67 lines
1.5 KiB
Plaintext
67 lines
1.5 KiB
Plaintext
[[Kategorie:Infrastruktur]]
|
|
|
|
== SaferSharing ==
|
|
|
|
To avoid legal steps because you are hosting to everyone
|
|
|
|
* get nginx with auth_base
|
|
* proxy around
|
|
* modify your fw a bit
|
|
|
|
|
|
|
|
|
|
==== config nginx ====
|
|
|
|
<pre>$ vi /etc/nginx/sites-available/default
|
|
$ cat /etc/nginx/sites-available/default
|
|
|
|
server {
|
|
listen 80 default_server;
|
|
listen [::]:80 default_server ipv6only=on;
|
|
|
|
root /usr/share/nginx/html;
|
|
index index.html index.htm;
|
|
|
|
# Make site accessible from http://localhost/
|
|
server_name localhost;
|
|
|
|
location / {
|
|
auth_basic "Sharing is Caring";
|
|
auth_basic_user_file /etc/nginx/htpasswd;
|
|
proxy_pass http://localhost:8000;
|
|
proxy_buffering off;
|
|
}
|
|
}
|
|
|
|
$ vi /etc/nginx/htpasswd
|
|
$ cat /et/nginx/htpasswd
|
|
|
|
user:yoursavepassword</pre>
|
|
in addtion we used:
|
|
|
|
<pre>$ openssl passwd -crypt yoursupersafepassword</pre>
|
|
instead of plaintext password
|
|
|
|
==== sharing2 conf ====
|
|
|
|
<pre>$ vi /path/to/sharing2/main.hs
|
|
$ cat /path/to/sharing2/main.hs
|
|
|
|
|
|
main :: IO ()
|
|
main = app >>=
|
|
runSettings (defaultSettings
|
|
{ settingsHost = HostIPv6
|
|
, settingsPort = 8000
|
|
, ...
|
|
})</pre>
|
|
==== modify iptables ====
|
|
|
|
<pre>$ iptables -t filter -A INPUT ! -s 127.0.0.1 -p tcp --dport 8000 -j REJECT
|
|
$ ip6tables -t filter -A INPUT ! -s ::1 -p tcp --dport 8000 -j REJECT</pre>
|
|
|
|
== Na toll, aber wie ist der Zugang zu Cider nun? ==
|
|
|
|
wie auf allen anderen Maschinen auch
|