dn42/wiki
1
Fork 0
mirror of https://git.dn42.dev/wiki/wiki.git synced 2025-02-16 05:14:27 +01:00
Code Releases Activity

Updated Anycast Wiki (markdown)

Browse Source
This commit is contained in:
Anonymous 2015-03-30 10:58:13 +02:00
parent b0f5276c5f
commit bc3696e3a7
1 changed files with 57 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
internal/Anycast-Wiki.md
View File

@ -6,15 +6,69 @@ The local webserver is monitored with a simple shell script (below) working in c
* Install [gollum](https://github.com/gollum/gollum).
* Clone the dn42 wiki repo:
`git clone ssh://git@xuu.me/dn42/wiki /home/wiki.dn42/`
`git clone ssh://git@xuu.me/dn42/wiki <path>`
* Generate a [CSR](/services/Certificate-Authority) and send to `xuu@sour.is`. Wait for a reply containing internal.dn42/wiki.dn42 certificates.
* Start two gollum instances, read-only and editing on `127.0.0.1`:
SSL (read/write):
```
gollum --css <path>/custom.css --gollum-path <path>/public_html/ --host 127.0.0.1 --port 4568
```
Plain (read-only):
```
gollum --css <path>/custom.css --gollum-path <path>/public_html/ --host 127.0.0.1 --port 4567 --no-edit
```
gollum --css /home/wiki.dn42/custom.css --gollum-path /home/wiki.dn42/public_html/ --host 127.0.0.1 --port 4568 --no-edit
```
* Install/configure nginx:
```
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_session_cache shared:SSL:2m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;
ssl_prefer_server_ciphers on;
upstream wiki { server 127.0.0.1:4567; }
server {
server_name internal.dn42 wiki.dn42;
listen 172.23.0.80:80 default;
add_header strict-transport-security "max-age=0; includeSubDomains";
location / {
location =/robots.txt { root <path>/wiki.dn42/; }
location =/custom.css { root <path>/wiki.dn42/; }
proxy_pass http://wiki;
}
}
upstream wikirw { server 127.0.0.1:4568; }
server {
server_name internal.dn42 wiki.dn42;
listen 172.23.0.80:443 ssl default;
ssl on;
ssl_certificate <path>/ssl.crt;
ssl_certificate_key <path>/ssl.key;
add_header strict-transport-security "max-age=0; includeSubDomains";
add_header Public-Key-Pins 'pin-sha256="mJ1xUCzfru8Ckq2+M6VkNKGOGgSETImRAHBF24mjalw="; pin-sha256="/gOyi7syRMR+d2jZoB/MzcSD++8ciZkSl/hZAQgzWws="; max-age=0; includeSubDomains';
location / {
location =/robots.txt { root <path>/wiki.dn42/; }
location =/custom.css { root <path>/wiki.dn42/; }
proxy_pass http://wikirw;
}
}
```
#####gollum-watchdog.sh: