From 7bcd7a5b12c428dcb6e60a94ff315a9e39511d13 Mon Sep 17 00:00:00 2001 From: terminaldweller Date: Wed, 23 Nov 2022 12:15:51 +0330 Subject: update --- .secrets.baseline | 2 +- .tmux.conf | 3 +- .tridactylrc | 2 + .zshrc | 3 + bin/sniff | 97 +++++++++++---------- db/mongo/build_db.js | 3 +- devi.zsh-theme | 10 +-- keymap.kbd | 1 - kubernetes/debug/debug-deployment.yaml | 2 +- openwrt/ripzero_v_1_3/files/etc/config/wireless | 2 +- stylus/manganato_sepia.css | 4 + terminaldweller.com/browsh/docker-compose.yaml | 13 +++ terminaldweller.com/cargo/docker-compose.yaml | 5 ++ terminaldweller.com/cargo/nginx.conf | 6 +- terminaldweller.com/cgit/cgit.conf | 3 +- terminaldweller.com/ejabberd/docker-compose.yaml | 4 +- terminaldweller.com/ejabberd/ejabberd.yml | 16 ++-- terminaldweller.com/haproxy/haproxy.cfg | 102 +++++++++++++---------- 18 files changed, 165 insertions(+), 113 deletions(-) create mode 100644 terminaldweller.com/browsh/docker-compose.yaml diff --git a/.secrets.baseline b/.secrets.baseline index 20a46db..798ac81 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -1,5 +1,5 @@ { - "version": "1.2.0", + "version": "1.4.0", "plugins_used": [ { "name": "ArtifactoryDetector" diff --git a/.tmux.conf b/.tmux.conf index 8b5ea70..9a4deb1 100644 --- a/.tmux.conf +++ b/.tmux.conf @@ -85,7 +85,8 @@ bind-key @ join-pane -s $.0 bind-key p popup -w 80% -h 80% -E ksh bind-key S popup -w 90% -h 90% -E env WWW_HOME=searx.terminaldweller.com /home/devi/w3m/w3m -o auto_image=FALSE -graph -bind-key F popup -d ${pane_current_path} -w 90% -h 90% -E ranger --cmd cd $(tmux show -p '#{pane_current_path}') +# bind-key F popup -d ${pane_current_path} -w 90% -h 90% -E ranger --cmd cd $(tmux show -p '#{pane_current_path}') +bind-key F popup -d ${pane_current_path} -w 90% -h 90% -E ranger #to support nested tmux sessions for ssh workflows bind -T root F6 \ diff --git a/.tridactylrc b/.tridactylrc index 3078f78..601c8e4 100644 --- a/.tridactylrc +++ b/.tridactylrc @@ -6,6 +6,8 @@ completionfuzziness 1 " bind tp tabmove -1 " bind tn tabmove +1 +bind tabnext +bind tabprev seturl duolingo.com superignore true seturl localhost:8889 superignore true diff --git a/.zshrc b/.zshrc index 732386f..d61cf36 100644 --- a/.zshrc +++ b/.zshrc @@ -294,6 +294,9 @@ alias nmap="grc nmap" alias fdisk="grc fdisk" alias blkid="grc blkid" alias b="buku --suggest" +alias whois="grc whois -H" +alias scapy="scapy -H" +alias dg="grc /usr/bin/dig" # change the 4th terminal color to #0000ff # echo -e '\e]P40000ff' diff --git a/bin/sniff b/bin/sniff index fa52e23..b884a91 100755 --- a/bin/sniff +++ b/bin/sniff @@ -1,33 +1,37 @@ -#!/usr/bin/python3 +#!/usr/bin/env python +"""Sniffs different file types in a given URL.""" import argparse -import signal -import sys import re -from requests import get -from requests.exceptions import RequestException -from contextlib import closing -from bs4 import BeautifulSoup +import typing +import contextlib +import requests # type:ignore +import bs4 # type:ignore -def SigHandler_SIGINT(signum, frame): - print() - sys.exit(0) +def log_error(error): + """A logger wrapper.""" + print(error) -def simple_get(url): +def simple_get(url) -> typing.Optional[typing.ByteString]: + """A simple get wrapper.""" try: - with closing(get(url, stream=True)) as resp: + with contextlib.closing( + requests.get(url, stream=True, timeout=10) + ) as resp: if is_good_response(resp): return resp.content - else: - return None - except RequestException as e: - log_error("Error during requests to {0} : {1}".format(url, str(e))) + return None + except requests.exceptions.RequestException as error: + log_error( + f"Error during requests to {0} : {1}".format(url, str(error)) + ) return None def is_good_response(resp): + """Checks if the response we get is a good response.""" content_type = resp.headers["Content-Type"].lower() return ( resp.status_code == 200 @@ -36,11 +40,10 @@ def is_good_response(resp): ) -def log_error(e): - print(e) - +# pylint: disable=too-few-public-methods +class Argparser: + """Argparser""" -class Argparser(object): def __init__(self): parser = argparse.ArgumentParser() parser.add_argument("--src", type=str, help="url") @@ -49,7 +52,7 @@ class Argparser(object): "--vid", action="store_true", help="video", default=False ) parser.add_argument( - "--dbg", action="store_true", help="debug", default=False + "--img", action="store_true", help="sniff images", default=False ) parser.add_argument( "--url", action="store_true", help="url", default=False @@ -57,7 +60,7 @@ class Argparser(object): self.args = parser.parse_args() -VID_FMT = [ +VID_FMTS = [ "webm", "mpg", "mp2", @@ -74,28 +77,43 @@ VID_FMT = [ "mkv", "svi", ] -# write code here -def premain(argparser): - signal.signal(signal.SIGINT, SigHandler_SIGINT) - # here +def image_finder(url: str) -> None: + """Sniffs images.""" + # raw_url_content = simple_get(url) + response = requests.get(url, timeout=10, allow_redirects=True) + # print(response.content) + if response.content is None: + return None + + soup = bs4.BeautifulSoup(response.content, "lxml") + search_results = soup.findAll("img") + for result in search_results: + print(result["src"]) + # img_response = requests.get( + # result["src"], timeout=10, allow_redirects=True + # ) + return None + + +def main() -> None: + """Entry point.""" + argparser = Argparser() + if argparser.args.img: + image_finder(argparser.args.src) raw_ml = simple_get(argparser.args.src) - # print("raw html length is " + repr(len(raw_ml))) - ml = BeautifulSoup(raw_ml, "lxml") - ml_str = repr(ml) - tmp = open("/tmp/riecher", "w") + ml_str = repr(bs4.BeautifulSoup(raw_ml, "lxml")) + tmp = open("/tmp/riecher", "w", encoding="utf-8") tmp.write(ml_str) tmp.close() - tmp = open("/tmp/riecher", "r") + tmp = open("/tmp/riecher", "r", encoding="utf-8") if argparser.args.src: if argparser.args.vid: for line in tmp: - # hit = False - for elem in VID_FMT: + for elem in VID_FMTS: if line.find("." + elem) > -1: print(line) - # hit = True if argparser.args.url: dump_list = [] for line in tmp: @@ -111,16 +129,5 @@ def premain(argparser): tmp.close() -def main(): - argparser = Argparser() - if argparser.args.dbg: - try: - premain(argparser) - except Exception as e: - print(e) - else: - premain(argparser) - - if __name__ == "__main__": main() diff --git a/db/mongo/build_db.js b/db/mongo/build_db.js index 67acd6d..2483347 100644 --- a/db/mongo/build_db.js +++ b/db/mongo/build_db.js @@ -47,6 +47,7 @@ const mangas = { "dungeon sherpa": "https://manganato.com/manga-kt987428", gachiakuta: "https://manganato.com/manga-na990935", "black lagoon": "https://readmanganato.com/manga-", + "chainsaw man": "https://readmanganato.com/manga-dn980422", }; db = connect("192.168.1.109:27117/devi"); @@ -91,7 +92,7 @@ db.mangas.updateOne( { _id: mangas_id }, { $set: { - "chainsaw man": "https://readmanganato.com/manga-dn980422", + "gantz:e": "https://manganato.com/manga-ho984623", }, } ); diff --git a/devi.zsh-theme b/devi.zsh-theme index 49d50db..c686909 100644 --- a/devi.zsh-theme +++ b/devi.zsh-theme @@ -160,7 +160,7 @@ add-zsh-hook precmd steeef_precmd tsocks_on() { if echo $LD_PRELOAD | grep libtsocks > /dev/null 2>&1; then # echo -ne "\x1b[38;5;0m\x1b[48;5;22m$reset_color\x1b[38;5;22m" - echo "%K{22}%F{0}$reset_color%F{22}" + echo "%K{22}%F{0}%K{0}%F{22}" else echo "$reset_color" ; @@ -169,7 +169,7 @@ tsocks_on() { sudo_query() { if sudo -nv > /dev/null 2>&1; then - echo "%K{33}%F{0}%K{0}%F{33} " + echo "%K{33}%F{0}%K{0}%F{33}" else echo "$reset_color" fi @@ -194,7 +194,7 @@ dir_writeable() { if [ -w $(pwd) ]; then echo "$reset_color" else - echo " %K{196}%F{0}$reset_color%F{196}" + echo " %K{196}%F{0}%K{0}%F{196}" fi } @@ -286,9 +286,9 @@ getterminal() { rbq_info_msg="" -PS1=$'%{$reset_color%}$(dir_writeable)$(tsocks_on)$(sudo_query)%{$reset_color%} %{$yablue%}%n@%M:$(getterminal)%{$reset_color%} %{$yagreen%}$(pwd_shortened)%{$reset_color%} %{$muckgreen%}$(time_function)%{$reset_color%}$vcs_info_msg_0_%{$limblue%}%{$gnew%}$(gitadditions)%{$gnew2%}$(gitdeletions)%{$reset_color%}%{$deeppink%}$(virtualenv_info)%{$reset_color%}%{$teal%}$(node_version)%{$reset_color%}%{$gover%}$(goversion)%{$reset_color%}%{$rust%}$(rustversion)%{$reset_color%}%{$babyblue%}$(ruby_version)%{$reset_color%}%{$sneakyc%}$(sneaky)%{$reset_color%}%{$new%}$rbq_info_msg%{$reset_color%} $(getkubernetesinfo)%{$reset_color%}' +PS1=$'$(dir_writeable)$(tsocks_on)$(sudo_query)%{$reset_color%} %{$yablue%}%n@%M:$(getterminal)%{$reset_color%} %{$yagreen%}$(pwd_shortened)%{$reset_color%} %{$muckgreen%}$(time_function)%{$reset_color%}$vcs_info_msg_0_%{$limblue%}%{$gnew%}$(gitadditions)%{$gnew2%}$(gitdeletions)%{$reset_color%}%{$deeppink%}$(virtualenv_info)%{$reset_color%}%{$teal%}$(node_version)%{$reset_color%}%{$gover%}$(goversion)%{$reset_color%}%{$rust%}$(rustversion)%{$reset_color%}%{$babyblue%}$(ruby_version)%{$reset_color%}%{$sneakyc%}$(sneaky)%{$reset_color%}%{$new%}$rbq_info_msg%{$reset_color%} $(getkubernetesinfo)%{$reset_color%}' PS2=$'' -PS3=$'\n%{$randomblue%}--➜%{$reset_color%} ' +PS3=$'\n%{$randomblue%}--➜%K{0}%F{15}' get_prompt_len() { local zero='%([BSUbfksu]|([FK]|){*})' local FOOLENGTH=${#${(S%%)PS1//$~zero/}} diff --git a/keymap.kbd b/keymap.kbd index b566b5e..72e0d58 100644 --- a/keymap.kbd +++ b/keymap.kbd @@ -17,7 +17,6 @@ ) -------------------------------------------------------------------------- |# (defcfg - ;; input (device-file "/dev/input/by-id/usb-Razer_Razer_Huntsman_Tournament_Edition_00000000001A-event-kbd") input (device-file "/dev/input/by-id/usb-Razer_Razer_Huntsman_Tournament_Edition_00000000001A-if01-event-kbd") output (uinput-sink "KMonad output") diff --git a/kubernetes/debug/debug-deployment.yaml b/kubernetes/debug/debug-deployment.yaml index 1d58b40..42631dd 100644 --- a/kubernetes/debug/debug-deployment.yaml +++ b/kubernetes/debug/debug-deployment.yaml @@ -16,7 +16,7 @@ spec: spec: containers: - name: debug - image: 192.168.1.103:5000/bullseye-slim + image: 192.168.1.214:5000/bullseye-slim imagePullPolicy: IfNotPresent command: - tail diff --git a/openwrt/ripzero_v_1_3/files/etc/config/wireless b/openwrt/ripzero_v_1_3/files/etc/config/wireless index 0800aaa..9303c58 100644 --- a/openwrt/ripzero_v_1_3/files/etc/config/wireless +++ b/openwrt/ripzero_v_1_3/files/etc/config/wireless @@ -10,5 +10,5 @@ config wifi-iface 'default_radio0' option device 'radio0' option network 'lan' option mode 'ap' - option ssiid 'OpenWrt' + option ssid 'OpenWrt' option encryption 'none' diff --git a/stylus/manganato_sepia.css b/stylus/manganato_sepia.css index b72db94..f168003 100644 --- a/stylus/manganato_sepia.css +++ b/stylus/manganato_sepia.css @@ -6,4 +6,8 @@ img:hover { filter: none; } + + .container-chapter-reader { + background-color: #000000; + } } diff --git a/terminaldweller.com/browsh/docker-compose.yaml b/terminaldweller.com/browsh/docker-compose.yaml new file mode 100644 index 0000000..4778988 --- /dev/null +++ b/terminaldweller.com/browsh/docker-compose.yaml @@ -0,0 +1,13 @@ +version: "3" +services: + browsh: + image: browsh/browsh:v1.8.0 + networks: + - browshnet + ports: + - "4333:4333" + restart: unless-stopped + entrypoint: "/app/bin/browsh" + command: ["--http-server-mode"] +networks: + browshnet: diff --git a/terminaldweller.com/cargo/docker-compose.yaml b/terminaldweller.com/cargo/docker-compose.yaml index ef2e1b8..7cbb5d9 100644 --- a/terminaldweller.com/cargo/docker-compose.yaml +++ b/terminaldweller.com/cargo/docker-compose.yaml @@ -12,7 +12,12 @@ services: volumes: - ./nginx.conf:/etc/nginx/nginx.conf:ro - /home/ubuntu/cargo:/cargo + - /etc/letsencrypt/archive/cargo.terminaldweller.com/:/certs/ cap_drop: - ALL + cap_add: + - CHOWN + - SETGID + - SETUID networks: cargonet: diff --git a/terminaldweller.com/cargo/nginx.conf b/terminaldweller.com/cargo/nginx.conf index 118825c..eafeeee 100644 --- a/terminaldweller.com/cargo/nginx.conf +++ b/terminaldweller.com/cargo/nginx.conf @@ -3,10 +3,10 @@ events { } http { server { - listen 8080 ssl; + listen 8080 ssl http2; keepalive_timeout 70; - ssl_certificate /certs/server.cert; - ssl_certificate_key /certs/server.key; + ssl_certificate /certs/cert1.pem; + ssl_certificate_key /certs/privkey1.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; sendfile on; diff --git a/terminaldweller.com/cgit/cgit.conf b/terminaldweller.com/cgit/cgit.conf index caf8876..e180158 100644 --- a/terminaldweller.com/cgit/cgit.conf +++ b/terminaldweller.com/cgit/cgit.conf @@ -2,7 +2,8 @@ server.modules += ( "mod_cgi", "mod_rewrite", "mod_openssl" ) $SERVER["socket"] == ":443" { ssl.engine = "enable" - ssl.pemfile = "/etc/certs/git.pem" + ssl.pemfile = "/etc/certs/fullchain1.pem" + ssl.privkey = "/etc/certs/privkey1.pem" server.name = "git.terminaldweller.com" server.document-root = "/usr/share/webapps/cgit/" diff --git a/terminaldweller.com/ejabberd/docker-compose.yaml b/terminaldweller.com/ejabberd/docker-compose.yaml index 81c4c8d..1ca57b2 100644 --- a/terminaldweller.com/ejabberd/docker-compose.yaml +++ b/terminaldweller.com/ejabberd/docker-compose.yaml @@ -16,14 +16,14 @@ services: restart: unless-stopped volumes: - ./ejabberd.yml:/home/ejabberd/conf/ejabberd.yml - - /etc/letsencrypt/archive/chat.terminaldweller.com/:/opt/ejabberd/certs/ + - /etc/letsencrypt/archive/jabber.terminaldweller.com/:/opt/ejabberd/certs/ - ./dh:/usr/local/etc/ejabberd/dh - ./acme:/usr/local/etc/self_signed/ - confs_certs:/home/ejabberd/conf/ - mnesia_db:/home/ejabberd/database/ - vault:/var/lib/ejabberd/ environment: - - XMPP_DOMAIN=chat.terminaldweller.com + - XMPP_DOMAIN=jabber.terminaldweller.com - ERLANG_NODE=ejabberd #entrypoint: ["tail", "-f", "/dev/null"] networks: diff --git a/terminaldweller.com/ejabberd/ejabberd.yml b/terminaldweller.com/ejabberd/ejabberd.yml index 86d9857..228ac6d 100644 --- a/terminaldweller.com/ejabberd/ejabberd.yml +++ b/terminaldweller.com/ejabberd/ejabberd.yml @@ -1,5 +1,5 @@ hosts: - - chat.terminaldweller.com + - jabber.terminaldweller.com auth_method: internal auth_password_format: scram # pragma: allowlist secret @@ -10,8 +10,8 @@ log_rotate_size: 10485760 log_rotate_count: 1 define_macro: - 'TLS_CIPHERS': "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:RSA-PSK-AES256-GCM-SHA384:DHE-PSK-AES256-GCM-SHA384:RSA-PSK-CHACHA20-POLY1305:DHE-PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305:AES256-GCM-SHA384:PSK-AES256-GCM-SHA384:PSK-CHACHA20-POLY1305:RSA-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-GCM-SHA256:AES128-GCM-SHA256:PSK-AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:ECDHE-PSK-AES256-CBC-SHA384:ECDHE-PSK-AES256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:RSA-PSK-AES256-CBC-SHA384:DHE-PSK-AES256-CBC-SHA384:RSA-PSK-AES256-CBC-SHA:DHE-PSK-AES256-CBC-SHA:AES256-SHA:PSK-AES256-CBC-SHA384:PSK-AES256-CBC-SHA:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA:RSA-PSK-AES128-CBC-SHA256:DHE-PSK-AES128-CBC-SHA256:RSA-PSK-AES128-CBC-SHA:DHE-PSK-AES128-CBC-SHA:AES128-SHA:PSK-AES128-CBC-SHA256:PSK-AES128-CBC-SHA" - 'TLS_OPTIONS': + 'TLS_CIPHERS': "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:RSA-PSK-AES256-GCM-SHA384:DHE-PSK-AES256-GCM-SHA384:RSA-PSK-CHACHA20-POLY1305:DHE-PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305:AES256-GCM-SHA384:PSK-AES256-GCM-SHA384:PSK-CHACHA20-POLY1305:RSA-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-GCM-SHA256:AES128-GCM-SHA256:PSK-AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:ECDHE-PSK-AES256-CBC-SHA384:ECDHE-PSK-AES256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:RSA-PSK-AES256-CBC-SHA384:DHE-PSK-AES256-CBC-SHA384:RSA-PSK-AES256-CBC-SHA:DHE-PSK-AES256-CBC-SHA:AES256-SHA:PSK-AES256-CBC-SHA384:PSK-AES256-CBC-SHA:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA:RSA-PSK-AES128-CBC-SHA256:DHE-PSK-AES128-CBC-SHA256:RSA-PSK-AES128-CBC-SHA:DHE-PSK-AES128-CBC-SHA:AES128-SHA:PSK-AES128-CBC-SHA256:PSK-AES128-CBC-SHA" + 'TLS_OPTIONS': - "no_sslv2" - "no_sslv3" - "no_tlsv1" @@ -19,17 +19,17 @@ define_macro: - "cipher_server_preference" - "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:RSA-PSK-AES256-GCM-SHA384:DHE-PSK-AES256-GCM-SHA384:RSA-PSK-CHACHA20-POLY1305:DHE-PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305:AES256-GCM-SHA384:PSK-AES256-GCM-SHA384:PSK-CHACHA20-POLY1305:RSA-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-GCM-SHA256:AES128-GCM-SHA256:PSK-AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:ECDHE-PSK-AES256-CBC-SHA384:ECDHE-PSK-AES256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:RSA-PSK-AES256-CBC-SHA384:DHE-PSK-AES256-CBC-SHA384:RSA-PSK-AES256-CBC-SHA:DHE-PSK-AES256-CBC-SHA:AES256-SHA:PSK-AES256-CBC-SHA384:PSK-AES256-CBC-SHA:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA:RSA-PSK-AES128-CBC-SHA256:DHE-PSK-AES128-CBC-SHA256:RSA-PSK-AES128-CBC-SHA:DHE-PSK-AES128-CBC-SHA:AES128-SHA:PSK-AES128-CBC-SHA256:PSK-AES128-CBC-SHA" - "no_compression" - 'DH_FILE': "/usr/local/etc/ejabberd/dh/dhparams.pem" # generated with: openssl dhparam -out dhparams.pem 4096 + 'DH_FILE': "/usr/local/etc/ejabberd/dh/dhparams.pem" # generated with: openssl dhparam -out dhparams.pem 4096 -#c2s_dhfile: 'DH_FILE' -#s2s_dhfile: 'DH_FILE' +c2s_dhfile: 'DH_FILE' +s2s_dhfile: 'DH_FILE' c2s_ciphers: 'TLS_CIPHERS' s2s_ciphers: 'TLS_CIPHERS' c2s_protocol_options: 'TLS_OPTIONS' s2s_protocol_options: 'TLS_OPTIONS' certfiles: # - /usr/local/etc/self_signed/ej2.pem - - /opt/ejabberd/certs/ejabberd.pem + - /opt/ejabberd/certs/ejabberd.pem # cat privkey1.pem fullchain1.pem > ejabberd.pem #- '/var/lib/ejabberd/acme/fullchain1.pem' #- '/var/lib/ejabberd/acme/chain1.pem' #- '/var/lib/ejabberd/acme/cert1.pem' @@ -119,7 +119,7 @@ acl: - ::FFFF:127.0.0.1/128 admin: user: - - 'admin@chat.terminaldweller.com' + - 'admin@jabber.terminaldweller.com' access_rules: local: diff --git a/terminaldweller.com/haproxy/haproxy.cfg b/terminaldweller.com/haproxy/haproxy.cfg index b659cb3..26e90f2 100644 --- a/terminaldweller.com/haproxy/haproxy.cfg +++ b/terminaldweller.com/haproxy/haproxy.cfg @@ -36,7 +36,7 @@ frontend http acl blog-host hdr_sub(host) -i blog.terminaldweller.com acl mail-host hdr_sub(host) -i mail.terminaldweller.com acl api-host hdr_sub(host) -i api.terminaldweller.com - acl chat-host hdr_sub(host) -i chat.terminaldweller.com + acl jabber-host hdr_sub(host) -i jabber.terminaldweller.com acl searx-host hdr_sub(host) -i searx.terminaldweller.com acl editor-host hdr_sub(host) -i editor.terminaldweller.com acl editorsave-host hdr_sub(host) -i editorsave.terminaldweller.com @@ -44,6 +44,8 @@ frontend http acl discord-host hdr_sub(host) -i discord.terminaldweller.com acl rssgen-host hdr_sub(host) -i rssgen.terminaldweller.com acl git-host hdr_sub(host) -i git.terminaldweller.com + acl cargo-host hdr_sub(host) -i cargo.terminaldweller.com + acl browsh-host hdr_sub(host) -i browsh.terminaldweller.com acl mila-api-acl url_beg /mila acl crypto-api-acl url_beg /crypto acl http ssl_fc,not @@ -59,27 +61,31 @@ frontend http http-request redirect scheme https code 301 if http searx-host !letsencrypt-acl http-request redirect scheme https code 301 if http git-host !letsencrypt-acl # http-request redirect scheme https code 301 if http rssgen-host !letsencrypt-acl + http-request redirect scheme https code 301 if http cargo-host !letsencrypt-acl + #http-request redirect scheme https code 301 if http jabber-host !letsencrypt-acl + # http-request redirect scheme https code 301 if http rssgen-host !letsencrypt-acl #Conditions - #use_backend chat-cert-backend if letsencrypt-acl chat-host use_backend blog-backend-cert if letsencrypt-acl blog-host use_backend blog-backend-cert if letsencrypt-acl editor-host use_backend blog-backend-cert if letsencrypt-acl editorsave-host use_backend cloud-one-cert if letsencrypt-acl devourer-host - use_backend cloud-one-cert if letsencrypt-acl chat-host + use_backend searx-backend-cert if letsencrypt-acl jabber-host use_backend api-crypto-backend-cert if letsencrypt-acl api-host use_backend api-mila-backend-cert if letsencrypt-acl api-host use_backend searx-backend-cert if letsencrypt-acl searx-host use_backend searx-backend-cert if letsencrypt-acl rssgen-host use_backend searx-backend-cert if letsencrypt-acl git-host + use_backend searx-backend-cert if letsencrypt-acl cargo-host # use_backend editor-backend-cert if letsencrypt-acl editor-host - use_backend certbot-backend if letsencrypt-acl !chat-host !blog-host !api-host + use_backend certbot-backend if letsencrypt-acl !jabber-host !blog-host !api-host use_backend blog-backend if blog-host use_backend mail-backend if mail-host use_backend api-backend if api-host use_backend searx-backend if searx-host - use_backend rssgen-backend if rssgen-host use_backend git-backend if git-host + use_backend rssgen-backend if rssgen-host + use_backend browsh-backend if browsh-host #use_backend chat-backend if chat-host default_backend blog-backend @@ -92,7 +98,7 @@ frontend https tcp-request content reject #ACLs acl mail-host-s req.ssl_sni -i mail.terminaldweller.com - acl chat-host-s req.ssl_sni -i chat.terminaldweller.com + acl jabber-host-s req.ssl_sni -i jabber.terminaldweller.com acl blog-host-s req.ssl_sni -i blog.terminaldweller.com acl jericho-host-s req.ssl_sni -i jericho.terminaldweller.com acl api-host-s req.ssl_sni -i api.terminaldweller.com @@ -103,6 +109,7 @@ frontend https acl editor-host-s req.ssl_sni -i editor.terminaldweller.com acl editorsave-host-s req.ssl_sni -i editorsave.terminaldweller.com acl discord-host-s req.ssl_sni -i discord.terminaldweller.com + acl rssgen-host-s req.ssl_sni -i rssgen.terminaldweller.com #Conditions use_backend mail-backend-s if mail-host-s #use_backend chat-backend-s if chat-host-s @@ -116,6 +123,7 @@ frontend https use_backend editor-backend-s if editor-host-s use_backend editorsave-backend-s if editorsave-host-s use_backend git-backend-s if git-host-s + use_backend rssgen-backend-s if rssgen-host-s #frontend jabber5222 # bind *:5222 @@ -134,8 +142,11 @@ frontend jabbber5222 bind *:5222 timeout client 60s mode tcp - acl chat-host req.ssl_sni -i chat.terminaldweller.com - use_backend chat-backend-c2s if chat-host + #tcp-request inspect-delay 5s + #tcp-request content accept if { req.ssl_hello_type 1 } + #tcp-request content reject + acl jabber-host req.ssl_sni -i jabber.terminaldweller.com + use_backend jabber-backend-c2s if jabber-host frontend jabber5223 bind *:5223 timeout client 60s @@ -143,13 +154,17 @@ frontend jabber5223 tcp-request inspect-delay 5s tcp-request content accept if { req.ssl_hello_type 1 } tcp-request content reject - acl chat-host-s req.ssl_sni -i chat.terminaldweller.com - use_backend chat-auth-backend-s if chat-host-s + acl jabber-host-s req.ssl_sni -i jabber.terminaldweller.com + use_backend jabber-auth-backend-s if jabber-host-s frontend jabber5280 bind *:5280 - mode http - acl chat-host hdr_sub(host) -i chat.terminaldweller.com - use_backend chat-backend-admin if chat-host + timeout client 60s + mode tcp + tcp-request inspect-delay 5s + tcp-request content accept if { req.ssl_hello_type 1 } + tcp-request content reject + acl jabber-host req.ssl_sni -i jabber.terminaldweller.com + use_backend jabber-backend-admin if jabber-host frontend jabber5443 bind *:5443 timeout client 60s @@ -157,8 +172,8 @@ frontend jabber5443 tcp-request inspect-delay 5s tcp-request content accept if { req.ssl_hello_type 1 } tcp-request content reject - acl chat-host-s req.ssl_sni -i chat.terminaldweller.com - use_backend chat-backend-s if chat-host-s + acl jabber-host-s req.ssl_sni -i jabber.terminaldweller.com + use_backend jabber-backend-s if jabber-host-s frontend mail-imap bind *:143 @@ -234,7 +249,7 @@ backend blog-backend-cert backend cloud-one-cert mode http option forwardfor - server cloud-one-host 130.185.121.80:80 + server cloud-one-host 185.130.47.208:80 backend blog-backend-s mode tcp option tcp-check @@ -296,72 +311,73 @@ backend api-crypto-backend-cert backend api-mila-backend-s mode tcp option tcp-check - server api-mila-host 130.185.121.80:19019 + server api-mila-host 185.130.47.208:9009 backend api-mila-backend-cert mode http option forwardfor - server api-mila-host 130.185.121.80 + server api-mila-host 185.130.47.208:80 -backend chat-backend-admin - mode http - server chat-host 130.185.121.80:5280 -#backend chat-backend -# mode http -# server chat-host 130.185.121.80:5222 -backend chat-backend-s +backend jabber-backend-admin mode tcp option tcp-check - server chat-host 130.185.121.80:5443 -backend chat-backend-c2s + server jabber-host 185.130.47.208:5280 +backend jabber-backend-s mode tcp option tcp-check - server chat-host 130.185.121.80:5222 -backend chat-auth-backend-s + server jabber-host 185.130.47.208:5443 +backend jabber-backend-c2s + mode tcp + server jabber-host 185.130.47.208:5222 +backend jabber-auth-backend-s mode tcp option tcp-check - server chat-host 130.185.121.80:5223 -#backend chat-cert-backend -# mode http -# server chat-cert-server 130.185.121.80:8880 + server jabber-host 185.130.47.208:5223 backend searx-backend-cert mode http - server searx-host-cert 130.185.121.80:80 + server searx-host-cert 185.130.47.208:80 backend searx-backend mode http - server searx-host 130.185.121.80:8080 + server searx-host 185.130.47.208:8080 backend searx-backend-s #balance roundrobin mode tcp option tcp-check - server searx-host-s 130.185.121.80:8081 maxconn 10 + server searx-host-s 185.130.47.208:8081 maxconn 10 #server searx-host-s 192.99.102.52:8081 maxconn 10 backend cargo-backend-s mode tcp option tcp-check - server cargo-host-s 130.185.121.80:7777 + server cargo-host-s 185.130.47.208:7777 backend editor-backend-s mode tcp option tcp-check - server cargo-host-s 192.99.102.52:7080 + server editor-host-s 192.99.102.52:7080 backend editorsave-backend-s mode tcp option tcp-check - server cargo-host-s 192.99.102.52:9080 + server editorsave-host-s 192.99.102.52:9080 backend rssgen-backend mode http - option forwardfor - server rssgen-host 130.185.121.80:3000 check + server rssgen-host-s 185.130.47.208:3000 +backend rssgen-backend-s + mode tcp + option tcp-check + server rssgen-host-s 185.130.47.208:3000 backend git-backend mode http option forwardfor - server git-host 130.185.121.80:8042 + server git-host 185.130.47.208:8042 backend git-backend-s mode tcp option tcp-check - server git-host-s 130.185.121.80:8043 check + server git-host-s 185.130.47.208:8043 check + +backend browsh-backend + mode http + server browsh-host 185.130.45.46:4333 -- cgit v1.2.3