documentation/Machines virtuelles/www.md

150 lines
4.0 KiB
Markdown
Raw Normal View History

2021-11-16 21:06:50 +01:00
## Machine virtuelle WWW
Cette machine est destinée à accueillir le site web de l'association
### Matériel virtuel
CPU : 1
RAM : 1000 Mio
Stockage de masse : 50 Gio
### Logiciel
Système d'exploitation : Debian GNU/Linux-libre 11 (Bullseye)
Noyau : Linux-libre LTS (`linux-libre-lts` des dépôts https://linux-libre.fsfla.org)
Sécurités de la maintenance : `etckeeper`, `mollyguard`, `git`, `tig`, `screen`
Mail Transfer Agent : `postfix`
Serveur http : `nginx`
Gestionnaire FastCGI : `php-fpm` version 7.4
### Caractéristiques notables
Domaine : www.a-lec.org
Adresse ipv4 publique : 80.67.179.96
2021-10-03 14:42:20 +02:00
Adresse ipv4 interne : 192.169.100.188
2021-11-16 19:39:34 +01:00
Adresse ipv6 publique : 2001:910:1360::1ca
2021-11-16 19:02:04 +01:00
#### Configuration réseau
##### /etc/network/interfaces
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug enp1s0
iface enp1s0 inet dhcp
iface enp1s0 inet6 static
address 2001:910:1360::1ca/128
gateway 2001:910:1360::
2021-11-16 19:32:55 +01:00
##### /etc/host.allow
sshd: 192.169.1.0/24, [2001:910:1360::]/48
##### /etc/host/deny
sshd: ALL
2021-11-16 19:49:02 +01:00
### Configuration MTA
#### /etc/postfix/transport
a-lec.org :
* discard:
#### /etc/postfix/virtual
@localhost admin@a-lec.org
2021-11-16 20:40:20 +01:00
@www.a-lec.org admin@a-lec.org
### Configuration du serveur web (nginx)
server {
set_real_ip_from 192.169.1.1;
real_ip_header proxy_protocol;
# SSL configuration
#
listen 443 ssl proxy_protocol default_server;
listen [::]:443 ssl default_server;
root /var/www/html;
ssl_certificate /etc/letsencrypt/live/www.a-lec.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.a-lec.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
# Add index.php to the list if you are using PHP
index index.html index.htm index.php;
server_name www.a-lec.org;
location /.well-known/host-meta {
default_type 'application/xrd+xml';
add_header Access-Control-Allow-Origin '*' always;
}
location /.well-known/host-meta.json {
default_type 'application/jrd+json';
add_header Access-Control-Allow-Origin '*' always;
}
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ $uri.html $uri/index.php?q=$uri&$args =404;
}
ssi on;
ssi_last_modified on;
# pass PHP scripts to FastCGI server
location ~ \.php$ {
include snippets/fastcgi-php.conf;
# With php-fpm (or other unix sockets):
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
# With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
server {
listen 80;
listen [::]:80;
server_name www.a-lec.org;
return 302 https://www.a-lec.org$request_uri;
}
server {
listen 80;
listen [::]:80;
server_name a-lec.org;
return 302 https://www.a-lec.org$request_uri;
}
server {
listen 443 ssl proxy_protocol;
listen [::]:443 ssl;
server_name a-lec.org;
return 302 https://www.a-lec.org$request_uri;
ssl_certificate /etc/letsencrypt/live/a-lec.org-0001/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/a-lec.org-0001/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}