Initial commit
This commit is contained in:
commit
35acb4920e
59 changed files with 2040 additions and 0 deletions
4
.gitignore
vendored
Normal file
4
.gitignore
vendored
Normal file
|
@ -0,0 +1,4 @@
|
|||
/mkosi.cache/
|
||||
/mkosi.passphrase
|
||||
/mkosi.passwd
|
||||
/mkosi.skeleton/root/.ssh/authorized_keys
|
28
mkosi.default
Normal file
28
mkosi.default
Normal file
|
@ -0,0 +1,28 @@
|
|||
[Validation]
|
||||
Autologin = yes
|
||||
|
||||
[Output]
|
||||
Format = directory
|
||||
|
||||
[Content]
|
||||
BasePackages = yes
|
||||
WithDocs = yes
|
||||
WithNetwork = yes
|
||||
Packages =
|
||||
tor
|
||||
torsocks
|
||||
openssl
|
||||
certbot
|
||||
nginx
|
||||
php-fpm
|
||||
knot
|
||||
cargo
|
||||
sudo
|
||||
git
|
||||
man-db
|
||||
curl
|
||||
lsof
|
||||
tree
|
||||
vim
|
||||
htop
|
||||
ncdu
|
15
mkosi.default.d/arch/mkosi.default
Normal file
15
mkosi.default.d/arch/mkosi.default
Normal file
|
@ -0,0 +1,15 @@
|
|||
[Distribution]
|
||||
Distribution = arch
|
||||
|
||||
|
||||
|
||||
[Output]
|
||||
Output = /var/lib/machines/niver-arch
|
||||
|
||||
[Content]
|
||||
Packages =
|
||||
nginx-mod-headers-more
|
||||
certbot-nginx
|
||||
php-sqlite
|
||||
openssh
|
||||
iputils
|
17
mkosi.default.d/debian/mkosi.default
Normal file
17
mkosi.default.d/debian/mkosi.default
Normal file
|
@ -0,0 +1,17 @@
|
|||
[Distribution]
|
||||
Distribution = debian
|
||||
Release = bullseye
|
||||
Mirror = https://deb.debian.org/debian
|
||||
|
||||
[Output]
|
||||
Output = /var/lib/machines/niver-debian
|
||||
|
||||
[Content]
|
||||
Packages =
|
||||
apt-transport-tor
|
||||
libnginx-mod-http-headers-more-filter
|
||||
python3-certbot-nginx
|
||||
knot-dnsutils
|
||||
php-sqlite3
|
||||
openssh-server
|
||||
iputils-ping
|
32
mkosi.extra/etc/knot/knot.conf
Normal file
32
mkosi.extra/etc/knot/knot.conf
Normal file
|
@ -0,0 +1,32 @@
|
|||
# Configuration export (Knot DNS 3.1.7)
|
||||
|
||||
server:
|
||||
version: "Knot"
|
||||
nsid: "Niver"
|
||||
rundir: "/run/knot"
|
||||
user: "knot:knot"
|
||||
listen: [ "::@42053", "0.0.0.0@42053" ]
|
||||
|
||||
log:
|
||||
- target: "/var/log/knot/knot.log"
|
||||
any: "debug"
|
||||
|
||||
database:
|
||||
storage: "/var/lib/knot"
|
||||
|
||||
policy:
|
||||
- id: "niver"
|
||||
algorithm: "ed25519"
|
||||
nsec3: "on"
|
||||
|
||||
template:
|
||||
- id: "niver"
|
||||
storage: "/srv/ns"
|
||||
file: "%s.zone"
|
||||
zonefile-load: "difference"
|
||||
dnssec-signing: "on"
|
||||
dnssec-policy: "niver"
|
||||
|
||||
zone:
|
||||
- domain: "niver.test."
|
||||
template: "niver"
|
26
mkosi.extra/etc/nginx/default-server.conf
Normal file
26
mkosi.extra/etc/nginx/default-server.conf
Normal file
|
@ -0,0 +1,26 @@
|
|||
server {
|
||||
listen [::1]:42443 ssl http2 default_server;
|
||||
listen 127.0.0.1:42443 ssl http2 default_server;
|
||||
|
||||
ssl_certificate /etc/ssl/certs/niver.crt;
|
||||
ssl_certificate_key /etc/ssl/private/niver.key;
|
||||
#ssl_stapling off;
|
||||
|
||||
root /srv/php/errors;
|
||||
try_files index.php index.html $uri $uri/;
|
||||
index index.php index.html;
|
||||
|
||||
location / {
|
||||
root /srv/php/errors;
|
||||
try_files /index.php =500;
|
||||
index index.php;
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
fastcgi_pass unix:/run/php-fpm/errors.sock;
|
||||
include /etc/nginx/inc/fastcgi.conf;
|
||||
}
|
||||
|
||||
include /etc/nginx/inc/tls.conf;
|
||||
include /etc/nginx/inc/errors.conf;
|
||||
|
||||
more_set_headers "Content-Security-Policy : default-src 'none'; frame-ancestors 'none';";
|
||||
}
|
17
mkosi.extra/etc/nginx/http.conf
Normal file
17
mkosi.extra/etc/nginx/http.conf
Normal file
|
@ -0,0 +1,17 @@
|
|||
server {
|
||||
listen [::1]:42080 default_server;
|
||||
listen 127.0.0.1:42080 default_server;
|
||||
|
||||
return 403; # Don't allow unsecure HTTP requests
|
||||
|
||||
# Display an explanation page
|
||||
error_page 403 @http403;
|
||||
location @http403 {
|
||||
root /srv/php/errors;
|
||||
try_files /http.php =500;
|
||||
index http.php;
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
fastcgi_pass unix:/run/php-fpm/errors.sock;
|
||||
include inc/fastcgi.conf;
|
||||
}
|
||||
}
|
72
mkosi.extra/etc/nginx/inc/errors.conf
Normal file
72
mkosi.extra/etc/nginx/inc/errors.conf
Normal file
|
@ -0,0 +1,72 @@
|
|||
recursive_error_pages on;
|
||||
|
||||
# 403 Forbidden
|
||||
error_page 403 @403;
|
||||
location @403 {
|
||||
root /srv/php/errors;
|
||||
try_files /403.html =500;
|
||||
}
|
||||
|
||||
# 404 Not Found
|
||||
error_page 404 @local404;
|
||||
location @local404 {
|
||||
try_files /404.html /404.md /404.gmi @niver404;
|
||||
}
|
||||
location @niver404 {
|
||||
root /srv/php/errors;
|
||||
try_files /404.php =500;
|
||||
index /404.php;
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
fastcgi_pass unix:/run/php-fpm/errors.sock;
|
||||
include inc/fastcgi.conf;
|
||||
fastcgi_index /404.php;
|
||||
}
|
||||
|
||||
# 405 Method Not Allowed
|
||||
error_page 405 @405;
|
||||
location @405 {
|
||||
root /srv/php/errors;
|
||||
try_files /405.html =500;
|
||||
}
|
||||
|
||||
# 410 Gone
|
||||
error_page 410 @410;
|
||||
location @410 {
|
||||
root /srv/php/errors;
|
||||
try_files /410.html =500;
|
||||
}
|
||||
|
||||
# 418 I'm a teapot
|
||||
error_page 418 @418;
|
||||
location @418 {
|
||||
root /srv/php/errors;
|
||||
try_files /418.html =500;
|
||||
}
|
||||
|
||||
# 500 Internal Server Error
|
||||
error_page 500 @500;
|
||||
location @500 {
|
||||
root /srv/php/errors;
|
||||
try_files /500.html =500;
|
||||
}
|
||||
|
||||
# 502 Bad Gateway
|
||||
error_page 502 @502;
|
||||
location @502 {
|
||||
root /srv/php/errors;
|
||||
try_files /502.html =500;
|
||||
}
|
||||
|
||||
# 503 Service Unavailable
|
||||
error_page 503 @503;
|
||||
location @503 {
|
||||
root /srv/php/errors;
|
||||
try_files /503.html =500;
|
||||
}
|
||||
|
||||
# 504 Gateway Timeout
|
||||
error_page 504 @504;
|
||||
location @504 {
|
||||
root /srv/php/errors;
|
||||
try_files /504.html =500;
|
||||
}
|
26
mkosi.extra/etc/nginx/inc/fastcgi.conf
Normal file
26
mkosi.extra/etc/nginx/inc/fastcgi.conf
Normal file
|
@ -0,0 +1,26 @@
|
|||
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param QUERY_STRING $query_string;
|
||||
fastcgi_param REQUEST_METHOD $request_method;
|
||||
fastcgi_param CONTENT_TYPE $content_type;
|
||||
fastcgi_param CONTENT_LENGTH $content_length;
|
||||
|
||||
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
|
||||
fastcgi_param REQUEST_URI $request_uri;
|
||||
fastcgi_param DOCUMENT_URI $document_uri;
|
||||
fastcgi_param DOCUMENT_ROOT $document_root;
|
||||
fastcgi_param SERVER_PROTOCOL $server_protocol;
|
||||
fastcgi_param REQUEST_SCHEME $scheme;
|
||||
fastcgi_param HTTPS $https if_not_empty;
|
||||
|
||||
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
|
||||
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
|
||||
|
||||
fastcgi_param REMOTE_ADDR $remote_addr;
|
||||
fastcgi_param REMOTE_PORT $remote_port;
|
||||
fastcgi_param SERVER_ADDR $server_addr;
|
||||
fastcgi_param SERVER_PORT $server_port;
|
||||
fastcgi_param SERVER_NAME $server_name;
|
||||
|
||||
# PHP only, required if PHP was built with --enable-force-cgi-redirect
|
||||
fastcgi_param REDIRECT_STATUS 200;
|
11
mkosi.extra/etc/nginx/inc/ffdhe3072.pem
Normal file
11
mkosi.extra/etc/nginx/inc/ffdhe3072.pem
Normal file
|
@ -0,0 +1,11 @@
|
|||
-----BEGIN DH PARAMETERS-----
|
||||
MIIBiAKCAYEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
|
||||
+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
|
||||
87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
|
||||
YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
|
||||
7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
|
||||
ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3
|
||||
7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32
|
||||
nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZsYu
|
||||
N///////////AgEC
|
||||
-----END DH PARAMETERS-----
|
13
mkosi.extra/etc/nginx/inc/ffdhe4096.pem
Normal file
13
mkosi.extra/etc/nginx/inc/ffdhe4096.pem
Normal file
|
@ -0,0 +1,13 @@
|
|||
-----BEGIN DH PARAMETERS-----
|
||||
MIICCAKCAgEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
|
||||
+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
|
||||
87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
|
||||
YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
|
||||
7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
|
||||
ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3
|
||||
7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32
|
||||
nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e
|
||||
8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qx
|
||||
iu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0K
|
||||
zAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eZV9q//////////8CAQI=
|
||||
-----END DH PARAMETERS-----
|
1003
mkosi.extra/etc/nginx/inc/nginx-types.conf
Normal file
1003
mkosi.extra/etc/nginx/inc/nginx-types.conf
Normal file
File diff suppressed because it is too large
Load diff
5
mkosi.extra/etc/nginx/inc/niver.conf
Normal file
5
mkosi.extra/etc/nginx/inc/niver.conf
Normal file
|
@ -0,0 +1,5 @@
|
|||
more_set_headers "Content-Security-Policy : default-src 'self'; object-src 'none'; frame-ancestors 'none'; form-action 'none';";
|
||||
|
||||
default_type text/plain;
|
||||
|
||||
include inc/tls.conf;
|
16
mkosi.extra/etc/nginx/inc/security.conf
Normal file
16
mkosi.extra/etc/nginx/inc/security.conf
Normal file
|
@ -0,0 +1,16 @@
|
|||
more_set_headers "X-Content-Type-Options : nosniff";
|
||||
#more_set_headers "X-XSS-Protection : 1; mode=block";
|
||||
#more_set_headers "X-Download-Options : noopen";
|
||||
#more_set_headers "X-Permitted-Cross-Domain-Policies : none";
|
||||
#more_set_headers "X-Frame-Options : DENY";
|
||||
more_set_headers "Referrer-Policy : no-referrer";
|
||||
more_set_headers "Strict-Transport-Security : max-age=94608000; includeSubDomains; preload";
|
||||
more_clear_headers Server;
|
||||
|
||||
ssl_prefer_server_ciphers off;
|
||||
|
||||
ssl_session_timeout 1d;
|
||||
ssl_session_cache shared:SSL:50m;
|
||||
ssl_session_tickets off;
|
||||
|
||||
ssl_early_data off;
|
5
mkosi.extra/etc/nginx/inc/tls-inter.conf
Normal file
5
mkosi.extra/etc/nginx/inc/tls-inter.conf
Normal file
|
@ -0,0 +1,5 @@
|
|||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384;
|
||||
ssl_ecdh_curve X25519:X448;
|
||||
|
||||
include inc/security.conf;
|
6
mkosi.extra/etc/nginx/inc/tls-laxist.conf
Normal file
6
mkosi.extra/etc/nginx/inc/tls-laxist.conf
Normal file
|
@ -0,0 +1,6 @@
|
|||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-CCM8:DHE-RSA-AES256-CCM8:DHE-RSA-AES128-CCM:DHE-RSA-AES256-CCM;
|
||||
ssl_ecdh_curve X25519:X448:secp521r1:secp384r1:prime256v1;
|
||||
ssl_dhparam inc/ffdhe3072.pem;
|
||||
|
||||
include inc/security.conf;
|
4
mkosi.extra/etc/nginx/inc/tls-strict.conf
Normal file
4
mkosi.extra/etc/nginx/inc/tls-strict.conf
Normal file
|
@ -0,0 +1,4 @@
|
|||
ssl_protocols TLSv1.3;
|
||||
ssl_ecdh_curve X25519:X448;
|
||||
|
||||
include inc/security.conf;
|
4
mkosi.extra/etc/nginx/inc/tls.conf
Normal file
4
mkosi.extra/etc/nginx/inc/tls.conf
Normal file
|
@ -0,0 +1,4 @@
|
|||
ssl_protocols TLSv1.3;
|
||||
ssl_ecdh_curve X25519:X448;
|
||||
|
||||
include inc/security.conf;
|
84
mkosi.extra/etc/nginx/inc/types.conf
Normal file
84
mkosi.extra/etc/nginx/inc/types.conf
Normal file
|
@ -0,0 +1,84 @@
|
|||
types {
|
||||
text/plain txt;
|
||||
application/octet-stream bin;
|
||||
|
||||
# Hypertext
|
||||
text/gemini gmi;
|
||||
text/markdown md;
|
||||
text/html html;
|
||||
|
||||
# Misc
|
||||
text/css css;
|
||||
text/javascript js;
|
||||
text/csv csv;
|
||||
text/calendar ics ifb;
|
||||
text/vtt vtt;
|
||||
text/dns zone soa;
|
||||
application/mbox mbox;
|
||||
application/x-bittorrent torrent;
|
||||
|
||||
# Compressed
|
||||
application/gzip gz;
|
||||
application/zip zip;
|
||||
application/epub+zip epub;
|
||||
application/pdf pdf;
|
||||
|
||||
# JSON
|
||||
application/json json;
|
||||
application/ld+json jsonld;
|
||||
application/manifest+json webmanifest;
|
||||
|
||||
# XML
|
||||
application/xml xml;
|
||||
application/xhtml+xml xhtml;
|
||||
application/atom+xml atom;
|
||||
application/atomcat+xml atomcat;
|
||||
application/atomsvc+xml atomsvc;
|
||||
application/rss+xml rss;
|
||||
application/mathml+xml mml;
|
||||
application/emotionml+xml emotionml;
|
||||
|
||||
# OpenDocument
|
||||
application/vnd.oasis.opendocument.chart odc;
|
||||
application/vnd.oasis.opendocument.chart-template otc;
|
||||
application/vnd.oasis.opendocument.database odb;
|
||||
application/vnd.oasis.opendocument.formula odf;
|
||||
application/vnd.oasis.opendocument.formula-template otf;
|
||||
application/vnd.oasis.opendocument.graphics odg;
|
||||
application/vnd.oasis.opendocument.graphics-template otg;
|
||||
application/vnd.oasis.opendocument.image odi;
|
||||
application/vnd.oasis.opendocument.image-template oti;
|
||||
application/vnd.oasis.opendocument.presentation odp;
|
||||
application/vnd.oasis.opendocument.presentation-template otp;
|
||||
application/vnd.oasis.opendocument.spreadsheet ods;
|
||||
application/vnd.oasis.opendocument.spreadsheet-template ots;
|
||||
application/vnd.oasis.opendocument.text odt;
|
||||
application/vnd.oasis.opendocument.text-master odm;
|
||||
application/vnd.oasis.opendocument.text-template ott;
|
||||
application/vnd.oasis.opendocument.text-web oth;
|
||||
|
||||
# Font
|
||||
font/woff woff;
|
||||
font/woff2 woff2;
|
||||
|
||||
# Image
|
||||
image/png png;
|
||||
image/gif gif;
|
||||
image/jpeg jpeg jpg;
|
||||
image/svg+xml svg svgz;
|
||||
image/webp webp;
|
||||
image/avif avif;
|
||||
image/openraster ora;
|
||||
|
||||
# Audio
|
||||
audio/opus opus;
|
||||
audio/ogg ogg oga spx;
|
||||
audio/mpeg mp3;
|
||||
audio/webm weba;
|
||||
audio/flac flac;
|
||||
|
||||
# Video
|
||||
video/ogg ogv;
|
||||
video/webm webm;
|
||||
video/mp4 mp4;
|
||||
}
|
42
mkosi.extra/etc/nginx/nginx.conf
Normal file
42
mkosi.extra/etc/nginx/nginx.conf
Normal file
|
@ -0,0 +1,42 @@
|
|||
load_module "/usr/lib/nginx/modules/ngx_http_headers_more_filter_module.so";
|
||||
worker_processes auto;
|
||||
user nginx nginx;
|
||||
|
||||
events {
|
||||
worker_connections 1024;
|
||||
}
|
||||
|
||||
http {
|
||||
types_hash_bucket_size 128; # Default: 64
|
||||
types_hash_max_size 1024; # Default: 1024
|
||||
server_names_hash_bucket_size 128;
|
||||
|
||||
# Performance optimisation
|
||||
sendfile on;
|
||||
tcp_nopush on;
|
||||
|
||||
# Correct Content-Type header
|
||||
charset utf-8;
|
||||
default_type text/plain;
|
||||
include inc/types.conf;
|
||||
|
||||
# Serve file.gz instead of file if available
|
||||
gzip_static on;
|
||||
|
||||
# Logging
|
||||
log_format niver '|$time_local| [$remote_addr]@$server_name {$ssl_protocol $ssl_cipher} "$request" $status $body_bytes_sent "$http_user_agent"';
|
||||
access_log /var/log/nginx/access.log niver;
|
||||
error_log /var/log/nginx/error.log notice;
|
||||
|
||||
# Possible security threats
|
||||
server_tokens off;
|
||||
etag off;
|
||||
autoindex off;
|
||||
gzip off;
|
||||
|
||||
# Include other configuration
|
||||
include sites/*.conf;
|
||||
include ht/*.conf;
|
||||
include default-server.conf;
|
||||
include http.conf;
|
||||
}
|
38
mkosi.extra/etc/nginx/sites/niver.test.conf
Normal file
38
mkosi.extra/etc/nginx/sites/niver.test.conf
Normal file
|
@ -0,0 +1,38 @@
|
|||
server {
|
||||
listen [::1]:42443 ssl http2;
|
||||
listen 127.0.0.1:42443 ssl http2;
|
||||
server_name niver.test;
|
||||
|
||||
root /srv/php/niver/public;
|
||||
index index.php index.html index.htm;
|
||||
try_files $uri $uri/ @extensionless-php;
|
||||
|
||||
include inc/tls.conf;
|
||||
include inc/errors.conf;
|
||||
|
||||
more_set_headers "Referrer-Policy : same-origin";
|
||||
more_set_headers "Content-Security-Policy : default-src 'none'; style-src 'self'; frame-ancestors 'none'; form-action 'self';";
|
||||
|
||||
location ~ ^/iquane/(db|less|lessphp|inc|niver.log) {
|
||||
return 403;
|
||||
}
|
||||
|
||||
location ~ \.inc.php$ {
|
||||
return 403;
|
||||
}
|
||||
|
||||
location ~ \.php$ {
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
fastcgi_pass unix:/run/php-fpm/niver.sock;
|
||||
#fastcgi_index index.php;
|
||||
include inc/fastcgi.conf;
|
||||
try_files $uri =404;
|
||||
}
|
||||
|
||||
location @extensionless-php {
|
||||
rewrite ^(.*)$ $1.php last;
|
||||
}
|
||||
|
||||
ssl_certificate /etc/ssl/certs/niver.crt;
|
||||
ssl_certificate_key /etc/ssl/private/niver.key;
|
||||
}
|
27
mkosi.extra/etc/php/php-fpm.d/errors.conf
Normal file
27
mkosi.extra/etc/php/php-fpm.d/errors.conf
Normal file
|
@ -0,0 +1,27 @@
|
|||
[errors]
|
||||
|
||||
user = php-$pool
|
||||
group = php-$pool
|
||||
|
||||
listen = /run/php-fpm/$pool.sock
|
||||
|
||||
listen.owner = nginx
|
||||
listen.group = nginx
|
||||
|
||||
pm = dynamic
|
||||
pm.max_children = 5
|
||||
pm.start_servers = 2
|
||||
pm.min_spare_servers = 1
|
||||
pm.max_spare_servers = 3
|
||||
|
||||
access.log = /var/log/php/$pool-access.log
|
||||
|
||||
;chroot = /srv/php/errors
|
||||
chdir = /srv/php/errors
|
||||
|
||||
catch_workers_output = yes
|
||||
decorate_workers_output = yes
|
||||
|
||||
clear_env = yes
|
||||
|
||||
security.limit_extensions = .php
|
26
mkosi.extra/etc/php/php-fpm.d/niver.conf
Normal file
26
mkosi.extra/etc/php/php-fpm.d/niver.conf
Normal file
|
@ -0,0 +1,26 @@
|
|||
[niver]
|
||||
|
||||
user = php-$pool
|
||||
group = knot
|
||||
|
||||
listen = /run/php-fpm/$pool.sock
|
||||
|
||||
listen.owner = nginx
|
||||
listen.group = nginx
|
||||
|
||||
pm = dynamic
|
||||
pm.max_children = 5
|
||||
pm.start_servers = 2
|
||||
pm.min_spare_servers = 1
|
||||
pm.max_spare_servers = 3
|
||||
|
||||
access.log = /var/log/php/$pool-access.log
|
||||
|
||||
chdir = /srv/php/$pool
|
||||
|
||||
catch_workers_output = yes
|
||||
decorate_workers_output = yes
|
||||
|
||||
clear_env = yes
|
||||
|
||||
security.limit_extensions = .php
|
61
mkosi.extra/etc/ssh/sshd_config
Normal file
61
mkosi.extra/etc/ssh/sshd_config
Normal file
|
@ -0,0 +1,61 @@
|
|||
LogLevel INFO
|
||||
AllowUsers root
|
||||
Subsystem sftp internal-sftp
|
||||
UsePAM yes
|
||||
|
||||
# Network
|
||||
|
||||
AddressFamily any
|
||||
ListenAddress [::]
|
||||
ListenAddress 0.0.0.0
|
||||
Port 42022
|
||||
|
||||
# Cryptography
|
||||
|
||||
HostKey /etc/ssh/ed25519
|
||||
|
||||
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com
|
||||
HostKeyAlgorithms ssh-ed25519
|
||||
KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org
|
||||
MACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com
|
||||
|
||||
# Sessions
|
||||
|
||||
PermitRootLogin prohibit-password
|
||||
StrictModes yes
|
||||
MaxAuthTries 6
|
||||
MaxSessions 1
|
||||
MaxStartups 3:20:200
|
||||
LoginGraceTime 3m
|
||||
PrintMotd yes
|
||||
|
||||
# Disable everything
|
||||
|
||||
PermitTTY no
|
||||
PermitTunnel no
|
||||
|
||||
AllowTcpForwarding no
|
||||
X11Forwarding no
|
||||
AllowAgentForwarding no
|
||||
AllowStreamLocalForwarding no
|
||||
DisableForwarding yes # Disables all forwarding features, including X11, ssh-agent(1), TCP and StreamLocal.
|
||||
|
||||
PermitUserRC no
|
||||
PermitUserEnvironment no
|
||||
IgnoreRhosts yes
|
||||
AuthorizedKeysFile none
|
||||
|
||||
AuthenticationMethods none
|
||||
PubkeyAuthentication no
|
||||
PasswordAuthentication no
|
||||
KbdInteractiveAuthentication no
|
||||
PermitEmptyPasswords no
|
||||
ChallengeResponseAuthentication no
|
||||
|
||||
# Enable what is necessary
|
||||
|
||||
Match User root
|
||||
PermitTTY yes
|
||||
PubkeyAuthentication yes
|
||||
AuthenticationMethods publickey
|
||||
AuthorizedKeysFile .ssh/authorized_keys
|
3
mkosi.nspawn
Normal file
3
mkosi.nspawn
Normal file
|
@ -0,0 +1,3 @@
|
|||
[Network]
|
||||
Private=no
|
||||
VirtualEthernet=no
|
10
mkosi.postinst
Executable file
10
mkosi.postinst
Executable file
|
@ -0,0 +1,10 @@
|
|||
#!/usr/bin/bash
|
||||
|
||||
source /etc/os-release
|
||||
|
||||
if [[ $ID = "arch" ]]; then
|
||||
systemctl enable sshd
|
||||
systemctl enable knot
|
||||
systemctl enable nginx
|
||||
systemctl enable php-fpm
|
||||
fi
|
51
mkosi.prepare
Executable file
51
mkosi.prepare
Executable file
|
@ -0,0 +1,51 @@
|
|||
#!/usr/bin/bash
|
||||
|
||||
# Clean configuration directories (will be filled with mkosi.extra/)
|
||||
rm -r /etc/nginx/*
|
||||
rm -r /etc/ssh/*
|
||||
source /etc/os-release
|
||||
if [[ $ID = "debian" ]]; then
|
||||
rm -r /etc/php/7.4/fpm/pool.d/*
|
||||
fi
|
||||
|
||||
# Create system users
|
||||
useradd -U -r -s /usr/sbin/nologin nginx
|
||||
useradd -U -r -s /usr/sbin/nologin php-niver
|
||||
useradd -U -r -s /usr/sbin/nologin php-errors
|
||||
useradd -U -r -s /usr/sbin/nologin sftpgo
|
||||
|
||||
# Set proper permissions
|
||||
|
||||
chown -R knot:knot /var/log/knot
|
||||
chmod -R 700 /var/log/knot
|
||||
|
||||
chown -R knot:php-niver /srv/ns
|
||||
chmod -R 770 /srv/ns
|
||||
|
||||
chown -R php-niver:nginx /srv/ht
|
||||
chmod -R 740 /srv/ht
|
||||
|
||||
chown -R php-niver:nginx /srv/php/niver/public/css/
|
||||
chmod -R 750 /srv/php/niver/public/css/
|
||||
|
||||
chown -R php-niver:php-niver /srv/php/niver/db
|
||||
chmod -R 700 /srv/php/niver/db
|
||||
|
||||
chown -R php-niver:php-niver /srv/php/niver/niver.log
|
||||
chmod -R 600 /srv/php/niver/niver.log
|
||||
|
||||
# Load configuration in Knot database
|
||||
systemctl stop knot
|
||||
sudo -u knot knotc conf-import /etc/knot/knot.conf
|
||||
systemctl start knot
|
||||
|
||||
# Generate default self-signed TLS key pair
|
||||
openssl req -subj '/' -new -newkey RSA:3072 -days 3650 -nodes -x509 -keyout /etc/ssl/private/niver.key -out /etc/ssl/certs/niver.crt
|
||||
|
||||
# Generate SSH server key pair
|
||||
ssh-keygen -f /etc/ssh/ed25519 -t ed25519 -N ""
|
||||
ssh-keygen -lvf /etc/ssh/ed25519 > /etc/ssh/ed25519.fp
|
||||
|
||||
# Configure PHP-FPM properly
|
||||
echo "display_errors = On" >> /etc/php/php.ini
|
||||
echo "extension = pdo_sqlite" >> /etc/php/php.ini
|
3
mkosi.skeleton/etc/apt/sources.list
Normal file
3
mkosi.skeleton/etc/apt/sources.list
Normal file
|
@ -0,0 +1,3 @@
|
|||
deb tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bullseye main
|
||||
deb tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bullseye-backports main
|
||||
deb tor+http://5ajw6aqf3ep7sijnscdzw77t7xq4xjpsy335yb2wiwgouo7yfxtjlmid.onion/debian-security bullseye-security main
|
3
mkosi.skeleton/etc/pacman.d/mirrorlist
Normal file
3
mkosi.skeleton/etc/pacman.d/mirrorlist
Normal file
|
@ -0,0 +1,3 @@
|
|||
Server = https://mirror.ibakerserver.pt/Arch/$repo/os/$arch
|
||||
Server = https://arch.juline.tech/$repo/os/$arch
|
||||
Server = https://mirror.theo546.fr/archlinux/$repo/os/$arch
|
1
mkosi.skeleton/etc/resolv.conf
Normal file
1
mkosi.skeleton/etc/resolv.conf
Normal file
|
@ -0,0 +1 @@
|
|||
nameserver 127.0.0.53
|
6
mkosi.skeleton/etc/systemd/resolved.conf.d/fdn.conf
Normal file
6
mkosi.skeleton/etc/systemd/resolved.conf.d/fdn.conf
Normal file
|
@ -0,0 +1,6 @@
|
|||
[Resolve]
|
||||
# https://www.fdn.fr/actions/dns/
|
||||
DNS=2001:910:800::40 2001:910:800::12 80.67.169.40 80.67.169.12
|
||||
FallbackDNS=
|
||||
DNSSEC=yes
|
||||
Cache=yes
|
27
mkosi.skeleton/etc/systemd/system/sftpgo.service
Normal file
27
mkosi.skeleton/etc/systemd/system/sftpgo.service
Normal file
|
@ -0,0 +1,27 @@
|
|||
[Unit]
|
||||
Description=SFTPGo Server
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
User=sftpgo
|
||||
Group=sftpgo
|
||||
Type=simple
|
||||
WorkingDirectory=/etc/sftpgo
|
||||
Environment=SFTPGO_CONFIG_DIR=/etc/sftpgo/
|
||||
Environment=SFTPGO_LOG_FILE_PATH=
|
||||
EnvironmentFile=-/etc/sftpgo/sftpgo.env
|
||||
ExecStart=/usr/local/bin/sftpgo serve
|
||||
ExecReload=/bin/kill -s HUP $MAINPID
|
||||
LimitNOFILE=8192
|
||||
KillMode=mixed
|
||||
PrivateTmp=true
|
||||
Restart=always
|
||||
RestartSec=10s
|
||||
NoNewPrivileges=yes
|
||||
PrivateDevices=yes
|
||||
DevicePolicy=closed
|
||||
ProtectSystem=true
|
||||
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
5
mkosi.skeleton/root/build-maniver.sh
Executable file
5
mkosi.skeleton/root/build-maniver.sh
Executable file
|
@ -0,0 +1,5 @@
|
|||
#!/usr/bin/bash
|
||||
|
||||
cd /root/maniver
|
||||
cargo build --release
|
||||
cp /root/maniver/target/release/maniver /usr/local/bin/maniver
|
8
mkosi.skeleton/root/build-sftpgo.sh
Executable file
8
mkosi.skeleton/root/build-sftpgo.sh
Executable file
|
@ -0,0 +1,8 @@
|
|||
#!/usr/bin/bash
|
||||
|
||||
git clone https://github.com/drakkan/sftpgo /root/sftpgo-src
|
||||
cd /root/sftpgo-src
|
||||
git checkout v2.2.2
|
||||
apt update
|
||||
apt install -y golang-1.18
|
||||
/usr/lib/go-1.18/bin/go build -tags nogcs,nos3,noazblob,nobolt,nomysql,nopgsql,noportable,nometrics -o /usr/local/bin/sftpgo
|
1
mkosi.skeleton/root/maniver
Submodule
1
mkosi.skeleton/root/maniver
Submodule
|
@ -0,0 +1 @@
|
|||
Subproject commit 2ad9fe6f3d7d3fc44cc03ef569d82dd601b51664
|
6
mkosi.skeleton/srv/ns/niver.test.zone
Normal file
6
mkosi.skeleton/srv/ns/niver.test.zone
Normal file
|
@ -0,0 +1,6 @@
|
|||
niver.test. 10800 SOA ns1.niver.test. admin.niver.test. 0 21600 7200 3628800 3600
|
||||
niver.test. 86400 NS ns1.niver.test.
|
||||
niver.test. 10800 A 127.0.0.1
|
||||
niver.test. 10800 AAAA ::1
|
||||
ns1.niver.test. 10800 A 127.0.0.1
|
||||
ns1.niver.test. 10800 AAAA ::1
|
15
mkosi.skeleton/srv/php/errors/400.html
Normal file
15
mkosi.skeleton/srv/php/errors/400.html
Normal file
|
@ -0,0 +1,15 @@
|
|||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||
<title>Bad request · HTTP 400</title>
|
||||
</head>
|
||||
<body>
|
||||
<h1>Bad request</h1>
|
||||
<p>
|
||||
The request is malformed.
|
||||
</p>
|
||||
<small><code>HTTP 400</code></small>
|
||||
</body>
|
||||
</html>
|
15
mkosi.skeleton/srv/php/errors/403.html
Normal file
15
mkosi.skeleton/srv/php/errors/403.html
Normal file
|
@ -0,0 +1,15 @@
|
|||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||
<title>Access forbidden · HTTP 403</title>
|
||||
</head>
|
||||
<body>
|
||||
<h1>Access forbidden</h1>
|
||||
<p>
|
||||
The server refused to process the request for security reasons.
|
||||
</p>
|
||||
<small><code>HTTP 403</code></small>
|
||||
</body>
|
||||
</html>
|
19
mkosi.skeleton/srv/php/errors/404.en.html
Normal file
19
mkosi.skeleton/srv/php/errors/404.en.html
Normal file
|
@ -0,0 +1,19 @@
|
|||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||
<title>File not found · HTTP 404</title>
|
||||
</head>
|
||||
<body>
|
||||
<h1>File not found</h1>
|
||||
<p>
|
||||
The server did not find anything at the requested address.
|
||||
</p>
|
||||
<ul>
|
||||
<li>The file may have been moved or deleted.</li>
|
||||
<li>Perhaps the address was mistyped.</li>
|
||||
</ul>
|
||||
<small><code>HTTP 404</code></small>
|
||||
</body>
|
||||
</html>
|
19
mkosi.skeleton/srv/php/errors/404.fr.html
Normal file
19
mkosi.skeleton/srv/php/errors/404.fr.html
Normal file
|
@ -0,0 +1,19 @@
|
|||
<!DOCTYPE html>
|
||||
<html lang="fr">
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||
<title>Fichier introuvable · HTTP 404</title>
|
||||
</head>
|
||||
<body>
|
||||
<h1>Fichier introuvable</h1>
|
||||
<p>
|
||||
Le serveur n'a rien trouvé à l'adresse demandée.
|
||||
</p>
|
||||
<ul>
|
||||
<li>Le fichier a put être déplacé ou supprimé.</li>
|
||||
<li>L'adresse a peut-être été mal saisie.</li>
|
||||
</ul>
|
||||
<small><code>HTTP 404</code></small>
|
||||
</body>
|
||||
</html>
|
20
mkosi.skeleton/srv/php/errors/404.php
Normal file
20
mkosi.skeleton/srv/php/errors/404.php
Normal file
|
@ -0,0 +1,20 @@
|
|||
<?php
|
||||
if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
|
||||
$clientLocales = $_SERVER['HTTP_ACCEPT_LANGUAGE'];
|
||||
$clientLocales = preg_replace("#[A-Z0-9]|q=|;|-|\.#", "", $clientLocales);
|
||||
$clientLocales = explode(',', $clientLocales);
|
||||
$availableLocales = array('en', 'fr');
|
||||
foreach ($clientLocales as $clientLocale) {
|
||||
if (in_array($clientLocale, $availableLocales)) {
|
||||
$locale = $clientLocale;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (isset($locale) AND $locale == "fr")
|
||||
echo file_get_contents("404.fr.html");
|
||||
else
|
||||
echo file_get_contents("404.en.html");
|
||||
|
||||
?>
|
15
mkosi.skeleton/srv/php/errors/405.html
Normal file
15
mkosi.skeleton/srv/php/errors/405.html
Normal file
|
@ -0,0 +1,15 @@
|
|||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||
<title>Method Not Allowed · HTTP 405</title>
|
||||
</head>
|
||||
<body>
|
||||
<h1>Method Not Allowed</h1>
|
||||
<p>
|
||||
The request method is not supported for this resource.
|
||||
</p>
|
||||
<small><code>HTTP 405</code></small>
|
||||
</body>
|
||||
</html>
|
15
mkosi.skeleton/srv/php/errors/410.html
Normal file
15
mkosi.skeleton/srv/php/errors/410.html
Normal file
|
@ -0,0 +1,15 @@
|
|||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||
<title>Gone · HTTP 410</title>
|
||||
</head>
|
||||
<body>
|
||||
<h1>Gone</h1>
|
||||
<p>
|
||||
The requested resource is not available anymore.
|
||||
</p>
|
||||
<small><code>HTTP 410</code></small>
|
||||
</body>
|
||||
</html>
|
15
mkosi.skeleton/srv/php/errors/418.html
Normal file
15
mkosi.skeleton/srv/php/errors/418.html
Normal file
|
@ -0,0 +1,15 @@
|
|||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||
<title>I'm a teapot · HTTP 418</title>
|
||||
</head>
|
||||
<body>
|
||||
<h1>I'm a teapot</h1>
|
||||
<p>
|
||||
Your coffee cannot be brewed because this server is a teapot.
|
||||
</p>
|
||||
<small><code>HTTP 418</code></small>
|
||||
</body>
|
||||
</html>
|
19
mkosi.skeleton/srv/php/errors/500.html
Normal file
19
mkosi.skeleton/srv/php/errors/500.html
Normal file
|
@ -0,0 +1,19 @@
|
|||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||
<title>Server error · HTTP 500</title>
|
||||
</head>
|
||||
<body>
|
||||
<h1>Server error</h1>
|
||||
<p>
|
||||
The server encountered an error and is unable to satisfy your request.
|
||||
</p>
|
||||
<ul>
|
||||
<li>This error is probably temporary.</li>
|
||||
<li>If it isn't, you can try to contact an administrator.</li>
|
||||
</ul>
|
||||
<small><code>HTTP 500</code></small>
|
||||
</body>
|
||||
</html>
|
19
mkosi.skeleton/srv/php/errors/502.html
Normal file
19
mkosi.skeleton/srv/php/errors/502.html
Normal file
|
@ -0,0 +1,19 @@
|
|||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||
<title>Bad gateway · HTTP 502</title>
|
||||
</head>
|
||||
<body>
|
||||
<h1>Bad gateway</h1>
|
||||
<p>
|
||||
The backend server encountered an error and is unable to satisfy your request.
|
||||
</p>
|
||||
<ul>
|
||||
<li>This error is probably temporary.</li>
|
||||
<li>If it isn't, you can try to contact an administrator.</li>
|
||||
</ul>
|
||||
<small><code>HTTP 502</code></small>
|
||||
</body>
|
||||
</html>
|
19
mkosi.skeleton/srv/php/errors/503.html
Normal file
19
mkosi.skeleton/srv/php/errors/503.html
Normal file
|
@ -0,0 +1,19 @@
|
|||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||
<title>Service unavailable · HTTP 503</title>
|
||||
</head>
|
||||
<body>
|
||||
<h1>Service unavailable</h1>
|
||||
<p>
|
||||
The server cannot handle the request, because it is overloaded or down for maintenance.
|
||||
</p>
|
||||
<ul>
|
||||
<li>This error is probably temporary.</li>
|
||||
<li>If it isn't, you can try to contact an administrator.</li>
|
||||
</ul>
|
||||
<small><code>HTTP 503</code></small>
|
||||
</body>
|
||||
</html>
|
19
mkosi.skeleton/srv/php/errors/504.html
Normal file
19
mkosi.skeleton/srv/php/errors/504.html
Normal file
|
@ -0,0 +1,19 @@
|
|||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||
<title>Gateway timeout · HTTP 504</title>
|
||||
</head>
|
||||
<body>
|
||||
<h1>Gateway timeout</h1>
|
||||
<p>
|
||||
The backend server did not send a timely response.
|
||||
</p>
|
||||
<ul>
|
||||
<li>This error is probably temporary.</li>
|
||||
<li>If it isn't, you can try to contact an administrator.</li>
|
||||
</ul>
|
||||
<small><code>HTTP 504</code></small>
|
||||
</body>
|
||||
</html>
|
11
mkosi.skeleton/srv/php/errors/default-domain.en.html
Normal file
11
mkosi.skeleton/srv/php/errors/default-domain.en.html
Normal file
|
@ -0,0 +1,11 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<title>Broken site</title>
|
||||
</head>
|
||||
<body>
|
||||
<h1>Broken site</h1>
|
||||
The site you're trying to reach is misconfigured. This domain seems to be pointing to this server, but this server is not aware of a site using this domain.
|
||||
</body>
|
||||
</html>
|
11
mkosi.skeleton/srv/php/errors/default-ip.en.html
Normal file
11
mkosi.skeleton/srv/php/errors/default-ip.en.html
Normal file
|
@ -0,0 +1,11 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<title>Nothing here</title>
|
||||
</head>
|
||||
<body>
|
||||
<h1>Nothing here</h1>
|
||||
You reached Niver's default site using IP address. There's nothing for you here.
|
||||
</body>
|
||||
</html>
|
23
mkosi.skeleton/srv/php/errors/http.html
Normal file
23
mkosi.skeleton/srv/php/errors/http.html
Normal file
|
@ -0,0 +1,23 @@
|
|||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||
<title>Not available over unsecure HTTP</title>
|
||||
</head>
|
||||
<body>
|
||||
<h1>Not available over unsecure HTTP</h1>
|
||||
<p>
|
||||
This server does not accept unsecure HTTP requests. Use HTTPS instead.
|
||||
</p>
|
||||
<details open="">
|
||||
<summary>What happened?</summary>
|
||||
You made a request to the server using the unsecure HTTP protocol (<code>http://</code>). For privacy and security reasons, the server does not accept this, as unsecure HTTP connections can be watched and modified by any device on the way.
|
||||
</details>
|
||||
<details>
|
||||
<summary>How to solve this?</summary>
|
||||
You can tell your browser to use HTTPS by prefixing the URL with <code>https://</code>.
|
||||
</details>
|
||||
<small><code>HTTP 400</code></small>
|
||||
</body>
|
||||
</html>
|
45
mkosi.skeleton/srv/php/errors/http.php
Normal file
45
mkosi.skeleton/srv/php/errors/http.php
Normal file
|
@ -0,0 +1,45 @@
|
|||
<?php
|
||||
if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
|
||||
$clientLocales = $_SERVER['HTTP_ACCEPT_LANGUAGE'];
|
||||
$clientLocales = preg_replace("#[A-Z0-9]|q=|;|-|\.#", "", $clientLocales);
|
||||
$clientLocales = explode(',', $clientLocales);
|
||||
$availableLocales = array('en', 'fr');
|
||||
foreach ($clientLocales as $clientLocale) {
|
||||
if (in_array($clientLocale, $availableLocales)) {
|
||||
$locale = $clientLocale;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (isset($locale) AND $locale == "fr") {
|
||||
# echo file_get_contents("404.fr.html");
|
||||
#else { ?>
|
||||
|
||||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||
<title>Not available over unsecure HTTP</title>
|
||||
</head>
|
||||
<body>
|
||||
<h1>Not available over unsecure HTTP</h1>
|
||||
<p>
|
||||
This server does not accept unsecure HTTP requests. <a href="<?php echo htmlspecialchars($_SERVER['QUERY_STRING']);
|
||||
|
||||
?>">Use HTTPS</a> instead.
|
||||
</p>
|
||||
<details open="">
|
||||
<summary>What happened?</summary>
|
||||
You made a request to the server using the unsecure HTTP protocol (<code>http://</code>). For privacy and security reasons, the server does not accept this, as unsecure HTTP connections can be watched and modified by any device on the way.
|
||||
</details>
|
||||
<details>
|
||||
<summary>How to solve this?</summary>
|
||||
You can tell your browser to use HTTPS by prefixing the URL with <code>https://</code>.
|
||||
</details>
|
||||
<small><code>HTTP 403</code></small>
|
||||
</body>
|
||||
</html>
|
||||
|
||||
<?php } ?>
|
8
mkosi.skeleton/srv/php/errors/index.php
Normal file
8
mkosi.skeleton/srv/php/errors/index.php
Normal file
|
@ -0,0 +1,8 @@
|
|||
<?php
|
||||
|
||||
if (filter_var(str_replace(array("[", "]"), "", $_SERVER['HTTP_HOST']), FILTER_VALIDATE_IP))
|
||||
echo file_get_contents("default-ip.en.html");
|
||||
else
|
||||
echo file_get_contents("default-domain.en.html");
|
||||
|
||||
?>
|
1
mkosi.skeleton/srv/php/niver
Submodule
1
mkosi.skeleton/srv/php/niver
Submodule
|
@ -0,0 +1 @@
|
|||
Subproject commit 9a2eb0a18e6f5d464af6d130c291dc916a5d73c9
|
BIN
mkosi.skeleton/usr/local/bin/maniver
Executable file
BIN
mkosi.skeleton/usr/local/bin/maniver
Executable file
Binary file not shown.
BIN
mkosi.skeleton/usr/local/bin/sftpgo
Executable file
BIN
mkosi.skeleton/usr/local/bin/sftpgo
Executable file
Binary file not shown.
2
mkosi.skeleton/usr/local/share/niver/knot.template
Normal file
2
mkosi.skeleton/usr/local/share/niver/knot.template
Normal file
|
@ -0,0 +1,2 @@
|
|||
DOMAIN 3600 SOA ns1.niver.test. admin.niver.test. 1 21600 7200 3628800 3600
|
||||
DOMAIN 86400 NS ns1.niver.test.
|
15
mkosi.skeleton/usr/local/share/niver/nginx/dns.template
Normal file
15
mkosi.skeleton/usr/local/share/niver/nginx/dns.template
Normal file
|
@ -0,0 +1,15 @@
|
|||
server {
|
||||
listen [::]:{{HTTPS_PORT}} ssl http2;
|
||||
listen 0.0.0.0:{{HTTPS_PORT}} ssl http2;
|
||||
server_name {{DOMAIN}};
|
||||
root {{HT_PATH}}/{{USERNAME}}/ht/{{DIR}};
|
||||
|
||||
ssl_certificate /etc/ssl/certs/niver.crt;
|
||||
ssl_certificate_key /etc/ssl/private/niver.key;
|
||||
|
||||
include inc/tls.conf;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri.html $uri/ =404;
|
||||
}
|
||||
}
|
|
@ -0,0 +1,9 @@
|
|||
server {
|
||||
listen [::1]:{{INTERNAL_ONION_HTTP_PORT}};
|
||||
server_name {{DOMAIN}};
|
||||
root {{HT_PATH}}/{{USERNAME}}/ht/{{DIR}};
|
||||
|
||||
location / {
|
||||
try_files $uri $uri.html $uri/ =404;
|
||||
}
|
||||
}
|
Loading…
Reference in a new issue