meta/README.md

# Meta

*Meta* is a small Nginx/PHP tool displaying some informations in order to debug or satisfy your curiosity.

## Use

### Paths

* `/me` will redirect to `/<your-ip-address>`
* `/<any-ip-address>` will print informations obtained from databases located in the `geolite2` directory
* `/emoji` will print an emoji list
* `/<anything-else>` will print *IP*, *TCP*, *TLS* and *HTTP* metadata

### Domains

* `meta.4.niv.re` have working A (IPv4) and AAAA (IPv6) records
You can test IP version connectivity by forcing it throught
* `ipv4.meta.4.niv.re` only have the A record
* `ipv6.meta.4.niv.re` only have the AAAA record

## Nginx configuration

```
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name meta.4.niv.re *.meta.4.niv.re;

    root /var/www/meta;
    index index.php;
    try_files $uri/ /;

    more_set_headers "Content-Security-Policy : default-src 'none'; frame-ancestors 'none'; form-action 'none';";
    more_set_headers "X-Content-Type-Options : nosniff";
    more_set_headers "X-XSS-Protection : 1; mode=block";
    more_set_headers "X-Download-Options : noopen";
    more_set_headers "X-Permitted-Cross-Domain-Policies : none";
    more_set_headers "X-Frame-Options : DENY";
    more_set_headers "Referrer-Policy : no-referrer";
    more_set_headers "Strict-Transport-Security : max-age=94608000; includeSubDomains; preload";
    more_clear_headers Server;

    ssl_prefer_server_ciphers off;

    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;

    ssl_early_data off;

    ssl_stapling on;
    ssl_stapling_verify on;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384;

    ssl_ecdh_curve X25519:X448;

    ssl_certificate /etc/letsencrypt/live/meta.4.niv.re/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/meta.4.niv.re/privkey.pem;

    error_log /var/log/nginx/meta.4.niv.re-error.log info;
    access_log off;

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php/meta.sock;
        include inc/fastcgi.conf;
        fastcgi_param SSL_CURVES $ssl_curves;
        fastcgi_param SSL_CIPHERS $ssl_ciphers;
        fastcgi_param SSL_CIPHER $ssl_cipher;
        fastcgi_param SSL_PROTOCOL $ssl_protocol;
        fastcgi_param SSL_SESSION_ID $ssl_session_id;
        fastcgi_param NGINX_VERSION $nginx_version;
        fastcgi_param TCPINFO_RTT $tcpinfo_rtt;
        fastcgi_param TCPINFO_RTTVAR $tcpinfo_rttvar;
        fastcgi_param TCPINFO_SND_CWND $tcpinfo_snd_cwnd;
        fastcgi_param TCPINFO_RCV_SPACE $tcpinfo_rcv_space;
        fastcgi_param CONNECTION $connection;
        fastcgi_param CONNECTION_REQUESTS $connection_requests;
        fastcgi_param REQUEST $request;
    }

    location ~ emojis.txt {
        charset utf-8;
    }
}
```

## Ressources

Nginx variable list: <https://nginx.org/docs/varindex.html>

PHP $_SERVER list: <https://www.php.net/manual/reserved.variables.server.php>

### HTTP headers

* https://en.wikipedia.org/wiki/List_of_HTTP_header_fields
* https://developer.mozilla.org/docs/Web/HTTP/Headers
* https://datatracker.ietf.org/doc/html/rfc7231

## Free software

*Meta* is published under **AGPLv3+** (see `LICENSE`), it's source code is available at <https://code.antopie.org/miraty/meta>. `db-reader` and `geolite2` directories contents have their own license.
Add README.md 2021-09-29 17:23:17 +02:00			`# Meta`

			`Meta is a small Nginx/PHP tool displaying some informations in order to debug or satisfy your curiosity.`

			`## Use`

			`### Paths`

Fix MD display 2021-09-29 17:30:04 +02:00			* `/me` will redirect to `/<your-ip-address>`
			* `/<any-ip-address>` will print informations obtained from databases located in the `geolite2` directory
			* `/emoji` will print an emoji list
			* `/<anything-else>` will print IP, TCP, TLS and HTTP metadata
Add README.md 2021-09-29 17:23:17 +02:00
			`### Domains`

Fix MD display 2021-09-29 17:30:04 +02:00			* `meta.4.niv.re` have working A (IPv4) and AAAA (IPv6) records
Add README.md 2021-09-29 17:23:17 +02:00			`You can test IP version connectivity by forcing it throught`
			* `ipv4.meta.4.niv.re` only have the A record
			* `ipv6.meta.4.niv.re` only have the AAAA record

Remove ports testing feature 2021-10-30 21:26:53 +02:00			`## Nginx configuration`
Add README.md 2021-09-29 17:23:17 +02:00
			```
			`server {`
			`listen 443 ssl http2;`
Remove ports testing feature 2021-10-30 21:26:53 +02:00			`listen [::]:443 ssl http2;`
Add README.md 2021-09-29 17:23:17 +02:00
			`server_name meta.4.niv.re *.meta.4.niv.re;`

			`root /var/www/meta;`
			`index index.php;`
			`try_files $uri/ /;`

			`more_set_headers "Content-Security-Policy : default-src 'none'; frame-ancestors 'none'; form-action 'none';";`
			`more_set_headers "X-Content-Type-Options : nosniff";`
			`more_set_headers "X-XSS-Protection : 1; mode=block";`
			`more_set_headers "X-Download-Options : noopen";`
			`more_set_headers "X-Permitted-Cross-Domain-Policies : none";`
			`more_set_headers "X-Frame-Options : DENY";`
			`more_set_headers "Referrer-Policy : no-referrer";`
			`more_set_headers "Strict-Transport-Security : max-age=94608000; includeSubDomains; preload";`
			`more_clear_headers Server;`

			`ssl_prefer_server_ciphers off;`

			`ssl_session_timeout 1d;`
			`ssl_session_cache shared:SSL:50m;`
			`ssl_session_tickets off;`

			`ssl_early_data off;`

			`ssl_stapling on;`
			`ssl_stapling_verify on;`

			`ssl_protocols TLSv1.2 TLSv1.3;`
			`ssl_ciphers TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384;`

			`ssl_ecdh_curve X25519:X448;`

			`ssl_certificate /etc/letsencrypt/live/meta.4.niv.re/fullchain.pem;`
			`ssl_certificate_key /etc/letsencrypt/live/meta.4.niv.re/privkey.pem;`

			`error_log /var/log/nginx/meta.4.niv.re-error.log info;`
			`access_log off;`

			`location ~ \.php$ {`
			`fastcgi_split_path_info ^(.+\.php)(/.+)$;`
			`fastcgi_pass unix:/var/run/php/meta.sock;`
			`include inc/fastcgi.conf;`
			`fastcgi_param SSL_CURVES $ssl_curves;`
			`fastcgi_param SSL_CIPHERS $ssl_ciphers;`
			`fastcgi_param SSL_CIPHER $ssl_cipher;`
			`fastcgi_param SSL_PROTOCOL $ssl_protocol;`
			`fastcgi_param SSL_SESSION_ID $ssl_session_id;`
			`fastcgi_param NGINX_VERSION $nginx_version;`
			`fastcgi_param TCPINFO_RTT $tcpinfo_rtt;`
			`fastcgi_param TCPINFO_RTTVAR $tcpinfo_rttvar;`
			`fastcgi_param TCPINFO_SND_CWND $tcpinfo_snd_cwnd;`
			`fastcgi_param TCPINFO_RCV_SPACE $tcpinfo_rcv_space;`
			`fastcgi_param CONNECTION $connection;`
			`fastcgi_param CONNECTION_REQUESTS $connection_requests;`
			`fastcgi_param REQUEST $request;`
			`}`

			`location ~ emojis.txt {`
			`charset utf-8;`
			`}`
			`}`
			```

			`## Ressources`

			`Nginx variable list: <https://nginx.org/docs/varindex.html>`

			`PHP $_SERVER list: <https://www.php.net/manual/reserved.variables.server.php>`

			`### HTTP headers`

Fix MD display 2021-09-29 17:30:04 +02:00			`* https://en.wikipedia.org/wiki/List_of_HTTP_header_fields`
			`* https://developer.mozilla.org/docs/Web/HTTP/Headers`
			`* https://datatracker.ietf.org/doc/html/rfc7231`
Add README.md 2021-09-29 17:23:17 +02:00
			`## Free software`

			Meta is published under AGPLv3+ (see `LICENSE`), it's source code is available at <https://code.antopie.org/miraty/meta>. `db-reader` and `geolite2` directories contents have their own license.