From: Nils Gillmann <ng0@n0.is>
To: guix-devel@gnu.org
Subject: About the IRC Logs
Date: Fri, 9 Nov 2018 15:57:49 +0000 [thread overview]
Message-ID: <20181109155749.yfb2ctsv73ryglw2@abyayala> (raw)
[-- Attachment #1: Type: text/plain, Size: 1389 bytes --]
Hi,
first off: sorry that the logs are down for such a long time.
Since someone in your community offered to fix the Apache config,
and I got the okay to share it, you can find the config for the
https://irclogs.gnunet.org appended to this email.
The application running is taking limnoria textfile logs and
publishes them. The sourcecode is https://git.kyriasis.com/kyrias/znc-log-viewer
with some minor modifications (only a local config change).
The author told me:
> Because that looks a lot like a TLS handshake, which you most certainly should not be sending to flask.
> uwsgi://127.0.0.1:7000/
> It's not running under uwsgi, so don't try to proxypass it using the uwsgi protocol.
> So either change it to an actual http proxying, or run it under uwsgi.
We are currently busy fighting other fires, but we understand the logs are
important for the hosted communities. If you want to have the current outcome
of a longer discussion displayed, you can help and fix the apache2 config.
The past logs are dumped, they still need to be converted (or the znc-log-viewer
needs some code for SQL).
PS: Please don't use this email to throw discussions about wether your
favorite language or viewer might be the better replacement in my
inbox, there have been discussions and they happened offlist and I'm
not happy with the outcome but it gets the job done.
Thanks, and happy hacking!
[-- Attachment #2: irclogs-ssl --]
[-- Type: text/plain, Size: 3044 bytes --]
ServerTokens Prod
<IfModule mod_ssl.c>
<VirtualHost irclogs.gnunet.org:443>
ServerAdmin webmaster@gnunet.org
ServerName "irclogs.gnunet.org"
ServerSignature Off
KeepAlive On
KeepAliveTimeout 30
MaxKeepAliveRequests 1000
ExpiresActive On
ExpiresDefault "access plus 5 minutes"
ExpiresByType image/gif "access plus 1 year"
ExpiresByType image/jpeg "access plus 1 year"
ExpiresByType image/png "access plus 1 year"
ExpiresByType application/javascript "access plus 1 week"
ExpiresByType text/css "access plus 1 week"
ExpiresByType image/x-icon "access plus 1 year"
ExpiresByType text/html "access plus 1 minute"
Header unset Cache-Control
Header unset ETag
FileETag None
ErrorLog /var/log/apache2/gnunet-irclogs-ssl_error.log
LogLevel debug
CustomLog /var/log/apache2/gnunet-irclogs-ssl_access.log combined
ProxyPass / uwsgi://127.0.0.1:7000/
# Enable/Disable SSL for this virtual host.
SSLEngine on
SSLCompression off
SSLProtocol -ALL +TLSv1.2 +TLSv1.1 +TLSv1
SSLHonorCipherOrder On
Header add Strict-Transport-Security "max-age=15768000 ; includeSubDomains; preload"
Header add X-XSS-Protection "1; mode=block"
Header add X-Frame-Options "SAMEORIGIN"
Header add X-Content-Type-Options "nosniff"
Header add Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self' wss://irclogs.gnunet.org; frame-ancestors 'self'"
SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:AES128-GCM-SHA256:!RC4:HIGH:!MD5:!aNULL
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
#:!EDH
SSLOpenSSLConfCmd DHParameters "/etc/ssl/private/dhparams.pem"
# SSLCertificateKeyFile /etc/ssl/private/gnunet.org.key
SSLCertificateKeyFile /etc/letsencrypt/live/v10.gnunet.org/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/v10.gnunet.org/fullchain.pem
SSLCertificateFile /etc/letsencrypt/live/v10.gnunet.org/cert.pem
# SSLCertificateFile /etc/ssl/certs/gnunet.org.cert
# SSLCertificateChainFile /etc/ssl/private/cachain.csr
SSLOptions +StrictRequire
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>
</IfModule>
reply other threads:[~2018-11-09 15:56 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181109155749.yfb2ctsv73ryglw2@abyayala \
--to=ng0@n0.is \
--cc=guix-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).