Add README.md
This commit is contained in:
parent
d4135378d9
commit
595232f9e3
3 changed files with 155 additions and 13 deletions
151
README.md
Normal file
151
README.md
Normal file
|
@ -0,0 +1,151 @@
|
|||
# Meta
|
||||
|
||||
*Meta* is a small Nginx/PHP tool displaying some informations in order to debug or satisfy your curiosity.
|
||||
|
||||
## Use
|
||||
|
||||
### Paths
|
||||
|
||||
`/me` will redirect to `/<your-ip-address>`
|
||||
`/<any-ip-address>` will print informations obtained from databases located in the `geolite2` directory
|
||||
`/emoji` will print an emoji list
|
||||
`/<anything-else>` will print *IP*, *TCP*, *TLS* and *HTTP* metadata
|
||||
|
||||
### Domains
|
||||
|
||||
`meta.4.niv.re` have working A (IPv4) and AAAA (IPv6) records
|
||||
You can test IP version connectivity by forcing it throught
|
||||
* `ipv4.meta.4.niv.re` only have the A record
|
||||
* `ipv6.meta.4.niv.re` only have the AAAA record
|
||||
|
||||
### Ports
|
||||
|
||||
You can try to connect to a few other TCP ports than 443, using IPv6.
|
||||
|
||||
## Installation
|
||||
|
||||
### Nginx configuration
|
||||
|
||||
```
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [2a01:e0a:15c:2e40::65:535]:1 ssl http2;
|
||||
listen [2a01:e0a:15c:2e40::65:535]:2 ssl http2;
|
||||
listen [2a01:e0a:15c:2e40::65:535]:20 ssl http2;
|
||||
listen [2a01:e0a:15c:2e40::65:535]:21 ssl http2;
|
||||
listen [2a01:e0a:15c:2e40::65:535]:22 ssl http2;
|
||||
listen [2a01:e0a:15c:2e40::65:535]:25 ssl http2;
|
||||
listen [2a01:e0a:15c:2e40::65:535]:53 ssl http2;
|
||||
listen [2a01:e0a:15c:2e40::65:535]:80 ssl http2;
|
||||
listen [2a01:e0a:15c:2e40::65:535]:123 ssl http2;
|
||||
listen [2a01:e0a:15c:2e40::65:535]:143 ssl http2;
|
||||
listen [2a01:e0a:15c:2e40::65:535]:443 ssl http2;
|
||||
listen [2a01:e0a:15c:2e40::65:535]:587 ssl http2;
|
||||
listen [2a01:e0a:15c:2e40::65:535]:853 ssl http2;
|
||||
listen [2a01:e0a:15c:2e40::65:535]:993 ssl http2;
|
||||
listen [2a01:e0a:15c:2e40::65:535]:1194 ssl http2;
|
||||
listen [2a01:e0a:15c:2e40::65:535]:1312 ssl http2;
|
||||
listen [2a01:e0a:15c:2e40::65:535]:3478 ssl http2;
|
||||
listen [2a01:e0a:15c:2e40::65:535]:5349 ssl http2;
|
||||
listen [2a01:e0a:15c:2e40::65:535]:8448 ssl http2;
|
||||
listen [2a01:e0a:15c:2e40::65:535]:9001 ssl http2;
|
||||
listen [2a01:e0a:15c:2e40::65:535]:9030 ssl http2;
|
||||
listen [2a01:e0a:15c:2e40::65:535]:16384 ssl http2;
|
||||
listen [2a01:e0a:15c:2e40::65:535]:25565 ssl http2;
|
||||
listen [2a01:e0a:15c:2e40::65:535]:32768 ssl http2;
|
||||
listen [2a01:e0a:15c:2e40::65:535]:49152 ssl http2;
|
||||
listen [2a01:e0a:15c:2e40::65:535]:65535 ssl http2;
|
||||
|
||||
server_name meta.4.niv.re *.meta.4.niv.re;
|
||||
|
||||
root /var/www/meta;
|
||||
index index.php;
|
||||
try_files $uri/ /;
|
||||
|
||||
more_set_headers "Content-Security-Policy : default-src 'none'; frame-ancestors 'none'; form-action 'none';";
|
||||
more_set_headers "X-Content-Type-Options : nosniff";
|
||||
more_set_headers "X-XSS-Protection : 1; mode=block";
|
||||
more_set_headers "X-Download-Options : noopen";
|
||||
more_set_headers "X-Permitted-Cross-Domain-Policies : none";
|
||||
more_set_headers "X-Frame-Options : DENY";
|
||||
more_set_headers "Referrer-Policy : no-referrer";
|
||||
more_set_headers "Strict-Transport-Security : max-age=94608000; includeSubDomains; preload";
|
||||
more_clear_headers Server;
|
||||
|
||||
ssl_prefer_server_ciphers off;
|
||||
|
||||
ssl_session_timeout 1d;
|
||||
ssl_session_cache shared:SSL:50m;
|
||||
ssl_session_tickets off;
|
||||
|
||||
ssl_early_data off;
|
||||
|
||||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
||||
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384;
|
||||
|
||||
ssl_ecdh_curve X25519:X448;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/meta.4.niv.re/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/meta.4.niv.re/privkey.pem;
|
||||
|
||||
error_log /var/log/nginx/meta.4.niv.re-error.log info;
|
||||
access_log off;
|
||||
|
||||
location ~ \.php$ {
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
fastcgi_pass unix:/var/run/php/meta.sock;
|
||||
include inc/fastcgi.conf;
|
||||
fastcgi_param SSL_CURVES $ssl_curves;
|
||||
fastcgi_param SSL_CIPHERS $ssl_ciphers;
|
||||
fastcgi_param SSL_CIPHER $ssl_cipher;
|
||||
fastcgi_param SSL_PROTOCOL $ssl_protocol;
|
||||
fastcgi_param SSL_SESSION_ID $ssl_session_id;
|
||||
fastcgi_param NGINX_VERSION $nginx_version;
|
||||
fastcgi_param TCPINFO_RTT $tcpinfo_rtt;
|
||||
fastcgi_param TCPINFO_RTTVAR $tcpinfo_rttvar;
|
||||
fastcgi_param TCPINFO_SND_CWND $tcpinfo_snd_cwnd;
|
||||
fastcgi_param TCPINFO_RCV_SPACE $tcpinfo_rcv_space;
|
||||
fastcgi_param CONNECTION $connection;
|
||||
fastcgi_param CONNECTION_REQUESTS $connection_requests;
|
||||
fastcgi_param REQUEST $request;
|
||||
}
|
||||
|
||||
location ~ emojis.txt {
|
||||
charset utf-8;
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
### Might be useful
|
||||
|
||||
```
|
||||
ip addr add 2a01:e0a:15c:2e40::65:535 dev eno1
|
||||
ufw allow in proto tcp to 2a01:e0a:15c:2e40::65:535 port 1:65535
|
||||
certbot certonly --nginx --key-type rsa --rsa-key-size 3072 -d *.meta.4.niv.re -d meta.4.niv.re
|
||||
```
|
||||
|
||||
`/etc/network/interfaces`:
|
||||
|
||||
```
|
||||
iface eno1 inet6 static
|
||||
address 2a01:e0a:15c:2e40::65:535
|
||||
```
|
||||
|
||||
## Ressources
|
||||
|
||||
Nginx variable list: <https://nginx.org/docs/varindex.html>
|
||||
|
||||
PHP $_SERVER list: <https://www.php.net/manual/reserved.variables.server.php>
|
||||
|
||||
### HTTP headers
|
||||
|
||||
https://en.wikipedia.org/wiki/List_of_HTTP_header_fields
|
||||
https://developer.mozilla.org/docs/Web/HTTP/Headers
|
||||
https://datatracker.ietf.org/doc/html/rfc7231
|
||||
|
||||
## Free software
|
||||
|
||||
*Meta* is published under **AGPLv3+** (see `LICENSE`), it's source code is available at <https://code.antopie.org/miraty/meta>. `db-reader` and `geolite2` directories contents have their own license.
|
|
@ -1,8 +1,8 @@
|
|||
<?php
|
||||
if ($_SERVER['REQUEST_URI'] === "/me")
|
||||
header("Location: /" . htmlspecialchars($_SERVER['REMOTE_ADDR']));
|
||||
else if ($_SERVER['REQUEST_URI'] === "/emoji")
|
||||
if ($_SERVER['REQUEST_URI'] === "/emoji")
|
||||
echo file_get_contents("emoji.html");
|
||||
else if ($_SERVER['REQUEST_URI'] === "/me")
|
||||
header("Location: /" . htmlspecialchars($_SERVER['REMOTE_ADDR']));
|
||||
else if (filter_var(substr($_SERVER['REQUEST_URI'], 1), FILTER_VALIDATE_IP))
|
||||
require "geolite2.php";
|
||||
else
|
||||
|
|
11
meta.php
11
meta.php
|
@ -34,7 +34,7 @@
|
|||
<details>
|
||||
<summary>Test outgoing destination ports (IPv6 only)</summary>
|
||||
<?php
|
||||
$reachablePorts = Array(1,2,20,21,22,23,25,53,80,123,143,443,587,853,993,1312,3478,5349,8448,16384,25535,32768,49152,65535);
|
||||
$reachablePorts = Array(1,2,20,21,22,23,25,53,80,123,143,443,587,853,993,1312,3478,5349,8448,9001,9030,16384,25535,32768,49152,65535);
|
||||
foreach ($reachablePorts as $port) { ?>
|
||||
<a href="https://ports.meta.4.niv.re:<?= $port ?>/">https://ports.meta.4.niv.re:<strong><?= $port ?></strong>/</a><br>
|
||||
<?php }
|
||||
|
@ -64,15 +64,6 @@
|
|||
if ($name !== "Content-Length" AND $name !== "Content-Type")
|
||||
echo htmlspecialchars($name) . ": " . htmlspecialchars($value) . "\n";
|
||||
} ?></pre>
|
||||
|
||||
<details>
|
||||
<summary>Headers definition lists</summary>
|
||||
<a href="https://en.wikipedia.org/wiki/List_of_HTTP_header_fields">https://en.wikipedia.org/wiki/List_of_HTTP_header_fields</a><br>
|
||||
<a href="https://developer.mozilla.org/docs/Web/HTTP/Headers">https://developer.mozilla.org/docs/Web/HTTP/Headers</a><br>
|
||||
<a href="https://datatracker.ietf.org/doc/html/rfc2616">https://datatracker.ietf.org/doc/html/rfc2616</a><br>
|
||||
<a href="https://datatracker.ietf.org/doc/html/rfc7231#section-5">RFC 7231 <em>Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content</em> > <em>5. Request Header Fields</em></a><br>
|
||||
<a href="https://datatracker.ietf.org/doc/html/rfc7231#section-7">RFC 7231 <em>Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content</em> > <em>7. Response Header Fields</em></a><br>
|
||||
</details>
|
||||
</section>
|
||||
</section>
|
||||
|
||||
|
|
Loading…
Reference in a new issue