From 3a111d51762e268513cefe2a187e20a7e7c60abb Mon Sep 17 00:00:00 2001 From: cremesk Date: Sun, 30 Jun 2019 04:22:52 +0200 Subject: [PATCH] update and add config file --- 0x0.service | 18 +++++++++++++++++ README.rst | 14 +++++++++++++- fhost.py | 32 ++++++++++++++++++++++++++---- nginx.conf | 56 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 115 insertions(+), 5 deletions(-) create mode 100644 0x0.service create mode 100644 nginx.conf diff --git a/0x0.service b/0x0.service new file mode 100644 index 0000000..ace57c0 --- /dev/null +++ b/0x0.service @@ -0,0 +1,18 @@ +# /etc/systemd/system/0x0.service +[Unit] +Description=null pointer +After=network.target + +[Service] +Type=simple +User=0x0 +Group=0x0 +WorkingDirectory=/srv/0x0/ +ExecStart=/usr/bin/uwsgi_python3 --socket 127.0.0.1:3031 --wsgi-file fhost.py --callable app --processes 4 --threads 2 --master +Restart=always +RestartSec=5 +StartLimitInterval=60s +StartLimitBurst=3 + +[Install] +WantedBy=default.target diff --git a/README.rst b/README.rst index cf2ac7d..f9a0d60 100644 --- a/README.rst +++ b/README.rst @@ -2,7 +2,7 @@ The Null Pointer ================ This is a no-bullshit file hosting and URL shortening service that also runs -`0x0.st `_. Use with uWSGI. +`0x0.envs.net `_. Use with uWSGI. If you are running nginx, you should use the ``X-Accel-Redirect`` header. To make it work, include this in your nginx config’s ``server`` block:: @@ -36,6 +36,18 @@ the following: * ``ffmpegthumbnailer`` executable in ``$PATH`` +INSTALL +------- + +```bash +apt update +apt install python3-pip nginx uwsgi uwsgi-plugin-python3 certbot +git clone https://github.com/cremesk/0x0.git /srv/0x0 + +cd /srv/0x0 +pip3 install --user `cat requirements.txt` +``` + FAQ --- diff --git a/fhost.py b/fhost.py index 72363a6..86933da 100755 --- a/fhost.py +++ b/fhost.py @@ -19,7 +19,7 @@ app.config["SQLALCHEMY_TRACK_MODIFICATIONS"] = False app.config["SQLALCHEMY_DATABASE_URI"] = "sqlite:///db.sqlite" # "postgresql://0x0@/0x0" app.config["PREFERRED_URL_SCHEME"] = "https" # nginx users: make sure to have 'uwsgi_param UWSGI_SCHEME $scheme;' in your config -app.config["MAX_CONTENT_LENGTH"] = 256 * 1024 * 1024 +app.config["MAX_CONTENT_LENGTH"] = 512 * 1024 * 1024 app.config["MAX_URL_LENGTH"] = 4096 app.config["FHOST_STORAGE_PATH"] = "up" app.config["FHOST_USE_X_ACCEL_REDIRECT"] = True # expect nginx by default @@ -40,6 +40,7 @@ app.config["FHOST_EXT_OVERRIDE"] = { # default blacklist to avoid AV mafia extortion app.config["FHOST_MIME_BLACKLIST"] = [ "application/x-dosexec", + "application/x-executable", "application/java-archive", "application/java-vm" ] @@ -359,6 +360,28 @@ Maximum file size: {1} Not allowed: {5} +UPLOAD DIRECTLY +--------------- +
+ +

+ +
+ +0x0.envs.net is NOT a platform for: + * child pornography + * malware, including “potentially unwanted applications” + * botnet command and control schemes involving this service + * anything even remotely related to crypto currencies + * hosting your backups + * spamming the service with CI build artifacts + * piracy + * alt-right shitposting + +If you run a server and like this site, clone it! Centralization is bad. +https://github.com/lachs0r/0x0 + + FILE RETENTION PERIOD --------------------- @@ -390,15 +413,16 @@ retention = min_age + (-max_age + min_age) * pow((file_size / max_size - 1), 3) ABUSE ----- -If you would like to request permanent deletion, please contact lachs0r via -IRC on Freenode, or send an email to lachs0r@(this domain). +If you would like to request permanent deletion, please +send an email to hostmaster@envs.net. Please allow up to 24 hours for a response. + """.format(fhost_url(), maxsize, str(maxsizehalf).rjust(27), str(maxsizenum).rjust(27), maxsizeunit.rjust(54), - ", ".join(app.config["FHOST_MIME_BLACKLIST"])) + ", ".join(app.config["FHOST_MIME_BLACKLIST"]),fhost_url().split("/",2)[2]) @app.route("/robots.txt") def robots(): diff --git a/nginx.conf b/nginx.conf new file mode 100644 index 0000000..c10583d --- /dev/null +++ b/nginx.conf @@ -0,0 +1,56 @@ +server { + listen 80; +# listen [::]:80; + server_name 0x0.envs.net; + + access_log /var/log/nginx/0x0.envs.net-access.log; + error_log /var/log/nginx/0x0.envs.net-error.log; + + location / { + return 301 https://$host$request_uri; + } + + location /.well-known/acme-challenge/ { + alias /var/lib/letsencrypt/.well-known/acme-challenge/; + } +} + +server { + listen 443 ssl http2; + server_name 0x0.envs.net; + + ssl_certificate /etc/letsencrypt/live/0x0.envs.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/0x0.envs.net/privkey.pem; + ssl_protocols TLSv1.2; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_verify_depth 3; + ssl_dhparam /etc/ssl/certs/envs_dhparam.pem; + + ssl_session_tickets off; + ssl_stapling on; + ssl_stapling_verify on; + ssl_trusted_certificate /etc/letsencrypt/live/0x0.envs.net/chain.pem; + + add_header X-XSS-Protection "1; mode=block"; + add_header X-Content-Type-Options nosniff; + # add_header X-Frame-Options "SAMEORIGIN"; + + access_log /var/log/nginx/0x0.envs.net-access.log; + error_log /var/log/nginx/0x0.envs.net-error.log; + + root /srv/0x0; + + location / { + include uwsgi_params; + uwsgi_param UWSGI_SCHEME $scheme; + + # make sure this matches the port you're running uwsgi on + uwsgi_pass 127.0.0.1:3031; + } + + location /up { + internal; + } +}