Tor setup 2
This commit is contained in:
parent
74ab3d19fc
commit
d28eb52809
|
@ -27,6 +27,9 @@ chmod -R u=rwX,g=,o= /etc/sftpgo
|
|||
chown -R sftpgo:php-niver /srv/ht
|
||||
chmod -R u=rwX,g=rwX,o=rX /srv/ht
|
||||
|
||||
chown -R php-niver:tor /etc/tor/instances/niver
|
||||
chmod -R u=rwX,g=rX,o= /etc/tor/instances/niver
|
||||
|
||||
chmod 555 /srv/php
|
||||
|
||||
chown -R php-errors:nginx /srv/php/errors
|
||||
|
@ -45,6 +48,8 @@ chmod -R u=rw,g=rw,o= /srv/php/niver/auth.log
|
|||
# Load configuration in Knot database
|
||||
sudo -u knot knotc conf-import /etc/knot/knot.conf
|
||||
|
||||
# PHP paths unification across distributions
|
||||
|
||||
export PHP_INI=/etc/php/php.ini
|
||||
|
||||
if [[ $ID = "debian" ]]; then
|
||||
|
@ -63,6 +68,12 @@ display_errors = On
|
|||
extension = pdo_sqlite
|
||||
EOF
|
||||
|
||||
if [[ $ID = "arch" ]]; then
|
||||
ln -s /etc/tor/instances/niver/torrc /etc/tor/torrc
|
||||
fi
|
||||
|
||||
# Start SystemD services at startup
|
||||
|
||||
systemctl enable sftpgo
|
||||
|
||||
if [[ $ID = "arch" ]]; then
|
||||
|
|
|
@ -1,9 +1,10 @@
|
|||
#!/usr/bin/bash
|
||||
source /etc/os-release
|
||||
|
||||
# Clean configuration directories (will be filled with mkosi.extra/)
|
||||
# Clear configuration (will be filled with mkosi.extra/)
|
||||
rm -r /etc/nginx/*
|
||||
rm -r /etc/ssh/*
|
||||
rm /etc/tor/torrc
|
||||
if [[ $ID = "debian" ]]; then
|
||||
rm -r /etc/php/7.4/fpm/pool.d
|
||||
rm /usr/lib/tmpfiles.d/php7.4-fpm.conf
|
||||
|
@ -12,6 +13,11 @@ if [[ $ID = "arch" ]]; then
|
|||
rm /etc/php/php-fpm.d/*
|
||||
fi
|
||||
|
||||
# Create dedicated Tor instance
|
||||
if [[ $ID = "debian" ]]; then
|
||||
tor-instance-create niver
|
||||
fi
|
||||
|
||||
# Generate default self-signed TLS key pair
|
||||
openssl req -subj '/' -new -newkey RSA:3072 -days 3650 -nodes -x509 -keyout /etc/ssl/private/niver.key -out /etc/ssl/certs/niver.crt
|
||||
|
||||
|
|
|
@ -1,2 +1,3 @@
|
|||
[Service]
|
||||
ReadWritePaths=/etc/nginx/ht
|
||||
ReadWritePaths=/etc/tor/instances/niver
|
||||
|
|
|
@ -0,0 +1,4 @@
|
|||
[Service]
|
||||
ReadWritePaths=/var/lib/tor-instances/niver/
|
||||
# To allow reloading service on Arch Linux
|
||||
CapabilityBoundingSet=CAP_KILL
|
|
@ -1 +1 @@
|
|||
Subproject commit e60f9c929259f684ac97a28a54bc7f253004fb3a
|
||||
Subproject commit 91441c5f1d30125d9e15bea810a3d2faaa603dc0
|
|
@ -1,2 +0,0 @@
|
|||
DOMAIN 3600 SOA ns1.niver.test. admin.niver.test. 1 21600 7200 3628800 3600
|
||||
DOMAIN 86400 NS ns1.niver.test.
|
|
@ -1,15 +0,0 @@
|
|||
server {
|
||||
listen [::]:{{HTTPS_PORT}} ssl http2;
|
||||
listen 0.0.0.0:{{HTTPS_PORT}} ssl http2;
|
||||
server_name {{DOMAIN}};
|
||||
root {{HT_PATH}}/{{USERNAME}}/{{DIR}};
|
||||
|
||||
ssl_certificate /etc/ssl/certs/niver.crt;
|
||||
ssl_certificate_key /etc/ssl/private/niver.key;
|
||||
|
||||
include inc/tls.conf;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri.html $uri/ =404;
|
||||
}
|
||||
}
|
|
@ -1,9 +0,0 @@
|
|||
server {
|
||||
listen [::1]:{{INTERNAL_ONION_HTTP_PORT}};
|
||||
server_name {{DOMAIN}};
|
||||
root {{HT_PATH}}/{{USERNAME}}/{{DIR}};
|
||||
|
||||
location / {
|
||||
try_files $uri $uri.html $uri/ =404;
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue