c3d2-wiki/Server%2Fcider.mw

== SaferSharing ==

To avoid legal steps because you are hosting to everyone:

* get nginx with auth_base
* proxy around
* modify your fw a bit

==== config nginx ====

<pre>
$ vi /etc/nginx/sites-available/default
$ cat /etc/nginx/sites-available/default

server {
   listen 80 default_server;
   listen [::]:80 default_server ipv6only=on;

   root /usr/share/nginx/html;
   index index.html index.htm;

   # Make site accessible from http://localhost/
   server_name localhost;

   location / {
       auth_basic               &quot;Sharing is Caring&quot;;
       auth_basic_user_file     /etc/nginx/htpasswd;
       proxy_pass               http://localhost:8000;
       proxy_buffering          off;
   }
}

$ vi /etc/nginx/htpasswd
$ cat /et/nginx/htpasswd

user:yoursavepassword</pre>
in addtion we used:

<pre>
$ openssl passwd -crypt yoursupersafepassword
</pre>
instead of plaintext password

==== sharing2 conf ====

<pre>
$ vi /path/to/sharing2/main.hs
$ cat /path/to/sharing2/main.hs


main :: IO ()
main = app &gt;&gt;=
       runSettings (defaultSettings
                   { settingsHost = HostIPv6
                   , settingsPort = 8000
                   , ...
                   })
</pre>

==== modify iptables ====

<pre>
$ iptables -t filter -A INPUT ! -s 127.0.0.1 -p tcp --dport 8000 -j DROP
$ ip6tables -t filter -A INPUT ! -s ::1 -p tcp --dport 8000 -j DROP
</pre>

== Na toll, aber wie ist der Zugang zu Cider nun? ==

wie auf allen anderen Maschinen auch

[[Kategorie:Infrastruktur]]
safer sharing 2013-10-04 02:06:42 +02:00			`== SaferSharing ==`

Empty MediaWiki Message 2013-10-04 02:32:48 +02:00			`To avoid legal steps because you are hosting to everyone:`
safer sharing 2013-10-04 02:06:42 +02:00
			`* get nginx with auth_base`
			`* proxy around`
			`* modify your fw a bit`

			`==== config nginx ====`

Empty MediaWiki Message 2013-10-04 02:32:48 +02:00			`<pre>`
			`$ vi /etc/nginx/sites-available/default`
safer sharing 2013-10-04 02:06:42 +02:00			`$ cat /etc/nginx/sites-available/default`

			`server {`
			`listen 80 default_server;`
			`listen [::]:80 default_server ipv6only=on;`

			`root /usr/share/nginx/html;`
			`index index.html index.htm;`

			`# Make site accessible from http://localhost/`
			`server_name localhost;`

			`location / {`
			`auth_basic "Sharing is Caring";`
			`auth_basic_user_file /etc/nginx/htpasswd;`
			`proxy_pass http://localhost:8000;`
			`proxy_buffering off;`
			`}`
			`}`

			`$ vi /etc/nginx/htpasswd`
			`$ cat /et/nginx/htpasswd`

			`user:yoursavepassword</pre>`
			`in addtion we used:`

Empty MediaWiki Message 2013-10-04 02:32:48 +02:00			`<pre>`
			`$ openssl passwd -crypt yoursupersafepassword`
			`</pre>`
safer sharing 2013-10-04 02:06:42 +02:00			`instead of plaintext password`

			`==== sharing2 conf ====`

Empty MediaWiki Message 2013-10-04 02:32:48 +02:00			`<pre>`
			`$ vi /path/to/sharing2/main.hs`
safer sharing 2013-10-04 02:06:42 +02:00			`$ cat /path/to/sharing2/main.hs`


			`main :: IO ()`
			`main = app >>=`
			`runSettings (defaultSettings`
			`{ settingsHost = HostIPv6`
			`, settingsPort = 8000`
			`, ...`
Empty MediaWiki Message 2013-10-04 02:32:48 +02:00			`})`
			`</pre>`

safer sharing 2013-10-04 02:06:42 +02:00			`==== modify iptables ====`

Empty MediaWiki Message 2013-10-04 02:32:48 +02:00			`<pre>`
			`$ iptables -t filter -A INPUT ! -s 127.0.0.1 -p tcp --dport 8000 -j DROP`
			`$ ip6tables -t filter -A INPUT ! -s ::1 -p tcp --dport 8000 -j DROP`
			`</pre>`
safer sharing 2013-10-04 02:06:42 +02:00
			`== Na toll, aber wie ist der Zugang zu Cider nun? ==`

			`wie auf allen anderen Maschinen auch`
Empty MediaWiki Message 2013-10-04 02:32:48 +02:00
			`[[Kategorie:Infrastruktur]]`