Pastebin service

2014-06-29 16:32:31 +01:00 · 2014-06-29 16:32:31 +01:00 · 8f8fda2963
parent 7012d790a0
commit 8f8fda2963
1 changed files with 181 additions and 28 deletions
--- a/beaglebone.txt
+++ b/beaglebone.txt
@ -2673,11 +2673,11 @@ uncolor index "~N"
 set pgp_timeout=60

 # automatically sign and encrypt with PGP/MIME
-unset smime_is_default
 set pgp_autosign         # autosign all outgoing mails
 set pgp_replyencrypt     # autocrypt replies to crypted
 set pgp_replysign        # autosign replies to signed
 set pgp_auto_decode=yes  # decode attachments
+unset smime_is_default

 set alias_file=~/.mutt-alias
 source ~/.mutt-alias
@ -6596,6 +6596,130 @@ allow_registration = false

 Save and exit.

+** Run a pastebin service
+If you need to be able to share short text files or other kinds of files on a temporary basis (doing technical support or reporting a bug, for example) then it's useful to have a pastebin system running on your server.
+
+For this you will need to set up a new subdomain and create a new Apache configuration. For details on how to do that see [[Getting onto the web]] and [[Setting up a web site]].
+
+#+BEGIN_SRC: bash
+adduser --disabled-login zerobin
+cd /tmp
+git clone https://github.com/sametmax/0bin.git
+cd 0bin
+python setup.py install
+#+END_SRC
+
+Now create the daemon.
+
+#+BEGIN_SRC: bash
+editor /etc/init.d/zerobin
+#+END_SRC
+
+Add the following text:
+
+#+BEGIN_SRC: bash
+#!/bin/bash
+# /etc/init.d/zerobin
+
+### BEGIN INIT INFO
+# Provides:          zerobin
+# Required-Start:    $remote_fs $syslog
+# Required-Stop:     $remote_fs $syslog
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: starts zerobin as a background daemon
+# Description:       starts zerobin as a background daemon
+### END INIT INFO
+
+# Author: Bob Mottram <bob@robotics.uk.to>
+
+#Settings
+SERVICE='zerobin'
+LOGFILE='/home/zerobin/zerobin.log'
+COMMAND="zerobin > $LOGFILE"
+USERNAME='zerobin'
+NICELEVEL=19 # from 0-19 the bigger the number, the less the impact on system resources
+HISTORY=1024
+INVOCATION="nice -n ${NICELEVEL} ${COMMAND}"
+PATH='/usr/local/sbin:/usr/local/bin:/usr/bin:/sbin:/usr/sbin:/bin'
+
+
+zerobin_start() {
+echo "Starting $SERVICE..."
+su --command "screen -h ${HISTORY} -dmS ${SERVICE} ${INVOCATION}" $USERNAME
+}
+
+
+zerobin_stop() {
+echo "Stopping $SERVICE"
+su --command "screen -p 0 -S ${SERVICE} -X stuff "'^C'"" $USERNAME
+}
+
+
+#Start-Stop here
+case "$1" in
+  start)
+    zerobin_start
+    ;;
+  stop)
+    zerobin_stop
+    ;;
+  restart)
+    zerobin_stop
+    sleep 2s
+    zerobin_start
+    ;;
+    *)
+  echo "Usage: $0 {start|stop|restart}"
+  exit 1
+  ;;
+esac
+
+exit 0
+#+END_SRC
+
+Save and exit.
+
+#+BEGIN_SRC: bash
+chmod +x /etc/init.d/zerobin
+update-rc.d zerobin defaults
+service zerobin start
+#+END_SRC
+
+Now edit the Apache configuration, delete anything which already exists and add the following, changing /mypastedomainname.com/ to your pastebin subdomain and /username@mydomainname.com/ to your email address:
+
+#+BEGIN_SRC: bash
+<VirtualHost *:80>
+    ServerAdmin username@mydomainname.com
+    ServerName mypastedomainname.com
+
+    <Location />
+      ProxyPass http://localhost:8000/
+      Order allow,deny
+      Allow from all
+      LimitRequestBody 256000
+    </Location>
+
+    ErrorLog ${APACHE_LOG_DIR}/paste_error.log
+
+    # Possible values include: debug, info, notice, warn, error, crit,
+    # alert, emerg.
+    LogLevel error
+
+    CustomLog ${APACHE_LOG_DIR}/paste.log combined
+</VirtualHost>
+#+END_SRC
+
+Save and exit.
+
+The encryption used here is really just intended to provide you with plausible deniability for content which other users may post to your server.  Pastes aren't really intended to be totally private, so if your intention is to send private messages then Bitmessage, an XMPP chat session with OTR or a GPG encrypted email is a far better solution.
+
+#+BEGIN_SRC: bash
+service apache2 restart
+#+END_SRC
+
+You can now visit your new site and paste things for others to see, and vice versa.  Uploads are limited to 256K in size to prevent your storage space from being used up.
+
 ** Install Tripwire

 #+BEGIN_VERSE
@ -7203,42 +7327,70 @@ export HOSTNAME=mydiasporadomainname.com
 editor /etc/apache2/sites-available/$HOSTNAME
 #+END_SRC

-The initial section which begins with *<VirtualHost *:80>* should be replaced by the following, replacing /mydiasporadomainname.com/ with your Diaspora domain name and /myusername@mydomainname.com/ with your email address.
+Delete anything which already exists and add the following:

 #+BEGIN_SRC: bash
 <VirtualHost *:80>
-	ServerAdmin myusername@mydomainname.com
-	ServerName mydiasporadomainname.com
+  ServerName mydiasporadomainname.com
+  ServerAlias www.mydiasporadomainname.com

-    RewriteEngine On
-    RewriteCond %{HTTPS} off
-    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
+  RedirectPermanent / https://mydiasporadomainname.com/
 </VirtualHost>
-#+END_SRC

-Add the following in the section which begins with *<VirtualHost *:443>*.
+<VirtualHost *:443>
+  ServerName mydiasporadomainname.com
+  ServerAlias www.mydiasporadomainname.com

-#+BEGIN_SRC: bash
-    ProxyVia On
-    ProxyPreserveHost On
-	ProxyRequests Off
-    SSLProxyEngine On
+  DocumentRoot /home/diaspora/diaspora/public

-    ProxyPass / http://localhost:3001/
-    ProxyPassReverse / http://localhost:3001/
-    RequestHeader set X_FORWARDED_PROTO https
+  RewriteEngine On

-	DocumentRoot /home/diaspora/diaspora/public
-	<Directory />
-		Options FollowSymLinks
-		AllowOverride All
-	</Directory>
-	<Directory /home/diaspora/diaspora/public>
-		Options All
-		AllowOverride All
-		Order allow,deny
-		allow from all
-	</Directory>
+  RewriteCond %{HTTP_HOST} !^mydiasporadomainname\.com [NC]
+  RewriteRule ^/(.*)$ https://mydiasporadomainname\.com/$1 [L,R,QSA]
+
+  RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
+  RewriteRule ^/(.*)$ balancer://upstream%{REQUEST_URI} [P,QSA,L]
+
+  <Proxy balancer://upstream>
+    BalancerMember http://127.0.0.1:3001
+  </Proxy>
+
+  ProxyRequests Off
+  ProxyVia On
+  ProxyPreserveHost On
+  RequestHeader set X_FORWARDED_PROTO https
+
+  <Proxy *>
+    # Apache < 2.4
+    Order allow,deny
+    Allow from all
+    # Apache >= 2.4
+    #Require all granted
+  </Proxy>
+
+  <Directory /home/diaspora/diaspora/public>
+    Options -MultiViews
+    # Apache < 2.4
+    Allow from all
+    AllowOverride all
+    # Apache >= 2.4
+    #Require all granted
+  </Directory>
+
+  SSLEngine On
+  SSLCertificateFile    /etc/ssl/certs/mydiasporadomainname.com.crt
+  SSLCertificateKeyFile /etc/ssl/private/mydiasporadomainname.com.key
+
+  # maybe not needed, need for example for startssl to point to a local
+  # copy of http://www.startssl.com/certs/sub.class1.server.ca.pem
+  SSLCertificateChainFile /etc/ssl/chains/startssl-sub.class1.server.ca.pem
+
+  # Based on https://wiki.mozilla.org/Security/Server_Side_TLS - consider as global configuration
+  SSLProtocol all -SSLv2
+  SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK
+  SSLHonorCipherOrder on
+  SSLCompression off
+</VirtualHost>
 #+END_SRC

 Save and exit.
@ -7351,6 +7503,7 @@ a2enmod headers
 a2enmod proxy
 a2enmod proxy_connect
 a2enmod proxy_http
+a2enmod proxy_balancer
 a2ensite $HOSTNAME
 service apache2 restart
 #+END_SRC