2024-10-31 20:18:37 +01:00
<!DOCTYPE html> < html lang = "fr" >
< head > < meta charset = "utf-8" >
< meta http-equiv = "X-UA-Compatible" content = "IE=edge" >
< meta name = "viewport" content = "width=device-width, initial-scale=1, user-scalable=no" > < title > HETZNER VPS CX11 debian 11 (ttrss) - YannStatic< / title >
< meta name = "description" content = "CX11 (1 vCore/2GoRam/20Go Nvme) Debian BusterDatacenter : fsn1-dc14City : FalkensteinCountry : GermanyNetwork zone : eu-central" >
< link rel = "canonical" href = "https://static.rnmkcy.eu/2022/05/13/VPS-Hetzner-CX11_debian_11.html" > < link rel = "alternate" type = "application/rss+xml" title = "YannStatic" href = "/feed.xml" >
<!-- - include head/favicon.html - -->
< link rel = "shortcut icon" type = "image/png" href = "/assets/favicon/favicon.png" > < link rel = "stylesheet" href = "/assets/css/main.css" > < link rel = "stylesheet" href = "https://use.fontawesome.com/releases/v5.0.13/css/all.css" > <!-- start custom head snippets --> < link rel = "stylesheet" href = "/assets/css/expand.css" >
<!-- end custom head snippets --> < script > ( f u n c t i o n ( ) {
window.isArray = function(val) {
return Object.prototype.toString.call(val) === '[object Array]';
};
window.isString = function(val) {
return typeof val === 'string';
};
window.hasEvent = function(event) {
return 'on'.concat(event) in window.document;
};
window.isOverallScroller = function(node) {
return node === document.documentElement || node === document.body || node === window;
};
window.isFormElement = function(node) {
var tagName = node.tagName;
return tagName === 'INPUT' || tagName === 'SELECT' || tagName === 'TEXTAREA';
};
window.pageLoad = (function () {
var loaded = false, cbs = [];
window.addEventListener('load', function () {
var i;
loaded = true;
if (cbs.length > 0) {
for (i = 0; i < cbs.length ; i + + ) {
cbs[i]();
}
}
});
return {
then: function(cb) {
cb & & (loaded ? cb() : (cbs.push(cb)));
}
};
})();
})();
(function() {
window.throttle = function(func, wait) {
var args, result, thisArg, timeoutId, lastCalled = 0;
function trailingCall() {
lastCalled = new Date;
timeoutId = null;
result = func.apply(thisArg, args);
}
return function() {
var now = new Date,
remaining = wait - (now - lastCalled);
args = arguments;
thisArg = this;
if (remaining < = 0) {
clearTimeout(timeoutId);
timeoutId = null;
lastCalled = now;
result = func.apply(thisArg, args);
} else if (!timeoutId) {
timeoutId = setTimeout(trailingCall, remaining);
}
return result;
};
};
})();
(function() {
var Set = (function() {
var add = function(item) {
var i, data = this._data;
for (i = 0; i < data.length ; i + + ) {
if (data[i] === item) {
return;
}
}
this.size ++;
data.push(item);
return data;
};
var Set = function(data) {
this.size = 0;
this._data = [];
var i;
if (data.length > 0) {
for (i = 0; i < data.length ; i + + ) {
add.call(this, data[i]);
}
}
};
Set.prototype.add = add;
Set.prototype.get = function(index) { return this._data[index]; };
Set.prototype.has = function(item) {
var i, data = this._data;
for (i = 0; i < data.length ; i + + ) {
if (this.get(i) === item) {
return true;
}
}
return false;
};
Set.prototype.is = function(map) {
if (map._data.length !== this._data.length) { return false; }
var i, j, flag, tData = this._data, mData = map._data;
for (i = 0; i < tData.length ; i + + ) {
for (flag = false, j = 0; j < mData.length ; j + + ) {
if (tData[i] === mData[j]) {
flag = true;
break;
}
}
if (!flag) { return false; }
}
return true;
};
Set.prototype.values = function() {
return this._data;
};
return Set;
})();
window.Lazyload = (function(doc) {
var queue = {js: [], css: []}, sources = {js: {}, css: {}}, context = this;
var createNode = function(name, attrs) {
var node = doc.createElement(name), attr;
for (attr in attrs) {
if (attrs.hasOwnProperty(attr)) {
node.setAttribute(attr, attrs[attr]);
}
}
return node;
};
var end = function(type, url) {
var s, q, qi, cbs, i, j, cur, val, flag;
if (type === 'js' || type ==='css') {
s = sources[type], q = queue[type];
s[url] = true;
for (i = 0; i < q.length ; i + + ) {
cur = q[i];
if (cur.urls.has(url)) {
qi = cur, val = qi.urls.values();
qi & & (cbs = qi.callbacks);
for (flag = true, j = 0; j < val.length ; j + + ) {
cur = val[j];
if (!s[cur]) {
flag = false;
}
}
if (flag & & cbs & & cbs.length > 0) {
for (j = 0; j < cbs.length ; j + + ) {
cbs[j].call(context);
}
qi.load = true;
}
}
}
}
};
var load = function(type, urls, callback) {
var s, q, qi, node, i, cur,
_urls = typeof urls === 'string' ? new Set([urls]) : new Set(urls), val, url;
if (type === 'js' || type ==='css') {
s = sources[type], q = queue[type];
for (i = 0; i < q.length ; i + + ) {
cur = q[i];
if (_urls.is(cur.urls)) {
qi = cur;
break;
}
}
val = _urls.values();
if (qi) {
callback & & (qi.load || qi.callbacks.push(callback));
callback & & (qi.load & & callback());
} else {
q.push({
urls: _urls,
callbacks: callback ? [callback] : [],
load: false
});
for (i = 0; i < val.length ; i + + ) {
node = null, url = val[i];
if (s[url] === undefined) {
(type === 'js' ) & & (node = createNode('script', { src: url }));
(type === 'css') & & (node = createNode('link', { rel: 'stylesheet', href: url }));
if (node) {
node.onload = (function(type, url) {
return function() {
end(type, url);
};
})(type, url);
(doc.head || doc.body).appendChild(node);
s[url] = false;
}
}
}
}
}
};
return {
js: function(url, callback) {
load('js', url, callback);
},
css: function(url, callback) {
load('css', url, callback);
}
};
})(this.document);
})();
< / script > < script >
(function() {
var TEXT_VARIABLES = {
version: '2.2.6',
sources: {
font_awesome: 'https://use.fontawesome.com/releases/v5.0.13/css/all.css',
jquery: '/assets/js/jquery.min.js',
leancloud_js_sdk: '//cdn.jsdelivr.net/npm/leancloud-storage@3.13.2/dist/av-min.js',
chart: 'https://cdn.bootcss.com/Chart.js/2.7.2/Chart.bundle.min.js',
gitalk: {
js: 'https://cdn.bootcss.com/gitalk/1.2.2/gitalk.min.js',
css: 'https://cdn.bootcss.com/gitalk/1.2.2/gitalk.min.css'
},
valine: 'https://unpkg.com/valine/dist/Valine.min.js'
},
site: {
toc: {
selectors: 'h1,h2,h3'
}
},
paths: {
search_js: '/assets/search.js'
}
};
window.TEXT_VARIABLES = TEXT_VARIABLES;
})();
< / script >
< / head >
< body >
< div class = "root" data-is-touch = "false" >
< div class = "layout--page js-page-root" > <!-- --> < div class = "page__main js-page-main page__viewport hide-footer has-aside has-aside cell cell--auto" >
< div class = "page__main-inner" > < div class = "page__header d-print-none" > < header class = "header" > < div class = "main" >
< div class = "header__title" >
< div class = "header__brand" > < svg id = "svg" version = "1.1" xmlns = "http://www.w3.org/2000/svg" xmlns:xlink = "http://www.w3.org/1999/xlink" width = "400" height = "478.9473684210526" viewBox = "0, 0, 400,478.9473684210526" > < g id = "svgg" > < path id = "path0" d = "M308.400 56 . 805 C 306 . 970 56 . 966 , 303 . 280 57 . 385 , 300 . 200 57 . 738 C 290 . 906 58 . 803 , 278 . 299 59 . 676 , 269 . 200 59 . 887 L 260 . 600 60 . 085 259 . 400 61 . 171 C 258 . 010 62 . 428 , 256 . 198 63 . 600 , 255 . 645 63 . 600 C 255 . 070 63 . 600 , 252 . 887 65 . 897 , 252 . 598 66 . 806 C 252 . 460 67 . 243 , 252 . 206 67 . 600 , 252 . 034 67 . 600 C 251 . 397 67 . 600 , 247 . 206 71 . 509 , 247 . 202 72 . 107 C 247 . 201 72 . 275 , 246 . 390 73 . 190 , 245 . 400 74 . 138 C 243 . 961 75 . 517 , 243 . 598 76 . 137 , 243 . 592 77 . 231 C 243 . 579 79 . 293 , 241 . 785 83 . 966 , 240 . 470 85 . 364 C 239 . 176 86 . 740 , 238 . 522 88 . 365 , 237 . 991 91 . 521 C 237 . 631 93 . 665 , 236 . 114 97 . 200 , 235 . 554 97 . 200 C 234 . 938 97 . 200 , 232 . 737 102 . 354 , 232 . 450 104 . 472 C 232 . 158 106 . 625 , 230 . 879 109 . 226 , 229 . 535 110 . 400 C 228 . 933 110 . 926 , 228 . 171 113 . 162 , 226 . 434 119 . 500 C 226 . 178 120 . 435 , 225 . 795 121 . 200 , 225 . 584 121 . 200 C 225 . 373 121 . 200 , 225 . 200 121 . 476 , 225 . 200 121 . 813 C 225 . 200 122 . 149 , 224 . 885 122 . 541 , 224 . 500 122 . 683 C 223 . 606 123 . 013 , 223 . 214 123 . 593 , 223 . 204 124 . 600 C 223 . 183 126 . 555 , 220 . 763 132 . 911 , 219 . 410 134 . 562 C 218 . 443 135 . 742 , 217 . 876 136 . 956 , 217 . 599 138 . 440 C 217 . 041 141 . 424 , 215 . 177 146 . 434 , 214 . 532 146 . 681 C 214 . 240 146 . 794 , 214 . 000 147 . 055 , 214 . 000 147 . 261 C 214 . 000 147 . 467 , 213 . 550 148 . 086 , 213 . 000 148 . 636 C 212 . 450 149 . 186 , 212 . 000 149 . 893 , 212 . 000 150 . 208 C 212 . 000 151 . 386 , 208 . 441 154 . 450 , 207 . 597 153 . 998 C 206 . 319 153 . 315 , 204 . 913 150 . 379 , 204 . 633 147 . 811 C 204 . 365 145 . 357 , 202 . 848 142 . 147 , 201 . 759 141 . 729 C 200 . 967 141 . 425 , 199 . 200 137 . 451 , 199 . 200 135 . 974 C 199 . 200 134 . 629 , 198 . 435 133 . 224 , 196 . 660 131 . 311 C 195 . 363 129 . 913 , 194 . 572 128 . 123 , 193 . 870 125 . 000 C 193 . 623 123 . 900 , 193 . 236 122 . 793 , 193 . 010 122 . 540 C 190 . 863 120 . 133 , 190 . 147 118 . 880 , 188 . 978 115 . 481 C 188 . 100 112 . 928 , 187 . 151 111 . 003 , 186 . 254 109 . 955 C 185 . 358 108 . 908 , 184 . 518 107 . 204 , 183 . 847 105 . 073 C 183 . 280 103 . 273 , 182 . 497 101 . 329 , 182 . 108 100 . 753 C 181 . 719 100 . 177 , 180 . 904 98 . 997 , 180 . 298 98 . 131 C 179 . 693 97 . 265 , 178 . 939 95 . 576 , 178 . 624 94 . 378 C 178 . 041 92 . 159 , 177 . 125 90 . 326 , 175 . 023 87 . 168 C 174 . 375 86 . 196 , 173 . 619 84 . 539 , 173 . 342 83 . 486 C 172 . 800 81 . 429 , 171 . 529 79 . 567 , 170 . 131 78 . 785 C 169 . 654 78 . 517 , 168 . 697 77 . 511 , 168 . 006 76 . 549 C 167 . 316 75 . 587 , 166 . 594 74 . 800 , 166 . 402 74 . 800 C 166 . 210 74 . 800 , 164 . 869 73 . 633 , 163 . 421 72 . 206 C 160 . 103 68 . 936 , 161 . 107 69 . 109 , 146 . 550 69 . 301 C 133 . 437 69 . 474 , 128 . 581 70 . 162 , 126 . 618 72 . 124 C 126 . 248 72 . 495 , 125 . 462 72 . 904 , 124 . 872 73 . 033 C 124 . 282 73 . 163 , 123 . 088 73 . 536 , 122 . 219 73 . 863 C 121 . 349 74 . 191 , 119 . 028 74 . 638 , 117 . 061 74 . 858 C 113 . 514 75 . 254 , 109 . 970 76 . 350 , 108 . 782 77 . 419 C 107 . 652 78 . 436 , 100 . 146 80 . 400 , 97 . 388 80 . 400 C 95 . 775 80 . 400 , 93 . 167 81 . 360 , 91 . 200 82 . 679 C 90 . 430 83 . 195 , 89 . 113 83 . 804 , 88 . 274 84 . 031 C 85 . 875 84 . 681 , 78 . 799 90 . 910 , 74 . 400 96 . 243 L 73 . 400 97 . 456 73 . 455 106 . 028 C 73 . 526 117 . 055 , 74 . 527 121 . 238 , 77 . 820 124 . 263 C 78 . 919 125 . 273 , 80 . 400 127 . 902 , 80 . 400 128 . 842 C 80 . 400 129 . 202 , 81 . 075 130 . 256 , 81 . 900 131 . 186 C 83 . 563 133 . 059 , 85 . 497 136 . 346 , 86 . 039 138 . 216 C 86 . 233 138 . 886 , 87 . 203 140 . 207 , 88 . 196 141 . 153 C 89 . 188 142 . 098 , 90 . 000 143 . 104 , 90 . 000 143 . 388 C 90 . 000 144 . 337 , 92 . 129 148 . 594 , 92 . 869 149 . 123 C 93 . 271 149 . 410 , 93 . 600 149 . 831 , 93 . 600 150 . 059 C 93 . 600 150 . 286 , 93 . 932 150 . 771 , 94 . 337 151 . 136 C 94 . 743 151 . 501 , 95 . 598 153 . 004 , 96 . 237 154 . 475 C 96 . 877 155 . 947 , 97 . 760 157 . 351 , 98 . 200 157 . 596 C 98 . 640 157 . 841 , 99 . 900 159 . 943 , 101 . 000 162 . 267 C 102 . 207 164 . 817 , 103 . 327 166 . 644 , 103 . 825 166 . 876 C 104 . 278 167 . 087 , 105 . 065 168 . 101 , 105 . 573 169 . 130 C 107 . 658 173 . 348 , 108 . 097 174 . 093 , 110 . 006 176 . 647 C 111 . 103 178 . 114 , 112 . 000 179 . 725 , 112 . 000 180 . 227 C 112 . 000 181 . 048 , 113 . 425 183 . 163 , 114 . 678 184 . 200 C 115 . 295 184 . 711 , 117 . 396 188 . 733 , 117 . 720 190 . 022 C 117 . 855 190 . 562 , 118 . 603 191 . 633 , 119 . 381 192 . 402 C 120 . 160 193 . 171 , 121 . 496 195 . 258 , 122 . 351 197 . 039 C 123 . 206 198 . 820 , 124 . 167 200 . 378 , 124 . 487 200 . 501 C 124 . 807 200 . 624 , 125 . 953 202 . 496 , 127 . 034 204 . 662 C 128 . 114 206 . 828 , 129 . 676 209 . 299 , 130 . 505 210 . 153 C 131 . 333 211 . 007 , 132 . 124 212 . 177 , 132 . 262 212 . 753 C 132 . 618 214 . 239 , 134 . 291 217 . 048 , 136 . 288 219 . 5
" href="/">YannStatic< / a > < / div > <!-- <button class="button button - - secondary button - - circle search - button js - search - toggle"><i class="fas fa - search"></i></button> --> <!-- <li><button class="button button - - secondary button - - circle search - button js - search - toggle"><i class="fas fa - search"></i></button></li> -->
<!-- Champ de recherche -->
< div id = "searchbox" class = "search search--dark" style = "visibility: visible" >
< div class = "main" >
< div class = "search__header" > < / div >
< div class = "search-bar" >
< div class = "search-box js-search-box" >
< div class = "search-box__icon-search" > < i class = "fas fa-search" > < / i > < / div >
< input id = "search-input" type = "text" / >
<!-- <div class="search - box__icon - clear js - icon - clear">
< a > < i class = "fas fa-times" > < / i > < / a >
< / div > -->
< / div >
< / div >
< / div >
< / div >
<!-- Script pointing to search - script.js -->
< script > / * !
* Simple-Jekyll-Search
* Copyright 2015-2020, Christian Fei
* Licensed under the MIT License.
*/
(function(){
'use strict'
var _$Templater_7 = {
compile: compile,
setOptions: setOptions
}
const options = {}
options.pattern = /\{(.*?)\}/g
options.template = ''
options.middleware = function () {}
function setOptions (_options) {
options.pattern = _options.pattern || options.pattern
options.template = _options.template || options.template
if (typeof _options.middleware === 'function') {
options.middleware = _options.middleware
}
}
function compile (data) {
return options.template.replace(options.pattern, function (match, prop) {
const value = options.middleware(prop, data[prop], options.template)
if (typeof value !== 'undefined') {
return value
}
return data[prop] || match
})
}
'use strict';
function fuzzysearch (needle, haystack) {
var tlen = haystack.length;
var qlen = needle.length;
if (qlen > tlen) {
return false;
}
if (qlen === tlen) {
return needle === haystack;
}
outer: for (var i = 0, j = 0; i < qlen ; i + + ) {
var nch = needle.charCodeAt(i);
while (j < tlen ) {
if (haystack.charCodeAt(j++) === nch) {
continue outer;
}
}
return false;
}
return true;
}
var _$fuzzysearch_1 = fuzzysearch;
'use strict'
/* removed: const _$fuzzysearch_1 = require('fuzzysearch') */;
var _$FuzzySearchStrategy_5 = new FuzzySearchStrategy()
function FuzzySearchStrategy () {
this.matches = function (string, crit) {
return _$fuzzysearch_1(crit.toLowerCase(), string.toLowerCase())
}
}
'use strict'
var _$LiteralSearchStrategy_6 = new LiteralSearchStrategy()
function LiteralSearchStrategy () {
this.matches = function (str, crit) {
if (!str) return false
str = str.trim().toLowerCase()
crit = crit.trim().toLowerCase()
return crit.split(' ').filter(function (word) {
return str.indexOf(word) >= 0
}).length === crit.split(' ').length
}
}
'use strict'
var _$Repository_4 = {
put: put,
clear: clear,
search: search,
setOptions: __setOptions_4
}
/* removed: const _$FuzzySearchStrategy_5 = require('./SearchStrategies/FuzzySearchStrategy') */;
/* removed: const _$LiteralSearchStrategy_6 = require('./SearchStrategies/LiteralSearchStrategy') */;
function NoSort () {
return 0
}
const data = []
let opt = {}
opt.fuzzy = false
opt.limit = 10
opt.searchStrategy = opt.fuzzy ? _$FuzzySearchStrategy_5 : _$LiteralSearchStrategy_6
opt.sort = NoSort
opt.exclude = []
function put (data) {
if (isObject(data)) {
return addObject(data)
}
if (isArray(data)) {
return addArray(data)
}
return undefined
}
function clear () {
data.length = 0
return data
}
function isObject (obj) {
return Boolean(obj) & & Object.prototype.toString.call(obj) === '[object Object]'
}
function isArray (obj) {
return Boolean(obj) & & Object.prototype.toString.call(obj) === '[object Array]'
}
function addObject (_data) {
data.push(_data)
return data
}
function addArray (_data) {
const added = []
clear()
for (let i = 0, len = _data.length; i < len ; i + + ) {
if (isObject(_data[i])) {
added.push(addObject(_data[i]))
}
}
return added
}
function search (crit) {
if (!crit) {
return []
}
return findMatches(data, crit, opt.searchStrategy, opt).sort(opt.sort)
}
function __setOptions_4 (_opt) {
opt = _opt || {}
opt.fuzzy = _opt.fuzzy || false
opt.limit = _opt.limit || 10
opt.searchStrategy = _opt.fuzzy ? _$FuzzySearchStrategy_5 : _$LiteralSearchStrategy_6
opt.sort = _opt.sort || NoSort
opt.exclude = _opt.exclude || []
}
function findMatches (data, crit, strategy, opt) {
const matches = []
for (let i = 0; i < data.length & & matches . length < opt . limit ; i + + ) {
const match = findMatchesInObject(data[i], crit, strategy, opt)
if (match) {
matches.push(match)
}
}
return matches
}
function findMatchesInObject (obj, crit, strategy, opt) {
for (const key in obj) {
if (!isExcluded(obj[key], opt.exclude) & & strategy.matches(obj[key], crit)) {
return obj
}
}
}
function isExcluded (term, excludedTerms) {
for (let i = 0, len = excludedTerms.length; i < len ; i + + ) {
const excludedTerm = excludedTerms[i]
if (new RegExp(excludedTerm).test(term)) {
return true
}
}
return false
}
/* globals ActiveXObject:false */
'use strict'
var _$JSONLoader_2 = {
load: load
}
function load (location, callback) {
const xhr = getXHR()
xhr.open('GET', location, true)
xhr.onreadystatechange = createStateChangeListener(xhr, callback)
xhr.send()
}
function createStateChangeListener (xhr, callback) {
return function () {
if (xhr.readyState === 4 & & xhr.status === 200) {
try {
callback(null, JSON.parse(xhr.responseText))
} catch (err) {
callback(err, null)
}
}
}
}
function getXHR () {
return window.XMLHttpRequest ? new window.XMLHttpRequest() : new ActiveXObject('Microsoft.XMLHTTP')
}
'use strict'
var _$OptionsValidator_3 = function OptionsValidator (params) {
if (!validateParams(params)) {
throw new Error('-- OptionsValidator: required options missing')
}
if (!(this instanceof OptionsValidator)) {
return new OptionsValidator(params)
}
const requiredOptions = params.required
this.getRequiredOptions = function () {
return requiredOptions
}
this.validate = function (parameters) {
const errors = []
requiredOptions.forEach(function (requiredOptionName) {
if (typeof parameters[requiredOptionName] === 'undefined') {
errors.push(requiredOptionName)
}
})
return errors
}
function validateParams (params) {
if (!params) {
return false
}
return typeof params.required !== 'undefined' & & params.required instanceof Array
}
}
'use strict'
var _$utils_9 = {
merge: merge,
isJSON: isJSON
}
function merge (defaultParams, mergeParams) {
const mergedOptions = {}
for (const option in defaultParams) {
mergedOptions[option] = defaultParams[option]
if (typeof mergeParams[option] !== 'undefined') {
mergedOptions[option] = mergeParams[option]
}
}
return mergedOptions
}
function isJSON (json) {
try {
if (json instanceof Object & & JSON.parse(JSON.stringify(json))) {
return true
}
return false
} catch (err) {
return false
}
}
var _$src_8 = {};
(function (window) {
'use strict'
let options = {
searchInput: null,
resultsContainer: null,
json: [],
success: Function.prototype,
searchResultTemplate: '< li > < a href = "{url}" title = "{desc}" > {title}< / a > < / li > ',
templateMiddleware: Function.prototype,
sortMiddleware: function () {
return 0
},
noResultsText: 'No results found',
limit: 10,
fuzzy: false,
debounceTime: null,
exclude: []
}
let debounceTimerHandle
const debounce = function (func, delayMillis) {
if (delayMillis) {
clearTimeout(debounceTimerHandle)
debounceTimerHandle = setTimeout(func, delayMillis)
} else {
func.call()
}
}
const requiredOptions = ['searchInput', 'resultsContainer', 'json']
/* removed: const _$Templater_7 = require('./Templater') */;
/* removed: const _$Repository_4 = require('./Repository') */;
/* removed: const _$JSONLoader_2 = require('./JSONLoader') */;
const optionsValidator = _$OptionsValidator_3({
required: requiredOptions
})
/* removed: const _$utils_9 = require('./utils') */;
window.SimpleJekyllSearch = function (_options) {
const errors = optionsValidator.validate(_options)
if (errors.length > 0) {
throwError('You must specify the following required options: ' + requiredOptions)
}
options = _$utils_9.merge(options, _options)
_$Templater_7.setOptions({
template: options.searchResultTemplate,
middleware: options.templateMiddleware
})
_$Repository_4.setOptions({
fuzzy: options.fuzzy,
limit: options.limit,
sort: options.sortMiddleware,
exclude: options.exclude
})
if (_$utils_9.isJSON(options.json)) {
initWithJSON(options.json)
} else {
initWithURL(options.json)
}
const rv = {
search: search
}
typeof options.success === 'function' & & options.success.call(rv)
return rv
}
function initWithJSON (json) {
_$Repository_4.put(json)
registerInput()
}
function initWithURL (url) {
_$JSONLoader_2.load(url, function (err, json) {
if (err) {
throwError('failed to get JSON (' + url + ')')
}
initWithJSON(json)
})
}
function emptyResultsContainer () {
options.resultsContainer.innerHTML = ''
}
function appendToResultsContainer (text) {
options.resultsContainer.innerHTML += text
}
function registerInput () {
options.searchInput.addEventListener('input', function (e) {
if (isWhitelistedKey(e.which)) {
emptyResultsContainer()
debounce(function () { search(e.target.value) }, options.debounceTime)
}
})
}
function search (query) {
if (isValidQuery(query)) {
emptyResultsContainer()
render(_$Repository_4.search(query), query)
}
}
function render (results, query) {
const len = results.length
if (len === 0) {
return appendToResultsContainer(options.noResultsText)
}
for (let i = 0; i < len ; i + + ) {
results[i].query = query
appendToResultsContainer(_$Templater_7.compile(results[i]))
}
}
function isValidQuery (query) {
return query & & query.length > 0
}
function isWhitelistedKey (key) {
return [13, 16, 20, 37, 38, 39, 40, 91].indexOf(key) === -1
}
function throwError (message) {
throw new Error('SimpleJekyllSearch --- ' + message)
}
})(window)
}());
< / script >
<!-- Configuration -->
< script >
SimpleJekyllSearch({
searchInput: document.getElementById('search-input'),
resultsContainer: document.getElementById('results-container'),
json: '/search.json',
//searchResultTemplate: '< li > < a href = "https://static.rnmkcy.eu{url}" > {date} {title}< / a > < / li > '
searchResultTemplate: '< li > < a href = "{url}" > {date} {title}< / a > < / li > '
})
< / script >
<!-- Fin déclaration champ de recherche --> < / div > < nav class = "navigation" >
< ul > < li class = "navigation__item" > < a href = "/archive.html" > Etiquettes< / a > < / li > < li class = "navigation__item" > < a href = "/htmldoc.html" > Documents< / a > < / li > < li class = "navigation__item" > < a href = "/liens_ttrss.html" > Liens< / a > < / li > < li class = "navigation__item" > < a href = "/aide-jekyll-text-theme.html" > Aide< / a > < / li > < / ul >
< / nav > < / div >
< / header >
< / div > < div class = "page__content" > < div class = "main" > < div class = "grid grid--reverse" >
< div class = "col-main cell cell--auto" > <!-- start custom main top snippet --> < div id = "results-container" class = "search-result js-search-result" > < / div > <!-- end custom main top snippet -->
< article itemscope itemtype = "http://schema.org/Article" > < div class = "article__header" > < header > < h1 style = "color:Tomato;" > HETZNER VPS CX11 debian 11 (ttrss)< / h1 > < / header > < / div > < meta itemprop = "headline" content = "HETZNER VPS CX11 debian 11 (ttrss)" > < div class = "article__info clearfix" > < ul class = "left-col menu" > < li >
2024-11-08 14:10:33 +01:00
< a class = "button button--secondary button--pill button--sm" style = "color:#00FFFF" href = "/archive.html?tag=vps" > vps< / a >
2024-10-31 20:18:37 +01:00
< / li > < li >
2024-11-08 14:10:33 +01:00
< a class = "button button--secondary button--pill button--sm" style = "color:#00FFFF" href = "/archive.html?tag=serveur" > serveur< / a >
2024-10-31 20:18:37 +01:00
< / li > < / ul > < ul class = "right-col menu" > < li >
< i class = "far fa-calendar-alt" > < / i > < span title = "Création" style = "color:#FF00FF" > 13 mai 2022< / span >
< span title = "Modification" style = "color:#00FF7F" > 2 juin 2022< / span > < / li > < / ul > < / div > < meta itemprop = "datePublished" content = "2022-06-02T00:00:00+02:00" >
< meta itemprop = "keywords" content = "vps,serveur" > < div class = "js-article-content" >
< div class = "layout--article" > <!-- start custom article top snippet -->
< style >
#myBtn {
display: none;
position: fixed;
bottom: 10px;
right: 10px;
z-index: 99;
font-size: 12px;
font-weight: bold;
border: none;
outline: none;
background-color: white;
color: black;
cursor: pointer;
padding: 5px;
border-radius: 4px;
}
#myBtn:hover {
background-color: #555;
}
< / style >
< button onclick = "topFunction()" id = "myBtn" title = "Haut de page" > ⇧ < / button >
< script >
//Get the button
var mybutton = document.getElementById("myBtn");
// When the user scrolls down 20px from the top of the document, show the button
window.onscroll = function() {scrollFunction()};
function scrollFunction() {
if (document.body.scrollTop > 20 || document.documentElement.scrollTop > 20) {
mybutton.style.display = "block";
} else {
mybutton.style.display = "none";
}
}
// When the user clicks on the button, scroll to the top of the document
function topFunction() {
document.body.scrollTop = 0;
document.documentElement.scrollTop = 0;
}
< / script >
<!-- end custom article top snippet -->
< div class = "article__content" itemprop = "articleBody" > < details >
< summary > < b > Afficher/cacher Sommaire< / b > < / summary >
<!-- affichage sommaire -->
< div class = "toc-aside js-toc-root" > < / div >
< / details > < p > < a href = "https://www.hetzner.com/cloud-fr" > < img src = "/images/HetznerLogo.png" alt = "HETZNER" / > < / a > < em > CX11 (1 vCore/2GoRam/20Go Nvme) Debian Buster< / em > < br / >
Datacenter : fsn1-dc14< br / >
City : Falkenstein< br / >
Country : Germany< br / >
Network zone : eu-central< / p >
< h2 id = "debian-11" > Debian 11< / h2 >
< p > < img src = "/images/debian11-logo.png" alt = "Debian Buster" width = "100" / > < / p >
< p > debian-2gb-fsn1-1 – > cx11deb11< br / >
IPv4 23.88.115.30< br / >
IPv6 2a01:4f8:c012:de47::/64< / p >
< p > Connexion SSH en “root” sans mot de passe< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > ssh root@23.88.115.30
< / code > < / pre > < / div > < / div >
< p > Le mot de passe “root” est regénérer à la première connexion< / p >
< p > Réseau< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > ip a
< / code > < / pre > < / div > < / div >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > 1: lo: < LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: < BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 96:00:01:47:75:f9 brd ff:ff:ff:ff:ff:ff
altname enp0s3
altname ens3
inet 23.88.115.30/32 brd 23.88.115.30 scope global dynamic eth0
valid_lft 84756sec preferred_lft 84756sec
inet6 2a01:4f8:c012:de47::1/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::9400:1ff:fe47:75f9/64 scope link
valid_lft forever preferred_lft forever
< / code > < / pre > < / div > < / div >
< p > Noyau et OS : < code class = "language-plaintext highlighter-rouge" > uname -a< / code > < / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > Linux debian-2gb-fsn1-1 5.10.0-14-amd64 #1 SMP Debian 5.10.113-1 (2022-04-29) x86_64 GNU/Linux
< / code > < / pre > < / div > < / div >
< p > Paramétrage fuseau < strong > Europe/Paris< / strong > : < code class = "language-plaintext highlighter-rouge" > dpkg-reconfigure tzdata< / code > < / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > Current default time zone: 'Europe/Paris'
Local time is now: Thu May 12 21:37:49 CEST 2022.
Universal Time is now: Thu May 12 19:37:49 UTC 2022.
< / code > < / pre > < / div > < / div >
< h2 id = "création-utilisateur" > Création utilisateur< / h2 >
< p > Utilisateur < strong > xoyan< / strong > < / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > useradd -m -d /home/xoyan/ -s /bin/bash xoyan
< / code > < / pre > < / div > < / div >
< p > Mot de passe < strong > xoyan< / strong > < / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > passwd xoyan
< / code > < / pre > < / div > < / div >
< p > Visudo pour les accès root via utilisateur < strong > xoyan< / strong > < / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > echo "xoyan ALL=(ALL) NOPASSWD: ALL" > > /etc/sudoers
< / code > < / pre > < / div > < / div >
< h2 id = "openssh-clé-et-script" > OpenSSH, clé et script< / h2 >
< p > < img src = "/images/openssh-logo.png" alt = "OpenSSH" / > < br / >
< u > sur l'ordinateur de bureau< / u >
Générer une paire de clé curve25519-sha256 (ECDH avec Curve25519 et SHA2) nommé < strong > cx11_ed25519< / strong > pour une liaison SSH avec le serveur KVM.< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > ssh-keygen -t ed25519 -o -a 100 -f ~/.ssh/cx11_ed25519
< / code > < / pre > < / div > < / div >
< p > Envoyer les clés publiques sur le serveur KVM< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > ssh-copy-id -i ~/.ssh/xoyize-ed25519.pub debian@141.94.77.162
< / code > < / pre > < / div > < / div >
< p > ssh-copy-id -i ~/.ssh/cx11_ed25519.pub xoyan@23.88.115.30< / p >
< p > < u > sur le serveur CX11< / u >
On se connecte< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > ssh xoyan@23.88.115.30
< / code > < / pre > < / div > < / div >
< p > Modifier la configuration serveur SSH< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > sudo nano /etc/ssh/sshd_config
< / code > < / pre > < / div > < / div >
< p > Modifier< / p >
< div class = "language-conf highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > < span class = "n" > Port< / span > < span class = "m" > 55030< / span >
< span class = "n" > PermitRootLogin< / span > < span class = "n" > no< / span >
< span class = "n" > PasswordAuthentication< / span > < span class = "n" > no< / span >
< / code > < / pre > < / div > < / div >
< p > Relancer openSSH< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > sudo systemctl restart sshd
< / code > < / pre > < / div > < / div >
< p > Accès depuis le poste distant avec la clé privée< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > ssh -p 55030 -i ~/.ssh/cx11_ed25519 xoyan@23.88.115.30
< / code > < / pre > < / div > < / div >
< p > Mise à jour dépôts< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > sudo apt update
< / code > < / pre > < / div > < / div >
< p > Hostname< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > sudo hostnamectl set-hostname cx11deb11
sudo nano /etc/hosts
< / code > < / pre > < / div > < / div >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > 127.0.1.1 cx11deb11
< / code > < / pre > < / div > < / div >
< p > Vérification< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > hostnamectl
< / code > < / pre > < / div > < / div >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > Static hostname: cx11deb11
Icon name: computer-vm
Chassis: vm
Machine ID: b039bedec059425c85145aff7d63dad5
Boot ID: f7f88437545a4d3fb1b3ff4f65707ba9
Virtualization: kvm
Operating System: Debian GNU/Linux 11 (bullseye)
Kernel: Linux 5.10.0-14-amd64
Architecture: x86-64
< / code > < / pre > < / div > < / div >
< h2 id = "outils-scripts-motd-et-ssh_rc_bash" > Outils, scripts motd et ssh_rc_bash< / h2 >
< p > < img src = "/images/bash-shell-logo.png" alt = "" / > < br / >
Installer utilitaires< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > sudo apt install rsync curl tmux jq figlet git
< / code > < / pre > < / div > < / div >
< p > Motd< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > sudo rm /etc/motd & & sudo nano /etc/motd
< / code > < / pre > < / div > < / div >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > _ _ _ _ _ _ _
___ __ __/ |/ | __| | ___ | |__ (_) __ _ _ __ / |/ |
/ __|\ \/ /| || | / _` | / _ \| '_ \ | | / _` || '_ \ | || |
| (__ > < | || | | (_| || __/| |_) || || (_| || | | | | || |
\___|/_/\_\|_||_| \__,_| \___||_.__/ |_| \__,_||_| |_| |_||_|
____ _____ ___ ___ _ _ ____ _____ ___
|___ \ |___ / ( _ ) ( _ ) / |/ || ___| |___ / / _ \
__) | |_ \ / _ \ / _ \ | || ||___ \ |_ \ | | | |
/ __/ ___) |_| (_) || (_) |_ | || | ___) |_ ___) || |_| |
|_____||____/(_)\___/ \___/(_)|_||_||____/(_)|____/ \___/
< / code > < / pre > < / div > < / div >
< p > Script < strong > ssh_rc_bash< / strong > < / p >
< blockquote >
< p > < strong > ATTENTION!!! Les scripts sur connexion peuvent poser des problèmes pour des appels externes autres que ssh< / strong > < / p >
< / blockquote >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > wget https://static.xoyaz.xyz/files/ssh_rc_bash
chmod +x ssh_rc_bash # rendre le bash exécutable
./ssh_rc_bash # exécution
< / code > < / pre > < / div > < / div >
< p > < img src = "/images/cx11-debian.png" alt = "" / > < / p >
< h2 id = "zone-dns-ovh" > Zone DNS OVH< / h2 >
< p > < img src = "/images/dns-logo.png" alt = "dns" / > < / p >
< pre > < code class = "language-dns" > $TTL 3600
@ IN SOA dns106.ovh.net. tech.ovh.net. (2022041500 86400 3600 3600000 300)
IN NS ns106.ovh.net.
IN NS dns106.ovh.net.
IN A 23.88.115.30
IN AAAA 2a01:4f8:c012:de47::1
IN CAA 128 issue "letsencrypt.org"
* IN A 23.88.115.30
* IN AAAA 2a01:4f8:c012:de47::1
< / code > < / pre >
< h2 id = "parefeu-ufw" > Parefeu UFW< / h2 >
< p > < img src = "/images/ufw-logo.png" alt = "ufw" / > < br / >
< em > UFW, ou pare - feu simple , est une interface pour gérer les règles de pare-feu dans Arch Linux, Debian ou Ubuntu. UFW est utilisé via la ligne de commande (bien qu’ il dispose d’ interfaces graphiques disponibles), et vise à rendre la configuration du pare-feu facile.< / em > < / p >
< p > Installation < strong > Debian / Ubuntu< / strong > < / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > sudo apt install ufw
< / code > < / pre > < / div > < / div >
< p > < em > Par défaut, les jeux de règles d’ UFW sont vides, de sorte qu’ il n’ applique aucune règle de pare-feu, même lorsque le démon est en cours d’ exécution.< / em > < / p >
< p > Les règles< / p >
< div class = "language-bash highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > < span class = "nb" > sudo < / span > ufw allow 55030/tcp < span class = "c" > # port SSH< / span >
< span class = "nb" > sudo < / span > ufw allow http < span class = "c" > # port 80< / span >
< span class = "nb" > sudo < / span > ufw allow https < span class = "c" > # port 443< / span >
< span class = "nb" > sudo < / span > ufw allow DNS < span class = "c" > # port 53< / span >
< / code > < / pre > < / div > < / div >
< p > Activer le parefeu< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > sudo ufw enable
< / code > < / pre > < / div > < / div >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup
< / code > < / pre > < / div > < / div >
< p > Status< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > sudo ufw status verbose
< / code > < / pre > < / div > < / div >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
To Action From
-- ------ ----
80/tcp ALLOW IN Anywhere
443 ALLOW IN Anywhere
53 (DNS) ALLOW IN Anywhere
55030/tcp ALLOW IN Anywhere
80/tcp (v6) ALLOW IN Anywhere (v6)
443 (v6) ALLOW IN Anywhere (v6)
53 (DNS (v6)) ALLOW IN Anywhere (v6)
55030/tcp (v6) ALLOW IN Anywhere (v6)
< / code > < / pre > < / div > < / div >
< h2 id = "nginx-compilation-php8-mariadb" > Nginx compilation, PHP8, MariaDB< / h2 >
< h3 id = "nginx-compilé" > Nginx compilé< / h3 >
< p > < img src = "/images/nginx-logo.png" alt = "" / > < / p >
< p > Utilisateur avec droits sudo< / p >
< p > Télécharger le bash< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > wget https://static.xoyaz.xyz/files/compilation-nginx-tls1.3.sh
chmod +x compilation-nginx-tls1.3.sh # rendre le bash exécutable
./compilation-nginx-tls1.3.sh # exécution
< / code > < / pre > < / div > < / div >
< p > A la fin de la compilation< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > Versions Nginx OpenSSL
nginx version: nginx/1.20.2
OpenSSL 1.1.1n 15 Mar 2022
< / code > < / pre > < / div > < / div >
< h3 id = "php8-et-composer" > PHP8 et composer< / h3 >
< p > < img src = "/images/php8-logo.png" alt = "" / > < / p >
< p > Ajout du dépôt sury.org< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > sudo -s
< / code > < / pre > < / div > < / div >
< p > Pour installer la version de 8 de php, ajouter le dépôt sury.< / p >
< div class = "language-bash highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > apt < span class = "nb" > install< / span > < span class = "nt" > -y< / span > lsb-release apt-transport-https ca-certificates wget
wget < span class = "nt" > -O< / span > /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
< span class = "nb" > echo< / span > < span class = "s2" > "deb https://packages.sury.org/php/ < / span > < span class = "si" > $(< / span > lsb_release < span class = "nt" > -sc< / span > < span class = "si" > )< / span > < span class = "s2" > main"< / span > |tee /etc/apt/sources.list.d/php.list
< / code > < / pre > < / div > < / div >
< p > Mise à jour des dépôts :< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > apt update & & apt upgrade -y
< / code > < / pre > < / div > < / div >
< p > Installation de php8.1, php8.1-fpm, php8.1-sqlite3 et les paquets PHP nécessaires à nextcloud< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > apt -y install php8.1 php8.1-fpm php8.1-sqlite3 php8.1-cli php8.1-gd php8.1-imap php8.1-mysql php8.1-soap php8.1-apcu php8.1-common php8.1-gmp php8.1-intl php8.1-opcache php8.1-xml php8.1-curl php8.1-igbinary php8.1-readline php8.1-zip php8.1-bcmath php8.1-imagick php8.1-mbstring php8.1-redis imagemagick
< / code > < / pre > < / div > < / div >
< p class = "warning" > Nextcloud n’ accepte pas les versions PHP > 8.0< / p >
< p > Composer< / p >
< div class = "language-bash highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > wget https://getcomposer.org/download/latest-stable/composer.phar
< span class = "nb" > chmod< / span > +x composer.phar
< span class = "nb" > mv < / span > composer.phar /usr/local/bin/composer
< / code > < / pre > < / div > < / div >
< p > < img src = "/images/composer-version235.png" alt = "composer" / > < / p >
< h3 id = "mariadb" > MariaDB< / h3 >
< p > < img src = "/images/mariadb-logo.png" alt = "" / > < br / >
installer les paquets de MariaDB< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > sudo apt install mariadb-server
< / code > < / pre > < / div > < / div >
< p > Une fois que l’ installation des composants est terminée, tapez la commande suivante pour finaliser la configuration.< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > sudo mysql_secure_installation
< / code > < / pre > < / div > < / div >
< p > Tapez Enter directement à la première question car le mot de passe de l’ utilisateur root de MariaDB est vide par défaut après l’ installation.< br / >
Puis répondez Y à la question suivante pour spécifier le mot de passe de l’ utilisateur root de MariaDB qui, une fois de plus, est différent de l’ utilisateur root de votre Debian.< br / >
Cet utilisateur root de la base de données aura tous les droits d’ accès. Pour des raisons évidentes de sécurité, je vous recommande d’ utiliser un mot de passe complexe !< br / >
Et vous pouvez répondre Y à toutes les questions suivantes: les connexions anonymes seront désactivées, ainsi que les connexions root qui se font depuis un serveur autre que le votre…< / p >
< h2 id = "certificats-lets-encrypt" > Certificats Let’ s Encrypt< / h2 >
< p > < img src = "/images/letsencrypt-logo1.png" alt = "letsencrypt" / > < / p >
< p > Installation gestionnaire des certificats Let’ s Encrypt< / p >
< div class = "language-bash highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > < span class = "nb" > cd< / span > ~
< span class = "nb" > sudo < / span > apt < span class = "nb" > install < / span > socat < span class = "c" > # installé par défaut sur debian 11< / span >
git clone https://github.com/acmesh-official/acme.sh.git
< span class = "nb" > cd < / span > acme.sh
./acme.sh < span class = "nt" > --install< / span >
< / code > < / pre > < / div > < / div >
< p > Se déconnecter puis se reconnecter utilisateur< / p >
< p > Les clés OVH API< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > export OVH_AK="xxxxxxxxxxxxxxxxxx"
export OVH_AS="yyyyyyyyyyyyyyyyyyyyyyyyyyyy"
< / code > < / pre > < / div > < / div >
< p > Génération des certificats< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > acme.sh --dns dns_ovh --server letsencrypt --issue --keylength ec-384 -d 'xoyize.xyz' -d '*.xoyize.xyz'
< / code > < / pre > < / div > < / div >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > [...]
[mar. 22 févr. 2022 15:23:38 CET] Please open this link to do authentication: https://eu.api.ovh.com/auth/?credentialToken=vIuaavkgBGdip2UEPjSev9WhruI2REfzawQy31tV7mkOAVnj5NQUwD0XKUFKbaI1
[...]
< / code > < / pre > < / div > < / div >
< p > Après authentification relancer la commande< / p >
< p > Résultat de l’ installation< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > [Thu 12 May 2022 10:34:09 PM CEST] Your cert is in: /home/xoyan//.acme.sh/xoyize.xyz_ecc/xoyize.xyz.cer
[Thu 12 May 2022 10:34:09 PM CEST] Your cert key is in: /home/xoyan//.acme.sh/xoyize.xyz_ecc/xoyize.xyz.key
[Thu 12 May 2022 10:34:09 PM CEST] The intermediate CA cert is in: /home/xoyan//.acme.sh/xoyize.xyz_ecc/ca.cer
[Thu 12 May 2022 10:34:09 PM CEST] And the full chain certs is there: /home/xoyan//.acme.sh/xoyize.xyz_ecc/fullchain.cer
< / code > < / pre > < / div > < / div >
< p > Installation des certificats< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > sudo mkdir -p /etc/ssl/private/
sudo chown $USER -R /etc/ssl/private/
acme.sh --ecc --install-cert -d 'xoyize.xyz' -d '*.xoyize.xyz' --key-file /etc/ssl/private/xoyize.xyz-key.pem --fullchain-file /etc/ssl/private/xoyize.xyz-fullchain.pem --reloadcmd 'sudo systemctl reload nginx.service'
< / code > < / pre > < / div > < / div >
< p > Résultat< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > [Thu 12 May 2022 10:34:47 PM CEST] Installing key to: /etc/ssl/private/xoyize.xyz-key.pem
[Thu 12 May 2022 10:34:47 PM CEST] Installing full chain to: /etc/ssl/private/xoyize.xyz-fullchain.pem
[Thu 12 May 2022 10:34:47 PM CEST] Run reload cmd: sudo systemctl reload nginx.service
[Thu 12 May 2022 10:34:47 PM CEST] Reload success
< / code > < / pre > < / div > < / div >
< p class = "warning" > Supprimer ` – reloadcmd ‘ sudo systemctl reload nginx.service’ ` à la ligne précédente si Nginx n’ est pas installé< / p >
< p > Editer le crontab, supprimer la ligne existante et ajouter ce qui suit< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > crontab -e
< / code > < / pre > < / div > < / div >
< div class = "language-bash highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > 2 0 < span class = "k" > *< / span > < span class = "k" > *< / span > < span class = "k" > *< / span > < span class = "s2" > "/home/xoyan/.acme.sh"< / span > /acme.sh < span class = "nt" > --cron< / span > < span class = "nt" > --home< / span > < span class = "s2" > "/home/xoyan/.acme.sh"< / span > < span class = "nt" > --renew-hook< / span > < span class = "s2" > "/home/xoyan/.acme.sh/acme.sh --ecc --install-cert -d 'xoyize.xyz' -d '*.xoyize.xyz' --key-file /etc/ssl/private/xoyize.xyz-key.pem --fullchain-file /etc/ssl/private/xoyize.xyz-fullchain.pem --reloadcmd 'sudo systemctl reload nginx.service'"< / span > < span class = "o" > > < / span > /dev/null
< / code > < / pre > < / div > < / div >
< h2 id = "configuration-nginx" > Configuration nginx< / h2 >
< p > On va regrouper TLS/SSL, HSTS et OCSP dans le fichier de configuration global < code class = "language-plaintext highlighter-rouge" > /etc/nginx/tls-hsts-ocsp.conf< / code > < / p >
< div class = "language-nginx highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > < span class = "c1" > # Certificats Let's Encrypt < / span >
< span class = "k" > ssl_certificate< / span > < span class = "n" > /etc/ssl/private/xoyize.xyz-fullchain.pem< / span > < span class = "p" > ;< / span >
< span class = "k" > ssl_certificate_key< / span > < span class = "n" > /etc/ssl/private/xoyize.xyz-key.pem< / span > < span class = "p" > ;< / span >
< span class = "c1" > # TLS 1.3 only< / span >
< span class = "k" > ssl_protocols< / span > < span class = "s" > TLSv1.3< / span > < span class = "p" > ;< / span >
< span class = "k" > ssl_prefer_server_ciphers< / span > < span class = "no" > off< / span > < span class = "p" > ;< / span >
< span class = "c1" > # HSTS (ngx_http_headers_module is required) (63072000 seconds)< / span >
< span class = "k" > add_header< / span > < span class = "s" > Strict-Transport-Security< / span > < span class = "s" > "max-age=63072000"< / span > < span class = "s" > always< / span > < span class = "p" > ;< / span >
< span class = "c1" > # OCSP stapling< / span >
< span class = "k" > ssl_stapling< / span > < span class = "no" > on< / span > < span class = "p" > ;< / span >
< span class = "k" > ssl_stapling_verify< / span > < span class = "no" > on< / span > < span class = "p" > ;< / span >
< span class = "c1" > # verify chain of trust of OCSP response using Root CA and Intermediate certs< / span >
< span class = "k" > ssl_trusted_certificate< / span > < span class = "n" > /etc/ssl/private/xoyize.xyz-fullchain.pem< / span > < span class = "p" > ;< / span >
< span class = "c1" > # replace with the IP address of your resolver< / span >
< span class = "k" > resolver< / span > < span class = "mf" > 1.1< / span > < span class = "s" > .1.1< / span > < span class = "p" > ;< / span >
< / code > < / pre > < / div > < / div >
< p > < strong > xoyize.xyz.conf< / strong > < / p >
< p > Créer le fichier < code class = "language-plaintext highlighter-rouge" > /etc/nginx/conf.d/xoyize.xyz.conf< / code > < / p >
< div class = "language-nginx highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > < span class = "k" > server< / span > < span class = "p" > {< / span >
< span class = "kn" > listen< / span > < span class = "mi" > 80< / span > < span class = "p" > ;< / span >
< span class = "kn" > listen< / span > < span class = "s" > [::]:80< / span > < span class = "p" > ;< / span >
< span class = "kn" > server_name< / span > < span class = "s" > xoyize.xyz< / span > < span class = "p" > ;< / span >
< span class = "kn" > return< / span > < span class = "mi" > 301< / span > < span class = "s" > https://< / span > < span class = "nv" > $host$request_uri< / span > < span class = "p" > ;< / span >
< span class = "p" > }< / span >
< span class = "k" > server< / span > < span class = "p" > {< / span >
< span class = "kn" > listen< / span > < span class = "mi" > 443< / span > < span class = "s" > ssl< / span > < span class = "s" > http2< / span > < span class = "p" > ;< / span >
< span class = "kn" > listen< / span > < span class = "s" > [::]:443< / span > < span class = "s" > ssl< / span > < span class = "s" > http2< / span > < span class = "p" > ;< / span >
< span class = "kn" > server_name< / span > < span class = "s" > xoyize.xyz< / span > < span class = "p" > ;< / span >
< span class = "kn" > root< / span > < span class = "n" > /var/www/default-www< / span > < span class = "p" > ;< / span >
< span class = "kn" > index< / span > < span class = "s" > index.html< / span > < span class = "s" > index.php< / span > < span class = "p" > ;< / span >
< span class = "c1" > # Certificats Let's Encrypt < / span >
< span class = "c1" > # TLS 1.3 only< / span >
< span class = "c1" > # HSTS (ngx_http_headers_module is required) (63072000 seconds)< / span >
< span class = "c1" > # OCSP stapling< / span >
< span class = "c1" > # replace with the IP address of your resolver< / span >
< span class = "kn" > include< / span > < span class = "n" > /etc/nginx/tls-hsts-ocsp.conf< / span > < span class = "p" > ;< / span >
< span class = "c1" > # fichiers de configuration< / span >
< span class = "kn" > include< / span > < span class = "n" > /etc/nginx/conf.d/xoyize.xyz.d/*.conf< / span > < span class = "p" > ;< / span >
< span class = "kn" > location< / span > < span class = "p" > ~< / span > < span class = "sr" > \.php$< / span > < span class = "p" > {< / span >
< span class = "kn" > include< / span > < span class = "s" > php_fastcgi.conf< / span > < span class = "p" > ;< / span >
< span class = "kn" > fastcgi_pass< / span > < span class = "s" > unix:/run/php/php8.1-fpm.sock< / span > < span class = "p" > ;< / span >
< span class = "p" > }< / span >
< span class = "p" > }< / span >
< / code > < / pre > < / div > < / div >
< p > Créer le sous-dossier< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > sudo mkdir -p /etc/nginx/conf.d/xoyize.xyz.d/
< / code > < / pre > < / div > < / div >
< p > Vérifier< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > sudo nginx -t
< / code > < / pre > < / div > < / div >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
< / code > < / pre > < / div > < / div >
< p > Recharger nginx< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > sudo systemctl reload nginx
< / code > < / pre > < / div > < / div >
< h2 id = "page-daccueil-xoyizexyz" > Page d’ accueil xoyize.xyz< / h2 >
< p > Déposer une image < code class = "language-plaintext highlighter-rouge" > wallpaper.jpg< / code > dans le dossier < code class = "language-plaintext highlighter-rouge" > /var/www/default-www< / code > < / p >
< p > Créer un fichier < code class = "language-plaintext highlighter-rouge" > /var/www/default-www/index.html< / code > < / p >
< div class = "language-html highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > < span class = "cp" > < !DOCTYPE html> < / span >
< span class = "nt" > < html> < / span >
< span class = "nt" > < head> < / span >
< span class = "nt" > < meta< / span > < span class = "na" > charset=< / span > < span class = "s" > "UTF-8"< / span > < span class = "nt" > > < / span >
< span class = "nt" > < title> < / span > xoyize.xyz< span class = "nt" > < /title> < / span >
< span class = "nt" > < style < / span > < span class = "na" > type=< / span > < span class = "s" > "text/css"< / span > < span class = "na" > media=< / span > < span class = "s" > "screen"< / span > < span class = "nt" > > < / span >
< span class = "nt" > html< / span > < span class = "p" > {< / span >
< span class = "nl" > margin< / span > < span class = "p" > :< / span > < span class = "m" > 0< / span > < span class = "p" > ;< / span >
< span class = "nl" > padding< / span > < span class = "p" > :< / span > < span class = "m" > 0< / span > < span class = "p" > ;< / span >
< span class = "nl" > background< / span > < span class = "p" > :< / span > < span class = "sx" > url(wallpaper.jpg)< / span > < span class = "nb" > no-repeat< / span > < span class = "nb" > center< / span > < span class = "nb" > fixed< / span > < span class = "p" > ;< / span >
< span class = "nl" > -webkit-background-size< / span > < span class = "p" > :< / span > < span class = "n" > cover< / span > < span class = "p" > ;< / span > < span class = "c" > /* pour anciens Chrome et Safari */< / span >
< span class = "nl" > background-size< / span > < span class = "p" > :< / span > < span class = "n" > cover< / span > < span class = "p" > ;< / span > < span class = "c" > /* version standardisée */< / span >
< span class = "p" > }< / span >
< span class = "nt" > body< / span > < span class = "p" > {< / span > < span class = "nl" > color< / span > < span class = "p" > :< / span > < span class = "no" > white< / span > < span class = "p" > ;< / span > < span class = "p" > }< / span >
< span class = "nt" > a< / span > < span class = "nd" > :link< / span > < span class = "p" > {< / span >
< span class = "nl" > color< / span > < span class = "p" > :< / span > < span class = "n" > grey< / span > < span class = "p" > ;< / span >
< span class = "nl" > background-color< / span > < span class = "p" > :< / span > < span class = "nb" > transparent< / span > < span class = "p" > ;< / span >
< span class = "nl" > text-decoration< / span > < span class = "p" > :< / span > < span class = "nb" > none< / span > < span class = "p" > ;< / span >
< span class = "p" > }< / span >
< span class = "nt" > a< / span > < span class = "p" > {< / span >
< span class = "nl" > text-decoration< / span > < span class = "p" > :< / span > < span class = "nb" > underline< / span > < span class = "p" > ;< / span >
< span class = "nl" > background-color< / span > < span class = "p" > :< / span > < span class = "nb" > transparent< / span > < span class = "p" > ;< / span >
< span class = "nl" > color< / span > < span class = "p" > :< / span > < span class = "m" > #a00< / span > < span class = "p" > ;< / span >
< span class = "p" > }< / span >
< span class = "nt" > a< / span > < span class = "nd" > :visited< / span > < span class = "p" > {< / span >
< span class = "nl" > color< / span > < span class = "p" > :< / span > < span class = "m" > #844< / span > < span class = "p" > ;< / span >
< span class = "p" > }< / span >
< span class = "nt" > a< / span > < span class = "nd" > :hover< / span > < span class = "o" > ,< / span > < span class = "nt" > a< / span > < span class = "nd" > :focus< / span > < span class = "o" > ,< / span > < span class = "nt" > a< / span > < span class = "nd" > :active< / span > < span class = "p" > {< / span >
< span class = "nl" > text-decoration< / span > < span class = "p" > :< / span > < span class = "nb" > none< / span > < span class = "p" > ;< / span >
< span class = "nl" > color< / span > < span class = "p" > :< / span > < span class = "no" > white< / span > < span class = "p" > ;< / span >
< span class = "nl" > background< / span > < span class = "p" > :< / span > < span class = "m" > #800< / span > < span class = "p" > ;< / span >
< span class = "p" > }< / span >
< span class = "nt" > < /style> < / span >
< span class = "nt" > < /head> < / span >
< span class = "nt" > < body> < / span >
< span class = "nt" > < h1> < / span > Serveur xoyize.xyz< span class = "nt" > < /h1> < / span >
< span class = "nt" > < /body> < / span >
< span class = "nt" > < /html> < / span >
< / code > < / pre > < / div > < / div >
< p > Lien < a href = "https://xoyize.xyz" > https://xoyize.xyz< / a > < br / >
< img src = "/images/cx11_xoyize_xyz.png" alt = "" width = "500" / > < / p >
< h2 id = "fail2ban" > Fail2Ban< / h2 >
< p > < img src = "/images/fail2ban.png" alt = "" / > < br / >
Installation< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > sudo apt install fail2ban
< / code > < / pre > < / div > < / div >
< p > Le fichier de configuration principal est le jail.conf mais nous n’ allons pas l’ utiliser directement car ce fichier est souvent altéré après les mises à niveau. Pour cela nous allons faire une copie de ce fichier et le nommer jail.local avec la commande ci-après: cp jail.conf jail.local (en étant dans le répertoire /etc/fail2ban)< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
< / code > < / pre > < / div > < / div >
< p > Nous allons à présent définir nos options dans le fichier jail.local
Les options à définir sont en dessous de la section < code class = "language-plaintext highlighter-rouge" > [DEFAULT]< / code > (la section qui vient après < code class = "language-plaintext highlighter-rouge" > [INCLUDES]< / code > )< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > sudo nano /etc/fail2ban/jail.local
< / code > < / pre > < / div > < / div >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > # "bantime" is the number of seconds that a host is banned.
bantime = 10m
# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime = 10m
# "maxretry" is the number of failures before a host get banned.
maxretry = 5
< / code > < / pre > < / div > < / div >
< p > Et ajouter les lignes suivantes en fin de fichier< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > [ssh]
enabled = true
port = 55030
filter = sshd
logpath = /var/log/auth.log
[ssh-ddos]
enabled = true
port = 55030
filter = sshd-ddos
logpath = /var/log/auth.log
#
# HTTP servers
#
[nginx-auth]
enabled = true
filter = nginx-auth
action = iptables-multiport[name=NoAuthFailures, port="http,https"]
logpath = /var/log/nginx/*error*.log
[nginx-login]
enabled = false
filter = nginx-login
action = iptables-multiport[name=NoLoginFailures, port="http,https"]
logpath = /var/log/nginx/*access*.log
[nginx-badbots]
enabled = true
filter = apache-badbots
action = iptables-multiport[name=BadBots, port="http,https"]
logpath = /var/log/nginx/*access*.log
maxretry = 1
[nginx-proxy]
enabled = true
action = iptables-multiport[name=NoProxy, port="http,https"]
filter = nginx-proxy
logpath = /var/log/nginx/*access*.log
maxretry = 0
[nginx-dos]
enabled = true
port = http
filter = nginx-dos
logpath = /var/log/nginx/*access*.log
findtime = 120
maxretry = 200
< / code > < / pre > < / div > < / div >
< p > Configuration des filtres en mode sudo< / p >
< p > Les fichiers de configuration de filtre sont stockés dans < code class = "language-plaintext highlighter-rouge" > /etc/fail2ban/filter.d/< / code > < / p >
< div class = "language-bash highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > < span class = "nb" > cat< / span > < span class = "o" > > < / span > /etc/fail2ban/filter.d/nginx-auth.conf < span class = "o" > < < < / span > < span class = "no" > EOF< / span > < span class = "sh" >
#
# Auth filter /etc/fail2ban/filter.d/nginx-auth.conf:
#
# Blocks IPs that makes too much accesses to the server
#
[Definition]
failregex = ^< HOST> -.*"(GET|POST).*HTTP.*"
ignoreregex =
< / span > < span class = "no" > EOF
< / span > < span class = "nb" > cat< / span > < span class = "o" > > < / span > /etc/fail2ban/filter.d/nginx-dos.conf < span class = "o" > < < < / span > < span class = "no" > EOF< / span > < span class = "sh" >
#
# Ddos filter /etc/fail2ban/filter.d/nginx-dos.conf:
#
# Block IPs trying to ddos the server.
#
#
[Definition]
failregex = ^< HOST> -.*"(GET|POST).*HTTP.*"
ignoreregex =
< / span > < span class = "no" > EOF
< / span > < span class = "nb" > cat< / span > < span class = "o" > > < / span > /etc/fail2ban/filter.d/nginx-login.conf < span class = "o" > < < < / span > < span class = "no" > EOF< / span > < span class = "sh" >
#
# Login filter /etc/fail2ban/filter.d/nginx-login.conf:
#
# Blocks IPs that fail to authenticate using web application's log in page
#
# Scan access log for HTTP 200 + POST /sessions => failed log in
#
[Definition]
failregex = ^< HOST> -.*POST /wp-login.php.* HTTP/1< / span > < span class = "se" > \.< / span > < span class = "sh" > ." 200
ignoreregex =
< / span > < span class = "no" > EOF
< / span > < span class = "nb" > cat< / span > < span class = "o" > > < / span > /etc/fail2ban/filter.d/nginx-noscript.conf < span class = "o" > < < < / span > < span class = "no" > EOF< / span > < span class = "sh" >
#
# Noscript filter /etc/fail2ban/filter.d/nginx-noscript.conf:
#
# Block IPs trying to execute scripts such as .php, .pl, .exe and other funny scripts.
#
# Matches e.g.
# 192.168.1.1 - - "GET /something.php
#
[Definition]
failregex = ^< HOST> -.*GET.*(< / span > < span class = "se" > \.< / span > < span class = "sh" > php|< / span > < span class = "se" > \.< / span > < span class = "sh" > asp|< / span > < span class = "se" > \.< / span > < span class = "sh" > exe|< / span > < span class = "se" > \.< / span > < span class = "sh" > pl|< / span > < span class = "se" > \.< / span > < span class = "sh" > cgi|< / span > < span class = "se" > \s< / span > < span class = "sh" > cgi)
ignoreregex =
< / span > < span class = "no" > EOF
< / span > < span class = "nb" > cat< / span > < span class = "o" > > < / span > /etc/fail2ban/filter.d/nginx-proxy.conf < span class = "o" > < < < / span > < span class = "no" > EOF< / span > < span class = "sh" >
#
# Proxy filter /etc/fail2ban/filter.d/nginx-proxy.conf:
#
# Block IPs trying to use server as proxy.
#
# Matches e.g.
# 192.168.1.1 - - "GET http://www.something.com/
#
[Definition]
failregex = ^< HOST> -.*GET http.*
ignoreregex =
< / span > < span class = "no" > EOF
< / span > < span class = "nb" > cat< / span > < span class = "o" > > < / span > /etc/fail2ban/filter.d/sshd-ddos.conf < span class = "o" > < < < / span > < span class = "no" > EOF< / span > < span class = "sh" >
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "< HOST> " can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P< host> [< / span > < span class = "se" > \w\-< / span > < span class = "sh" > .^_]+)
# Values: TEXT
#
failregex = sshd(?:< / span > < span class = "se" > \[\d< / span > < span class = "sh" > +< / span > < span class = "se" > \]< / span > < span class = "sh" > )?: Did not receive identification string from < HOST> $
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
< / span > < span class = "no" > EOF
< / span > < / code > < / pre > < / div > < / div >
< p > Après les modifications, relancer fail2ban< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > systemctl restart fail2ban
< / code > < / pre > < / div > < / div >
< p > Tester les règles fail2ban< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > fail2ban-client -d
< / code > < / pre > < / div > < / div >
< p > Statut< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > systemctl status fail2ban
< / code > < / pre > < / div > < / div >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > ● fail2ban.service - Fail2Ban Service
Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2022-05-12 22:55:57 CEST; 22s ago
Docs: man:fail2ban(1)
Process: 34350 ExecStartPre=/bin/mkdir -p /run/fail2ban (code=exited, status=0/SUCCESS)
Main PID: 34351 (fail2ban-server)
Tasks: 17 (limit: 2276)
Memory: 16.8M
CPU: 288ms
CGroup: /system.slice/fail2ban.service
└─34351 /usr/bin/python3 /usr/bin/fail2ban-server -xf start
May 12 22:55:57 cx11deb11 systemd[1]: Starting Fail2Ban Service...
May 12 22:55:57 cx11deb11 systemd[1]: Started Fail2Ban Service.
May 12 22:55:58 cx11deb11 fail2ban-server[34351]: Server ready
< / code > < / pre > < / div > < / div >
< h2 id = "tiny-tiny-rss" > Tiny Tiny RSS< / h2 >
< p > < img src = "/images/ttrss-logo-a.png" alt = "" / > < br / >
< a href = "/2022/04/12/Flux-RSS-Tiny-Tiny-RSS-avec-Nginx-PHP-FPM-et-MariaDB" > Flux RSS - Tiny Tiny RSS Nginx PHP-FPM MariaDB< / a > < br / >
< em > Côté client, seul un navigateur est nécessaire, côté serveur, Tiny Tiny RSS a besoin d’ un serveur web (Nginx), de PHP, d’ une interface permettant la communication entre le serveur web et PHP (PHP-FPM) et d’ une base de données (MariaDB). Amélioration des performances de tt-rss grâce à OPCache ,sécurisation des échanges grâce à un certificat SSL/TLS.< / em > < / p >
< p > PHP8.0 pour < strong > Tiny Tiny RSS< / strong > < / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > sudo apt-get install php8.0-fpm php8.0-cli php8.0-mysql php8.0-xml php8.0-mbstring php8.0-curl php8.0-gd php8.0-intl
< / code > < / pre > < / div > < / div >
< p > Télécharger les sources de tt-rss dans le root du site web :< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > sudo -s
# git clone https://git-gitea.tt-rss.org/schafdog/tt-rss /var/www/ttrss
git clone https://gitea.cinay.eu/yann/ttrss /var/www/ttrss
< / code > < / pre > < / div > < / div >
< p > Modifier le propriétaire du répertoire /var/www/ttrss et l’ attribuer à un nouvel utilisateur dédié ttrss
Nginx est lancé sous l’ utilisateur www-data et doit avoir accès en lecture au répertoire /var/www/ttrss pour lire les ressources statiques (HTML, CSS, JS, etc.).
Attribuer le répertoire /var/www/ttrss au groupe www-data.< / p >
< div class = "language-bash highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > useradd ttrss < span class = "c" > # création utilisateur dédié ttrss< / span >
< span class = "nb" > chown< / span > < span class = "nt" > -R< / span > ttrss:www-data /var/www/ttrss < span class = "c" > # changement de propriétaire par ttrss et groupe par www-data< / span >
< / code > < / pre > < / div > < / div >
< p > Retirer toutes les permissions de ce répertoire aux autres utilisateurs.< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > chmod -R o-rwx /var/www/ttrss
< / code > < / pre > < / div > < / div >
< p > Création des répertoires spécifiques< / p >
< div class = "language-bash highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > < span class = "nb" > mkdir< / span > < span class = "nt" > -p< / span > /var/www/ttrss/cache
< span class = "nb" > mkdir< / span > < span class = "nt" > -p< / span > /var/www/ttrss/cache/< span class = "o" > {< / span > < span class = "nb" > export< / span > ,feeds,images,upload< span class = "o" > }< / span >
< span class = "nb" > chmod < / span > 777 < span class = "nt" > -R< / span > /var/www/ttrss/cache < span class = "c" > # droits complets< / span >
< span class = "nb" > mkdir< / span > < span class = "nt" > -p< / span > /var/www/ttrss/< span class = "o" > {< / span > lock,feed-icons< span class = "o" > }< / span >
< span class = "nb" > chmod < / span > 777 < span class = "nt" > -R< / span > /var/www/ttrss/< span class = "o" > {< / span > lock,feed-icons< span class = "o" > }< / span >
< / code > < / pre > < / div > < / div >
< p > Création du pool php-fpm dédié à Tiny Tiny RSS< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > nano /etc/php/8.0/fpm/pool.d/ttrss.conf
< / code > < / pre > < / div > < / div >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > [ttrss]
listen = /run/php/php8.0-fpm-ttrss.sock
listen.owner = ttrss
listen.group = www-data
user = ttrss
group = www-data
pm = ondemand
pm.max_children = 6
pm.process_idle_timeout = 60s
pm.max_requests = 500
< / code > < / pre > < / div > < / div >
< p > PHP - OPcache< / p >
< p > Vérifier et/ou activer option opcache< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > nano /etc/php/8.0/fpm/php.ini
< / code > < / pre > < / div > < / div >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > [opcache]
opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1
< / code > < / pre > < / div > < / div >
< p > Redémarrer le service php-fpm< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > systemctl restart php8.0-fpm.service
< / code > < / pre > < / div > < / div >
< p > Connexion mariadb et créer la base de données ttrss< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > mysql -uroot -e "CREATE DATABASE ttrss;"
< / code > < / pre > < / div > < / div >
< p > à partir d’ une sauvegarde< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > mysql -uroot < ttrss.sql
< / code > < / pre > < / div > < / div >
< p > Créer un utilisateur MySQL ttrss dédié à la base de données ttrss, renseigner un mot de passe et ensuite lui donner les droits sur cette base de données :< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > mysql -uroot -e "CREATE USER 'ttrss'@'localhost'; SET password FOR 'ttrss'@'localhost' = password('mon_password_base_ttrss'); GRANT ALL PRIVILEGES ON ttrss.* TO 'ttrss'@'localhost' IDENTIFIED BY 'mon_password_base_ttrss'; FLUSH PRIVILEGES;"
< / code > < / pre > < / div > < / div >
< p > Si pas sauvegarde , importer le schéma< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > mysql -uttrss -pmon_password_base_ttrss ttrss < /var/www/ttrss/sql/mysql/schema.sql
< / code > < / pre > < / div > < / div >
< p > Update< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > sudo -s
su ttrss
$ php update.php --update-schema
exit
< / code > < / pre > < / div > < / div >
< p > Configuration ttrss< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > /var/www/ttrss/config.php
< / code > < / pre > < / div > < / div >
< div class = "language-php highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > < span class = "cp" > < ?php< / span >
< span class = "c1" > // *******************************************< / span >
< span class = "c1" > // *** Database configuration (important!) ***< / span >
< span class = "c1" > // *******************************************< / span >
< span class = "nb" > putenv< / span > < span class = "p" > (< / span > < span class = "s1" > 'TTRSS_DB_TYPE=mysql'< / span > < span class = "p" > );< / span > < span class = "c1" > // or mysql< / span >
< span class = "nb" > putenv< / span > < span class = "p" > (< / span > < span class = "s1" > 'TTRSS_DB_HOST=localhost'< / span > < span class = "p" > );< / span >
< span class = "nb" > putenv< / span > < span class = "p" > (< / span > < span class = "s1" > 'TTRSS_DB_USER=ttrss'< / span > < span class = "p" > );< / span >
< span class = "nb" > putenv< / span > < span class = "p" > (< / span > < span class = "s1" > 'TTRSS_DB_NAME=ttrss'< / span > < span class = "p" > );< / span >
< span class = "nb" > putenv< / span > < span class = "p" > (< / span > < span class = "s1" > 'TTRSS_DB_PASS=mon_password_base_ttrss'< / span > < span class = "p" > );< / span >
< span class = "nb" > putenv< / span > < span class = "p" > (< / span > < span class = "s1" > 'TTRSS_DB_PORT=3306'< / span > < span class = "p" > );< / span > < span class = "c1" > // usually 5432 for PostgreSQL, 3306 for MySQL< / span >
< span class = "nb" > putenv< / span > < span class = "p" > (< / span > < span class = "s1" > 'TTRSS_MYSQL_CHARSET=UTF8'< / span > < span class = "p" > );< / span >
< span class = "c1" > // Connection charset for MySQL. If you have a legacy database and/or experience< / span >
< span class = "c1" > // garbage unicode characters with this option, try setting it to a blank string.< / span >
< span class = "c1" > // ***********************************< / span >
< span class = "c1" > // *** Basic settings (important!) ***< / span >
< span class = "c1" > // ***********************************< / span >
< span class = "nb" > putenv< / span > < span class = "p" > (< / span > < span class = "s1" > 'TTRSS_SELF_URL_PATH=https://rss.xoyize.xyz'< / span > < span class = "p" > );< / span >
< span class = "c1" > // Full URL of your tt-rss installation. This should be set to the< / span >
< span class = "c1" > // location of tt-rss directory, e.g. http://example.org/tt-rss/< / span >
< span class = "c1" > // You need to set this option correctly otherwise several features< / span >
< span class = "c1" > // including PUSH, bookmarklets and browser integration will not work properly.< / span >
< span class = "nb" > putenv< / span > < span class = "p" > (< / span > < span class = "s1" > 'TTRSS_SINGLE_USER_MODE=false'< / span > < span class = "p" > );< / span >
< span class = "c1" > // Operate in single user mode, disables all functionality related to< / span >
< span class = "c1" > // multiple users and authentication. Enabling this assumes you have< / span >
< span class = "c1" > // your tt-rss directory protected by other means (e.g. http auth).< / span >
< span class = "nb" > putenv< / span > < span class = "p" > (< / span > < span class = "s1" > 'TTRSS_SIMPLE_UPDATE_MODE=false'< / span > < span class = "p" > );< / span >
< span class = "c1" > // Enables fallback update mode where tt-rss tries to update feeds in< / span >
< span class = "c1" > // background while tt-rss is open in your browser. < / span >
< span class = "c1" > // If you don't have a lot of feeds and don't want to or can't run < / span >
< span class = "c1" > // background processes while not running tt-rss, this method is generally < / span >
< span class = "c1" > // viable to keep your feeds up to date.< / span >
< span class = "c1" > // Still, there are more robust (and recommended) updating methods < / span >
< span class = "c1" > // available, you can read about them here: http://tt-rss.org/wiki/UpdatingFeeds< / span >
< span class = "c1" > // *****************************< / span >
< span class = "c1" > // *** Files and directories ***< / span >
< span class = "c1" > // *****************************< / span >
< span class = "nb" > putenv< / span > < span class = "p" > (< / span > < span class = "s1" > 'TTRSS_PHP_EXECUTABLE=/usr/bin/php'< / span > < span class = "p" > );< / span >
< span class = "c1" > // Path to PHP *COMMAND LINE* executable, used for various command-line tt-rss < / span >
< span class = "c1" > // programs and update daemon. Do not try to use CGI binary here, it won't work. < / span >
< span class = "c1" > // If you see HTTP headers being displayed while running tt-rss scripts, < / span >
< span class = "c1" > // then most probably you are using the CGI binary. If you are unsure what to < / span >
< span class = "c1" > // put in here, ask your hosting provider.< / span >
< span class = "nb" > putenv< / span > < span class = "p" > (< / span > < span class = "s1" > 'TTRSS_LOCK_DIRECTORY=lock'< / span > < span class = "p" > );< / span >
< span class = "c1" > // Directory for lockfiles, must be writable to the user you run< / span >
< span class = "c1" > // daemon process or cronjobs under.< / span >
< span class = "nb" > putenv< / span > < span class = "p" > (< / span > < span class = "s1" > 'TTRSS_CACHE_DIR=cache'< / span > < span class = "p" > );< / span >
< span class = "c1" > // Local cache directory for RSS feed content.< / span >
< span class = "nb" > putenv< / span > < span class = "p" > (< / span > < span class = "s1" > 'TTRSS_ICONS_DIR=feed-icons'< / span > < span class = "p" > );< / span >
< span class = "nb" > putenv< / span > < span class = "p" > (< / span > < span class = "s1" > 'TTRSS_ICONS_URL=feed-icons'< / span > < span class = "p" > );< / span >
< span class = "c1" > // Local and URL path to the directory, where feed favicons are stored.< / span >
< span class = "c1" > // Unless you really know what you're doing, please keep those relative< / span >
< span class = "c1" > // to tt-rss main directory.< / span >
< span class = "c1" > //putenv('TTRSS_SIMPLE_UPDATE_MODE=true');< / span >
< span class = "c1" > // **********************< / span >
< span class = "c1" > // *** Authentication ***< / span >
< span class = "c1" > // **********************< / span >
< span class = "c1" > // Please see PLUGINS below to configure various authentication modules.< / span >
< span class = "nb" > putenv< / span > < span class = "p" > (< / span > < span class = "s1" > 'TTRSS_AUTH_AUTO_CREATE=true'< / span > < span class = "p" > );< / span >
< span class = "c1" > // Allow authentication modules to auto-create users in tt-rss internal< / span >
< span class = "c1" > // database when authenticated successfully.< / span >
< span class = "nb" > putenv< / span > < span class = "p" > (< / span > < span class = "s1" > 'TTRSS_AUTH_AUTO_LOGIN=true'< / span > < span class = "p" > );< / span >
< span class = "c1" > // Automatically login user on remote or other kind of externally supplied< / span >
< span class = "c1" > // authentication, otherwise redirect to login form as normal.< / span >
< span class = "c1" > // If set to true, users won't be able to set application language< / span >
< span class = "c1" > // and settings profile.< / span >
< span class = "c1" > // *********************< / span >
< span class = "c1" > // *** Feed settings ***< / span >
< span class = "c1" > // *********************< / span >
< span class = "nb" > putenv< / span > < span class = "p" > (< / span > < span class = "s1" > 'TTRSS_FORCE_ARTICLE_PURGE=0'< / span > < span class = "p" > );< / span >
< span class = "c1" > // When this option is not 0, users ability to control feed purging< / span >
< span class = "c1" > // intervals is disabled and all articles (which are not starred) < / span >
< span class = "c1" > // older than this amount of days are purged.< / span >
< span class = "c1" > // *** PubSubHubbub settings ***< / span >
< span class = "nb" > putenv< / span > < span class = "p" > (< / span > < span class = "s1" > 'TTRSS_PUBSUBHUBBUB_ENABLED=false'< / span > < span class = "p" > );< / span >
< span class = "c1" > // Enable client PubSubHubbub support in tt-rss. When disabled, tt-rss< / span >
< span class = "c1" > // won't try to subscribe to PUSH feed updates.< / span >
< span class = "c1" > // ****************************< / span >
< span class = "c1" > // *** Sphinx search plugin ***< / span >
< span class = "c1" > // ****************************< / span >
< span class = "nb" > putenv< / span > < span class = "p" > (< / span > < span class = "s1" > 'TTRSS_SPHINX_SERVER=localhost:9312'< / span > < span class = "p" > );< / span >
< span class = "c1" > // Hostname:port combination for the Sphinx server.< / span >
< span class = "nb" > putenv< / span > < span class = "p" > (< / span > < span class = "s1" > 'TTRSS_SPHINX_INDEX=ttrss, delta'< / span > < span class = "p" > );< / span >
< span class = "c1" > // Index name in Sphinx configuration. You can specify multiple indexes< / span >
< span class = "c1" > // as a comma-separated string.< / span >
< span class = "c1" > // Example configuration files are available on tt-rss wiki.< / span >
< span class = "c1" > // ***********************************< / span >
< span class = "c1" > // *** Self-registrations by users ***< / span >
< span class = "c1" > // ***********************************< / span >
< span class = "nb" > putenv< / span > < span class = "p" > (< / span > < span class = "s1" > 'TTRSS_ENABLE_REGISTRATION=false'< / span > < span class = "p" > );< / span >
< span class = "c1" > // Allow users to register themselves. Please be aware that allowing< / span >
< span class = "c1" > // random people to access your tt-rss installation is a security risk< / span >
< span class = "c1" > // and potentially might lead to data loss or server exploit. Disabled< / span >
< span class = "c1" > // by default.< / span >
< span class = "nb" > putenv< / span > < span class = "p" > (< / span > < span class = "s1" > 'TTRSS_REG_NOTIFY_ADDRESS=user@cinay.eu'< / span > < span class = "p" > );< / span >
< span class = "c1" > // Email address to send new user notifications to.< / span >
< span class = "nb" > putenv< / span > < span class = "p" > (< / span > < span class = "s1" > 'TTRSS_REG_MAX_USERS=10'< / span > < span class = "p" > );< / span >
< span class = "c1" > // Maximum amount of users which will be allowed to register on this< / span >
< span class = "c1" > // system. 0 - no limit.< / span >
< span class = "c1" > // **********************************< / span >
< span class = "c1" > // *** Cookies and login sessions ***< / span >
< span class = "c1" > // **********************************< / span >
< span class = "nb" > putenv< / span > < span class = "p" > (< / span > < span class = "s1" > 'TTRSS_SESSION_COOKIE_LIFETIME='< / span > < span class = "mf" > .< / span > < span class = "p" > (< / span > < span class = "mi" > 86400< / span > < span class = "o" > *< / span > < span class = "mi" > 30< / span > < span class = "p" > ));< / span >
< span class = "c1" > // Default lifetime of a session (e.g. login) cookie. In seconds, < / span >
< span class = "c1" > // 0 means cookie will be deleted when browser closes.< / span >
< span class = "c1" > // *********************************< / span >
< span class = "c1" > // *** Email and digest settings ***< / span >
< span class = "c1" > // *********************************< / span >
< span class = "nb" > putenv< / span > < span class = "p" > (< / span > < span class = "s1" > 'TTRSS_SMTP_FROM_NAME=Tiny Tiny RSS'< / span > < span class = "p" > );< / span >
< span class = "nb" > putenv< / span > < span class = "p" > (< / span > < span class = "s1" > 'TTRSS_SMTP_FROM_ADDRESS=noreply@your.domain.dom'< / span > < span class = "p" > );< / span >
< span class = "c1" > // Name, address and subject for sending outgoing mail. This applies< / span >
< span class = "c1" > // to password reset notifications, digest emails and any other mail.< / span >
< span class = "nb" > putenv< / span > < span class = "p" > (< / span > < span class = "s1" > 'TTRSS_DIGEST_SUBJECT=[tt-rss] New headlines for last 24 hours'< / span > < span class = "p" > );< / span >
< span class = "c1" > // Subject line for email digests< / span >
< span class = "nb" > putenv< / span > < span class = "p" > (< / span > < span class = "s1" > 'TTRSS_SMTP_SERVER=localhost:25'< / span > < span class = "p" > );< / span >
< span class = "c1" > // Hostname:port combination to send outgoing mail (i.e. localhost:25). < / span >
< span class = "c1" > // Blank - use system MTA.< / span >
< span class = "nb" > putenv< / span > < span class = "p" > (< / span > < span class = "s1" > 'TTRSS_SMTP_LOGIN='< / span > < span class = "p" > );< / span >
< span class = "nb" > putenv< / span > < span class = "p" > (< / span > < span class = "s1" > 'TTRSS_SMTP_PASSWORD='< / span > < span class = "p" > );< / span >
< span class = "c1" > // These two options enable SMTP authentication when sending< / span >
< span class = "c1" > // outgoing mail. Only used with SMTP_SERVER.< / span >
< span class = "nb" > putenv< / span > < span class = "p" > (< / span > < span class = "s1" > 'TTRSS_SMTP_SECURE='< / span > < span class = "p" > );< / span >
< span class = "c1" > // Used to select a secure SMTP connection. Allowed values: ssl, tls,< / span >
< span class = "c1" > // or empty.< / span >
< span class = "c1" > // ***************************************< / span >
< span class = "c1" > // *** Other settings (less important) ***< / span >
< span class = "c1" > // ***************************************< / span >
< span class = "nb" > putenv< / span > < span class = "p" > (< / span > < span class = "s1" > 'TTRSS_CHECK_FOR_UPDATES=true'< / span > < span class = "p" > );< / span >
< span class = "c1" > // Check for updates automatically if running Git version< / span >
< span class = "nb" > putenv< / span > < span class = "p" > (< / span > < span class = "s1" > 'TTRSS_ENABLE_GZIP_OUTPUT=false'< / span > < span class = "p" > );< / span >
< span class = "c1" > // Selectively gzip output to improve wire performance. This requires< / span >
< span class = "c1" > // PHP Zlib extension on the server.< / span >
< span class = "c1" > // Enabling this can break tt-rss in several httpd/php configurations,< / span >
< span class = "c1" > // if you experience weird errors and tt-rss failing to start, blank pages< / span >
< span class = "c1" > // after login, or content encoding errors, disable it.< / span >
< span class = "nb" > putenv< / span > < span class = "p" > (< / span > < span class = "s1" > 'TTRSS_PLUGINS=auth_internal, auth_remote, note'< / span > < span class = "p" > );< / span >
< span class = "c1" > // Comma-separated list of plugins to load automatically for all users.< / span >
< span class = "c1" > // System plugins have to be specified here. Please enable at least one< / span >
< span class = "c1" > // authentication plugin here (auth_*).< / span >
< span class = "c1" > // Users may enable other user plugins from Preferences/Plugins but may not< / span >
< span class = "c1" > // disable plugins specified in this list.< / span >
< span class = "c1" > // Disabling auth_internal in this list would automatically disable< / span >
< span class = "c1" > // reset password link on the login form.< / span >
< span class = "nb" > putenv< / span > < span class = "p" > (< / span > < span class = "s1" > 'TTRSS_LOG_DESTINATION=sql'< / span > < span class = "p" > );< / span >
< span class = "c1" > // Log destination to use. Possible values: sql (uses internal logging< / span >
< span class = "c1" > // you can read in Preferences -> System), syslog - logs to system log.< / span >
< span class = "c1" > // Setting this to blank uses PHP logging (usually to http server < / span >
< span class = "c1" > // error.log).< / span >
< span class = "nb" > putenv< / span > < span class = "p" > (< / span > < span class = "s1" > 'TTRSS_CONFIG_VERSION=26'< / span > < span class = "p" > );< / span >
< span class = "c1" > // Expected config version. Please update this option in config.php< / span >
< span class = "c1" > // if necessary (after migrating all new options from this file).< / span >
< span class = "c1" > // vim:ft=php< / span >
< / code > < / pre > < / div > < / div >
< h3 id = "rssxoyizexyz" > rss.xoyize.xyz< / h3 >
< p > Créer fichier de configuration nginx < code class = "language-plaintext highlighter-rouge" > /etc/nginx/conf.d/rss.xoyize.xyz.conf< / code > < / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > server {
listen 80;
listen [::]:80;
server_name rss.xoyize.xyz;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name rss.xoyize.xyz;
# Certificats Let's Encrypt
# TLS 1.3 only
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
# OCSP stapling
# replace with the IP address of your resolver
include /etc/nginx/tls-hsts-ocsp.conf;
root /var/www/ttrss/ ;
index index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php/php8.0-fpm-ttrss.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $request_filename;
}
access_log /var/log/nginx/ttrss-access.log;
error_log /var/log/nginx/ttrss-error.log;
}
< / code > < / pre > < / div > < / div >
< p > Vérifier et recharger nginx< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > nginx -t
systemctl reload nginx
< / code > < / pre > < / div > < / div >
< p > Ouvrir le lien https://rss.xoyize.xyz< / p >
< p > Connexion : admin/password< br / >
Créer un nouvel administrateur et son mot de passe< / p >
< h3 id = "mise-à-jour-automatique-des-flux" > Mise à jour automatique des flux< / h3 >
< p > Processus en arrière plan, créer un service qui mettra automatiquement à jour les flux.
Créer le service /etc/systemd/system/ttrss-backend.service :< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > nano /etc/systemd/system/ttrss-backend.service
< / code > < / pre > < / div > < / div >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > [Unit]
Description=News feed reader and aggregator
After=network.target mysql.service
[Service]
Type=simple
User=ttrss
Group=ttrss
WorkingDirectory=/var/www/ttrss/
ExecStart=/usr/bin/php8.0 /var/www/ttrss/update_daemon2.php
Restart=always
RestartSec=10
[Install]
WantedBy=multi-user.target
< / code > < / pre > < / div > < / div >
< p > Activer et lancer le service ttrss-backend< / p >
< div class = "language-bash highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > systemctl daemon-reload
systemctl < span class = "nb" > enable < / span > ttrss-backend
systemctl start ttrss-backend
< / code > < / pre > < / div > < / div >
< h3 id = "authentification-par-certificat-client" > Authentification par certificat client< / h3 >
< h4 id = "configurer-une-autorité-de-certification-ac" > configurer une autorité de certification (AC)< / h4 >
< p > < a href = "/2022/05/13/Mettre_en_place_et_configurer_une_autorite_de_certification_AC_avec_Easy-RSA.html" > Comment mettre en place et configurer une autorité de certification (AC) avec Easy-RSA< / a > < br / >
< u > Sur un serveur Debian< / u > :< / p >
< ol >
< li > Il faut ajouter copier l’ autorité de certification dans le fichier < code class = "language-plaintext highlighter-rouge" > /usr/local/share/ca-certificates/Easy-RSA_CA.crt< / code > < / li >
< li > Mettre à jour les certificats , < code class = "language-plaintext highlighter-rouge" > update-ca-certificates< / code > qui génére le fichier < code class = "language-plaintext highlighter-rouge" > /etc/ssl/certs/Easy-RSA_CA.pem< / code > < / li >
< / ol >
< h4 id = "créer-un-certificat-client" > Créer un certificat client< / h4 >
< p > On utilise les fichiers ca.crt (Easy-RSA_CA.crt) et ca.key (Easy-RSA_CA.key) de l’ autorité de certification< br / >
Exemple, créer un certificat client “yannick”< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > # clé RSA avec pass phrase
openssl genrsa -des3 -out yannick.key 4096
openssl req -new -key yannick.key -out yannick.csr
# demande signature certificat (CSR)
openssl req -new -key yannick.key -out yannick.csr
< / code > < / pre > < / div > < / div >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > Enter pass phrase for yannick.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:FR
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:Yannick
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
< / code > < / pre > < / div > < / div >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > # Le CSR doit maintenant être signé par le CA
openssl x509 -req -days 365 -in yannick.csr -CA ca.crt -CAkey private/ca.key -set_serial 01 -out yannick.crt
# Créer un fichier pfx pour l'importation dans les naviagateurs firefox et chrome , un "Export Password" est exigé
openssl pkcs12 -export -out yannick.pfx -inkey yannick.key -in yannick.crt -certfile ca.crt
< / code > < / pre > < / div > < / div >
< p > Le fichier pfx sera utilisé pour l’ importation dans firefox et chrome< br / >
< img src = "/images/certificat-client-firefox-a.png" alt = "" / > < br / >
< img src = "/images/certificat-client-firefox-b.png" alt = "" / > < / p >
< h4 id = "configuration-nginx-certificat-client" > configuration nginx certificat client< / h4 >
< p > Modifier le fichier de configuration nginx < code class = "language-plaintext highlighter-rouge" > /etc/nginx/conf.d/rss.xoyize.xyz.conf< / code > pour la prise en compte du certificat client< / p >
< p > Remplacer< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php/php8.0-fpm-ttrss.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $request_filename;
}
< / code > < / pre > < / div > < / div >
< p > par< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > # Authentification par certificat client
ssl_client_certificate /etc/ssl/certs/Easy-RSA_CA.pem;
# Authentification uniquement par certificat
# ssl_verify_client on;
# Authentification par certificat ou par mot de passe
ssl_verify_client optional;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php/php8.0-fpm-ttrss.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $request_filename;
# Authentification par certificat client
fastcgi_param SSL_CLIENT_M_SERIAL $ssl_client_serial;
fastcgi_param SSL_CLIENT_S_DN $ssl_client_s_dn;
fastcgi_param SSL_CLIENT_V_START $ssl_client_v_start;
fastcgi_param SSL_CLIENT_V_END $ssl_client_v_end;
}
< / code > < / pre > < / div > < / div >
< p > Recharger nginx< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > sudo systemctl reload nginx
< / code > < / pre > < / div > < / div >
< p > Mettre à jour le fichier de configuration de TT-RSS < code class = "language-plaintext highlighter-rouge" > /var/www/ttrss/config.php< / code > pour ajouter < code class = "language-plaintext highlighter-rouge" > auth_remote< / code > à la constante PLUGINS (vers la fin du fichier) :< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > putenv('TTRSS_PLUGINS=auth_internal, auth_remote, note');
< / code > < / pre > < / div > < / div >
< p > Il faut ajouter le certificat client aux navigateurs sinon< br / >
< img src = "/images/ttrss-err-certif.png" alt = "" / > < / p >
< p > Au premier passage, une authentification login mot de passe est demandée< br / >
Ensuite ouvrir Configuration et descendre vers le bas < br / >
Cliquer sur < strong > s’ inscrire< / strong > dans la rubrique Certificat SSL client< br / >
< img src = "/images/ttrss-certif.png" alt = "" / > < br / >
Valider par “Enregistrer la configuration”< / p >
< / div >
< div class = "d-print-none" > < footer class = "article__footer" > < meta itemprop = "dateModified" content = "2022-05-13T00:00:00+02:00" > <!-- start custom article footer snippet -->
<!-- end custom article footer snippet -->
<!--
< div align = "right" > < a type = "application/rss+xml" href = "/feed.xml" title = "S'abonner" > < i class = "fa fa-rss fa-2x" > < / i > < / a >
  < / div >
-->
< / footer >
< div class = "article__section-navigator clearfix" > < div class = "previous" > < span > PRÉCÉDENT< / span > < a href = "/2022/05/13/Mettre_en_place_et_configurer_une_autorite_de_certification_AC_avec_Easy-RSA.html" > Comment mettre en place et configurer une autorité de certification (AC) avec Easy-RSA et créer un certificat client< / a > < / div > < div class = "next" > < span > SUIVANT< / span > < a href = "/2022/05/18/Nextcloud-Hub_Nginx_PHP8_MariaDB_SSL-TLS.html" > Nginx compilé, PHP8.1, MariaDB, Nextcloud Hub et certificats Let's Encrypt< / a > < / div > < / div > < / div >
< / div >
< script > ( f u n c t i o n ( ) {
var SOURCES = window.TEXT_VARIABLES.sources;
window.Lazyload.js(SOURCES.jquery, function() {
$(function() {
var $this ,$scroll;
var $articleContent = $('.js-article-content');
var hasSidebar = $('.js-page-root').hasClass('layout--page--sidebar');
var scroll = hasSidebar ? '.js-page-main' : 'html, body';
$scroll = $(scroll);
$articleContent.find('.highlight').each(function() {
$this = $(this);
$this.attr('data-lang', $this.find('code').attr('data-lang'));
});
$articleContent.find('h1[id], h2[id], h3[id], h4[id], h5[id], h6[id]').each(function() {
$this = $(this);
$this.append($('< a class = "anchor d-print-none" aria-hidden = "true" > < / a > ').html('< i class = "fas fa-anchor" > < / i > '));
});
$articleContent.on('click', '.anchor', function() {
$scroll.scrollToAnchor('#' + $(this).parent().attr('id'), 400);
});
});
});
})();
< / script >
< / div > < section class = "page__comments d-print-none" > < / section > < / article > <!-- start custom main bottom snippet -->
<!-- end custom main bottom snippet -->
< / div >
< / div > < / div > < / div > < / div >
< / div > < script > ( f u n c t i o n ( ) {
var SOURCES = window.TEXT_VARIABLES.sources;
window.Lazyload.js(SOURCES.jquery, function() {
var $body = $('body'), $window = $(window);
var $pageRoot = $('.js-page-root'), $pageMain = $('.js-page-main');
var activeCount = 0;
function modal(options) {
var $root = this, visible, onChange, hideWhenWindowScroll = false;
var scrollTop;
function setOptions(options) {
var _options = options || {};
visible = _options.initialVisible === undefined ? false : show;
onChange = _options.onChange;
hideWhenWindowScroll = _options.hideWhenWindowScroll;
}
function init() {
setState(visible);
}
function setState(isShow) {
if (isShow === visible) {
return;
}
visible = isShow;
if (visible) {
activeCount++;
scrollTop = $(window).scrollTop() || $pageMain.scrollTop();
$root.addClass('modal--show');
$pageMain.scrollTop(scrollTop);
activeCount === 1 & & ($pageRoot.addClass('show-modal'), $body.addClass('of-hidden'));
hideWhenWindowScroll & & window.hasEvent('touchstart') & & $window.on('scroll', hide);
$window.on('keyup', handleKeyup);
} else {
activeCount > 0 & & activeCount--;
$root.removeClass('modal--show');
$window.scrollTop(scrollTop);
activeCount === 0 & & ($pageRoot.removeClass('show-modal'), $body.removeClass('of-hidden'));
hideWhenWindowScroll & & window.hasEvent('touchstart') & & $window.off('scroll', hide);
$window.off('keyup', handleKeyup);
}
onChange & & onChange(visible);
}
function show() {
setState(true);
}
function hide() {
setState(false);
}
function handleKeyup(e) {
// Char Code: 27 ESC
if (e.which === 27) {
hide();
}
}
setOptions(options);
init();
return {
show: show,
hide: hide,
$el: $root
};
}
$.fn.modal = modal;
});
})();
< / script > < div class = "modal modal--overflow page__search-modal d-print-none js-page-search-modal" > < script >
(function () {
var SOURCES = window.TEXT_VARIABLES.sources;
window.Lazyload.js(SOURCES.jquery, function() {
// search panel
var search = (window.search || (window.search = {}));
var useDefaultSearchBox = window.useDefaultSearchBox === undefined ?
true : window.useDefaultSearchBox ;
var $searchModal = $('.js-page-search-modal');
var $searchToggle = $('.js-search-toggle');
var searchModal = $searchModal.modal({ onChange: handleModalChange, hideWhenWindowScroll: true });
var modalVisible = false;
search.searchModal = searchModal;
var $searchBox = null;
var $searchInput = null;
var $searchClear = null;
function getModalVisible() {
return modalVisible;
}
search.getModalVisible = getModalVisible;
function handleModalChange(visible) {
modalVisible = visible;
if (visible) {
search.onShow & & search.onShow();
useDefaultSearchBox & & $searchInput[0] & & $searchInput[0].focus();
} else {
search.onShow & & search.onHide();
useDefaultSearchBox & & $searchInput[0] & & $searchInput[0].blur();
setTimeout(function() {
useDefaultSearchBox & & ($searchInput.val(''), $searchBox.removeClass('not-empty'));
search.clear & & search.clear();
window.pageAsideAffix & & window.pageAsideAffix.refresh();
}, 400);
}
}
$searchToggle.on('click', function() {
modalVisible ? searchModal.hide() : searchModal.show();
});
// Char Code: 83 S, 191 /
$(window).on('keyup', function(e) {
if (!modalVisible & & !window.isFormElement(e.target || e.srcElement) & & (e.which === 83 || e.which === 191)) {
modalVisible || searchModal.show();
}
});
if (useDefaultSearchBox) {
$searchBox = $('.js-search-box');
$searchInput = $searchBox.children('input');
$searchClear = $searchBox.children('.js-icon-clear');
search.getSearchInput = function() {
return $searchInput.get(0);
};
search.getVal = function() {
return $searchInput.val();
};
search.setVal = function(val) {
$searchInput.val(val);
};
$searchInput.on('focus', function() {
$(this).addClass('focus');
});
$searchInput.on('blur', function() {
$(this).removeClass('focus');
});
$searchInput.on('input', window.throttle(function() {
var val = $(this).val();
if (val === '' || typeof val !== 'string') {
search.clear & & search.clear();
} else {
$searchBox.addClass('not-empty');
search.onInputNotEmpty & & search.onInputNotEmpty(val);
}
}, 400));
$searchClear.on('click', function() {
$searchInput.val(''); $searchBox.removeClass('not-empty');
search.clear & & search.clear();
});
}
});
})();
< / script > < div class = "search search--dark" >
< div class = "main" >
< div class = "search__header" > Recherche< / div >
< div class = "search-bar" >
< div class = "search-box js-search-box" >
< div class = "search-box__icon-search" > < i class = "fas fa-search" > < / i > < / div >
< input id = "search-input" type = "text" / >
< div class = "search-box__icon-clear js-icon-clear" >
< a > < i class = "fas fa-times" > < / i > < / a >
< / div >
< / div >
< button class = "button button--theme-dark button--pill search__cancel js-search-toggle" >
Annuler< / button >
< / div >
< div id = "results-container" class = "search-result js-search-result" > < / div >
< / div >
< / div >
<!-- Script pointing to search - script.js -->
< script > / * !
* Simple-Jekyll-Search
* Copyright 2015-2020, Christian Fei
* Licensed under the MIT License.
*/
(function(){
'use strict'
var _$Templater_7 = {
compile: compile,
setOptions: setOptions
}
const options = {}
options.pattern = /\{(.*?)\}/g
options.template = ''
options.middleware = function () {}
function setOptions (_options) {
options.pattern = _options.pattern || options.pattern
options.template = _options.template || options.template
if (typeof _options.middleware === 'function') {
options.middleware = _options.middleware
}
}
function compile (data) {
return options.template.replace(options.pattern, function (match, prop) {
const value = options.middleware(prop, data[prop], options.template)
if (typeof value !== 'undefined') {
return value
}
return data[prop] || match
})
}
'use strict';
function fuzzysearch (needle, haystack) {
var tlen = haystack.length;
var qlen = needle.length;
if (qlen > tlen) {
return false;
}
if (qlen === tlen) {
return needle === haystack;
}
outer: for (var i = 0, j = 0; i < qlen ; i + + ) {
var nch = needle.charCodeAt(i);
while (j < tlen ) {
if (haystack.charCodeAt(j++) === nch) {
continue outer;
}
}
return false;
}
return true;
}
var _$fuzzysearch_1 = fuzzysearch;
'use strict'
/* removed: const _$fuzzysearch_1 = require('fuzzysearch') */;
var _$FuzzySearchStrategy_5 = new FuzzySearchStrategy()
function FuzzySearchStrategy () {
this.matches = function (string, crit) {
return _$fuzzysearch_1(crit.toLowerCase(), string.toLowerCase())
}
}
'use strict'
var _$LiteralSearchStrategy_6 = new LiteralSearchStrategy()
function LiteralSearchStrategy () {
this.matches = function (str, crit) {
if (!str) return false
str = str.trim().toLowerCase()
crit = crit.trim().toLowerCase()
return crit.split(' ').filter(function (word) {
return str.indexOf(word) >= 0
}).length === crit.split(' ').length
}
}
'use strict'
var _$Repository_4 = {
put: put,
clear: clear,
search: search,
setOptions: __setOptions_4
}
/* removed: const _$FuzzySearchStrategy_5 = require('./SearchStrategies/FuzzySearchStrategy') */;
/* removed: const _$LiteralSearchStrategy_6 = require('./SearchStrategies/LiteralSearchStrategy') */;
function NoSort () {
return 0
}
const data = []
let opt = {}
opt.fuzzy = false
opt.limit = 10
opt.searchStrategy = opt.fuzzy ? _$FuzzySearchStrategy_5 : _$LiteralSearchStrategy_6
opt.sort = NoSort
opt.exclude = []
function put (data) {
if (isObject(data)) {
return addObject(data)
}
if (isArray(data)) {
return addArray(data)
}
return undefined
}
function clear () {
data.length = 0
return data
}
function isObject (obj) {
return Boolean(obj) & & Object.prototype.toString.call(obj) === '[object Object]'
}
function isArray (obj) {
return Boolean(obj) & & Object.prototype.toString.call(obj) === '[object Array]'
}
function addObject (_data) {
data.push(_data)
return data
}
function addArray (_data) {
const added = []
clear()
for (let i = 0, len = _data.length; i < len ; i + + ) {
if (isObject(_data[i])) {
added.push(addObject(_data[i]))
}
}
return added
}
function search (crit) {
if (!crit) {
return []
}
return findMatches(data, crit, opt.searchStrategy, opt).sort(opt.sort)
}
function __setOptions_4 (_opt) {
opt = _opt || {}
opt.fuzzy = _opt.fuzzy || false
opt.limit = _opt.limit || 10
opt.searchStrategy = _opt.fuzzy ? _$FuzzySearchStrategy_5 : _$LiteralSearchStrategy_6
opt.sort = _opt.sort || NoSort
opt.exclude = _opt.exclude || []
}
function findMatches (data, crit, strategy, opt) {
const matches = []
for (let i = 0; i < data.length & & matches . length < opt . limit ; i + + ) {
const match = findMatchesInObject(data[i], crit, strategy, opt)
if (match) {
matches.push(match)
}
}
return matches
}
function findMatchesInObject (obj, crit, strategy, opt) {
for (const key in obj) {
if (!isExcluded(obj[key], opt.exclude) & & strategy.matches(obj[key], crit)) {
return obj
}
}
}
function isExcluded (term, excludedTerms) {
for (let i = 0, len = excludedTerms.length; i < len ; i + + ) {
const excludedTerm = excludedTerms[i]
if (new RegExp(excludedTerm).test(term)) {
return true
}
}
return false
}
/* globals ActiveXObject:false */
'use strict'
var _$JSONLoader_2 = {
load: load
}
function load (location, callback) {
const xhr = getXHR()
xhr.open('GET', location, true)
xhr.onreadystatechange = createStateChangeListener(xhr, callback)
xhr.send()
}
function createStateChangeListener (xhr, callback) {
return function () {
if (xhr.readyState === 4 & & xhr.status === 200) {
try {
callback(null, JSON.parse(xhr.responseText))
} catch (err) {
callback(err, null)
}
}
}
}
function getXHR () {
return window.XMLHttpRequest ? new window.XMLHttpRequest() : new ActiveXObject('Microsoft.XMLHTTP')
}
'use strict'
var _$OptionsValidator_3 = function OptionsValidator (params) {
if (!validateParams(params)) {
throw new Error('-- OptionsValidator: required options missing')
}
if (!(this instanceof OptionsValidator)) {
return new OptionsValidator(params)
}
const requiredOptions = params.required
this.getRequiredOptions = function () {
return requiredOptions
}
this.validate = function (parameters) {
const errors = []
requiredOptions.forEach(function (requiredOptionName) {
if (typeof parameters[requiredOptionName] === 'undefined') {
errors.push(requiredOptionName)
}
})
return errors
}
function validateParams (params) {
if (!params) {
return false
}
return typeof params.required !== 'undefined' & & params.required instanceof Array
}
}
'use strict'
var _$utils_9 = {
merge: merge,
isJSON: isJSON
}
function merge (defaultParams, mergeParams) {
const mergedOptions = {}
for (const option in defaultParams) {
mergedOptions[option] = defaultParams[option]
if (typeof mergeParams[option] !== 'undefined') {
mergedOptions[option] = mergeParams[option]
}
}
return mergedOptions
}
function isJSON (json) {
try {
if (json instanceof Object & & JSON.parse(JSON.stringify(json))) {
return true
}
return false
} catch (err) {
return false
}
}
var _$src_8 = {};
(function (window) {
'use strict'
let options = {
searchInput: null,
resultsContainer: null,
json: [],
success: Function.prototype,
searchResultTemplate: '< li > < a href = "{url}" title = "{desc}" > {title}< / a > < / li > ',
templateMiddleware: Function.prototype,
sortMiddleware: function () {
return 0
},
noResultsText: 'No results found',
limit: 10,
fuzzy: false,
debounceTime: null,
exclude: []
}
let debounceTimerHandle
const debounce = function (func, delayMillis) {
if (delayMillis) {
clearTimeout(debounceTimerHandle)
debounceTimerHandle = setTimeout(func, delayMillis)
} else {
func.call()
}
}
const requiredOptions = ['searchInput', 'resultsContainer', 'json']
/* removed: const _$Templater_7 = require('./Templater') */;
/* removed: const _$Repository_4 = require('./Repository') */;
/* removed: const _$JSONLoader_2 = require('./JSONLoader') */;
const optionsValidator = _$OptionsValidator_3({
required: requiredOptions
})
/* removed: const _$utils_9 = require('./utils') */;
window.SimpleJekyllSearch = function (_options) {
const errors = optionsValidator.validate(_options)
if (errors.length > 0) {
throwError('You must specify the following required options: ' + requiredOptions)
}
options = _$utils_9.merge(options, _options)
_$Templater_7.setOptions({
template: options.searchResultTemplate,
middleware: options.templateMiddleware
})
_$Repository_4.setOptions({
fuzzy: options.fuzzy,
limit: options.limit,
sort: options.sortMiddleware,
exclude: options.exclude
})
if (_$utils_9.isJSON(options.json)) {
initWithJSON(options.json)
} else {
initWithURL(options.json)
}
const rv = {
search: search
}
typeof options.success === 'function' & & options.success.call(rv)
return rv
}
function initWithJSON (json) {
_$Repository_4.put(json)
registerInput()
}
function initWithURL (url) {
_$JSONLoader_2.load(url, function (err, json) {
if (err) {
throwError('failed to get JSON (' + url + ')')
}
initWithJSON(json)
})
}
function emptyResultsContainer () {
options.resultsContainer.innerHTML = ''
}
function appendToResultsContainer (text) {
options.resultsContainer.innerHTML += text
}
function registerInput () {
options.searchInput.addEventListener('input', function (e) {
if (isWhitelistedKey(e.which)) {
emptyResultsContainer()
debounce(function () { search(e.target.value) }, options.debounceTime)
}
})
}
function search (query) {
if (isValidQuery(query)) {
emptyResultsContainer()
render(_$Repository_4.search(query), query)
}
}
function render (results, query) {
const len = results.length
if (len === 0) {
return appendToResultsContainer(options.noResultsText)
}
for (let i = 0; i < len ; i + + ) {
results[i].query = query
appendToResultsContainer(_$Templater_7.compile(results[i]))
}
}
function isValidQuery (query) {
return query & & query.length > 0
}
function isWhitelistedKey (key) {
return [13, 16, 20, 37, 38, 39, 40, 91].indexOf(key) === -1
}
function throwError (message) {
throw new Error('SimpleJekyllSearch --- ' + message)
}
})(window)
}());
< / script >
<!-- Configuration -->
< script >
SimpleJekyllSearch({
searchInput: document.getElementById('search-input'),
resultsContainer: document.getElementById('results-container'),
noResultsText: '< p > Aucun résultat!< / p > ',
json: '/search.json',
searchResultTemplate: '< li > < a href = "{url}" > {date} {title}< / a > (Création {create})< / li > '
})
< / script >
< / div > < / div >
< script > ( f u n c t i o n ( ) {
var SOURCES = window.TEXT_VARIABLES.sources;
window.Lazyload.js(SOURCES.jquery, function() {
function scrollToAnchor(anchor, duration, callback) {
var $root = this;
$root.animate({ scrollTop: $(anchor).position().top }, duration, function() {
window.history.replaceState(null, '', window.location.href.split('#')[0] + anchor);
callback & & callback();
});
}
$.fn.scrollToAnchor = scrollToAnchor;
});
})();
(function() {
var SOURCES = window.TEXT_VARIABLES.sources;
window.Lazyload.js(SOURCES.jquery, function() {
function affix(options) {
var $root = this, $window = $(window), $scrollTarget, $scroll,
offsetBottom = 0, scrollTarget = window, scroll = window.document, disabled = false, isOverallScroller = true,
rootTop, rootLeft, rootHeight, scrollBottom, rootBottomTop,
hasInit = false, curState;
function setOptions(options) {
var _options = options || {};
_options.offsetBottom & & (offsetBottom = _options.offsetBottom);
_options.scrollTarget & & (scrollTarget = _options.scrollTarget);
_options.scroll & & (scroll = _options.scroll);
_options.disabled !== undefined & & (disabled = _options.disabled);
$scrollTarget = $(scrollTarget);
isOverallScroller = window.isOverallScroller($scrollTarget[0]);
$scroll = $(scroll);
}
function preCalc() {
top();
rootHeight = $root.outerHeight();
rootTop = $root.offset().top + (isOverallScroller ? 0 : $scrollTarget.scrollTop());
rootLeft = $root.offset().left;
}
function calc(needPreCalc) {
needPreCalc & & preCalc();
scrollBottom = $scroll.outerHeight() - offsetBottom - rootHeight;
rootBottomTop = scrollBottom - rootTop;
}
function top() {
if (curState !== 'top') {
$root.removeClass('fixed').css({
left: 0,
top: 0
});
curState = 'top';
}
}
function fixed() {
if (curState !== 'fixed') {
$root.addClass('fixed').css({
left: rootLeft + 'px',
top: 0
});
curState = 'fixed';
}
}
function bottom() {
if (curState !== 'bottom') {
$root.removeClass('fixed').css({
left: 0,
top: rootBottomTop + 'px'
});
curState = 'bottom';
}
}
function setState() {
var scrollTop = $scrollTarget.scrollTop();
if (scrollTop >= rootTop & & scrollTop < = scrollBottom) {
fixed();
} else if (scrollTop < rootTop ) {
top();
} else {
bottom();
}
}
function init() {
if(!hasInit) {
var interval, timeout;
calc(true); setState();
// run calc every 100 millisecond
interval = setInterval(function() {
calc();
}, 100);
timeout = setTimeout(function() {
clearInterval(interval);
}, 45000);
window.pageLoad.then(function() {
setTimeout(function() {
clearInterval(interval);
clearTimeout(timeout);
}, 3000);
});
$scrollTarget.on('scroll', function() {
disabled || setState();
});
$window.on('resize', function() {
disabled || (calc(true), setState());
});
hasInit = true;
}
}
setOptions(options);
if (!disabled) {
init();
}
$window.on('resize', window.throttle(function() {
init();
}, 200));
return {
setOptions: setOptions,
refresh: function() {
calc(true, { animation: false }); setState();
}
};
}
$.fn.affix = affix;
});
})();
(function() {
var SOURCES = window.TEXT_VARIABLES.sources;
window.Lazyload.js(SOURCES.jquery, function() {
function toc(options) {
var $root = this, $window = $(window), $scrollTarget, $scroller, $tocUl = $('< ul class = "toc toc--ellipsis" > < / ul > '), $tocLi, $headings, $activeLast, $activeCur,
selectors = 'h1,h2,h3', container = 'body', scrollTarget = window, scroller = 'html, body', disabled = false,
headingsPos, scrolling = false, hasRendered = false, hasInit = false;
function setOptions(options) {
var _options = options || {};
_options.selectors & & (selectors = _options.selectors);
_options.container & & (container = _options.container);
_options.scrollTarget & & (scrollTarget = _options.scrollTarget);
_options.scroller & & (scroller = _options.scroller);
_options.disabled !== undefined & & (disabled = _options.disabled);
$headings = $(container).find(selectors).filter('[id]');
$scrollTarget = $(scrollTarget);
$scroller = $(scroller);
}
function calc() {
headingsPos = [];
$headings.each(function() {
headingsPos.push(Math.floor($(this).position().top));
});
}
function setState(element, disabled) {
var scrollTop = $scrollTarget.scrollTop(), i;
if (disabled || !headingsPos || headingsPos.length < 1 ) { return ; }
if (element) {
$activeCur = element;
} else {
for (i = 0; i < headingsPos.length ; i + + ) {
if (scrollTop >= headingsPos[i]) {
$activeCur = $tocLi.eq(i);
} else {
$activeCur || ($activeCur = $tocLi.eq(i));
break;
}
}
}
$activeLast & & $activeLast.removeClass('active');
($activeLast = $activeCur).addClass('active');
}
function render() {
if(!hasRendered) {
$root.append($tocUl);
$headings.each(function() {
var $this = $(this);
$tocUl.append($('< li > < / li > ').addClass('toc-' + $this.prop('tagName').toLowerCase())
.append($('< a > < / a > ').text($this.text()).attr('href', '#' + $this.prop('id'))));
});
$tocLi = $tocUl.children('li');
$tocUl.on('click', 'a', function(e) {
e.preventDefault();
var $this = $(this);
scrolling = true;
setState($this.parent());
$scroller.scrollToAnchor($this.attr('href'), 400, function() {
scrolling = false;
});
});
}
hasRendered = true;
}
function init() {
var interval, timeout;
if(!hasInit) {
render(); calc(); setState(null, scrolling);
// run calc every 100 millisecond
interval = setInterval(function() {
calc();
}, 100);
timeout = setTimeout(function() {
clearInterval(interval);
}, 45000);
window.pageLoad.then(function() {
setTimeout(function() {
clearInterval(interval);
clearTimeout(timeout);
}, 3000);
});
$scrollTarget.on('scroll', function() {
disabled || setState(null, scrolling);
});
$window.on('resize', window.throttle(function() {
if (!disabled) {
render(); calc(); setState(null, scrolling);
}
}, 100));
}
hasInit = true;
}
setOptions(options);
if (!disabled) {
init();
}
$window.on('resize', window.throttle(function() {
init();
}, 200));
return {
setOptions: setOptions
};
}
$.fn.toc = toc;
});
})();
/*(function () {
})();*/
< / script > < script >
/* toc must before affix, since affix need to konw toc' height. */(function() {
var SOURCES = window.TEXT_VARIABLES.sources;
var TOC_SELECTOR = window.TEXT_VARIABLES.site.toc.selectors;
window.Lazyload.js(SOURCES.jquery, function() {
var $window = $(window);
var $articleContent = $('.js-article-content');
var $tocRoot = $('.js-toc-root'), $col2 = $('.js-col-aside');
var toc;
var tocDisabled = false;
var hasSidebar = $('.js-page-root').hasClass('layout--page--sidebar');
var hasToc = $articleContent.find(TOC_SELECTOR).length > 0;
function disabled() {
return $col2.css('display') === 'none' || !hasToc;
}
tocDisabled = disabled();
toc = $tocRoot.toc({
selectors: TOC_SELECTOR,
container: $articleContent,
scrollTarget: hasSidebar ? '.js-page-main' : null,
scroller: hasSidebar ? '.js-page-main' : null,
disabled: tocDisabled
});
$window.on('resize', window.throttle(function() {
tocDisabled = disabled();
toc & & toc.setOptions({
disabled: tocDisabled
});
}, 100));
});
})();
(function() {
var SOURCES = window.TEXT_VARIABLES.sources;
window.Lazyload.js(SOURCES.jquery, function() {
var $window = $(window), $pageFooter = $('.js-page-footer');
var $pageAside = $('.js-page-aside');
var affix;
var tocDisabled = false;
var hasSidebar = $('.js-page-root').hasClass('layout--page--sidebar');
affix = $pageAside.affix({
offsetBottom: $pageFooter.outerHeight(),
scrollTarget: hasSidebar ? '.js-page-main' : null,
scroller: hasSidebar ? '.js-page-main' : null,
scroll: hasSidebar ? $('.js-page-main').children() : null,
disabled: tocDisabled
});
$window.on('resize', window.throttle(function() {
affix & & affix.setOptions({
disabled: tocDisabled
});
}, 100));
window.pageAsideAffix = affix;
});
})();
< / script > <!-- -->
< / div >
< script > ( f u n c t i o n ( ) {
var $root = document.getElementsByClassName('root')[0];
if (window.hasEvent('touchstart')) {
$root.dataset.isTouch = true;
document.addEventListener('touchstart', function(){}, false);
}
})();
< / script >
< / body >
< / html >