About the IRC Logs

unofficial mirror of guile-user@gnu.org 
 help / color / mirror / Atom feed

* About the IRC Logs
@ 2018-11-09 15:56 Nils Gillmann
  2018-11-09 15:59 ` Nils Gillmann
  0 siblings, 1 reply; 2+ messages in thread
From: Nils Gillmann @ 2018-11-09 15:56 UTC (permalink / raw)
  To: guile-user

Hi,

first off: sorry that the logs are down for such a long time.

Since someone in your community offered to fix the Apache config,
and I got the okay to share it, you can find the config for the
https://irclogs.gnunet.org appended to this email.

The application running is taking limnoria textfile logs and
publishes them. The sourcecode is https://git.kyriasis.com/kyrias/znc-log-viewer
with some minor modifications (only a local config change).

The author told me:
> Because that looks a lot like a TLS handshake, which you most certainly should not be sending to flask.
> uwsgi://127.0.0.1:7000/
> It's not running under uwsgi, so don't try to proxypass it using the uwsgi protocol.
> So either change it to an actual http proxying, or run it under uwsgi.

We are currently busy fighting other fires, but we understand the logs are
important for the hosted communities. If you want to have the current outcome
of a longer discussion displayed, you can help and fix the apache2 config.
The past logs are dumped, they still need to be converted (or the znc-log-viewer
needs some code for SQL).

PS: Please don't use this email to throw discussions about wether your
favorite language or viewer might be the better replacement in my
inbox, there have been discussions and they happened offlist and I'm
not happy with the outcome but it gets the job done.

Thanks, and happy hacking!

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: About the IRC Logs
  2018-11-09 15:56 About the IRC Logs Nils Gillmann
@ 2018-11-09 15:59 ` Nils Gillmann
  0 siblings, 0 replies; 2+ messages in thread
From: Nils Gillmann @ 2018-11-09 15:59 UTC (permalink / raw)
  To: guile-user

[-- Attachment #1: Type: text/plain, Size: 1539 bytes --]

And here the apache2 config I forgot to append.

Nils Gillmann transcribed 1.4K bytes:
> Hi,
> 
> first off: sorry that the logs are down for such a long time.
> 
> Since someone in your community offered to fix the Apache config,
> and I got the okay to share it, you can find the config for the
> https://irclogs.gnunet.org appended to this email.
> 
> The application running is taking limnoria textfile logs and
> publishes them. The sourcecode is https://git.kyriasis.com/kyrias/znc-log-viewer
> with some minor modifications (only a local config change).
> 
> The author told me:
> > Because that looks a lot like a TLS handshake, which you most certainly should not be sending to flask.
> > uwsgi://127.0.0.1:7000/
> > It's not running under uwsgi, so don't try to proxypass it using the uwsgi protocol.
> > So either change it to an actual http proxying, or run it under uwsgi.
> 
> We are currently busy fighting other fires, but we understand the logs are
> important for the hosted communities. If you want to have the current outcome
> of a longer discussion displayed, you can help and fix the apache2 config.
> The past logs are dumped, they still need to be converted (or the znc-log-viewer
> needs some code for SQL).
> 
> PS: Please don't use this email to throw discussions about wether your
> favorite language or viewer might be the better replacement in my
> inbox, there have been discussions and they happened offlist and I'm
> not happy with the outcome but it gets the job done.
> 
> Thanks, and happy hacking!
> 

[-- Attachment #2: irclogs-ssl --]
[-- Type: text/plain, Size: 3044 bytes --]

ServerTokens Prod
<IfModule mod_ssl.c>
<VirtualHost irclogs.gnunet.org:443>
	ServerAdmin webmaster@gnunet.org
 	ServerName "irclogs.gnunet.org"	
	ServerSignature Off
	KeepAlive On
	KeepAliveTimeout 30
	MaxKeepAliveRequests 1000
	ExpiresActive On
	ExpiresDefault "access plus 5 minutes"
	ExpiresByType image/gif "access plus 1 year"
	ExpiresByType image/jpeg "access plus 1 year"
	ExpiresByType image/png "access plus 1 year"
	ExpiresByType application/javascript "access plus 1 week"
	ExpiresByType text/css "access plus 1 week"
	ExpiresByType image/x-icon "access plus 1 year"
	ExpiresByType text/html "access plus 1 minute"
	Header unset Cache-Control
	Header unset ETag
	FileETag None
        ErrorLog /var/log/apache2/gnunet-irclogs-ssl_error.log
        LogLevel debug
        CustomLog /var/log/apache2/gnunet-irclogs-ssl_access.log combined
 
        ProxyPass / uwsgi://127.0.0.1:7000/
	#   Enable/Disable SSL for this virtual host.
	SSLEngine on
	SSLCompression off
	SSLProtocol -ALL +TLSv1.2 +TLSv1.1 +TLSv1
	SSLHonorCipherOrder On
	Header add Strict-Transport-Security "max-age=15768000 ; includeSubDomains; preload"
	Header add X-XSS-Protection "1; mode=block"
	Header add X-Frame-Options "SAMEORIGIN"
	Header add X-Content-Type-Options "nosniff"
	Header add Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self' wss://irclogs.gnunet.org; frame-ancestors 'self'"
        SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:AES128-GCM-SHA256:!RC4:HIGH:!MD5:!aNULL

	SSLCipherSuite          ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
#:!EDH
	SSLOpenSSLConfCmd DHParameters "/etc/ssl/private/dhparams.pem"

#	SSLCertificateKeyFile    /etc/ssl/private/gnunet.org.key
	SSLCertificateKeyFile /etc/letsencrypt/live/v10.gnunet.org/privkey.pem
	SSLCertificateChainFile /etc/letsencrypt/live/v10.gnunet.org/fullchain.pem
	SSLCertificateFile /etc/letsencrypt/live/v10.gnunet.org/cert.pem

#	SSLCertificateFile /etc/ssl/certs/gnunet.org.cert
#	SSLCertificateChainFile /etc/ssl/private/cachain.csr
	SSLOptions +StrictRequire

	BrowserMatch ".*MSIE.*" \
		nokeepalive ssl-unclean-shutdown \
		downgrade-1.0 force-response-1.0
</VirtualHost>
</IfModule>


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2018-11-09 15:59 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-11-09 15:56 About the IRC Logs Nils Gillmann
2018-11-09 15:59 ` Nils Gillmann

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).