all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
* About the IRC Logs
@ 2018-11-09 15:57 Nils Gillmann
  0 siblings, 0 replies; only message in thread
From: Nils Gillmann @ 2018-11-09 15:57 UTC (permalink / raw)
  To: guix-devel

[-- Attachment #1: Type: text/plain, Size: 1389 bytes --]

Hi,

first off: sorry that the logs are down for such a long time.

Since someone in your community offered to fix the Apache config,
and I got the okay to share it, you can find the config for the
https://irclogs.gnunet.org appended to this email.

The application running is taking limnoria textfile logs and
publishes them. The sourcecode is https://git.kyriasis.com/kyrias/znc-log-viewer
with some minor modifications (only a local config change).

The author told me:
> Because that looks a lot like a TLS handshake, which you most certainly should not be sending to flask.
> uwsgi://127.0.0.1:7000/
> It's not running under uwsgi, so don't try to proxypass it using the uwsgi protocol.
> So either change it to an actual http proxying, or run it under uwsgi.

We are currently busy fighting other fires, but we understand the logs are
important for the hosted communities. If you want to have the current outcome
of a longer discussion displayed, you can help and fix the apache2 config.
The past logs are dumped, they still need to be converted (or the znc-log-viewer
needs some code for SQL).

PS: Please don't use this email to throw discussions about wether your
favorite language or viewer might be the better replacement in my
inbox, there have been discussions and they happened offlist and I'm
not happy with the outcome but it gets the job done.

Thanks, and happy hacking!

[-- Attachment #2: irclogs-ssl --]
[-- Type: text/plain, Size: 3044 bytes --]

ServerTokens Prod
<IfModule mod_ssl.c>
<VirtualHost irclogs.gnunet.org:443>
	ServerAdmin webmaster@gnunet.org
 	ServerName "irclogs.gnunet.org"	
	ServerSignature Off
	KeepAlive On
	KeepAliveTimeout 30
	MaxKeepAliveRequests 1000
	ExpiresActive On
	ExpiresDefault "access plus 5 minutes"
	ExpiresByType image/gif "access plus 1 year"
	ExpiresByType image/jpeg "access plus 1 year"
	ExpiresByType image/png "access plus 1 year"
	ExpiresByType application/javascript "access plus 1 week"
	ExpiresByType text/css "access plus 1 week"
	ExpiresByType image/x-icon "access plus 1 year"
	ExpiresByType text/html "access plus 1 minute"
	Header unset Cache-Control
	Header unset ETag
	FileETag None
        ErrorLog /var/log/apache2/gnunet-irclogs-ssl_error.log
        LogLevel debug
        CustomLog /var/log/apache2/gnunet-irclogs-ssl_access.log combined
 
        ProxyPass / uwsgi://127.0.0.1:7000/
	#   Enable/Disable SSL for this virtual host.
	SSLEngine on
	SSLCompression off
	SSLProtocol -ALL +TLSv1.2 +TLSv1.1 +TLSv1
	SSLHonorCipherOrder On
	Header add Strict-Transport-Security "max-age=15768000 ; includeSubDomains; preload"
	Header add X-XSS-Protection "1; mode=block"
	Header add X-Frame-Options "SAMEORIGIN"
	Header add X-Content-Type-Options "nosniff"
	Header add Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self' wss://irclogs.gnunet.org; frame-ancestors 'self'"
        SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:AES128-GCM-SHA256:!RC4:HIGH:!MD5:!aNULL

	SSLCipherSuite          ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
#:!EDH
	SSLOpenSSLConfCmd DHParameters "/etc/ssl/private/dhparams.pem"

#	SSLCertificateKeyFile    /etc/ssl/private/gnunet.org.key
	SSLCertificateKeyFile /etc/letsencrypt/live/v10.gnunet.org/privkey.pem
	SSLCertificateChainFile /etc/letsencrypt/live/v10.gnunet.org/fullchain.pem
	SSLCertificateFile /etc/letsencrypt/live/v10.gnunet.org/cert.pem

#	SSLCertificateFile /etc/ssl/certs/gnunet.org.cert
#	SSLCertificateChainFile /etc/ssl/private/cachain.csr
	SSLOptions +StrictRequire

	BrowserMatch ".*MSIE.*" \
		nokeepalive ssl-unclean-shutdown \
		downgrade-1.0 force-response-1.0
</VirtualHost>
</IfModule>


^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2018-11-09 15:56 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-11-09 15:57 About the IRC Logs Nils Gillmann

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.