update and add config file

2019-06-30 04:22:52 +02:00 · 2019-06-30 04:22:52 +02:00 · 3a111d5176
parent d6d68c61fd
commit 3a111d5176
4 changed files with 115 additions and 5 deletions
--- a/0x0.service
+++ b/0x0.service
@ -0,0 +1,18 @@
+# /etc/systemd/system/0x0.service
+[Unit]
+Description=null pointer
+After=network.target
+
+[Service]
+Type=simple
+User=0x0
+Group=0x0
+WorkingDirectory=/srv/0x0/
+ExecStart=/usr/bin/uwsgi_python3 --socket 127.0.0.1:3031 --wsgi-file fhost.py --callable app --processes 4 --threads 2 --master
+Restart=always
+RestartSec=5
+StartLimitInterval=60s
+StartLimitBurst=3
+
+[Install]
+WantedBy=default.target
--- a/README.rst
+++ b/README.rst
@ -2,7 +2,7 @@ The Null Pointer
 ================

 This is a no-bullshit file hosting and URL shortening service that also runs
-`0x0.st <https://0x0.st>`_. Use with uWSGI.
+`0x0.envs.net <https://0x0.envs.net>`_. Use with uWSGI.

 If you are running nginx, you should use the ``X-Accel-Redirect`` header.
 To make it work, include this in your nginx config’s ``server`` block::
@ -36,6 +36,18 @@ the following:
 * ``ffmpegthumbnailer`` executable in ``$PATH``


+INSTALL
+-------
+
+```bash
+apt update
+apt install python3-pip nginx uwsgi uwsgi-plugin-python3 certbot
+git clone https://github.com/cremesk/0x0.git /srv/0x0
+
+cd /srv/0x0
+pip3 install --user `cat requirements.txt`
+```
+
 FAQ
 ---

--- a/fhost.py
+++ b/fhost.py
@ -19,7 +19,7 @@ app.config["SQLALCHEMY_TRACK_MODIFICATIONS"] = False

 app.config["SQLALCHEMY_DATABASE_URI"] = "sqlite:///db.sqlite" # "postgresql://0x0@/0x0"
 app.config["PREFERRED_URL_SCHEME"] = "https" # nginx users: make sure to have 'uwsgi_param UWSGI_SCHEME $scheme;' in your config
-app.config["MAX_CONTENT_LENGTH"] = 256 * 1024 * 1024
+app.config["MAX_CONTENT_LENGTH"] = 512 * 1024 * 1024
 app.config["MAX_URL_LENGTH"] = 4096
 app.config["FHOST_STORAGE_PATH"] = "up"
 app.config["FHOST_USE_X_ACCEL_REDIRECT"] = True # expect nginx by default
@ -40,6 +40,7 @@ app.config["FHOST_EXT_OVERRIDE"] = {
 # default blacklist to avoid AV mafia extortion
 app.config["FHOST_MIME_BLACKLIST"] = [
    "application/x-dosexec",
+    "application/x-executable",
    "application/java-archive",
    "application/java-vm"
 ]
@ -359,6 +360,28 @@ Maximum file size: {1}
 Not allowed: {5}


+UPLOAD DIRECTLY
+---------------
+<form action="{0}" method="POST" enctype="multipart/form-data">
+    <label for="file">File:</label>
+    <input class="form-control" type="file" name="file"><br><br>
+    <input class="form-control" type="submit" value="Submit">
+</form>
+
+0x0.envs.net is NOT a platform for:
+    * child pornography
+    * malware, including “potentially unwanted applications”
+    * botnet command and control schemes involving this service
+    * anything even remotely related to crypto currencies
+    * hosting your backups
+    * spamming the service with CI build artifacts
+    * piracy
+    * alt-right shitposting
+
+If you run a server and like this site, clone it! Centralization is bad.
+https://github.com/lachs0r/0x0
+
+
 FILE RETENTION PERIOD
 ---------------------

@ -390,15 +413,16 @@ retention = min_age + (-max_age + min_age) * pow((file_size / max_size - 1), 3)
 ABUSE
 -----

-If you would like to request permanent deletion, please contact lachs0r via
-IRC on Freenode, or send an email to lachs0r@(this domain).
+If you would like to request permanent deletion, please
+send an email to hostmaster@envs.net.

 Please allow up to 24 hours for a response.
 </pre>
+
 """.format(fhost_url(),
           maxsize, str(maxsizehalf).rjust(27), str(maxsizenum).rjust(27),
           maxsizeunit.rjust(54),
-           ", ".join(app.config["FHOST_MIME_BLACKLIST"]))
+           ", ".join(app.config["FHOST_MIME_BLACKLIST"]),fhost_url().split("/",2)[2])

@app.route("/robots.txt")
 def robots():
--- a/nginx.conf
+++ b/nginx.conf
@ -0,0 +1,56 @@
+server {
+    listen 80;
+#    listen [::]:80;
+    server_name 0x0.envs.net;
+
+    access_log /var/log/nginx/0x0.envs.net-access.log;
+    error_log /var/log/nginx/0x0.envs.net-error.log;
+
+    location / {
+        return 301 https://$host$request_uri;
+    }
+
+    location /.well-known/acme-challenge/ {
+        alias /var/lib/letsencrypt/.well-known/acme-challenge/;
+    }
+}
+
+server {
+    listen 443 ssl http2;
+    server_name 0x0.envs.net;
+
+    ssl_certificate /etc/letsencrypt/live/0x0.envs.net/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/0x0.envs.net/privkey.pem;
+    ssl_protocols TLSv1.2;
+    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
+    ssl_prefer_server_ciphers on;
+    ssl_session_cache shared:SSL:10m;
+    ssl_verify_depth 3;
+    ssl_dhparam /etc/ssl/certs/envs_dhparam.pem;
+
+    ssl_session_tickets off;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+    ssl_trusted_certificate /etc/letsencrypt/live/0x0.envs.net/chain.pem;
+
+    add_header X-XSS-Protection "1; mode=block";
+    add_header X-Content-Type-Options nosniff;
+    # add_header X-Frame-Options "SAMEORIGIN";
+
+    access_log /var/log/nginx/0x0.envs.net-access.log;
+    error_log /var/log/nginx/0x0.envs.net-error.log;
+
+    root /srv/0x0;
+
+    location / {
+        include uwsgi_params;
+        uwsgi_param UWSGI_SCHEME $scheme;
+
+        # make sure this matches the port you're running uwsgi on
+        uwsgi_pass 127.0.0.1:3031;
+    }
+
+    location /up {
+        internal;
+    }
+}