From mboxrd@z Thu Jan 1 00:00:00 1970 From: Nils Gillmann Subject: About the IRC Logs Date: Fri, 9 Nov 2018 15:57:49 +0000 Message-ID: <20181109155749.yfb2ctsv73ryglw2@abyayala> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="3zbebrnq72ubxorz" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:54037) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gL99P-0004ku-6a for guix-devel@gnu.org; Fri, 09 Nov 2018 10:56:52 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gL99N-0001iX-Vn for guix-devel@gnu.org; Fri, 09 Nov 2018 10:56:51 -0500 Received: from static.195.114.201.195.clients.your-server.de ([195.201.114.195]:35430 helo=conspiracy.of.n0.is) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gL99N-0001bC-LP for guix-devel@gnu.org; Fri, 09 Nov 2018 10:56:49 -0500 Received: by conspiracy.of.n0.is (OpenSMTPD) with ESMTPSA id 190e0259 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO) for ; Fri, 9 Nov 2018 15:56:42 +0000 (UTC) Content-Disposition: inline List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: guix-devel@gnu.org --3zbebrnq72ubxorz Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Hi, first off: sorry that the logs are down for such a long time. Since someone in your community offered to fix the Apache config, and I got the okay to share it, you can find the config for the https://irclogs.gnunet.org appended to this email. The application running is taking limnoria textfile logs and publishes them. The sourcecode is https://git.kyriasis.com/kyrias/znc-log-viewer with some minor modifications (only a local config change). The author told me: > Because that looks a lot like a TLS handshake, which you most certainly should not be sending to flask. > uwsgi://127.0.0.1:7000/ > It's not running under uwsgi, so don't try to proxypass it using the uwsgi protocol. > So either change it to an actual http proxying, or run it under uwsgi. We are currently busy fighting other fires, but we understand the logs are important for the hosted communities. If you want to have the current outcome of a longer discussion displayed, you can help and fix the apache2 config. The past logs are dumped, they still need to be converted (or the znc-log-viewer needs some code for SQL). PS: Please don't use this email to throw discussions about wether your favorite language or viewer might be the better replacement in my inbox, there have been discussions and they happened offlist and I'm not happy with the outcome but it gets the job done. Thanks, and happy hacking! --3zbebrnq72ubxorz Content-Type: text/plain; charset=utf-8 Content-Disposition: attachment; filename=irclogs-ssl ServerTokens Prod ServerAdmin webmaster@gnunet.org ServerName "irclogs.gnunet.org" ServerSignature Off KeepAlive On KeepAliveTimeout 30 MaxKeepAliveRequests 1000 ExpiresActive On ExpiresDefault "access plus 5 minutes" ExpiresByType image/gif "access plus 1 year" ExpiresByType image/jpeg "access plus 1 year" ExpiresByType image/png "access plus 1 year" ExpiresByType application/javascript "access plus 1 week" ExpiresByType text/css "access plus 1 week" ExpiresByType image/x-icon "access plus 1 year" ExpiresByType text/html "access plus 1 minute" Header unset Cache-Control Header unset ETag FileETag None ErrorLog /var/log/apache2/gnunet-irclogs-ssl_error.log LogLevel debug CustomLog /var/log/apache2/gnunet-irclogs-ssl_access.log combined ProxyPass / uwsgi://127.0.0.1:7000/ # Enable/Disable SSL for this virtual host. SSLEngine on SSLCompression off SSLProtocol -ALL +TLSv1.2 +TLSv1.1 +TLSv1 SSLHonorCipherOrder On Header add Strict-Transport-Security "max-age=15768000 ; includeSubDomains; preload" Header add X-XSS-Protection "1; mode=block" Header add X-Frame-Options "SAMEORIGIN" Header add X-Content-Type-Options "nosniff" Header add Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self' wss://irclogs.gnunet.org; frame-ancestors 'self'" SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:AES128-GCM-SHA256:!RC4:HIGH:!MD5:!aNULL SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA #:!EDH SSLOpenSSLConfCmd DHParameters "/etc/ssl/private/dhparams.pem" # SSLCertificateKeyFile /etc/ssl/private/gnunet.org.key SSLCertificateKeyFile /etc/letsencrypt/live/v10.gnunet.org/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/v10.gnunet.org/fullchain.pem SSLCertificateFile /etc/letsencrypt/live/v10.gnunet.org/cert.pem # SSLCertificateFile /etc/ssl/certs/gnunet.org.cert # SSLCertificateChainFile /etc/ssl/private/cachain.csr SSLOptions +StrictRequire BrowserMatch ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 --3zbebrnq72ubxorz--