update
This commit is contained in:
parent
8a983df201
commit
57fe31242a
|
@ -1,10 +1,10 @@
|
|||
### Drone is a Continuous Delivery platform built on Docker
|
||||
|
||||
URL : <a href="https://drone.webhosting.rug.nl" target="_blank">https://drone.webhosting.rug.nl</a>
|
||||
URL : <a href="https://drone.web.rug.nl" target="_blank">https://drone.web.rug.nl</a>
|
||||
|
||||
|
||||
```
|
||||
login with you're git credentials -> https://git.webhosting.rug.nl
|
||||
login with you're git credentials -> https://git.web.rug.nl
|
||||
|
||||
```
|
||||
|
||||
|
@ -22,24 +22,37 @@ example :
|
|||
#### example drone.yml
|
||||
````
|
||||
cat > .drone.yml <<EOF
|
||||
pipeline:
|
||||
publish:
|
||||
kind: pipeline
|
||||
type: kubernetes
|
||||
name: drone
|
||||
|
||||
steps:
|
||||
- name: docker
|
||||
image: plugins/docker
|
||||
secrets: [ docker_username, docker_password ]
|
||||
settings:
|
||||
registry: registry.webhosting.rug.nl
|
||||
repo: registry.webhosting.rug.nl/webhosting/debian-web5
|
||||
file: Dockerfile
|
||||
tag:
|
||||
- latest
|
||||
notify:
|
||||
repo: registry.webhosting.rug.nl/services/ssh-server-autofs
|
||||
autotag: true
|
||||
auto_tag_suffix: ssh
|
||||
purge: true
|
||||
username:
|
||||
from_secret: docker_username
|
||||
password:
|
||||
from_secret: docker_password
|
||||
- name: notify
|
||||
image: drillster/drone-email
|
||||
host: mail-server
|
||||
settings:
|
||||
host: smtp.rug.nl
|
||||
port: 25
|
||||
skip_verify: true
|
||||
from: drone@example.org
|
||||
recipients: [ to@example.org ]
|
||||
recipients_only: true
|
||||
when:
|
||||
status: [ success, changed, failure ]
|
||||
from: drone@web.rug.nl
|
||||
recipients:
|
||||
- p.h.vos@rug.nl
|
||||
- webhosting.cit@rug.nl
|
||||
- name: notify-slack
|
||||
image: plugins/slack
|
||||
settings:
|
||||
webhook: https://hooks.slack.com/services/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
|
||||
channel: builds
|
||||
EOF
|
||||
````
|
||||
|
|
|
@ -3,10 +3,11 @@
|
|||
|
||||
# RUG WEBHOSTING
|
||||
|
||||
* Docker domain hosting
|
||||
* Kubernetes domain hosting
|
||||
* 5+ GB website space ( fair use policy )
|
||||
* PHP support (Linux/Apache variant)
|
||||
* ASP support (Windows/IIS variant)
|
||||
* All container based services.
|
||||
|
||||
The following options are available at an extra charge:
|
||||
|
||||
|
@ -186,7 +187,7 @@ $ cat ~\site\.htaccess
|
|||
|
||||
Override upload filesize
|
||||
```
|
||||
<IfModule mod_php5.c>
|
||||
<IfModule mod_php7.c>
|
||||
php_value upload_max_filesize 100M
|
||||
php_value post_max_size 100M
|
||||
php_value max_execution_time 200
|
||||
|
@ -196,7 +197,7 @@ php_value max_input_time 200
|
|||
|
||||
Override memory limit
|
||||
```
|
||||
<IfModule mod_php5.c>
|
||||
<IfModule mod_php7.c>
|
||||
php_value memory_limit 64M
|
||||
</IfModule>
|
||||
```
|
||||
|
|
|
@ -0,0 +1,15 @@
|
|||
#### ISSUES
|
||||
|
||||
# ndots:5
|
||||
|
||||
If you're running debian/ubuntu as container OS, and you have a dhcp
|
||||
deployed, wich also is sending a search domain.
|
||||
Then you're resolv.conf contains :
|
||||
`
|
||||
search let.svc.cluster.local svc.cluster.local cluster.local kuber.local
|
||||
`
|
||||
|
||||
Here is kuber.local our local domain ;(
|
||||
Due to the musl libc the resolving stops with alpine linux.
|
||||
Removing the kuber.local from resolv.conf fix the problem.
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
####
|
||||
https://jenkins.web.rug.nl
|
|
@ -0,0 +1,413 @@
|
|||
#OS - RANCHER
|
||||
Different operating setups with rancher
|
||||
|
||||
#### FLATCAR
|
||||
|
||||
rancher cluster.yml for coreos/flatcar
|
||||
canal network provider
|
||||
````
|
||||
network:
|
||||
mtu: 0
|
||||
options:
|
||||
flannel_backend_type: vxlan
|
||||
canal_flex_volume_plugin_dir: "/opt/kubernetes/kubelet-plugins/volume/exec/nodeagent~uds"
|
||||
plugin: canal
|
||||
|
||||
services:
|
||||
kube-controller:
|
||||
extra_args:
|
||||
flex-volume-plugin-dir: "/opt/kubernetes/kubelet-plugins/volume/exec/"
|
||||
````
|
||||
|
||||
calico network provider
|
||||
|
||||
````
|
||||
network:
|
||||
mtu: 0
|
||||
options:
|
||||
flannel_backend_type: vxlan
|
||||
calico_flex_volume_plugin_dir: "/opt/kubernetes/kubelet-plugins/volume/exec/nodeagent~uds"
|
||||
plugin: calico
|
||||
|
||||
services:
|
||||
kube-controller:
|
||||
extra_args:
|
||||
flex-volume-plugin-dir: "/opt/kubernetes/kubelet-plugins/volume/exec/"
|
||||
````
|
||||
|
||||
PXE SETUP
|
||||
````
|
||||
:flatcar
|
||||
kernel http://$IP/flatcar/images/flatcar_production_pxe.vmlinuz append flatcar.first_boot=1 root=/dev/sda1 ignition.config.url=http://$IP/flatcar/pxe-config.ign
|
||||
initrd http://$IP/flatcar/images/flatcar_production_pxe_image.cpio.gz
|
||||
boot
|
||||
|
||||
:flatcar-init
|
||||
kernel http://$IP/flatcar/images/flatcar_production_pxe.vmlinuz coreos.config.url=http://$IP/flatcar/init.ign cloud-config-url=http://$IP/flatcar/cloud-control.sh flatcar.first_boot=1
|
||||
initrd http://$IP/flatcar/images/flatcar_production_pxe_image.cpio.gz
|
||||
boot
|
||||
````
|
||||
init.yml
|
||||
````
|
||||
storage:
|
||||
disks:
|
||||
- device: /dev/sda
|
||||
wipe_table: true
|
||||
partitions:
|
||||
- label: ROOT
|
||||
filesystems:
|
||||
- mount:
|
||||
device: /dev/disk/by-partlabel/ROOT
|
||||
format: ext4
|
||||
wipe_filesystem: true
|
||||
label: ROOT
|
||||
|
||||
````
|
||||
cloud-control
|
||||
````
|
||||
#!/bin/bash
|
||||
|
||||
# local disk install
|
||||
# curl -kO https://$IP/flatcar/pxe-config.ign
|
||||
# sudo flatcar-install -d /dev/sda -i pxe-config.ign
|
||||
sudo reboot
|
||||
|
||||
````
|
||||
|
||||
|
||||
pxe-config
|
||||
````
|
||||
networkd:
|
||||
units:
|
||||
- name: 00-ens.network
|
||||
contents: |
|
||||
[Match]
|
||||
Name=ens*
|
||||
|
||||
[Network]
|
||||
LinkLocalAddressing=ipv4
|
||||
DHCP=yes
|
||||
storage:
|
||||
files:
|
||||
- path: /etc/modules-load.d/nf.conf
|
||||
filesystem: root
|
||||
mode: 0644
|
||||
contents:
|
||||
inline: |
|
||||
nf_conntrack
|
||||
- path: /etc/modules-load.d/iscsi.conf
|
||||
filesystem: root
|
||||
mode: 0644
|
||||
contents:
|
||||
inline: |
|
||||
iscsi_tcp
|
||||
- path: /etc/sysctl.d/nf.conf
|
||||
filesystem: root
|
||||
mode: 0644
|
||||
contents:
|
||||
inline: |
|
||||
fs.inotify.max_user_watches = 1048576
|
||||
vm.max_map_count = 262144
|
||||
net.ipv4.conf.all.forwarding = 1
|
||||
vm.swappiness = 0
|
||||
vm.overcommit_memory = 1
|
||||
kernel.panic = 10
|
||||
kernel.panic_on_oops = 1
|
||||
- path: /etc/motd.d/pi.conf
|
||||
filesystem: root
|
||||
mode: 0644
|
||||
contents:
|
||||
inline: PI MONSTER
|
||||
- filesystem: "root"
|
||||
path: "/opt/get-metadata.sh"
|
||||
mode: 0755
|
||||
contents:
|
||||
remote:
|
||||
url: "https://$IP/flatcar/metadata-script.sh"
|
||||
- path: /etc/systemd/timesyncd.conf
|
||||
filesystem: root
|
||||
mode: 0644
|
||||
contents:
|
||||
inline: |
|
||||
[Time]
|
||||
NTP=ntp0.rug.nl
|
||||
directories:
|
||||
- path: /mnt/snapshots
|
||||
filesystem: root
|
||||
overwrite: true
|
||||
mode: 0755
|
||||
systemd:
|
||||
units:
|
||||
- name: vmware.service
|
||||
enable: true
|
||||
contents: |
|
||||
[Unit]
|
||||
Description=Service for virtual machines hosted on VMware
|
||||
|
||||
[Service]
|
||||
Restart=yes
|
||||
ExecStart=/usr/bin/docker run --rm --net=host -v /run/systemd:/run/systemd --name open-vm-tools registry.webhosting.rug.nl/k8s/vmwaretools:latest
|
||||
Type=oneshot
|
||||
RemainAfterExit=true
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
- name: mnt-snapshots.mount
|
||||
enable: true
|
||||
contents: |
|
||||
[Unit]
|
||||
Description=Mount for rancher service volumes
|
||||
Before=timezone.service
|
||||
[Mount]
|
||||
What=$IP:/home/www/snapshot
|
||||
Where=/mnt/snapshots
|
||||
Type=nfs
|
||||
[Install]
|
||||
WantedBy=remote-fs.target
|
||||
- name: sshd.socket
|
||||
dropins:
|
||||
- name: 10-sshd-port.conf
|
||||
contents: |
|
||||
[Socket]
|
||||
ListenStream=
|
||||
ListenStream=8822
|
||||
- name: timezone.service
|
||||
enable: true
|
||||
contents: |
|
||||
[Unit]
|
||||
Before=rancher.service
|
||||
Description=Set timezone
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
RemainAfterExit=true
|
||||
ExecStart=/usr/bin/timedatectl set-timezone Europe/Amsterdam
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
- name: "flatcar-metadata.service"
|
||||
dropins:
|
||||
- name: "use-script.conf"
|
||||
contents: |
|
||||
[Service]
|
||||
ExecStart=/opt/get-metadata.sh
|
||||
|
||||
- name: rancher.service
|
||||
enable: true
|
||||
contents: |
|
||||
[Unit]
|
||||
Description=Rancher service for docker management
|
||||
After=flatcar-metadata.service
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
RemainAfterExit=true
|
||||
ExecStart=/opt/get-metadata.sh
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
passwd:
|
||||
users:
|
||||
- name:
|
||||
ssh_authorized_keys:
|
||||
- "ssh-rsa "
|
||||
````
|
||||
|
||||
|
||||
|
||||
|
||||
#### RANCHEROS
|
||||
|
||||
PXE SETUP
|
||||
````
|
||||
:RancherOs
|
||||
kernel https://$IP/rancher/v1.5.5/vmlinuz elevator=deadline nomodeset vsyscall=emulate printk.devkmsg=on rancher.state.dev=LABEL=RANCHER_STATE rancher.state.autoformat=[/dev/sda] rancher.state.formatzero=true panic=10 rancher.state.wait rancher.cloud_init.datasources=[url:https://$IP/rancher/${net0/ip}.yml]
|
||||
initrd https://$IP/rancher/v1.5.5/initrd
|
||||
boot
|
||||
|
||||
:RancherOs-Init
|
||||
kernel https://$IP/rancher/v1.5.5/vmlinuz panic=10 rancher.cloud_init.datasources=[url:http://$IP/rancher/format.yml]
|
||||
initrd https://$IP/rancher/v1.5.5/initrd
|
||||
boot
|
||||
|
||||
````
|
||||
|
||||
$IP.yml
|
||||
|
||||
````
|
||||
#cloud-config
|
||||
ssh_authorized_keys:
|
||||
- ssh-rsa
|
||||
- ssh-rsa
|
||||
write_files:
|
||||
- container: ntp
|
||||
- path: /etc/ntp.conf
|
||||
permissions: "0644"
|
||||
content: |
|
||||
driftfile /var/lib/ntp/ntp.drift
|
||||
statsdir /var/log/ntpstats/
|
||||
statistics loopstats peerstats clockstats
|
||||
filegen loopstats file loopstats type day enable
|
||||
filegen peerstats file peerstats type day enable
|
||||
filegen clockstats file clockstats type day enable
|
||||
server ntp0.rug.nl burst iburst prefer
|
||||
server 127.127.1.0
|
||||
fudge 127.127.1.0 stratum 10
|
||||
restrict 127.0.0.1
|
||||
restrict ::1
|
||||
enable ntp
|
||||
enable kernel
|
||||
multicastclient
|
||||
rancher:
|
||||
ssh:
|
||||
port: 8822
|
||||
modules:
|
||||
- iscsi_tcp
|
||||
state:
|
||||
autoformat:
|
||||
- /dev/sda
|
||||
sysctl:
|
||||
fs.inotify.max_user_watches: 1048576
|
||||
vm.max_map_count: 262144
|
||||
net.ipv4.conf.all.forwarding: 1
|
||||
vm.swappiness: 0
|
||||
vm.panic_on_oom: 0
|
||||
vm.overcommit_memory: 1
|
||||
kernel.panic: 10
|
||||
kernel.panic_on_oops: 1
|
||||
services:
|
||||
nfs-client:
|
||||
image: outstand/nfs-client:latest
|
||||
restart: always
|
||||
labels:
|
||||
- io.rancher.os.remove=false
|
||||
volumes:
|
||||
- /mnt/snapshot:/mnt/snapshot:shared
|
||||
- io.rancher.os.remove=false
|
||||
- io.rancher.os.after=docker
|
||||
privileged: true
|
||||
net: host
|
||||
environment:
|
||||
SERVER: $IP
|
||||
SHARE: /home/www/snapshot
|
||||
MOUNTPOINT: /mnt/snapshot
|
||||
FSTYPE: nfs
|
||||
MOUNT_OPTIONS: rsize=1048576,wsize=1048576,timeo=600,retrans=2
|
||||
console:
|
||||
environment:
|
||||
TZ: Europe/Amsterdam
|
||||
console: alpine
|
||||
services_include:
|
||||
open-vm-tools: true
|
||||
# open-iscsi: true
|
||||
network:
|
||||
dns:
|
||||
nameservers:
|
||||
- 129.125.4.161
|
||||
- 129.125.4.162
|
||||
write_files:
|
||||
- path: /etc/motd
|
||||
permissions: "0644"
|
||||
owner: rancher
|
||||
content: |
|
||||
PI POWER
|
||||
write_files:
|
||||
- path: /etc/rc.local
|
||||
permissions: "0755"
|
||||
owner: root
|
||||
content: |
|
||||
#!/bin/bash
|
||||
# wait for network
|
||||
while ! curl -o /dev/null -sf https://hub.docker.com/; do
|
||||
echo "wait network up"
|
||||
done
|
||||
wait-for-docker
|
||||
apk update && apk add open-iscsi
|
||||
if [ -e /etc/installed ]; then
|
||||
echo "already installed"
|
||||
else
|
||||
wget https://$IP/rancher/metadata-script.sh -O /home/rancher/metadata-script.sh
|
||||
chmod +x /home/rancher/metadata-script.sh
|
||||
exec bash -c /home/rancher/metadata-script.sh
|
||||
touch /etc/installed
|
||||
fi
|
||||
|
||||
|
||||
````
|
||||
|
||||
#### K3OS
|
||||
|
||||
PXE-CONFIG
|
||||
|
||||
````
|
||||
:K3OS-MASTER
|
||||
kernel https://$IP/k3os/k3os-vmlinuz-amd64 k3os.install.device=/dev/sda k3os.install.power_off=false k3os.mode=install k3os.install.silent=true k3os.install.iso_url=https://$IP/k3os/k3os-amd64.iso k3os.install.config_url=https://$IP/k3os/k3os-master.yml
|
||||
initrd https://$IP/k3os/k3os-initrd-amd64
|
||||
boot
|
||||
|
||||
:K3OS-SLAVE
|
||||
kernel https://$IP/k3os/k3os-vmlinuz-amd64 k3os.install.device=/dev/sda k3os.install.power_off=false k3os.mode=install k3os.install.silent=true k3os.install.iso_url=https://$IP/k3os/k3os-amd64.iso k3os.install.config_url=https://$IP/k3os/k3os.yml
|
||||
initrd https://$IP/k3os/k3os-initrd-amd64
|
||||
boot
|
||||
|
||||
````
|
||||
k3os-master
|
||||
|
||||
````
|
||||
ssh_authorized_keys:
|
||||
- ssh-rsa
|
||||
- ssh-rsa
|
||||
write_files:
|
||||
- encoding: ""
|
||||
content: |-
|
||||
#!/bin/bash
|
||||
wget -O /tmp/call-rancher.sh https://$IP/k3os/call-rancher.sh
|
||||
owner: root
|
||||
path: /etc/rc.local
|
||||
permissions: '0755'
|
||||
|
||||
k3os:
|
||||
data_sources:
|
||||
modules:
|
||||
- kvm
|
||||
sysctl:
|
||||
kernel.printk: 4 4 1 7
|
||||
kernel.kptr_restrict: 1
|
||||
labels:
|
||||
master: true
|
||||
dns_nameservers:
|
||||
- 129.125.4.161
|
||||
- 129.125.4.162
|
||||
password: verysecure
|
||||
token: d9349b6c-dd0e-464c-a7e8-0c9213626a38
|
||||
k3s_args:
|
||||
- server
|
||||
- "--cluster-cidr=10.107.0.0/23"
|
||||
- "--service-cidr=10.107.1.0/23"
|
||||
- "--no-deploy=traefik"
|
||||
|
||||
````
|
||||
k3os-slave
|
||||
|
||||
````
|
||||
ssh_authorized_keys:
|
||||
- ssh-rsa
|
||||
- ssh-rsa
|
||||
k3os:
|
||||
data_sources:
|
||||
modules:
|
||||
server_url: https://$MASTER:6443
|
||||
sysctl:
|
||||
kernel.printk: 4 4 1 7
|
||||
kernel.kptr_restrict: 1
|
||||
labels:
|
||||
slave: true
|
||||
dns_nameservers:
|
||||
- 129.125.4.161
|
||||
- 129.125.4.162
|
||||
password: verysecure
|
||||
token: d9349b6c-dd0e-464c-a7e8-0c9213626a38
|
||||
k3s_args:
|
||||
- agent
|
||||
|
||||
````
|
|
@ -0,0 +1,151 @@
|
|||
Wordpress htaccess firewall
|
||||
|
||||
|
||||
```
|
||||
cat << 'EOF' >> .htaccess
|
||||
|
||||
|
||||
# 7G FIREWALL v1.3 20200903
|
||||
# @ https://perishablepress.com/7g-firewall/
|
||||
|
||||
# 7G:[CORE]
|
||||
ServerSignature Off
|
||||
Options -Indexes
|
||||
RewriteEngine On
|
||||
RewriteBase /
|
||||
|
||||
# 7G:[QUERY STRING]
|
||||
<IfModule mod_rewrite.c>
|
||||
|
||||
RewriteCond %{QUERY_STRING} ([a-z0-9]{2000,}) [NC,OR]
|
||||
RewriteCond %{QUERY_STRING} (/|%2f)(:|%3a)(/|%2f) [NC,OR]
|
||||
RewriteCond %{QUERY_STRING} (/|%2f)(\*|%2a)(\*|%2a)(/|%2f) [NC,OR]
|
||||
RewriteCond %{QUERY_STRING} (`|<|>|\^|\|\\|0x00|%00|%0d%0a) [NC,OR]
|
||||
RewriteCond %{QUERY_STRING} (cmd|command)(=|%3d)(chdir|mkdir)(.*)(x20) [NC,OR]
|
||||
RewriteCond %{QUERY_STRING} (ckfinder|fullclick|ckfinder|fckeditor) [NC,OR]
|
||||
RewriteCond %{QUERY_STRING} (globals|mosconfig([a-z_]{1,22})|request)(=|\[) [NC,OR]
|
||||
RewriteCond %{QUERY_STRING} (/|%2f)((wp-)?config)((\.|%2e)inc)?((\.|%2e)php) [NC,OR]
|
||||
RewriteCond %{QUERY_STRING} (thumbs?(_editor|open)?|tim(thumbs?)?)((\.|%2e)php) [NC,OR]
|
||||
RewriteCond %{QUERY_STRING} (absolute_|base|root_)(dir|path)(=|%3d)(ftp|https?) [NC,OR]
|
||||
RewriteCond %{QUERY_STRING} (localhost|loopback|127(\.|%2e)0(\.|%2e)0(\.|%2e)1) [NC,OR]
|
||||
RewriteCond %{QUERY_STRING} (s)?(ftp|inurl|php)(s)?(:(/|%2f|%u2215)(/|%2f|%u2215)) [NC,OR]
|
||||
RewriteCond %{QUERY_STRING} (\.|20)(get|the)(_|%5f)(permalink|posts_page_url)(\(|%28) [NC,OR]
|
||||
RewriteCond %{QUERY_STRING} ((boot|win)((\.|%2e)ini)|etc(/|%2f)passwd|self(/|%2f)environ) [NC,OR]
|
||||
RewriteCond %{QUERY_STRING} (((/|%2f){3,3})|((\.|%2e){3,3})|((\.|%2e){2,2})(/|%2f|%u2215)) [NC,OR]
|
||||
RewriteCond %{QUERY_STRING} (benchmark|char|exec|fopen|function|html)(.*)(\(|%28)(.*)(\)|%29) [NC,OR]
|
||||
RewriteCond %{QUERY_STRING} (php)([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}) [NC,OR]
|
||||
RewriteCond %{QUERY_STRING} (e|%65|%45)(v|%76|%56)(a|%61|%31)(l|%6c|%4c)(.*)(\(|%28)(.*)(\)|%29) [NC,OR]
|
||||
RewriteCond %{QUERY_STRING} (/|%2f)(=|%3d|$&|_mm|cgi(\.|-)|inurl(:|%3a)(/|%2f)|(mod|path)(=|%3d)(\.|%2e)) [NC,OR]
|
||||
RewriteCond %{QUERY_STRING} (<|%3c)(.*)(e|%65|%45)(m|%6d|%4d)(b|%62|%42)(e|%65|%45)(d|%64|%44)(.*)(>|%3e) [NC,OR]
|
||||
RewriteCond %{QUERY_STRING} (<|%3c)(.*)(i|%69|%49)(f|%66|%46)(r|%72|%52)(a|%61|%41)(m|%6d|%4d)(e|%65|%45)(.*)(>|%3e) [NC,OR]
|
||||
RewriteCond %{QUERY_STRING} (<|%3c)(.*)(o|%4f|%6f)(b|%62|%42)(j|%4a|%6a)(e|%65|%45)(c|%63|%43)(t|%74|%54)(.*)(>|%3e) [NC,OR]
|
||||
RewriteCond %{QUERY_STRING} (<|%3c)(.*)(s|%73|%53)(c|%63|%43)(r|%72|%52)(i|%69|%49)(p|%70|%50)(t|%74|%54)(.*)(>|%3e) [NC,OR]
|
||||
RewriteCond %{QUERY_STRING} (\+|%2b|%20)(d|%64|%44)(e|%65|%45)(l|%6c|%4c)(e|%65|%45)(t|%74|%54)(e|%65|%45)(\+|%2b|%20) [NC,OR]
|
||||
RewriteCond %{QUERY_STRING} (\+|%2b|%20)(i|%69|%49)(n|%6e|%4e)(s|%73|%53)(e|%65|%45)(r|%72|%52)(t|%74|%54)(\+|%2b|%20) [NC,OR]
|
||||
RewriteCond %{QUERY_STRING} (\+|%2b|%20)(s|%73|%53)(e|%65|%45)(l|%6c|%4c)(e|%65|%45)(c|%63|%43)(t|%74|%54)(\+|%2b|%20) [NC,OR]
|
||||
RewriteCond %{QUERY_STRING} (\+|%2b|%20)(u|%75|%55)(p|%70|%50)(d|%64|%44)(a|%61|%41)(t|%74|%54)(e|%65|%45)(\+|%2b|%20) [NC,OR]
|
||||
RewriteCond %{QUERY_STRING} (\\x00|(\"|%22|\'|%27)?0(\"|%22|\'|%27)?(=|%3d)(\"|%22|\'|%27)?0|cast(\(|%28)0x|or%201(=|%3d)1) [NC,OR]
|
||||
RewriteCond %{QUERY_STRING} (g|%67|%47)(l|%6c|%4c)(o|%6f|%4f)(b|%62|%42)(a|%61|%41)(l|%6c|%4c)(s|%73|%53)(=|[|%[0-9A-Z]{0,2}) [NC,OR]
|
||||
RewriteCond %{QUERY_STRING} (_|%5f)(r|%72|%52)(e|%65|%45)(q|%71|%51)(u|%75|%55)(e|%65|%45)(s|%73|%53)(t|%74|%54)(=|[|%[0-9A-Z]{2,}) [NC,OR]
|
||||
RewriteCond %{QUERY_STRING} (j|%6a|%4a)(a|%61|%41)(v|%76|%56)(a|%61|%31)(s|%73|%53)(c|%63|%43)(r|%72|%52)(i|%69|%49)(p|%70|%50)(t|%74|%54)(:|%3a)(.*)(;|%3b|\)|%29) [NC,OR]
|
||||
RewriteCond %{QUERY_STRING} (b|%62|%42)(a|%61|%41)(s|%73|%53)(e|%65|%45)(6|%36)(4|%34)(_|%5f)(e|%65|%45|d|%64|%44)(e|%65|%45|n|%6e|%4e)(c|%63|%43)(o|%6f|%4f)(d|%64|%44)(e|%65|%45)(.*)(\()(.*)(\)) [NC,OR]
|
||||
RewriteCond %{QUERY_STRING} (@copy|\$_(files|get|post)|allow_url_(fopen|include)|auto_prepend_file|blexbot|browsersploit|(c99|php)shell|curl(_exec|test)|disable_functions?|document_root|elastix|encodeuricom|exploit|fclose|fgets|file_put_contents|fputs|fsbuff|fsockopen|gethostbyname|grablogin|hmei7|input_file|null|open_basedir|outfile|passthru|phpinfo|popen|proc_open|quickbrute|remoteview|root_path|safe_mode|shell_exec|site((.){0,2})copier|sux0r|trojan|user_func_array|wget|xertive) [NC,OR]
|
||||
RewriteCond %{QUERY_STRING} (;|<|>|\'|\"|\)|%0a|%0d|%22|%27|%3c|%3e|%00)(.*)(/\*|alter|base64|benchmark|cast|char|concat|convert|create|encode|declare|delete|drop|insert|md5|order|request|script|select|set|union|update) [NC,OR]
|
||||
RewriteCond %{QUERY_STRING} ((\+|%2b)(concat|delete|get|select|union)(\+|%2b)) [NC,OR]
|
||||
RewriteCond %{QUERY_STRING} (union)(.*)(select)(.*)(\(|%28) [NC,OR]
|
||||
RewriteCond %{QUERY_STRING} (concat)(.*)(\(|%28) [NC]
|
||||
|
||||
RewriteRule .* - [F,L]
|
||||
|
||||
# RewriteRule .* /7G_log.php?log [END,NE,E=7G_QUERY_STRING:%1___%2___%3]
|
||||
|
||||
</IfModule>
|
||||
|
||||
# 7G:[REQUEST URI]
|
||||
<IfModule mod_rewrite.c>
|
||||
|
||||
RewriteCond %{REQUEST_URI} ([a-z0-9]{2000,}) [NC,OR]
|
||||
RewriteCond %{REQUEST_URI} (=?\\(\'|%27)/?)(\.) [NC,OR]
|
||||
RewriteCond %{REQUEST_URI} (\^|`|<|>|%|\\|\{|\}|\|) [NC,OR]
|
||||
RewriteCond %{REQUEST_URI} (/)(\*|\"|\'|\.|,|&|&?)/?$ [NC,OR]
|
||||
RewriteCond %{REQUEST_URI} (\.)(php)(\()?([0-9]+)(\))?(/)?$ [NC,OR]
|
||||
RewriteCond %{REQUEST_URI} (/)(vbulletin|boards|vbforum)(/)? [NC,OR]
|
||||
RewriteCond %{REQUEST_URI} (\.(s?ftp-?)config|(s?ftp-?)config\.) [NC,OR]
|
||||
RewriteCond %{REQUEST_URI} (\{0\}|\"?0\"?=\"?0|\(/\(|\.\.\.|\+\+\+|\\\") [NC,OR]
|
||||
RewriteCond %{REQUEST_URI} (thumbs?(_editor|open)?|tim(thumbs?)?)(\.php) [NC,OR]
|
||||
RewriteCond %{REQUEST_URI} (/)(fck|ckfinder|fullclick|ckfinder|fckeditor) [NC,OR]
|
||||
RewriteCond %{REQUEST_URI} (\.|20)(get|the)(_)(permalink|posts_page_url)(\() [NC,OR]
|
||||
RewriteCond %{REQUEST_URI} (///|\?\?|/&&|/\*(.*)\*/|/:/|\\\\|0x00|%00|%0d%0a) [NC,OR]
|
||||
RewriteCond %{REQUEST_URI} (/%7e)(root|ftp|bin|nobody|named|guest|logs|sshd)(/) [NC,OR]
|
||||
RewriteCond %{REQUEST_URI} (/)(etc|var)(/)(hidden|secret|shadow|ninja|passwd|tmp)(/)?$ [NC,OR]
|
||||
RewriteCond %{REQUEST_URI} (s)?(ftp|http|inurl|php)(s)?(:(/|%2f|%u2215)(/|%2f|%u2215)) [NC,OR]
|
||||
RewriteCond %{REQUEST_URI} (/)(=|\$&?|&?(pws|rk)=0|_mm|_vti_|cgi(\.|-)?|(=|/|;|,)nt\.) [NC,OR]
|
||||
RewriteCond %{REQUEST_URI} (\.)(ds_store|htaccess|htpasswd|init?|mysql-select-db)(/)?$ [NC,OR]
|
||||
RewriteCond %{REQUEST_URI} (/)(bin)(/)(cc|chmod|chsh|cpp|echo|id|kill|mail|nasm|perl|ping|ps|python|tclsh)(/)?$ [NC,OR]
|
||||
RewriteCond %{REQUEST_URI} (/)(::[0-9999]|%3a%3a[0-9999]|127\.0\.0\.1|localhost|loopback|makefile|pingserver|wwwroot)(/)? [NC,OR]
|
||||
RewriteCond %{REQUEST_URI} (\(null\)|\{\$itemURL\}|cAsT\(0x|echo(.*)kae|etc/passwd|eval\(|self/environ|\+union\+all\+select) [NC,OR]
|
||||
RewriteCond %{REQUEST_URI} (/)(awstats|(c99|php|web)shell|document_root|error_log|listinfo|muieblack|remoteview|site((.){0,2})copier|sqlpatch|sux0r) [NC,OR]
|
||||
RewriteCond %{REQUEST_URI} (/)((php|web)?shell|crossdomain|fileditor|locus7|nstview|php(get|remoteview|writer)|r57|remview|sshphp|storm7|webadmin)(.*)(\.|\() [NC,OR]
|
||||
RewriteCond %{REQUEST_URI} (/)(author-panel|bitrix|class|database|(db|mysql)-?admin|filemanager|htdocs|httpdocs|https?|mailman|mailto|msoffice|mysql|_?php-?my-?admin(.*)|tmp|undefined|usage|var|vhosts|webmaster|www)(/) [NC,OR]
|
||||
RewriteCond %{REQUEST_URI} (\.)(7z|ab4|afm|aspx?|bash|ba?k?|bz2|cfg|cfml?|cgi|ctl|dat|db|dll|eml|et2|exe|fec|fla|hg|inc|ini|inv|jsp|log|lqd|mbf|mdb|mmw|mny|old|one|out|passwd|pdb|pl|psd|pst|ptdb|pwd|py|qbb|qdf|rar|rdf|sdb|sql|sh|soa|swf|swl|swp|stx|tar|tax|tgz|tls|tmd|wow|zlib)$ [NC,OR]
|
||||
RewriteCond %{REQUEST_URI} (base64_(en|de)code|benchmark|child_terminate|curl_exec|e?chr|eval|function|fwrite|(f|p)open|html|leak|passthru|p?fsockopen|phpinfo|posix_(kill|mkfifo|setpgid|setsid|setuid)|proc_(close|get_status|nice|open|terminate)|(shell_)?exec|system)(.*)(\()(.*)(\)) [NC,OR]
|
||||
RewriteCond %{REQUEST_URI} (/)(^$|00.temp00|0day|3xp|70bex?|admin_events|bkht|(php|web)?shell|configbak|curltest|db|dompdf|filenetworks|hmei7|index\.php/index\.php/index|jahat|kcrew|keywordspy|mobiquo|mysql|nessus|php-?info|racrew|sql|vuln|webconfig|(wp-)?conf(ig)?(uration)?|xertive)(\.php) [NC]
|
||||
|
||||
RewriteRule .* - [F,L]
|
||||
|
||||
# RewriteRule .* /7G_log.php?log [END,NE,E=7G_REQUEST_URI:%1___%2___%3]
|
||||
|
||||
</IfModule>
|
||||
|
||||
# 7G:[USER AGENT]
|
||||
<IfModule mod_rewrite.c>
|
||||
|
||||
RewriteCond %{HTTP_USER_AGENT} ([a-z0-9]{2000,}) [NC,OR]
|
||||
RewriteCond %{HTTP_USER_AGENT} (<|%0a|%0d|%27|%3c|%3e|%00|0x00) [NC,OR]
|
||||
RewriteCond %{HTTP_USER_AGENT} ((c99|php|web)shell|remoteview|site((.){0,2})copier) [NC,OR]
|
||||
RewriteCond %{HTTP_USER_AGENT} (base64_decode|bin/bash|disconnect|eval|lwp-download|unserialize|\\\x22) [NC,OR]
|
||||
RewriteCond %{HTTP_USER_AGENT} (360Spider|acapbot|acoonbot|ahrefs|alexibot|asterias|attackbot|backdorbot|becomebot|binlar|blackwidow|blekkobot|blexbot|blowfish|bullseye|bunnys|butterfly|careerbot|casper|checkpriv|cheesebot|cherrypick|chinaclaw|choppy|clshttp|cmsworld|copernic|copyrightcheck|cosmos|crescent|cy_cho|datacha|demon|diavol|discobot|dittospyder|dotbot|dotnetdotcom|dumbot|emailcollector|emailsiphon|emailwolf|exabot|extract|eyenetie|feedfinder|flaming|flashget|flicky|foobot|g00g1e|getright|gigabot|go-ahead-got|gozilla|grabnet|grafula|harvest|heritrix|httrack|icarus6j|jetbot|jetcar|jikespider|kmccrew|leechftp|libweb|linkextractor|linkscan|linkwalker|loader|masscan|miner|majestic|mechanize|mj12bot|morfeus|moveoverbot|netmechanic|netspider|nicerspro|nikto|ninja|nutch|octopus|pagegrabber|planetwork|postrank|proximic|purebot|pycurl|python|queryn|queryseeker|radian6|radiation|realdownload|rogerbot|scooter|seekerspider|semalt|siclab|sindice|sistrix|sitebot|siteexplorer|sitesnagger|skygrid|smartdownload|snoopy|sosospider|spankbot|spbot|sqlmap|stackrambler|stripper|sucker|surftbot|sux0r|suzukacz|suzuran|takeout|teleport|telesoft|true_robots|turingos|turnit|vampire|vikspider|voideye|webleacher|webreaper|webstripper|webvac|webviewer|webwhacker|winhttp|wwwoffle|woxbot|xaldon|xxxyy|yamanalab|yioopbot|youda|zeus|zmeu|zune|zyborg) [NC]
|
||||
|
||||
RewriteRule .* - [F,L]
|
||||
|
||||
# RewriteRule .* /7G_log.php?log [END,NE,E=7G_USER_AGENT:%1]
|
||||
|
||||
</IfModule>
|
||||
|
||||
# 7G:[REMOTE HOST]
|
||||
<IfModule mod_rewrite.c>
|
||||
|
||||
RewriteCond %{REMOTE_HOST} (163data|amazonaws|colocrossing|crimea|g00g1e|justhost|kanagawa|loopia|masterhost|onlinehome|poneytel|sprintdatacenter|reverse.softlayer|safenet|ttnet|woodpecker|wowrack) [NC]
|
||||
|
||||
RewriteRule .* - [F,L]
|
||||
|
||||
# RewriteRule .* /7G_log.php?log [END,NE,E=7G_REMOTE_HOST:%1]
|
||||
|
||||
</IfModule>
|
||||
|
||||
# 7G:[HTTP REFERRER]
|
||||
<IfModule mod_rewrite.c>
|
||||
|
||||
RewriteCond %{HTTP_REFERER} (semalt.com|todaperfeita) [NC,OR]
|
||||
RewriteCond %{HTTP_REFERER} (ambien|blue\spill|cocaine|ejaculat|erectile|erections|hoodia|huronriveracres|impotence|levitra|libido|lipitor|phentermin|pro[sz]ac|sandyauer|tramadol|troyhamby|ultram|unicauca|valium|viagra|vicodin|xanax|ypxaieo) [NC]
|
||||
|
||||
RewriteRule .* - [F,L]
|
||||
|
||||
# RewriteRule .* /7G_log.php?log [END,NE,E=7G_HTTP_REFERRER:%1]
|
||||
|
||||
</IfModule>
|
||||
|
||||
# 7G:[REQUEST METHOD]
|
||||
<IfModule mod_rewrite.c>
|
||||
|
||||
RewriteCond %{REQUEST_METHOD} ^(connect|debug|move|trace|track) [NC]
|
||||
|
||||
RewriteRule .* - [F,L]
|
||||
|
||||
# RewriteRule .* /7G_log.php?log [END,NE,E=7G_REQUEST_METHOD:%1]
|
||||
|
||||
</IfModule>
|
||||
|
||||
EOF
|
||||
|
||||
```
|
|
@ -0,0 +1 @@
|
|||
Subproject commit 572c1e854ef87dd8e985d7c6a62a30d832422da9
|
|
@ -5,7 +5,7 @@ site_author: p.h.vos
|
|||
dev_addr: 0.0.0.0:8000
|
||||
|
||||
|
||||
repo_url: https://git.webhosting.rug.nl/doc/website
|
||||
repo_url: https://git.web.rug.nl/doc/website
|
||||
|
||||
copyright: Copyright © 2019 <a href="https://rug.nl/staff/p.h.vos">P.H.Vos</a>
|
||||
|
||||
|
@ -15,10 +15,13 @@ pages:
|
|||
- 'Home': 'index.md'
|
||||
- 'Docker': 'docker.md'
|
||||
- 'Kubernetes' : 'kubernetes.md'
|
||||
- 'Rancher 2' : 'rancher2.md'
|
||||
- 'Rancher' : 'rancher.md'
|
||||
- 'Git': 'git.md'
|
||||
- 'Drone CI': 'drone.md'
|
||||
- 'Rancher Errors': 'rancher-err.md'
|
||||
- 'Jenkins': 'jenkins.md'
|
||||
- 'Wordpress': 'wordpress.md'
|
||||
- 'System': 'os.md'
|
||||
- 'Issues': 'issue.md'
|
||||
|
||||
markdown_extensions:
|
||||
- smarty
|
||||
|
|
24
mkdocs.yml2
24
mkdocs.yml2
|
@ -1,24 +0,0 @@
|
|||
site_name: webhosting
|
||||
site_url: https://0.0.0.0:8000
|
||||
site_description: webhosting information RUG
|
||||
site_author: webhosting
|
||||
dev_addr: 0.0.0.0:8000
|
||||
|
||||
|
||||
repo_url: https://git.webhosting.rug.nl
|
||||
|
||||
copyright: Copyright © 2018 <a href="https://rug.nl/staff/p.h.vos">P.H.Vos</a>
|
||||
|
||||
|
||||
theme: readthedocs
|
||||
|
||||
pages:
|
||||
- 'Home': 'index.md'
|
||||
- 'Docker': 'docker.md'
|
||||
- 'Kubernetes' : 'kubernetes.md'
|
||||
- 'Git': 'git.md'
|
||||
|
||||
|
||||
markdown_extensions:
|
||||
- smarty
|
||||
- toc:
|
26
mkdocs.yml~
26
mkdocs.yml~
|
@ -1,26 +0,0 @@
|
|||
site_name: webhosting
|
||||
site_url: https://0.0.0.0:8000
|
||||
site_description: Container information @RUG
|
||||
site_author: p.h.vos
|
||||
dev_addr: 0.0.0.0:8000
|
||||
|
||||
|
||||
repo_url: https://git.webhosting.rug.nl/docs/website
|
||||
|
||||
copyright: Copyright © 2019 <a href="https://rug.nl/staff/p.h.vos">P.H.Vos</a>
|
||||
|
||||
theme: readthedocs
|
||||
|
||||
pages:
|
||||
- 'Home': 'index.md'
|
||||
- 'Docker': 'docker.md'
|
||||
- 'Kubernetes' : 'kubernetes.md'
|
||||
- 'Rancher 2' : 'rancher2.md'
|
||||
- 'Git': 'git.md'
|
||||
- 'Drone CI': 'drone.md'
|
||||
- 'Rancher Errors': 'rancher-err.md'
|
||||
|
||||
markdown_extensions:
|
||||
- smarty
|
||||
- toc:
|
||||
permalink: '#'
|
Loading…
Reference in New Issue