]> git.immae.eu Git - github/shaarli/Shaarli.git/blob - doc/html/Server-security/index.html
projects / github / shaarli / Shaarli.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #911 from virtualtam/fix/release/composer
[github/shaarli/Shaarli.git] / doc / html / Server-security / index.html
1 <!DOCTYPE html>
2 <!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]-->
3 <!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]-->
4 <head>
5 <meta charset="utf-8">
6 <meta http-equiv="X-UA-Compatible" content="IE=edge">
7 <meta name="viewport" content="width=device-width, initial-scale=1.0">
8
9
10 <link rel="shortcut icon" href="../img/favicon.ico">
11 <title>Server security - Shaarli Documentation</title>
12 <link href='https://fonts.googleapis.com/css?family=Lato:400,700|Roboto+Slab:400,700|Inconsolata:400,700' rel='stylesheet' type='text/css'>
13
14 <link rel="stylesheet" href="../css/theme.css" type="text/css" />
15 <link rel="stylesheet" href="../css/theme_extra.css" type="text/css" />
16 <link rel="stylesheet" href="../css/highlight.css">
17 <link href="../github-markdown.css" rel="stylesheet">
18
19 <script>
20 // Current page data
21 var mkdocs_page_name = "Server security";
22 var mkdocs_page_input_path = "Server-security.md";
23 var mkdocs_page_url = "/Server-security/";
24 </script>
25
26 <script src="../js/jquery-2.1.1.min.js"></script>
27 <script src="../js/modernizr-2.8.3.min.js"></script>
28 <script type="text/javascript" src="../js/highlight.pack.js"></script>
29
30 </head>
31
32 <body class="wy-body-for-nav" role="document">
33
34 <div class="wy-grid-for-nav">
35
36
37 <nav data-toggle="wy-nav-shift" class="wy-nav-side stickynav">
38 <div class="wy-side-nav-search">
39 <a href=".." class="icon icon-home"> Shaarli Documentation</a>
40 <div role="search">
41 <form id ="rtd-search-form" class="wy-form" action="../search.html" method="get">
42 <input type="text" name="q" placeholder="Search docs" />
43 </form>
44 </div>
45 </div>
46
47 <div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation">
48 <ul class="current">
49
50
51 <li class="toctree-l1">
52
53 <a class="" href="..">Home</a>
54 </li>
55
56 <li class="toctree-l1">
57
58 <span class="caption-text">Setup</span>
59 <ul class="subnav">
60 <li class="">
61
62 <a class="" href="../Download-and-Installation/">Download and Installation</a>
63 </li>
64 <li class="">
65
66 <a class="" href="../Upgrade-and-migration/">Upgrade and migration</a>
67 </li>
68 <li class="">
69
70 <a class="" href="../Server-requirements/">Server requirements</a>
71 </li>
72 <li class="">
73
74 <a class="" href="../Server-configuration/">Server configuration</a>
75 </li>
76 <li class=" current">
77
78 <a class="current" href="./">Server security</a>
79 <ul class="subnav">
80
81 <li class="toctree-l3"><a href="#phpini">php.ini</a></li>
82
83 <ul>
84
85 <li><a class="toctree-l4" href="#locate-ini-files">Locate .ini files</a></li>
86
87 </ul>
88
89
90 <li class="toctree-l3"><a href="#fail2ban">fail2ban</a></li>
91
92 <ul>
93
94 <li><a class="toctree-l4" href="#read-shaarli-logs-to-ban-ips">Read Shaarli logs to ban IPs</a></li>
95
96 </ul>
97
98
99 <li class="toctree-l3"><a href="#robots-restricting-search-engines-and-web-crawler-traffic">Robots - Restricting search engines and web crawler traffic</a></li>
100
101
102 </ul>
103 </li>
104 <li class="">
105
106 <a class="" href="../Shaarli-configuration/">Shaarli configuration</a>
107 </li>
108 <li class="">
109
110 <a class="" href="../Plugins/">Plugins</a>
111 </li>
112 </ul>
113 </li>
114
115 <li class="toctree-l1">
116
117 <span class="caption-text">Docker</span>
118 <ul class="subnav">
119 <li class="">
120
121 <a class="" href="../docker/docker-101/">Docker 101</a>
122 </li>
123 <li class="">
124
125 <a class="" href="../docker/shaarli-images/">Shaarli images</a>
126 </li>
127 <li class="">
128
129 <a class="" href="../docker/reverse-proxy-configuration/">Reverse proxy configuration</a>
130 </li>
131 <li class="">
132
133 <a class="" href="../docker/resources/">Docker resources</a>
134 </li>
135 </ul>
136 </li>
137
138 <li class="toctree-l1">
139
140 <span class="caption-text">Usage</span>
141 <ul class="subnav">
142 <li class="">
143
144 <a class="" href="../Features/">Features</a>
145 </li>
146 <li class="">
147
148 <a class="" href="../Bookmarklet/">Bookmarklet</a>
149 </li>
150 <li class="">
151
152 <a class="" href="../Browsing-and-searching/">Browsing and searching</a>
153 </li>
154 <li class="">
155
156 <a class="" href="../Firefox-share/">Firefox share</a>
157 </li>
158 <li class="">
159
160 <a class="" href="../RSS-feeds/">RSS feeds</a>
161 </li>
162 <li class="">
163
164 <a class="" href="../REST-API/">REST API</a>
165 </li>
166 </ul>
167 </li>
168
169 <li class="toctree-l1">
170
171 <span class="caption-text">How To</span>
172 <ul class="subnav">
173 <li class="">
174
175 <a class="" href="../Backup,-restore,-import-and-export/">Backup, restore, import and export</a>
176 </li>
177 <li class="">
178
179 <a class="" href="../Various-hacks/">Various hacks</a>
180 </li>
181 </ul>
182 </li>
183
184 <li class="toctree-l1">
185
186 <a class="" href="../Troubleshooting/">Troubleshooting</a>
187 </li>
188
189 <li class="toctree-l1">
190
191 <span class="caption-text">Development</span>
192 <ul class="subnav">
193 <li class="">
194
195 <a class="" href="../Development-guidelines/">Development guidelines</a>
196 </li>
197 <li class="">
198
199 <a class="" href="../Continuous-integration-tools/">Continuous integration tools</a>
200 </li>
201 <li class="">
202
203 <a class="" href="../GnuPG-signature/">GnuPG signature</a>
204 </li>
205 <li class="">
206
207 <a class="" href="../Coding-guidelines/">Coding guidelines</a>
208 </li>
209 <li class="">
210
211 <a class="" href="../Directory-structure/">Directory structure</a>
212 </li>
213 <li class="">
214
215 <a class="" href="../3rd-party-libraries/">3rd party libraries</a>
216 </li>
217 <li class="">
218
219 <a class="" href="../Plugin-System/">Plugin System</a>
220 </li>
221 <li class="">
222
223 <a class="" href="../Release-Shaarli/">Release Shaarli</a>
224 </li>
225 <li class="">
226
227 <a class="" href="../Versioning-and-Branches/">Versioning and Branches</a>
228 </li>
229 <li class="">
230
231 <a class="" href="../Security/">Security</a>
232 </li>
233 <li class="">
234
235 <a class="" href="../Static-analysis/">Static analysis</a>
236 </li>
237 <li class="">
238
239 <a class="" href="../Theming/">Theming</a>
240 </li>
241 <li class="">
242
243 <a class="" href="../Unit-tests/">Unit tests</a>
244 </li>
245 </ul>
246 </li>
247
248 <li class="toctree-l1">
249
250 <span class="caption-text">About</span>
251 <ul class="subnav">
252 <li class="">
253
254 <a class="" href="../FAQ/">FAQ</a>
255 </li>
256 <li class="">
257
258 <a class="" href="../Community-&-Related-software/">Community & Related software</a>
259 </li>
260 </ul>
261 </li>
262
263 </ul>
264 </div>
265 &nbsp;
266 </nav>
267
268 <section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">
269
270
271 <nav class="wy-nav-top" role="navigation" aria-label="top navigation">
272 <i data-toggle="wy-nav-top" class="fa fa-bars"></i>
273 <a href="..">Shaarli Documentation</a>
274 </nav>
275
276
277 <div class="wy-nav-content">
278 <div class="rst-content">
279 <div role="navigation" aria-label="breadcrumbs navigation">
280 <ul class="wy-breadcrumbs">
281 <li><a href="..">Docs</a> &raquo;</li>
282
283
284
285 <li>Setup &raquo;</li>
286
287
288
289 <li>Server security</li>
290 <li class="wy-breadcrumbs-aside">
291
292 <a href="https://github.com/shaarli/Shaarli/edit/master/docs/Server-security.md"
293 class="icon icon-github"> Edit on GitHub</a>
294
295 </li>
296 </ul>
297 <hr/>
298 </div>
299 <div role="main">
300 <div class="section">
301
302 <h2 id="phpini">php.ini</h2>
303 <p>PHP settings are defined in:
304 - a main configuration file, usually found under <code>/etc/php5/php.ini</code>; some distributions provide different configuration environments, e.g.
305 - <code>/etc/php5/php.ini</code> - used when running console scripts
306 - <code>/etc/php5/apache2/php.ini</code> - used when a client requests PHP resources from Apache
307 - <code>/etc/php5/php-fpm.conf</code> - used when PHP requests are proxied to PHP-FPM
308 - additional configuration files/entries, depending on the installed/enabled extensions:
309 - <code>/etc/php/conf.d/xdebug.ini</code></p>
310 <h3 id="locate-ini-files">Locate .ini files</h3>
311 <h4 id="console-environment">Console environment</h4>
312 <pre><code class="bash">$ php --ini
313 Configuration File (php.ini) Path: /etc/php
314 Loaded Configuration File: /etc/php/php.ini
315 Scan for additional .ini files in: /etc/php/conf.d
316 Additional .ini files parsed: /etc/php/conf.d/xdebug.ini
317 </code></pre>
318
319 <h4 id="server-environment">Server environment</h4>
320 <ul>
321 <li>create a <code>phpinfo.php</code> script located in a path supported by the web server, e.g.<ul>
322 <li>Apache (with user dirs enabled): <code>/home/myself/public_html/phpinfo.php</code></li>
323 <li><code>/var/www/test/phpinfo.php</code></li>
324 </ul>
325 </li>
326 <li>make sure the script is readable by the web server user/group (usually, <code>www</code>, <code>www-data</code> or <code>httpd</code>)</li>
327 <li>access the script from a web browser</li>
328 <li>look at the <em>Loaded Configuration File</em> and <em>Scan this dir for additional .ini files</em> entries</li>
329 </ul>
330 <pre><code class="php">&lt;?php phpinfo(); ?&gt;
331 </code></pre>
332
333 <h2 id="fail2ban">fail2ban</h2>
334 <p><code>fail2ban</code> is an intrusion prevention framework that reads server (Apache, SSH, etc.) and uses <code>iptables</code> profiles to block brute-force attempts:
335 - <a href="http://www.fail2ban.org/wiki/index.php/Main_Page">Official website</a>
336 - <a href="https://github.com/fail2ban/fail2ban">Source code</a></p>
337 <h3 id="read-shaarli-logs-to-ban-ips">Read Shaarli logs to ban IPs</h3>
338 <p>Example configuration:
339 - allow 3 login attempts per IP address
340 - after 3 failures, permanently ban the corresponding IP adddress</p>
341 <p><code>/etc/fail2ban/jail.local</code></p>
342 <pre><code class="ini">[shaarli-auth]
343 enabled = true
344 port = https,http
345 filter = shaarli-auth
346 logpath = /var/www/path/to/shaarli/data/log.txt
347 maxretry = 3
348 bantime = -1
349 </code></pre>
350
351 <p><code>/etc/fail2ban/filter.d/shaarli-auth.conf</code></p>
352 <pre><code class="ini">[INCLUDES]
353 before = common.conf
354 [Definition]
355 failregex = \s-\s&lt;HOST&gt;\s-\sLogin failed for user.*$
356 ignoreregex =
357 </code></pre>
358
359 <h2 id="robots-restricting-search-engines-and-web-crawler-traffic">Robots - Restricting search engines and web crawler traffic</h2>
360 <p>Creating a <code>robots.txt</code> with the following contents at the root of your Shaarli installation will prevent <em>honest</em> web crawlers from indexing each and every link and Daily page from a Shaarli instance, thus getting rid of a certain amount of unsollicited network traffic.</p>
361 <pre><code>User-agent: *
362 Disallow: /
363 </code></pre>
364
365 <p>See:
366 - http://www.robotstxt.org/
367 - http://www.robotstxt.org/robotstxt.html
368 - http://www.robotstxt.org/meta.html</p>
369
370 </div>
371 </div>
372 <footer>
373
374 <div class="rst-footer-buttons" role="navigation" aria-label="footer navigation">
375
376 <a href="../Shaarli-configuration/" class="btn btn-neutral float-right" title="Shaarli configuration">Next <span class="icon icon-circle-arrow-right"></span></a>
377
378
379 <a href="../Server-configuration/" class="btn btn-neutral" title="Server configuration"><span class="icon icon-circle-arrow-left"></span> Previous</a>
380
381 </div>
382
383
384 <hr/>
385
386 <div role="contentinfo">
387 <!-- Copyright etc -->
388
389 </div>
390
391 Built with <a href="http://www.mkdocs.org">MkDocs</a> using a <a href="https://github.com/snide/sphinx_rtd_theme">theme</a> provided by <a href="https://readthedocs.org">Read the Docs</a>.
392 </footer>
393
394 </div>
395 </div>
396
397 </section>
398
399 </div>
400
401 <div class="rst-versions" role="note" style="cursor: pointer">
402 <span class="rst-current-version" data-toggle="rst-current-version">
403
404 <a href="https://github.com/shaarli/Shaarli" class="fa fa-github" style="float: left; color: #fcfcfc"> GitHub</a>
405
406
407 <span><a href="../Server-configuration/" style="color: #fcfcfc;">&laquo; Previous</a></span>
408
409
410 <span style="margin-left: 15px"><a href="../Shaarli-configuration/" style="color: #fcfcfc">Next &raquo;</a></span>
411
412 </span>
413 </div>
414 <script src="../js/theme.js"></script>
415
416 </body>
417 </html>
The personal, minimalist, super-fast, database free, bookmarking service - community repo