||
|
include http.conf;
|
||||||
|
}
|
|
@ -0,0 +1,38 @@
|
||||||
|
server {
|
||||||
|
listen [::1]:42443 ssl http2;
|
||||||
|
listen 127.0.0.1:42443 ssl http2;
|
||||||
|
server_name niver.test;
|
||||||
|
|
||||||
|
root /srv/php/niver/public;
|
||||||
|
index index.php index.html index.htm;
|
||||||
|
try_files $uri $uri/ @extensionless-php;
|
||||||
|
|
||||||
|
include inc/tls.conf;
|
||||||
|
include inc/errors.conf;
|
||||||
|
|
||||||
|
more_set_headers "Referrer-Policy : same-origin";
|
||||||
|
more_set_headers "Content-Security-Policy : default-src 'none'; style-src 'self'; frame-ancestors 'none'; form-action 'self';";
|
||||||
|
|
||||||
|
location ~ ^/iquane/(db|less|lessphp|inc|niver.log) {
|
||||||
|
return 403;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ \.inc.php$ {
|
||||||
|
return 403;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ \.php$ {
|
||||||
|
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||||
|
fastcgi_pass unix:/run/php-fpm/niver.sock;
|
||||||
|
#fastcgi_index index.php;
|
||||||
|
include inc/fastcgi.conf;
|
||||||
|
try_files $uri =404;
|
||||||
|
}
|
||||||
|
|
||||||
|
location @extensionless-php {
|
||||||
|
rewrite ^(.*)$ $1.php last;
|
||||||
|
}
|
||||||
|
|
||||||
|
ssl_certificate /etc/ssl/certs/niver.crt;
|
||||||
|
ssl_certificate_key /etc/ssl/private/niver.key;
|
||||||
|
}
|
|
@ -0,0 +1,27 @@
|
||||||
|
[errors]
|
||||||
|
|
||||||
|
user = php-$pool
|
||||||
|
group = php-$pool
|
||||||
|
|
||||||
|
listen = /run/php-fpm/$pool.sock
|
||||||
|
|
||||||
|
listen.owner = nginx
|
||||||
|
listen.group = nginx
|
||||||
|
|
||||||
|
pm = dynamic
|
||||||
|
pm.max_children = 5
|
||||||
|
pm.start_servers = 2
|
||||||
|
pm.min_spare_servers = 1
|
||||||
|
pm.max_spare_servers = 3
|
||||||
|
|
||||||
|
access.log = /var/log/php/$pool-access.log
|
||||||
|
|
||||||
|
;chroot = /srv/php/errors
|
||||||
|
chdir = /srv/php/errors
|
||||||
|
|
||||||
|
catch_workers_output = yes
|
||||||
|
decorate_workers_output = yes
|
||||||
|
|
||||||
|
clear_env = yes
|
||||||
|
|
||||||
|
security.limit_extensions = .php
|
|
@ -0,0 +1,26 @@
|
||||||
|
[niver]
|
||||||
|
|
||||||
|
user = php-$pool
|
||||||
|
group = knot
|
||||||
|
|
||||||
|
listen = /run/php-fpm/$pool.sock
|
||||||
|
|
||||||
|
listen.owner = nginx
|
||||||
|
listen.group = nginx
|
||||||
|
|
||||||
|
pm = dynamic
|
||||||
|
pm.max_children = 5
|
||||||
|
pm.start_servers = 2
|
||||||
|
pm.min_spare_servers = 1
|
||||||
|
pm.max_spare_servers = 3
|
||||||
|
|
||||||
|
access.log = /var/log/php/$pool-access.log
|
||||||
|
|
||||||
|
chdir = /srv/php/$pool
|
||||||
|
|
||||||
|
catch_workers_output = yes
|
||||||
|
decorate_workers_output = yes
|
||||||
|
|
||||||
|
clear_env = yes
|
||||||
|
|
||||||
|
security.limit_extensions = .php
|
|
@ -0,0 +1,61 @@
|
||||||
|
LogLevel INFO
|
||||||
|
AllowUsers root
|
||||||
|
Subsystem sftp internal-sftp
|
||||||
|
UsePAM yes
|
||||||
|
|
||||||
|
# Network
|
||||||
|
|
||||||
|
AddressFamily any
|
||||||
|
ListenAddress [::]
|
||||||
|
ListenAddress 0.0.0.0
|
||||||
|
Port 42022
|
||||||
|
|
||||||
|
# Cryptography
|
||||||
|
|
||||||
|
HostKey /etc/ssh/ed25519
|
||||||
|
|
||||||
|
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com
|
||||||
|
HostKeyAlgorithms ssh-ed25519
|
||||||
|
KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org
|
||||||
|
MACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com
|
||||||
|
|
||||||
|
# Sessions
|
||||||
|
|
||||||
|
PermitRootLogin prohibit-password
|
||||||
|
StrictModes yes
|
||||||
|
MaxAuthTries 6
|
||||||
|
MaxSessions 1
|
||||||
|
MaxStartups 3:20:200
|
||||||
|
LoginGraceTime 3m
|
||||||
|
PrintMotd yes
|
||||||
|
|
||||||
|
# Disable everything
|
||||||
|
|
||||||
|
PermitTTY no
|
||||||
|
PermitTunnel no
|
||||||
|
|
||||||
|
AllowTcpForwarding no
|
||||||
|
X11Forwarding no
|
||||||
|
AllowAgentForwarding no
|
||||||
|
AllowStreamLocalForwarding no
|
||||||
|
DisableForwarding yes # Disables all forwarding features, including X11, ssh-agent(1), TCP and StreamLocal.
|
||||||
|
|
||||||
|
PermitUserRC no
|
||||||
|
PermitUserEnvironment no
|
||||||
|
IgnoreRhosts yes
|
||||||
|
AuthorizedKeysFile none
|
||||||
|
|
||||||
|
AuthenticationMethods none
|
||||||
|
PubkeyAuthentication no
|
||||||
|
PasswordAuthentication no
|
||||||
|
KbdInteractiveAuthentication no
|
||||||
|
PermitEmptyPasswords no
|
||||||
|
ChallengeResponseAuthentication no
|
||||||
|
|
||||||
|
# Enable what is necessary
|
||||||
|
|
||||||
|
Match User root
|
||||||
|
PermitTTY yes
|
||||||
|
PubkeyAuthentication yes
|
||||||
|
AuthenticationMethods publickey
|
||||||
|
AuthorizedKeysFile .ssh/authorized_keys
|
|
@ -0,0 +1,3 @@
|
||||||
|
[Network]
|
||||||
|
Private=no
|
||||||
|
VirtualEthernet=no
|
|
@ -0,0 +1,10 @@
|
||||||
|
#!/usr/bin/bash
|
||||||
|
|
||||||
|
source /etc/os-release
|
||||||
|
|
||||||
|
if [[ $ID = "arch" ]]; then
|
||||||
|
systemctl enable sshd
|
||||||
|
systemctl enable knot
|
||||||
|
systemctl enable nginx
|
||||||
|
systemctl enable php-fpm
|
||||||
|
fi
|
|
@ -0,0 +1,51 @@
|
||||||
|
#!/usr/bin/bash
|
||||||
|
|
||||||
|
# Clean configuration directories (will be filled with mkosi.extra/)
|
||||||
|
rm -r /etc/nginx/*
|
||||||
|
rm -r /etc/ssh/*
|
||||||
|
source /etc/os-release
|
||||||
|
if [[ $ID = "debian" ]]; then
|
||||||
|
rm -r /etc/php/7.4/fpm/pool.d/*
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Create system users
|
||||||
|
useradd -U -r -s /usr/sbin/nologin nginx
|
||||||
|
useradd -U -r -s /usr/sbin/nologin php-niver
|
||||||
|
useradd -U -r -s /usr/sbin/nologin php-errors
|
||||||
|
useradd -U -r -s /usr/sbin/nologin sftpgo
|
||||||
|
|
||||||
|
# Set proper permissions
|
||||||
|
|
||||||
|
chown -R knot:knot /var/log/knot
|
||||||
|
chmod -R 700 /var/log/knot
|
||||||
|
|
||||||
|
chown -R knot:php-niver /srv/ns
|
||||||
|
chmod -R 770 /srv/ns
|
||||||
|
|
||||||
|
chown -R php-niver:nginx /srv/ht
|
||||||
|
chmod -R 740 /srv/ht
|
||||||
|
|
||||||
|
chown -R php-niver:nginx /srv/php/niver/public/css/
|
||||||
|
chmod -R 750 /srv/php/niver/public/css/
|
||||||
|
|
||||||
|
chown -R php-niver:php-niver /srv/php/niver/db
|
||||||
|
chmod -R 700 /srv/php/niver/db
|
||||||
|
|
||||||
|
chown -R php-niver:php-niver /srv/php/niver/niver.log
|
||||||
|
chmod -R 600 /srv/php/niver/niver.log
|
||||||
|
|
||||||
|
# Load configuration in Knot database
|
||||||
|
systemctl stop knot
|
||||||
|
sudo -u knot knotc conf-import /etc/knot/knot.conf
|
||||||
|
systemctl start knot
|
||||||
|
|
||||||
|
# Generate default self-signed TLS key pair
|
||||||
|
openssl req -subj '/' -new -newkey RSA:3072 -days 3650 -nodes -x509 -keyout /etc/ssl/private/niver.key -out /etc/ssl/certs/niver.crt
|
||||||
|
|
||||||
|
# Generate SSH server key pair
|
||||||
|
ssh-keygen -f /etc/ssh/ed25519 -t ed25519 -N ""
|
||||||
|
ssh-keygen -lvf /etc/ssh/ed25519 > /etc/ssh/ed25519.fp
|
||||||
|
|
||||||
|
# Configure PHP-FPM properly
|
||||||
|
echo "display_errors = On" >> /etc/php/php.ini
|
||||||
|
echo "extension = pdo_sqlite" >> /etc/php/php.ini
|
|
@ -0,0 +1,3 @@
|
||||||
|
deb tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bullseye main
|
||||||
|
deb tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bullseye-backports main
|
||||||
|
deb tor+http://5ajw6aqf3ep7sijnscdzw77t7xq4xjpsy335yb2wiwgouo7yfxtjlmid.onion/debian-security bullseye-security main
|
|
@ -0,0 +1,3 @@
|
||||||
|
Server = https://mirror.ibakerserver.pt/Arch/$repo/os/$arch
|
||||||
|
Server = https://arch.juline.tech/$repo/os/$arch
|
||||||
|
Server = https://mirror.theo546.fr/archlinux/$repo/os/$arch
|
|
@ -0,0 +1 @@
|
||||||
|
nameserver 127.0.0.53
|
|
@ -0,0 +1,6 @@
|
||||||
|
[Resolve]
|
||||||
|
# https://www.fdn.fr/actions/dns/
|
||||||
|
DNS=2001:910:800::40 2001:910:800::12 80.67.169.40 80.67.169.12
|
||||||
|
FallbackDNS=
|
||||||
|
DNSSEC=yes
|
||||||
|
Cache=yes
|
|
@ -0,0 +1,27 @@
|
||||||
|
[Unit]
|
||||||
|
Description=SFTPGo Server
|
||||||
|
After=network.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
User=sftpgo
|
||||||
|
Group=sftpgo
|
||||||
|
Type=simple
|
||||||
|
WorkingDirectory=/etc/sftpgo
|
||||||
|
Environment=SFTPGO_CONFIG_DIR=/etc/sftpgo/
|
||||||
|
Environment=SFTPGO_LOG_FILE_PATH=
|
||||||
|
EnvironmentFile=-/etc/sftpgo/sftpgo.env
|
||||||
|
ExecStart=/usr/local/bin/sftpgo serve
|
||||||
|
ExecReload=/bin/kill -s HUP $MAINPID
|
||||||
|
LimitNOFILE=8192
|
||||||
|
KillMode=mixed
|
||||||
|
PrivateTmp=true
|
||||||
|
Restart=always
|
||||||
|
RestartSec=10s
|
||||||
|
NoNewPrivileges=yes
|
||||||
|
PrivateDevices=yes
|
||||||
|
DevicePolicy=closed
|
||||||
|
ProtectSystem=true
|
||||||
|
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
|
@ -0,0 +1,5 @@
|
||||||
|
#!/usr/bin/bash
|
||||||
|
|
||||||
|
cd /root/maniver
|
||||||
|
cargo build --release
|
||||||
|
cp /root/maniver/target/release/maniver /usr/local/bin/maniver
|
|
@ -0,0 +1,8 @@
|
||||||
|
#!/usr/bin/bash
|
||||||
|
|
||||||
|
git clone https://github.com/drakkan/sftpgo /root/sftpgo-src
|
||||||
|
cd /root/sftpgo-src
|
||||||
|
git checkout v2.2.2
|
||||||
|
apt update
|
||||||
|
apt install -y golang-1.18
|
||||||
|
/usr/lib/go-1.18/bin/go build -tags nogcs,nos3,noazblob,nobolt,nomysql,nopgsql,noportable,nometrics -o /usr/local/bin/sftpgo
|
|
@ -0,0 +1 @@
|
||||||
|
Subproject commit 2ad9fe6f3d7d3fc44cc03ef569d82dd601b51664
|
|
@ -0,0 +1,6 @@
|
||||||
|
niver.test. 10800 SOA ns1.niver.test. admin.niver.test. 0 21600 7200 3628800 3600
|
||||||
|
niver.test. 86400 NS ns1.niver.test.
|
||||||
|
niver.test. 10800 A 127.0.0.1
|
||||||
|
niver.test. 10800 AAAA ::1
|
||||||
|
ns1.niver.test. 10800 A 127.0.0.1
|
||||||
|
ns1.niver.test. 10800 AAAA ::1
|
|
@ -0,0 +1,15 @@
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html lang="en">
|
||||||
|
<head>
|
||||||
|
<meta charset="UTF-8">
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||||
|
<title>Bad request · HTTP 400</title>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<h1>Bad request</h1>
|
||||||
|
<p>
|
||||||
|
The request is malformed.
|
||||||
|
</p>
|
||||||
|
<small><code>HTTP 400</code></small>
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -0,0 +1,15 @@
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html lang="en">
|
||||||
|
<head>
|
||||||
|
<meta charset="UTF-8">
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||||
|
<title>Access forbidden · HTTP 403</title>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<h1>Access forbidden</h1>
|
||||||
|
<p>
|
||||||
|
The server refused to process the request for security reasons.
|
||||||
|
</p>
|
||||||
|
<small><code>HTTP 403</code></small>
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -0,0 +1,19 @@
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html lang="en">
|
||||||
|
<head>
|
||||||
|
<meta charset="UTF-8">
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||||
|
<title>File not found · HTTP 404</title>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<h1>File not found</h1>
|
||||||
|
<p>
|
||||||
|
The server did not find anything at the requested address.
|
||||||
|
</p>
|
||||||
|
<ul>
|
||||||
|
<li>The file may have been moved or deleted.</li>
|
||||||
|
<li>Perhaps the address was mistyped.</li>
|
||||||
|
</ul>
|
||||||
|
<small><code>HTTP 404</code></small>
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -0,0 +1,19 @@
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html lang="fr">
|
||||||
|
<head>
|
||||||
|
<meta charset="UTF-8">
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||||
|
<title>Fichier introuvable · HTTP 404</title>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<h1>Fichier introuvable</h1>
|
||||||
|
<p>
|
||||||
|
Le serveur n'a rien trouvé à l'adresse demandée.
|
||||||
|
</p>
|
||||||
|
<ul>
|
||||||
|
<li>Le fichier a put être déplacé ou supprimé.</li>
|
||||||
|
<li>L'adresse a peut-être été mal saisie.</li>
|
||||||
|
</ul>
|
||||||
|
<small><code>HTTP 404</code></small>
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -0,0 +1,20 @@
|
||||||
|
<?php
|
||||||
|
if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
|
||||||
|
$clientLocales = $_SERVER['HTTP_ACCEPT_LANGUAGE'];
|
||||||
|
$clientLocales = preg_replace("#[A-Z0-9]|q=|;|-|\.#", "", $clientLocales);
|
||||||
|
$clientLocales = explode(',', $clientLocales);
|
||||||
|
$availableLocales = array('en', 'fr');
|
||||||
|
foreach ($clientLocales as $clientLocale) {
|
||||||
|
if (in_array($clientLocale, $availableLocales)) {
|
||||||
|
$locale = $clientLocale;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (isset($locale) AND $locale == "fr")
|
||||||
|
echo file_get_contents("404.fr.html");
|
||||||
|
else
|
||||||
|
echo file_get_contents("404.en.html");
|
||||||
|
|
||||||
|
?>
|
|
@ -0,0 +1,15 @@
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html lang="en">
|
||||||
|
<head>
|
||||||
|
<meta charset="UTF-8">
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||||
|
<title>Method Not Allowed · HTTP 405</title>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<h1>Method Not Allowed</h1>
|
||||||
|
<p>
|
||||||
|
The request method is not supported for this resource.
|
||||||
|
</p>
|
||||||
|
<small><code>HTTP 405</code></small>
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -0,0 +1,15 @@
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html lang="en">
|
||||||
|
<head>
|
||||||
|
<meta charset="UTF-8">
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||||
|
<title>Gone · HTTP 410</title>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<h1>Gone</h1>
|
||||||
|
<p>
|
||||||
|
The requested resource is not available anymore.
|
||||||
|
</p>
|
||||||
|
<small><code>HTTP 410</code></small>
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -0,0 +1,15 @@
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html lang="en">
|
||||||
|
<head>
|
||||||
|
<meta charset="UTF-8">
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||||
|
<title>I'm a teapot · HTTP 418</title>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<h1>I'm a teapot</h1>
|
||||||
|
<p>
|
||||||
|
Your coffee cannot be brewed because this server is a teapot.
|
||||||
|
</p>
|
||||||
|
<small><code>HTTP 418</code></small>
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -0,0 +1,19 @@
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html lang="en">
|
||||||
|
<head>
|
||||||
|
<meta charset="UTF-8">
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||||
|
<title>Server error · HTTP 500</title>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<h1>Server error</h1>
|
||||||
|
<p>
|
||||||
|
The server encountered an error and is unable to satisfy your request.
|
||||||
|
</p>
|
||||||
|
<ul>
|
||||||
|
<li>This error is probably temporary.</li>
|
||||||
|
<li>If it isn't, you can try to contact an administrator.</li>
|
||||||
|
</ul>
|
||||||
|
<small><code>HTTP 500</code></small>
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -0,0 +1,19 @@
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html lang="en">
|
||||||
|
<head>
|
||||||
|
<meta charset="UTF-8">
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||||
|
<title>Bad gateway · HTTP 502</title>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<h1>Bad gateway</h1>
|
||||||
|
<p>
|
||||||
|
The backend server encountered an error and is unable to satisfy your request.
|
||||||
|
</p>
|
||||||
|
<ul>
|
||||||
|
<li>This error is probably temporary.</li>
|
||||||
|
<li>If it isn't, you can try to contact an administrator.</li>
|
||||||
|
</ul>
|
||||||
|
<small><code>HTTP 502</code></small>
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -0,0 +1,19 @@
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html lang="en">
|
||||||
|
<head>
|
||||||
|
<meta charset="UTF-8">
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||||
|
<title>Service unavailable · HTTP 503</title>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<h1>Service unavailable</h1>
|
||||||
|
<p>
|
||||||
|
The server cannot handle the request, because it is overloaded or down for maintenance.
|
||||||
|
</p>
|
||||||
|
<ul>
|
||||||
|
<li>This error is probably temporary.</li>
|
||||||
|
<li>If it isn't, you can try to contact an administrator.</li>
|
||||||
|
</ul>
|
||||||
|
<small><code>HTTP 503</code></small>
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -0,0 +1,19 @@
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html lang="en">
|
||||||
|
<head>
|
||||||
|
<meta charset="UTF-8">
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||||
|
<title>Gateway timeout · HTTP 504</title>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<h1>Gateway timeout</h1>
|
||||||
|
<p>
|
||||||
|
The backend server did not send a timely response.
|
||||||
|
</p>
|
||||||
|
<ul>
|
||||||
|
<li>This error is probably temporary.</li>
|
||||||
|
<li>If it isn't, you can try to contact an administrator.</li>
|
||||||
|
</ul>
|
||||||
|
<small><code>HTTP 504</code></small>
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -0,0 +1,11 @@
|
||||||
|
<!DOCTYPE HTML>
|
||||||
|
<html lang="en">
|
||||||
|
<head>
|
||||||
|
<meta charset="UTF-8">
|
||||||
|
<title>Broken site</title>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<h1>Broken site</h1>
|
||||||
|
The site you're trying to reach is misconfigured. This domain seems to be pointing to this server, but this server is not aware of a site using this domain.
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -0,0 +1,11 @@
|
||||||
|
<!DOCTYPE HTML>
|
||||||
|
<html lang="en">
|
||||||
|
<head>
|
||||||
|
<meta charset="UTF-8">
|
||||||
|
<title>Nothing here</title>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<h1>Nothing here</h1>
|
||||||
|
You reached Niver's default site using IP address. There's nothing for you here.
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -0,0 +1,23 @@
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html lang="en">
|
||||||
|
<head>
|
||||||
|
<meta charset="UTF-8">
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||||
|
<title>Not available over unsecure HTTP</title>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<h1>Not available over unsecure HTTP</h1>
|
||||||
|
<p>
|
||||||
|
This server does not accept unsecure HTTP requests. Use HTTPS instead.
|
||||||
|
</p>
|
||||||
|
<details open="">
|
||||||
|
<summary>What happened?</summary>
|
||||||
|
You made a request to the server using the unsecure HTTP protocol (<code>http://</code>). For privacy and security reasons, the server does not accept this, as unsecure HTTP connections can be watched and modified by any device on the way.
|
||||||
|
</details>
|
||||||
|
<details>
|
||||||
|
<summary>How to solve this?</summary>
|
||||||
|
You can tell your browser to use HTTPS by prefixing the URL with <code>https://</code>.
|
||||||
|
</details>
|
||||||
|
<small><code>HTTP 400</code></small>
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -0,0 +1,45 @@
|
||||||
|
<?php
|
||||||
|
if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
|
||||||
|
$clientLocales = $_SERVER['HTTP_ACCEPT_LANGUAGE'];
|
||||||
|
$clientLocales = preg_replace("#[A-Z0-9]|q=|;|-|\.#", "", $clientLocales);
|
||||||
|
$clientLocales = explode(',', $clientLocales);
|
||||||
|
$availableLocales = array('en', 'fr');
|
||||||
|
foreach ($clientLocales as $clientLocale) {
|
||||||
|
if (in_array($clientLocale, $availableLocales)) {
|
||||||
|
$locale = $clientLocale;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (isset($locale) AND $locale == "fr") {
|
||||||
|
# echo file_get_contents("404.fr.html");
|
||||||
|
#else { ?>
|
||||||
|
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html lang="en">
|
||||||
|
<head>
|
||||||
|
<meta charset="UTF-8">
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||||
|
<title>Not available over unsecure HTTP</title>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<h1>Not available over unsecure HTTP</h1>
|
||||||
|
<p>
|
||||||
|
This server does not accept unsecure HTTP requests. <a href="<?php echo htmlspecialchars($_SERVER['QUERY_STRING']);
|
||||||
|
|
||||||
|
?>">Use HTTPS</a> instead.
|
||||||
|
</p>
|
||||||
|
<details open="">
|
||||||
|
<summary>What happened?</summary>
|
||||||
|
You made a request to the server using the unsecure HTTP protocol (<code>http://</code>). For privacy and security reasons, the server does not accept this, as unsecure HTTP connections can be watched and modified by any device on the way.
|
||||||
|
</details>
|
||||||
|
<details>
|
||||||
|
<summary>How to solve this?</summary>
|
||||||
|
You can tell your browser to use HTTPS by prefixing the URL with <code>https://</code>.
|
||||||
|
</details>
|
||||||
|
<small><code>HTTP 403</code></small>
|
||||||
|
</body>
|
||||||
|
</html>
|
||||||
|
|
||||||
|
<?php } ?>
|
|
@ -0,0 +1,8 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
if (filter_var(str_replace(array("[", "]"), "", $_SERVER['HTTP_HOST']), FILTER_VALIDATE_IP))
|
||||||
|
echo file_get_contents("default-ip.en.html");
|
||||||
|
else
|
||||||
|
echo file_get_contents("default-domain.en.html");
|
||||||
|
|
||||||
|
?>
|
|
@ -0,0 +1 @@
|
||||||
|
Subproject commit 9a2eb0a18e6f5d464af6d130c291dc916a5d73c9
|
Binary file not shown.
Binary file not shown.
|
@ -0,0 +1,2 @@
|
||||||
|
DOMAIN 3600 SOA ns1.niver.test. admin.niver.test. 1 21600 7200 3628800 3600
|
||||||
|
DOMAIN 86400 NS ns1.niver.test.
|
|
@ -0,0 +1,15 @@
|
||||||
|
server {
|
||||||
|
listen [::]:{{HTTPS_PORT}} ssl http2;
|
||||||
|
listen 0.0.0.0:{{HTTPS_PORT}} ssl http2;
|
||||||
|
server_name {{DOMAIN}};
|
||||||
|
root {{HT_PATH}}/{{USERNAME}}/ht/{{DIR}};
|
||||||
|
|
||||||
|
ssl_certificate /etc/ssl/certs/niver.crt;
|
||||||
|
ssl_certificate_key /etc/ssl/private/niver.key;
|
||||||
|
|
||||||
|
include inc/tls.conf;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
try_files $uri $uri.html $uri/ =404;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,9 @@
|
||||||
|
server {
|
||||||
|
listen [::1]:{{INTERNAL_ONION_HTTP_PORT}};
|
||||||
|
server_name {{DOMAIN}};
|
||||||
|
root {{HT_PATH}}/{{USERNAME}}/ht/{{DIR}};
|
||||||
|
|
||||||
|
location / {
|
||||||
|
try_files $uri $uri.html $uri/ =404;
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue