From: Nils Gillmann <ng0@n0.is>
To: guile-user@gnu.org
Subject: Re: About the IRC Logs
Date: Fri, 9 Nov 2018 15:59:14 +0000 [thread overview]
Message-ID: <20181109155914.kitchrjaxvbk6yij@abyayala> (raw)
In-Reply-To: <20181109155651.du5jis5pz6vunzsw@abyayala>
[-- Attachment #1: Type: text/plain, Size: 1539 bytes --]
And here the apache2 config I forgot to append.
Nils Gillmann transcribed 1.4K bytes:
> Hi,
>
> first off: sorry that the logs are down for such a long time.
>
> Since someone in your community offered to fix the Apache config,
> and I got the okay to share it, you can find the config for the
> https://irclogs.gnunet.org appended to this email.
>
> The application running is taking limnoria textfile logs and
> publishes them. The sourcecode is https://git.kyriasis.com/kyrias/znc-log-viewer
> with some minor modifications (only a local config change).
>
> The author told me:
> > Because that looks a lot like a TLS handshake, which you most certainly should not be sending to flask.
> > uwsgi://127.0.0.1:7000/
> > It's not running under uwsgi, so don't try to proxypass it using the uwsgi protocol.
> > So either change it to an actual http proxying, or run it under uwsgi.
>
> We are currently busy fighting other fires, but we understand the logs are
> important for the hosted communities. If you want to have the current outcome
> of a longer discussion displayed, you can help and fix the apache2 config.
> The past logs are dumped, they still need to be converted (or the znc-log-viewer
> needs some code for SQL).
>
> PS: Please don't use this email to throw discussions about wether your
> favorite language or viewer might be the better replacement in my
> inbox, there have been discussions and they happened offlist and I'm
> not happy with the outcome but it gets the job done.
>
> Thanks, and happy hacking!
>
[-- Attachment #2: irclogs-ssl --]
[-- Type: text/plain, Size: 3044 bytes --]
ServerTokens Prod
<IfModule mod_ssl.c>
<VirtualHost irclogs.gnunet.org:443>
ServerAdmin webmaster@gnunet.org
ServerName "irclogs.gnunet.org"
ServerSignature Off
KeepAlive On
KeepAliveTimeout 30
MaxKeepAliveRequests 1000
ExpiresActive On
ExpiresDefault "access plus 5 minutes"
ExpiresByType image/gif "access plus 1 year"
ExpiresByType image/jpeg "access plus 1 year"
ExpiresByType image/png "access plus 1 year"
ExpiresByType application/javascript "access plus 1 week"
ExpiresByType text/css "access plus 1 week"
ExpiresByType image/x-icon "access plus 1 year"
ExpiresByType text/html "access plus 1 minute"
Header unset Cache-Control
Header unset ETag
FileETag None
ErrorLog /var/log/apache2/gnunet-irclogs-ssl_error.log
LogLevel debug
CustomLog /var/log/apache2/gnunet-irclogs-ssl_access.log combined
ProxyPass / uwsgi://127.0.0.1:7000/
# Enable/Disable SSL for this virtual host.
SSLEngine on
SSLCompression off
SSLProtocol -ALL +TLSv1.2 +TLSv1.1 +TLSv1
SSLHonorCipherOrder On
Header add Strict-Transport-Security "max-age=15768000 ; includeSubDomains; preload"
Header add X-XSS-Protection "1; mode=block"
Header add X-Frame-Options "SAMEORIGIN"
Header add X-Content-Type-Options "nosniff"
Header add Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self' wss://irclogs.gnunet.org; frame-ancestors 'self'"
SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:AES128-GCM-SHA256:!RC4:HIGH:!MD5:!aNULL
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
#:!EDH
SSLOpenSSLConfCmd DHParameters "/etc/ssl/private/dhparams.pem"
# SSLCertificateKeyFile /etc/ssl/private/gnunet.org.key
SSLCertificateKeyFile /etc/letsencrypt/live/v10.gnunet.org/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/v10.gnunet.org/fullchain.pem
SSLCertificateFile /etc/letsencrypt/live/v10.gnunet.org/cert.pem
# SSLCertificateFile /etc/ssl/certs/gnunet.org.cert
# SSLCertificateChainFile /etc/ssl/private/cachain.csr
SSLOptions +StrictRequire
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>
</IfModule>
prev parent reply other threads:[~2018-11-09 15:59 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-09 15:56 About the IRC Logs Nils Gillmann
2018-11-09 15:59 ` Nils Gillmann [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/guile/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181109155914.kitchrjaxvbk6yij@abyayala \
--to=ng0@n0.is \
--cc=guile-user@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).