danwin1210/hosting
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Separate nginx sockets for each site to make hoster identification harder

Browse Source
This commit is contained in:
Daniel Winzen
2018-03-08 20:57:42 +01:00
parent 9eb5c2ae3c
commit 7bd2e79f06
5 changed files with 21 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@ -15,7 +15,7 @@ apt-get purge apache2* resolvconf
If you are on Ubuntu, add the following PPA:
```
add-apt-repository ppa:ondrej/php && apt-get update
LC_ALL=C.UTF-8 add-apt-repository ppa:ondrej/php && apt-get update
```
On debian stable this may be worth a look: https://deb.sury.org/
@ -123,6 +123,7 @@ Create a mysql user with all permissions for our hosting management:
mysql
CREATE USER 'hosting'@'localhost' IDENTIFIED BY 'MY_PASSWORD';
GRANT ALL PRIVILEGES ON *.* TO 'hosting'@'localhost' WITH GRANT OPTION;
FLUSH PRIVILEGES;
quit
```

1
etc/systemd/system/nginx.service.d/custom.conf
View File

@ -3,3 +3,4 @@ LimitNOFILE=100000
TimeoutStartSec=300
ExecStop=
ExecStop=-/sbin/start-stop-daemon --quiet --stop --pidfile /run/nginx.pid
ExecStartPre=/usr/bin/install -Z -m 02755 -o www-data -g www-data -d /var/run/nginx

2
var/www/common.php
View File

@ -4,7 +4,7 @@ const DBUSER='hosting'; // Database user
const DBPASS='MY_PASSWORD'; // Database password
const DBNAME='hosting'; // Database
const PERSISTENT=true; // Use persistent database conection true/false
const DBVERSION=2; //database layout version
const DBVERSION=3; //database layout version
const CAPTCHA=0; // Captcha difficulty (0=off, 1=simple, 2=moderate, 3=extreme)
const ADDRESS='dhosting4okcs22v.onion'; // our own address
const SERVERS=[ //servers and ports we are running on

6
var/www/cron.php
View File

@ -48,7 +48,7 @@ if($id[5]!=0){
$nginx="server {
listen [::]:80;
listen unix:/var/run/nginx.sock;
listen unix:/var/run/nginx/$onion;
root /home/$onion.onion/www;
server_name $onion.onion *.$onion.onion;
access_log /var/log/nginx/access_$onion.onion.log custom;
@ -106,7 +106,7 @@ php_admin_value[session.save_path] = /home/$onion.onion/tmp
chgrp("/var/lib/tor-instances/$firstchar/hidden_service_$onion.onion/private_key", "_tor-$firstchar");
//add hidden service to torrc
$torrc=file_get_contents("/etc/tor/instances/$firstchar/torrc");
$torrc.="HiddenServiceDir /var/lib/tor-instances/$firstchar/hidden_service_$onion.onion/\nHiddenServicePort 80 unix:/var/run/nginx.sock\nHiddenServicePort 25 127.0.0.1:25\n";
$torrc.="HiddenServiceDir /var/lib/tor-instances/$firstchar/hidden_service_$onion.onion/\nHiddenServicePort 80 unix:/var/run/nginx/$onion\nHiddenServicePort 25 127.0.0.1:25\n";
file_put_contents("/etc/tor/instances/$firstchar/torrc", $torrc);
//remove from to-add queue
$del->execute([$onion]);
@ -132,7 +132,7 @@ foreach($onions as $onion){
unlink("/etc/nginx/sites-enabled/$onion[0].onion");
//clean torrc from user
$torrc=file_get_contents("/etc/tor/instances/$firstchar/torrc");
$torrc=str_replace("HiddenServiceDir /var/lib/tor-instances/$firstchar/hidden_service_$onion[0].onion/\nHiddenServicePort 80 unix:/var/run/nginx.sock\nHiddenServicePort 25 127.0.0.1:25\n", '', $torrc);
$torrc=str_replace("HiddenServiceDir /var/lib/tor-instances/$firstchar/hidden_service_$onion[0].onion/\nHiddenServicePort 80 unix:/var/run/nginx/$onion[0]\nHiddenServicePort 25 127.0.0.1:25\n", '', $torrc);
file_put_contents("/etc/tor/instances/$firstchar/torrc", $torrc);
//delete hidden service from tor
if(file_exists("/var/lib/tor-instances/$firstchar/hidden_service_$onion[0].onion/")){

14
var/www/setup.php
View File

@ -36,6 +36,20 @@ if(!@$version=$db->query("SELECT value FROM settings WHERE setting='version';"))
$db->exec('ALTER TABLE new_account ADD approved tinyint(1) UNSIGNED NOT NULL;');
$db->exec('DROP TABLE del_account;');
}
if($version<3){
$stmt=$db->query("SELECT onion FROM users;");
while($id=$stmt->fetch(PDO::FETCH_NUM)){
$onion=$id[0];
$firstchar=substr($onion, 0, 1);
$replace=str_replace("listen unix:/var/run/nginx.sock;", "listen unix:/var/run/nginx/$onion backlog=2048;", file_get_contents("/etc/nginx/sites-enabled/$onion.onion"));
file_put_contents("/etc/nginx/sites-enabled/$onion.onion", $replace);
$torrc=file_get_contents("/etc/tor/instances/$firstchar/torrc");
$torrc=str_replace("$onion.onion/\nHiddenServicePort 80 unix:/var/run/nginx.sock", "$onion.onion/\nHiddenServicePort 80 unix:/var/run/nginx/$onion", $torrc);
file_put_contents("/etc/tor/instances/$firstchar/torrc", $torrc);
}
exec('service nginx reload');
exec("service tor reload");
}
$stmt=$db->prepare("UPDATE settings SET value=? WHERE setting='version';");
$stmt->execute([DBVERSION]);
if(DBVERSION!=$version){