Ici tout le système est développé pour former un tout contrzirement aux distributions linux (cathédrale vs bazar)
Je l'utilise autant comme OS sur mon PC de bureau que sur serveur.
Je stocke d'ailleurs des configs pour le serveur.
httpd
server "bloguslibrus.fr" {
alias "honk.bloguslibrus.fr"
listen on * port 80
location "/.well-known/acme-challenge/*" {
root "/acme"
request strip 2
}
location * {
block return 301 "https://$HTTP_HOST$REQUEST_URI"
}
}
server "bloguslibrus.fr" {
listen on * port 8080
log style forwarded
directory index home.html
location * {
root "/htdocs/blog/"
}
}
server "feeds.bloguslibrus.fr" {
listen on * port 8080
location * {
root "/htdocs/sfeed/"
}
}
relayd
À utiliser avec httpd
pour déléguer la gestion des connexions sécurisées.
include "/home/justin/ips.conf"
table { 127.0.0.1 }
table { 127.0.0.1 }
http protocol "wwwsecure" {
tls keypair "bloguslibrus.fr"
tcp { nodelay, sack, socket buffer 65536, backlog 128 }
# anti robots sur wordpress que je n'ai pas
block quick path "/wp-*" label 'Stop scanning for wordpres
s.'
match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
match request header append "X-Forwarded-Port" value "$REMOTE_PORT"
match response header set "Referrer-Policy" value "no-referrer"
match response header set "X-Content-Type-Options" value "nosniff"
match response header set "X-Frame-Options" value "deny"
match response header set "X-XSS-Protection" value "1; mode=block"
match response header set "Content-Security-Policy" value "upgrade-insecure-requests"
match response header set "Permissions-Policy" value "interest-cohort=()"
match response header set "Strict-Transport-Security" value "max-age=31536000; includeSubDomains; preload"
pass request quick header "Host" value "bloguslibrus.fr" forward to
pass request quick header "Host" value "honk.bloguslibrus.fr" forward to
return error
pass
}
relay "wwwsecure" {
listen on 0.0.0.0 port 443 tls
protocol wwwsecure
forward to port 8080 check tcp
forward to port 31337 check tcp
}
relay "wwwsecure6" {
listen on :: port 443 tls
protocol wwwsecure
forward to port 8080 check tcp
forward to port 31337 check tcp
}
Back to top