Der perfekte Rootserver (Support Thread)

TiggaStyle · 08/11/2016, 07:32

Moinsen,

sag mal waren hier nicht welche bei netcup?

Ich hab da mal nen Server bestellt, allerdings braucht die arno-firewall mit einlesen der 38k IPs aus dem Blocked Hosts ewig um zu starten, 8 Minuten oder so? Ohne die blocked-hosts geht normal schnell.
Ist das bei netcup so?

Gruß

Axiades · 08/12/2016, 15:21

Moinsen,

Hab da mal ne frage.. Kann ich dieses Script auch so nutzen dass er mir den Webserver & den MailServer nicht mit installiert.. ??

wenn ja. Wie?

Freue mich auf Antworten.

REtender · 08/13/2016, 00:18

Quote:

Originally Posted by Axiades

Moinsen,

Hab da mal ne frage.. Kann ich dieses Script auch so nutzen dass er mir den Webserver & den MailServer nicht mit installiert.. ??

wenn ja. Wie?

Freue mich auf Antworten.

In der Userconfig USE_MAILSERVER="1" auf 0 stellen?
Das Script kann man allerdings nicht ohne weiteres ohne Webserver installieren.

hat noch wer die neuen Versionen von Nginx und co getestet?
Bei mir ging es ohne Probleme...

TakeThisBitch · 08/13/2016, 00:38

Hab nach wie vor kein nginx update gemacht

Trau mich da nicht ran. Muss ich vorher nen image erstellen
@

ich habe das noch nicht gemacht. Könntest du kurz erklären wie du das machst? Dann kann ich es mal testen.

Klingt auch interessant

Gesendet von meinem C6903 mit Tapatalk

Wäre wirkoch nett, wenn mir jemand helfen könnte nginx zu updaten.

Habe einige Tutorials ausprobiert, aber ohne Erfolg.

und einfach neu installieren geht auch nicht:

Code:

root@mail:~# apt-get install nginx
Reading package lists... Done
Building dependency tree
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 nginx : Depends: nginx-full (>= 1.10.1-1) but 1.6.2-5+deb8u2+b1 is to be instal                                  led or
                  nginx-light (>= 1.10.1-1) but it is not going to be installed                                   or
                  nginx-extras (>= 1.10.1-1) but it is not going to be installed
E: Unable to correct problems, you have held broken packages.
root@mail:~#

nginx upgrade geht auch nicht:

Code:

root@mail:~# nginx -v
nginx version: nginx/1.10.0
root@mail:~# apt-get upgrade nginx
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Some packages could not be installed. This may mean that                                                              you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 nginx : Depends: nginx-full (>= 1.10.1-1) but it is not going to be installed o                                                             r
                  nginx-light (>= 1.10.1-1) but it is not going to be installed                                                              or
                  nginx-extras (>= 1.10.1-1) but it is not going to be installed
         Depends: nginx-full (< 1.10.1-1.1~) but it is not going to be installed                                                              or
                  nginx-light (< 1.10.1-1.1~) but it is not going to be installe                                                             d or
                  nginx-extras (< 1.10.1-1.1~) but it is not going to be install                                                             ed
E: Broken packages

Delinquenz · 08/13/2016, 10:00

Quote:

Originally Posted by TakeThisBitch

nginx upgrade geht auch nicht:

Du musst wenn schon alle Abhängigkeiten von nginx upgraden, am besten upgradest du einfach gleich alle Packages.

TakeThisBitch · 08/13/2016, 10:09

Und wie mach ich das? Ich habe auch versucht die commons zu löschen und neu zu installieren per apt-get install nginx aber das geht auch nicht

Gesendet von meinem C6903 mit Tapatalk

Achso und apt-get update -y && apt-get upgrade -y
Geht auch nicht, weil er ja nginx dann nicht mit updated

Gesendet von meinem C6903 mit Tapatalk

REtender · 08/13/2016, 11:39

Quote:

Originally Posted by REtender

Man könnte bestimmt den Update Script von mxiiii umschreiben

Edit:

Ich habe die update_server.sh mal grob "entmüllt".
Es funktioniert so DEFINITIV NICHT! Es ist nur ein Ansatz falls wer basteln möchte.

Spoiler

Code:

source ~/updateconfig.cfg

IPADR=$(ifconfig eth0 | awk -F ' *|:' '/inet /{print $4}')

# Some nice colors
red() { echo "$(tput setaf 1)$*$(tput setaf 9)"; }
green() { echo "$(tput setaf 2)$*$(tput setaf 9)"; }
yellow() { echo "$(tput setaf 3)$*$(tput setaf 9)"; }
magenta() { echo "$(tput setaf 5)$*$(tput setaf 9)"; }
cyan() { echo "$(tput setaf 6)$*$(tput setaf 9)"; }
textb() { echo $(tput bold)${1}$(tput sgr0); }
greenb() { echo $(tput bold)$(tput setaf 2)${1}$(tput sgr0); }
redb() { echo $(tput bold)$(tput setaf 1)${1}$(tput sgr0); }
yellowb() { echo $(tput bold)$(tput setaf 3)${1}$(tput sgr0); }
pinkb() { echo $(tput bold)$(tput setaf 5)${1}$(tput sgr0); }

# Some nice variables
info="$(textb [INFO] -)"
warn="$(yellowb [WARN] -)"
error="$(redb [ERROR] -)"
fyi="$(pinkb [INFO] -)"
ok="$(greenb [OKAY] -)"

echo
echo "$(yellowb +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+)"
echo " $(textb Perfect) $(textb Rootserver) $(textb Update) $(textb by)" "$(cyan MXIIII)"
echo "$(yellowb +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+)"
echo
if [ "$CONFIG_COMPLETED" != '1' ]; then
echo "${error} Please check the userconfig and set a valid value for the variable \"$(textb CONFIG_COMPLETED)\" to continue." | awk '{ print strftime("[%H:%M:%S] |"), $0 }'
exit 1
fi

echo "${info} Backup..."
rm /root/backup/ -r >/dev/null 2>&1
mkdir /root/backup/nginx >/dev/null 2>&1
cp -R /etc/nginx/* /root/backup/nginx

echo "${info} Install..."
echo
echo "$(yellowb +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+)"
echo " $(textb Perfect) $(textb Rootserver) $(textb Update) $(textb by)" "$(cyan MXIIII)"
echo "$(yellowb +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+)"
echo
echo "${info} Backup..."
echo "${info} Install..."
echo "${info} NGINX Update..."
echo "${warn} Some of the tasks could take a long time, please be patient!"
service nginx stop

cd ~/sources
echo "${info} Downloading Nginx..."
wget -nc http://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz >/dev/null 2>&1
tar -xzf nginx-${NGINX_VERSION}.tar.gz
cd nginx-${NGINX_VERSION}

./configure --prefix=/etc/nginx \
--sbin-path=/usr/sbin/nginx \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--pid-path=/var/run/nginx.pid \
--lock-path=/var/run/nginx.lock \
--http-client-body-temp-path=/var/lib/nginx/body \
--http-proxy-temp-path=/var/lib/nginx/proxy \
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi \
--http-uwsgi-temp-path=/var/lib/nginx/uwsgi \
--http-scgi-temp-path=/var/lib/nginx/scgi \
--user=www-data \
--group=www-data \
--without-http_autoindex_module \
--without-http_browser_module \
--without-http_empty_gif_module \
--without-http_userid_module \
--without-http_split_clients_module \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_geoip_module \
--with-http_addition_module \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_stub_status_module \
--with-http_auth_request_module \
--with-mail \
--with-mail_ssl_module \
--with-file-aio \
--with-ipv6 \
--with-debug \
--with-pcre \
--with-cc-opt='-O2 -g -pipe -Wall -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' \
--with-openssl=$HOME/sources/openssl-${OPENSSL_VERSION} \
--add-module=$HOME/sources/ngx_pagespeed-release-${NPS_VERSION}-beta >/dev/null 2>&1

echo "${info} NGINX Install..."
make >/dev/null 2>&1

checkinstall --install=no -y >/dev/null 2>&1

dpkg -i nginx_${NGINX_VERSION}-1_amd64.deb >/dev/null 2>&1

mv nginx_${NGINX_VERSION}-1_amd64.deb ../
cp -R /root/backup/nginx/* /etc/nginx/

cat > /etc/nginx/sites-available/autodiscover.${MYDOMAIN}.conf <<END
 server {
 			listen 80;
 			server_name autodiscover.${MYDOMAIN} autoconfig.${MYDOMAIN};
 			return 301 https://autodiscover.${MYDOMAIN}\$request_uri;
 }
 
 server {
 			listen 443 ssl http2;
 			server_name autodiscover.${MYDOMAIN} autoconfig.${MYDOMAIN};
 
 			root /var/www/zpush;
 			index index.php;
 			charset utf-8;
 
 			error_page 404 /index.php;
 
 			ssl_certificate 	ssl/${MYDOMAIN}.pem;
 			ssl_certificate_key ssl/${MYDOMAIN}.key;
 			#ssl_trusted_certificate ssl/${MYDOMAIN}.pem;
 			ssl_dhparam	     	ssl/dh.pem;
 			#ssl_ecdh_curve		secp384r1;
 			ssl_session_cache   shared:SSL:10m;
 			ssl_session_timeout 10m;
 			ssl_session_tickets off;
 			ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
 			ssl_prefer_server_ciphers on;
 			ssl_buffer_size 	1400;
 
 			#ssl_stapling 		on;
 			#ssl_stapling_verify on;
 			#resolver 			8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=60s;
 			#resolver_timeout 	2s;
 
 			ssl_ciphers 		"ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK";
 
 			#add_header 		Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
 			#add_header 		Public-Key-Pins 'pin-sha256="${HPKP1}"; pin-sha256="${HPKP2}"; max-age=5184000; includeSubDomains';
 			add_header 			Cache-Control "public";
 			add_header 			X-Frame-Options SAMEORIGIN;
 			add_header 			Alternate-Protocol  443:npn-http/2;
 			add_header 			X-Content-Type-Options nosniff;
 			add_header 			X-XSS-Protection "1; mode=block";
 			add_header 			X-Permitted-Cross-Domain-Policies "master-only";
 			add_header 			"X-UA-Compatible" "IE=Edge";
 			add_header 			"Access-Control-Allow-Origin" "*";
 			add_header 			Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com maps.gstatic.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com assets.zendesk.com connect.facebook.net; frame-src 'self' *.youtube.com assets.zendesk.com *.facebook.com s-static.ak.facebook.com tautt.zendesk.com; object-src 'self'";
 
 			auth_basic_user_file htpasswd/.htpasswd;
 
 			location ~ ^(.+\.php)(.*)\$ {
 				fastcgi_split_path_info ^(.+\.php)(/.+)\$;
 				try_files \$fastcgi_script_name =404;
 				set \$path_info \$fastcgi_path_info;
 				fastcgi_param PATH_INFO \$path_info;
 				fastcgi_param APP_ENV production;
 				fastcgi_pass unix:/var/run/php5-fpm.sock;
 				fastcgi_index index.php;
 				include fastcgi.conf;
 				fastcgi_intercept_errors on;
 				fastcgi_ignore_client_abort off;
 				fastcgi_buffers 256 16k;
 				fastcgi_buffer_size 128k;
 				fastcgi_connect_timeout 3s;
 				fastcgi_send_timeout 120s;
 				fastcgi_read_timeout 120s;
 				fastcgi_busy_buffers_size 256k;
 				fastcgi_temp_file_write_size 256k;
 			}
 
 			rewrite (?i)^/autodiscover/autodiscover\.xml\$ /autodiscover/autodiscover.php;
 
 			location / {
 				try_files \$uri \$uri/ /index.php;
 			}
 
 			location /Microsoft-Server-ActiveSync {
             	rewrite ^(.*)\$  /index.php last;
         	}
 
 			location ~ /(\.ht|Core|Specific) {
                 deny all;
                 return 404;
         	}
 
 			location = /favicon.ico {
 				access_log off;
 				log_not_found off;
 			}
 				
 			location = /robots.txt {
 				allow all;
 				access_log off;
 				log_not_found off;
 			}
 
 			location ~* ^.+\.(css|js)\$ {
 				rewrite ^(.+)\.(\d+)\.(css|js)\$ \$1.\$3 last;
 				expires 30d;
 				access_log off;
 				log_not_found off;
 				add_header Pragma public;
 				add_header Cache-Control "max-age=2592000, public";
 			}
 
 			location ~* \.(asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|eot|exe|gif|gz|gzip|ico|jpg|jpeg|jpe|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|mpp|odb|odc|odf|odg|odp|ods|odt|ogg|ogv|otf|pdf|png|pot|pps|ppt|pptx|ra|ram|svg|svgz|swf|tar|t?gz|tif|tiff|ttf|wav|webm|wma|woff|wri|xla|xls|xlsx|xlt|xlw|zip)\$ {
 				expires 30d;
 				access_log off;
 				log_not_found off;
 				add_header Pragma public;
 				add_header Cache-Control "max-age=2592000, public";
 			}
 
			if (\$http_user_agent ~* "FeedDemon|JikeSpider|Indy Library|Alexa Toolbar|AskTbFXTV|AhrefsBot|CrawlDaddy|CoolpadWebkit|Java|Feedly|UniversalFeedParser|ApacheBench|Microsoft URL Control|Swiftbot|ZmEu|oBot|jaunty|Python-urllib|lightDeckReports Bot|YYSpider|DigExt|YisouSpider|HttpClient|MJ12bot|heritrix|EasouSpider|Ezooms|Scrapy") {
             	return 403;
             }
 
 }
END

cat > /etc/nginx/sites-available/dav.${MYDOMAIN}.conf <<END
 server {
 			listen 80;
 			server_name dav.${MYDOMAIN};
 			return 301 https://dav.${MYDOMAIN}\$request_uri;
 }
 
 server {
 			listen 443 ssl http2;
 			server_name dav.${MYDOMAIN};
 
 			root /var/www/dav;
 			index server.php;
 			charset utf-8;
 
 			error_page 404 /index.php;
 
 			ssl_certificate 	ssl/${MYDOMAIN}.pem;
 			ssl_certificate_key ssl/${MYDOMAIN}.key;
 			#ssl_trusted_certificate ssl/${MYDOMAIN}.pem;
 			ssl_dhparam	     	ssl/dh.pem;
 			#ssl_ecdh_curve		secp384r1;
 			ssl_session_cache   shared:SSL:10m;
 			ssl_session_timeout 10m;
 			ssl_session_tickets off;
 			ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
 			ssl_prefer_server_ciphers on;
 			ssl_buffer_size 	1400;
 
 			#ssl_stapling 		on;
 			#ssl_stapling_verify on;
 			#resolver 			8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=60s;
 			#resolver_timeout 	2s;
 
 			ssl_ciphers 		"ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK";
 
 			#add_header 		Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
 			#add_header 		Public-Key-Pins 'pin-sha256="${HPKP1}"; pin-sha256="${HPKP2}"; max-age=5184000; includeSubDomains';
 			add_header 			Cache-Control "public";
 			add_header 			X-Frame-Options SAMEORIGIN;
 			add_header 			Alternate-Protocol  443:npn-http/2;
 			add_header 			X-Content-Type-Options nosniff;
 			add_header 			X-XSS-Protection "1; mode=block";
 			add_header 			X-Permitted-Cross-Domain-Policies "master-only";
 			add_header 			"X-UA-Compatible" "IE=Edge";
 			add_header 			"Access-Control-Allow-Origin" "*";
 			add_header 			Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com maps.gstatic.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com assets.zendesk.com connect.facebook.net; frame-src 'self' *.youtube.com assets.zendesk.com *.facebook.com s-static.ak.facebook.com tautt.zendesk.com; object-src 'self'";
 			
 			auth_basic_user_file htpasswd/.htpasswd;
 
 			location ~ ^(.+\.php)(.*)\$ {
 				fastcgi_split_path_info ^(.+\.php)(/.+)\$;
 				try_files \$fastcgi_script_name =404;
 				set \$path_info \$fastcgi_path_info;
 				fastcgi_param PATH_INFO \$path_info;
 				fastcgi_param APP_ENV production;
 				fastcgi_pass unix:/var/run/php5-fpm.sock;
 				fastcgi_index index.php;
 				include fastcgi.conf;
 				fastcgi_intercept_errors on;
 				fastcgi_ignore_client_abort off;
 				fastcgi_buffers 256 16k;
 				fastcgi_buffer_size 128k;
 				fastcgi_connect_timeout 3s;
 				fastcgi_send_timeout 120s;
 				fastcgi_read_timeout 120s;
 				fastcgi_busy_buffers_size 256k;
 				fastcgi_temp_file_write_size 256k;
 			}
 
 			rewrite ^/.well-known/caldav /server.php redirect;
 			rewrite ^/.well-known/carddav /server.php redirect;
 
 			location / {
 				try_files \$uri \$uri/ /server.php?\$args;
 			}
 
 			location ~ /(\.ht|Core|Specific) {
                 deny all;
                 return 404;
         	}
 
 			location = /favicon.ico {
 				access_log off;
 				log_not_found off;
 			}
 				
 			location = /robots.txt {
 				allow all;
 				access_log off;
 				log_not_found off;
 			}
 
 			location ~* ^.+\.(css|js)\$ {
 				rewrite ^(.+)\.(\d+)\.(css|js)\$ \$1.\$3 last;
 				expires 30d;
 				access_log off;
 				log_not_found off;
 				add_header Pragma public;
 				add_header Cache-Control "max-age=2592000, public";
 			}
 
 			location ~* \.(asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|eot|exe|gif|gz|gzip|ico|jpg|jpeg|jpe|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|mpp|odb|odc|odf|odg|odp|ods|odt|ogg|ogv|otf|pdf|png|pot|pps|ppt|pptx|ra|ram|svg|svgz|swf|tar|t?gz|tif|tiff|ttf|wav|webm|wma|woff|wri|xla|xls|xlsx|xlt|xlw|zip)\$ {
 				expires 30d;
 				access_log off;
 				log_not_found off;
 				add_header Pragma public;
 				add_header Cache-Control "max-age=2592000, public";
 			}
 
			if (\$http_user_agent ~* "FeedDemon|JikeSpider|Indy Library|Alexa Toolbar|AskTbFXTV|AhrefsBot|CrawlDaddy|CoolpadWebkit|Java|Feedly|UniversalFeedParser|ApacheBench|Microsoft URL Control|Swiftbot|ZmEu|oBot|jaunty|Python-urllib|lightDeckReports Bot|YYSpider|DigExt|YisouSpider|HttpClient|MJ12bot|heritrix|EasouSpider|Ezooms|Scrapy") {
             	return 403;
             }
 }
END

cat > /etc/nginx/sites-available/${MYDOMAIN}.conf <<END
 server {
 			listen 				80 default_server;
 			server_name 		${IPADR} ${MYDOMAIN};
 			return 301 			https://${MYDOMAIN}\$request_uri;
 }
 
 server {
 			listen 				443;
 			server_name 		${IPADR} www.${MYDOMAIN} mail.${MYDOMAIN};
 			return 301 			https://${MYDOMAIN}\$request_uri;
 }
 
 server {
 			listen 				443 ssl http2 default deferred;
 			server_name 		${MYDOMAIN};
 
 			root 				/etc/nginx/html;
 			index 				index.php index.html index.htm;
 
 			charset 			utf-8;
 
 			error_page 404 		/index.php;
 
 			ssl_certificate 	ssl/${MYDOMAIN}.pem;
 			ssl_certificate_key ssl/${MYDOMAIN}.key;
 			#ssl_trusted_certificate ssl/${MYDOMAIN}.pem;
 			ssl_dhparam	     	ssl/dh.pem;
 			#ssl_ecdh_curve		secp384r1;
 			ssl_session_cache   shared:SSL:10m;
 			ssl_session_timeout 10m;
 			ssl_session_tickets off;
 			ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
 			ssl_prefer_server_ciphers on;
 			ssl_buffer_size 	1400;
 
 			#ssl_stapling 		on;
 			#ssl_stapling_verify on;
 			#resolver 			8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=60s;
 			#resolver_timeout 	2s;
 
 			ssl_ciphers 		"ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK";
 
 			#add_header 		Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
 			#add_header 		Public-Key-Pins 'pin-sha256="${HPKP1}"; pin-sha256="${HPKP2}"; max-age=5184000; includeSubDomains';
 			add_header 			Cache-Control "public";
 			add_header 			X-Frame-Options SAMEORIGIN;
 			add_header 			Alternate-Protocol  443:npn-http/2;
 			add_header 			X-Content-Type-Options nosniff;
 			add_header 			X-XSS-Protection "1; mode=block";
 			add_header 			X-Permitted-Cross-Domain-Policies "master-only";
 			add_header 			"X-UA-Compatible" "IE=Edge";
 			add_header 			"Access-Control-Allow-Origin" "*";
 			add_header 			Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com maps.gstatic.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com assets.zendesk.com connect.facebook.net; frame-src 'self' *.youtube.com assets.zendesk.com *.facebook.com s-static.ak.facebook.com tautt.zendesk.com; object-src 'self'";
 
 			pagespeed 			on;
 			pagespeed 			EnableFilters collapse_whitespace;
 			pagespeed 			EnableFilters canonicalize_javascript_libraries;
 			pagespeed 			EnableFilters combine_css;
 			pagespeed 			EnableFilters combine_javascript;
 			pagespeed 			EnableFilters elide_attributes;
 			pagespeed 			EnableFilters extend_cache;
 			pagespeed 			EnableFilters flatten_css_imports;
 			pagespeed 			EnableFilters lazyload_images;
 			pagespeed 			EnableFilters rewrite_javascript;
 			pagespeed 			EnableFilters rewrite_images;
 			pagespeed 			EnableFilters insert_dns_prefetch;
 			pagespeed 			EnableFilters prioritize_critical_css;
 
 			pagespeed 			FetchHttps enable,allow_self_signed;
 			pagespeed 			FileCachePath /var/lib/nginx/nps_cache;
 			pagespeed 			RewriteLevel CoreFilters;
 			pagespeed 			CssFlattenMaxBytes 5120;
 			pagespeed 			LogDir /var/log/pagespeed;
 			pagespeed 			EnableCachePurge on;
 			pagespeed 			PurgeMethod PURGE;
 			pagespeed 			DownstreamCachePurgeMethod PURGE;
 			pagespeed 			DownstreamCachePurgeLocationPrefix http://127.0.0.1:80/;
 			pagespeed 			DownstreamCacheRewrittenPercentageThreshold 95;
 			pagespeed 			LazyloadImagesAfterOnload on;
 			pagespeed 			LazyloadImagesBlankUrl "data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7";
 
 			pagespeed 			MemcachedThreads 1;
 			pagespeed 			MemcachedServers "localhost:11211";
 			pagespeed 			MemcachedTimeoutUs 100000;
 			pagespeed 			RespectVary on;
 
 			pagespeed 			Disallow "*/pma/*";
 
 			# This will correctly rewrite your subresources with https:// URLs and thus avoid mixed content warnings.
 			# Note, that you should only enable this option if you are behind a load-balancer that will set this header,
 			# otherwise your users will be able to set the protocol PageSpeed uses to interpret the request.
 			#
 			#pagespeed 			RespectXForwardedProto on;
 
 			auth_basic_user_file htpasswd/.htpasswd;
 
 			location ~ \.php\$ {
 				fastcgi_split_path_info ^(.+\.php)(/.+)\$;
 				try_files \$fastcgi_script_name =404;
 				fastcgi_param PATH_INFO \$fastcgi_path_info;
				fastcgi_param PATH_TRANSLATED \$document_root\$fastcgi_path_info;
 				fastcgi_param APP_ENV production;
 				fastcgi_pass unix:/var/run/php5-fpm.sock;
 				fastcgi_index index.php;
 				include fastcgi.conf;
 				fastcgi_intercept_errors off;
 				fastcgi_ignore_client_abort off;
 				fastcgi_buffers 256 16k;
 				fastcgi_buffer_size 128k;
 				fastcgi_connect_timeout 3s;
 				fastcgi_send_timeout 120s;
 				fastcgi_read_timeout 120s;
 				fastcgi_busy_buffers_size 256k;
 				fastcgi_temp_file_write_size 256k;
 			}
 
 			include /etc/nginx/sites-custom/*.conf;
 
 			location / {
 			   	include /etc/nginx/naxsi.rules;
 
 			   	# Uncomment, if you need to remove index.php from the
 				# URL. Usefull if you use Codeigniter, Zendframework, etc.
 				# or just need to remove the index.php
 				#
 			   	#try_files \$uri \$uri/ /index.php?\$args;
 			}
 
 			location ~* /\.(?!well-known\/) {
 			    deny all;
 			    access_log off;
 				log_not_found off;
 			}
 
 			location ~* (?:\.(?:bak|conf|dist|fla|in[ci]|log|psd|sh|sql|sw[op])|~)$ {
 			    deny all;
 			    access_log off;
 				log_not_found off;
 			}
 
 			location = /favicon.ico {
 				access_log off;
 				log_not_found off;
 			}
 				
 			location = /robots.txt {
 				allow all;
 				access_log off;
 				log_not_found off;
 			}
 
 			location ~* ^.+\.(css|js)\$ {
 				rewrite ^(.+)\.(\d+)\.(css|js)\$ \$1.\$3 last;
 				expires 30d;
 				access_log off;
 				log_not_found off;
 				add_header Pragma public;
 				add_header Cache-Control "max-age=2592000, public";
 			}
 
 			location ~* \.(asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|eot|exe|gif|gz|gzip|ico|jpg|jpeg|jpe|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|mpp|odb|odc|odf|odg|odp|ods|odt|ogg|ogv|otf|pdf|png|pot|pps|ppt|pptx|ra|ram|svg|svgz|swf|tar|t?gz|tif|tiff|ttf|wav|webm|wma|woff|wri|xla|xls|xlsx|xlt|xlw|zip)\$ {
 				expires 30d;
 				access_log off;
 				log_not_found off;
 				add_header Pragma public;
 				add_header Cache-Control "max-age=2592000, public";
 			}
 
			if (\$http_user_agent ~* "FeedDemon|JikeSpider|Indy Library|Alexa Toolbar|AskTbFXTV|AhrefsBot|CrawlDaddy|CoolpadWebkit|Java|Feedly|UniversalFeedParser|ApacheBench|Microsoft URL Control|Swiftbot|ZmEu|oBot|jaunty|Python-urllib|lightDeckReports Bot|YYSpider|DigExt|YisouSpider|HttpClient|MJ12bot|heritrix|EasouSpider|Ezooms|Scrapy") {
             	return 403;
             }
 }
END
service nginx start

Der Weg von mxiii ist der richtige denke ich mal

Nginx Ordner sichern, Nginx downloaden, compilen, installieren und den Ordner zurück spielen.

Es müsste sich halt nur wer die Arbeit machen den Script wieder lauffähig zu machen^^

TakeThisBitch · 08/14/2016, 16:45

Naja, @

tyle z.B. hat ja schon updates gemacht.

Ich habe es jetzt wirklich oft versucht aber es hat einfach nicht klappt.

Im Zweifel muss ich eben alles Platt machen und Komplett neu installieren.

Vorher: Welchen nginx order soll ich denn sichern? Den gesamten inkl aller Webseiten?
Also alles in /etc/nginx/ ?

Was updatet er denn dann, wenn ich das alles unberührt lasse.

minecraftreflex · 08/14/2016, 17:18

Anybody in here has some knowledge about hosting csgo servers on dedicated servers? - Just wanna know how many resources/power they need n all.

TakeThisBitch · 08/14/2016, 17:34

3 years ago I have a CS: go server hosted with this

That worked well.

minecraftreflex · 08/14/2016, 18:20

Quote:

Originally Posted by TakeThisBitch

3 years ago I have a CS: go server hosted with this

That worked well.

You hosted just 1 server on that machine?

TakeThisBitch · 08/14/2016, 18:39

one public server one private server 2 ts server 1 website

minecraftreflex · 08/14/2016, 19:34

Quote:

Originally Posted by TakeThisBitch

one public server one private server 2 ts server 1 website

Ah fair enough - Well I'll go for a couple csgo servers which are meant for private matches. Thanks tho!

TiggaStyle · 08/15/2016, 08:37

das mit den Blocked hosts macht Zypr's script doch automatisch, blocked-hosts

TakeThisBitch · 08/15/2016, 10:21

das ging recht schnell. Konnte da keine Probleme feststellen. Komisch ist es.