66 lines
1.7 KiB
Plaintext
66 lines
1.7 KiB
Plaintext
== SaferSharing ==
|
|
|
|
To avoid legal steps because you are hosting to everyone:
|
|
|
|
* get nginx with auth_base
|
|
* proxy around
|
|
* modify your fw a bit
|
|
|
|
==== config nginx ====
|
|
as root
|
|
|
|
<source lang="bash">vi /etc/nginx/sites-available/default</source>
|
|
<source lang="bash">cat /etc/nginx/sites-available/default</source>
|
|
<pre>
|
|
server {
|
|
listen 80 default_server;
|
|
listen [::]:80 default_server ipv6only=on;
|
|
|
|
root /usr/share/nginx/html;
|
|
index index.html index.htm;
|
|
|
|
# Make site accessible from http://localhost/
|
|
server_name localhost;
|
|
|
|
location / {
|
|
auth_basic "Sharing is Caring";
|
|
auth_basic_user_file /etc/nginx/htpasswd;
|
|
proxy_pass http://localhost:8000;
|
|
proxy_buffering off;
|
|
}
|
|
}
|
|
</pre>
|
|
|
|
<source lang="bash">vi /etc/nginx/htpasswd</source>
|
|
<source lang="bash">cat /et/nginx/htpasswd</source>
|
|
<pre>
|
|
user:yoursavepassword
|
|
</pre>
|
|
|
|
In addition we used <source lang="bash">openssl passwd -crypt yoursupersafepassword</source> instead of plaintext password.
|
|
|
|
==== sharing2 conf ====
|
|
as user
|
|
<source lang="bash">vi /path/to/sharing2/main.hs</source>
|
|
<source lang="bash">cat /path/to/sharing2/main.hs</source>
|
|
<pre>
|
|
main :: IO ()
|
|
main = app >>=
|
|
runSettings (defaultSettings
|
|
{ settingsHost = HostIPv6
|
|
, settingsPort = 8000
|
|
, ...
|
|
})
|
|
</pre>
|
|
|
|
==== modify iptables ====
|
|
as root
|
|
<source lang="bash">iptables -t filter -A INPUT ! -s 127.0.0.1 -p tcp --dport 8000 -j DROP</source>
|
|
<source lang="bash">ip6tables -t filter -A INPUT ! -s ::1 -p tcp --dport 8000 -j DROP</source>
|
|
|
|
== Na toll, aber wie ist der Zugang zu Cider nun? ==
|
|
|
|
wie auf allen anderen Maschinen auch
|
|
|
|
[[Kategorie:Infrastruktur]]
|