Search engine access control
This commit is contained in:
Bob Mottram
parent
22d15f14d4
commit
73ca1e0bbf
|
|
@ -257,6 +257,7 @@ SEARCH_ENGINE_COMMIT='fee556c9904637051a9ba874ba7e71cd9f10789f'
|
|||
SEARCH_ENGINE_PATH=/etc
|
||||
SEARCH_ENGINE_ONION_PORT=8094
|
||||
SEARCH_ENGINE_ONION_HOSTNAME=
|
||||
SEARCH_ENGINE_LOGIN_TEXT=$"Search engine login"
|
||||
|
||||
GPG_KEYSERVER="hkp://keys.gnupg.net"
|
||||
|
||||
|
|
@ -6235,6 +6236,15 @@ function install_web_server {
|
|||
echo 'install_web_server' >> $COMPLETION_FILE
|
||||
}
|
||||
|
||||
function install_web_server_access_control {
|
||||
if [ ! -f /etc/pam.d/nginx ]; then
|
||||
echo '#%PAM-1.0' > /etc/pam.d/nginx
|
||||
echo '@include common-auth' >> /etc/pam.d/nginx
|
||||
echo '@include common-account' >> /etc/pam.d/nginx
|
||||
echo '@include common-session' >> /etc/pam.d/nginx
|
||||
fi
|
||||
}
|
||||
|
||||
function configure_php {
|
||||
sed -i "s/memory_limit = 128M/memory_limit = ${MAX_PHP_MEMORY}M/g" /etc/php5/fpm/php.ini
|
||||
sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php5/fpm/php.ini
|
||||
|
|
@ -9160,14 +9170,7 @@ function install_gnu_social_markdown {
|
|||
}
|
||||
|
||||
function install_search_engine {
|
||||
# Note: having a search engine is a nice idea, but at present there are a couple
|
||||
# of problems. One is that there is no access control, such that J random web surfer
|
||||
# could use your search engine. Secondly, the outgoing connection to other search
|
||||
# engines currently can't be socks5 proxied. This potentially causes legal liability
|
||||
# issues for the user - (i) providing secondard services beyond household members
|
||||
# and (ii) adversaries could try to incriminate you by searching for things illegal
|
||||
# within your zone.
|
||||
# Until these factors are addressed it's unwise to have this enabled by default.
|
||||
# Note: currently socks5 outgoing proxies to other search engines does not work
|
||||
if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
|
||||
return
|
||||
fi
|
||||
|
|
@ -9293,6 +9296,8 @@ function install_search_engine {
|
|||
echo ' proxy_set_header X-Remote-Port $remote_port;' >> /etc/nginx/sites-available/searx
|
||||
echo ' proxy_set_header X-Forwarded-Proto $scheme;' >> /etc/nginx/sites-available/searx
|
||||
echo ' proxy_redirect off;' >> /etc/nginx/sites-available/searx
|
||||
echo " auth_pam \"${SEARCH_ENGINE_LOGIN_TEXT}\";" >> /etc/nginx/sites-available/searx
|
||||
echo ' auth_pam_service_name "nginx";' >> /etc/nginx/sites-available/searx
|
||||
echo ' }' >> /etc/nginx/sites-available/searx
|
||||
echo '' >> /etc/nginx/sites-available/searx
|
||||
echo ' fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/searx
|
||||
|
|
@ -10680,6 +10685,7 @@ encrypt_all_email
|
|||
import_email
|
||||
script_for_attaching_usb_drive
|
||||
install_web_server
|
||||
install_web_server_access_control
|
||||
configure_firewall_for_web_server
|
||||
install_owncloud
|
||||
install_owncloud_music_app
|
||||
|
|
|
|||
Loading…
Reference in New Issue