Knah-Tsaeb/MyShaarli
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
MyShaarli/doc/md/Server-security.md
nodiscc 53ed6d7d1e Generate HTML documentation using MkDocs (WIP) 
MkDocs is a static site generator geared towards building project documentation.
Documentation source files are written in Markdown, and configured with a single YAML file.

 * http://www.mkdocs.org/
 * http://www.mkdocs.org/user-guide/configuration/

Ref. #312

* remove pandoc-generated HTML documentation
* move markdown doc to doc/md/,
* mkdocs.yml:
  * generate HTML doc in doc/html
  * add pages TOC/ordering
  * use index.md as index page
* Makefile: remove execute permissions from generated files
* Makefile: rewrite htmlpages GFM to markdown conversion using sed:
   awk expression aslo matched '][' which causes invalid output on complex links with images or code blocks
* Add mkdocs.yml to .gitattributes, exclude this file from release archives
* Makefile: rename: htmldoc -> doc_html target
* run make doc: pull latest markdown documentation from wiki
* run make htmlpages: update html documentation
2017-06-18 00:19:49 +02:00

2.5 KiB
Raw Blame History

php.ini

PHP settings are defined in:

  • a main configuration file, usually found under /etc/php5/php.ini; some distributions provide different configuration environments, e.g.
    • /etc/php5/php.ini - used when running console scripts
    • /etc/php5/apache2/php.ini - used when a client requests PHP resources from Apache
    • /etc/php5/php-fpm.conf - used when PHP requests are proxied to PHP-FPM
  • additional configuration files/entries, depending on the installed/enabled extensions:
    • /etc/php/conf.d/xdebug.ini

Locate .ini files

Console environment

$ php --ini
Configuration File (php.ini) Path: /etc/php
Loaded Configuration File:         /etc/php/php.ini
Scan for additional .ini files in: /etc/php/conf.d
Additional .ini files parsed:      /etc/php/conf.d/xdebug.ini

Server environment

  • create a phpinfo.php script located in a path supported by the web server, e.g.
    • Apache (with user dirs enabled): /home/myself/public_html/phpinfo.php
    • /var/www/test/phpinfo.php
  • make sure the script is readable by the web server user/group (usually, www, www-data or httpd)
  • access the script from a web browser
  • look at the Loaded Configuration File and Scan this dir for additional .ini files entries
<?php phpinfo(); ?>

fail2ban

fail2ban is an intrusion prevention framework that reads server (Apache, SSH, etc.) and uses iptables profiles to block brute-force attempts:

Read Shaarli logs to ban IPs

Example configuration:

  • allow 3 login attempts per IP address
  • after 3 failures, permanently ban the corresponding IP adddress

/etc/fail2ban/jail.local

[shaarli-auth]
enabled  = true
port     = https,http
filter   = shaarli-auth
logpath  = /var/www/path/to/shaarli/data/log.txt
maxretry = 3
bantime = -1

/etc/fail2ban/filter.d/shaarli-auth.conf

[INCLUDES]
before = common.conf
[Definition]
failregex = \s-\s<HOST>\s-\sLogin failed for user.*$
ignoreregex =

Robots - Restricting search engines and web crawler traffic

Creating a robots.txt with the following contents at the root of your Shaarli installation will prevent honest web crawlers from indexing each and every link and Daily page from a Shaarli instance, thus getting rid of a certain amount of unsollicited network traffic.

User-agent: *
Disallow: /

See: