* About the IRC Logs
@ 2018-11-09 15:57 Nils Gillmann
0 siblings, 0 replies; only message in thread
From: Nils Gillmann @ 2018-11-09 15:57 UTC (permalink / raw)
To: guix-devel
[-- Attachment #1: Type: text/plain, Size: 1389 bytes --]
Hi,
first off: sorry that the logs are down for such a long time.
Since someone in your community offered to fix the Apache config,
and I got the okay to share it, you can find the config for the
https://irclogs.gnunet.org appended to this email.
The application running is taking limnoria textfile logs and
publishes them. The sourcecode is https://git.kyriasis.com/kyrias/znc-log-viewer
with some minor modifications (only a local config change).
The author told me:
> Because that looks a lot like a TLS handshake, which you most certainly should not be sending to flask.
> uwsgi://127.0.0.1:7000/
> It's not running under uwsgi, so don't try to proxypass it using the uwsgi protocol.
> So either change it to an actual http proxying, or run it under uwsgi.
We are currently busy fighting other fires, but we understand the logs are
important for the hosted communities. If you want to have the current outcome
of a longer discussion displayed, you can help and fix the apache2 config.
The past logs are dumped, they still need to be converted (or the znc-log-viewer
needs some code for SQL).
PS: Please don't use this email to throw discussions about wether your
favorite language or viewer might be the better replacement in my
inbox, there have been discussions and they happened offlist and I'm
not happy with the outcome but it gets the job done.
Thanks, and happy hacking!
[-- Attachment #2: irclogs-ssl --]
[-- Type: text/plain, Size: 3044 bytes --]
ServerTokens Prod
<IfModule mod_ssl.c>
<VirtualHost irclogs.gnunet.org:443>
ServerAdmin webmaster@gnunet.org
ServerName "irclogs.gnunet.org"
ServerSignature Off
KeepAlive On
KeepAliveTimeout 30
MaxKeepAliveRequests 1000
ExpiresActive On
ExpiresDefault "access plus 5 minutes"
ExpiresByType image/gif "access plus 1 year"
ExpiresByType image/jpeg "access plus 1 year"
ExpiresByType image/png "access plus 1 year"
ExpiresByType application/javascript "access plus 1 week"
ExpiresByType text/css "access plus 1 week"
ExpiresByType image/x-icon "access plus 1 year"
ExpiresByType text/html "access plus 1 minute"
Header unset Cache-Control
Header unset ETag
FileETag None
ErrorLog /var/log/apache2/gnunet-irclogs-ssl_error.log
LogLevel debug
CustomLog /var/log/apache2/gnunet-irclogs-ssl_access.log combined
ProxyPass / uwsgi://127.0.0.1:7000/
# Enable/Disable SSL for this virtual host.
SSLEngine on
SSLCompression off
SSLProtocol -ALL +TLSv1.2 +TLSv1.1 +TLSv1
SSLHonorCipherOrder On
Header add Strict-Transport-Security "max-age=15768000 ; includeSubDomains; preload"
Header add X-XSS-Protection "1; mode=block"
Header add X-Frame-Options "SAMEORIGIN"
Header add X-Content-Type-Options "nosniff"
Header add Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self' wss://irclogs.gnunet.org; frame-ancestors 'self'"
SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:AES128-GCM-SHA256:!RC4:HIGH:!MD5:!aNULL
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
#:!EDH
SSLOpenSSLConfCmd DHParameters "/etc/ssl/private/dhparams.pem"
# SSLCertificateKeyFile /etc/ssl/private/gnunet.org.key
SSLCertificateKeyFile /etc/letsencrypt/live/v10.gnunet.org/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/v10.gnunet.org/fullchain.pem
SSLCertificateFile /etc/letsencrypt/live/v10.gnunet.org/cert.pem
# SSLCertificateFile /etc/ssl/certs/gnunet.org.cert
# SSLCertificateChainFile /etc/ssl/private/cachain.csr
SSLOptions +StrictRequire
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>
</IfModule>
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2018-11-09 15:56 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-11-09 15:57 About the IRC Logs Nils Gillmann
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.