== SaferSharing ==

To avoid legal steps because you are hosting to everyone:

* get nginx with auth_base
* proxy around
* modify your fw a bit

==== config nginx ====
as root

 <source lang="bash">vi /etc/nginx/sites-available/default</source>
 <source lang="bash">cat /etc/nginx/sites-available/default</source>
<pre>
server {
   listen 80 default_server;
   listen [::]:80 default_server ipv6only=on;

   root /usr/share/nginx/html;
   index index.html index.htm;

   # Make site accessible from http://localhost/
   server_name localhost;

   location / {
       auth_basic               &quot;Sharing is Caring&quot;;
       auth_basic_user_file     /etc/nginx/htpasswd;
       proxy_pass               http://localhost:8000;
       proxy_buffering          off;
   }
}
</pre>

<source lang="bash">vi /etc/nginx/htpasswd</source>
<source lang="bash">cat /et/nginx/htpasswd</source>
<pre>
user:yoursavepassword
</pre>

In addition we used <source lang="bash">openssl passwd -crypt yoursupersafepassword</source> instead of plaintext password.

==== sharing2 conf ====
as user
<source lang="bash">vi /path/to/sharing2/main.hs</source>
<source lang="bash">cat /path/to/sharing2/main.hs</source>
<pre>
main :: IO ()
main = app &gt;&gt;=
       runSettings (defaultSettings
                   { settingsHost = HostIPv6
                   , settingsPort = 8000
                   , ...
                   })
</pre>

==== modify iptables ====
as root
<source lang="bash">iptables -t filter -A INPUT ! -s 127.0.0.1 -p tcp --dport 8000 -j DROP</source>
<source lang="bash">ip6tables -t filter -A INPUT ! -s ::1 -p tcp --dport 8000 -j DROP</source>

== Na toll, aber wie ist der Zugang zu Cider nun? ==

wie auf allen anderen Maschinen auch

[[Kategorie:Infrastruktur]]