# Meta

*Meta* is a small Nginx/PHP tool displaying some informations in order to debug or satisfy your curiosity.

## Use

### Paths

* `/me` will redirect to `/<your-ip-address>`
* `/<any-ip-address>` will print informations obtained from databases located in the `geolite2` directory
* `/emoji` will print an emoji list
* `/<anything-else>` will print *IP*, *TCP*, *TLS* and *HTTP* metadata

### Domains

* `meta.4.niv.re` have working A (IPv4) and AAAA (IPv6) records
You can test IP version connectivity by forcing it throught
* `ipv4.meta.4.niv.re` only have the A record
* `ipv6.meta.4.niv.re` only have the AAAA record

## Nginx configuration

```
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name meta.4.niv.re *.meta.4.niv.re;

    root /var/www/meta;
    index index.php;
    try_files $uri/ /;

    more_set_headers "Content-Security-Policy : default-src 'none'; frame-ancestors 'none'; form-action 'none';";
    more_set_headers "X-Content-Type-Options : nosniff";
    more_set_headers "X-XSS-Protection : 1; mode=block";
    more_set_headers "X-Download-Options : noopen";
    more_set_headers "X-Permitted-Cross-Domain-Policies : none";
    more_set_headers "X-Frame-Options : DENY";
    more_set_headers "Referrer-Policy : no-referrer";
    more_set_headers "Strict-Transport-Security : max-age=94608000; includeSubDomains; preload";
    more_clear_headers Server;

    ssl_prefer_server_ciphers off;

    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;

    ssl_early_data off;

    ssl_stapling on;
    ssl_stapling_verify on;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384;

    ssl_ecdh_curve X25519:X448;

    ssl_certificate /etc/letsencrypt/live/meta.4.niv.re/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/meta.4.niv.re/privkey.pem;

    error_log /var/log/nginx/meta.4.niv.re-error.log info;
    access_log off;

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php/meta.sock;
        include inc/fastcgi.conf;
        fastcgi_param SSL_CURVES $ssl_curves;
        fastcgi_param SSL_CIPHERS $ssl_ciphers;
        fastcgi_param SSL_CIPHER $ssl_cipher;
        fastcgi_param SSL_PROTOCOL $ssl_protocol;
        fastcgi_param SSL_SESSION_ID $ssl_session_id;
        fastcgi_param NGINX_VERSION $nginx_version;
        fastcgi_param TCPINFO_RTT $tcpinfo_rtt;
        fastcgi_param TCPINFO_RTTVAR $tcpinfo_rttvar;
        fastcgi_param TCPINFO_SND_CWND $tcpinfo_snd_cwnd;
        fastcgi_param TCPINFO_RCV_SPACE $tcpinfo_rcv_space;
        fastcgi_param CONNECTION $connection;
        fastcgi_param CONNECTION_REQUESTS $connection_requests;
        fastcgi_param REQUEST $request;
    }

    location ~ emojis.txt {
        charset utf-8;
    }
}
```

## Ressources

Nginx variable list: <https://nginx.org/docs/varindex.html>

PHP $_SERVER list: <https://www.php.net/manual/reserved.variables.server.php>

### HTTP headers

* https://en.wikipedia.org/wiki/List_of_HTTP_header_fields
* https://developer.mozilla.org/docs/Web/HTTP/Headers
* https://datatracker.ietf.org/doc/html/rfc7231

## Free software

*Meta* is published under **AGPLv3+** (see `LICENSE`), it's source code is available at <https://code.antopie.org/miraty/meta>. `db-reader` and `geolite2` directories contents have their own license.