update and add config file

This commit is contained in:
cremesk 2019-06-30 04:22:52 +02:00
parent d6d68c61fd
commit 3a111d5176
No known key found for this signature in database
GPG Key ID: C147C3B7FBDF08D0
4 changed files with 115 additions and 5 deletions

18
0x0.service Normal file
View File

@ -0,0 +1,18 @@
# /etc/systemd/system/0x0.service
[Unit]
Description=null pointer
After=network.target
[Service]
Type=simple
User=0x0
Group=0x0
WorkingDirectory=/srv/0x0/
ExecStart=/usr/bin/uwsgi_python3 --socket 127.0.0.1:3031 --wsgi-file fhost.py --callable app --processes 4 --threads 2 --master
Restart=always
RestartSec=5
StartLimitInterval=60s
StartLimitBurst=3
[Install]
WantedBy=default.target

View File

@ -2,7 +2,7 @@ The Null Pointer
================
This is a no-bullshit file hosting and URL shortening service that also runs
`0x0.st <https://0x0.st>`_. Use with uWSGI.
`0x0.envs.net <https://0x0.envs.net>`_. Use with uWSGI.
If you are running nginx, you should use the ``X-Accel-Redirect`` header.
To make it work, include this in your nginx configs ``server`` block::
@ -36,6 +36,18 @@ the following:
* ``ffmpegthumbnailer`` executable in ``$PATH``
INSTALL
-------
```bash
apt update
apt install python3-pip nginx uwsgi uwsgi-plugin-python3 certbot
git clone https://github.com/cremesk/0x0.git /srv/0x0
cd /srv/0x0
pip3 install --user `cat requirements.txt`
```
FAQ
---

View File

@ -19,7 +19,7 @@ app.config["SQLALCHEMY_TRACK_MODIFICATIONS"] = False
app.config["SQLALCHEMY_DATABASE_URI"] = "sqlite:///db.sqlite" # "postgresql://0x0@/0x0"
app.config["PREFERRED_URL_SCHEME"] = "https" # nginx users: make sure to have 'uwsgi_param UWSGI_SCHEME $scheme;' in your config
app.config["MAX_CONTENT_LENGTH"] = 256 * 1024 * 1024
app.config["MAX_CONTENT_LENGTH"] = 512 * 1024 * 1024
app.config["MAX_URL_LENGTH"] = 4096
app.config["FHOST_STORAGE_PATH"] = "up"
app.config["FHOST_USE_X_ACCEL_REDIRECT"] = True # expect nginx by default
@ -40,6 +40,7 @@ app.config["FHOST_EXT_OVERRIDE"] = {
# default blacklist to avoid AV mafia extortion
app.config["FHOST_MIME_BLACKLIST"] = [
"application/x-dosexec",
"application/x-executable",
"application/java-archive",
"application/java-vm"
]
@ -359,6 +360,28 @@ Maximum file size: {1}
Not allowed: {5}
UPLOAD DIRECTLY
---------------
<form action="{0}" method="POST" enctype="multipart/form-data">
<label for="file">File:</label>
<input class="form-control" type="file" name="file"><br><br>
<input class="form-control" type="submit" value="Submit">
</form>
0x0.envs.net is NOT a platform for:
* child pornography
* malware, including potentially unwanted applications
* botnet command and control schemes involving this service
* anything even remotely related to crypto currencies
* hosting your backups
* spamming the service with CI build artifacts
* piracy
* alt-right shitposting
If you run a server and like this site, clone it! Centralization is bad.
https://github.com/lachs0r/0x0
FILE RETENTION PERIOD
---------------------
@ -390,15 +413,16 @@ retention = min_age + (-max_age + min_age) * pow((file_size / max_size - 1), 3)
ABUSE
-----
If you would like to request permanent deletion, please contact lachs0r via
IRC on Freenode, or send an email to lachs0r@(this domain).
If you would like to request permanent deletion, please
send an email to hostmaster@envs.net.
Please allow up to 24 hours for a response.
</pre>
""".format(fhost_url(),
maxsize, str(maxsizehalf).rjust(27), str(maxsizenum).rjust(27),
maxsizeunit.rjust(54),
", ".join(app.config["FHOST_MIME_BLACKLIST"]))
", ".join(app.config["FHOST_MIME_BLACKLIST"]),fhost_url().split("/",2)[2])
@app.route("/robots.txt")
def robots():

56
nginx.conf Normal file
View File

@ -0,0 +1,56 @@
server {
listen 80;
# listen [::]:80;
server_name 0x0.envs.net;
access_log /var/log/nginx/0x0.envs.net-access.log;
error_log /var/log/nginx/0x0.envs.net-error.log;
location / {
return 301 https://$host$request_uri;
}
location /.well-known/acme-challenge/ {
alias /var/lib/letsencrypt/.well-known/acme-challenge/;
}
}
server {
listen 443 ssl http2;
server_name 0x0.envs.net;
ssl_certificate /etc/letsencrypt/live/0x0.envs.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/0x0.envs.net/privkey.pem;
ssl_protocols TLSv1.2;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_verify_depth 3;
ssl_dhparam /etc/ssl/certs/envs_dhparam.pem;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/letsencrypt/live/0x0.envs.net/chain.pem;
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options nosniff;
# add_header X-Frame-Options "SAMEORIGIN";
access_log /var/log/nginx/0x0.envs.net-access.log;
error_log /var/log/nginx/0x0.envs.net-error.log;
root /srv/0x0;
location / {
include uwsgi_params;
uwsgi_param UWSGI_SCHEME $scheme;
# make sure this matches the port you're running uwsgi on
uwsgi_pass 127.0.0.1:3031;
}
location /up {
internal;
}
}