Add README.md

This commit is contained in:
Miraty 2021-09-29 17:23:17 +02:00
parent d4135378d9
commit 595232f9e3
3 changed files with 155 additions and 13 deletions

151
README.md Normal file
View File

@ -0,0 +1,151 @@
# Meta
*Meta* is a small Nginx/PHP tool displaying some informations in order to debug or satisfy your curiosity.
## Use
### Paths
`/me` will redirect to `/<your-ip-address>`
`/<any-ip-address>` will print informations obtained from databases located in the `geolite2` directory
`/emoji` will print an emoji list
`/<anything-else>` will print *IP*, *TCP*, *TLS* and *HTTP* metadata
### Domains
`meta.4.niv.re` have working A (IPv4) and AAAA (IPv6) records
You can test IP version connectivity by forcing it throught
* `ipv4.meta.4.niv.re` only have the A record
* `ipv6.meta.4.niv.re` only have the AAAA record
### Ports
You can try to connect to a few other TCP ports than 443, using IPv6.
## Installation
### Nginx configuration
```
server {
listen 443 ssl http2;
listen [2a01:e0a:15c:2e40::65:535]:1 ssl http2;
listen [2a01:e0a:15c:2e40::65:535]:2 ssl http2;
listen [2a01:e0a:15c:2e40::65:535]:20 ssl http2;
listen [2a01:e0a:15c:2e40::65:535]:21 ssl http2;
listen [2a01:e0a:15c:2e40::65:535]:22 ssl http2;
listen [2a01:e0a:15c:2e40::65:535]:25 ssl http2;
listen [2a01:e0a:15c:2e40::65:535]:53 ssl http2;
listen [2a01:e0a:15c:2e40::65:535]:80 ssl http2;
listen [2a01:e0a:15c:2e40::65:535]:123 ssl http2;
listen [2a01:e0a:15c:2e40::65:535]:143 ssl http2;
listen [2a01:e0a:15c:2e40::65:535]:443 ssl http2;
listen [2a01:e0a:15c:2e40::65:535]:587 ssl http2;
listen [2a01:e0a:15c:2e40::65:535]:853 ssl http2;
listen [2a01:e0a:15c:2e40::65:535]:993 ssl http2;
listen [2a01:e0a:15c:2e40::65:535]:1194 ssl http2;
listen [2a01:e0a:15c:2e40::65:535]:1312 ssl http2;
listen [2a01:e0a:15c:2e40::65:535]:3478 ssl http2;
listen [2a01:e0a:15c:2e40::65:535]:5349 ssl http2;
listen [2a01:e0a:15c:2e40::65:535]:8448 ssl http2;
listen [2a01:e0a:15c:2e40::65:535]:9001 ssl http2;
listen [2a01:e0a:15c:2e40::65:535]:9030 ssl http2;
listen [2a01:e0a:15c:2e40::65:535]:16384 ssl http2;
listen [2a01:e0a:15c:2e40::65:535]:25565 ssl http2;
listen [2a01:e0a:15c:2e40::65:535]:32768 ssl http2;
listen [2a01:e0a:15c:2e40::65:535]:49152 ssl http2;
listen [2a01:e0a:15c:2e40::65:535]:65535 ssl http2;
server_name meta.4.niv.re *.meta.4.niv.re;
root /var/www/meta;
index index.php;
try_files $uri/ /;
more_set_headers "Content-Security-Policy : default-src 'none'; frame-ancestors 'none'; form-action 'none';";
more_set_headers "X-Content-Type-Options : nosniff";
more_set_headers "X-XSS-Protection : 1; mode=block";
more_set_headers "X-Download-Options : noopen";
more_set_headers "X-Permitted-Cross-Domain-Policies : none";
more_set_headers "X-Frame-Options : DENY";
more_set_headers "Referrer-Policy : no-referrer";
more_set_headers "Strict-Transport-Security : max-age=94608000; includeSubDomains; preload";
more_clear_headers Server;
ssl_prefer_server_ciphers off;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_early_data off;
ssl_stapling on;
ssl_stapling_verify on;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384;
ssl_ecdh_curve X25519:X448;
ssl_certificate /etc/letsencrypt/live/meta.4.niv.re/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/meta.4.niv.re/privkey.pem;
error_log /var/log/nginx/meta.4.niv.re-error.log info;
access_log off;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/meta.sock;
include inc/fastcgi.conf;
fastcgi_param SSL_CURVES $ssl_curves;
fastcgi_param SSL_CIPHERS $ssl_ciphers;
fastcgi_param SSL_CIPHER $ssl_cipher;
fastcgi_param SSL_PROTOCOL $ssl_protocol;
fastcgi_param SSL_SESSION_ID $ssl_session_id;
fastcgi_param NGINX_VERSION $nginx_version;
fastcgi_param TCPINFO_RTT $tcpinfo_rtt;
fastcgi_param TCPINFO_RTTVAR $tcpinfo_rttvar;
fastcgi_param TCPINFO_SND_CWND $tcpinfo_snd_cwnd;
fastcgi_param TCPINFO_RCV_SPACE $tcpinfo_rcv_space;
fastcgi_param CONNECTION $connection;
fastcgi_param CONNECTION_REQUESTS $connection_requests;
fastcgi_param REQUEST $request;
}
location ~ emojis.txt {
charset utf-8;
}
}
```
### Might be useful
```
ip addr add 2a01:e0a:15c:2e40::65:535 dev eno1
ufw allow in proto tcp to 2a01:e0a:15c:2e40::65:535 port 1:65535
certbot certonly --nginx --key-type rsa --rsa-key-size 3072 -d *.meta.4.niv.re -d meta.4.niv.re
```
`/etc/network/interfaces`:
```
iface eno1 inet6 static
address 2a01:e0a:15c:2e40::65:535
```
## Ressources
Nginx variable list: <https://nginx.org/docs/varindex.html>
PHP $_SERVER list: <https://www.php.net/manual/reserved.variables.server.php>
### HTTP headers
https://en.wikipedia.org/wiki/List_of_HTTP_header_fields
https://developer.mozilla.org/docs/Web/HTTP/Headers
https://datatracker.ietf.org/doc/html/rfc7231
## Free software
*Meta* is published under **AGPLv3+** (see `LICENSE`), it's source code is available at <https://code.antopie.org/miraty/meta>. `db-reader` and `geolite2` directories contents have their own license.

View File

@ -1,8 +1,8 @@
<?php <?php
if ($_SERVER['REQUEST_URI'] === "/me") if ($_SERVER['REQUEST_URI'] === "/emoji")
header("Location: /" . htmlspecialchars($_SERVER['REMOTE_ADDR']));
else if ($_SERVER['REQUEST_URI'] === "/emoji")
echo file_get_contents("emoji.html"); echo file_get_contents("emoji.html");
else if ($_SERVER['REQUEST_URI'] === "/me")
header("Location: /" . htmlspecialchars($_SERVER['REMOTE_ADDR']));
else if (filter_var(substr($_SERVER['REQUEST_URI'], 1), FILTER_VALIDATE_IP)) else if (filter_var(substr($_SERVER['REQUEST_URI'], 1), FILTER_VALIDATE_IP))
require "geolite2.php"; require "geolite2.php";
else else

View File

@ -34,7 +34,7 @@
<details> <details>
<summary>Test outgoing destination ports (IPv6 only)</summary> <summary>Test outgoing destination ports (IPv6 only)</summary>
<?php <?php
$reachablePorts = Array(1,2,20,21,22,23,25,53,80,123,143,443,587,853,993,1312,3478,5349,8448,16384,25535,32768,49152,65535); $reachablePorts = Array(1,2,20,21,22,23,25,53,80,123,143,443,587,853,993,1312,3478,5349,8448,9001,9030,16384,25535,32768,49152,65535);
foreach ($reachablePorts as $port) { ?> foreach ($reachablePorts as $port) { ?>
<a href="https://ports.meta.4.niv.re:<?= $port ?>/">https://ports.meta.4.niv.re:<strong><?= $port ?></strong>/</a><br> <a href="https://ports.meta.4.niv.re:<?= $port ?>/">https://ports.meta.4.niv.re:<strong><?= $port ?></strong>/</a><br>
<?php } <?php }
@ -64,15 +64,6 @@
if ($name !== "Content-Length" AND $name !== "Content-Type") if ($name !== "Content-Length" AND $name !== "Content-Type")
echo htmlspecialchars($name) . ": " . htmlspecialchars($value) . "\n"; echo htmlspecialchars($name) . ": " . htmlspecialchars($value) . "\n";
} ?></pre> } ?></pre>
<details>
<summary>Headers definition lists</summary>
<a href="https://en.wikipedia.org/wiki/List_of_HTTP_header_fields">https://en.wikipedia.org/wiki/List_of_HTTP_header_fields</a><br>
<a href="https://developer.mozilla.org/docs/Web/HTTP/Headers">https://developer.mozilla.org/docs/Web/HTTP/Headers</a><br>
<a href="https://datatracker.ietf.org/doc/html/rfc2616">https://datatracker.ietf.org/doc/html/rfc2616</a><br>
<a href="https://datatracker.ietf.org/doc/html/rfc7231#section-5">RFC 7231 <em>Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content</em> > <em>5. Request Header Fields</em></a><br>
<a href="https://datatracker.ietf.org/doc/html/rfc7231#section-7">RFC 7231 <em>Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content</em> > <em>7. Response Header Fields</em></a><br>
</details>
</section> </section>
</section> </section>