Prints a lot of metadata available to the server when doing an HTTP request https://meta.antopie.org
Go to file
Miraty 595232f9e3 Add README.md 2021-09-29 17:23:17 +02:00
db-reader Initial commit 2021-09-29 14:37:44 +02:00
geolite2 Initial commit 2021-09-29 14:37:44 +02:00
LICENSE Add source code links and LICENSE 2021-09-29 15:02:56 +02:00
README.md Add README.md 2021-09-29 17:23:17 +02:00
emoji.html Initial commit 2021-09-29 14:37:44 +02:00
geolite2.php Add source code links and LICENSE 2021-09-29 15:02:56 +02:00
index.php Add README.md 2021-09-29 17:23:17 +02:00
meta.php Add README.md 2021-09-29 17:23:17 +02:00

README.md

Meta

Meta is a small Nginx/PHP tool displaying some informations in order to debug or satisfy your curiosity.

Use

Paths

/me will redirect to /<your-ip-address> /<any-ip-address> will print informations obtained from databases located in the geolite2 directory /emoji will print an emoji list /<anything-else> will print IP, TCP, TLS and HTTP metadata

Domains

meta.4.niv.re have working A (IPv4) and AAAA (IPv6) records You can test IP version connectivity by forcing it throught

  • ipv4.meta.4.niv.re only have the A record
  • ipv6.meta.4.niv.re only have the AAAA record

Ports

You can try to connect to a few other TCP ports than 443, using IPv6.

Installation

Nginx configuration

server {
    listen 443 ssl http2;
    listen [2a01:e0a:15c:2e40::65:535]:1 ssl http2;
    listen [2a01:e0a:15c:2e40::65:535]:2 ssl http2;
    listen [2a01:e0a:15c:2e40::65:535]:20 ssl http2;
    listen [2a01:e0a:15c:2e40::65:535]:21 ssl http2;
    listen [2a01:e0a:15c:2e40::65:535]:22 ssl http2;
    listen [2a01:e0a:15c:2e40::65:535]:25 ssl http2;
    listen [2a01:e0a:15c:2e40::65:535]:53 ssl http2;
    listen [2a01:e0a:15c:2e40::65:535]:80 ssl http2;
    listen [2a01:e0a:15c:2e40::65:535]:123 ssl http2;
    listen [2a01:e0a:15c:2e40::65:535]:143 ssl http2;
    listen [2a01:e0a:15c:2e40::65:535]:443 ssl http2;
    listen [2a01:e0a:15c:2e40::65:535]:587 ssl http2;
    listen [2a01:e0a:15c:2e40::65:535]:853 ssl http2;
    listen [2a01:e0a:15c:2e40::65:535]:993 ssl http2;
    listen [2a01:e0a:15c:2e40::65:535]:1194 ssl http2;
    listen [2a01:e0a:15c:2e40::65:535]:1312 ssl http2;
    listen [2a01:e0a:15c:2e40::65:535]:3478 ssl http2;
    listen [2a01:e0a:15c:2e40::65:535]:5349 ssl http2;
    listen [2a01:e0a:15c:2e40::65:535]:8448 ssl http2;
    listen [2a01:e0a:15c:2e40::65:535]:9001 ssl http2;
    listen [2a01:e0a:15c:2e40::65:535]:9030 ssl http2;
    listen [2a01:e0a:15c:2e40::65:535]:16384 ssl http2;
    listen [2a01:e0a:15c:2e40::65:535]:25565 ssl http2;
    listen [2a01:e0a:15c:2e40::65:535]:32768 ssl http2;
    listen [2a01:e0a:15c:2e40::65:535]:49152 ssl http2;
    listen [2a01:e0a:15c:2e40::65:535]:65535 ssl http2;

    server_name meta.4.niv.re *.meta.4.niv.re;

    root /var/www/meta;
    index index.php;
    try_files $uri/ /;

    more_set_headers "Content-Security-Policy : default-src 'none'; frame-ancestors 'none'; form-action 'none';";
    more_set_headers "X-Content-Type-Options : nosniff";
    more_set_headers "X-XSS-Protection : 1; mode=block";
    more_set_headers "X-Download-Options : noopen";
    more_set_headers "X-Permitted-Cross-Domain-Policies : none";
    more_set_headers "X-Frame-Options : DENY";
    more_set_headers "Referrer-Policy : no-referrer";
    more_set_headers "Strict-Transport-Security : max-age=94608000; includeSubDomains; preload";
    more_clear_headers Server;

    ssl_prefer_server_ciphers off;

    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;

    ssl_early_data off;

    ssl_stapling on;
    ssl_stapling_verify on;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384;

    ssl_ecdh_curve X25519:X448;

    ssl_certificate /etc/letsencrypt/live/meta.4.niv.re/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/meta.4.niv.re/privkey.pem;

    error_log /var/log/nginx/meta.4.niv.re-error.log info;
    access_log off;

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php/meta.sock;
        include inc/fastcgi.conf;
        fastcgi_param SSL_CURVES $ssl_curves;
        fastcgi_param SSL_CIPHERS $ssl_ciphers;
        fastcgi_param SSL_CIPHER $ssl_cipher;
        fastcgi_param SSL_PROTOCOL $ssl_protocol;
        fastcgi_param SSL_SESSION_ID $ssl_session_id;
        fastcgi_param NGINX_VERSION $nginx_version;
        fastcgi_param TCPINFO_RTT $tcpinfo_rtt;
        fastcgi_param TCPINFO_RTTVAR $tcpinfo_rttvar;
        fastcgi_param TCPINFO_SND_CWND $tcpinfo_snd_cwnd;
        fastcgi_param TCPINFO_RCV_SPACE $tcpinfo_rcv_space;
        fastcgi_param CONNECTION $connection;
        fastcgi_param CONNECTION_REQUESTS $connection_requests;
        fastcgi_param REQUEST $request;
    }

    location ~ emojis.txt {
        charset utf-8;
    }
}

Might be useful

ip addr add 2a01:e0a:15c:2e40::65:535 dev eno1
ufw allow in proto tcp to 2a01:e0a:15c:2e40::65:535 port 1:65535
certbot certonly --nginx --key-type rsa --rsa-key-size 3072 -d *.meta.4.niv.re -d meta.4.niv.re

/etc/network/interfaces:

iface eno1 inet6 static
address 2a01:e0a:15c:2e40::65:535

Ressources

Nginx variable list: https://nginx.org/docs/varindex.html

PHP $_SERVER list: https://www.php.net/manual/reserved.variables.server.php

HTTP headers

https://en.wikipedia.org/wiki/List_of_HTTP_header_fields https://developer.mozilla.org/docs/Web/HTTP/Headers https://datatracker.ietf.org/doc/html/rfc7231

Free software

Meta is published under AGPLv3+ (see LICENSE), it's source code is available at https://code.antopie.org/miraty/meta. db-reader and geolite2 directories contents have their own license.