Server/cider: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Vater (Diskussion | Beiträge) (Die Seite wurde neu angelegt: „Kategorie:Infrastruktur“) |
Eri! (Diskussion | Beiträge) (safer sharing) |
||
Zeile 1: | Zeile 1: | ||
[[Kategorie:Infrastruktur]] | [[Kategorie:Infrastruktur]] | ||
== SaferSharing == | |||
To avoid legal steps because you are hosting to everyone | |||
* get nginx with auth_base | |||
* proxy around | |||
* modify your fw a bit | |||
==== config nginx ==== | |||
<pre>$ vi /etc/nginx/sites-available/default | |||
$ cat /etc/nginx/sites-available/default | |||
server { | |||
listen 80 default_server; | |||
listen [::]:80 default_server ipv6only=on; | |||
root /usr/share/nginx/html; | |||
index index.html index.htm; | |||
# Make site accessible from http://localhost/ | |||
server_name localhost; | |||
location / { | |||
auth_basic "Sharing is Caring"; | |||
auth_basic_user_file /etc/nginx/htpasswd; | |||
proxy_pass http://localhost:8000; | |||
proxy_buffering off; | |||
} | |||
} | |||
$ vi /etc/nginx/htpasswd | |||
$ cat /et/nginx/htpasswd | |||
user:yoursavepassword</pre> | |||
in addtion we used: | |||
<pre>$ openssl passwd -crypt yoursupersafepassword</pre> | |||
instead of plaintext password | |||
==== sharing2 conf ==== | |||
<pre>$ vi /path/to/sharing2/main.hs | |||
$ cat /path/to/sharing2/main.hs | |||
main :: IO () | |||
main = app >>= | |||
runSettings (defaultSettings | |||
{ settingsHost = HostIPv6 | |||
, settingsPort = 8000 | |||
, ... | |||
})</pre> | |||
==== modify iptables ==== | |||
<pre>$ iptables -t filter -A INPUT ! -s 127.0.0.1 -p tcp --dport 8000 -j REJECT | |||
$ ip6tables -t filter -A INPUT ! -s ::1 -p tcp --dport 8000 -j REJECT</pre> | |||
== Na toll, aber wie ist der Zugang zu Cider nun? == | |||
wie auf allen anderen Maschinen auch |
Version vom 4. Oktober 2013, 00:06 Uhr
SaferSharing
To avoid legal steps because you are hosting to everyone
- get nginx with auth_base
- proxy around
- modify your fw a bit
config nginx
$ vi /etc/nginx/sites-available/default $ cat /etc/nginx/sites-available/default server { listen 80 default_server; listen [::]:80 default_server ipv6only=on; root /usr/share/nginx/html; index index.html index.htm; # Make site accessible from http://localhost/ server_name localhost; location / { auth_basic "Sharing is Caring"; auth_basic_user_file /etc/nginx/htpasswd; proxy_pass http://localhost:8000; proxy_buffering off; } } $ vi /etc/nginx/htpasswd $ cat /et/nginx/htpasswd user:yoursavepassword
in addtion we used:
$ openssl passwd -crypt yoursupersafepassword
instead of plaintext password
sharing2 conf
$ vi /path/to/sharing2/main.hs $ cat /path/to/sharing2/main.hs main :: IO () main = app >>= runSettings (defaultSettings { settingsHost = HostIPv6 , settingsPort = 8000 , ... })
modify iptables
$ iptables -t filter -A INPUT ! -s 127.0.0.1 -p tcp --dport 8000 -j REJECT $ ip6tables -t filter -A INPUT ! -s ::1 -p tcp --dport 8000 -j REJECT
Na toll, aber wie ist der Zugang zu Cider nun?
wie auf allen anderen Maschinen auch