forksand
4 years ago
parent
4a2b934fb3
commit
405d67cbab
@ -0,0 +1,42 @@
|
|||||||
|
# web3
|
||||||
|
|
||||||
|
* web3py
|
||||||
|
|
||||||
|
# Proxy
|
||||||
|
Apache proxy
|
||||||
|
|
||||||
|
```
|
||||||
|
apt-get -y install apache2 python3-certbot-apache
|
||||||
|
apt clean
|
||||||
|
a2enmod ssl rewrite proxy proxy_http headers
|
||||||
|
a2ensite default-ssl.conf
|
||||||
|
echo vweb3.forksand.com > /var/www/html/index.html
|
||||||
|
vim iptables.test.rules
|
||||||
|
# Web
|
||||||
|
-A INPUT -p tcp --dport 80 -j ACCEPT
|
||||||
|
-A INPUT -p tcp --dport 443 -j ACCEPT
|
||||||
|
|
||||||
|
systemctl restart apache2
|
||||||
|
/root/iptables-reload
|
||||||
|
```
|
||||||
|
|
||||||
|
## Cerbot
|
||||||
|
Not public, use DNS.
|
||||||
|
|
||||||
|
|
||||||
|
```
|
||||||
|
sudo su -
|
||||||
|
pip3 install certbot-dns-njalla
|
||||||
|
|
||||||
|
touch /etc/njalla.ini
|
||||||
|
chmod 600 /etc/njalla.ini
|
||||||
|
# Create API key at Njalla
|
||||||
|
echo 'certbot_dns_njalla:dns_njalla_token=0000000000000000000000000000000000000000' > /etc/njalla.ini
|
||||||
|
certbot certonly -a certbot-dns-njalla:dns-njalla --certbot-dns-njalla:dns-njalla-credentials njalla.ini -d vweb3.forksand.com
|
||||||
|
# Disable API key at Njalla
|
||||||
|
|
||||||
|
# Plugin legacy name certbot-dns-njalla:dns-njalla may be removed in a future version. Please use dns-njalla instead.
|
||||||
|
#certbot run -n -d vweb3.forksand.com,eth.forksand.com --apache --agree-tos -m "certbot@forksand.com"
|
||||||
|
|
||||||
|
systemctl restart apache2
|
||||||
|
```
|
||||||
@ -0,0 +1,11 @@
|
|||||||
|
<VirtualHost *:80>
|
||||||
|
ServerAdmin webmaster@localhost
|
||||||
|
DocumentRoot /var/www/html
|
||||||
|
ErrorLog ${APACHE_LOG_DIR}/error.log
|
||||||
|
CustomLog ${APACHE_LOG_DIR}/access.log combined
|
||||||
|
RewriteEngine on
|
||||||
|
RewriteCond %{SERVER_NAME} =vweb3.forksand.com
|
||||||
|
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
|
||||||
|
</VirtualHost>
|
||||||
|
|
||||||
|
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
|
||||||
@ -0,0 +1,32 @@
|
|||||||
|
DefaultRuntimeDir ${APACHE_RUN_DIR}
|
||||||
|
PidFile ${APACHE_PID_FILE}
|
||||||
|
Timeout 300
|
||||||
|
KeepAlive On
|
||||||
|
MaxKeepAliveRequests 100
|
||||||
|
KeepAliveTimeout 5
|
||||||
|
User ${APACHE_RUN_USER}
|
||||||
|
Group ${APACHE_RUN_GROUP}
|
||||||
|
HostnameLookups Off
|
||||||
|
ErrorLog ${APACHE_LOG_DIR}/error.log
|
||||||
|
LogLevel warn
|
||||||
|
IncludeOptional mods-enabled/*.load
|
||||||
|
IncludeOptional mods-enabled/*.conf
|
||||||
|
Include ports.conf
|
||||||
|
<Directory />
|
||||||
|
Options FollowSymLinks
|
||||||
|
AllowOverride None
|
||||||
|
Require all denied
|
||||||
|
</Directory>
|
||||||
|
AccessFileName .htaccess
|
||||||
|
<FilesMatch "^\.ht">
|
||||||
|
Require all denied
|
||||||
|
</FilesMatch>
|
||||||
|
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
|
||||||
|
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
|
||||||
|
LogFormat "%h %l %u %t \"%r\" %>s %O" common
|
||||||
|
LogFormat "%{Referer}i -> %U" referer
|
||||||
|
LogFormat "%{User-agent}i" agent
|
||||||
|
IncludeOptional conf-enabled/*.conf
|
||||||
|
IncludeOptional sites-enabled/*.conf
|
||||||
|
|
||||||
|
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
|
||||||
@ -0,0 +1,10 @@
|
|||||||
|
<Directory />
|
||||||
|
AllowOverride None
|
||||||
|
Require all denied
|
||||||
|
</Directory>
|
||||||
|
ServerTokens Minimal
|
||||||
|
ServerSignature Off
|
||||||
|
TraceEnable Off
|
||||||
|
Header set X-Frame-Options: "sameorigin"
|
||||||
|
|
||||||
|
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
|
||||||
@ -0,0 +1,4 @@
|
|||||||
|
AuthType Basic
|
||||||
|
AuthName "Restricted Content"
|
||||||
|
AuthUserFile /etc/apache2/.htpasswd
|
||||||
|
Require valid-user
|
||||||
@ -0,0 +1,42 @@
|
|||||||
|
<IfModule mod_ssl.c>
|
||||||
|
<VirtualHost *:443>
|
||||||
|
ProxyRequests On
|
||||||
|
ProxyVia On
|
||||||
|
<Proxy *>
|
||||||
|
Order deny,allow
|
||||||
|
Allow from all
|
||||||
|
AuthType Basic
|
||||||
|
AuthName "Password Required"
|
||||||
|
AuthUserFile /etc/apache2/.htpasswd
|
||||||
|
Require valid-user
|
||||||
|
</Proxy>
|
||||||
|
ServerAdmin webmaster@localhost
|
||||||
|
DocumentRoot /var/www/html
|
||||||
|
ErrorLog ${APACHE_LOG_DIR}/error.log
|
||||||
|
CustomLog ${APACHE_LOG_DIR}/access.log combined
|
||||||
|
ServerName vweb3.forksand.com
|
||||||
|
SSLCertificateFile /etc/letsencrypt/live/vweb3.forksand.com/fullchain.pem
|
||||||
|
SSLCertificateKeyFile /etc/letsencrypt/live/vweb3.forksand.com/privkey.pem
|
||||||
|
Include /etc/letsencrypt/options-ssl-apache.conf
|
||||||
|
|
||||||
|
SSLProtocol -All TLSv1.3 TLSv1.2 -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
|
||||||
|
SSLCipherSuite AES256+EECDH
|
||||||
|
SSLHonorCipherOrder on
|
||||||
|
SSLCompression off
|
||||||
|
SSLVerifyClient None
|
||||||
|
# Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
|
||||||
|
SSLSessionTickets Off
|
||||||
|
SSLOptions +StrictRequire
|
||||||
|
|
||||||
|
RewriteEngine on
|
||||||
|
RewriteCond %{SERVER_NAME} =vweb3.forksand.org [OR]
|
||||||
|
RewriteCond %{SERVER_NAME} =vweb3.forksand.net
|
||||||
|
RewriteRule ^ https://vweb3.forksand.com%{REQUEST_URI} [END,NE,R=permanent]
|
||||||
|
ProxyPreserveHost On
|
||||||
|
ProxyRequests off
|
||||||
|
AllowEncodedSlashes NoDecode
|
||||||
|
ProxyPass / http://localhost:8502/ nocanon
|
||||||
|
ProxyPassReverse / http://localhost:8502/
|
||||||
|
</VirtualHost>
|
||||||
|
</IfModule>
|
||||||
|
|
||||||
Loading…
Reference in new issue