浏览代码

Fixing keyserver

Bob Mottram 8 年前
父节点
当前提交
342b1fc328
共有 1 个文件被更改,包括 34 次插入8 次删除
  1. 34
    8
      src/freedombone-app-keyserver

+ 34
- 8
src/freedombone-app-keyserver 查看文件

@@ -346,14 +346,26 @@ function install_keyserver {
346 346
     sed -i "s|recon_port:.*|recon_port: 11370|g" $sksconf_file
347 347
     sed -i "s|#recon_address:.*|recon_address: 0.0.0.0|g" $sksconf_file
348 348
     sed -i "s|recon_address:.*|recon_address: 0.0.0.0|g" $sksconf_file
349
-    sed -i 's|#hkp_address:.*|hkp_address: 0.0.0.0|g' $sksconf_file
350
-    sed -i 's|hkp_address:.*|hkp_address: 0.0.0.0|g' $sksconf_file
349
+    sed -i 's|#hkp_address:.*|hkp_address: 127.0.0.1|g' $sksconf_file
350
+    sed -i 's|hkp_address:.*|hkp_address: 127.0.0.1|g' $sksconf_file
351
+
352
+    if ! grep -q "disable_mailsync" $sksconf_file; then
353
+        echo 'disable_mailsync:' >> $sksconf_file
354
+    else
355
+        sed -i 's|#disable_mailsync:|disable_mailsync:|g' $sksconf_file
356
+    fi
357
+    if ! grep -q "membership_reload_interval:" $sksconf_file; then
358
+        echo 'membership_reload_interval:     1' >> $sksconf_file
359
+    else
360
+        sed -i 's|#membership_reload_interval:.*|membership_reload_interval:     1|g' $sksconf_file
361
+        sed -i 's|membership_reload_interval:.*|membership_reload_interval:     1|g' $sksconf_file
362
+    fi
351 363
     chown debian-sks: $sksconf_file
352 364
 
353 365
     if ! grep -q "hidden_service_sks" /etc/tor/torrc; then
354 366
         echo 'HiddenServiceDir /var/lib/tor/hidden_service_sks/' >> /etc/tor/torrc
355 367
         echo "HiddenServicePort 11370 127.0.0.1:11370" >> /etc/tor/torrc
356
-        echo "HiddenServicePort 11371 127.0.0.1:11373" >> /etc/tor/torrc
368
+        echo "HiddenServicePort 11373 127.0.0.1:11371" >> /etc/tor/torrc
357 369
         echo "HiddenServicePort 11372 127.0.0.1:11372" >> /etc/tor/torrc
358 370
         echo $'Added onion site for sks'
359 371
     fi
@@ -375,10 +387,17 @@ function install_keyserver {
375 387
         nginx_http_redirect $KEYSERVER_DOMAIN_NAME
376 388
         echo 'server {' >> $keyserver_nginx_site
377 389
         echo '  listen 443 ssl;' >> $keyserver_nginx_site
378
-        echo '  listen 11372 ssl;' >> $keyserver_nginx_site
390
+        echo '  listen 0.0.0.0:11372 ssl;' >> $keyserver_nginx_site
379 391
         echo '  listen [::]:443 ssl;' >> $keyserver_nginx_site
380 392
         echo "  server_name $KEYSERVER_DOMAIN_NAME;" >> $keyserver_nginx_site
381 393
         echo '' >> $keyserver_nginx_site
394
+        echo '  error_page 404 /404.html;' >> $keyserver_nginx_site
395
+        echo '' >> $keyserver_nginx_site
396
+        echo '  location ~ (.git|LICENSE|readme.md) {' >> $keyserver_nginx_site
397
+        echo '    deny all;' >> $keyserver_nginx_site
398
+        echo '    return 404;' >> $keyserver_nginx_site
399
+        echo '  }' >> $keyserver_nginx_site
400
+        echo '' >> $keyserver_nginx_site
382 401
         echo '  # Security' >> $keyserver_nginx_site
383 402
         function_check nginx_ssl
384 403
         nginx_ssl $KEYSERVER_DOMAIN_NAME
@@ -407,7 +426,7 @@ function install_keyserver {
407 426
         echo '  location /pks {' >> $keyserver_nginx_site
408 427
         echo "    proxy_pass         http://127.0.0.1:11373;" >> $keyserver_nginx_site
409 428
         echo '    proxy_pass_header  Server;' >> $keyserver_nginx_site
410
-        echo "    add_header         Via \"1.1 $KEYSERVER_DOMAIN_NAME:11373 (nginx)\";" >> $keyserver_nginx_site
429
+        echo "    add_header         Via \"1.1 $KEYSERVER_DOMAIN_NAME:11372 (nginx)\";" >> $keyserver_nginx_site
411 430
         echo '    proxy_ignore_client_abort on;' >> $keyserver_nginx_site
412 431
         echo '    client_max_body_size 8m;' >> $keyserver_nginx_site
413 432
         echo '  }' >> $keyserver_nginx_site
@@ -417,8 +436,15 @@ function install_keyserver {
417 436
         echo -n '' > $keyserver_nginx_site
418 437
     fi
419 438
     echo 'server {' >> $keyserver_nginx_site
420
-    echo "    listen 127.0.0.1:$KEYSERVER_ONION_PORT default_server;" >> $keyserver_nginx_site
421
-    echo "    server_name $KEYSERVER_ONION_HOSTNAME;" >> $keyserver_nginx_site
439
+    echo "  listen 127.0.0.1:$KEYSERVER_ONION_PORT default_server;" >> $keyserver_nginx_site
440
+    echo "  server_name $KEYSERVER_ONION_HOSTNAME;" >> $keyserver_nginx_site
441
+    echo '' >> $keyserver_nginx_site
442
+    echo '  error_page 404 /404.html;' >> $keyserver_nginx_site
443
+    echo '' >> $keyserver_nginx_site
444
+    echo '  location ~ (.git|LICENSE|readme.md) {' >> $keyserver_nginx_site
445
+    echo '    deny all;' >> $keyserver_nginx_site
446
+    echo '    return 404;' >> $keyserver_nginx_site
447
+    echo '  }' >> $keyserver_nginx_site
422 448
     echo '' >> $keyserver_nginx_site
423 449
     function_check nginx_disable_sniffing
424 450
     nginx_disable_sniffing $KEYSERVER_DOMAIN_NAME
@@ -441,7 +467,7 @@ function install_keyserver {
441 467
     echo '  location /pks {' >> $keyserver_nginx_site
442 468
     echo "    proxy_pass         http://127.0.0.1:11373;" >> $keyserver_nginx_site
443 469
     echo '    proxy_pass_header  Server;' >> $keyserver_nginx_site
444
-    echo "    add_header         Via \"1.1 $KEYSERVER_DOMAIN_NAME:11373 (nginx)\";" >> $keyserver_nginx_site
470
+    echo "    add_header         Via \"1.1 $KEYSERVER_DOMAIN_NAME:$KEYSERVER_ONION_PORT (nginx)\";" >> $keyserver_nginx_site
445 471
     echo '    proxy_ignore_client_abort on;' >> $keyserver_nginx_site
446 472
     echo '    client_max_body_size 8m;' >> $keyserver_nginx_site
447 473
     echo '  }' >> $keyserver_nginx_site