Openbsd

Système d'exploitation sécurisant appartebant à la famille des systèmes BSD. headers/openbsd.jpg

Ici tout le système est développé pour former un tout contrzirement aux distributions linux (cathédrale vs bazar)

Je l'utilise autant comme OS sur mon PC de bureau que sur serveur.

Je stocke d'ailleurs des configs pour le serveur.

httpd

server "bloguslibrus.fr" {
	alias "honk.bloguslibrus.fr"
	listen on * port 80
	location "/.well-known/acme-challenge/*" {
		root "/acme"
		request strip 2
	}
	location * {
	block return 301 "https://$HTTP_HOST$REQUEST_URI"
	}
}

server "bloguslibrus.fr" {
	listen on * port 8080
	log style forwarded
	directory index home.html
	location * {
		root "/htdocs/blog/"
	}
}

server "feeds.bloguslibrus.fr" {
	listen on * port 8080
	location * {
		root "/htdocs/sfeed/"
	}
}

relayd

À utiliser avec httpd pour déléguer la gestion des connexions sécurisées.

include "/home/justin/ips.conf"

table  { 127.0.0.1 }
table  { 127.0.0.1 }

http protocol "wwwsecure" {
	tls keypair "bloguslibrus.fr"

	tcp { nodelay, sack, socket buffer 65536, backlog 128 }

	# anti robots sur wordpress que je n'ai pas
	block quick path "/wp-*" label 'Stop scanning for wordpres
s.'
	
	match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
	match request header append "X-Forwarded-Port" value "$REMOTE_PORT"

	match response header set "Referrer-Policy" value "no-referrer"
	match response header set "X-Content-Type-Options" value "nosniff"
	match response header set "X-Frame-Options" value "deny"
	match response header set "X-XSS-Protection" value "1; mode=block"
	match response header set "Content-Security-Policy" value "upgrade-insecure-requests"
	match response header set "Permissions-Policy" value "interest-cohort=()"
	match response header set "Strict-Transport-Security" value "max-age=31536000; includeSubDomains; preload"

	pass  request  quick  header  "Host"  value  "bloguslibrus.fr"       forward  to  
	pass request quick header "Host" value "honk.bloguslibrus.fr" forward to 

	return error
	pass
}

relay "wwwsecure" {
    listen on 0.0.0.0 port 443 tls
    protocol wwwsecure
    forward to  port 8080 check tcp
    forward to  port 31337 check tcp
}
relay "wwwsecure6" {
    listen on :: port 443 tls
    protocol wwwsecure
    forward to  port 8080 check tcp
    forward to  port 31337 check tcp
}
Back to top