Retire support for keybase.io gpg version 2.x doesn't appear to work well with it, but beyond that there's the really concerning issue that the site asks users to upload their *private keys*. Even if the private keys are client side passphrase encrypted this gives that site a full time opportunity to crack private keys. Even if they don't so that, a leak happens and suddenly letter agencies have your private key. Not a good way to go.

This commit is contained in:
Bob Mottram 2018-01-11 20:26:27 +00:00
parent 2a7e6c323d
commit f410d0a13f
18 changed files with 0 additions and 86 deletions

View File

@ -387,8 +387,6 @@ function install_dokuwiki {
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
nginx_keybase $DOKUWIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
@ -467,7 +465,6 @@ function install_dokuwiki {
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
nginx_keybase $DOKUWIKI_DOMAIN_NAME
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

View File

@ -573,8 +573,6 @@ function install_etherpad {
echo ' proxy_set_header Host $host;' >> $etherpad_nginx_site echo ' proxy_set_header Host $host;' >> $etherpad_nginx_site
echo ' proxy_buffering off;' >> $etherpad_nginx_site echo ' proxy_buffering off;' >> $etherpad_nginx_site
echo ' }' >> $etherpad_nginx_site echo ' }' >> $etherpad_nginx_site
echo '' >> $etherpad_nginx_site
nginx_keybase $ETHERPAD_DOMAIN_NAME
echo '}' >> $etherpad_nginx_site echo '}' >> $etherpad_nginx_site
else else
echo -n '' > $etherpad_nginx_site echo -n '' > $etherpad_nginx_site
@ -600,8 +598,6 @@ function install_etherpad {
echo ' proxy_set_header Host $host;' >> $etherpad_nginx_site echo ' proxy_set_header Host $host;' >> $etherpad_nginx_site
echo ' proxy_buffering off;' >> $etherpad_nginx_site echo ' proxy_buffering off;' >> $etherpad_nginx_site
echo ' }' >> $etherpad_nginx_site echo ' }' >> $etherpad_nginx_site
echo '' >> $etherpad_nginx_site
nginx_keybase $ETHERPAD_DOMAIN_NAME
echo '}' >> $etherpad_nginx_site echo '}' >> $etherpad_nginx_site
function_check create_site_certificate function_check create_site_certificate

View File

@ -427,8 +427,6 @@ function install_friendica {
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
nginx_keybase ${FRIENDICA_DOMAIN_NAME}
echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
@ -496,8 +494,6 @@ function install_friendica {
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
nginx_keybase ${FRIENDICA_DOMAIN_NAME}
echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME

View File

@ -471,8 +471,6 @@ function install_ghost {
echo ' log_not_found off;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo ' log_not_found off;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo ' access_log /dev/null;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo ' }' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo ' }' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
nginx_keybase $GHOST_DOMAIN_NAME
echo '}' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo '}' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
else else
@ -505,8 +503,6 @@ function install_ghost {
echo ' log_not_found off;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo ' log_not_found off;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo ' access_log /dev/null;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo ' }' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo ' }' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
nginx_keybase ${GHOST_DOMAIN_NAME}
echo '}' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo '}' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
function_check create_site_certificate function_check create_site_certificate

View File

@ -738,8 +738,6 @@ function install_gnusocial_main {
echo ' location ~ /\.(ht|git) {' >> $gnusocial_nginx_site echo ' location ~ /\.(ht|git) {' >> $gnusocial_nginx_site
echo ' deny all;' >> $gnusocial_nginx_site echo ' deny all;' >> $gnusocial_nginx_site
echo ' }' >> $gnusocial_nginx_site echo ' }' >> $gnusocial_nginx_site
echo '' >> $gnusocial_nginx_site
# DO NOT ENABLE KEYBASE. gnusocial really doesn't like having a .well-known directory
echo '}' >> $gnusocial_nginx_site echo '}' >> $gnusocial_nginx_site
else else
echo -n '' > $gnusocial_nginx_site echo -n '' > $gnusocial_nginx_site
@ -787,8 +785,6 @@ function install_gnusocial_main {
echo ' location ~ /\.(ht|git) {' >> $gnusocial_nginx_site echo ' location ~ /\.(ht|git) {' >> $gnusocial_nginx_site
echo ' deny all;' >> $gnusocial_nginx_site echo ' deny all;' >> $gnusocial_nginx_site
echo ' }' >> $gnusocial_nginx_site echo ' }' >> $gnusocial_nginx_site
echo '' >> $gnusocial_nginx_site
# DO NOT ENABLE KEYBASE. gnusocial really doesn't like having a .well-known directory
echo '}' >> $gnusocial_nginx_site echo '}' >> $gnusocial_nginx_site
function_check configure_php function_check configure_php

View File

@ -601,8 +601,6 @@ function install_gogs {
echo ' log_not_found off;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo ' log_not_found off;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo ' access_log /dev/null;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo ' }' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo ' }' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
nginx_keybase ${GIT_DOMAIN_NAME}
echo '}' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo '}' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
else else
@ -635,8 +633,6 @@ function install_gogs {
echo ' log_not_found off;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo ' log_not_found off;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo ' access_log /dev/null;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo ' }' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo ' }' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
nginx_keybase ${GIT_DOMAIN_NAME}
echo '}' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo '}' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
function_check configure_php function_check configure_php

View File

@ -463,8 +463,6 @@ function install_htmly_website {
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
nginx_keybase ${HTMLY_DOMAIN_NAME}
echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
@ -541,8 +539,6 @@ function install_htmly_website_onion {
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
nginx_keybase ${HTMLY_DOMAIN_NAME}
echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME

View File

@ -431,8 +431,6 @@ function install_hubzilla {
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
nginx_keybase ${HUBZILLA_DOMAIN_NAME}
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
@ -500,8 +498,6 @@ function install_hubzilla {
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
nginx_keybase ${HUBZILLA_DOMAIN_NAME}
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME

View File

@ -504,8 +504,6 @@ function install_kanboard {
echo ' location ~ /\.(ht|git) {' >> $kanboard_nginx_site echo ' location ~ /\.(ht|git) {' >> $kanboard_nginx_site
echo ' deny all;' >> $kanboard_nginx_site echo ' deny all;' >> $kanboard_nginx_site
echo ' }' >> $kanboard_nginx_site echo ' }' >> $kanboard_nginx_site
echo '' >> $kanboard_nginx_site
# DO NOT ENABLE KEYBASE. kanboard really doesn't like having a .well-known directory
echo '}' >> $kanboard_nginx_site echo '}' >> $kanboard_nginx_site
else else
echo -n '' > $kanboard_nginx_site echo -n '' > $kanboard_nginx_site
@ -553,8 +551,6 @@ function install_kanboard {
echo ' location ~ /\.(ht|git) {' >> $kanboard_nginx_site echo ' location ~ /\.(ht|git) {' >> $kanboard_nginx_site
echo ' deny all;' >> $kanboard_nginx_site echo ' deny all;' >> $kanboard_nginx_site
echo ' }' >> $kanboard_nginx_site echo ' }' >> $kanboard_nginx_site
echo '' >> $kanboard_nginx_site
# DO NOT ENABLE KEYBASE. kanboard really doesn't like having a .well-known directory
echo '}' >> $kanboard_nginx_site echo '}' >> $kanboard_nginx_site
function_check configure_php function_check configure_php

View File

@ -260,8 +260,6 @@ function install_lychee_website {
nginx_limits $LYCHEE_DOMAIN_NAME nginx_limits $LYCHEE_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
nginx_keybase ${LYCHEE_DOMAIN_NAME}
echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' # or a unix socket' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' # or a unix socket' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
@ -323,8 +321,6 @@ function install_lychee_website_onion {
nginx_limits $LYCHEE_DOMAIN_NAME nginx_limits $LYCHEE_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
nginx_keybase ${LYCHEE_DOMAIN_NAME}
echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' # block these file types' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' # block these file types' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' deny all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME

View File

@ -271,8 +271,6 @@ function install_mailpile {
echo " proxy_pass http://localhost:${MAILPILE_PORT};" >> $mailpile_nginx_site echo " proxy_pass http://localhost:${MAILPILE_PORT};" >> $mailpile_nginx_site
echo ' proxy_redirect off;' >> $mailpile_nginx_site echo ' proxy_redirect off;' >> $mailpile_nginx_site
echo ' }' >> $mailpile_nginx_site echo ' }' >> $mailpile_nginx_site
echo '' >> $mailpile_nginx_site
nginx_keybase ${MAILPILE_DOMAIN_NAME}
echo '}' >> $mailpile_nginx_site echo '}' >> $mailpile_nginx_site
echo '' >> $mailpile_nginx_site echo '' >> $mailpile_nginx_site
else else
@ -303,8 +301,6 @@ function install_mailpile {
echo " proxy_pass http://localhost:${MAILPILE_PORT};" >> $mailpile_nginx_site echo " proxy_pass http://localhost:${MAILPILE_PORT};" >> $mailpile_nginx_site
echo ' proxy_redirect off;' >> $mailpile_nginx_site echo ' proxy_redirect off;' >> $mailpile_nginx_site
echo ' }' >> $mailpile_nginx_site echo ' }' >> $mailpile_nginx_site
echo '' >> $mailpile_nginx_site
nginx_keybase ${MAILPILE_DOMAIN_NAME}
echo '}' >> $mailpile_nginx_site echo '}' >> $mailpile_nginx_site
function_check create_site_certificate function_check create_site_certificate

View File

@ -381,7 +381,6 @@ function install_mediagoblin {
nginx_disable_sniffing $MEDIAGOBLIN_DOMAIN_NAME nginx_disable_sniffing $MEDIAGOBLIN_DOMAIN_NAME
function_check nginx_limits function_check nginx_limits
nginx_limits $MEDIAGOBLIN_DOMAIN_NAME 800m nginx_limits $MEDIAGOBLIN_DOMAIN_NAME 800m
nginx_keybase $MEDIAGOBLIN_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' client_header_timeout 10m;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' client_header_timeout 10m;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' client_body_timeout 10m;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' client_body_timeout 10m;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME

View File

@ -545,9 +545,6 @@ function install_nextcloud_main {
echo ' }' >> $nextcloud_nginx_site echo ' }' >> $nextcloud_nginx_site
echo '' >> $nextcloud_nginx_site echo '' >> $nextcloud_nginx_site
echo ' location /.well-known/acme-challenge { }' >> $nextcloud_nginx_site echo ' location /.well-known/acme-challenge { }' >> $nextcloud_nginx_site
echo '' >> $nextcloud_nginx_site
# DO NOT ENABLE KEYBASE. nextcloud really doesn't like having a .well-known directory
echo '}' >> $nextcloud_nginx_site echo '}' >> $nextcloud_nginx_site
else else
echo -n '' > $nextcloud_nginx_site echo -n '' > $nextcloud_nginx_site

View File

@ -93,8 +93,6 @@ function install_pelican_website {
nginx_limits $PELICAN_DOMAIN_NAME nginx_limits $PELICAN_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
nginx_keybase ${PELICAN_DOMAIN_NAME}
echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
echo ' # block these file types' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo ' # block these file types' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo ' deny all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
@ -136,8 +134,6 @@ function install_pelican_website_onion {
nginx_limits $PELICAN_DOMAIN_NAME nginx_limits $PELICAN_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
nginx_keybase ${PELICAN_DOMAIN_NAME}
echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
echo ' # block these file types' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo ' # block these file types' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME echo ' deny all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME

View File

@ -753,8 +753,6 @@ function install_postactiv_main {
echo ' location ~ /\.(ht|git) {' >> $postactiv_nginx_site echo ' location ~ /\.(ht|git) {' >> $postactiv_nginx_site
echo ' deny all;' >> $postactiv_nginx_site echo ' deny all;' >> $postactiv_nginx_site
echo ' }' >> $postactiv_nginx_site echo ' }' >> $postactiv_nginx_site
echo '' >> $postactiv_nginx_site
# DO NOT ENABLE KEYBASE. postactiv really doesn't like having a .well-known directory
echo '}' >> $postactiv_nginx_site echo '}' >> $postactiv_nginx_site
else else
echo -n '' > $postactiv_nginx_site echo -n '' > $postactiv_nginx_site
@ -802,8 +800,6 @@ function install_postactiv_main {
echo ' location ~ /\.(ht|git) {' >> $postactiv_nginx_site echo ' location ~ /\.(ht|git) {' >> $postactiv_nginx_site
echo ' deny all;' >> $postactiv_nginx_site echo ' deny all;' >> $postactiv_nginx_site
echo ' }' >> $postactiv_nginx_site echo ' }' >> $postactiv_nginx_site
echo '' >> $postactiv_nginx_site
# DO NOT ENABLE KEYBASE. postactiv really doesn't like having a .well-known directory
echo '}' >> $postactiv_nginx_site echo '}' >> $postactiv_nginx_site
function_check configure_php function_check configure_php

View File

@ -297,8 +297,6 @@ function install_riot {
function_check nginx_limits function_check nginx_limits
nginx_limits $RIOT_DOMAIN_NAME '15m' nginx_limits $RIOT_DOMAIN_NAME '15m'
echo ' }' >> $riot_nginx_site echo ' }' >> $riot_nginx_site
echo '' >> $riot_nginx_site
nginx_keybase ${RIOT_DOMAIN_NAME}
echo '}' >> $riot_nginx_site echo '}' >> $riot_nginx_site
echo '' >> $riot_nginx_site echo '' >> $riot_nginx_site
else else
@ -324,8 +322,6 @@ function install_riot {
function_check nginx_limits function_check nginx_limits
nginx_limits $RIOT_DOMAIN_NAME '15m' nginx_limits $RIOT_DOMAIN_NAME '15m'
echo ' }' >> $riot_nginx_site echo ' }' >> $riot_nginx_site
echo '' >> $riot_nginx_site
nginx_keybase ${RIOT_DOMAIN_NAME}
echo '}' >> $riot_nginx_site echo '}' >> $riot_nginx_site
sed '/Content-Security-Policy/d' $riot_nginx_site sed '/Content-Security-Policy/d' $riot_nginx_site

View File

@ -313,8 +313,6 @@ function install_wekan_main {
echo ' log_not_found off;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} echo ' log_not_found off;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} echo ' access_log /dev/null;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
echo ' }' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} echo ' }' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
echo '' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
nginx_keybase ${WEKAN_DOMAIN_NAME}
echo '}' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} echo '}' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
echo '' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} echo '' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
else else
@ -347,8 +345,6 @@ function install_wekan_main {
echo ' log_not_found off;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} echo ' log_not_found off;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} echo ' access_log /dev/null;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
echo ' }' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} echo ' }' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
echo '' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
nginx_keybase ${WEKAN_DOMAIN_NAME}
echo '}' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} echo '}' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
function_check nginx_ensite function_check nginx_ensite

View File

@ -166,29 +166,6 @@ function nginx_ssl {
#nginx_stapling $1 #nginx_stapling $1
} }
function nginx_keybase {
# creates files suitable for keybase.io verification
domain_name=$1
filename=/etc/nginx/sites-available/$domain_name
echo '' >> $filename
echo " # make sure webfinger and other well known services aren't blocked" >> $filename
echo ' # by denying dot files and rewrite request to the front controller' >> $filename
echo ' location ^~ /.well-known/ {' >> $filename
echo ' allow all;' >> $filename
echo ' }' >> $filename
if [ ! -d /var/www/${domain_name}/htdocs/.well-known ]; then
mkdir -p /var/www/${domain_name}/htdocs/.well-known
fi
if [ ! -f /var/www/${domain_name}/htdocs/keybase.txt ]; then
touch /var/www/${domain_name}/htdocs/keybase.txt
fi
if [ ! -f /var/www/${domain_name}/htdocs/.well-known/keybase.txt ]; then
touch /var/www/${domain_name}/htdocs/.well-known/keybase.txt
fi
}
# check an individual domain name # check an individual domain name
function test_domain_name { function test_domain_name {
if [ $1 ]; then if [ $1 ]; then