**General rewording, proof-reading, deduplication, shortening, reordering, simplification, cleanup/formatting/standardization**

- standardize page names, rework documentation structure, update TOC - use same example paths everywhere - level 1 titles on all pages - fix broken links - .md suffix on all page links (works both from readthedocs and github repository views) **Server:** A full and concise installation guide with examples is a frequent request. The documentation should provide such a guide for basic installation needs, while explaining alternative/advanced configuration at the end. Links to reference guides and documentation should be used more frequently to avoid recommending an outdated or excessively complex configuration. - server: move most server-related info to server-configuration.md, cleanup/shorten - server: update list of php dependencies/libraries, link to composer.json - server: installation: support 3 install methods (from release zip, from sources, using docker) - server: installation: use rsync instead of mv as mv results will change depending of taget directory already existing or not - server: add example/basic usage of certbot - server, upgrade, installation: update file permissions setup, use sudo for upgrade operations in webserver document root - server: apache: add comments to configuration, fix and factorize file permissions setup, set cache-control header, deny access to dotfiles, add missing apache config steps, add http->https redirect example - server: nginx: refactor nginx configuration, add comments, DO log access to denied/protected files - server: add links to MDN for x-forwarded-* http headers explanation, cleanup/clarify robots.txt and crawlers section - server: bump file upload size limit to 100MB we have reports of bookmark exports weighing +40MB - i have a 13MB one here - server: simplify phpinfo documentation - server: move backup and restore information to dedicated page - docker: move all docker docs to Docker.md, simplify/ docker setup, add docker-compose.yml example, replace docker-101 with docker cheatsheet - troubleshooting: move all troubleshooting documentation to troubleshooting.md **Usage:** - index: add getting started section on index page - features/usage: move all usage-related documentation to usage.md, add links from the main feature list to corresponding usage docs, clarify/reword features list - shaarli configuration: add note about configuring from web interface **Removed:** - remove obsolete/orphan images - remove obsolete shaarchiver example - remove outdated "decode datastore content" snippet **Development:** - development: move development-related docs (static analysis, CI, unit tests, 3rd party libs, link structure/directory, guidelines, security....) to dev/ directory - development: Merge several pages to development.md - **Breaking change?:** remove mentions of 'stable' branch, switch to new branch/release model (master=latest commit, release=latest tag) - **Breaking change?:** refer to base sharing unit as "Shaare" everywhere (TODO: reflect changes in the code?) doc: update featues list/link to usage.md for details - development: directory structure: add note about required file permissions - .travis-ci.yml: add comments - .htaccess: add comment
author: nodiscc <nodiscc@gmail.com> 2020-05-16 12:54:51 +0200
committer: nodiscc <nodiscc@gmail.com> 2020-09-12 14:31:45 +0200
commit: 91a21c272960889afd4eaa431a3d29b7785b6efc (patch)
tree: 26e3ba62319964c5fd48d93fdfe47813d5dc9bf5 /doc/md/Server-security.md
parent: 6128ab6a55430a2b705be31ff417c0c552a0db1f (diff)
download: Shaarli-91a21c272960889afd4eaa431a3d29b7785b6efc.tar.gz
Shaarli-91a21c272960889afd4eaa431a3d29b7785b6efc.tar.zst
Shaarli-91a21c272960889afd4eaa431a3d29b7785b6efc.zip
1 files changed, 0 insertions, 76 deletions
diff --git a/doc/md/Server-security.md b/doc/md/Server-security.md
deleted file mode 100644
index ea1b637d..00000000
--- a/doc/md/Server-security.md
+++ /dev/null
@@ -1,76 +0,0 @@
-## php.ini
-PHP settings are defined in:
- a main configuration file, usually found under `/etc/php/$php_version/php.ini`; some distributions provide different configuration environments, e.g.
-    - `/etc/php/$php_version/cli/php.ini` - used when running console scripts
-    - `/etc/php/$php_version/apache2/php.ini` - used when a client requests PHP resources from Apache
-    - `/etc/php/$php_version/php-fpm.conf` - used when PHP requests are proxied to PHP-FPM
- additional configuration files/entries, depending on the installed/enabled extensions:
-    - `/etc/php/conf.d/xdebug.ini`
-### Locate .ini files
-#### Console environment
-```bash
-$ php --ini
-Configuration File (php.ini) Path: /etc/php
-Loaded Configuration File:         /etc/php/php.ini
-Scan for additional .ini files in: /etc/php/conf.d
-Additional .ini files parsed:      /etc/php/conf.d/xdebug.ini
-```
-#### Server environment
- create a `phpinfo.php` script located in a path supported by the web server, e.g.
-    - Apache (with user dirs enabled): `/home/myself/public_html/phpinfo.php`
-    - `/var/www/test/phpinfo.php`
- make sure the script is readable by the web server user/group (usually, `www`, `www-data` or `httpd`)
- access the script from a web browser
- look at the _Loaded Configuration File_ and _Scan this dir for additional .ini files_ entries
-```php
-<?php phpinfo(); ?>
-```
-## fail2ban
-`fail2ban` is an intrusion prevention framework that reads server (Apache, SSH, etc.) and uses `iptables` profiles to block brute-force attempts:
- [Official website](http://www.fail2ban.org/wiki/index.php/Main_Page)
- [Source code](https://github.com/fail2ban/fail2ban)
-### Read Shaarli logs to ban IPs
-Example configuration:
- allow 3 login attempts per IP address
- after 3 failures, permanently ban the corresponding IP adddress
-`/etc/fail2ban/jail.local`
-```ini
-[shaarli-auth]
-enabled  = true
-port     = https,http
-filter   = shaarli-auth
-logpath  = /var/www/path/to/shaarli/data/log.txt
-maxretry = 3
-bantime = -1
-```
-`/etc/fail2ban/filter.d/shaarli-auth.conf`
-```ini
-[INCLUDES]
-before = common.conf
-[Definition]
-failregex = \s-\s<HOST>\s-\sLogin failed for user.*$
-ignoreregex = 
-```
-## Robots - Restricting search engines and web crawler traffic
-Creating a `robots.txt` with the following contents at the root of your Shaarli installation will prevent _honest_ web crawlers from indexing each and every link and Daily page from a Shaarli instance, thus getting rid of a certain amount of unsollicited network traffic.
-```
-User-agent: *
-Disallow: /
-```
-See:
- http://www.robotstxt.org
- http://www.robotstxt.org/robotstxt.html
- http://www.robotstxt.org/meta.html
author	nodiscc <nodiscc@gmail.com>	2020-05-16 12:54:51 +0200
committer	nodiscc <nodiscc@gmail.com>	2020-09-12 14:31:45 +0200
commit	91a21c272960889afd4eaa431a3d29b7785b6efc (patch)
tree	26e3ba62319964c5fd48d93fdfe47813d5dc9bf5 /doc/md/Server-security.md
parent	6128ab6a55430a2b705be31ff417c0c552a0db1f (diff)
download	Shaarli-91a21c272960889afd4eaa431a3d29b7785b6efc.tar.gz Shaarli-91a21c272960889afd4eaa431a3d29b7785b6efc.tar.zst Shaarli-91a21c272960889afd4eaa431a3d29b7785b6efc.zip

diff --git a/doc/md/Server-security.md b/doc/md/Server-security.md deleted file mode 100644 index ea1b637d..00000000 --- a/doc/md/Server-security.md +++ /dev/null
@@ -1,76 +0,0 @@
1	## php.ini
2	PHP settings are defined in:
3
4	- a main configuration file, usually found under `/etc/php/$php_version/php.ini`; some distributions provide different configuration environments, e.g.
5	- `/etc/php/$php_version/cli/php.ini` - used when running console scripts
6	- `/etc/php/$php_version/apache2/php.ini` - used when a client requests PHP resources from Apache
7	- `/etc/php/$php_version/php-fpm.conf` - used when PHP requests are proxied to PHP-FPM
8	- additional configuration files/entries, depending on the installed/enabled extensions:
9	- `/etc/php/conf.d/xdebug.ini`
10
11	### Locate .ini files
12	#### Console environment
13	```bash
14	$ php --ini
15	Configuration File (php.ini) Path: /etc/php
16	Loaded Configuration File: /etc/php/php.ini
17	Scan for additional .ini files in: /etc/php/conf.d
18	Additional .ini files parsed: /etc/php/conf.d/xdebug.ini
19	```
20
21	#### Server environment
22	- create a `phpinfo.php` script located in a path supported by the web server, e.g.
23	- Apache (with user dirs enabled): `/home/myself/public_html/phpinfo.php`
24	- `/var/www/test/phpinfo.php`
25	- make sure the script is readable by the web server user/group (usually, `www`, `www-data` or `httpd`)
26	- access the script from a web browser
27	- look at the _Loaded Configuration File_ and _Scan this dir for additional .ini files_ entries
28	```php
29	<?php phpinfo(); ?>
30	```
31
32	## fail2ban
33	`fail2ban` is an intrusion prevention framework that reads server (Apache, SSH, etc.) and uses `iptables` profiles to block brute-force attempts:
34
35	- [Official website](http://www.fail2ban.org/wiki/index.php/Main_Page)
36	- [Source code](https://github.com/fail2ban/fail2ban)
37
38	### Read Shaarli logs to ban IPs
39	Example configuration:
40	- allow 3 login attempts per IP address
41	- after 3 failures, permanently ban the corresponding IP adddress
42
43	`/etc/fail2ban/jail.local`
44	```ini
45	[shaarli-auth]
46	enabled = true
47	port = https,http
48	filter = shaarli-auth
49	logpath = /var/www/path/to/shaarli/data/log.txt
50	maxretry = 3
51	bantime = -1
52	```
53
54	`/etc/fail2ban/filter.d/shaarli-auth.conf`
55	```ini
56	[INCLUDES]
57	before = common.conf
58	[Definition]
59	failregex = \s-\s<HOST>\s-\sLogin failed for user.*$
60	ignoreregex =
61	```
62
63	## Robots - Restricting search engines and web crawler traffic
64
65	Creating a `robots.txt` with the following contents at the root of your Shaarli installation will prevent _honest_ web crawlers from indexing each and every link and Daily page from a Shaarli instance, thus getting rid of a certain amount of unsollicited network traffic.
66
67	```
68	User-agent: *
69	Disallow: /
70	```
71
72	See:
73
74	- http://www.robotstxt.org
75	- http://www.robotstxt.org/robotstxt.html
76	- http://www.robotstxt.org/meta.html