Server/cider: Unterschied zwischen den Versionen

Aus C3D2
Zur Navigation springen Zur Suche springen
(Die Seite wurde neu angelegt: „Kategorie:Infrastruktur“)
 
(safer sharing)
Zeile 1: Zeile 1:
[[Kategorie:Infrastruktur]]
[[Kategorie:Infrastruktur]]
== SaferSharing ==
To avoid legal steps because you are hosting to everyone
* get nginx with auth_base
* proxy around
* modify your fw a bit
==== config nginx ====
<pre>$ vi /etc/nginx/sites-available/default
$ cat /etc/nginx/sites-available/default
server {
  listen 80 default_server;
  listen [::]:80 default_server ipv6only=on;
  root /usr/share/nginx/html;
  index index.html index.htm;
  # Make site accessible from http://localhost/
  server_name localhost;
  location / {
      auth_basic              &quot;Sharing is Caring&quot;;
      auth_basic_user_file    /etc/nginx/htpasswd;
      proxy_pass              http://localhost:8000;
      proxy_buffering          off;
  }
}
$ vi /etc/nginx/htpasswd
$ cat /et/nginx/htpasswd
user:yoursavepassword</pre>
in addtion we used:
<pre>$ openssl passwd -crypt yoursupersafepassword</pre>
instead of plaintext password
==== sharing2 conf ====
<pre>$ vi /path/to/sharing2/main.hs
$ cat /path/to/sharing2/main.hs
main :: IO ()
main = app &gt;&gt;=
      runSettings (defaultSettings
                  { settingsHost = HostIPv6
                  , settingsPort = 8000
                  , ...
                  })</pre>
==== modify iptables ====
<pre>$ iptables -t filter -A INPUT ! -s 127.0.0.1 -p tcp --dport 8000 -j REJECT
$ ip6tables -t filter -A INPUT ! -s ::1 -p tcp --dport 8000 -j REJECT</pre>
== Na toll, aber wie ist der Zugang zu Cider nun? ==
wie auf allen anderen Maschinen auch

Version vom 4. Oktober 2013, 00:06 Uhr


SaferSharing

To avoid legal steps because you are hosting to everyone

  • get nginx with auth_base
  • proxy around
  • modify your fw a bit



config nginx

$ vi /etc/nginx/sites-available/default
$ cat /etc/nginx/sites-available/default

server {
   listen 80 default_server;
   listen [::]:80 default_server ipv6only=on;

   root /usr/share/nginx/html;
   index index.html index.htm;

   # Make site accessible from http://localhost/
   server_name localhost;

   location / {
       auth_basic               "Sharing is Caring";
       auth_basic_user_file     /etc/nginx/htpasswd;
       proxy_pass               http://localhost:8000;
       proxy_buffering          off;
   }
}

$ vi /etc/nginx/htpasswd
$ cat /et/nginx/htpasswd

user:yoursavepassword

in addtion we used:

$ openssl passwd -crypt yoursupersafepassword

instead of plaintext password

sharing2 conf

$ vi /path/to/sharing2/main.hs
$ cat /path/to/sharing2/main.hs


main :: IO ()
main = app >>=
       runSettings (defaultSettings
                   { settingsHost = HostIPv6
                   , settingsPort = 8000
                   , ...
                   })

modify iptables

$ iptables -t filter -A INPUT ! -s 127.0.0.1 -p tcp --dport 8000 -j REJECT
$ ip6tables -t filter -A INPUT ! -s ::1 -p tcp --dport 8000 -j REJECT

Na toll, aber wie ist der Zugang zu Cider nun?

wie auf allen anderen Maschinen auch