|
You last visited: Today at 13:47
Advertisement
Der perfekte Rootserver (Support Thread)
Discussion on Der perfekte Rootserver (Support Thread) within the Unix/Linux forum part of the Technical Support category.
08/11/2016, 07:32
|
#316
|
elite*gold: 0
Join Date: Apr 2014
Posts: 83
Received Thanks: 4
|
Moinsen,
sag mal waren hier nicht welche bei netcup?
Ich hab da mal nen Server bestellt, allerdings braucht die arno-firewall mit einlesen der 38k IPs aus dem Blocked Hosts ewig um zu starten, 8 Minuten oder so? Ohne die blocked-hosts geht normal schnell.
Ist das bei netcup so?
Gruß
|
|
|
08/12/2016, 15:21
|
#317
|
elite*gold: 0
Join Date: Oct 2011
Posts: 160
Received Thanks: 6
|
Moinsen,
Hab da mal ne frage.. Kann ich dieses Script auch so nutzen dass er mir den Webserver & den MailServer nicht mit installiert.. ??
wenn ja. Wie?
Freue mich auf Antworten.
|
|
|
08/13/2016, 00:18
|
#318
|
elite*gold: 0
Join Date: Jun 2010
Posts: 74
Received Thanks: 6
|
Quote:
Originally Posted by Axiades
Moinsen,
Hab da mal ne frage.. Kann ich dieses Script auch so nutzen dass er mir den Webserver & den MailServer nicht mit installiert.. ??
wenn ja. Wie?
Freue mich auf Antworten.
|
In der Userconfig USE_MAILSERVER="1" auf 0 stellen?
Das Script kann man allerdings nicht ohne weiteres ohne Webserver installieren.
hat noch wer die neuen Versionen von Nginx und co getestet?
Bei mir ging es ohne Probleme...
|
|
|
08/13/2016, 00:38
|
#319
|
elite*gold: 0
Join Date: Jan 2015
Posts: 118
Received Thanks: 17
|
Hab nach wie vor kein nginx update gemacht
Trau mich da nicht ran. Muss ich vorher nen image erstellen
@ ich habe das noch nicht gemacht. Könntest du kurz erklären wie du das machst? Dann kann ich es mal testen.
Klingt auch interessant
Gesendet von meinem C6903 mit Tapatalk
Wäre wirkoch nett, wenn mir jemand helfen könnte nginx zu updaten.
Habe einige Tutorials ausprobiert, aber ohne Erfolg.
und einfach neu installieren geht auch nicht:
Code:
root@mail:~# apt-get install nginx
Reading package lists... Done
Building dependency tree
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:
The following packages have unmet dependencies:
nginx : Depends: nginx-full (>= 1.10.1-1) but 1.6.2-5+deb8u2+b1 is to be instal led or
nginx-light (>= 1.10.1-1) but it is not going to be installed or
nginx-extras (>= 1.10.1-1) but it is not going to be installed
E: Unable to correct problems, you have held broken packages.
root@mail:~#
nginx upgrade geht auch nicht:
Code:
root@mail:~# nginx -v
nginx version: nginx/1.10.0
root@mail:~# apt-get upgrade nginx
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:
The following packages have unmet dependencies:
nginx : Depends: nginx-full (>= 1.10.1-1) but it is not going to be installed o r
nginx-light (>= 1.10.1-1) but it is not going to be installed or
nginx-extras (>= 1.10.1-1) but it is not going to be installed
Depends: nginx-full (< 1.10.1-1.1~) but it is not going to be installed or
nginx-light (< 1.10.1-1.1~) but it is not going to be installe d or
nginx-extras (< 1.10.1-1.1~) but it is not going to be install ed
E: Broken packages
|
|
|
08/13/2016, 10:00
|
#320
|
elite*gold: 0
Join Date: Jan 2009
Posts: 1,160
Received Thanks: 232
|
Quote:
Originally Posted by TakeThisBitch
nginx upgrade geht auch nicht:
|
Du musst wenn schon alle Abhängigkeiten von nginx upgraden, am besten upgradest du einfach gleich alle Packages.
|
|
|
08/13/2016, 10:09
|
#321
|
elite*gold: 0
Join Date: Jan 2015
Posts: 118
Received Thanks: 17
|
Und wie mach ich das? Ich habe auch versucht die commons zu löschen und neu zu installieren per apt-get install nginx aber das geht auch nicht
Gesendet von meinem C6903 mit Tapatalk
Achso und apt-get update -y && apt-get upgrade -y
Geht auch nicht, weil er ja nginx dann nicht mit updated
Gesendet von meinem C6903 mit Tapatalk
|
|
|
08/13/2016, 11:39
|
#322
|
elite*gold: 0
Join Date: Jun 2010
Posts: 74
Received Thanks: 6
|
Quote:
Originally Posted by REtender
Man könnte bestimmt den Update Script von mxiiii umschreiben
Edit:
Ich habe die update_server.sh mal grob "entmüllt".
Es funktioniert so DEFINITIV NICHT! Es ist nur ein Ansatz falls wer basteln möchte.
Code:
source ~/updateconfig.cfg
IPADR=$(ifconfig eth0 | awk -F ' *|:' '/inet /{print $4}')
# Some nice colors
red() { echo "$(tput setaf 1)$*$(tput setaf 9)"; }
green() { echo "$(tput setaf 2)$*$(tput setaf 9)"; }
yellow() { echo "$(tput setaf 3)$*$(tput setaf 9)"; }
magenta() { echo "$(tput setaf 5)$*$(tput setaf 9)"; }
cyan() { echo "$(tput setaf 6)$*$(tput setaf 9)"; }
textb() { echo $(tput bold)${1}$(tput sgr0); }
greenb() { echo $(tput bold)$(tput setaf 2)${1}$(tput sgr0); }
redb() { echo $(tput bold)$(tput setaf 1)${1}$(tput sgr0); }
yellowb() { echo $(tput bold)$(tput setaf 3)${1}$(tput sgr0); }
pinkb() { echo $(tput bold)$(tput setaf 5)${1}$(tput sgr0); }
# Some nice variables
info="$(textb [INFO] -)"
warn="$(yellowb [WARN] -)"
error="$(redb [ERROR] -)"
fyi="$(pinkb [INFO] -)"
ok="$(greenb [OKAY] -)"
echo
echo "$(yellowb +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+)"
echo " $(textb Perfect) $(textb Rootserver) $(textb Update) $(textb by)" "$(cyan MXIIII)"
echo "$(yellowb +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+)"
echo
if [ "$CONFIG_COMPLETED" != '1' ]; then
echo "${error} Please check the userconfig and set a valid value for the variable \"$(textb CONFIG_COMPLETED)\" to continue." | awk '{ print strftime("[%H:%M:%S] |"), $0 }'
exit 1
fi
echo "${info} Backup..."
rm /root/backup/ -r >/dev/null 2>&1
mkdir /root/backup/nginx >/dev/null 2>&1
cp -R /etc/nginx/* /root/backup/nginx
echo "${info} Install..."
echo
echo "$(yellowb +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+)"
echo " $(textb Perfect) $(textb Rootserver) $(textb Update) $(textb by)" "$(cyan MXIIII)"
echo "$(yellowb +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+)"
echo
echo "${info} Backup..."
echo "${info} Install..."
echo "${info} NGINX Update..."
echo "${warn} Some of the tasks could take a long time, please be patient!"
service nginx stop
cd ~/sources
echo "${info} Downloading Nginx..."
wget -nc http://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz >/dev/null 2>&1
tar -xzf nginx-${NGINX_VERSION}.tar.gz
cd nginx-${NGINX_VERSION}
./configure --prefix=/etc/nginx \
--sbin-path=/usr/sbin/nginx \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--pid-path=/var/run/nginx.pid \
--lock-path=/var/run/nginx.lock \
--http-client-body-temp-path=/var/lib/nginx/body \
--http-proxy-temp-path=/var/lib/nginx/proxy \
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi \
--http-uwsgi-temp-path=/var/lib/nginx/uwsgi \
--http-scgi-temp-path=/var/lib/nginx/scgi \
--user=www-data \
--group=www-data \
--without-http_autoindex_module \
--without-http_browser_module \
--without-http_empty_gif_module \
--without-http_userid_module \
--without-http_split_clients_module \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_geoip_module \
--with-http_addition_module \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_stub_status_module \
--with-http_auth_request_module \
--with-mail \
--with-mail_ssl_module \
--with-file-aio \
--with-ipv6 \
--with-debug \
--with-pcre \
--with-cc-opt='-O2 -g -pipe -Wall -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' \
--with-openssl=$HOME/sources/openssl-${OPENSSL_VERSION} \
--add-module=$HOME/sources/ngx_pagespeed-release-${NPS_VERSION}-beta >/dev/null 2>&1
echo "${info} NGINX Install..."
make >/dev/null 2>&1
checkinstall --install=no -y >/dev/null 2>&1
dpkg -i nginx_${NGINX_VERSION}-1_amd64.deb >/dev/null 2>&1
mv nginx_${NGINX_VERSION}-1_amd64.deb ../
cp -R /root/backup/nginx/* /etc/nginx/
cat > /etc/nginx/sites-available/autodiscover.${MYDOMAIN}.conf <<END
server {
listen 80;
server_name autodiscover.${MYDOMAIN} autoconfig.${MYDOMAIN};
return 301 https://autodiscover.${MYDOMAIN}\$request_uri;
}
server {
listen 443 ssl http2;
server_name autodiscover.${MYDOMAIN} autoconfig.${MYDOMAIN};
root /var/www/zpush;
index index.php;
charset utf-8;
error_page 404 /index.php;
ssl_certificate ssl/${MYDOMAIN}.pem;
ssl_certificate_key ssl/${MYDOMAIN}.key;
#ssl_trusted_certificate ssl/${MYDOMAIN}.pem;
ssl_dhparam ssl/dh.pem;
#ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_session_tickets off;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_buffer_size 1400;
#ssl_stapling on;
#ssl_stapling_verify on;
#resolver 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=60s;
#resolver_timeout 2s;
ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK";
#add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
#add_header Public-Key-Pins 'pin-sha256="${HPKP1}"; pin-sha256="${HPKP2}"; max-age=5184000; includeSubDomains';
add_header Cache-Control "public";
add_header X-Frame-Options SAMEORIGIN;
add_header Alternate-Protocol 443:npn-http/2;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Permitted-Cross-Domain-Policies "master-only";
add_header "X-UA-Compatible" "IE=Edge";
add_header "Access-Control-Allow-Origin" "*";
add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com maps.gstatic.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com assets.zendesk.com connect.facebook.net; frame-src 'self' *.youtube.com assets.zendesk.com *.facebook.com s-static.ak.facebook.com tautt.zendesk.com; object-src 'self'";
auth_basic_user_file htpasswd/.htpasswd;
location ~ ^(.+\.php)(.*)\$ {
fastcgi_split_path_info ^(.+\.php)(/.+)\$;
try_files \$fastcgi_script_name =404;
set \$path_info \$fastcgi_path_info;
fastcgi_param PATH_INFO \$path_info;
fastcgi_param APP_ENV production;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi.conf;
fastcgi_intercept_errors on;
fastcgi_ignore_client_abort off;
fastcgi_buffers 256 16k;
fastcgi_buffer_size 128k;
fastcgi_connect_timeout 3s;
fastcgi_send_timeout 120s;
fastcgi_read_timeout 120s;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
}
rewrite (?i)^/autodiscover/autodiscover\.xml\$ /autodiscover/autodiscover.php;
location / {
try_files \$uri \$uri/ /index.php;
}
location /Microsoft-Server-ActiveSync {
rewrite ^(.*)\$ /index.php last;
}
location ~ /(\.ht|Core|Specific) {
deny all;
return 404;
}
location = /favicon.ico {
access_log off;
log_not_found off;
}
location = /robots.txt {
allow all;
access_log off;
log_not_found off;
}
location ~* ^.+\.(css|js)\$ {
rewrite ^(.+)\.(\d+)\.(css|js)\$ \$1.\$3 last;
expires 30d;
access_log off;
log_not_found off;
add_header Pragma public;
add_header Cache-Control "max-age=2592000, public";
}
location ~* \.(asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|eot|exe|gif|gz|gzip|ico|jpg|jpeg|jpe|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|mpp|odb|odc|odf|odg|odp|ods|odt|ogg|ogv|otf|pdf|png|pot|pps|ppt|pptx|ra|ram|svg|svgz|swf|tar|t?gz|tif|tiff|ttf|wav|webm|wma|woff|wri|xla|xls|xlsx|xlt|xlw|zip)\$ {
expires 30d;
access_log off;
log_not_found off;
add_header Pragma public;
add_header Cache-Control "max-age=2592000, public";
}
if (\$http_user_agent ~* "FeedDemon|JikeSpider|Indy Library|Alexa Toolbar|AskTbFXTV|AhrefsBot|CrawlDaddy|CoolpadWebkit|Java|Feedly|UniversalFeedParser|ApacheBench|Microsoft URL Control|Swiftbot|ZmEu|oBot|jaunty|Python-urllib|lightDeckReports Bot|YYSpider|DigExt|YisouSpider|HttpClient|MJ12bot|heritrix|EasouSpider|Ezooms|Scrapy") {
return 403;
}
}
END
cat > /etc/nginx/sites-available/dav.${MYDOMAIN}.conf <<END
server {
listen 80;
server_name dav.${MYDOMAIN};
return 301 https://dav.${MYDOMAIN}\$request_uri;
}
server {
listen 443 ssl http2;
server_name dav.${MYDOMAIN};
root /var/www/dav;
index server.php;
charset utf-8;
error_page 404 /index.php;
ssl_certificate ssl/${MYDOMAIN}.pem;
ssl_certificate_key ssl/${MYDOMAIN}.key;
#ssl_trusted_certificate ssl/${MYDOMAIN}.pem;
ssl_dhparam ssl/dh.pem;
#ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_session_tickets off;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_buffer_size 1400;
#ssl_stapling on;
#ssl_stapling_verify on;
#resolver 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=60s;
#resolver_timeout 2s;
ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK";
#add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
#add_header Public-Key-Pins 'pin-sha256="${HPKP1}"; pin-sha256="${HPKP2}"; max-age=5184000; includeSubDomains';
add_header Cache-Control "public";
add_header X-Frame-Options SAMEORIGIN;
add_header Alternate-Protocol 443:npn-http/2;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Permitted-Cross-Domain-Policies "master-only";
add_header "X-UA-Compatible" "IE=Edge";
add_header "Access-Control-Allow-Origin" "*";
add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com maps.gstatic.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com assets.zendesk.com connect.facebook.net; frame-src 'self' *.youtube.com assets.zendesk.com *.facebook.com s-static.ak.facebook.com tautt.zendesk.com; object-src 'self'";
auth_basic_user_file htpasswd/.htpasswd;
location ~ ^(.+\.php)(.*)\$ {
fastcgi_split_path_info ^(.+\.php)(/.+)\$;
try_files \$fastcgi_script_name =404;
set \$path_info \$fastcgi_path_info;
fastcgi_param PATH_INFO \$path_info;
fastcgi_param APP_ENV production;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi.conf;
fastcgi_intercept_errors on;
fastcgi_ignore_client_abort off;
fastcgi_buffers 256 16k;
fastcgi_buffer_size 128k;
fastcgi_connect_timeout 3s;
fastcgi_send_timeout 120s;
fastcgi_read_timeout 120s;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
}
rewrite ^/.well-known/caldav /server.php redirect;
rewrite ^/.well-known/carddav /server.php redirect;
location / {
try_files \$uri \$uri/ /server.php?\$args;
}
location ~ /(\.ht|Core|Specific) {
deny all;
return 404;
}
location = /favicon.ico {
access_log off;
log_not_found off;
}
location = /robots.txt {
allow all;
access_log off;
log_not_found off;
}
location ~* ^.+\.(css|js)\$ {
rewrite ^(.+)\.(\d+)\.(css|js)\$ \$1.\$3 last;
expires 30d;
access_log off;
log_not_found off;
add_header Pragma public;
add_header Cache-Control "max-age=2592000, public";
}
location ~* \.(asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|eot|exe|gif|gz|gzip|ico|jpg|jpeg|jpe|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|mpp|odb|odc|odf|odg|odp|ods|odt|ogg|ogv|otf|pdf|png|pot|pps|ppt|pptx|ra|ram|svg|svgz|swf|tar|t?gz|tif|tiff|ttf|wav|webm|wma|woff|wri|xla|xls|xlsx|xlt|xlw|zip)\$ {
expires 30d;
access_log off;
log_not_found off;
add_header Pragma public;
add_header Cache-Control "max-age=2592000, public";
}
if (\$http_user_agent ~* "FeedDemon|JikeSpider|Indy Library|Alexa Toolbar|AskTbFXTV|AhrefsBot|CrawlDaddy|CoolpadWebkit|Java|Feedly|UniversalFeedParser|ApacheBench|Microsoft URL Control|Swiftbot|ZmEu|oBot|jaunty|Python-urllib|lightDeckReports Bot|YYSpider|DigExt|YisouSpider|HttpClient|MJ12bot|heritrix|EasouSpider|Ezooms|Scrapy") {
return 403;
}
}
END
cat > /etc/nginx/sites-available/${MYDOMAIN}.conf <<END
server {
listen 80 default_server;
server_name ${IPADR} ${MYDOMAIN};
return 301 https://${MYDOMAIN}\$request_uri;
}
server {
listen 443;
server_name ${IPADR} www.${MYDOMAIN} mail.${MYDOMAIN};
return 301 https://${MYDOMAIN}\$request_uri;
}
server {
listen 443 ssl http2 default deferred;
server_name ${MYDOMAIN};
root /etc/nginx/html;
index index.php index.html index.htm;
charset utf-8;
error_page 404 /index.php;
ssl_certificate ssl/${MYDOMAIN}.pem;
ssl_certificate_key ssl/${MYDOMAIN}.key;
#ssl_trusted_certificate ssl/${MYDOMAIN}.pem;
ssl_dhparam ssl/dh.pem;
#ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_session_tickets off;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_buffer_size 1400;
#ssl_stapling on;
#ssl_stapling_verify on;
#resolver 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=60s;
#resolver_timeout 2s;
ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK";
#add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
#add_header Public-Key-Pins 'pin-sha256="${HPKP1}"; pin-sha256="${HPKP2}"; max-age=5184000; includeSubDomains';
add_header Cache-Control "public";
add_header X-Frame-Options SAMEORIGIN;
add_header Alternate-Protocol 443:npn-http/2;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Permitted-Cross-Domain-Policies "master-only";
add_header "X-UA-Compatible" "IE=Edge";
add_header "Access-Control-Allow-Origin" "*";
add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com maps.gstatic.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com assets.zendesk.com connect.facebook.net; frame-src 'self' *.youtube.com assets.zendesk.com *.facebook.com s-static.ak.facebook.com tautt.zendesk.com; object-src 'self'";
pagespeed on;
pagespeed EnableFilters collapse_whitespace;
pagespeed EnableFilters canonicalize_javascript_libraries;
pagespeed EnableFilters combine_css;
pagespeed EnableFilters combine_javascript;
pagespeed EnableFilters elide_attributes;
pagespeed EnableFilters extend_cache;
pagespeed EnableFilters flatten_css_imports;
pagespeed EnableFilters lazyload_images;
pagespeed EnableFilters rewrite_javascript;
pagespeed EnableFilters rewrite_images;
pagespeed EnableFilters insert_dns_prefetch;
pagespeed EnableFilters prioritize_critical_css;
pagespeed FetchHttps enable,allow_self_signed;
pagespeed FileCachePath /var/lib/nginx/nps_cache;
pagespeed RewriteLevel CoreFilters;
pagespeed CssFlattenMaxBytes 5120;
pagespeed LogDir /var/log/pagespeed;
pagespeed EnableCachePurge on;
pagespeed PurgeMethod PURGE;
pagespeed DownstreamCachePurgeMethod PURGE;
pagespeed DownstreamCachePurgeLocationPrefix http://127.0.0.1:80/;
pagespeed DownstreamCacheRewrittenPercentageThreshold 95;
pagespeed LazyloadImagesAfterOnload on;
pagespeed LazyloadImagesBlankUrl "data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7";
pagespeed MemcachedThreads 1;
pagespeed MemcachedServers "localhost:11211";
pagespeed MemcachedTimeoutUs 100000;
pagespeed RespectVary on;
pagespeed Disallow "*/pma/*";
# This will correctly rewrite your subresources with https:// URLs and thus avoid mixed content warnings.
# Note, that you should only enable this option if you are behind a load-balancer that will set this header,
# otherwise your users will be able to set the protocol PageSpeed uses to interpret the request.
#
#pagespeed RespectXForwardedProto on;
auth_basic_user_file htpasswd/.htpasswd;
location ~ \.php\$ {
fastcgi_split_path_info ^(.+\.php)(/.+)\$;
try_files \$fastcgi_script_name =404;
fastcgi_param PATH_INFO \$fastcgi_path_info;
fastcgi_param PATH_TRANSLATED \$document_root\$fastcgi_path_info;
fastcgi_param APP_ENV production;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi.conf;
fastcgi_intercept_errors off;
fastcgi_ignore_client_abort off;
fastcgi_buffers 256 16k;
fastcgi_buffer_size 128k;
fastcgi_connect_timeout 3s;
fastcgi_send_timeout 120s;
fastcgi_read_timeout 120s;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
}
include /etc/nginx/sites-custom/*.conf;
location / {
include /etc/nginx/naxsi.rules;
# Uncomment, if you need to remove index.php from the
# URL. Usefull if you use Codeigniter, Zendframework, etc.
# or just need to remove the index.php
#
#try_files \$uri \$uri/ /index.php?\$args;
}
location ~* /\.(?!well-known\/) {
deny all;
access_log off;
log_not_found off;
}
location ~* (?:\.(?:bak|conf|dist|fla|in[ci]|log|psd|sh|sql|sw[op])|~)$ {
deny all;
access_log off;
log_not_found off;
}
location = /favicon.ico {
access_log off;
log_not_found off;
}
location = /robots.txt {
allow all;
access_log off;
log_not_found off;
}
location ~* ^.+\.(css|js)\$ {
rewrite ^(.+)\.(\d+)\.(css|js)\$ \$1.\$3 last;
expires 30d;
access_log off;
log_not_found off;
add_header Pragma public;
add_header Cache-Control "max-age=2592000, public";
}
location ~* \.(asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|eot|exe|gif|gz|gzip|ico|jpg|jpeg|jpe|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|mpp|odb|odc|odf|odg|odp|ods|odt|ogg|ogv|otf|pdf|png|pot|pps|ppt|pptx|ra|ram|svg|svgz|swf|tar|t?gz|tif|tiff|ttf|wav|webm|wma|woff|wri|xla|xls|xlsx|xlt|xlw|zip)\$ {
expires 30d;
access_log off;
log_not_found off;
add_header Pragma public;
add_header Cache-Control "max-age=2592000, public";
}
if (\$http_user_agent ~* "FeedDemon|JikeSpider|Indy Library|Alexa Toolbar|AskTbFXTV|AhrefsBot|CrawlDaddy|CoolpadWebkit|Java|Feedly|UniversalFeedParser|ApacheBench|Microsoft URL Control|Swiftbot|ZmEu|oBot|jaunty|Python-urllib|lightDeckReports Bot|YYSpider|DigExt|YisouSpider|HttpClient|MJ12bot|heritrix|EasouSpider|Ezooms|Scrapy") {
return 403;
}
}
END
service nginx start
|
Der Weg von mxiii ist der richtige denke ich mal
Nginx Ordner sichern, Nginx downloaden, compilen, installieren und den Ordner zurück spielen.
Es müsste sich halt nur wer die Arbeit machen den Script wieder lauffähig zu machen^^
|
|
|
08/14/2016, 16:45
|
#323
|
elite*gold: 0
Join Date: Jan 2015
Posts: 118
Received Thanks: 17
|
Naja, @ tyle z.B. hat ja schon updates gemacht.
Ich habe es jetzt wirklich oft versucht aber es hat einfach nicht klappt.
Im Zweifel muss ich eben alles Platt machen und Komplett neu installieren.
Vorher: Welchen nginx order soll ich denn sichern? Den gesamten inkl aller Webseiten?
Also alles in /etc/nginx/ ?
Was updatet er denn dann, wenn ich das alles unberührt lasse.
|
|
|
08/14/2016, 17:18
|
#324
|
elite*gold: 0
Join Date: Mar 2011
Posts: 234
Received Thanks: 31
|
Anybody in here has some knowledge about hosting csgo servers on dedicated servers? - Just wanna know how many resources/power they need n all.
|
|
|
08/14/2016, 17:34
|
#325
|
elite*gold: 0
Join Date: Jan 2015
Posts: 118
Received Thanks: 17
|
3 years ago I have a CS: go server hosted with this
That worked well.
|
|
|
08/14/2016, 18:20
|
#326
|
elite*gold: 0
Join Date: Mar 2011
Posts: 234
Received Thanks: 31
|
Quote:
Originally Posted by TakeThisBitch
3 years ago I have a CS: go server hosted with this
That worked well.
|
You hosted just 1 server on that machine?
|
|
|
08/14/2016, 18:39
|
#327
|
elite*gold: 0
Join Date: Jan 2015
Posts: 118
Received Thanks: 17
|
one public server one private server 2 ts server 1 website
|
|
|
08/14/2016, 19:34
|
#328
|
elite*gold: 0
Join Date: Mar 2011
Posts: 234
Received Thanks: 31
|
Quote:
Originally Posted by TakeThisBitch
one public server one private server 2 ts server 1 website
|
Ah fair enough - Well I'll go for a couple csgo servers which are meant for private matches. Thanks tho!
|
|
|
08/15/2016, 08:37
|
#329
|
elite*gold: 0
Join Date: Apr 2014
Posts: 83
Received Thanks: 4
|
das mit den Blocked hosts macht Zypr's script doch automatisch, blocked-hosts
|
|
|
08/15/2016, 10:21
|
#330
|
elite*gold: 0
Join Date: Jan 2015
Posts: 118
Received Thanks: 17
|
das ging recht schnell. Konnte da keine Probleme feststellen. Komisch ist es.
|
|
|
|
|
Similar Threads
|
Der perfekte Rootserver (Nginx, SSL, Mailserver, Roundcube, phpMyAdmin, Firewall)
10/14/2016 - Tutorials - 379 Replies
Der perfekte Rootserver
Version 0.3.8
Was kann das Skript?:
Das Skript ist ein Allrounder und bietet eine Oneclick-Installation, die zahlreiche Systeme und Funktionen mit sich bringt. Es ist dafür gedacht einen frisch aufgesetzten Debian Jessie minimal Server in einen perfekten Rootserver zu verwandeln. Besonders für unerfahrene User ist das Skript bestens dafür geeignet, per "oneclick" eine sichere, perfomante und optimale Umgebung für seine Projekte zu schaffen. Die im Skript...
|
Der perfekte Rootserver by Zypr
12/14/2015 - Unix/Linux - 8 Replies
Hallo Community.
Ich habe ein Kleines Problem beim Installieren des Scriptes von Zypr.
Unzwar bekomme ich immer Fehler Meldungenen Während der Installation
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
[Suche]Perfekte Serverfiles+Client für Rootserver
07/26/2011 - Metin2 Private Server - 9 Replies
Hey Leute,
Also ich suche für meinen Metin2-Rootserver gute Serverfiles+Client.
Sie sollten haben:
*Die neuen Waffen von SonyStyle
*Die neuen Rüsstungen von EYvil
*Reittiere (Egal ob alt oder neu)
*Maximal level: mindestens 120
*Es darf nichts verbuggt sein
Also das sollte in den Client+in den Serverfiles/Datenbank drinnen sein.
|
All times are GMT +2. The time now is 13:47.
|
|