From 53ed6d7d1e678d7486337ce67a2f17b30bac21ac Mon Sep 17 00:00:00 2001 From: nodiscc Date: Thu, 26 Jan 2017 18:52:54 +0100 Subject: Generate HTML documentation using MkDocs (WIP) MkDocs is a static site generator geared towards building project documentation. Documentation source files are written in Markdown, and configured with a single YAML file. * http://www.mkdocs.org/ * http://www.mkdocs.org/user-guide/configuration/ Ref. #312 * remove pandoc-generated HTML documentation * move markdown doc to doc/md/, * mkdocs.yml: * generate HTML doc in doc/html * add pages TOC/ordering * use index.md as index page * Makefile: remove execute permissions from generated files * Makefile: rewrite htmlpages GFM to markdown conversion using sed: awk expression aslo matched '][' which causes invalid output on complex links with images or code blocks * Add mkdocs.yml to .gitattributes, exclude this file from release archives * Makefile: rename: htmldoc -> doc_html target * run make doc: pull latest markdown documentation from wiki * run make htmlpages: update html documentation --- doc/Server-security.html | 175 ----------------------------------------------- 1 file changed, 175 deletions(-) delete mode 100644 doc/Server-security.html (limited to 'doc/Server-security.html') diff --git a/doc/Server-security.html b/doc/Server-security.html deleted file mode 100644 index 4f7ff468..00000000 --- a/doc/Server-security.html +++ /dev/null @@ -1,175 +0,0 @@ - - - - - - - Shaarli – Server security - - - - - - - -

Server security

php.ini

PHP settings are defined in:

a main configuration file, usually found under /etc/php5/php.ini; some distributions provide different configuration environments, e.g. -
- /etc/php5/php.ini - used when running console scripts
- /etc/php5/apache2/php.ini - used when a client requests PHP resources from Apache
- /etc/php5/php-fpm.conf - used when PHP requests are proxied to PHP-FPM
additional configuration files/entries, depending on the installed/enabled extensions: -
- /etc/php/conf.d/xdebug.ini

Locate .ini files

Console environment

$ php --ini
-Configuration File (php.ini) Path: /etc/php
-Loaded Configuration File:         /etc/php/php.ini
-Scan for additional .ini files in: /etc/php/conf.d
-Additional .ini files parsed:      /etc/php/conf.d/xdebug.ini

Server environment

create a phpinfo.php script located in a path supported by the web server, e.g. -
- Apache (with user dirs enabled): /home/myself/public_html/phpinfo.php
- /var/www/test/phpinfo.php
make sure the script is readable by the web server user/group (usually, www, www-data or httpd)
access the script from a web browser
look at the Loaded Configuration File and Scan this dir for additional .ini files entries
-
```
<?php phpinfo(); ?>
```

fail2ban

fail2ban is an intrusion prevention framework that reads server (Apache, SSH, etc.) and uses iptables profiles to block brute-force attempts:

Official website
Source code

Read Shaarli logs to ban IPs

Example configuration:

allow 3 login attempts per IP address
after 3 failures, permanently ban the corresponding IP adddress

/etc/fail2ban/jail.local

[shaarli-auth][](.html)
-enabled  = true
-port     = https,http
-filter   = shaarli-auth
-logpath  = /var/www/path/to/shaarli/data/log.txt
-maxretry = 3
-bantime = -1

/etc/fail2ban/filter.d/shaarli-auth.conf

[INCLUDES][](.html)
-before = common.conf
-[Definition][](.html)
-failregex = \s-\s<HOST>\s-\sLogin failed for user.*$
-ignoreregex =

Robots - Restricting search engines and web crawler traffic

Creating a robots.txt with the following contents at the root of your Shaarli installation will prevent honest web crawlers from indexing each and every link and Daily page from a Shaarli instance, thus getting rid of a certain amount of unsollicited network traffic.

User-agent: *
-Disallow: /

See:

- - -- cgit v1.2.3