Pastebin service
This commit is contained in:
parent
7012d790a0
commit
8f8fda2963
209
beaglebone.txt
209
beaglebone.txt
|
@ -2673,11 +2673,11 @@ uncolor index "~N"
|
||||||
set pgp_timeout=60
|
set pgp_timeout=60
|
||||||
|
|
||||||
# automatically sign and encrypt with PGP/MIME
|
# automatically sign and encrypt with PGP/MIME
|
||||||
unset smime_is_default
|
|
||||||
set pgp_autosign # autosign all outgoing mails
|
set pgp_autosign # autosign all outgoing mails
|
||||||
set pgp_replyencrypt # autocrypt replies to crypted
|
set pgp_replyencrypt # autocrypt replies to crypted
|
||||||
set pgp_replysign # autosign replies to signed
|
set pgp_replysign # autosign replies to signed
|
||||||
set pgp_auto_decode=yes # decode attachments
|
set pgp_auto_decode=yes # decode attachments
|
||||||
|
unset smime_is_default
|
||||||
|
|
||||||
set alias_file=~/.mutt-alias
|
set alias_file=~/.mutt-alias
|
||||||
source ~/.mutt-alias
|
source ~/.mutt-alias
|
||||||
|
@ -6596,6 +6596,130 @@ allow_registration = false
|
||||||
|
|
||||||
Save and exit.
|
Save and exit.
|
||||||
|
|
||||||
|
** Run a pastebin service
|
||||||
|
If you need to be able to share short text files or other kinds of files on a temporary basis (doing technical support or reporting a bug, for example) then it's useful to have a pastebin system running on your server.
|
||||||
|
|
||||||
|
For this you will need to set up a new subdomain and create a new Apache configuration. For details on how to do that see [[Getting onto the web]] and [[Setting up a web site]].
|
||||||
|
|
||||||
|
#+BEGIN_SRC: bash
|
||||||
|
adduser --disabled-login zerobin
|
||||||
|
cd /tmp
|
||||||
|
git clone https://github.com/sametmax/0bin.git
|
||||||
|
cd 0bin
|
||||||
|
python setup.py install
|
||||||
|
#+END_SRC
|
||||||
|
|
||||||
|
Now create the daemon.
|
||||||
|
|
||||||
|
#+BEGIN_SRC: bash
|
||||||
|
editor /etc/init.d/zerobin
|
||||||
|
#+END_SRC
|
||||||
|
|
||||||
|
Add the following text:
|
||||||
|
|
||||||
|
#+BEGIN_SRC: bash
|
||||||
|
#!/bin/bash
|
||||||
|
# /etc/init.d/zerobin
|
||||||
|
|
||||||
|
### BEGIN INIT INFO
|
||||||
|
# Provides: zerobin
|
||||||
|
# Required-Start: $remote_fs $syslog
|
||||||
|
# Required-Stop: $remote_fs $syslog
|
||||||
|
# Default-Start: 2 3 4 5
|
||||||
|
# Default-Stop: 0 1 6
|
||||||
|
# Short-Description: starts zerobin as a background daemon
|
||||||
|
# Description: starts zerobin as a background daemon
|
||||||
|
### END INIT INFO
|
||||||
|
|
||||||
|
# Author: Bob Mottram <bob@robotics.uk.to>
|
||||||
|
|
||||||
|
#Settings
|
||||||
|
SERVICE='zerobin'
|
||||||
|
LOGFILE='/home/zerobin/zerobin.log'
|
||||||
|
COMMAND="zerobin > $LOGFILE"
|
||||||
|
USERNAME='zerobin'
|
||||||
|
NICELEVEL=19 # from 0-19 the bigger the number, the less the impact on system resources
|
||||||
|
HISTORY=1024
|
||||||
|
INVOCATION="nice -n ${NICELEVEL} ${COMMAND}"
|
||||||
|
PATH='/usr/local/sbin:/usr/local/bin:/usr/bin:/sbin:/usr/sbin:/bin'
|
||||||
|
|
||||||
|
|
||||||
|
zerobin_start() {
|
||||||
|
echo "Starting $SERVICE..."
|
||||||
|
su --command "screen -h ${HISTORY} -dmS ${SERVICE} ${INVOCATION}" $USERNAME
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
zerobin_stop() {
|
||||||
|
echo "Stopping $SERVICE"
|
||||||
|
su --command "screen -p 0 -S ${SERVICE} -X stuff "'^C'"" $USERNAME
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#Start-Stop here
|
||||||
|
case "$1" in
|
||||||
|
start)
|
||||||
|
zerobin_start
|
||||||
|
;;
|
||||||
|
stop)
|
||||||
|
zerobin_stop
|
||||||
|
;;
|
||||||
|
restart)
|
||||||
|
zerobin_stop
|
||||||
|
sleep 2s
|
||||||
|
zerobin_start
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "Usage: $0 {start|stop|restart}"
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
exit 0
|
||||||
|
#+END_SRC
|
||||||
|
|
||||||
|
Save and exit.
|
||||||
|
|
||||||
|
#+BEGIN_SRC: bash
|
||||||
|
chmod +x /etc/init.d/zerobin
|
||||||
|
update-rc.d zerobin defaults
|
||||||
|
service zerobin start
|
||||||
|
#+END_SRC
|
||||||
|
|
||||||
|
Now edit the Apache configuration, delete anything which already exists and add the following, changing /mypastedomainname.com/ to your pastebin subdomain and /username@mydomainname.com/ to your email address:
|
||||||
|
|
||||||
|
#+BEGIN_SRC: bash
|
||||||
|
<VirtualHost *:80>
|
||||||
|
ServerAdmin username@mydomainname.com
|
||||||
|
ServerName mypastedomainname.com
|
||||||
|
|
||||||
|
<Location />
|
||||||
|
ProxyPass http://localhost:8000/
|
||||||
|
Order allow,deny
|
||||||
|
Allow from all
|
||||||
|
LimitRequestBody 256000
|
||||||
|
</Location>
|
||||||
|
|
||||||
|
ErrorLog ${APACHE_LOG_DIR}/paste_error.log
|
||||||
|
|
||||||
|
# Possible values include: debug, info, notice, warn, error, crit,
|
||||||
|
# alert, emerg.
|
||||||
|
LogLevel error
|
||||||
|
|
||||||
|
CustomLog ${APACHE_LOG_DIR}/paste.log combined
|
||||||
|
</VirtualHost>
|
||||||
|
#+END_SRC
|
||||||
|
|
||||||
|
Save and exit.
|
||||||
|
|
||||||
|
The encryption used here is really just intended to provide you with plausible deniability for content which other users may post to your server. Pastes aren't really intended to be totally private, so if your intention is to send private messages then Bitmessage, an XMPP chat session with OTR or a GPG encrypted email is a far better solution.
|
||||||
|
|
||||||
|
#+BEGIN_SRC: bash
|
||||||
|
service apache2 restart
|
||||||
|
#+END_SRC
|
||||||
|
|
||||||
|
You can now visit your new site and paste things for others to see, and vice versa. Uploads are limited to 256K in size to prevent your storage space from being used up.
|
||||||
|
|
||||||
** Install Tripwire
|
** Install Tripwire
|
||||||
|
|
||||||
#+BEGIN_VERSE
|
#+BEGIN_VERSE
|
||||||
|
@ -7203,42 +7327,70 @@ export HOSTNAME=mydiasporadomainname.com
|
||||||
editor /etc/apache2/sites-available/$HOSTNAME
|
editor /etc/apache2/sites-available/$HOSTNAME
|
||||||
#+END_SRC
|
#+END_SRC
|
||||||
|
|
||||||
The initial section which begins with *<VirtualHost *:80>* should be replaced by the following, replacing /mydiasporadomainname.com/ with your Diaspora domain name and /myusername@mydomainname.com/ with your email address.
|
Delete anything which already exists and add the following:
|
||||||
|
|
||||||
#+BEGIN_SRC: bash
|
#+BEGIN_SRC: bash
|
||||||
<VirtualHost *:80>
|
<VirtualHost *:80>
|
||||||
ServerAdmin myusername@mydomainname.com
|
ServerName mydiasporadomainname.com
|
||||||
ServerName mydiasporadomainname.com
|
ServerAlias www.mydiasporadomainname.com
|
||||||
|
|
||||||
RewriteEngine On
|
RedirectPermanent / https://mydiasporadomainname.com/
|
||||||
RewriteCond %{HTTPS} off
|
|
||||||
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
|
|
||||||
</VirtualHost>
|
</VirtualHost>
|
||||||
#+END_SRC
|
|
||||||
|
|
||||||
Add the following in the section which begins with *<VirtualHost *:443>*.
|
<VirtualHost *:443>
|
||||||
|
ServerName mydiasporadomainname.com
|
||||||
|
ServerAlias www.mydiasporadomainname.com
|
||||||
|
|
||||||
#+BEGIN_SRC: bash
|
DocumentRoot /home/diaspora/diaspora/public
|
||||||
ProxyVia On
|
|
||||||
ProxyPreserveHost On
|
|
||||||
ProxyRequests Off
|
|
||||||
SSLProxyEngine On
|
|
||||||
|
|
||||||
ProxyPass / http://localhost:3001/
|
RewriteEngine On
|
||||||
ProxyPassReverse / http://localhost:3001/
|
|
||||||
RequestHeader set X_FORWARDED_PROTO https
|
|
||||||
|
|
||||||
DocumentRoot /home/diaspora/diaspora/public
|
RewriteCond %{HTTP_HOST} !^mydiasporadomainname\.com [NC]
|
||||||
<Directory />
|
RewriteRule ^/(.*)$ https://mydiasporadomainname\.com/$1 [L,R,QSA]
|
||||||
Options FollowSymLinks
|
|
||||||
AllowOverride All
|
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
|
||||||
</Directory>
|
RewriteRule ^/(.*)$ balancer://upstream%{REQUEST_URI} [P,QSA,L]
|
||||||
<Directory /home/diaspora/diaspora/public>
|
|
||||||
Options All
|
<Proxy balancer://upstream>
|
||||||
AllowOverride All
|
BalancerMember http://127.0.0.1:3001
|
||||||
Order allow,deny
|
</Proxy>
|
||||||
allow from all
|
|
||||||
</Directory>
|
ProxyRequests Off
|
||||||
|
ProxyVia On
|
||||||
|
ProxyPreserveHost On
|
||||||
|
RequestHeader set X_FORWARDED_PROTO https
|
||||||
|
|
||||||
|
<Proxy *>
|
||||||
|
# Apache < 2.4
|
||||||
|
Order allow,deny
|
||||||
|
Allow from all
|
||||||
|
# Apache >= 2.4
|
||||||
|
#Require all granted
|
||||||
|
</Proxy>
|
||||||
|
|
||||||
|
<Directory /home/diaspora/diaspora/public>
|
||||||
|
Options -MultiViews
|
||||||
|
# Apache < 2.4
|
||||||
|
Allow from all
|
||||||
|
AllowOverride all
|
||||||
|
# Apache >= 2.4
|
||||||
|
#Require all granted
|
||||||
|
</Directory>
|
||||||
|
|
||||||
|
SSLEngine On
|
||||||
|
SSLCertificateFile /etc/ssl/certs/mydiasporadomainname.com.crt
|
||||||
|
SSLCertificateKeyFile /etc/ssl/private/mydiasporadomainname.com.key
|
||||||
|
|
||||||
|
# maybe not needed, need for example for startssl to point to a local
|
||||||
|
# copy of http://www.startssl.com/certs/sub.class1.server.ca.pem
|
||||||
|
SSLCertificateChainFile /etc/ssl/chains/startssl-sub.class1.server.ca.pem
|
||||||
|
|
||||||
|
# Based on https://wiki.mozilla.org/Security/Server_Side_TLS - consider as global configuration
|
||||||
|
SSLProtocol all -SSLv2
|
||||||
|
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK
|
||||||
|
SSLHonorCipherOrder on
|
||||||
|
SSLCompression off
|
||||||
|
</VirtualHost>
|
||||||
#+END_SRC
|
#+END_SRC
|
||||||
|
|
||||||
Save and exit.
|
Save and exit.
|
||||||
|
@ -7351,6 +7503,7 @@ a2enmod headers
|
||||||
a2enmod proxy
|
a2enmod proxy
|
||||||
a2enmod proxy_connect
|
a2enmod proxy_connect
|
||||||
a2enmod proxy_http
|
a2enmod proxy_http
|
||||||
|
a2enmod proxy_balancer
|
||||||
a2ensite $HOSTNAME
|
a2ensite $HOSTNAME
|
||||||
service apache2 restart
|
service apache2 restart
|
||||||
#+END_SRC
|
#+END_SRC
|
||||||
|
|
Loading…
Reference in New Issue