doc
/
website
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

update

This commit is contained in:
p220478 2020-09-24 21:01:44 +02:00
parent 8a983df201
commit 57fe31242a
13 changed files with 624 additions and 75 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
docs/drone.md
View File

@ -1,10 +1,10 @@
### Drone is a Continuous Delivery platform built on Docker
URL : <a href="https://drone.webhosting.rug.nl" target="_blank">https://drone.webhosting.rug.nl</a>
URL : <a href="https://drone.web.rug.nl" target="_blank">https://drone.web.rug.nl</a>
```
login with you're git credentials -> https://git.webhosting.rug.nl
login with you're git credentials -> https://git.web.rug.nl
```
@ -22,24 +22,37 @@ example :
#### example drone.yml
````
cat > .drone.yml <<EOF
pipeline:
publish:
kind: pipeline
type: kubernetes
name: drone
steps:
- name: docker
image: plugins/docker
secrets: [ docker_username, docker_password ]
settings:
registry: registry.webhosting.rug.nl
repo: registry.webhosting.rug.nl/webhosting/debian-web5
file: Dockerfile
tag:
- latest
notify:
repo: registry.webhosting.rug.nl/services/ssh-server-autofs
autotag: true
auto_tag_suffix: ssh
purge: true
username:
from_secret: docker_username
password:
from_secret: docker_password
- name: notify
image: drillster/drone-email
host: mail-server
settings:
host: smtp.rug.nl
port: 25
skip_verify: true
from: drone@example.org
recipients: [ to@example.org ]
recipients_only: true
when:
status: [ success, changed, failure ]
from: drone@web.rug.nl
recipients:
- p.h.vos@rug.nl
- webhosting.cit@rug.nl
- name: notify-slack
image: plugins/slack
settings:
webhook: https://hooks.slack.com/services/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
channel: builds
EOF
````

7
docs/index.md
View File

@ -3,10 +3,11 @@
# RUG WEBHOSTING
* Docker domain hosting
* Kubernetes domain hosting
* 5+ GB website space ( fair use policy )
* PHP support (Linux/Apache variant)
* ASP support (Windows/IIS variant)
* All container based services.
The following options are available at an extra charge:
@ -186,7 +187,7 @@ $ cat ~\site\.htaccess
Override upload filesize
```
<IfModule mod_php5.c>
<IfModule mod_php7.c>
php_value upload_max_filesize 100M
php_value post_max_size 100M
php_value max_execution_time 200
@ -196,7 +197,7 @@ php_value max_input_time 200
Override memory limit
```
<IfModule mod_php5.c>
<IfModule mod_php7.c>
php_value memory_limit 64M
</IfModule>
```

15
docs/issue.md Normal file
View File

@ -0,0 +1,15 @@
#### ISSUES
# ndots:5
If you're running debian/ubuntu as container OS, and you have a dhcp
deployed, wich also is sending a search domain.
Then you're resolv.conf contains :
`
search let.svc.cluster.local svc.cluster.local cluster.local kuber.local
`
Here is kuber.local our local domain ;(
Due to the musl libc the resolving stops with alpine linux.
Removing the kuber.local from resolv.conf fix the problem.

2
docs/jenkins.md Normal file
View File

@ -0,0 +1,2 @@
####
https://jenkins.web.rug.nl

0
docs/DEADJOE → docs/k3s.md
View File

413
docs/os.md Normal file
View File

@ -0,0 +1,413 @@
#OS - RANCHER
Different operating setups with rancher
#### FLATCAR
rancher cluster.yml for coreos/flatcar
canal network provider
````
network:
mtu: 0
options:
flannel_backend_type: vxlan
canal_flex_volume_plugin_dir: "/opt/kubernetes/kubelet-plugins/volume/exec/nodeagent~uds"
plugin: canal
services:
kube-controller:
extra_args:
flex-volume-plugin-dir: "/opt/kubernetes/kubelet-plugins/volume/exec/"
````
calico network provider
````
network:
mtu: 0
options:
flannel_backend_type: vxlan
calico_flex_volume_plugin_dir: "/opt/kubernetes/kubelet-plugins/volume/exec/nodeagent~uds"
plugin: calico
services:
kube-controller:
extra_args:
flex-volume-plugin-dir: "/opt/kubernetes/kubelet-plugins/volume/exec/"
````
PXE SETUP
````
:flatcar
kernel http://$IP/flatcar/images/flatcar_production_pxe.vmlinuz append flatcar.first_boot=1 root=/dev/sda1 ignition.config.url=http://$IP/flatcar/pxe-config.ign
initrd http://$IP/flatcar/images/flatcar_production_pxe_image.cpio.gz
boot
:flatcar-init
kernel http://$IP/flatcar/images/flatcar_production_pxe.vmlinuz coreos.config.url=http://$IP/flatcar/init.ign cloud-config-url=http://$IP/flatcar/cloud-control.sh flatcar.first_boot=1
initrd http://$IP/flatcar/images/flatcar_production_pxe_image.cpio.gz
boot
````
init.yml
````
storage:
disks:
- device: /dev/sda
wipe_table: true
partitions:
- label: ROOT
filesystems:
- mount:
device: /dev/disk/by-partlabel/ROOT
format: ext4
wipe_filesystem: true
label: ROOT
````
cloud-control
````
#!/bin/bash
# local disk install
# curl -kO https://$IP/flatcar/pxe-config.ign
# sudo flatcar-install -d /dev/sda -i pxe-config.ign
sudo reboot
````
pxe-config
````
networkd:
units:
- name: 00-ens.network
contents: |
[Match]
Name=ens*
[Network]
LinkLocalAddressing=ipv4
DHCP=yes
storage:
files:
- path: /etc/modules-load.d/nf.conf
filesystem: root
mode: 0644
contents:
inline: |
nf_conntrack
- path: /etc/modules-load.d/iscsi.conf
filesystem: root
mode: 0644
contents:
inline: |
iscsi_tcp
- path: /etc/sysctl.d/nf.conf
filesystem: root
mode: 0644
contents:
inline: |
fs.inotify.max_user_watches = 1048576
vm.max_map_count = 262144
net.ipv4.conf.all.forwarding = 1
vm.swappiness = 0
vm.overcommit_memory = 1
kernel.panic = 10
kernel.panic_on_oops = 1
- path: /etc/motd.d/pi.conf
filesystem: root
mode: 0644
contents:
inline: PI MONSTER
- filesystem: "root"
path: "/opt/get-metadata.sh"
mode: 0755
contents:
remote:
url: "https://$IP/flatcar/metadata-script.sh"
- path: /etc/systemd/timesyncd.conf
filesystem: root
mode: 0644
contents:
inline: |
[Time]
NTP=ntp0.rug.nl
directories:
- path: /mnt/snapshots
filesystem: root
overwrite: true
mode: 0755
systemd:
units:
- name: vmware.service
enable: true
contents: |
[Unit]
Description=Service for virtual machines hosted on VMware
[Service]
Restart=yes
ExecStart=/usr/bin/docker run --rm --net=host -v /run/systemd:/run/systemd --name open-vm-tools registry.webhosting.rug.nl/k8s/vmwaretools:latest
Type=oneshot
RemainAfterExit=true
[Install]
WantedBy=multi-user.target
- name: mnt-snapshots.mount
enable: true
contents: |
[Unit]
Description=Mount for rancher service volumes
Before=timezone.service
[Mount]
What=$IP:/home/www/snapshot
Where=/mnt/snapshots
Type=nfs
[Install]
WantedBy=remote-fs.target
- name: sshd.socket
dropins:
- name: 10-sshd-port.conf
contents: |
[Socket]
ListenStream=
ListenStream=8822
- name: timezone.service
enable: true
contents: |
[Unit]
Before=rancher.service
Description=Set timezone
[Service]
Type=oneshot
RemainAfterExit=true
ExecStart=/usr/bin/timedatectl set-timezone Europe/Amsterdam
[Install]
WantedBy=multi-user.target
- name: "flatcar-metadata.service"
dropins:
- name: "use-script.conf"
contents: |
[Service]
ExecStart=/opt/get-metadata.sh
- name: rancher.service
enable: true
contents: |
[Unit]
Description=Rancher service for docker management
After=flatcar-metadata.service
[Service]
Type=oneshot
RemainAfterExit=true
ExecStart=/opt/get-metadata.sh
[Install]
WantedBy=multi-user.target
passwd:
users:
- name:
ssh_authorized_keys:
- "ssh-rsa "
````
#### RANCHEROS
PXE SETUP
````
:RancherOs
kernel https://$IP/rancher/v1.5.5/vmlinuz elevator=deadline nomodeset vsyscall=emulate printk.devkmsg=on rancher.state.dev=LABEL=RANCHER_STATE rancher.state.autoformat=[/dev/sda] rancher.state.formatzero=true panic=10 rancher.state.wait rancher.cloud_init.datasources=[url:https://$IP/rancher/${net0/ip}.yml]
initrd https://$IP/rancher/v1.5.5/initrd
boot
:RancherOs-Init
kernel https://$IP/rancher/v1.5.5/vmlinuz panic=10 rancher.cloud_init.datasources=[url:http://$IP/rancher/format.yml]
initrd https://$IP/rancher/v1.5.5/initrd
boot
````
$IP.yml
````
#cloud-config
ssh_authorized_keys:
- ssh-rsa
- ssh-rsa
write_files:
- container: ntp
- path: /etc/ntp.conf
permissions: "0644"
content: |
driftfile /var/lib/ntp/ntp.drift
statsdir /var/log/ntpstats/
statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable
server ntp0.rug.nl burst iburst prefer
server 127.127.1.0
fudge 127.127.1.0 stratum 10
restrict 127.0.0.1
restrict ::1
enable ntp
enable kernel
multicastclient
rancher:
ssh:
port: 8822
modules:
- iscsi_tcp
state:
autoformat:
- /dev/sda
sysctl:
fs.inotify.max_user_watches: 1048576
vm.max_map_count: 262144
net.ipv4.conf.all.forwarding: 1
vm.swappiness: 0
vm.panic_on_oom: 0
vm.overcommit_memory: 1
kernel.panic: 10
kernel.panic_on_oops: 1
services:
nfs-client:
image: outstand/nfs-client:latest
restart: always
labels:
- io.rancher.os.remove=false
volumes:
- /mnt/snapshot:/mnt/snapshot:shared
- io.rancher.os.remove=false
- io.rancher.os.after=docker
privileged: true
net: host
environment:
SERVER: $IP
SHARE: /home/www/snapshot
MOUNTPOINT: /mnt/snapshot
FSTYPE: nfs
MOUNT_OPTIONS: rsize=1048576,wsize=1048576,timeo=600,retrans=2
console:
environment:
TZ: Europe/Amsterdam
console: alpine
services_include:
open-vm-tools: true
# open-iscsi: true
network:
dns:
nameservers:
- 129.125.4.161
- 129.125.4.162
write_files:
- path: /etc/motd
permissions: "0644"
owner: rancher
content: |
PI POWER
write_files:
- path: /etc/rc.local
permissions: "0755"
owner: root
content: |
#!/bin/bash
# wait for network
while ! curl -o /dev/null -sf https://hub.docker.com/; do
echo "wait network up"
done
wait-for-docker
apk update && apk add open-iscsi
if [ -e /etc/installed ]; then
echo "already installed"
else
wget https://$IP/rancher/metadata-script.sh -O /home/rancher/metadata-script.sh
chmod +x /home/rancher/metadata-script.sh
exec bash -c /home/rancher/metadata-script.sh
touch /etc/installed
fi
````
#### K3OS
PXE-CONFIG
````
:K3OS-MASTER
kernel https://$IP/k3os/k3os-vmlinuz-amd64 k3os.install.device=/dev/sda k3os.install.power_off=false k3os.mode=install k3os.install.silent=true k3os.install.iso_url=https://$IP/k3os/k3os-amd64.iso k3os.install.config_url=https://$IP/k3os/k3os-master.yml
initrd https://$IP/k3os/k3os-initrd-amd64
boot
:K3OS-SLAVE
kernel https://$IP/k3os/k3os-vmlinuz-amd64 k3os.install.device=/dev/sda k3os.install.power_off=false k3os.mode=install k3os.install.silent=true k3os.install.iso_url=https://$IP/k3os/k3os-amd64.iso k3os.install.config_url=https://$IP/k3os/k3os.yml
initrd https://$IP/k3os/k3os-initrd-amd64
boot
````
k3os-master
````
ssh_authorized_keys:
- ssh-rsa
- ssh-rsa
write_files:
- encoding: ""
content: |-
#!/bin/bash
wget -O /tmp/call-rancher.sh https://$IP/k3os/call-rancher.sh
owner: root
path: /etc/rc.local
permissions: '0755'
k3os:
data_sources:
modules:
- kvm
sysctl:
kernel.printk: 4 4 1 7
kernel.kptr_restrict: 1
labels:
master: true
dns_nameservers:
- 129.125.4.161
- 129.125.4.162
password: verysecure
token: d9349b6c-dd0e-464c-a7e8-0c9213626a38
k3s_args:
- server
- "--cluster-cidr=10.107.0.0/23"
- "--service-cidr=10.107.1.0/23"
- "--no-deploy=traefik"
````
k3os-slave
````
ssh_authorized_keys:
- ssh-rsa
- ssh-rsa
k3os:
data_sources:
modules:
server_url: https://$MASTER:6443
sysctl:
kernel.printk: 4 4 1 7
kernel.kptr_restrict: 1
labels:
slave: true
dns_nameservers:
- 129.125.4.161
- 129.125.4.162
password: verysecure
token: d9349b6c-dd0e-464c-a7e8-0c9213626a38
k3s_args:
- agent
````

0
docs/rancher2.md → docs/rancher.md
View File

0
docs/rio.md Normal file
View File

151
docs/wordpress.md Normal file
View File

@ -0,0 +1,151 @@
Wordpress htaccess firewall
```
cat << 'EOF' >> .htaccess
# 7G FIREWALL v1.3 20200903
# @ https://perishablepress.com/7g-firewall/
# 7G:[CORE]
ServerSignature Off
Options -Indexes
RewriteEngine On
RewriteBase /
# 7G:[QUERY STRING]
<IfModule mod_rewrite.c>
RewriteCond %{QUERY_STRING} ([a-z0-9]{2000,}) [NC,OR]
RewriteCond %{QUERY_STRING} (/|%2f)(:|%3a)(/|%2f) [NC,OR]
RewriteCond %{QUERY_STRING} (/|%2f)(\*|%2a)(\*|%2a)(/|%2f) [NC,OR]
RewriteCond %{QUERY_STRING} (`|<|>|\^|\|\\|0x00|%00|%0d%0a) [NC,OR]
RewriteCond %{QUERY_STRING} (cmd|command)(=|%3d)(chdir|mkdir)(.*)(x20) [NC,OR]
RewriteCond %{QUERY_STRING} (ckfinder|fullclick|ckfinder|fckeditor) [NC,OR]
RewriteCond %{QUERY_STRING} (globals|mosconfig([a-z_]{1,22})|request)(=|\[) [NC,OR]
RewriteCond %{QUERY_STRING} (/|%2f)((wp-)?config)((\.|%2e)inc)?((\.|%2e)php) [NC,OR]
RewriteCond %{QUERY_STRING} (thumbs?(_editor|open)?|tim(thumbs?)?)((\.|%2e)php) [NC,OR]
RewriteCond %{QUERY_STRING} (absolute_|base|root_)(dir|path)(=|%3d)(ftp|https?) [NC,OR]
RewriteCond %{QUERY_STRING} (localhost|loopback|127(\.|%2e)0(\.|%2e)0(\.|%2e)1) [NC,OR]
RewriteCond %{QUERY_STRING} (s)?(ftp|inurl|php)(s)?(:(/|%2f|%u2215)(/|%2f|%u2215)) [NC,OR]
RewriteCond %{QUERY_STRING} (\.|20)(get|the)(_|%5f)(permalink|posts_page_url)(\(|%28) [NC,OR]
RewriteCond %{QUERY_STRING} ((boot|win)((\.|%2e)ini)|etc(/|%2f)passwd|self(/|%2f)environ) [NC,OR]
RewriteCond %{QUERY_STRING} (((/|%2f){3,3})|((\.|%2e){3,3})|((\.|%2e){2,2})(/|%2f|%u2215)) [NC,OR]
RewriteCond %{QUERY_STRING} (benchmark|char|exec|fopen|function|html)(.*)(\(|%28)(.*)(\)|%29) [NC,OR]
RewriteCond %{QUERY_STRING} (php)([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}) [NC,OR]
RewriteCond %{QUERY_STRING} (e|%65|%45)(v|%76|%56)(a|%61|%31)(l|%6c|%4c)(.*)(\(|%28)(.*)(\)|%29) [NC,OR]
RewriteCond %{QUERY_STRING} (/|%2f)(=|%3d|$&|_mm|cgi(\.|-)|inurl(:|%3a)(/|%2f)|(mod|path)(=|%3d)(\.|%2e)) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3c)(.*)(e|%65|%45)(m|%6d|%4d)(b|%62|%42)(e|%65|%45)(d|%64|%44)(.*)(>|%3e) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3c)(.*)(i|%69|%49)(f|%66|%46)(r|%72|%52)(a|%61|%41)(m|%6d|%4d)(e|%65|%45)(.*)(>|%3e) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3c)(.*)(o|%4f|%6f)(b|%62|%42)(j|%4a|%6a)(e|%65|%45)(c|%63|%43)(t|%74|%54)(.*)(>|%3e) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3c)(.*)(s|%73|%53)(c|%63|%43)(r|%72|%52)(i|%69|%49)(p|%70|%50)(t|%74|%54)(.*)(>|%3e) [NC,OR]
RewriteCond %{QUERY_STRING} (\+|%2b|%20)(d|%64|%44)(e|%65|%45)(l|%6c|%4c)(e|%65|%45)(t|%74|%54)(e|%65|%45)(\+|%2b|%20) [NC,OR]
RewriteCond %{QUERY_STRING} (\+|%2b|%20)(i|%69|%49)(n|%6e|%4e)(s|%73|%53)(e|%65|%45)(r|%72|%52)(t|%74|%54)(\+|%2b|%20) [NC,OR]
RewriteCond %{QUERY_STRING} (\+|%2b|%20)(s|%73|%53)(e|%65|%45)(l|%6c|%4c)(e|%65|%45)(c|%63|%43)(t|%74|%54)(\+|%2b|%20) [NC,OR]
RewriteCond %{QUERY_STRING} (\+|%2b|%20)(u|%75|%55)(p|%70|%50)(d|%64|%44)(a|%61|%41)(t|%74|%54)(e|%65|%45)(\+|%2b|%20) [NC,OR]
RewriteCond %{QUERY_STRING} (\\x00|(\"|%22|\'|%27)?0(\"|%22|\'|%27)?(=|%3d)(\"|%22|\'|%27)?0|cast(\(|%28)0x|or%201(=|%3d)1) [NC,OR]
RewriteCond %{QUERY_STRING} (g|%67|%47)(l|%6c|%4c)(o|%6f|%4f)(b|%62|%42)(a|%61|%41)(l|%6c|%4c)(s|%73|%53)(=|[|%[0-9A-Z]{0,2}) [NC,OR]
RewriteCond %{QUERY_STRING} (_|%5f)(r|%72|%52)(e|%65|%45)(q|%71|%51)(u|%75|%55)(e|%65|%45)(s|%73|%53)(t|%74|%54)(=|[|%[0-9A-Z]{2,}) [NC,OR]
RewriteCond %{QUERY_STRING} (j|%6a|%4a)(a|%61|%41)(v|%76|%56)(a|%61|%31)(s|%73|%53)(c|%63|%43)(r|%72|%52)(i|%69|%49)(p|%70|%50)(t|%74|%54)(:|%3a)(.*)(;|%3b|\)|%29) [NC,OR]
RewriteCond %{QUERY_STRING} (b|%62|%42)(a|%61|%41)(s|%73|%53)(e|%65|%45)(6|%36)(4|%34)(_|%5f)(e|%65|%45|d|%64|%44)(e|%65|%45|n|%6e|%4e)(c|%63|%43)(o|%6f|%4f)(d|%64|%44)(e|%65|%45)(.*)(\()(.*)(\)) [NC,OR]
RewriteCond %{QUERY_STRING} (@copy|\$_(files|get|post)|allow_url_(fopen|include)|auto_prepend_file|blexbot|browsersploit|(c99|php)shell|curl(_exec|test)|disable_functions?|document_root|elastix|encodeuricom|exploit|fclose|fgets|file_put_contents|fputs|fsbuff|fsockopen|gethostbyname|grablogin|hmei7|input_file|null|open_basedir|outfile|passthru|phpinfo|popen|proc_open|quickbrute|remoteview|root_path|safe_mode|shell_exec|site((.){0,2})copier|sux0r|trojan|user_func_array|wget|xertive) [NC,OR]
RewriteCond %{QUERY_STRING} (;|<|>|\'|\"|\)|%0a|%0d|%22|%27|%3c|%3e|%00)(.*)(/\*|alter|base64|benchmark|cast|char|concat|convert|create|encode|declare|delete|drop|insert|md5|order|request|script|select|set|union|update) [NC,OR]
RewriteCond %{QUERY_STRING} ((\+|%2b)(concat|delete|get|select|union)(\+|%2b)) [NC,OR]
RewriteCond %{QUERY_STRING} (union)(.*)(select)(.*)(\(|%28) [NC,OR]
RewriteCond %{QUERY_STRING} (concat)(.*)(\(|%28) [NC]
RewriteRule .* - [F,L]
# RewriteRule .* /7G_log.php?log [END,NE,E=7G_QUERY_STRING:%1___%2___%3]
</IfModule>
# 7G:[REQUEST URI]
<IfModule mod_rewrite.c>
RewriteCond %{REQUEST_URI} ([a-z0-9]{2000,}) [NC,OR]
RewriteCond %{REQUEST_URI} (=?\\(\'|%27)/?)(\.) [NC,OR]
RewriteCond %{REQUEST_URI} (\^|`|<|>|%|\\|\{|\}|\|) [NC,OR]
RewriteCond %{REQUEST_URI} (/)(\*|\"|\'|\.|,|&|&amp;?)/?$ [NC,OR]
RewriteCond %{REQUEST_URI} (\.)(php)(\()?([0-9]+)(\))?(/)?$ [NC,OR]
RewriteCond %{REQUEST_URI} (/)(vbulletin|boards|vbforum)(/)? [NC,OR]
RewriteCond %{REQUEST_URI} (\.(s?ftp-?)config|(s?ftp-?)config\.) [NC,OR]
RewriteCond %{REQUEST_URI} (\{0\}|\"?0\"?=\"?0|\(/\(|\.\.\.|\+\+\+|\\\") [NC,OR]
RewriteCond %{REQUEST_URI} (thumbs?(_editor|open)?|tim(thumbs?)?)(\.php) [NC,OR]
RewriteCond %{REQUEST_URI} (/)(fck|ckfinder|fullclick|ckfinder|fckeditor) [NC,OR]
RewriteCond %{REQUEST_URI} (\.|20)(get|the)(_)(permalink|posts_page_url)(\() [NC,OR]
RewriteCond %{REQUEST_URI} (///|\?\?|/&&|/\*(.*)\*/|/:/|\\\\|0x00|%00|%0d%0a) [NC,OR]
RewriteCond %{REQUEST_URI} (/%7e)(root|ftp|bin|nobody|named|guest|logs|sshd)(/) [NC,OR]
RewriteCond %{REQUEST_URI} (/)(etc|var)(/)(hidden|secret|shadow|ninja|passwd|tmp)(/)?$ [NC,OR]
RewriteCond %{REQUEST_URI} (s)?(ftp|http|inurl|php)(s)?(:(/|%2f|%u2215)(/|%2f|%u2215)) [NC,OR]
RewriteCond %{REQUEST_URI} (/)(=|\$&?|&?(pws|rk)=0|_mm|_vti_|cgi(\.|-)?|(=|/|;|,)nt\.) [NC,OR]
RewriteCond %{REQUEST_URI} (\.)(ds_store|htaccess|htpasswd|init?|mysql-select-db)(/)?$ [NC,OR]
RewriteCond %{REQUEST_URI} (/)(bin)(/)(cc|chmod|chsh|cpp|echo|id|kill|mail|nasm|perl|ping|ps|python|tclsh)(/)?$ [NC,OR]
RewriteCond %{REQUEST_URI} (/)(::[0-9999]|%3a%3a[0-9999]|127\.0\.0\.1|localhost|loopback|makefile|pingserver|wwwroot)(/)? [NC,OR]
RewriteCond %{REQUEST_URI} (\(null\)|\{\$itemURL\}|cAsT\(0x|echo(.*)kae|etc/passwd|eval\(|self/environ|\+union\+all\+select) [NC,OR]
RewriteCond %{REQUEST_URI} (/)(awstats|(c99|php|web)shell|document_root|error_log|listinfo|muieblack|remoteview|site((.){0,2})copier|sqlpatch|sux0r) [NC,OR]
RewriteCond %{REQUEST_URI} (/)((php|web)?shell|crossdomain|fileditor|locus7|nstview|php(get|remoteview|writer)|r57|remview|sshphp|storm7|webadmin)(.*)(\.|\() [NC,OR]
RewriteCond %{REQUEST_URI} (/)(author-panel|bitrix|class|database|(db|mysql)-?admin|filemanager|htdocs|httpdocs|https?|mailman|mailto|msoffice|mysql|_?php-?my-?admin(.*)|tmp|undefined|usage|var|vhosts|webmaster|www)(/) [NC,OR]
RewriteCond %{REQUEST_URI} (\.)(7z|ab4|afm|aspx?|bash|ba?k?|bz2|cfg|cfml?|cgi|ctl|dat|db|dll|eml|et2|exe|fec|fla|hg|inc|ini|inv|jsp|log|lqd|mbf|mdb|mmw|mny|old|one|out|passwd|pdb|pl|psd|pst|ptdb|pwd|py|qbb|qdf|rar|rdf|sdb|sql|sh|soa|swf|swl|swp|stx|tar|tax|tgz|tls|tmd|wow|zlib)$ [NC,OR]
RewriteCond %{REQUEST_URI} (base64_(en|de)code|benchmark|child_terminate|curl_exec|e?chr|eval|function|fwrite|(f|p)open|html|leak|passthru|p?fsockopen|phpinfo|posix_(kill|mkfifo|setpgid|setsid|setuid)|proc_(close|get_status|nice|open|terminate)|(shell_)?exec|system)(.*)(\()(.*)(\)) [NC,OR]
RewriteCond %{REQUEST_URI} (/)(^$|00.temp00|0day|3xp|70bex?|admin_events|bkht|(php|web)?shell|configbak|curltest|db|dompdf|filenetworks|hmei7|index\.php/index\.php/index|jahat|kcrew|keywordspy|mobiquo|mysql|nessus|php-?info|racrew|sql|vuln|webconfig|(wp-)?conf(ig)?(uration)?|xertive)(\.php) [NC]
RewriteRule .* - [F,L]
# RewriteRule .* /7G_log.php?log [END,NE,E=7G_REQUEST_URI:%1___%2___%3]
</IfModule>
# 7G:[USER AGENT]
<IfModule mod_rewrite.c>
RewriteCond %{HTTP_USER_AGENT} ([a-z0-9]{2000,}) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (&lt;|%0a|%0d|%27|%3c|%3e|%00|0x00) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ((c99|php|web)shell|remoteview|site((.){0,2})copier) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (base64_decode|bin/bash|disconnect|eval|lwp-download|unserialize|\\\x22) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (360Spider|acapbot|acoonbot|ahrefs|alexibot|asterias|attackbot|backdorbot|becomebot|binlar|blackwidow|blekkobot|blexbot|blowfish|bullseye|bunnys|butterfly|careerbot|casper|checkpriv|cheesebot|cherrypick|chinaclaw|choppy|clshttp|cmsworld|copernic|copyrightcheck|cosmos|crescent|cy_cho|datacha|demon|diavol|discobot|dittospyder|dotbot|dotnetdotcom|dumbot|emailcollector|emailsiphon|emailwolf|exabot|extract|eyenetie|feedfinder|flaming|flashget|flicky|foobot|g00g1e|getright|gigabot|go-ahead-got|gozilla|grabnet|grafula|harvest|heritrix|httrack|icarus6j|jetbot|jetcar|jikespider|kmccrew|leechftp|libweb|linkextractor|linkscan|linkwalker|loader|masscan|miner|majestic|mechanize|mj12bot|morfeus|moveoverbot|netmechanic|netspider|nicerspro|nikto|ninja|nutch|octopus|pagegrabber|planetwork|postrank|proximic|purebot|pycurl|python|queryn|queryseeker|radian6|radiation|realdownload|rogerbot|scooter|seekerspider|semalt|siclab|sindice|sistrix|sitebot|siteexplorer|sitesnagger|skygrid|smartdownload|snoopy|sosospider|spankbot|spbot|sqlmap|stackrambler|stripper|sucker|surftbot|sux0r|suzukacz|suzuran|takeout|teleport|telesoft|true_robots|turingos|turnit|vampire|vikspider|voideye|webleacher|webreaper|webstripper|webvac|webviewer|webwhacker|winhttp|wwwoffle|woxbot|xaldon|xxxyy|yamanalab|yioopbot|youda|zeus|zmeu|zune|zyborg) [NC]
RewriteRule .* - [F,L]
# RewriteRule .* /7G_log.php?log [END,NE,E=7G_USER_AGENT:%1]
</IfModule>
# 7G:[REMOTE HOST]
<IfModule mod_rewrite.c>
RewriteCond %{REMOTE_HOST} (163data|amazonaws|colocrossing|crimea|g00g1e|justhost|kanagawa|loopia|masterhost|onlinehome|poneytel|sprintdatacenter|reverse.softlayer|safenet|ttnet|woodpecker|wowrack) [NC]
RewriteRule .* - [F,L]
# RewriteRule .* /7G_log.php?log [END,NE,E=7G_REMOTE_HOST:%1]
</IfModule>
# 7G:[HTTP REFERRER]
<IfModule mod_rewrite.c>
RewriteCond %{HTTP_REFERER} (semalt.com|todaperfeita) [NC,OR]
RewriteCond %{HTTP_REFERER} (ambien|blue\spill|cocaine|ejaculat|erectile|erections|hoodia|huronriveracres|impotence|levitra|libido|lipitor|phentermin|pro[sz]ac|sandyauer|tramadol|troyhamby|ultram|unicauca|valium|viagra|vicodin|xanax|ypxaieo) [NC]
RewriteRule .* - [F,L]
# RewriteRule .* /7G_log.php?log [END,NE,E=7G_HTTP_REFERRER:%1]
</IfModule>
# 7G:[REQUEST METHOD]
<IfModule mod_rewrite.c>
RewriteCond %{REQUEST_METHOD} ^(connect|debug|move|trace|track) [NC]
RewriteRule .* - [F,L]
# RewriteRule .* /7G_log.php?log [END,NE,E=7G_REQUEST_METHOD:%1]
</IfModule>
EOF
```

1
mkdocs-material Submodule

@ -0,0 +1 @@
Subproject commit 572c1e854ef87dd8e985d7c6a62a30d832422da9

9
mkdocs.yml
View File

@ -5,7 +5,7 @@ site_author: p.h.vos
dev_addr: 0.0.0.0:8000
repo_url: https://git.webhosting.rug.nl/doc/website
repo_url: https://git.web.rug.nl/doc/website
copyright: Copyright &copy; 2019 <a href="https://rug.nl/staff/p.h.vos">P.H.Vos</a>
@ -15,10 +15,13 @@ pages:
- 'Home': 'index.md'
- 'Docker': 'docker.md'
- 'Kubernetes' : 'kubernetes.md'
- 'Rancher 2' : 'rancher2.md'
- 'Rancher' : 'rancher.md'
- 'Git': 'git.md'
- 'Drone CI': 'drone.md'
- 'Rancher Errors': 'rancher-err.md'
- 'Jenkins': 'jenkins.md'
- 'Wordpress': 'wordpress.md'
- 'System': 'os.md'
- 'Issues': 'issue.md'
markdown_extensions:
- smarty

24
mkdocs.yml2
View File

@ -1,24 +0,0 @@
site_name: webhosting
site_url: https://0.0.0.0:8000
site_description: webhosting information RUG
site_author: webhosting
dev_addr: 0.0.0.0:8000
repo_url: https://git.webhosting.rug.nl
copyright: Copyright &copy; 2018 <a href="https://rug.nl/staff/p.h.vos">P.H.Vos</a>
theme: readthedocs
pages:
- 'Home': 'index.md'
- 'Docker': 'docker.md'
- 'Kubernetes' : 'kubernetes.md'
- 'Git': 'git.md'
markdown_extensions:
- smarty
- toc:

26
mkdocs.yml~
View File

@ -1,26 +0,0 @@
site_name: webhosting
site_url: https://0.0.0.0:8000
site_description: Container information @RUG
site_author: p.h.vos
dev_addr: 0.0.0.0:8000
repo_url: https://git.webhosting.rug.nl/docs/website
copyright: Copyright &copy; 2019 <a href="https://rug.nl/staff/p.h.vos">P.H.Vos</a>
theme: readthedocs
pages:
- 'Home': 'index.md'
- 'Docker': 'docker.md'
- 'Kubernetes' : 'kubernetes.md'
- 'Rancher 2' : 'rancher2.md'
- 'Git': 'git.md'
- 'Drone CI': 'drone.md'
- 'Rancher Errors': 'rancher-err.md'
markdown_extensions:
- smarty
- toc:
permalink: '#'