Server/cider: Unterschied zwischen den Versionen
< Server
Eri! (Diskussion | Beiträge) |
Vater (Diskussion | Beiträge) KKeine Bearbeitungszusammenfassung |
||
| Zeile 1: | Zeile 1: | ||
== SaferSharing == | == SaferSharing == | ||
To avoid legal steps because you are hosting to everyone | To avoid legal steps because you are hosting to everyone: | ||
* get nginx with auth_base | * get nginx with auth_base | ||
| Zeile 11: | Zeile 9: | ||
==== config nginx ==== | ==== config nginx ==== | ||
<pre>$ vi /etc/nginx/sites-available/default | <pre> | ||
$ vi /etc/nginx/sites-available/default | |||
$ cat /etc/nginx/sites-available/default | $ cat /etc/nginx/sites-available/default | ||
| Zeile 38: | Zeile 37: | ||
in addtion we used: | in addtion we used: | ||
<pre>$ openssl passwd -crypt yoursupersafepassword</pre> | <pre> | ||
$ openssl passwd -crypt yoursupersafepassword | |||
</pre> | |||
instead of plaintext password | instead of plaintext password | ||
==== sharing2 conf ==== | ==== sharing2 conf ==== | ||
<pre>$ vi /path/to/sharing2/main.hs | <pre> | ||
$ vi /path/to/sharing2/main.hs | |||
$ cat /path/to/sharing2/main.hs | $ cat /path/to/sharing2/main.hs | ||
| Zeile 53: | Zeile 55: | ||
, settingsPort = 8000 | , settingsPort = 8000 | ||
, ... | , ... | ||
})</pre> | }) | ||
</pre> | |||
==== modify iptables ==== | ==== modify iptables ==== | ||
<pre>$ iptables -t filter -A INPUT ! -s 127.0.0.1 -p tcp --dport 8000 -j DROP | <pre> | ||
$ ip6tables -t filter -A INPUT ! -s ::1 -p tcp --dport 8000 -j DROP</pre> | $ iptables -t filter -A INPUT ! -s 127.0.0.1 -p tcp --dport 8000 -j DROP | ||
$ ip6tables -t filter -A INPUT ! -s ::1 -p tcp --dport 8000 -j DROP | |||
</pre> | |||
== Na toll, aber wie ist der Zugang zu Cider nun? == | == Na toll, aber wie ist der Zugang zu Cider nun? == | ||
wie auf allen anderen Maschinen auch | wie auf allen anderen Maschinen auch | ||
[[Kategorie:Infrastruktur]] | |||
Version vom 4. Oktober 2013, 00:32 Uhr
SaferSharing
To avoid legal steps because you are hosting to everyone:
- get nginx with auth_base
- proxy around
- modify your fw a bit
config nginx
$ vi /etc/nginx/sites-available/default
$ cat /etc/nginx/sites-available/default
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
root /usr/share/nginx/html;
index index.html index.htm;
# Make site accessible from http://localhost/
server_name localhost;
location / {
auth_basic "Sharing is Caring";
auth_basic_user_file /etc/nginx/htpasswd;
proxy_pass http://localhost:8000;
proxy_buffering off;
}
}
$ vi /etc/nginx/htpasswd
$ cat /et/nginx/htpasswd
user:yoursavepassword
in addtion we used:
$ openssl passwd -crypt yoursupersafepassword
instead of plaintext password
sharing2 conf
$ vi /path/to/sharing2/main.hs
$ cat /path/to/sharing2/main.hs
main :: IO ()
main = app >>=
runSettings (defaultSettings
{ settingsHost = HostIPv6
, settingsPort = 8000
, ...
})
modify iptables
$ iptables -t filter -A INPUT ! -s 127.0.0.1 -p tcp --dport 8000 -j DROP $ ip6tables -t filter -A INPUT ! -s ::1 -p tcp --dport 8000 -j DROP
Na toll, aber wie ist der Zugang zu Cider nun?
wie auf allen anderen Maschinen auch