documentation/Machines virtuelles/www.md

4.1 KiB

Machine virtuelle WWW

Cette machine est destinée à accueillir le site web de l'association

Matériel virtuel

CPU : 1
RAM : 1000 Mio Stockage de masse : 50 Gio

Logiciel

Système d'exploitation : Debian GNU/Linux-libre 11 (Bullseye)
Noyau : Linux-libre LTS (linux-libre-lts des dépôts https://linux-libre.fsfla.org)
Sécurités de la maintenance : etckeeper, mollyguard, git, tig, screen
Mail Transfer Agent : postfix
Serveur http : nginx Gestionnaire FastCGI : php-fpm version 7.4

Caractéristiques notables

Domaine : www.a-lec.org
Adresse ipv4 publique : 80.67.179.96
Adresse ipv4 interne : 192.169.100.188
Adresse ipv6 publique : 2001:910:1360::1ca

Configuration réseau

/etc/network/interfaces
# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug enp1s0
iface enp1s0 inet dhcp
iface enp1s0 inet6 static
    address 2001:910:1360::1ca/128
    gateway 2001:910:1360::
/etc/host.allow
sshd: 192.169.1.0/24, [2001:910:1360::]/48
/etc/host/deny
sshd: ALL

Configuration MTA

/etc/postfix/transport

a-lec.org    :
*              discard:

/etc/postfix/virtual

@localhost admin@a-lec.org
@www.a-lec.org admin@a-lec.org

Configuration du serveur web (nginx)

server {
        set_real_ip_from  192.169.1.1;
        real_ip_header proxy_protocol;

    # SSL configuration
    #
    listen 443 ssl proxy_protocol default_server;
    listen [::]:443 ssl default_server;

    root /var/www/html;

        ssl_certificate /etc/letsencrypt/live/www.a-lec.org/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/www.a-lec.org/privkey.pem; # managed by Certbot
        include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


    # Add index.php to the list if you are using PHP
    index index.html index.htm index.php;

    server_name www.a-lec.org;

    location /.well-known/host-meta {
        default_type 'application/xrd+xml';
        add_header Access-Control-Allow-Origin '*' always;
    }    

    location /.well-known/host-meta.json {
        default_type 'application/jrd+json';
        add_header Access-Control-Allow-Origin '*' always;
    }

    location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        try_files $uri $uri/ $uri.html $uri/index.php?q=$uri&$args =404;
    }

    ssi on;
    ssi_last_modified on;

    # pass PHP scripts to FastCGI server
    
    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        # With php-fpm (or other unix sockets):
        fastcgi_pass unix:/run/php/php7.4-fpm.sock;
        # With php-cgi (or other tcp sockets):
        # fastcgi_pass 127.0.0.1:9000;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }

}

server {
    listen 80;
    listen [::]:80;

    server_name www.a-lec.org; 

    return 302 https://www.a-lec.org$request_uri;
}

server {
        listen 80;
        listen [::]:80;

        server_name a-lec.org;

        return 302 https://www.a-lec.org$request_uri;
}

server {
        listen 443 ssl proxy_protocol;
        listen [::]:443 ssl;

        server_name a-lec.org;

        return 302 https://www.a-lec.org$request_uri;

        ssl_certificate /etc/letsencrypt/live/a-lec.org-0001/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/a-lec.org-0001/privkey.pem; # managed by Certbot
        include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}