Server/cider: Unterschied zwischen den Versionen

Aus C3D2
Zur Navigation springen Zur Suche springen
KKeine Bearbeitungszusammenfassung
Zeile 8: Zeile 8:


==== config nginx ====
==== config nginx ====
as root


<source lang="bash">vi /etc/nginx/sites-available/default</source>
<source lang="bash"> vi /etc/nginx/sites-available/default</source>
<source lang="bash">cat /etc/nginx/sites-available/default</source>
<source lang="bash"> cat /etc/nginx/sites-available/default</source>
<pre>
<pre>
server {
server {
Zeile 40: Zeile 41:


==== sharing2 conf ====
==== sharing2 conf ====
 
as user
<source lang="bash">vi /path/to/sharing2/main.hs</source>
<source lang="bash">vi /path/to/sharing2/main.hs</source>
<source lang="bash">cat /path/to/sharing2/main.hs</source>
<source lang="bash">cat /path/to/sharing2/main.hs</source>
Zeile 54: Zeile 55:


==== modify iptables ====
==== modify iptables ====
 
as root
<source lang="bash">iptables -t filter -A INPUT ! -s 127.0.0.1 -p tcp --dport 8000 -j DROP</source>
<source lang="bash">iptables -t filter -A INPUT ! -s 127.0.0.1 -p tcp --dport 8000 -j DROP</source>
<source lang="bash">ip6tables -t filter -A INPUT ! -s ::1 -p tcp --dport 8000 -j DROP</source>
<source lang="bash">ip6tables -t filter -A INPUT ! -s ::1 -p tcp --dport 8000 -j DROP</source>

Version vom 4. Oktober 2013, 00:53 Uhr

SaferSharing

To avoid legal steps because you are hosting to everyone:

  • get nginx with auth_base
  • proxy around
  • modify your fw a bit

config nginx

as root

 vi /etc/nginx/sites-available/default
 cat /etc/nginx/sites-available/default
server {
   listen 80 default_server;
   listen [::]:80 default_server ipv6only=on;

   root /usr/share/nginx/html;
   index index.html index.htm;

   # Make site accessible from http://localhost/
   server_name localhost;

   location / {
       auth_basic               "Sharing is Caring";
       auth_basic_user_file     /etc/nginx/htpasswd;
       proxy_pass               http://localhost:8000;
       proxy_buffering          off;
   }
}
vi /etc/nginx/htpasswd
cat /et/nginx/htpasswd
user:yoursavepassword

In addition we used

openssl passwd -crypt yoursupersafepassword

instead of plaintext password.

sharing2 conf

as user

vi /path/to/sharing2/main.hs
cat /path/to/sharing2/main.hs
main :: IO ()
main = app >>=
       runSettings (defaultSettings
                   { settingsHost = HostIPv6
                   , settingsPort = 8000
                   , ...
                   })

modify iptables

as root

iptables -t filter -A INPUT ! -s 127.0.0.1 -p tcp --dport 8000 -j DROP
ip6tables -t filter -A INPUT ! -s ::1 -p tcp --dport 8000 -j DROP

Na toll, aber wie ist der Zugang zu Cider nun?

wie auf allen anderen Maschinen auch