Server/cider: Unterschied zwischen den Versionen
< Server
Eri! (Diskussion | Beiträge) |
Vater (Diskussion | Beiträge) KKeine Bearbeitungszusammenfassung |
||
Zeile 1: | Zeile 1: | ||
== SaferSharing == | == SaferSharing == | ||
To avoid legal steps because you are hosting to everyone | To avoid legal steps because you are hosting to everyone: | ||
* get nginx with auth_base | * get nginx with auth_base | ||
Zeile 11: | Zeile 9: | ||
==== config nginx ==== | ==== config nginx ==== | ||
<pre>$ vi /etc/nginx/sites-available/default | <pre> | ||
$ vi /etc/nginx/sites-available/default | |||
$ cat /etc/nginx/sites-available/default | $ cat /etc/nginx/sites-available/default | ||
Zeile 38: | Zeile 37: | ||
in addtion we used: | in addtion we used: | ||
<pre>$ openssl passwd -crypt yoursupersafepassword</pre> | <pre> | ||
$ openssl passwd -crypt yoursupersafepassword | |||
</pre> | |||
instead of plaintext password | instead of plaintext password | ||
==== sharing2 conf ==== | ==== sharing2 conf ==== | ||
<pre>$ vi /path/to/sharing2/main.hs | <pre> | ||
$ vi /path/to/sharing2/main.hs | |||
$ cat /path/to/sharing2/main.hs | $ cat /path/to/sharing2/main.hs | ||
Zeile 53: | Zeile 55: | ||
, settingsPort = 8000 | , settingsPort = 8000 | ||
, ... | , ... | ||
})</pre> | }) | ||
</pre> | |||
==== modify iptables ==== | ==== modify iptables ==== | ||
<pre>$ iptables -t filter -A INPUT ! -s 127.0.0.1 -p tcp --dport 8000 -j DROP | <pre> | ||
$ ip6tables -t filter -A INPUT ! -s ::1 -p tcp --dport 8000 -j DROP</pre> | $ iptables -t filter -A INPUT ! -s 127.0.0.1 -p tcp --dport 8000 -j DROP | ||
$ ip6tables -t filter -A INPUT ! -s ::1 -p tcp --dport 8000 -j DROP | |||
</pre> | |||
== Na toll, aber wie ist der Zugang zu Cider nun? == | == Na toll, aber wie ist der Zugang zu Cider nun? == | ||
wie auf allen anderen Maschinen auch | wie auf allen anderen Maschinen auch | ||
[[Kategorie:Infrastruktur]] |
Version vom 4. Oktober 2013, 00:32 Uhr
SaferSharing
To avoid legal steps because you are hosting to everyone:
- get nginx with auth_base
- proxy around
- modify your fw a bit
config nginx
$ vi /etc/nginx/sites-available/default $ cat /etc/nginx/sites-available/default server { listen 80 default_server; listen [::]:80 default_server ipv6only=on; root /usr/share/nginx/html; index index.html index.htm; # Make site accessible from http://localhost/ server_name localhost; location / { auth_basic "Sharing is Caring"; auth_basic_user_file /etc/nginx/htpasswd; proxy_pass http://localhost:8000; proxy_buffering off; } } $ vi /etc/nginx/htpasswd $ cat /et/nginx/htpasswd user:yoursavepassword
in addtion we used:
$ openssl passwd -crypt yoursupersafepassword
instead of plaintext password
sharing2 conf
$ vi /path/to/sharing2/main.hs $ cat /path/to/sharing2/main.hs main :: IO () main = app >>= runSettings (defaultSettings { settingsHost = HostIPv6 , settingsPort = 8000 , ... })
modify iptables
$ iptables -t filter -A INPUT ! -s 127.0.0.1 -p tcp --dport 8000 -j DROP $ ip6tables -t filter -A INPUT ! -s ::1 -p tcp --dport 8000 -j DROP
Na toll, aber wie ist der Zugang zu Cider nun?
wie auf allen anderen Maschinen auch