Pastebin service

This commit is contained in:
Bob Mottram 2014-06-29 16:32:31 +01:00
parent 7012d790a0
commit 8f8fda2963
1 changed files with 181 additions and 28 deletions

View File

@ -2673,11 +2673,11 @@ uncolor index "~N"
set pgp_timeout=60 set pgp_timeout=60
# automatically sign and encrypt with PGP/MIME # automatically sign and encrypt with PGP/MIME
unset smime_is_default
set pgp_autosign # autosign all outgoing mails set pgp_autosign # autosign all outgoing mails
set pgp_replyencrypt # autocrypt replies to crypted set pgp_replyencrypt # autocrypt replies to crypted
set pgp_replysign # autosign replies to signed set pgp_replysign # autosign replies to signed
set pgp_auto_decode=yes # decode attachments set pgp_auto_decode=yes # decode attachments
unset smime_is_default
set alias_file=~/.mutt-alias set alias_file=~/.mutt-alias
source ~/.mutt-alias source ~/.mutt-alias
@ -6596,6 +6596,130 @@ allow_registration = false
Save and exit. Save and exit.
** Run a pastebin service
If you need to be able to share short text files or other kinds of files on a temporary basis (doing technical support or reporting a bug, for example) then it's useful to have a pastebin system running on your server.
For this you will need to set up a new subdomain and create a new Apache configuration. For details on how to do that see [[Getting onto the web]] and [[Setting up a web site]].
#+BEGIN_SRC: bash
adduser --disabled-login zerobin
cd /tmp
git clone https://github.com/sametmax/0bin.git
cd 0bin
python setup.py install
#+END_SRC
Now create the daemon.
#+BEGIN_SRC: bash
editor /etc/init.d/zerobin
#+END_SRC
Add the following text:
#+BEGIN_SRC: bash
#!/bin/bash
# /etc/init.d/zerobin
### BEGIN INIT INFO
# Provides: zerobin
# Required-Start: $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: starts zerobin as a background daemon
# Description: starts zerobin as a background daemon
### END INIT INFO
# Author: Bob Mottram <bob@robotics.uk.to>
#Settings
SERVICE='zerobin'
LOGFILE='/home/zerobin/zerobin.log'
COMMAND="zerobin > $LOGFILE"
USERNAME='zerobin'
NICELEVEL=19 # from 0-19 the bigger the number, the less the impact on system resources
HISTORY=1024
INVOCATION="nice -n ${NICELEVEL} ${COMMAND}"
PATH='/usr/local/sbin:/usr/local/bin:/usr/bin:/sbin:/usr/sbin:/bin'
zerobin_start() {
echo "Starting $SERVICE..."
su --command "screen -h ${HISTORY} -dmS ${SERVICE} ${INVOCATION}" $USERNAME
}
zerobin_stop() {
echo "Stopping $SERVICE"
su --command "screen -p 0 -S ${SERVICE} -X stuff "'^C'"" $USERNAME
}
#Start-Stop here
case "$1" in
start)
zerobin_start
;;
stop)
zerobin_stop
;;
restart)
zerobin_stop
sleep 2s
zerobin_start
;;
*)
echo "Usage: $0 {start|stop|restart}"
exit 1
;;
esac
exit 0
#+END_SRC
Save and exit.
#+BEGIN_SRC: bash
chmod +x /etc/init.d/zerobin
update-rc.d zerobin defaults
service zerobin start
#+END_SRC
Now edit the Apache configuration, delete anything which already exists and add the following, changing /mypastedomainname.com/ to your pastebin subdomain and /username@mydomainname.com/ to your email address:
#+BEGIN_SRC: bash
<VirtualHost *:80>
ServerAdmin username@mydomainname.com
ServerName mypastedomainname.com
<Location />
ProxyPass http://localhost:8000/
Order allow,deny
Allow from all
LimitRequestBody 256000
</Location>
ErrorLog ${APACHE_LOG_DIR}/paste_error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel error
CustomLog ${APACHE_LOG_DIR}/paste.log combined
</VirtualHost>
#+END_SRC
Save and exit.
The encryption used here is really just intended to provide you with plausible deniability for content which other users may post to your server. Pastes aren't really intended to be totally private, so if your intention is to send private messages then Bitmessage, an XMPP chat session with OTR or a GPG encrypted email is a far better solution.
#+BEGIN_SRC: bash
service apache2 restart
#+END_SRC
You can now visit your new site and paste things for others to see, and vice versa. Uploads are limited to 256K in size to prevent your storage space from being used up.
** Install Tripwire ** Install Tripwire
#+BEGIN_VERSE #+BEGIN_VERSE
@ -7203,42 +7327,70 @@ export HOSTNAME=mydiasporadomainname.com
editor /etc/apache2/sites-available/$HOSTNAME editor /etc/apache2/sites-available/$HOSTNAME
#+END_SRC #+END_SRC
The initial section which begins with *<VirtualHost *:80>* should be replaced by the following, replacing /mydiasporadomainname.com/ with your Diaspora domain name and /myusername@mydomainname.com/ with your email address. Delete anything which already exists and add the following:
#+BEGIN_SRC: bash #+BEGIN_SRC: bash
<VirtualHost *:80> <VirtualHost *:80>
ServerAdmin myusername@mydomainname.com ServerName mydiasporadomainname.com
ServerName mydiasporadomainname.com ServerAlias www.mydiasporadomainname.com
RewriteEngine On RedirectPermanent / https://mydiasporadomainname.com/
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost> </VirtualHost>
#+END_SRC
Add the following in the section which begins with *<VirtualHost *:443>*. <VirtualHost *:443>
ServerName mydiasporadomainname.com
ServerAlias www.mydiasporadomainname.com
#+BEGIN_SRC: bash DocumentRoot /home/diaspora/diaspora/public
ProxyVia On
ProxyPreserveHost On
ProxyRequests Off
SSLProxyEngine On
ProxyPass / http://localhost:3001/ RewriteEngine On
ProxyPassReverse / http://localhost:3001/
RequestHeader set X_FORWARDED_PROTO https
DocumentRoot /home/diaspora/diaspora/public RewriteCond %{HTTP_HOST} !^mydiasporadomainname\.com [NC]
<Directory /> RewriteRule ^/(.*)$ https://mydiasporadomainname\.com/$1 [L,R,QSA]
Options FollowSymLinks
AllowOverride All RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
</Directory> RewriteRule ^/(.*)$ balancer://upstream%{REQUEST_URI} [P,QSA,L]
<Directory /home/diaspora/diaspora/public>
Options All <Proxy balancer://upstream>
AllowOverride All BalancerMember http://127.0.0.1:3001
Order allow,deny </Proxy>
allow from all
</Directory> ProxyRequests Off
ProxyVia On
ProxyPreserveHost On
RequestHeader set X_FORWARDED_PROTO https
<Proxy *>
# Apache < 2.4
Order allow,deny
Allow from all
# Apache >= 2.4
#Require all granted
</Proxy>
<Directory /home/diaspora/diaspora/public>
Options -MultiViews
# Apache < 2.4
Allow from all
AllowOverride all
# Apache >= 2.4
#Require all granted
</Directory>
SSLEngine On
SSLCertificateFile /etc/ssl/certs/mydiasporadomainname.com.crt
SSLCertificateKeyFile /etc/ssl/private/mydiasporadomainname.com.key
# maybe not needed, need for example for startssl to point to a local
# copy of http://www.startssl.com/certs/sub.class1.server.ca.pem
SSLCertificateChainFile /etc/ssl/chains/startssl-sub.class1.server.ca.pem
# Based on https://wiki.mozilla.org/Security/Server_Side_TLS - consider as global configuration
SSLProtocol all -SSLv2
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK
SSLHonorCipherOrder on
SSLCompression off
</VirtualHost>
#+END_SRC #+END_SRC
Save and exit. Save and exit.
@ -7351,6 +7503,7 @@ a2enmod headers
a2enmod proxy a2enmod proxy
a2enmod proxy_connect a2enmod proxy_connect
a2enmod proxy_http a2enmod proxy_http
a2enmod proxy_balancer
a2ensite $HOSTNAME a2ensite $HOSTNAME
service apache2 restart service apache2 restart
#+END_SRC #+END_SRC