New installation on Antopie
This commit is contained in:
parent
19adeccf0b
commit
c1651e5f1a
20 changed files with 61 additions and 53 deletions
56
README.md
56
README.md
|
@ -13,56 +13,26 @@
|
|||
|
||||
### Domains
|
||||
|
||||
* `meta.4.niv.re` have working A (IPv4) and AAAA (IPv6) records
|
||||
You can test IP version connectivity by forcing it throught
|
||||
* `ipv4.meta.4.niv.re` only have the A record
|
||||
* `ipv6.meta.4.niv.re` only have the AAAA record
|
||||
`meta.antopie.org` have working A (IPv4) and AAAA (IPv6) records
|
||||
|
||||
## Nginx configuration
|
||||
You can test IP version connectivity by forcing it throught:
|
||||
|
||||
* `ipv4.meta.antopie.org`, which only have the A record
|
||||
* `ipv6.meta.antopie.org`, which only have the AAAA record
|
||||
|
||||
## Nginx configuration sample
|
||||
|
||||
```
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
server_name meta.4.niv.re *.meta.4.niv.re;
|
||||
server_name meta.antopie.org;
|
||||
|
||||
root /var/www/meta;
|
||||
index index.php;
|
||||
try_files $uri/ /;
|
||||
|
||||
more_set_headers "Content-Security-Policy : default-src 'none'; frame-ancestors 'none'; form-action 'none';";
|
||||
more_set_headers "X-Content-Type-Options : nosniff";
|
||||
more_set_headers "X-XSS-Protection : 1; mode=block";
|
||||
more_set_headers "X-Download-Options : noopen";
|
||||
more_set_headers "X-Permitted-Cross-Domain-Policies : none";
|
||||
more_set_headers "X-Frame-Options : DENY";
|
||||
more_set_headers "Referrer-Policy : no-referrer";
|
||||
more_set_headers "Strict-Transport-Security : max-age=94608000; includeSubDomains; preload";
|
||||
more_clear_headers Server;
|
||||
|
||||
ssl_prefer_server_ciphers off;
|
||||
|
||||
ssl_session_timeout 1d;
|
||||
ssl_session_cache shared:SSL:50m;
|
||||
ssl_session_tickets off;
|
||||
|
||||
ssl_early_data off;
|
||||
|
||||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
||||
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384;
|
||||
|
||||
ssl_ecdh_curve X25519:X448;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/meta.4.niv.re/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/meta.4.niv.re/privkey.pem;
|
||||
|
||||
error_log /var/log/nginx/meta.4.niv.re-error.log info;
|
||||
access_log off;
|
||||
|
||||
location ~ \.php$ {
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
fastcgi_pass unix:/var/run/php/meta.sock;
|
||||
|
@ -88,7 +58,7 @@ server {
|
|||
}
|
||||
```
|
||||
|
||||
## Ressources
|
||||
## Resources
|
||||
|
||||
Nginx variable list: <https://nginx.org/docs/varindex.html>
|
||||
|
||||
|
@ -96,10 +66,10 @@ PHP $_SERVER list: <https://www.php.net/manual/reserved.variables.server.php>
|
|||
|
||||
### HTTP headers
|
||||
|
||||
* https://en.wikipedia.org/wiki/List_of_HTTP_header_fields
|
||||
* https://developer.mozilla.org/docs/Web/HTTP/Headers
|
||||
* https://datatracker.ietf.org/doc/html/rfc7231
|
||||
* <https://en.wikipedia.org/wiki/List_of_HTTP_header_fields>
|
||||
* <https://developer.mozilla.org/docs/Web/HTTP/Headers>
|
||||
* <https://datatracker.ietf.org/doc/html/rfc7231>
|
||||
|
||||
## Free software
|
||||
|
||||
*Meta* is published under **AGPLv3+** (see `LICENSE`), it's source code is available at <https://code.antopie.org/miraty/meta>. `db-reader` and `geolite2` directories contents have their own license.
|
||||
*Meta* is published under **AGPLv3+** (see `LICENSE`), it's source code is available at <https://code.antopie.org/miraty/meta>. `db-reader` and `geolite2` directories contents have their own licenses.
|
||||
|
|
|
@ -8,7 +8,7 @@ else if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6))
|
|||
else
|
||||
exit("This is not a valid IP address!");
|
||||
|
||||
define("GEOLITE2_DATE", "20210914");
|
||||
define("GEOLITE2_DATE", "20220215");
|
||||
require('db-reader/autoload.php');
|
||||
use MaxMind\Db\Reader;
|
||||
|
||||
|
|
BIN
geolite2/GeoLite2-ASN.tar.gz
Normal file
BIN
geolite2/GeoLite2-ASN.tar.gz
Normal file
Binary file not shown.
|
@ -1 +0,0 @@
|
|||
Database and Contents Copyright (c) 2021 MaxMind, Inc.
|
1
geolite2/GeoLite2-ASN_20220215/COPYRIGHT.txt
Normal file
1
geolite2/GeoLite2-ASN_20220215/COPYRIGHT.txt
Normal file
|
@ -0,0 +1 @@
|
|||
Database and Contents Copyright (c) 2022 MaxMind, Inc.
|
Binary file not shown.
BIN
geolite2/GeoLite2-City.tar.gz
Normal file
BIN
geolite2/GeoLite2-City.tar.gz
Normal file
Binary file not shown.
|
@ -1 +0,0 @@
|
|||
Database and Contents Copyright (c) 2021 MaxMind, Inc.
|
1
geolite2/GeoLite2-City_20220215/COPYRIGHT.txt
Normal file
1
geolite2/GeoLite2-City_20220215/COPYRIGHT.txt
Normal file
|
@ -0,0 +1 @@
|
|||
Database and Contents Copyright (c) 2022 MaxMind, Inc.
|
Binary file not shown.
Before Width: | Height: | Size: 71 MiB After Width: | Height: | Size: 67 MiB |
|
@ -1 +0,0 @@
|
|||
Database and Contents Copyright (c) 2021 MaxMind, Inc.
|
Binary file not shown.
|
@ -1,3 +0,0 @@
|
|||
Use of this MaxMind product is governed by MaxMind's GeoLite2 End User License Agreement, which can be viewed at https://www.maxmind.com/en/geolite2/eula.
|
||||
|
||||
This database incorporates GeoNames [https://www.geonames.org] geographical data, which is made available under the Creative Commons Attribution 4.0 License. To view a copy of this license, visit https://creativecommons.org/licenses/by/4.0/.
|
10
geolite2/update.sh
Executable file
10
geolite2/update.sh
Executable file
|
@ -0,0 +1,10 @@
|
|||
#!/usr/bin/bash
|
||||
|
||||
torsocks curl "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-ASN&license_key=VLk4IOSJ5vKSywjG&suffix=tar.gz" --output GeoLite2-ASN.tar.gz --tlsv1.3 --tls13-ciphers TLS_CHACHA20_POLY1305_SHA256 --curves X25519 --user-agent ""
|
||||
|
||||
tar -xf GeoLite2-ASN.tar.gz
|
||||
|
||||
torsocks curl "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-City&license_key=VLk4IOSJ5vKSywjG&suffix=tar.gz" --output GeoLite2-City.tar.gz --tlsv1.3 --tls13-ciphers TLS_CHACHA20_POLY1305_SHA256 --curves X25519 --user-agent ""
|
||||
|
||||
tar -xf GeoLite2-City.tar.gz
|
||||
|
|
@ -1,4 +1,5 @@
|
|||
<?php
|
||||
|
||||
if ($_SERVER['REQUEST_URI'] === "/emoji")
|
||||
echo file_get_contents("emoji.html");
|
||||
else if ($_SERVER['REQUEST_URI'] === "/me")
|
||||
|
|
7
meta.php
7
meta.php
|
@ -21,9 +21,9 @@
|
|||
|
||||
<section>
|
||||
<h1><abbr title="Transmission Control Protocol">TCP</abbr></h1>
|
||||
<abbr title="Round Trip Time">RTT</abbr>: <samp><?= htmlspecialchars($_SERVER['TCPINFO_RTT']) ?></samp> milliseconds<br>
|
||||
<abbr title="Round Trip Time">RTT</abbr> variance: <samp><?= htmlspecialchars($_SERVER['TCPINFO_RTTVAR']) ?></samp><br>
|
||||
SND CWND: <samp><?= htmlspecialchars($_SERVER['TCPINFO_SND_CWND']) ?></samp><br>
|
||||
<abbr title="Round Trip Time">RTT</abbr>: <samp><?= htmlspecialchars($_SERVER['TCPINFO_RTT']) ?></samp> μs<br>
|
||||
<abbr title="Round Trip Time">RTT</abbr> variance: <samp><?= htmlspecialchars($_SERVER['TCPINFO_RTTVAR']) ?></samp> μs<br>
|
||||
SND <abbr title="Congestion WiNDow">CWND</abbr>: <samp><?= htmlspecialchars($_SERVER['TCPINFO_SND_CWND']) ?></samp><br>
|
||||
RCV SPACE: <samp><?= htmlspecialchars($_SERVER['TCPINFO_RCV_SPACE']) ?></samp><br>
|
||||
<section>
|
||||
<h2>Ports</h2>
|
||||
|
@ -35,6 +35,7 @@
|
|||
|
||||
<section>
|
||||
<h1><abbr title="Transport Layer Security">TLS</abbr></h1>
|
||||
<abbr title="Server Name Indication">SNI</abbr>: <samp><?= htmlspecialchars($_SERVER['SSL_SERVER_NAME']) ?></samp><br>
|
||||
TLS session ID: <samp><?= htmlspecialchars($_SERVER['SSL_SESSION_ID']) ?></samp><br>
|
||||
Offered TLS curves: <samp><?= htmlspecialchars($_SERVER['SSL_CURVES']) ?></samp><br>
|
||||
Offered TLS ciphers: <samp><?= htmlspecialchars($_SERVER['SSL_CIPHERS']) ?></samp><br>
|
||||
|
|
30
system.php
Normal file
30
system.php
Normal file
|
@ -0,0 +1,30 @@
|
|||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<title>Meta</title>
|
||||
</head>
|
||||
<body>
|
||||
<section>
|
||||
<h1>Server system informations</h1>
|
||||
<?php
|
||||
date_default_timezone_set('UTC');
|
||||
?>
|
||||
Architecture: <samp><?= htmlspecialchars(php_uname("m")) ?></samp><br>
|
||||
Distribution: <samp><?php echo htmlspecialchars(shell_exec("/usr/bin/lsb_release -si")); ?></samp><br>
|
||||
Distribution version: <samp><?php echo htmlspecialchars(shell_exec("/usr/bin/lsb_release -sr")); ?></samp><br>
|
||||
Distribution version codename: <samp><?php echo htmlspecialchars(shell_exec("/usr/bin/lsb_release -sc")); ?></samp><br>
|
||||
Distribution description: <samp><?php echo htmlspecialchars(shell_exec("/usr/bin/lsb_release -sd")); ?></samp><br>
|
||||
Kernel: <samp><?= htmlspecialchars(php_uname("s")) ?></samp><br>
|
||||
Kernel version: <samp><?= htmlspecialchars(php_uname("r")) ?></samp><br>
|
||||
Nginx version: <samp><?= htmlspecialchars($_SERVER['NGINX_VERSION']) ?></samp><br>
|
||||
PHP version: <samp><?= htmlspecialchars(phpversion()) ?></samp><br>
|
||||
Connection ID since Nginx startup: <samp><?= htmlspecialchars($_SERVER['CONNECTION']) ?></samp><br>
|
||||
Requests in this connection: <samp><?= htmlspecialchars($_SERVER['CONNECTION_REQUESTS']) ?></samp><br>
|
||||
<?php
|
||||
$time = explode(".", $_SERVER['REQUEST_TIME_FLOAT']);
|
||||
?>
|
||||
Unix time: <samp title="Number of seconds since January 1 1970 00:00:00.0000 UTC"><?= htmlspecialchars($_SERVER['REQUEST_TIME_FLOAT']) ?></samp> (<span title="year-month-day hour:minute:second.decimal"><?= date("Y-m-d H:i:s", $time[0]) . "." . $time[1] ?></span> UTC)<br>
|
||||
</section>
|
||||
</body>
|
||||
</html>
|
Loading…
Reference in a new issue