aboutsummaryrefslogtreecommitdiffhomepage
path: root/doc/Server-configuration.md
diff options
context:
space:
mode:
authorArthurHoaro <arthur@hoa.ro>2016-04-14 14:20:23 +0200
committerArthurHoaro <arthur@hoa.ro>2016-04-14 15:18:25 +0200
commit5409ade28c5f0acf99dbadd4d95e6f8efda5d395 (patch)
tree4c8b55010ad02d91b524b0cb8cc02ddf318fcaa2 /doc/Server-configuration.md
parent9f400b0dad68b82d65692bd6ab6190f6a787fa89 (diff)
downloadShaarli-5409ade28c5f0acf99dbadd4d95e6f8efda5d395.tar.gz
Shaarli-5409ade28c5f0acf99dbadd4d95e6f8efda5d395.tar.zst
Shaarli-5409ade28c5f0acf99dbadd4d95e6f8efda5d395.zip
Update docs from Wiki
Diffstat (limited to 'doc/Server-configuration.md')
-rw-r--r--doc/Server-configuration.md28
1 files changed, 25 insertions, 3 deletions
diff --git a/doc/Server-configuration.md b/doc/Server-configuration.md
index c7b17c5a..fd98a608 100644
--- a/doc/Server-configuration.md
+++ b/doc/Server-configuration.md
@@ -2,19 +2,29 @@
2*Example virtual host configurations for popular web servers* 2*Example virtual host configurations for popular web servers*
3 3
4- [Apache](#apache)[](.html) 4- [Apache](#apache)[](.html)
5- [LightHttpd](#lighthttpd) (empty)[](.html)
6- [Nginx](#nginx)[](.html) 5- [Nginx](#nginx)[](.html)
7 6
8## Prerequisites 7## Prerequisites
8### Shaarli
9* Shaarli is installed in a directory readable/writeable by the user 9* Shaarli is installed in a directory readable/writeable by the user
10* the correct read/write permissions have been granted to the web server _user and/or group_ 10* the correct read/write permissions have been granted to the web server _user and/or group_
11* for HTTPS / SSL: 11* for HTTPS / SSL:
12 * a key pair (public, private) and a certificate have been generated 12 * a key pair (public, private) and a certificate have been generated
13 * the appropriate server SSL extension is installed and active 13 * the appropriate server SSL extension is installed and active
14 14
15### HTTPS, TLS and self-signed certificates
15Related guides: 16Related guides:
16* [How to Create Self-Signed SSL Certificates with OpenSSL](http://www.xenocafe.com/tutorials/linux/centos/openssl/self_signed_certificates/index.php)[](.html) 17* [How to Create Self-Signed SSL Certificates with OpenSSL](http://www.xenocafe.com/tutorials/linux/centos/openssl/self_signed_certificates/index.php)[](.html)
17* [How do I create my own Certificate Authority?](https://workaround.org/certificate-authority)[](.html) 18* [How do I create my own Certificate Authority?](https://workaround.org/certificate-authority)[](.html)
19* Generate a self-signed certificate (will trigger browser warnings) with apache2: `make-ssl-cert generate-default-snakeoil --force-overwrite` will create `/etc/ssl/certs/ssl-cert-snakeoil.pem` and `/etc/ssl/private/ssl-cert-snakeoil.key`
20
21### Proxies
22If Shaarli is served behind a proxy (i.e. there is a proxy server between clients and the web server hosting Shaarli), please refer to the proxy server documentation for proper configuration. In particular, you have to ensure that the following server variables are properly set:
23- `X-Forwarded-Proto`;
24- `X-Forwarded-Host`;
25- `X-Forwarded-For`.
26
27See also [proxy-related](https://github.com/shaarli/Shaarli/issues?utf8=%E2%9C%93&q=label%3Aproxy+) issues.[](.html)
18 28
19## Apache 29## Apache
20### Minimal 30### Minimal
@@ -29,7 +39,7 @@ This configuration will log both Apache and PHP errors, which may prove useful t
29 39
30See: 40See:
31* [Apache/PHP - error log per VirtualHost](http://stackoverflow.com/q/176) (StackOverflow)[](.html) 41* [Apache/PHP - error log per VirtualHost](http://stackoverflow.com/q/176) (StackOverflow)[](.html)
32* [PHP: php_value vs php_admin_value and the use of php_flag explained](PHP: php_value vs php_admin_value and the use of php_flag explained)[](.html) 42* [PHP: php_value vs php_admin_value and the use of php_flag explained](https://ma.ttias.be/php-php_value-vs-php_admin_value-and-the-use-of-php_flag-explained/)[](.html)
33 43
34```apache 44```apache
35<VirtualHost *:80> 45<VirtualHost *:80>
@@ -68,7 +78,7 @@ See [Server-side TLS](https://wiki.mozilla.org/Security/Server_Side_TLS#Apache)
68 DocumentRoot /absolute/path/to/shaarli/ 78 DocumentRoot /absolute/path/to/shaarli/
69 79
70 SSLEngine on 80 SSLEngine on
71 SSLCertificateFile /absolute/path/to/the/website/certificate.crt 81 SSLCertificateFile /absolute/path/to/the/website/certificate.pem
72 SSLCertificateKeyFile /absolute/path/to/the/website/key.key 82 SSLCertificateKeyFile /absolute/path/to/the/website/key.key
73 83
74 <Directory /absolute/path/to/shaarli/> 84 <Directory /absolute/path/to/shaarli/>
@@ -324,3 +334,15 @@ http {
324 } 334 }
325} 335}
326``` 336```
337
338## Restricting search engines and web crawler traffic
339
340Creating a `robots.txt` witht he following contents at the root of your Shaarli installation will prevent "honest" web crawlers from indexing each and every link and Daily page from a Shaarli instance, thus getting rid of a certain amount of unsollicited network traffic.
341
342```
343User-agent: *
344Disallow: /
345```
346
347See: http://www.robotstxt.org/, http://www.robotstxt.org/robotstxt.html, http://www.robotstxt.org/meta.html
348