New installation on Antopie

This commit is contained in:
Miraty 2022-03-10 19:14:31 +01:00
parent 19adeccf0b
commit c1651e5f1a
20 changed files with 61 additions and 53 deletions

View file

@ -13,56 +13,26 @@
### Domains
* `meta.4.niv.re` have working A (IPv4) and AAAA (IPv6) records
You can test IP version connectivity by forcing it throught
* `ipv4.meta.4.niv.re` only have the A record
* `ipv6.meta.4.niv.re` only have the AAAA record
`meta.antopie.org` have working A (IPv4) and AAAA (IPv6) records
## Nginx configuration
You can test IP version connectivity by forcing it throught:
* `ipv4.meta.antopie.org`, which only have the A record
* `ipv6.meta.antopie.org`, which only have the AAAA record
## Nginx configuration sample
```
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name meta.4.niv.re *.meta.4.niv.re;
server_name meta.antopie.org;
root /var/www/meta;
index index.php;
try_files $uri/ /;
more_set_headers "Content-Security-Policy : default-src 'none'; frame-ancestors 'none'; form-action 'none';";
more_set_headers "X-Content-Type-Options : nosniff";
more_set_headers "X-XSS-Protection : 1; mode=block";
more_set_headers "X-Download-Options : noopen";
more_set_headers "X-Permitted-Cross-Domain-Policies : none";
more_set_headers "X-Frame-Options : DENY";
more_set_headers "Referrer-Policy : no-referrer";
more_set_headers "Strict-Transport-Security : max-age=94608000; includeSubDomains; preload";
more_clear_headers Server;
ssl_prefer_server_ciphers off;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_early_data off;
ssl_stapling on;
ssl_stapling_verify on;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384;
ssl_ecdh_curve X25519:X448;
ssl_certificate /etc/letsencrypt/live/meta.4.niv.re/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/meta.4.niv.re/privkey.pem;
error_log /var/log/nginx/meta.4.niv.re-error.log info;
access_log off;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/meta.sock;
@ -88,7 +58,7 @@ server {
}
```
## Ressources
## Resources
Nginx variable list: <https://nginx.org/docs/varindex.html>
@ -96,10 +66,10 @@ PHP $_SERVER list: <https://www.php.net/manual/reserved.variables.server.php>
### HTTP headers
* https://en.wikipedia.org/wiki/List_of_HTTP_header_fields
* https://developer.mozilla.org/docs/Web/HTTP/Headers
* https://datatracker.ietf.org/doc/html/rfc7231
* <https://en.wikipedia.org/wiki/List_of_HTTP_header_fields>
* <https://developer.mozilla.org/docs/Web/HTTP/Headers>
* <https://datatracker.ietf.org/doc/html/rfc7231>
## Free software
*Meta* is published under **AGPLv3+** (see `LICENSE`), it's source code is available at <https://code.antopie.org/miraty/meta>. `db-reader` and `geolite2` directories contents have their own license.
*Meta* is published under **AGPLv3+** (see `LICENSE`), it's source code is available at <https://code.antopie.org/miraty/meta>. `db-reader` and `geolite2` directories contents have their own licenses.

View file

@ -8,7 +8,7 @@ else if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6))
else
exit("This is not a valid IP address!");
define("GEOLITE2_DATE", "20210914");
define("GEOLITE2_DATE", "20220215");
require('db-reader/autoload.php');
use MaxMind\Db\Reader;

Binary file not shown.

View file

@ -1 +0,0 @@
Database and Contents Copyright (c) 2021 MaxMind, Inc.

View file

@ -0,0 +1 @@
Database and Contents Copyright (c) 2022 MaxMind, Inc.

Binary file not shown.

View file

@ -1 +0,0 @@
Database and Contents Copyright (c) 2021 MaxMind, Inc.

View file

@ -0,0 +1 @@
Database and Contents Copyright (c) 2022 MaxMind, Inc.

Binary file not shown.

Before

Width:  |  Height:  |  Size: 71 MiB

After

Width:  |  Height:  |  Size: 67 MiB

View file

@ -1 +0,0 @@
Database and Contents Copyright (c) 2021 MaxMind, Inc.

View file

@ -1,3 +0,0 @@
Use of this MaxMind product is governed by MaxMind's GeoLite2 End User License Agreement, which can be viewed at https://www.maxmind.com/en/geolite2/eula.
This database incorporates GeoNames [https://www.geonames.org] geographical data, which is made available under the Creative Commons Attribution 4.0 License. To view a copy of this license, visit https://creativecommons.org/licenses/by/4.0/.

10
geolite2/update.sh Executable file
View file

@ -0,0 +1,10 @@
#!/usr/bin/bash
torsocks curl "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-ASN&license_key=VLk4IOSJ5vKSywjG&suffix=tar.gz" --output GeoLite2-ASN.tar.gz --tlsv1.3 --tls13-ciphers TLS_CHACHA20_POLY1305_SHA256 --curves X25519 --user-agent ""
tar -xf GeoLite2-ASN.tar.gz
torsocks curl "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-City&license_key=VLk4IOSJ5vKSywjG&suffix=tar.gz" --output GeoLite2-City.tar.gz --tlsv1.3 --tls13-ciphers TLS_CHACHA20_POLY1305_SHA256 --curves X25519 --user-agent ""
tar -xf GeoLite2-City.tar.gz

View file

@ -1,4 +1,5 @@
<?php
if ($_SERVER['REQUEST_URI'] === "/emoji")
echo file_get_contents("emoji.html");
else if ($_SERVER['REQUEST_URI'] === "/me")

View file

@ -21,9 +21,9 @@
<section>
<h1><abbr title="Transmission Control Protocol">TCP</abbr></h1>
<abbr title="Round Trip Time">RTT</abbr>: <samp><?= htmlspecialchars($_SERVER['TCPINFO_RTT']) ?></samp> milliseconds<br>
<abbr title="Round Trip Time">RTT</abbr> variance: <samp><?= htmlspecialchars($_SERVER['TCPINFO_RTTVAR']) ?></samp><br>
SND CWND: <samp><?= htmlspecialchars($_SERVER['TCPINFO_SND_CWND']) ?></samp><br>
<abbr title="Round Trip Time">RTT</abbr>: <samp><?= htmlspecialchars($_SERVER['TCPINFO_RTT']) ?></samp> μs<br>
<abbr title="Round Trip Time">RTT</abbr> variance: <samp><?= htmlspecialchars($_SERVER['TCPINFO_RTTVAR']) ?></samp> μs<br>
SND <abbr title="Congestion WiNDow">CWND</abbr>: <samp><?= htmlspecialchars($_SERVER['TCPINFO_SND_CWND']) ?></samp><br>
RCV SPACE: <samp><?= htmlspecialchars($_SERVER['TCPINFO_RCV_SPACE']) ?></samp><br>
<section>
<h2>Ports</h2>
@ -35,6 +35,7 @@
<section>
<h1><abbr title="Transport Layer Security">TLS</abbr></h1>
<abbr title="Server Name Indication">SNI</abbr>: <samp><?= htmlspecialchars($_SERVER['SSL_SERVER_NAME']) ?></samp><br>
TLS session ID: <samp><?= htmlspecialchars($_SERVER['SSL_SESSION_ID']) ?></samp><br>
Offered TLS curves: <samp><?= htmlspecialchars($_SERVER['SSL_CURVES']) ?></samp><br>
Offered TLS ciphers: <samp><?= htmlspecialchars($_SERVER['SSL_CIPHERS']) ?></samp><br>

30
system.php Normal file
View file

@ -0,0 +1,30 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Meta</title>
</head>
<body>
<section>
<h1>Server system informations</h1>
<?php
date_default_timezone_set('UTC');
?>
Architecture: <samp><?= htmlspecialchars(php_uname("m")) ?></samp><br>
Distribution: <samp><?php echo htmlspecialchars(shell_exec("/usr/bin/lsb_release -si")); ?></samp><br>
Distribution version: <samp><?php echo htmlspecialchars(shell_exec("/usr/bin/lsb_release -sr")); ?></samp><br>
Distribution version codename: <samp><?php echo htmlspecialchars(shell_exec("/usr/bin/lsb_release -sc")); ?></samp><br>
Distribution description: <samp><?php echo htmlspecialchars(shell_exec("/usr/bin/lsb_release -sd")); ?></samp><br>
Kernel: <samp><?= htmlspecialchars(php_uname("s")) ?></samp><br>
Kernel version: <samp><?= htmlspecialchars(php_uname("r")) ?></samp><br>
Nginx version: <samp><?= htmlspecialchars($_SERVER['NGINX_VERSION']) ?></samp><br>
PHP version: <samp><?= htmlspecialchars(phpversion()) ?></samp><br>
Connection ID since Nginx startup: <samp><?= htmlspecialchars($_SERVER['CONNECTION']) ?></samp><br>
Requests in this connection: <samp><?= htmlspecialchars($_SERVER['CONNECTION_REQUESTS']) ?></samp><br>
<?php
$time = explode(".", $_SERVER['REQUEST_TIME_FLOAT']);
?>
Unix time: <samp title="Number of seconds since January 1 1970 00:00:00.0000 UTC"><?= htmlspecialchars($_SERVER['REQUEST_TIME_FLOAT']) ?></samp> (<span title="year-month-day hour:minute:second.decimal"><?= date("Y-m-d H:i:s", $time[0]) . "." . $time[1] ?></span> UTC)<br>
</section>
</body>
</html>