indymedia
/
epicyon
mirror of https://gitlab.com/bashrc2/epicyon
7
4
Fork 1
Code Issues 14 Releases Wiki Activity

Merge branch 'main' of ssh://code.freedombone.net:2222/bashrc/epicyon

main
Bob Mottram 2021-06-13 10:31:02 +01:00
parent 61b952ac03 0aa6252077
commit 424465ae67
6 changed files with 95 additions and 140 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
README.md
View File

@ -183,8 +183,12 @@ server {
proxy_buffers 16 32k;
proxy_busy_buffers_size 64k;
proxy_redirect off;
proxy_request_buffering on;
proxy_buffering on;
proxy_request_buffering off;
proxy_buffering off;
location ~ ^/accounts/(avatars|headers)/(.*).(png|jpg|gif|webp|svg) {
expires 1d;
proxy_pass http://localhost:7156;
}
proxy_pass http://localhost:7156;
}
}

18
daemon.py
View File

@ -553,10 +553,6 @@ class PubServer(BaseHTTPRequestHandler):
self.send_header('Host', callingDomain)
self.send_header('WWW-Authenticate',
'title="Login to Epicyon", Basic realm="epicyon"')
# self.send_header('X-Robots-Tag',
# 'noindex, nofollow, noarchive, nosnippet')
# self.send_header('Cache-Control', 'public')
# self.send_header('Referrer-Policy', 'origin')
self.end_headers()
def _logout_headers(self, fileFormat: str, length: int,
@ -568,10 +564,6 @@ class PubServer(BaseHTTPRequestHandler):
self.send_header('Host', callingDomain)
self.send_header('WWW-Authenticate',
'title="Login to Epicyon", Basic realm="epicyon"')
# self.send_header('X-Robots-Tag',
# 'noindex, nofollow, noarchive, nosnippet')
# self.send_header('Cache-Control', 'public')
# self.send_header('Referrer-Policy', 'origin')
self.end_headers()
def _logout_redirect(self, redirect: str, cookie: str,
@ -586,10 +578,6 @@ class PubServer(BaseHTTPRequestHandler):
self.send_header('Host', callingDomain)
self.send_header('InstanceID', self.server.instanceId)
self.send_header('Content-Length', '0')
# self.send_header('X-Robots-Tag',
# 'noindex, nofollow, noarchive, nosnippet')
# self.send_header('Cache-Control', 'public')
# self.send_header('Referrer-Policy', 'origin')
self.end_headers()
def _set_headers_base(self, fileFormat: str, length: int, cookie: str,
@ -607,17 +595,13 @@ class PubServer(BaseHTTPRequestHandler):
self.send_header('Cookie', cookieStr)
self.send_header('Host', callingDomain)
self.send_header('InstanceID', self.server.instanceId)
self.send_header('X-Robots-Tag',
'noindex, nofollow, noarchive, nosnippet')
self.send_header('X-Clacks-Overhead', 'GNU Natalie Nguyen')
self.send_header('Cache-Control', 'max-age=0')
self.send_header('Cache-Control', 'public')
self.send_header('Referrer-Policy', 'origin')
self.send_header('Accept-Ranges', 'none')
def _set_headers(self, fileFormat: str, length: int, cookie: str,
callingDomain: str) -> None:
self._set_headers_base(fileFormat, length, cookie, callingDomain)
# self.send_header('Cache-Control', 'public, max-age=0')
self.end_headers()
def _set_headers_head(self, fileFormat: str, length: int, etag: str,

8
epicyon.py
View File

@ -900,9 +900,11 @@ else:
# if this is the initial run then allow new registrations
if not getConfigParam(baseDir, 'registration'):
setConfigParam(baseDir, 'registration', 'open')
setConfigParam(baseDir, 'maxRegistrations', str(maxRegistrations))
setConfigParam(baseDir, 'registrationsRemaining', str(maxRegistrations))
if args.registration.lower() == 'open':
setConfigParam(baseDir, 'registration', 'open')
setConfigParam(baseDir, 'maxRegistrations', str(maxRegistrations))
setConfigParam(baseDir, 'registrationsRemaining',
str(maxRegistrations))
if args.resetregistrations:
setConfigParam(baseDir, 'registrationsRemaining', str(maxRegistrations))

29
gemini/EN/install.gmi
View File

@ -125,8 +125,6 @@ And paste the following:
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forward-Proto http;
proxy_set_header X-Nginx-Proxy true;
expires epoch;
proxy_no_cache 1;
proxy_temp_file_write_size 64k;
proxy_connect_timeout 10080s;
proxy_send_timeout 10080;
@ -135,28 +133,11 @@ And paste the following:
proxy_buffers 16 32k;
proxy_busy_buffers_size 64k;
proxy_redirect off;
proxy_request_buffering on;
proxy_buffering on;
proxy_cache my_cache;
proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504;
location ~ ^/(icons|images|media|emoji)/(.*)/(.*).(png|jpg|gif|webp|mp3|ogv|ogg|mp4) {
expires 7d;
proxy_pass http://localhost:7156;
}
location ~ ^/icons/(.*)/(like|repeat|calendar)(.*).(png|jpg|gif|webp|mp3|ogv|ogg|mp4) {
expires epoch;
proxy_no_cache 1;
proxy_pass http://localhost:7156;
}
location ~ ^/icons/(like|repeat|calendar)(.*).(png|jpg|gif|webp|mp3|ogv|ogg|mp4) {
expires epoch;
proxy_no_cache 1;
proxy_pass http://localhost:7156;
}
location ~ ^/users/(.*)/(image|banner).png {
expires epoch;
proxy_no_cache 1;
proxy_pass http://localhost:7156;
proxy_request_buffering off;
proxy_buffering off;
location ~ ^/accounts/(avatars|headers)/(.*).(png|jpg|gif|webp|svg) {
expires 1d;
proxy_pass http://localhost:7156;
}
proxy_pass http://localhost:7156;
}

9
webapp_profile.py
View File

@ -472,9 +472,7 @@ def htmlProfile(rssIconAtTop: bool,
addEmojiToDisplayName(baseDir, httpPrefix,
nickname, domain,
profileJson['name'], True)
domainFull = domain
if port:
domainFull = domain + ':' + str(port)
domainFull = getFullDomain(domain, port)
profileDescription = \
addEmojiToDisplayName(baseDir, httpPrefix,
nickname, domain,
@ -666,6 +664,11 @@ def htmlProfile(rssIconAtTop: bool,
occupationName = getOccupationName(profileJson)
avatarUrl = profileJson['icon']['url']
# use alternate path for local avatars to avoid any caching issues
if '://' + domainFull + '/accounts/avatars/' in avatarUrl:
avatarUrl = \
avatarUrl.replace('://' + domainFull + '/accounts/avatars/',
'://' + domainFull + '/users/')
# get pinned post content
accountDir = baseDir + '/accounts/' + nickname + '@' + domain

163
website/EN/index.html
View File

@ -1374,101 +1374,82 @@
inactive=60m use_temp_path=off;
server {<br>
listen 80;<br>
listen [::]:80;<br>
server_name YOUR_DOMAIN;<br>
access_log /dev/null;<br>
error_log /dev/null;<br>
client_max_body_size 31m;<br>
client_body_buffer_size 128k;<br>
<br>
limit_conn conn_limit_per_ip 10;<br>
limit_req zone=req_limit_per_ip burst=10 nodelay;<br>
<br>
index index.html;<br>
rewrite ^ https://$server_name$request_uri? permanent;<br>
listen 80;<br>
listen [::]:80;<br>
server_name YOUR_DOMAIN;<br>
access_log /dev/null;<br>
error_log /dev/null;<br>
client_max_body_size 31m;<br>
client_body_buffer_size 128k;<br>
<br>
limit_conn conn_limit_per_ip 10;<br>
limit_req zone=req_limit_per_ip burst=10 nodelay;<br>
<br>
index index.html;<br>
rewrite ^ https://$server_name$request_uri? permanent;<br>
}<br>
<br>
server {<br>
listen 443 ssl;<br>
server_name YOUR_DOMAIN;<br>
<br>
ssl_stapling off;<br>
ssl_stapling_verify off;<br>
ssl on;<br>
ssl_certificate /etc/letsencrypt/live/YOUR_DOMAIN/fullchain.pem;<br>
ssl_certificate_key /etc/letsencrypt/live/YOUR_DOMAIN/privkey.pem;<br>
#ssl_dhparam /etc/ssl/certs/YOUR_DOMAIN.dhparam;<br>
<br>
ssl_session_cache builtin:1000 shared:SSL:10m;<br>
ssl_session_timeout 60m;<br>
ssl_prefer_server_ciphers on;<br>
ssl_protocols TLSv1.2 TLSv1.3;<br>
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';<br>
add_header X-Frame-Options DENY;<br>
add_header X-Content-Type-Options nosniff;<br>
add_header X-XSS-Protection "1; mode=block";<br>
add_header X-Download-Options noopen;<br>
add_header X-Permitted-Cross-Domain-Policies none;<br>
<br>
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";<br>
add_header Strict-Transport-Security max-age=15768000;<br>
<br>
access_log /dev/null;<br>
error_log /dev/null;<br>
<br>
index index.html;<br>
<br>
location /newsmirror {<br>
root /var/www/YOUR_DOMAIN;<br>
try_files $uri =404;<br>
}<br>
<br>
location / {<br>
proxy_http_version 1.1;<br>
client_max_body_size 31M;<br>
proxy_set_header Upgrade $http_upgrade;<br>
proxy_set_header Connection "upgrade";<br>
proxy_set_header Host $http_host;<br>
proxy_set_header X-Real-IP $remote_addr;<br>
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;<br>
proxy_set_header X-Forward-Proto http;<br>
proxy_set_header X-Nginx-Proxy true;<br>
expires epoch;<br>
proxy_no_cache 1;<br>
proxy_temp_file_write_size 64k;<br>
proxy_connect_timeout 10080s;<br>
proxy_send_timeout 10080;<br>
proxy_read_timeout 10080;<br>
proxy_buffer_size 64k;<br>
proxy_buffers 16 32k;<br>
proxy_busy_buffers_size 64k;<br>
proxy_redirect off;<br>
proxy_request_buffering on;<br>
proxy_buffering on;<br>
proxy_cache my_cache;<br>
proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504;<br>
location ~ ^/(icons|images|media|emoji)/(.*)/(.*).(png|jpg|gif|webp|mp3|ogv|ogg|mp4) {<br>
expires 7d;<br>
listen 443 ssl;<br>
server_name YOUR_DOMAIN;<br>
<br>
ssl_stapling off;<br>
ssl_stapling_verify off;<br>
ssl on;<br>
ssl_certificate /etc/letsencrypt/live/YOUR_DOMAIN/fullchain.pem;<br>
ssl_certificate_key /etc/letsencrypt/live/YOUR_DOMAIN/privkey.pem;<br>
#ssl_dhparam /etc/ssl/certs/YOUR_DOMAIN.dhparam;<br>
<br>
ssl_session_cache builtin:1000 shared:SSL:10m;<br>
ssl_session_timeout 60m;<br>
ssl_prefer_server_ciphers on;<br>
ssl_protocols TLSv1.2 TLSv1.3;<br>
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';<br>
add_header X-Frame-Options DENY;<br>
add_header X-Content-Type-Options nosniff;<br>
add_header X-XSS-Protection "1; mode=block";<br>
add_header X-Download-Options noopen;<br>
add_header X-Permitted-Cross-Domain-Policies none;<br>
<br>
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";<br>
add_header Strict-Transport-Security max-age=15768000;<br>
<br>
access_log /dev/null;<br>
error_log /dev/null;<br>
<br>
index index.html;<br>
<br>
location /newsmirror {<br>
root /var/www/YOUR_DOMAIN;<br>
try_files $uri =404;<br>
}<br>
<br>
location / {<br>
proxy_http_version 1.1;<br>
client_max_body_size 31M;<br>
proxy_set_header Upgrade $http_upgrade;<br>
proxy_set_header Connection "upgrade";<br>
proxy_set_header Host $http_host;<br>
proxy_set_header X-Real-IP $remote_addr;<br>
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;<br>
proxy_set_header X-Forward-Proto http;<br>
proxy_set_header X-Nginx-Proxy true;<br>
proxy_temp_file_write_size 64k;<br>
proxy_connect_timeout 10080s;<br>
proxy_send_timeout 10080;<br>
proxy_read_timeout 10080;<br>
proxy_buffer_size 64k;<br>
proxy_buffers 16 32k;<br>
proxy_busy_buffers_size 64k;<br>
proxy_redirect off;<br>
proxy_request_buffering off;<br>
proxy_buffering off;<br>
location ~ ^/accounts/(avatars|headers)/(.*).(png|jpg|gif|webp|svg) {<br>
expires 1d;<br>
proxy_pass http://localhost:7156;<br>
}<br>
proxy_pass http://localhost:7156;<br>
}<br>
location ~ ^/icons/(.*)/(like|repeat|calendar)(.*).(png|jpg|gif|webp|mp3|ogv|ogg|mp4) {<br>
expires epoch;<br>
proxy_no_cache 1;<br>
proxy_pass http://localhost:7156;<br>
}<br>
location ~ ^/icons/(like|repeat|calendar)(.*).(png|jpg|gif|webp|mp3|ogv|ogg|mp4) {<br>
expires epoch;<br>
proxy_no_cache 1;<br>
proxy_pass http://localhost:7156;<br>
}<br>
location ~ ^/users/(.*)/(image|banner).(png|jpg|gif|webp|mp3|ogv|ogg|mp4) {<br>
expires epoch;<br>
proxy_no_cache 1;<br>
proxy_pass http://localhost:7156;<br>
}<br>
proxy_pass http://localhost:7156;<br>
}<br>
}<br>
}
</div>