Changes in bc3696e: Updated Anycast Wiki (markdown)

internal/Anycast-Wiki.md

...	...	@@ -6,15 +6,69 @@ The local webserver is monitored with a simple shell script (below) working in c
6	6	* Install [gollum](https://github.com/gollum/gollum).
7	7	* Clone the dn42 wiki repo:
8	8
9		- `git clone ssh://[email protected]/dn42/wiki /home/wiki.dn42/`
	9	+ `git clone ssh://[email protected]/dn42/wiki <path>`
10	10
11	11	* Generate a [CSR](/services/Certificate-Authority) and send to `[email protected]`. Wait for a reply containing internal.dn42/wiki.dn42 certificates.
12	12	* Start two gollum instances, read-only and editing on `127.0.0.1`:
13	13
	14	+ SSL (read/write):
14	15	```
15		-gollum --css /home/wiki.dn42/custom.css --gollum-path /home/wiki.dn42/public_html/ --host 127.0.0.1 --port 4568 --no-edit
	16	+gollum --css <path>/custom.css --gollum-path <path>/public_html/ --host 127.0.0.1 --port 4568
	17	+ ```
	18	+ Plain (read-only):
	19	+ ```
	20	+gollum --css <path>/custom.css --gollum-path <path>/public_html/ --host 127.0.0.1 --port 4567 --no-edit
	21	+ ```
	22	+
	23	+ * Install/configure nginx:
	24	+
16	25	```
	26	+ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
	27	+ssl_session_cache shared:SSL:2m;
	28	+
	29	+ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;
	30	+
	31	+ssl_prefer_server_ciphers on;
	32	+
	33	+upstream wiki { server 127.0.0.1:4567; }
	34	+
	35	+server {
	36	+ server_name internal.dn42 wiki.dn42;
	37	+
	38	+ listen 172.23.0.80:80 default;
	39	+
	40	+ add_header strict-transport-security "max-age=0; includeSubDomains";
17	41
	42	+ location / {
	43	+ location =/robots.txt { root <path>/wiki.dn42/; }
	44	+ location =/custom.css { root <path>/wiki.dn42/; }
	45	+ proxy_pass http://wiki;
	46	+ }
	47	+}
	48	+
	49	+upstream wikirw { server 127.0.0.1:4568; }
	50	+
	51	+
	52	+server {
	53	+ server_name internal.dn42 wiki.dn42;
	54	+
	55	+ listen 172.23.0.80:443 ssl default;
	56	+
	57	+ ssl on;
	58	+ ssl_certificate <path>/ssl.crt;
	59	+ ssl_certificate_key <path>/ssl.key;
	60	+
	61	+ add_header strict-transport-security "max-age=0; includeSubDomains";
	62	+ add_header Public-Key-Pins 'pin-sha256="mJ1xUCzfru8Ckq2+M6VkNKGOGgSETImRAHBF24mjalw="; pin-sha256="/gOyi7syRMR+d2jZoB/MzcSD++8ciZkSl/hZAQgzWws="; max-age=0; includeSubDomains';
	63	+
	64	+ location / {
	65	+ location =/robots.txt { root <path>/wiki.dn42/; }
	66	+ location =/custom.css { root <path>/wiki.dn42/; }
	67	+ proxy_pass http://wikirw;
	68	+ }
	69	+}
	70	+
	71	+```
18	72
19	73	#####gollum-watchdog.sh:
20	74