From fc66b376cb3a2c73843cc882d500cfd743c0790e Mon Sep 17 00:00:00 2001 From: sijanec Date: Sun, 17 May 2020 00:13:40 +0200 Subject: dist should work, TODO: minify and bundle --- server/proxy/apache.conf | 99 +++++++++++++++++++++++++++++++++++ server/proxy/nginx.conf | 133 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 232 insertions(+) create mode 100644 server/proxy/apache.conf create mode 100644 server/proxy/nginx.conf (limited to 'server') diff --git a/server/proxy/apache.conf b/server/proxy/apache.conf new file mode 100644 index 0000000..e0c49a5 --- /dev/null +++ b/server/proxy/apache.conf @@ -0,0 +1,99 @@ + + SSLEngine On + SSLCertificateFile /etc/ssl/sslforfree/sg.crt + SSLCertificateKeyFile /etc/ssl/sslforfree/sg.key + SSLProxyEngine On + SSLProxyCheckPeerCN Off + SSLProxyCheckPeerName Off + # The ServerName directive sets the request scheme, hostname and port that + # the server uses to identify itself. This is used when creating + # redirection URLs. In the context of virtual hosts, the ServerName + # specifies what hostname must appear in the request's Host: header to + # match this virtual host. For the default virtual host (this file) this + # value is not decisive as it is used as a last resort host regardless. + # However, you must set it for any further virtual host explicitly. + #ServerName www.example.com + + #ServerAdmin webmaster@localhost + #DocumentRoot /var/www/apache2 + + # Available loglevels: trace8, ..., trace1, debug, info, notice, warn, + # error, crit, alert, emerg. + # It is also possible to configure the loglevel for particular + # modules, e.g. + #LogLevel info ssl:warn + + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log combined + + # For most configuration files from conf-available/, which are + # enabled or disabled at a global level, it is possible to + # include a line for only one particular virtual host. For example the + # following line enables the CGI configuration for this host only + # after it has been globally disabled with "a2disconf". + #Include conf-available/serve-cgi-bin.conf + + RequestHeader unset Accept-Encoding + ProxyPreserveHost Off + ProxyPass "/" "https://zgimsis.gimb.org:443/" + ProxyPassReverse "/" "https://zgimsis.gimb.org:443/" + AddOutputFilterByType SUBSTITUTE text/html + Substitute "s|zgimsis.gimb.org|zgimsis.gimb.tk:27443|i" + Substitute "s/window.location.replace/console.log/i" + DumpIOInput Off + DumpIOOutput On + LogLevel dumpio:trace7 + LogLevel debug + + + +# ServerName cargova.xn--pga.ga +# SSLEngine On +# SSLCertificateFile /etc/ssl/sslforfree/sg.crt +# SSLCertificateKeyFile /etc/ssl/sslforfree/sg.key + SSLProxyEngine On + SSLProxyCheckPeerCN Off + SSLProxyCheckPeerName Off + # The ServerName directive sets the request scheme, hostname and port that + # the server uses to identify itself. This is used when creating + # redirection URLs. In the context of virtual hosts, the ServerName + # specifies what hostname must appear in the request's Host: header to + # match this virtual host. For the default virtual host (this file) this + # value is not decisive as it is used as a last resort host regardless. + # However, you must set it for any further virtual host explicitly. + #ServerName www.example.com + + #ServerAdmin webmaster@localhost + #DocumentRoot /var/www/apache2 + + # Available loglevels: trace8, ..., trace1, debug, info, notice, warn, + # error, crit, alert, emerg. + # It is also possible to configure the loglevel for particular + # modules, e.g. + #LogLevel info ssl:warn + + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log combined + + # For most configuration files from conf-available/, which are + # enabled or disabled at a global level, it is possible to + # include a line for only one particular virtual host. For example the + # following line enables the CGI configuration for this host only + # after it has been globally disabled with "a2disconf". + #Include conf-available/serve-cgi-bin.conf + + RequestHeader unset Accept-Encoding + ProxyPreserveHost Off + ProxyPass "/" "https://zgimsis.gimb.org:443/" + ProxyPassReverse "/" "https://zgimsis.gimb.org:443/" + AddOutputFilterByType SUBSTITUTE text/html + Substitute "s/zgimsis.gimb.org/zgimsis.gimb.tk:2780/i" + Substitute "s/window.location.replace/console.log/i" + DumpIOInput Off + DumpIOOutput On + LogLevel dumpio:trace7 + LogLevel debug + + + +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/server/proxy/nginx.conf b/server/proxy/nginx.conf new file mode 100644 index 0000000..222b8d2 --- /dev/null +++ b/server/proxy/nginx.conf @@ -0,0 +1,133 @@ +#server { +# server_name _; +# listen 80 default_server; +# # listen 443 default_server; +# listen [::]:80 default_server; +# # listen [::]:443 default_server; +# return 444; +#} +server { + listen 93.103.156.37:80; + listen [::]:80; + server_name .g.gimb.tk .gimsis.gimb.tk .zgimsis.gimb.tk .gimsisext.gimb.tk .gse.gimb.tk; + return 301 https://zgimsis.gimb.tk$request_uri; + port_in_redirect off; + server_name_in_redirect off; +} +server { + listen 93.103.156.37:443 ssl http2; + listen [::]:443 ssl http2; + ssl_certificate /etc/ssl/sslforfree/sg.crt; + ssl_certificate_key /etc/ssl/sslforfree/sg.key; + ssl_session_cache builtin:1000 shared:SSL:10m; + ssl_prefer_server_ciphers on; + add_header Strict-Transport-Security "max-age=604800"; + #root /var/www/html; + index index.php index.html index.htm index.nginx-debian.html; + server_name .g.gimb.tk .gimsis.gimb.tk .zgimsis.gimb.tk .gimsisext.gimb.tk .gse.gimb.tk; + location /gse/ { + #try_files $uri $uri/ =404; + proxy_pass https://localhost:27443; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + set $cors ''; + set $both_conditions ""; + add_header "x-debug-location-gse" "triggered"; + if ($http_origin ~ \.?gimb\.tk$) { + set $cors 'true'; + set $both_conditions "P"; + add_header "x-debug-http-origin-check" "passed"; + } + if ($cors = 'true') { + add_header "Access-Control-Allow-Origin" $http_origin always; + add_header "Access-Control-Allow-Credentials" "true" always; + add_header "Access-Control-Allow-Methods" "GET, POST, PATCH, PUT, DELETE, OPTIONS" always; + add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,Authorization' always; + add_header 'Access-Control-Expose-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,Authorization' always; + } + if ($request_method = 'OPTIONS') { + set $both_conditions "${both_conditions}D"; + } + if ($both_conditions = PD) { + add_header "Access-Control-Allow-Origin" $http_origin always; + add_header "Access-Control-Allow-Credentials" "true" always; + add_header "Access-Control-Allow-Methods" "GET, POST, PATCH, PUT, DELETE, OPTIONS" always; + add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,Authorization' always; + add_header 'Access-Control-Expose-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,Authorization' always; + add_header 'Access-Control-Max-Age' -1; + add_header 'Content-Type' 'text/plain charset=UTF-8'; + add_header 'Content-Length' 0; + return 204; + } + } + location / { + set $cors ''; + if ($http_origin ~ \.?gimb\.tk$) { + set $cors 'true'; + } + if ($cors = 'true') { + add_header "Access-Control-Allow-Origin" $http_origin always; + add_header "Access-Control-Allow-Credentials" "true" always; + add_header "Access-Control-Allow-Methods" "GET, POST, PATCH, PUT, DELETE, OPTIONS" always; + add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,Authorization' always; + add_header 'Access-Control-Expose-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,Authorization' always; + } + if ($request_method = 'OPTIONS') { + add_header 'Access-Control-Max-Age' 300; + add_header 'Content-Type' 'text/plain charset=UTF-8'; + add_header 'Content-Length' 0; + return 204; + } + return 301 https://zgimsis.gimb.tk/gse/; + } + #location ~ \.php$ { + # include snippets/fastcgi-php.conf; + # fastcgi_pass unix:/run/php/php7.3-fpm.sock; + #} + location ~ /\.ht { + deny all; + } + port_in_redirect off; + server_name_in_redirect off; +} +server { + listen 93.103.156.37:80; + listen [::]:80; + server_name .la.gimb.tk .lopolisapi.gimb.tk .lopolis-api.gimb.tk; + return 301 https://lopolis-api.gimb.tk$request_uri; + port_in_redirect off; + server_name_in_redirect off; +} +server { + listen 93.103.156.37:443 ssl http2; + listen [::]:443 ssl http2; + ssl_certificate /etc/ssl/sslforfree/sg.crt; + ssl_certificate_key /etc/ssl/sslforfree/sg.key; + ssl_session_cache builtin:1000 shared:SSL:10m; + ssl_prefer_server_ciphers on; + add_header Strict-Transport-Security "max-age=604800"; + #root /var/www/html; + index index.php index.html index.htm index.nginx-debian.html; + server_name .la.gimb.tk .lopolisapi.gimb.tk .lopolis-api.gimb.tk; + location / { + #try_files $uri $uri/ =404; + proxy_pass http://localhost:44625; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + } + #location / { +# return 301 https://zgimsis.gimb.tk/gse/; +# } + #location ~ \.php$ { + # include snippets/fastcgi-php.conf; + # fastcgi_pass unix:/run/php/php7.3-fpm.sock; + #} + location ~ /\.ht { + deny all; + } + add_header X-This-Is-Definetley-Not-Flask I-Really-Care-If-Someone-DoSes-This-/s; + add_header X-I-Mean-If-Someone-Wants-To-DoS-Me They-Have-The-Power-To-Do-It; + add_header X-Although-It-Is-Illegal-And-I Will-Report-You-To-SiCert-And-They-Will-Bit-Your-Ass; + port_in_redirect off; + server_name_in_redirect off; +} -- cgit v1.2.3 From e7dc728e3420c7f51f793daa70c0e46a43c367f5 Mon Sep 17 00:00:00 2001 From: sijanec Date: Wed, 20 May 2020 13:57:10 +0200 Subject: did it work? --- server/report/index.php | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 server/report/index.php (limited to 'server') diff --git a/server/report/index.php b/server/report/index.php new file mode 100644 index 0000000..c0ac172 --- /dev/null +++ b/server/report/index.php @@ -0,0 +1,41 @@ +connect_error) { + http_response_code(500); + die("database connection failed. ".$warning); // . $conn->connect_error); + } + $stmt = $conn->prepare("INSERT INTO error_reports (msg, url, line, column, obj, ua, app_version, previous_commit, ip) VALUES". + "(?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"); + $stmt->bind_param("ssiisssss", $_REQUEST["error"]["msg"], $_REQUEST["error"]["url"], $_REQUEST["error"]["line"], + $_REQUEST["error"]["column"], $_REQUEST["error"]["obj"], $_REQUEST["client"]["ua"], $_REQUEST["client"]["app_version"], + $_REQUEST["client"]["previous_commit"], $_SERVER["REMOTE_ADDR"]); + + $stmt->execute(); + + $stmt->close(); + $conn->close(); + + exit("report saved. ".$warning); +?> -- cgit v1.2.3 From 9f42af73101393f57ac653bbbdf2940b2de1f202 Mon Sep 17 00:00:00 2001 From: sijanec Date: Wed, 20 May 2020 14:29:27 +0200 Subject: DNM, not tested --- server/report/index.php | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'server') diff --git a/server/report/index.php b/server/report/index.php index c0ac172..6763a29 100644 --- a/server/report/index.php +++ b/server/report/index.php @@ -26,6 +26,20 @@ http_response_code(500); die("database connection failed. ".$warning); // . $conn->connect_error); } + + $query = "CREATE TABLE IF NOT EXISTS error_reports ( + msg VARCHAR(420) , + url VARCHAR(420) , + line INT , + column INT , + obj VARCHAR(420) , + ua VARCHAR(420) , + app_version VARCHAR(420) , + previous_commit VARCHAR(69) , + ip VARCHAR(69) , + )"; + $result = mysqli_query($dbConnection, $conn); + $stmt = $conn->prepare("INSERT INTO error_reports (msg, url, line, column, obj, ua, app_version, previous_commit, ip) VALUES". "(?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"); $stmt->bind_param("ssiisssss", $_REQUEST["error"]["msg"], $_REQUEST["error"]["url"], $_REQUEST["error"]["line"], -- cgit v1.2.3 From 9eae85e3a223eee2b394e44b1d2c3bc6779b7119 Mon Sep 17 00:00:00 2001 From: sijanec Date: Wed, 20 May 2020 14:34:49 +0200 Subject: DNM, not tested #2 --- server/report/index.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'server') diff --git a/server/report/index.php b/server/report/index.php index 6763a29..b81c7f7 100644 --- a/server/report/index.php +++ b/server/report/index.php @@ -31,7 +31,7 @@ msg VARCHAR(420) , url VARCHAR(420) , line INT , - column INT , + colno INT , obj VARCHAR(420) , ua VARCHAR(420) , app_version VARCHAR(420) , @@ -40,7 +40,7 @@ )"; $result = mysqli_query($dbConnection, $conn); - $stmt = $conn->prepare("INSERT INTO error_reports (msg, url, line, column, obj, ua, app_version, previous_commit, ip) VALUES". + $stmt = $conn->prepare("INSERT INTO error_reports (msg, url, line, colno, obj, ua, app_version, previous_commit, ip) VALUES". "(?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"); $stmt->bind_param("ssiisssss", $_REQUEST["error"]["msg"], $_REQUEST["error"]["url"], $_REQUEST["error"]["line"], $_REQUEST["error"]["column"], $_REQUEST["error"]["obj"], $_REQUEST["client"]["ua"], $_REQUEST["client"]["app_version"], -- cgit v1.2.3 From 055622954307c9090a94ce0c84103258849d4dc5 Mon Sep 17 00:00:00 2001 From: sijanec Date: Wed, 20 May 2020 14:39:51 +0200 Subject: DNM, not tested #3 --- server/report/index.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'server') diff --git a/server/report/index.php b/server/report/index.php index b81c7f7..865bf02 100644 --- a/server/report/index.php +++ b/server/report/index.php @@ -38,7 +38,7 @@ previous_commit VARCHAR(69) , ip VARCHAR(69) , )"; - $result = mysqli_query($dbConnection, $conn); + $result = mysqli_query($conn, $query); $stmt = $conn->prepare("INSERT INTO error_reports (msg, url, line, colno, obj, ua, app_version, previous_commit, ip) VALUES". "(?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"); -- cgit v1.2.3 From c2bbdeb81de79f182847348da988f8cc6ca63e04 Mon Sep 17 00:00:00 2001 From: sijanec Date: Wed, 20 May 2020 14:41:20 +0200 Subject: DNM, not tested #3 --- server/report/index.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'server') diff --git a/server/report/index.php b/server/report/index.php index 865bf02..7b48b35 100644 --- a/server/report/index.php +++ b/server/report/index.php @@ -31,7 +31,7 @@ msg VARCHAR(420) , url VARCHAR(420) , line INT , - colno INT , + colno INT , obj VARCHAR(420) , ua VARCHAR(420) , app_version VARCHAR(420) , @@ -41,7 +41,7 @@ $result = mysqli_query($conn, $query); $stmt = $conn->prepare("INSERT INTO error_reports (msg, url, line, colno, obj, ua, app_version, previous_commit, ip) VALUES". - "(?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"); + "(?, ?, ?, ?, ?, ?, ?, ?, ?)"); $stmt->bind_param("ssiisssss", $_REQUEST["error"]["msg"], $_REQUEST["error"]["url"], $_REQUEST["error"]["line"], $_REQUEST["error"]["column"], $_REQUEST["error"]["obj"], $_REQUEST["client"]["ua"], $_REQUEST["client"]["app_version"], $_REQUEST["client"]["previous_commit"], $_SERVER["REMOTE_ADDR"]); -- cgit v1.2.3