diff --git a/beaglebone.txt b/beaglebone.txt index e43fa02b..9feebe6f 100644 --- a/beaglebone.txt +++ b/beaglebone.txt @@ -1072,7 +1072,7 @@ editor /etc/crontab You can replace the multiple freedns entries with a single line: #+BEGIN_SRC: bash -*/10 * * * * root /usr/bin/timeout 200 /usr/bin/dynamicdns +*/5 * * * * root /usr/bin/timeout 240 /usr/bin/dynamicdns #+END_SRC Then save and exit and restart the cron daemon. @@ -6071,7 +6071,8 @@ In some environments, such as behind corporate firewalls or under regimes hostil In that scenario you can use a tool called [[http://code.google.com/p/shellinabox/][shellinabox]] to log into your BBB via your web site rather than via a terminal. This means that you can administrate your system from any device which has a web browser and keyboard. #+BEGIN_SRC: bash -apt-get install shellinabox libapache2-mod-proxy-html +apt-get install shellinabox libapache +2-mod-proxy-html #+END_SRC Update your Apache configuration. @@ -7159,7 +7160,144 @@ chown -R subsonic:subsonic /var/music service subsonic restart #+END_SRC -Edit your Apache configuration. +Edit your web server configuration. + +#+BEGIN_SRC: bash +editor /etc/nginx/sites-available/$HOSTNAME +#+END_SRC + +Delete all existing contents then add the following: + +#+BEGIN_SRC: bash +upstream subsonicbackend { + server 127.0.0.1:4040 max_fails=3 fail_timeout=30s; + server 127.0.0.1:4040 max_fails=3 fail_timeout=60s; + server 127.0.0.1:4040 max_fails=3 fail_timeout=90s; +} + +server { + listen 80; + server_name mysubsonicdomainname.com; + rewrite ^ https://$server_name$request_uri? permanent; +} + +map $http_upgrade $connection_upgrade { + default upgrade; + '' close; +} + +server { + listen 443 ssl; + server_name mysubsonicdomainname.com; + + error_log /var/www/mysubsonicdomainname.com/error.log debug; + + ssl on; + ssl_certificate /etc/ssl/certs/mysubsonicdomainname.com.crt; + ssl_certificate_key /etc/ssl/private/mysubsonicdomainname.com.key; + + ssl_session_timeout 5m; + ssl_prefer_server_ciphers on; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # not possible to do exclusive + ssl_ciphers 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA'; + #add_header Strict-Transport-Security max-age=15768000; # six months + # use this only if all subdomains support HTTPS! + add_header Strict-Transport-Security "max-age=15768000; includeSubDomains"; + + client_max_body_size 6m; + + keepalive_timeout 75 75; + gzip_vary off; + + location / { + proxy_pass https://subsonicbackend; + proxy_http_version 1.1; + proxy_redirect off; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_buffers 16 32k; + } +} + + + + +server { + listen 80; + server_name FQDN; + charset utf-8; + + root PATH; + index index.php; + + if ( !-d $request_filename ) { + rewrite ^/rest/(.*).view$ /rest/index.php?action=$1 last; + } + + if ( !-d $request_filename ) { + rewrite ^/plex/(.*)$ /plex/index.php?action=$1 last; + } + + location /rest { + limit_except GET POST { + deny all; + } + } + + location /plex { + limit_except GET POST { + deny all; + } + } + + location ^~ /bin/ { + deny all; + return 403; + } + + location ^~ /config/ { + deny all; + return 403; + } + + location / { + limit_except GET POST HEAD{ + deny all; + } + } + + location ~ ^(.+\.php)(.*)$ { + try_files $fastcgi_script_name =404; + fastcgi_split_path_info ^(.+\.php)(.*)$; + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + include /etc/nginx/fastcgi_params; + } +} +#+END_SRC + +Save and exit. + +#+BEGIN_SRC: bash +sed "s/mysubsonicdomainname.com/$HOSTNAME/g" /etc/nginx/sites-available/$HOSTNAME > /tmp/website +cp -f /tmp/website /etc/nginx/sites-available/$HOSTNAME +service nginx restart +#+END_SRC + + + + + + + + + + + + #+BEGIN_SRC: bash export HOSTNAME=mysubsonicdomainname.com