瀏覽代碼

More consistency

Bob Mottram 11 年之前
父節點
當前提交
067e2325a9
共有 1 個檔案被更改,包括 87 行新增179 行删除
  1. 87
    179
      beaglebone.txt

+ 87
- 179
beaglebone.txt 查看文件

@@ -974,6 +974,7 @@ First install some prerequisites.
974 974
 
975 975
 #+BEGIN_SRC: bash
976 976
 apt-get install build-essential automake git pkg-config autoconf libtool libssl-dev
977
+apt-get remove ntpdate
977 978
 #+END_SRC
978 979
 
979 980
 Now download and install tlsdate.
@@ -1038,8 +1039,8 @@ Set the following properties:
1038 1039
 TCP_PORTS="1,7,9,11,15,79,109,110,111,119,138,139,512,513,514,515,540,635,1080,1524,2000,2001,4000,4001,5742,6000,6001,6667,12345,12346,20034,27665,30303,32771,32772,32773,32774,31337,40421,40425,49724,54320"
1039 1040
 UDP_PORTS="1,7,9,66,67,68,69,111,137,138,161,162,474,513,517,518,635,640,641,666,700,2049,31335,27444,34555,32770,32771,32772,32773,32774,31337,54321"
1040 1041
 
1041
-ADVANCED_EXCLUDE_TCP="113,139,70,80,443,587,143,6670,993,5060,5061,25,465,22,5222,5223,5269,5280,5281,8432,8433,8444"
1042
-ADVANCED_EXCLUDE_UDP="520,138,137,67,70,80,443,143,6670,993, 5060,5061,25,465,22,5222,5223,5269,5280,5281,8444"
1042
+ADVANCED_EXCLUDE_TCP="113,139,70,80,443,587,143,6697,993,5060,5061,25,465,22,5222,5223,5269,5280,5281,8432,8433,8444"
1043
+ADVANCED_EXCLUDE_UDP="520,138,137,67,70,80,443,143,6697,993, 5060,5061,25,465,22,5222,5223,5269,5280,5281,8444"
1043 1044
 
1044 1045
 SCAN_TRIGGER="2"
1045 1046
 
@@ -1091,6 +1092,7 @@ iptables -A INPUT -p tcp --destination-port 31337 -j DROP
1091 1092
 iptables -A INPUT -p tcp --destination-port 2000:2001 -j DROP
1092 1093
 iptables -A INPUT -p tcp --destination-port 12345 -j DROP
1093 1094
 iptables -A INPUT -p tcp --destination-port 32771:32774 -j DROP
1095
+iptables -A INPUT -p tcp --destination-port 6665:6669 -j DROP
1094 1096
 iptables -A INPUT -p tcp --destination-port 4000 -j DROP
1095 1097
 iptables -A INPUT -p tcp --destination-port 119 -j DROP
1096 1098
 iptables -A INPUT -p tcp --destination-port 137 -j DROP
@@ -1114,6 +1116,7 @@ iptables -A INPUT -p udp --destination-port 31337 -j DROP
1114 1116
 iptables -A INPUT -p udp --destination-port 2000:2001 -j DROP
1115 1117
 iptables -A INPUT -p udp --destination-port 12345 -j DROP
1116 1118
 iptables -A INPUT -p udp --destination-port 32771:32774 -j DROP
1119
+iptables -A INPUT -p udp --destination-port 6665:6669 -j DROP
1117 1120
 iptables -A INPUT -p udp --destination-port 4000 -j DROP
1118 1121
 iptables -A INPUT -p udp --destination-port 119 -j DROP
1119 1122
 iptables -A INPUT -p udp --destination-port 137 -j DROP
@@ -1138,7 +1141,7 @@ iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
1138 1141
 iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
1139 1142
 
1140 1143
 # Drop UDP to used ports
1141
-iptables -A INPUT -p udp --match multiport --dports 70,80,443,143,6670,993,5060,5061,25 -j DROP
1144
+iptables -A INPUT -p udp --match multiport --dports 70,80,443,143,6697,993,5060,5061,25 -j DROP
1142 1145
 iptables -A INPUT -p udp --match multiport --dports 465,587,22,5222,5223,5269,5280,5281,8444 -j DROP
1143 1146
 
1144 1147
 # Limit ssh logins
@@ -1152,7 +1155,7 @@ iptables -A INPUT -p tcp --dport 443 -m limit --limit 10/minute --limit-burst 1
1152 1155
 iptables -A INPUT -p tcp --match multiport --dports 5222:5223,5269,5280:5281 -m limit --limit 3/minute --limit-burst 1 -j ACCEPT
1153 1156
 
1154 1157
 # Limit IRC connections
1155
-iptables -A INPUT -p tcp --dport 6666:6670 -m limit --limit 3/minute --limit-burst 1 -j ACCEPT
1158
+iptables -A INPUT -p tcp --dport 6697 -m limit --limit 3/minute --limit-burst 1 -j ACCEPT
1156 1159
 
1157 1160
 # Limit gopher connections
1158 1161
 iptables -A INPUT -p tcp --dport 70 -m limit --limit 3/minute --limit-burst 1 -j ACCEPT
@@ -2891,6 +2894,8 @@ Click on the Thunderbird menu, which looks like three horizontal bars on the rig
2891 2894
 
2892 2895
 Hover over *preferences* and then *Account settings*.
2893 2896
 
2897
+Select *OpenPGP Security* and make sure that *use PGP/MIME by default* is ticked. This will enable you to sign/encrypt attachments, HTML bodies and UTF-8 without any problems.
2898
+
2894 2899
 Select *Synchronization & Storage*.
2895 2900
 
2896 2901
 Make sure that *Keep messages for this account on this computer* is unticked, then click *Ok*.
@@ -3109,14 +3114,14 @@ First install some dependencies.
3109 3114
 
3110 3115
 #+BEGIN_SRC: bash
3111 3116
 apt-get update
3112
-apt-get install build-essential openssl libssl-dev debhelper dpatch docbook-to-man flex bison libpcre3-dev
3117
+apt-get install build-essential openssl libssl-dev debhelper dpatch docbook-to-man flex bison libpcre3-dev screen
3113 3118
 #+END_SRC
3114 3119
 
3115 3120
 Then get the source code for ircd-hybrid.
3116 3121
 
3117 3122
 #+BEGIN_SRC: bash
3118 3123
 cd /tmp
3119
-wget http://freedombone.uk.to/ircd-hybrid-9.1.17.tgz
3124
+wget http://freedombone.uk.to/ircd-hybrid-8.1.17.tgz
3120 3125
 #+END_SRC
3121 3126
 
3122 3127
 verify it.
@@ -3139,10 +3144,12 @@ make install
3139 3144
 Customise the configuration to your system, giving it a name and description.  In this example 192.168.1.60 is the static IP address on the BBB on the local network, so change that if necessary.
3140 3145
 
3141 3146
 #+BEGIN_SRC: bash
3142
-editor /usr/local/ircd/etc/reference /etc/ircd-hybrid/ircd.conf
3147
+chown -R irc:irc /usr/local/ircd
3148
+cp /usr/local/ircd/etc/reference.conf /usr/local/ircd/etc/ircd.conf
3149
+editor /usr/local/ircd/etc/ircd.conf
3143 3150
 #+END_SRC
3144 3151
 
3145
-Set *name* to the name of your server, and set a description.
3152
+Set *name* to the domain name of your server, and set a description.
3146 3153
 
3147 3154
 Set a *network_name* and *network_desc*.  The network name should not contain any spaces.
3148 3155
 
@@ -3153,188 +3160,97 @@ Within the admin section set your *name* and *email*.
3153 3160
 Within the *listen* section set host to your fixed IP address (in the earlier
3154 3161
 sections it was 192.168.1.60).
3155 3162
 
3156
-Within the *auth* section set user = "*@192.168.1.60" - or whatever the fixed IP address of the BBB is on your network.
3163
+Within the *auth* section set user = "*@192.168.1.60" - or whatever the fixed IP address of the BBB is on your network - and password to the desired password for the IRC server.  If you don't wish to use a password then remove need_password from the flags.
3157 3164
 
3158
-Uncomment the first *connect* section and set the *name* to your domain name, the *host* to 192.168.1.60 and the send/accept passwords to a password which you use to log into the IRC server.  Also set the *port* to 6670.
3165
+Within the *connect* section set *host* and *vhost* to your fixed IP address (in the earlier
3166
+sections it was 192.168.1.60) and *name* to your domain name.  Also set the *send/accept passwords* to your IRC login password.
3159 3167
 
3160
-Save and exit, then restart the IRC server.  Open port 6670 on your internet router and forward it to the BBB.
3168
+Save and exit, then restart the IRC server.  Open port 6697 on your internet router and forward it to the BBB.  Note that although ports 6665 to 6669 are active within the configuration file in practice we will only use the encrypted port.
3161 3169
 
3162 3170
 Ensure that the configuration is only readable by the root user.
3163 3171
 
3164 3172
 #+BEGIN_SRC: bash
3165
-chmod 600 /etc/ircd-hybrid/ircd.conf
3173
+chmod 600 /usr/local/ircd/etc/ircd.conf
3166 3174
 #+END_SRC
3167 3175
 
3176
+Now create an init script.
3177
+
3168 3178
 #+BEGIN_SRC: bash
3169
-emacs /etc/init.d/ircd-hybrid
3179
+adduser --disabled-login irc
3180
+editor /etc/init.d/ircd-hybrid
3170 3181
 #+END_SRC
3171 3182
 
3172 3183
 Add the following:
3173 3184
 
3174 3185
 #+BEGIN_SRC: bash
3175
-#! /bin/sh
3176
-
3177
-# ircd-hybrid Start/stop the Hybrid 8 IRC server.
3186
+#!/bin/bash
3187
+# /etc/init.d/ircd-hybrid
3178 3188
 
3179 3189
 ### BEGIN INIT INFO
3180
-# Provides: ircd-hybrid
3181
-# Required-Start: $syslog
3182
-# Required-Stop: $syslog
3183
-# Should-Start: $local_fs $network $named
3184
-# Should-Stop: $local_fs $network $named
3185
-# Default-Start: 2 3 4 5
3186
-# Default-Stop: 0 1 6
3187
-# Short-Description: IRCd-Hybrid daemon init.d script
3188
-# Description: Use to manage the IRCd-Hybrid daemon.
3190
+# Provides:          ircd-hybrid
3191
+# Required-Start:    $remote_fs $syslog
3192
+# Required-Stop:     $remote_fs $syslog
3193
+# Default-Start:     2 3 4 5
3194
+# Default-Stop:      0 1 6
3195
+# Short-Description: starts irc server
3196
+# Description:       starts irc server
3189 3197
 ### END INIT INFO
3190 3198
 
3191
-PATH=/sbin:/bin:/usr/sbin:/usr/bin
3192
-DAEMON=/usr/local/ircd/bin/ircd
3193
-DEFAULT=/etc/default/ircd-hybrid
3194
-NAME=ircd
3195
-PID_DIR=/usr/local/ircd/etc
3196
-PID=$PID_DIR/$NAME.pid
3197
-DESC="Hybrid 8 IRC Server"
3198
-
3199
-test -f $DAEMON || exit 0
3200
-
3201
-if [ -f $DEFAULT ]
3202
-then
3203
-. $DEFAULT
3204
-fi
3205
-
3206
-set -e
3207
-
3208
-
3209
-
3210
-case "$1" in
3211
-start)
3212
-if [ "$START" = "yes" ]
3213
-then
3214
-echo -n "Starting $DESC: $NAME"
3215
-mkdir -p -m 755 $PID_DIR
3216
-chown irc:irc $PID_DIR
3217
-start-stop-daemon --start --quiet \
3218
--u irc -c irc --exec $DAEMON -- -pidfile $PID \
3219
-> /dev/null
3220
-echo "."
3221
-fi
3222
-;;
3223
-stop)
3224
-if [ "$START" = "yes" ]
3225
-then
3226
-echo -n "Stopping $DESC: $NAME"
3227
-start-stop-daemon --oknodo --stop --quiet \
3228
---pidfile $PID \
3229
---signal 15 --exec $DAEMON -- -pidfile $PID
3230
-echo "."
3231
-fi
3232
-;;
3233
-
3234
-reload)
3235
-if [ "$START" = "yes" ]
3236
-then
3237
-if [ -f "$PID" ]; then
3238
-echo -n "Reloading configuration files for $NAME..."
3239
-kill -HUP `cat $PID`
3240
-echo "done."
3241
-else
3242
-echo "Not reloading configuration files for $NAME - not running!"
3243
-fi
3244
-fi
3245
-;;
3246
-restart|force-reload)
3247
-if [ "$START" = "yes" ]
3248
-then
3249
-echo -n "Restarting $DESC: $NAME"
3250
-if [ -f "$PID" ]; then
3251
-start-stop-daemon --stop --quiet --pidfile \
3252
-$PID --signal 15 \
3253
---exec $DAEMON -- -pidfile $PID
3254
-sleep 1
3255
-fi
3256
-mkdir -p -m 755 $PID_DIR
3257
-chown irc:irc $PID_DIR
3258
-start-stop-daemon --start --quiet \
3259
--u irc -c irc --exec $DAEMON -- -pidfile $PID \
3260
-> /dev/null
3261
-echo "."
3262
-fi
3263
-;;
3199
+# Author: Bob Mottram <bob@robotics.uk.to>
3264 3200
 
3265
-*)
3266
-echo "Usage: $0 {start|stop|restart|reload|force-reload}" >&2
3267
-exit 1
3268
-;;
3269
-esac
3201
+#Settings
3202
+SERVICE='ircd-hybrid'
3203
+COMMAND="ircd"
3204
+USERNAME='irc'
3205
+NICELEVEL=19 # from 0-19 the bigger the number, the less the impact on system resources
3206
+HISTORY=1024
3207
+INVOCATION="nice -n ${NICELEVEL} ${COMMAND}"
3208
+PATH='/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/bin/core_perl:/sbin:/usr/sbin:/bin'
3270 3209
 
3271
-exit 0
3272 3210
 
3273
-etc_logrotate_ircd-hybrid
3274 3211
 
3275
-# ircd-hybrid log rotation
3276 3212
 
3277
-/var/log/ircd/ircd-hybrid.log {
3278
-rotate 3
3279
-weekly
3280
-compress
3281
-delaycompress
3282
-postrotate
3283
-invoke-rc.d ircd-hybrid reload > /dev/null
3284
-endscript
3285
-missingok
3213
+irc_start() {
3214
+echo "Starting $SERVICE..."
3215
+cd /usr/local/ircd
3216
+su --command "screen -h ${HISTORY} -dmS ${SERVICE} ${INVOCATION}" $USERNAME
3286 3217
 }
3287 3218
 
3288
-postinst
3289
-Shell
3290
-
3291
-#!/bin/sh
3292
-
3293
-set -e
3294
-
3295
-. /usr/share/debconf/confmodule
3296
-
3297
-# Automatically added by dh_installinit, edited for use with debconf
3298
-# Not added anymore due to dh_installinit -n, so we manage it manually.
3299
-if [ -x "/etc/init.d/ircd-hybrid" ]; then
3300
-update-rc.d ircd-hybrid defaults >/dev/null
3301
-
3302
-if [ "$1" = "configure" ]; then
3303
-if dpkg --compare-versions "$2" le "1:7.2.2-1"; then
3304
-RET="true"
3305
-else
3306
-if [ -e /usr/share/debconf/confmodule ]; then
3307
-. /usr/share/debconf/confmodule
3308
-db_get ircd-hybrid/restart_on_upgrade
3309
-db_stop
3310
-else
3311
-RET="true"
3312
-fi
3313
-fi
3314
-fi
3315
-fi
3316
-# End automatically added section
3317
-
3318
-if [ "$1" = configure ]; then
3319 3219
 
3220
+irc_stop() {
3221
+echo "Stopping $SERVICE"
3222
+su --command "screen -p 0 -S ${SERVICE} -X stuff "'^C'"" $USERNAME
3223
+}
3320 3224
 
3321 3225
 
3322
-# These directories may have been created before, but we need to make them
3323
-# owned by irc. Or the initscript will get owned. If it's already this
3324
-# way, this operation makes no difference.
3226
+#Start-Stop here
3227
+case "$1" in
3228
+  start)
3229
+    irc_start
3230
+    ;;
3231
+  stop)
3232
+    irc_stop
3233
+    ;;
3234
+  restart)
3235
+    irc_stop
3236
+    sleep 10s
3237
+    irc_start
3238
+    ;;
3239
+    *)
3240
+  echo "Usage: $0 {start|stop|restart}"
3241
+  exit 1
3242
+  ;;
3243
+esac
3325 3244
 
3326
-chown irc:irc /var/log/ircd /etc/ircd-hybrid
3327
-chmod 770 /etc/ircd-hybrid
3245
+exit 0
3246
+#+END_SRC
3328 3247
 
3329
-if [ "$RET" = "true" ]; then
3330
-invoke-rc.d ircd-hybrid start || exit $?
3331
-else
3332
-echo "I have not stopped or restarted the ircd-hybrid daemon."
3333
-echo "You should do this yourself whenever you're ready."
3334
-echo "Type \`\`invoke-rc.d ircd-hybrid restart''."
3335
-fi
3248
+Save and exit, then start the daemon.
3336 3249
 
3337
-fi
3250
+#+BEGIN_SRC: bash
3251
+chmod +x /etc/init.d/ircd-hybrid
3252
+update-rc.d ircd-hybrid defaults
3253
+service ircd-hybrid start
3338 3254
 #+END_SRC
3339 3255
 
3340 3256
 *** Channel management
@@ -3389,7 +3305,7 @@ Change #MD5 PASSWORD HERE# to the md5 operator password created earlier, mydomai
3389 3305
 A:mynickname <myemailaddress>
3390 3306
 N:irc.mydomainname.com:Hybrid services
3391 3307
 O:*@*:#MD5 PASSWORD HERE#:root:segj (comment out other Q: lines)
3392
-S:mysendacceptpassword:192.168.1.60:6670 (remove the other two services)
3308
+S:mysendacceptpassword:192.168.1.60:6697 (remove the other two services)
3393 3309
 #+END_SRC
3394 3310
 
3395 3311
 Also remove the line *#NOT-EDITED#*, then save and exit.
@@ -3417,7 +3333,7 @@ Connect to the IRC and identify yourself as an operator.  Here /mynetwork/ shoul
3417 3333
 
3418 3334
 /channel add -auto #mychannel mynetwork channelpassword
3419 3335
 
3420
-/server add -auto -network mynetwork -ssl mydonainname.com 6670 mysendacceptpassword
3336
+/server add -auto -network mynetwork -ssl mydonainname.com 6697 mysendacceptpassword
3421 3337
 
3422 3338
 /connect mydomainname.com
3423 3339
 
@@ -3442,7 +3358,7 @@ It should look something like this:
3442 3358
   {
3443 3359
     address = "mydomainname.com";
3444 3360
     chatnet = "mynetwork";
3445
-    port = "6670";
3361
+    port = "6697";
3446 3362
     password = "mysendacceptpassword";
3447 3363
     use_ssl = "yes";
3448 3364
     ssl_verify = "no";
@@ -3529,7 +3445,7 @@ And to trust or distrust someone else's fingerprint.
3529 3445
 *** Usage with XChat
3530 3446
 Within the network list click, *Add* and enter your domain name then click *Edit*.
3531 3447
 
3532
-Select the entry within the servers box, then enter *mydomainname.com/6670* and press *Enter*.
3448
+Select the entry within the servers box, then enter *mydomainname.com/6697* and press *Enter*.
3533 3449
 
3534 3450
 Uncheck *use global user information*.
3535 3451
 
@@ -3767,14 +3683,6 @@ irc
3767 3683
 Generate a SSL certificate.
3768 3684
 
3769 3685
 #+BEGIN_SRC: bash
3770
-openssl ecparam -out /etc/ssl/private/xmpp.pem -name prime256v1
3771
-openssl genpkey -paramfile /etc/ssl/private/xmpp.pem -out /etc/ssl/private/xmpp.key
3772
-openssl req -new -x509 -key /etc/ssl/private/xmpp.key -out /etc/ssl/certs/xmpp.crt -days 3650
3773
-#+END_SRC
3774
-
3775
-The above uses a Diffie-Hellman elliptic curve (ECDH P-256) algorithm. It is apparent that amongst crypographers there are differences of opinion about the security of elliptic curves, so if you prefer there is also a more traditional RSA way to generate an SSL certificate:
3776
-
3777
-#+BEGIN_SRC: bash
3778 3686
 openssl genrsa -out /etc/ssl/private/xmpp.key 4096
3779 3687
 openssl req -new -x509 -key /etc/ssl/private/xmpp.key -out /etc/ssl/certs/xmpp.crt -days 3650
3780 3688
 #+END_SRC
@@ -3784,14 +3692,14 @@ Change permissions.
3784 3692
 #+BEGIN_SRC: bash
3785 3693
 chmod 600 /etc/ssl/private/xmpp.key
3786 3694
 chmod 600 /etc/ssl/certs/xmpp.crt
3787
-chown prosody:prosody /etc/ssl/private/xmpp.key
3788
-chown prosody:prosody /etc/ssl/certs/xmpp.crt
3789 3695
 #+END_SRC
3790 3696
 
3791 3697
 Install Prosody.
3792 3698
 
3793 3699
 #+BEGIN_SRC: bash
3794 3700
 apt-get install prosody
3701
+chown prosody:prosody /etc/ssl/private/xmpp.key
3702
+chown prosody:prosody /etc/ssl/certs/xmpp.crt
3795 3703
 cp -a /etc/prosody/conf.avail/example.com.cfg.lua /etc/prosody/conf.avail/xmpp.cfg.lua
3796 3704
 editor /etc/prosody/conf.avail/xmpp.cfg.lua
3797 3705
 #+END_SRC
@@ -3964,7 +3872,7 @@ service apache2 restart
3964 3872
 Now install some dependencies.
3965 3873
 
3966 3874
 #+BEGIN_SRC: bash
3967
-apt-get install mysql-server php5-common php5-cli php5-curl php5-gd php5-mysql php5-mcrypt
3875
+apt-get install mysql-server php5-common php5-cli php5-curl php5-gd php5-mysql php5-mcrypt php5-fpm php5-cgi php-apc
3968 3876
 #+END_SRC
3969 3877
 
3970 3878
 Enter an admin password for MySQL.
@@ -3997,12 +3905,12 @@ editor .gitconfig
3997 3905
 The .gitconfig file should look something like this:
3998 3906
 
3999 3907
 #+BEGIN_SRC: bash
3908
+[user]
3909
+        name = yourname
3910
+        email = myusername@mydomainname.com
4000 3911
 [http]
4001 3912
         sslVerify = true
4002 3913
         sslCAinfo = /etc/ssl/certs/ca-certificates.crt
4003
-[user]
4004
-        email = myusername@mydomainname.com
4005
-        name = yourname
4006 3914
 #+END_SRC
4007 3915
 
4008 3916
 Get the source code.
@@ -4010,7 +3918,7 @@ Get the source code.
4010 3918
 #+BEGIN_SRC: bash
4011 3919
 export HOSTNAME=myfriendicadomainname.com
4012 3920
 cd /var/www/$HOSTNAME
4013
-mv htdocs htdocs_old
3921
+rm -rf htdocs
4014 3922
 git clone https://github.com/friendica/friendica.git htdocs
4015 3923
 chmod -R 755 htdocs
4016 3924
 chown -R www-data:www-data htdocs
@@ -6561,7 +6469,7 @@ The following ports on your internet router/firewall should be forwarded to the
6561 6469
 | HTTP          |         80 |
6562 6470
 | HTTPS         |        443 |
6563 6471
 | IMAP          |        143 |
6564
-| IRC SSL       |       6670 |
6472
+| IRC SSL       |       6697 |
6565 6473
 | SIP           | 5060..5061 |
6566 6474
 | SMTP          |     25,587 |
6567 6475
 | SMTPS         |        465 |