|
|
@@ -346,14 +346,26 @@ function install_keyserver {
|
|
346
|
346
|
sed -i "s|recon_port:.*|recon_port: 11370|g" $sksconf_file
|
|
347
|
347
|
sed -i "s|#recon_address:.*|recon_address: 0.0.0.0|g" $sksconf_file
|
|
348
|
348
|
sed -i "s|recon_address:.*|recon_address: 0.0.0.0|g" $sksconf_file
|
|
349
|
|
- sed -i 's|#hkp_address:.*|hkp_address: 0.0.0.0|g' $sksconf_file
|
|
350
|
|
- sed -i 's|hkp_address:.*|hkp_address: 0.0.0.0|g' $sksconf_file
|
|
|
349
|
+ sed -i 's|#hkp_address:.*|hkp_address: 127.0.0.1|g' $sksconf_file
|
|
|
350
|
+ sed -i 's|hkp_address:.*|hkp_address: 127.0.0.1|g' $sksconf_file
|
|
|
351
|
+
|
|
|
352
|
+ if ! grep -q "disable_mailsync" $sksconf_file; then
|
|
|
353
|
+ echo 'disable_mailsync:' >> $sksconf_file
|
|
|
354
|
+ else
|
|
|
355
|
+ sed -i 's|#disable_mailsync:|disable_mailsync:|g' $sksconf_file
|
|
|
356
|
+ fi
|
|
|
357
|
+ if ! grep -q "membership_reload_interval:" $sksconf_file; then
|
|
|
358
|
+ echo 'membership_reload_interval: 1' >> $sksconf_file
|
|
|
359
|
+ else
|
|
|
360
|
+ sed -i 's|#membership_reload_interval:.*|membership_reload_interval: 1|g' $sksconf_file
|
|
|
361
|
+ sed -i 's|membership_reload_interval:.*|membership_reload_interval: 1|g' $sksconf_file
|
|
|
362
|
+ fi
|
|
351
|
363
|
chown debian-sks: $sksconf_file
|
|
352
|
364
|
|
|
353
|
365
|
if ! grep -q "hidden_service_sks" /etc/tor/torrc; then
|
|
354
|
366
|
echo 'HiddenServiceDir /var/lib/tor/hidden_service_sks/' >> /etc/tor/torrc
|
|
355
|
367
|
echo "HiddenServicePort 11370 127.0.0.1:11370" >> /etc/tor/torrc
|
|
356
|
|
- echo "HiddenServicePort 11371 127.0.0.1:11373" >> /etc/tor/torrc
|
|
|
368
|
+ echo "HiddenServicePort 11373 127.0.0.1:11371" >> /etc/tor/torrc
|
|
357
|
369
|
echo "HiddenServicePort 11372 127.0.0.1:11372" >> /etc/tor/torrc
|
|
358
|
370
|
echo $'Added onion site for sks'
|
|
359
|
371
|
fi
|
|
|
@@ -375,10 +387,17 @@ function install_keyserver {
|
|
375
|
387
|
nginx_http_redirect $KEYSERVER_DOMAIN_NAME
|
|
376
|
388
|
echo 'server {' >> $keyserver_nginx_site
|
|
377
|
389
|
echo ' listen 443 ssl;' >> $keyserver_nginx_site
|
|
378
|
|
- echo ' listen 11372 ssl;' >> $keyserver_nginx_site
|
|
|
390
|
+ echo ' listen 0.0.0.0:11372 ssl;' >> $keyserver_nginx_site
|
|
379
|
391
|
echo ' listen [::]:443 ssl;' >> $keyserver_nginx_site
|
|
380
|
392
|
echo " server_name $KEYSERVER_DOMAIN_NAME;" >> $keyserver_nginx_site
|
|
381
|
393
|
echo '' >> $keyserver_nginx_site
|
|
|
394
|
+ echo ' error_page 404 /404.html;' >> $keyserver_nginx_site
|
|
|
395
|
+ echo '' >> $keyserver_nginx_site
|
|
|
396
|
+ echo ' location ~ (.git|LICENSE|readme.md) {' >> $keyserver_nginx_site
|
|
|
397
|
+ echo ' deny all;' >> $keyserver_nginx_site
|
|
|
398
|
+ echo ' return 404;' >> $keyserver_nginx_site
|
|
|
399
|
+ echo ' }' >> $keyserver_nginx_site
|
|
|
400
|
+ echo '' >> $keyserver_nginx_site
|
|
382
|
401
|
echo ' # Security' >> $keyserver_nginx_site
|
|
383
|
402
|
function_check nginx_ssl
|
|
384
|
403
|
nginx_ssl $KEYSERVER_DOMAIN_NAME
|
|
|
@@ -407,7 +426,7 @@ function install_keyserver {
|
|
407
|
426
|
echo ' location /pks {' >> $keyserver_nginx_site
|
|
408
|
427
|
echo " proxy_pass http://127.0.0.1:11373;" >> $keyserver_nginx_site
|
|
409
|
428
|
echo ' proxy_pass_header Server;' >> $keyserver_nginx_site
|
|
410
|
|
- echo " add_header Via \"1.1 $KEYSERVER_DOMAIN_NAME:11373 (nginx)\";" >> $keyserver_nginx_site
|
|
|
429
|
+ echo " add_header Via \"1.1 $KEYSERVER_DOMAIN_NAME:11372 (nginx)\";" >> $keyserver_nginx_site
|
|
411
|
430
|
echo ' proxy_ignore_client_abort on;' >> $keyserver_nginx_site
|
|
412
|
431
|
echo ' client_max_body_size 8m;' >> $keyserver_nginx_site
|
|
413
|
432
|
echo ' }' >> $keyserver_nginx_site
|
|
|
@@ -417,8 +436,15 @@ function install_keyserver {
|
|
417
|
436
|
echo -n '' > $keyserver_nginx_site
|
|
418
|
437
|
fi
|
|
419
|
438
|
echo 'server {' >> $keyserver_nginx_site
|
|
420
|
|
- echo " listen 127.0.0.1:$KEYSERVER_ONION_PORT default_server;" >> $keyserver_nginx_site
|
|
421
|
|
- echo " server_name $KEYSERVER_ONION_HOSTNAME;" >> $keyserver_nginx_site
|
|
|
439
|
+ echo " listen 127.0.0.1:$KEYSERVER_ONION_PORT default_server;" >> $keyserver_nginx_site
|
|
|
440
|
+ echo " server_name $KEYSERVER_ONION_HOSTNAME;" >> $keyserver_nginx_site
|
|
|
441
|
+ echo '' >> $keyserver_nginx_site
|
|
|
442
|
+ echo ' error_page 404 /404.html;' >> $keyserver_nginx_site
|
|
|
443
|
+ echo '' >> $keyserver_nginx_site
|
|
|
444
|
+ echo ' location ~ (.git|LICENSE|readme.md) {' >> $keyserver_nginx_site
|
|
|
445
|
+ echo ' deny all;' >> $keyserver_nginx_site
|
|
|
446
|
+ echo ' return 404;' >> $keyserver_nginx_site
|
|
|
447
|
+ echo ' }' >> $keyserver_nginx_site
|
|
422
|
448
|
echo '' >> $keyserver_nginx_site
|
|
423
|
449
|
function_check nginx_disable_sniffing
|
|
424
|
450
|
nginx_disable_sniffing $KEYSERVER_DOMAIN_NAME
|
|
|
@@ -441,7 +467,7 @@ function install_keyserver {
|
|
441
|
467
|
echo ' location /pks {' >> $keyserver_nginx_site
|
|
442
|
468
|
echo " proxy_pass http://127.0.0.1:11373;" >> $keyserver_nginx_site
|
|
443
|
469
|
echo ' proxy_pass_header Server;' >> $keyserver_nginx_site
|
|
444
|
|
- echo " add_header Via \"1.1 $KEYSERVER_DOMAIN_NAME:11373 (nginx)\";" >> $keyserver_nginx_site
|
|
|
470
|
+ echo " add_header Via \"1.1 $KEYSERVER_DOMAIN_NAME:$KEYSERVER_ONION_PORT (nginx)\";" >> $keyserver_nginx_site
|
|
445
|
471
|
echo ' proxy_ignore_client_abort on;' >> $keyserver_nginx_site
|
|
446
|
472
|
echo ' client_max_body_size 8m;' >> $keyserver_nginx_site
|
|
447
|
473
|
echo ' }' >> $keyserver_nginx_site
|
Bob Mottram
8 年前