From: Nils Gillmann <ng0@n0.is>
To: guix-devel@gnu.org
Subject: About the IRC Logs
Date: Fri, 9 Nov 2018 15:57:49 +0000 [thread overview]
Message-ID: <20181109155749.yfb2ctsv73ryglw2@abyayala> (raw)
[-- Attachment #1: Type: text/plain, Size: 1389 bytes --]
Hi,
first off: sorry that the logs are down for such a long time.
Since someone in your community offered to fix the Apache config,
and I got the okay to share it, you can find the config for the
https://irclogs.gnunet.org appended to this email.
The application running is taking limnoria textfile logs and
publishes them. The sourcecode is https://git.kyriasis.com/kyrias/znc-log-viewer
with some minor modifications (only a local config change).
The author told me:
> Because that looks a lot like a TLS handshake, which you most certainly should not be sending to flask.
> uwsgi://127.0.0.1:7000/
> It's not running under uwsgi, so don't try to proxypass it using the uwsgi protocol.
> So either change it to an actual http proxying, or run it under uwsgi.
We are currently busy fighting other fires, but we understand the logs are
important for the hosted communities. If you want to have the current outcome
of a longer discussion displayed, you can help and fix the apache2 config.
The past logs are dumped, they still need to be converted (or the znc-log-viewer
needs some code for SQL).
PS: Please don't use this email to throw discussions about wether your
favorite language or viewer might be the better replacement in my
inbox, there have been discussions and they happened offlist and I'm
not happy with the outcome but it gets the job done.
Thanks, and happy hacking!
[-- Attachment #2: irclogs-ssl --]
[-- Type: text/plain, Size: 3044 bytes --]
ServerTokens Prod
<IfModule mod_ssl.c>
<VirtualHost irclogs.gnunet.org:443>
ServerAdmin webmaster@gnunet.org
ServerName "irclogs.gnunet.org"
ServerSignature Off
KeepAlive On
KeepAliveTimeout 30
MaxKeepAliveRequests 1000
ExpiresActive On
ExpiresDefault "access plus 5 minutes"
ExpiresByType image/gif "access plus 1 year"
ExpiresByType image/jpeg "access plus 1 year"
ExpiresByType image/png "access plus 1 year"
ExpiresByType application/javascript "access plus 1 week"
ExpiresByType text/css "access plus 1 week"
ExpiresByType image/x-icon "access plus 1 year"
ExpiresByType text/html "access plus 1 minute"
Header unset Cache-Control
Header unset ETag
FileETag None
ErrorLog /var/log/apache2/gnunet-irclogs-ssl_error.log
LogLevel debug
CustomLog /var/log/apache2/gnunet-irclogs-ssl_access.log combined
ProxyPass / uwsgi://127.0.0.1:7000/
# Enable/Disable SSL for this virtual host.
SSLEngine on
SSLCompression off
SSLProtocol -ALL +TLSv1.2 +TLSv1.1 +TLSv1
SSLHonorCipherOrder On
Header add Strict-Transport-Security "max-age=15768000 ; includeSubDomains; preload"
Header add X-XSS-Protection "1; mode=block"
Header add X-Frame-Options "SAMEORIGIN"
Header add X-Content-Type-Options "nosniff"
Header add Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self' wss://irclogs.gnunet.org; frame-ancestors 'self'"
SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:AES128-GCM-SHA256:!RC4:HIGH:!MD5:!aNULL
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
#:!EDH
SSLOpenSSLConfCmd DHParameters "/etc/ssl/private/dhparams.pem"
# SSLCertificateKeyFile /etc/ssl/private/gnunet.org.key
SSLCertificateKeyFile /etc/letsencrypt/live/v10.gnunet.org/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/v10.gnunet.org/fullchain.pem
SSLCertificateFile /etc/letsencrypt/live/v10.gnunet.org/cert.pem
# SSLCertificateFile /etc/ssl/certs/gnunet.org.cert
# SSLCertificateChainFile /etc/ssl/private/cachain.csr
SSLOptions +StrictRequire
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>
</IfModule>
reply other threads:[~2018-11-09 15:56 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181109155749.yfb2ctsv73ryglw2@abyayala \
--to=ng0@n0.is \
--cc=guix-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.