yann/yannstatic
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2206546b76
yannstatic/static/2022/04/22/OVH_Starter_vps-732e59e6_debian_11(xoyize.xyz).html

2980 lines
237 KiB
HTML
Raw Normal View History

first commit
2024-10-31 20:18:37 +01:00
<!DOCTYPE html><html lang="fr">
<head><meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no"><title>VPS Starter debian 11 - xoyize.xyz - YannStatic</title>
<meta name="description" content="Serveur web debian + nginx + php + mysql VPS Starter OVH vps-732e59e6.vps.ovh.net 2 GB RAM 20 GB Storage 100 Mbit/s Bandwidth 1 x ...">
<link rel="canonical" href="https://static.rnmkcy.eu/2022/04/22/OVH_Starter_vps-732e59e6_debian_11(xoyize.xyz).html"><link rel="alternate" type="application/rss+xml" title="YannStatic" href="/feed.xml">
<!-- - include head/favicon.html - -->
<link rel="shortcut icon" type="image/png" href="/assets/favicon/favicon.png"><link rel="stylesheet" href="/assets/css/main.css"><link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.0.13/css/all.css" ><!-- start custom head snippets --><link rel="stylesheet" href="/assets/css/expand.css">
<!-- end custom head snippets --><script>(function() {
window.isArray = function(val) {
return Object.prototype.toString.call(val) === '[object Array]';
};
window.isString = function(val) {
return typeof val === 'string';
};
window.hasEvent = function(event) {
return 'on'.concat(event) in window.document;
};
window.isOverallScroller = function(node) {
return node === document.documentElement || node === document.body || node === window;
};
window.isFormElement = function(node) {
var tagName = node.tagName;
return tagName === 'INPUT' || tagName === 'SELECT' || tagName === 'TEXTAREA';
};
window.pageLoad = (function () {
var loaded = false, cbs = [];
window.addEventListener('load', function () {
var i;
loaded = true;
if (cbs.length > 0) {
for (i = 0; i < cbs.length; i++) {
cbs[i]();
}
}
});
return {
then: function(cb) {
cb && (loaded ? cb() : (cbs.push(cb)));
}
};
})();
})();
(function() {
window.throttle = function(func, wait) {
var args, result, thisArg, timeoutId, lastCalled = 0;
function trailingCall() {
lastCalled = new Date;
timeoutId = null;
result = func.apply(thisArg, args);
}
return function() {
var now = new Date,
remaining = wait - (now - lastCalled);
args = arguments;
thisArg = this;
if (remaining <= 0) {
clearTimeout(timeoutId);
timeoutId = null;
lastCalled = now;
result = func.apply(thisArg, args);
} else if (!timeoutId) {
timeoutId = setTimeout(trailingCall, remaining);
}
return result;
};
};
})();
(function() {
var Set = (function() {
var add = function(item) {
var i, data = this._data;
for (i = 0; i < data.length; i++) {
if (data[i] === item) {
return;
}
}
this.size ++;
data.push(item);
return data;
};
var Set = function(data) {
this.size = 0;
this._data = [];
var i;
if (data.length > 0) {
for (i = 0; i < data.length; i++) {
add.call(this, data[i]);
}
}
};
Set.prototype.add = add;
Set.prototype.get = function(index) { return this._data[index]; };
Set.prototype.has = function(item) {
var i, data = this._data;
for (i = 0; i < data.length; i++) {
if (this.get(i) === item) {
return true;
}
}
return false;
};
Set.prototype.is = function(map) {
if (map._data.length !== this._data.length) { return false; }
var i, j, flag, tData = this._data, mData = map._data;
for (i = 0; i < tData.length; i++) {
for (flag = false, j = 0; j < mData.length; j++) {
if (tData[i] === mData[j]) {
flag = true;
break;
}
}
if (!flag) { return false; }
}
return true;
};
Set.prototype.values = function() {
return this._data;
};
return Set;
})();
window.Lazyload = (function(doc) {
var queue = {js: [], css: []}, sources = {js: {}, css: {}}, context = this;
var createNode = function(name, attrs) {
var node = doc.createElement(name), attr;
for (attr in attrs) {
if (attrs.hasOwnProperty(attr)) {
node.setAttribute(attr, attrs[attr]);
}
}
return node;
};
var end = function(type, url) {
var s, q, qi, cbs, i, j, cur, val, flag;
if (type === 'js' || type ==='css') {
s = sources[type], q = queue[type];
s[url] = true;
for (i = 0; i < q.length; i++) {
cur = q[i];
if (cur.urls.has(url)) {
qi = cur, val = qi.urls.values();
qi && (cbs = qi.callbacks);
for (flag = true, j = 0; j < val.length; j++) {
cur = val[j];
if (!s[cur]) {
flag = false;
}
}
if (flag && cbs && cbs.length > 0) {
for (j = 0; j < cbs.length; j++) {
cbs[j].call(context);
}
qi.load = true;
}
}
}
}
};
var load = function(type, urls, callback) {
var s, q, qi, node, i, cur,
_urls = typeof urls === 'string' ? new Set([urls]) : new Set(urls), val, url;
if (type === 'js' || type ==='css') {
s = sources[type], q = queue[type];
for (i = 0; i < q.length; i++) {
cur = q[i];
if (_urls.is(cur.urls)) {
qi = cur;
break;
}
}
val = _urls.values();
if (qi) {
callback && (qi.load || qi.callbacks.push(callback));
callback && (qi.load && callback());
} else {
q.push({
urls: _urls,
callbacks: callback ? [callback] : [],
load: false
});
for (i = 0; i < val.length; i++) {
node = null, url = val[i];
if (s[url] === undefined) {
(type === 'js' ) && (node = createNode('script', { src: url }));
(type === 'css') && (node = createNode('link', { rel: 'stylesheet', href: url }));
if (node) {
node.onload = (function(type, url) {
return function() {
end(type, url);
};
})(type, url);
(doc.head || doc.body).appendChild(node);
s[url] = false;
}
}
}
}
}
};
return {
js: function(url, callback) {
load('js', url, callback);
},
css: function(url, callback) {
load('css', url, callback);
}
};
})(this.document);
})();
</script><script>
(function() {
var TEXT_VARIABLES = {
version: '2.2.6',
sources: {
font_awesome: 'https://use.fontawesome.com/releases/v5.0.13/css/all.css',
jquery: '/assets/js/jquery.min.js',
leancloud_js_sdk: '//cdn.jsdelivr.net/npm/leancloud-storage@3.13.2/dist/av-min.js',
chart: 'https://cdn.bootcss.com/Chart.js/2.7.2/Chart.bundle.min.js',
gitalk: {
js: 'https://cdn.bootcss.com/gitalk/1.2.2/gitalk.min.js',
css: 'https://cdn.bootcss.com/gitalk/1.2.2/gitalk.min.css'
},
valine: 'https://unpkg.com/valine/dist/Valine.min.js'
},
site: {
toc: {
selectors: 'h1,h2,h3'
}
},
paths: {
search_js: '/assets/search.js'
}
};
window.TEXT_VARIABLES = TEXT_VARIABLES;
})();
</script>
</head>
<body>
<div class="root" data-is-touch="false">
<div class="layout--page js-page-root"><!----><div class="page__main js-page-main page__viewport hide-footer has-aside has-aside cell cell--auto">
<div class="page__main-inner"><div class="page__header d-print-none"><header class="header"><div class="main">
<div class="header__title">
<div class="header__brand"><svg id="svg" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="400" height="478.9473684210526" viewBox="0, 0, 400,478.9473684210526"><g id="svgg"><path id="path0" d="M308.400 56.805 C 306.970 56.966,303.280 57.385,300.200 57.738 C 290.906 58.803,278.299 59.676,269.200 59.887 L 260.600 60.085 259.400 61.171 C 258.010 62.428,256.198 63.600,255.645 63.600 C 255.070 63.600,252.887 65.897,252.598 66.806 C 252.460 67.243,252.206 67.600,252.034 67.600 C 251.397 67.600,247.206 71.509,247.202 72.107 C 247.201 72.275,246.390 73.190,245.400 74.138 C 243.961 75.517,243.598 76.137,243.592 77.231 C 243.579 79.293,241.785 83.966,240.470 85.364 C 239.176 86.740,238.522 88.365,237.991 91.521 C 237.631 93.665,236.114 97.200,235.554 97.200 C 234.938 97.200,232.737 102.354,232.450 104.472 C 232.158 106.625,230.879 109.226,229.535 110.400 C 228.933 110.926,228.171 113.162,226.434 119.500 C 226.178 120.435,225.795 121.200,225.584 121.200 C 225.373 121.200,225.200 121.476,225.200 121.813 C 225.200 122.149,224.885 122.541,224.500 122.683 C 223.606 123.013,223.214 123.593,223.204 124.600 C 223.183 126.555,220.763 132.911,219.410 134.562 C 218.443 135.742,217.876 136.956,217.599 138.440 C 217.041 141.424,215.177 146.434,214.532 146.681 C 214.240 146.794,214.000 147.055,214.000 147.261 C 214.000 147.467,213.550 148.086,213.000 148.636 C 212.450 149.186,212.000 149.893,212.000 150.208 C 212.000 151.386,208.441 154.450,207.597 153.998 C 206.319 153.315,204.913 150.379,204.633 147.811 C 204.365 145.357,202.848 142.147,201.759 141.729 C 200.967 141.425,199.200 137.451,199.200 135.974 C 199.200 134.629,198.435 133.224,196.660 131.311 C 195.363 129.913,194.572 128.123,193.870 125.000 C 193.623 123.900,193.236 122.793,193.010 122.540 C 190.863 120.133,190.147 118.880,188.978 115.481 C 188.100 112.928,187.151 111.003,186.254 109.955 C 185.358 108.908,184.518 107.204,183.847 105.073 C 183.280 103.273,182.497 101.329,182.108 100.753 C 181.719 100.177,180.904 98.997,180.298 98.131 C 179.693 97.265,178.939 95.576,178.624 94.378 C 178.041 92.159,177.125 90.326,175.023 87.168 C 174.375 86.196,173.619 84.539,173.342 83.486 C 172.800 81.429,171.529 79.567,170.131 78.785 C 169.654 78.517,168.697 77.511,168.006 76.549 C 167.316 75.587,166.594 74.800,166.402 74.800 C 166.210 74.800,164.869 73.633,163.421 72.206 C 160.103 68.936,161.107 69.109,146.550 69.301 C 133.437 69.474,128.581 70.162,126.618 72.124 C 126.248 72.495,125.462 72.904,124.872 73.033 C 124.282 73.163,123.088 73.536,122.219 73.863 C 121.349 74.191,119.028 74.638,117.061 74.858 C 113.514 75.254,109.970 76.350,108.782 77.419 C 107.652 78.436,100.146 80.400,97.388 80.400 C 95.775 80.400,93.167 81.360,91.200 82.679 C 90.430 83.195,89.113 83.804,88.274 84.031 C 85.875 84.681,78.799 90.910,74.400 96.243 L 73.400 97.456 73.455 106.028 C 73.526 117.055,74.527 121.238,77.820 124.263 C 78.919 125.273,80.400 127.902,80.400 128.842 C 80.400 129.202,81.075 130.256,81.900 131.186 C 83.563 133.059,85.497 136.346,86.039 138.216 C 86.233 138.886,87.203 140.207,88.196 141.153 C 89.188 142.098,90.000 143.104,90.000 143.388 C 90.000 144.337,92.129 148.594,92.869 149.123 C 93.271 149.410,93.600 149.831,93.600 150.059 C 93.600 150.286,93.932 150.771,94.337 151.136 C 94.743 151.501,95.598 153.004,96.237 154.475 C 96.877 155.947,97.760 157.351,98.200 157.596 C 98.640 157.841,99.900 159.943,101.000 162.267 C 102.207 164.817,103.327 166.644,103.825 166.876 C 104.278 167.087,105.065 168.101,105.573 169.130 C 107.658 173.348,108.097 174.093,110.006 176.647 C 111.103 178.114,112.000 179.725,112.000 180.227 C 112.000 181.048,113.425 183.163,114.678 184.200 C 115.295 184.711,117.396 188.733,117.720 190.022 C 117.855 190.562,118.603 191.633,119.381 192.402 C 120.160 193.171,121.496 195.258,122.351 197.039 C 123.206 198.820,124.167 200.378,124.487 200.501 C 124.807 200.624,125.953 202.496,127.034 204.662 C 128.114 206.828,129.676 209.299,130.505 210.153 C 131.333 211.007,132.124 212.177,132.262 212.753 C 132.618 214.239,134.291 217.048,136.288 219.5
" href="/">YannStatic</a></div><!--<button class="button button--secondary button--circle search-button js-search-toggle"><i class="fas fa-search"></i></button>--><!-- <li><button class="button button--secondary button--circle search-button js-search-toggle"><i class="fas fa-search"></i></button></li> -->
<!-- Champ de recherche -->
<div id="searchbox" class="search search--dark" style="visibility: visible">
<div class="main">
<div class="search__header"></div>
<div class="search-bar">
<div class="search-box js-search-box">
<div class="search-box__icon-search"><i class="fas fa-search"></i></div>
<input id="search-input" type="text" />
<!-- <div class="search-box__icon-clear js-icon-clear">
<a><i class="fas fa-times"></i></a>
</div> -->
</div>
</div>
</div>
</div>
<!-- Script pointing to search-script.js -->
<script>/*!
* Simple-Jekyll-Search
* Copyright 2015-2020, Christian Fei
* Licensed under the MIT License.
*/
(function(){
'use strict'
var _$Templater_7 = {
compile: compile,
setOptions: setOptions
}
const options = {}
options.pattern = /\{(.*?)\}/g
options.template = ''
options.middleware = function () {}
function setOptions (_options) {
options.pattern = _options.pattern || options.pattern
options.template = _options.template || options.template
if (typeof _options.middleware === 'function') {
options.middleware = _options.middleware
}
}
function compile (data) {
return options.template.replace(options.pattern, function (match, prop) {
const value = options.middleware(prop, data[prop], options.template)
if (typeof value !== 'undefined') {
return value
}
return data[prop] || match
})
}
'use strict';
function fuzzysearch (needle, haystack) {
var tlen = haystack.length;
var qlen = needle.length;
if (qlen > tlen) {
return false;
}
if (qlen === tlen) {
return needle === haystack;
}
outer: for (var i = 0, j = 0; i < qlen; i++) {
var nch = needle.charCodeAt(i);
while (j < tlen) {
if (haystack.charCodeAt(j++) === nch) {
continue outer;
}
}
return false;
}
return true;
}
var _$fuzzysearch_1 = fuzzysearch;
'use strict'
/* removed: const _$fuzzysearch_1 = require('fuzzysearch') */;
var _$FuzzySearchStrategy_5 = new FuzzySearchStrategy()
function FuzzySearchStrategy () {
this.matches = function (string, crit) {
return _$fuzzysearch_1(crit.toLowerCase(), string.toLowerCase())
}
}
'use strict'
var _$LiteralSearchStrategy_6 = new LiteralSearchStrategy()
function LiteralSearchStrategy () {
this.matches = function (str, crit) {
if (!str) return false
str = str.trim().toLowerCase()
crit = crit.trim().toLowerCase()
return crit.split(' ').filter(function (word) {
return str.indexOf(word) >= 0
}).length === crit.split(' ').length
}
}
'use strict'
var _$Repository_4 = {
put: put,
clear: clear,
search: search,
setOptions: __setOptions_4
}
/* removed: const _$FuzzySearchStrategy_5 = require('./SearchStrategies/FuzzySearchStrategy') */;
/* removed: const _$LiteralSearchStrategy_6 = require('./SearchStrategies/LiteralSearchStrategy') */;
function NoSort () {
return 0
}
const data = []
let opt = {}
opt.fuzzy = false
opt.limit = 10
opt.searchStrategy = opt.fuzzy ? _$FuzzySearchStrategy_5 : _$LiteralSearchStrategy_6
opt.sort = NoSort
opt.exclude = []
function put (data) {
if (isObject(data)) {
return addObject(data)
}
if (isArray(data)) {
return addArray(data)
}
return undefined
}
function clear () {
data.length = 0
return data
}
function isObject (obj) {
return Boolean(obj) && Object.prototype.toString.call(obj) === '[object Object]'
}
function isArray (obj) {
return Boolean(obj) && Object.prototype.toString.call(obj) === '[object Array]'
}
function addObject (_data) {
data.push(_data)
return data
}
function addArray (_data) {
const added = []
clear()
for (let i = 0, len = _data.length; i < len; i++) {
if (isObject(_data[i])) {
added.push(addObject(_data[i]))
}
}
return added
}
function search (crit) {
if (!crit) {
return []
}
return findMatches(data, crit, opt.searchStrategy, opt).sort(opt.sort)
}
function __setOptions_4 (_opt) {
opt = _opt || {}
opt.fuzzy = _opt.fuzzy || false
opt.limit = _opt.limit || 10
opt.searchStrategy = _opt.fuzzy ? _$FuzzySearchStrategy_5 : _$LiteralSearchStrategy_6
opt.sort = _opt.sort || NoSort
opt.exclude = _opt.exclude || []
}
function findMatches (data, crit, strategy, opt) {
const matches = []
for (let i = 0; i < data.length && matches.length < opt.limit; i++) {
const match = findMatchesInObject(data[i], crit, strategy, opt)
if (match) {
matches.push(match)
}
}
return matches
}
function findMatchesInObject (obj, crit, strategy, opt) {
for (const key in obj) {
if (!isExcluded(obj[key], opt.exclude) && strategy.matches(obj[key], crit)) {
return obj
}
}
}
function isExcluded (term, excludedTerms) {
for (let i = 0, len = excludedTerms.length; i < len; i++) {
const excludedTerm = excludedTerms[i]
if (new RegExp(excludedTerm).test(term)) {
return true
}
}
return false
}
/* globals ActiveXObject:false */
'use strict'
var _$JSONLoader_2 = {
load: load
}
function load (location, callback) {
const xhr = getXHR()
xhr.open('GET', location, true)
xhr.onreadystatechange = createStateChangeListener(xhr, callback)
xhr.send()
}
function createStateChangeListener (xhr, callback) {
return function () {
if (xhr.readyState === 4 && xhr.status === 200) {
try {
callback(null, JSON.parse(xhr.responseText))
} catch (err) {
callback(err, null)
}
}
}
}
function getXHR () {
return window.XMLHttpRequest ? new window.XMLHttpRequest() : new ActiveXObject('Microsoft.XMLHTTP')
}
'use strict'
var _$OptionsValidator_3 = function OptionsValidator (params) {
if (!validateParams(params)) {
throw new Error('-- OptionsValidator: required options missing')
}
if (!(this instanceof OptionsValidator)) {
return new OptionsValidator(params)
}
const requiredOptions = params.required
this.getRequiredOptions = function () {
return requiredOptions
}
this.validate = function (parameters) {
const errors = []
requiredOptions.forEach(function (requiredOptionName) {
if (typeof parameters[requiredOptionName] === 'undefined') {
errors.push(requiredOptionName)
}
})
return errors
}
function validateParams (params) {
if (!params) {
return false
}
return typeof params.required !== 'undefined' && params.required instanceof Array
}
}
'use strict'
var _$utils_9 = {
merge: merge,
isJSON: isJSON
}
function merge (defaultParams, mergeParams) {
const mergedOptions = {}
for (const option in defaultParams) {
mergedOptions[option] = defaultParams[option]
if (typeof mergeParams[option] !== 'undefined') {
mergedOptions[option] = mergeParams[option]
}
}
return mergedOptions
}
function isJSON (json) {
try {
if (json instanceof Object && JSON.parse(JSON.stringify(json))) {
return true
}
return false
} catch (err) {
return false
}
}
var _$src_8 = {};
(function (window) {
'use strict'
let options = {
searchInput: null,
resultsContainer: null,
json: [],
success: Function.prototype,
searchResultTemplate: '<li><a href="{url}" title="{desc}">{title}</a></li>',
templateMiddleware: Function.prototype,
sortMiddleware: function () {
return 0
},
noResultsText: 'No results found',
limit: 10,
fuzzy: false,
debounceTime: null,
exclude: []
}
let debounceTimerHandle
const debounce = function (func, delayMillis) {
if (delayMillis) {
clearTimeout(debounceTimerHandle)
debounceTimerHandle = setTimeout(func, delayMillis)
} else {
func.call()
}
}
const requiredOptions = ['searchInput', 'resultsContainer', 'json']
/* removed: const _$Templater_7 = require('./Templater') */;
/* removed: const _$Repository_4 = require('./Repository') */;
/* removed: const _$JSONLoader_2 = require('./JSONLoader') */;
const optionsValidator = _$OptionsValidator_3({
required: requiredOptions
})
/* removed: const _$utils_9 = require('./utils') */;
window.SimpleJekyllSearch = function (_options) {
const errors = optionsValidator.validate(_options)
if (errors.length > 0) {
throwError('You must specify the following required options: ' + requiredOptions)
}
options = _$utils_9.merge(options, _options)
_$Templater_7.setOptions({
template: options.searchResultTemplate,
middleware: options.templateMiddleware
})
_$Repository_4.setOptions({
fuzzy: options.fuzzy,
limit: options.limit,
sort: options.sortMiddleware,
exclude: options.exclude
})
if (_$utils_9.isJSON(options.json)) {
initWithJSON(options.json)
} else {
initWithURL(options.json)
}
const rv = {
search: search
}
typeof options.success === 'function' && options.success.call(rv)
return rv
}
function initWithJSON (json) {
_$Repository_4.put(json)
registerInput()
}
function initWithURL (url) {
_$JSONLoader_2.load(url, function (err, json) {
if (err) {
throwError('failed to get JSON (' + url + ')')
}
initWithJSON(json)
})
}
function emptyResultsContainer () {
options.resultsContainer.innerHTML = ''
}
function appendToResultsContainer (text) {
options.resultsContainer.innerHTML += text
}
function registerInput () {
options.searchInput.addEventListener('input', function (e) {
if (isWhitelistedKey(e.which)) {
emptyResultsContainer()
debounce(function () { search(e.target.value) }, options.debounceTime)
}
})
}
function search (query) {
if (isValidQuery(query)) {
emptyResultsContainer()
render(_$Repository_4.search(query), query)
}
}
function render (results, query) {
const len = results.length
if (len === 0) {
return appendToResultsContainer(options.noResultsText)
}
for (let i = 0; i < len; i++) {
results[i].query = query
appendToResultsContainer(_$Templater_7.compile(results[i]))
}
}
function isValidQuery (query) {
return query && query.length > 0
}
function isWhitelistedKey (key) {
return [13, 16, 20, 37, 38, 39, 40, 91].indexOf(key) === -1
}
function throwError (message) {
throw new Error('SimpleJekyllSearch --- ' + message)
}
})(window)
}());
</script>
<!-- Configuration -->
<script>
SimpleJekyllSearch({
searchInput: document.getElementById('search-input'),
resultsContainer: document.getElementById('results-container'),
json: '/search.json',
//searchResultTemplate: '<li><a href="https://static.rnmkcy.eu{url}">{date}&nbsp;{title}</a></li>'
searchResultTemplate: '<li><a href="{url}">{date}&nbsp;{title}</a></li>'
})
</script>
<!-- Fin déclaration champ de recherche --></div><nav class="navigation">
<ul><li class="navigation__item"><a href="/archive.html">Etiquettes</a></li><li class="navigation__item"><a href="/htmldoc.html">Documents</a></li><li class="navigation__item"><a href="/liens_ttrss.html">Liens</a></li><li class="navigation__item"><a href="/aide-jekyll-text-theme.html">Aide</a></li></ul>
</nav></div>
</header>
</div><div class="page__content"><div class ="main"><div class="grid grid--reverse">
<div class="col-main cell cell--auto"><!-- start custom main top snippet --><div id="results-container" class="search-result js-search-result"></div><!-- end custom main top snippet -->
<article itemscope itemtype="http://schema.org/Article"><div class="article__header"><header><h1 style="color:Tomato;">VPS Starter debian 11 - xoyize.xyz</h1></header></div><meta itemprop="headline" content="VPS Starter debian 11 - xoyize.xyz"><div class="article__info clearfix"><ul class="left-col menu"><li>
<a class="button button--secondary button--pill button--sm"
href="/archive.html?tag=serveur">serveur</a>
</li></ul><ul class="right-col menu"><li>
<i class="far fa-calendar-alt"></i>&nbsp;<span title="Création" style="color:#FF00FF">22&nbsp;avr.&nbsp;&nbsp;2022</span></li></ul></div><meta itemprop="datePublished" content="2022-04-22T00:00:00+02:00">
<meta itemprop="keywords" content="serveur"><div class="js-article-content">
<div class="layout--article"><!-- start custom article top snippet -->
<style>
#myBtn {
display: none;
position: fixed;
bottom: 10px;
right: 10px;
z-index: 99;
font-size: 12px;
font-weight: bold;
border: none;
outline: none;
background-color: white;
color: black;
cursor: pointer;
padding: 5px;
border-radius: 4px;
}
#myBtn:hover {
background-color: #555;
}
</style>
<button onclick="topFunction()" id="myBtn" title="Haut de page">&#8679;</button>
<script>
//Get the button
var mybutton = document.getElementById("myBtn");
// When the user scrolls down 20px from the top of the document, show the button
window.onscroll = function() {scrollFunction()};
function scrollFunction() {
if (document.body.scrollTop > 20 || document.documentElement.scrollTop > 20) {
mybutton.style.display = "block";
} else {
mybutton.style.display = "none";
}
}
// When the user clicks on the button, scroll to the top of the document
function topFunction() {
document.body.scrollTop = 0;
document.documentElement.scrollTop = 0;
}
</script>
<!-- end custom article top snippet -->
<div class="article__content" itemprop="articleBody"><details>
<summary><b>Afficher/cacher Sommaire</b></summary>
<!-- affichage sommaire -->
<div class="toc-aside js-toc-root"></div>
</details><div class="item">
<div class="item__image">
<img class="image--sm" src="/images/vps-starter001.png" />
</div>
<div class="item__content">
<div class="item__header">
<h4>Serveur web debian + nginx + php + mysql</h4>
</div>
<div class="item__description">
<p>VPS Starter OVH vps-732e59e6.vps.ovh.net</p>
<ul>
<li>2 GB RAM</li>
<li>20 GB Storage</li>
<li>100 Mbit/s Bandwidth</li>
<li>1 x vCPU Core</li>
<li>1 x IPv4 Address 141.94.77.162</li>
<li>1 x IPv6 Address 2001:41d0:304:200::27fd</li>
</ul>
</div>
</div>
</div>
<p><img src="/images/debian11-logo.png" alt="" /></p>
<h3 id="connexion-serveur">Connexion serveur</h3>
<p>Connexion ssh</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>ssh debian@141.94.77.162
</code></pre></div></div>
<p>en mode su</p>
<p>Mise à jour</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>apt update &amp;&amp; apt -y upgrade
</code></pre></div></div>
<h3 id="adressage-ipv6">Adressage IPV6</h3>
<p>Désactiver lauto génération du réseau</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>echo "network: {config: disabled}" &gt; /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg
</code></pre></div></div>
<p>Créer le fichier réseau</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>nano /etc/network/interfaces
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code># Include files from /etc/network/interfaces.d:
#source-directory /etc/network/interfaces.d
# Cloud images dynamically generate config fragments for newly
# attached interfaces. See /etc/udev/rules.d/75-cloud-ifupdown.rules
# and /etc/network/cloud-ifupdown-helper. Dynamically generated
# configuration fragments are stored in /run:
#source-directory /run/network/interfaces.d
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug ens3
# add static settings
iface ens3 inet static
address 141.94.77.162
netmask 255.255.255.0
iface ens3 inet6 static
address 2001:41d0:304:200::27fd
netmask 128
post-up /sbin/ip -6 route add 2001:41d0:304:200::1 dev ens3
post-up /sbin/ip -6 route add default via 2001:41d0:304:200::1 dev ens3
pre-down /sbin/ip -6 route del default via 2001:41d0:304:200::1 dev ens3
pre-down /sbin/ip -6 route del 2001:41d0:304:200::1 dev ens3
</code></pre></div></div>
<p>Redémarrer le vps</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>systemctl reboot
</code></pre></div></div>
<p>Se connecter et vérifier</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>ip a
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>1: lo: &lt;LOOPBACK,UP,LOWER_UP&gt; mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens3: &lt;BROADCAST,MULTICAST,UP,LOWER_UP&gt; mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether fa:16:3e:0c:42:37 brd ff:ff:ff:ff:ff:ff
altname enp0s3
inet 141.94.77.162/32 brd 141.94.77.162 scope global dynamic ens3
valid_lft 86235sec preferred_lft 86235sec
inet 141.94.77.162/24 brd 141.94.77.255 scope global ens3
valid_lft forever preferred_lft forever
inet6 2001:41d0:304:200::27fd/128 scope global
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fe0c:4237/64 scope link
valid_lft forever preferred_lft forever
</code></pre></div></div>
<p>Hostname</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo hostnamectl set-hostnamectl "xoyize.xyz"
hostnamectl
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code> Static hostname: xoyize.xyz
Icon name: computer-vm
Chassis: vm
Machine ID: 1927516e0ce84581b64327cd590d79bc
Boot ID: 0358c2d0951c40ee997ac330a5ab70a4
Virtualization: kvm
Operating System: Debian GNU/Linux 11 (bullseye)
Kernel: Linux 5.10.0-13-cloud-amd64
Architecture: x86-64
</code></pre></div></div>
<p>Date et heure UTC</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>timedatectl
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code> Local time: Sun 2022-04-17 08:42:50 UTC
Universal time: Sun 2022-04-17 08:42:50 UTC
RTC time: Sun 2022-04-17 08:42:51
Time zone: Etc/UTC (UTC, +0000)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no
</code></pre></div></div>
<h3 id="openssh-clé-et-script">OpenSSH, clé et script</h3>
<p><img src="/images/ssh_logo1.png" alt="OpenSSH" width="70" /></p>
<p><strong>connexion avec clé</strong><br />
<u>sur l'ordinateur de bureau</u>
Générer une paire de clé curve25519-sha256 (ECDH avec Curve25519 et SHA2) pour une liaison SSH avec le serveur.</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>ssh-keygen -t ed25519 -o -a 100 -f ~/.ssh/xoyize-ed25519
</code></pre></div></div>
<p>Envoyer les clés publiques sur le serveur KVM</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>ssh-copy-id -i ~/.ssh/xoyize-ed25519.pub debian@141.94.77.162
</code></pre></div></div>
<p><u>sur le serveur KVM</u><br />
On se connecte</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>ssh debian@141.94.77.162
</code></pre></div></div>
<p>Modifier la configuration serveur SSH</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo nano /etc/ssh/sshd_config
</code></pre></div></div>
<p>Modifier</p>
<div class="language-conf highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="n">Port</span> = <span class="m">55162</span>
<span class="n">PasswordAuthentication</span> <span class="n">no</span>
</code></pre></div></div>
<p>Relancer le serveur</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo systemctl restart sshd
</code></pre></div></div>
<p>Test connexion</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>ssh -p 55162 -i ~/.ssh/xoyize-ed25519 debian@141.94.77.162
</code></pre></div></div>
<h3 id="utilitaires">Utilitaires</h3>
<p>Installer utilitaires</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo apt install rsync curl tmux jq figlet git
</code></pre></div></div>
<h3 id="motd">Motd</h3>
<p>Effacer et créer motd</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo rm /etc/motd &amp;&amp; sudo nano /etc/motd
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code> _
__ __ ___ _ _ (_) ___ ___ __ __ _ _ ___
\ \ // _ \| || || ||_ // -_) _ \ \ /| || ||_ /
/_\_\\___/ \_, ||_|/__|\___|(_)/_\_\ \_, |/__|
|__/ |__/
_ _ _ _ ___ _ _ ____ ____ _ __ ___
/ || | | / | / _ \| | | |__ ||__ | / | / / |_ )
| ||_ _|| | _\_, /|_ _|_ / / / /_ | |/ _ \ / /
|_| |_| |_|(_)/_/ |_|(_)/_/ /_/(_)|_|\___//___|
</code></pre></div></div>
<p>Script ssh_rc_bash</p>
<blockquote>
<p>ATTENTION!!! Les scripts sur connexion peuvent poser des problèmes pour des appels externes autres que ssh</p>
</blockquote>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code>wget https://static.xoyaz.xyz/files/ssh_rc_bash
<span class="nb">chmod</span> +x ssh_rc_bash <span class="c"># rendre le bash exécutable</span>
./ssh_rc_bash <span class="c"># exécution</span>
</code></pre></div></div>
<p><img src="/images/vps-732e59e6.png" alt="" /></p>
<h3 id="zone-dns-ovh">Zone DNS OVH</h3>
<p><img src="/images/dns-logo.png" alt="dns" width="30" /></p>
<pre><code class="language-dns">$TTL 3600
@ IN SOA dns106.ovh.net. tech.ovh.net. (2022041500 86400 3600 3600000 300)
IN NS ns106.ovh.net.
IN NS dns106.ovh.net.
IN A 141.94.77.162
IN AAAA 2001:41d0:304:200::27fd
IN CAA 128 issue "letsencrypt.org"
* IN A 141.94.77.162
* IN AAAA 2001:41d0:304:200::27fd
</code></pre>
<h3 id="parefeu-ufw">Parefeu UFW</h3>
<p><img src="/images/ufw-logo.png" alt="ufw" width="50" /></p>
<p><em>UFW, ou pare - feu simple , est une interface pour gérer les règles de pare-feu dans Arch Linux, Debian ou Ubuntu. UFW est utilisé via la ligne de commande (bien quil dispose dinterfaces graphiques disponibles), et vise à rendre la configuration du pare-feu facile.</em></p>
<p>Installation <strong>Debian / Ubuntu</strong></p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo apt install ufw
</code></pre></div></div>
<p><em>Par défaut, les jeux de règles dUFW sont vides, de sorte quil napplique aucune règle de pare-feu, même lorsque le démon est en cours dexécution.</em></p>
<p>Les règles</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">sudo </span>ufw allow 55162/tcp <span class="c"># port SSH</span>
<span class="nb">sudo </span>ufw allow http <span class="c"># port 80</span>
<span class="nb">sudo </span>ufw allow https <span class="c"># port 443</span>
<span class="nb">sudo </span>ufw allow DNS <span class="c"># port 53</span>
</code></pre></div></div>
<p>Activer le parefeu</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo ufw enable
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup
</code></pre></div></div>
<p>Status</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code> sudo ufw status verbose
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
To Action From
-- ------ ----
55162/tcp ALLOW IN Anywhere
80/tcp ALLOW IN Anywhere
443 ALLOW IN Anywhere
53 (DNS) ALLOW IN Anywhere
55162/tcp (v6) ALLOW IN Anywhere (v6)
80/tcp (v6) ALLOW IN Anywhere (v6)
443 (v6) ALLOW IN Anywhere (v6)
53 (DNS (v6)) ALLOW IN Anywhere (v6)
</code></pre></div></div>
<h3 id="nginx-compilation-php8-mariadb">Nginx compilation, PHP8, MariaDB</h3>
<h4 id="nginx-compilé">Nginx compilé</h4>
<p><img src="/images/nginx-logo.png" alt="" width="50" /></p>
<p>Utilisateur avec droits sudo</p>
<p>Télécharger le bash</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>wget https://static.xoyaz.xyz/files/compilation-nginx-tls1.3.sh
chmod +x compilation-nginx-tls1.3.sh # rendre le bash exécutable
./compilation-nginx-tls1.3.sh # exécution
</code></pre></div></div>
<p>A la fin de la compilation</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>Versions Nginx OpenSSL
nginx version: nginx/1.20.2
OpenSSL 1.1.1n 15 Mar 2022
</code></pre></div></div>
<h4 id="php8-et-composer">PHP8 et composer</h4>
<p><img src="/images/php8-logo.png" alt="" /></p>
<p>Ajout du dépôt sury.org</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo -s
</code></pre></div></div>
<p>Pour installer la version de 8 de php, ajouter le dépôt sury.</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code>apt <span class="nb">install</span> <span class="nt">-y</span> lsb-release apt-transport-https ca-certificates wget
wget <span class="nt">-O</span> /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
<span class="nb">echo</span> <span class="s2">"deb https://packages.sury.org/php/ </span><span class="si">$(</span>lsb_release <span class="nt">-sc</span><span class="si">)</span><span class="s2"> main"</span> |tee /etc/apt/sources.list.d/php.list
</code></pre></div></div>
<p>Mise à jour des dépôts :</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>apt update &amp;&amp; apt upgrade -y
</code></pre></div></div>
<p>Installation de php8.1, php8.1-fpm, php8.1-sqlite3 et les paquets PHP nécessaires à nextcloud</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>apt -y install php8.1 php8.1-fpm php8.1-sqlite3 php8.1-cli php8.1-gd php8.1-imap php8.1-mysql php8.1-soap php8.1-apcu php8.1-common php8.1-gmp php8.1-intl php8.1-opcache php8.1-xml php8.1-curl php8.1-igbinary php8.1-readline php8.1-zip php8.1-bcmath php8.1-imagick php8.1-mbstring php8.1-redis imagemagick
</code></pre></div></div>
<p class="warning">Nextcloud naccepte pas les versions PHP &gt; 8.0</p>
<p>Composer</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code>wget https://getcomposer.org/download/latest-stable/composer.phar
<span class="nb">chmod</span> +x composer.phar
<span class="nb">mv </span>composer.phar /usr/local/bin/composer
</code></pre></div></div>
<p><img src="/images/composer-version235.png" alt="composer" /></p>
<h4 id="mariadb">MariaDB</h4>
<p><img src="/images/mariadb-logo.png" alt="" width="50" /><br />
installer les paquets de MariaDB</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo apt install mariadb-server
</code></pre></div></div>
<p>Une fois que linstallation des composants est terminée, tapez la commande suivante pour finaliser la configuration.</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo mysql_secure_installation
</code></pre></div></div>
<p>Tapez Enter directement à la première question car le mot de passe de lutilisateur root de MariaDB est vide par défaut après linstallation.<br />
Puis répondez Y à la question suivante pour spécifier le mot de passe de lutilisateur root de MariaDB qui, une fois de plus, est différent de lutilisateur root de votre Debian.<br />
Cet utilisateur root de la base de données aura tous les droits daccès. Pour des raisons évidentes de sécurité, je vous recommande dutiliser un mot de passe complexe !<br />
Et vous pouvez répondre Y à toutes les questions suivantes: les connexions anonymes seront désactivées, ainsi que les connexions root qui se font depuis un serveur autre que le votre…</p>
<h3 id="certificats-lets-encrypt">Certificats Lets Encrypt</h3>
<p><img src="/images/letsencrypt-logo1.png" alt="letsencrypt" width="80" /></p>
<p>Installation gestionnaire des certificats Lets Encrypt</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">cd</span> ~
<span class="nb">sudo </span>apt <span class="nb">install </span>socat <span class="c"># installé par défaut sur debian 11</span>
git clone https://github.com/acmesh-official/acme.sh.git
<span class="nb">cd </span>acme.sh
./acme.sh <span class="nt">--install</span>
</code></pre></div></div>
<p>Se déconnecter puis se reconnecter utilisateur</p>
<p>Les clés OVH API</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>export OVH_AK="xxxxxxxxxxxxxxxxxx"
export OVH_AS="yyyyyyyyyyyyyyyyyyyyyyyyyyyy"
</code></pre></div></div>
<p>Génération des certificats</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>acme.sh --dns dns_ovh --server letsencrypt --issue --keylength ec-384 -d 'xoyize.xyz' -d '*.xoyize.xyz'
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>[...]
[mar. 22 févr. 2022 15:23:38 CET] Please open this link to do authentication: https://eu.api.ovh.com/auth/?credentialToken=vIuaavkgBGdip2UEPjSev9WhruI2REfzawQy31tV7mkOAVnj5NQUwD0XKUFKbaI1
[...]
</code></pre></div></div>
<p>Après authentification relancer la commande</p>
<p>Résultat de linstallation</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>[Sun Apr 17 11:40:04 UTC 2022] Your cert is in: /home/debian/.acme.sh/xoyize.xyz_ecc/xoyize.xyz.cer
[Sun Apr 17 11:40:04 UTC 2022] Your cert key is in: /home/debian/.acme.sh/xoyize.xyz_ecc/xoyize.xyz.key
[Sun Apr 17 11:40:04 UTC 2022] The intermediate CA cert is in: /home/debian/.acme.sh/xoyize.xyz_ecc/ca.cer
[Sun Apr 17 11:40:04 UTC 2022] And the full chain certs is there: /home/debian/.acme.sh/xoyize.xyz_ecc/fullchain.cer
</code></pre></div></div>
<p>Installation des certificats</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo mkdir -p /etc/ssl/private/
sudo chown $USER -R /etc/ssl/private/
acme.sh --ecc --install-cert -d 'xoyize.xyz' -d '*.xoyize.xyz' --key-file /etc/ssl/private/xoyize.xyz-key.pem --fullchain-file /etc/ssl/private/xoyize.xyz-fullchain.pem --reloadcmd 'sudo systemctl reload nginx.service'
</code></pre></div></div>
<p>Résultat</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>[Sun Apr 17 11:41:11 UTC 2022] Installing key to: /etc/ssl/private/xoyize.xyz-key.pem
[Sun Apr 17 11:41:11 UTC 2022] Installing full chain to: /etc/ssl/private/xoyize.xyz-fullchain.pem
[Sun Apr 17 11:41:11 UTC 2022] Run reload cmd: sudo systemctl reload nginx.service
[Sun Apr 17 11:41:12 UTC 2022] Reload success
</code></pre></div></div>
<p class="warning">Supprimer ` reloadcmd sudo systemctl reload nginx.service` à la ligne précédente si Nginx nest pas installé</p>
<p>Editer le crontab, supprimer la ligne existante et ajouter ce qui suit</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>crontab -e
</code></pre></div></div>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code>2 0 <span class="k">*</span> <span class="k">*</span> <span class="k">*</span> <span class="s2">"/home/debian/.acme.sh"</span>/acme.sh <span class="nt">--cron</span> <span class="nt">--home</span> <span class="s2">"/home/debian/.acme.sh"</span> <span class="nt">--renew-hook</span> <span class="s2">"/home/debian/.acme.sh/acme.sh --ecc --install-cert -d 'xoyize.xyz' -d '*.xoyize.xyz' --key-file /etc/ssl/private/xoyize.xyz-key.pem --fullchain-file /etc/ssl/private/xoyize.xyz-fullchain.pem --reloadcmd 'sudo systemctl reload nginx.service'"</span> <span class="o">&gt;</span> /dev/null
</code></pre></div></div>
<h3 id="configuration-nginx">Configuration nginx</h3>
<p>On va regrouper TLS/SSL, HSTS et OCSP dans le fichier de configuration global <code class="language-plaintext highlighter-rouge">/etc/nginx/tls-hsts-ocsp.conf</code></p>
<div class="language-nginx highlighter-rouge"><div class="highlight"><pre class="highlight"><code> <span class="c1"># Certificats Let's Encrypt </span>
<span class="k">ssl_certificate</span> <span class="n">/etc/ssl/private/xoyize.xyz-fullchain.pem</span><span class="p">;</span>
<span class="k">ssl_certificate_key</span> <span class="n">/etc/ssl/private/xoyize.xyz-key.pem</span><span class="p">;</span>
<span class="c1"># TLS 1.3 only</span>
<span class="k">ssl_protocols</span> <span class="s">TLSv1.3</span><span class="p">;</span>
<span class="k">ssl_prefer_server_ciphers</span> <span class="no">off</span><span class="p">;</span>
<span class="c1"># HSTS (ngx_http_headers_module is required) (63072000 seconds)</span>
<span class="k">add_header</span> <span class="s">Strict-Transport-Security</span> <span class="s">"max-age=63072000"</span> <span class="s">always</span><span class="p">;</span>
<span class="c1"># OCSP stapling</span>
<span class="k">ssl_stapling</span> <span class="no">on</span><span class="p">;</span>
<span class="k">ssl_stapling_verify</span> <span class="no">on</span><span class="p">;</span>
<span class="c1"># verify chain of trust of OCSP response using Root CA and Intermediate certs</span>
<span class="k">ssl_trusted_certificate</span> <span class="n">/etc/ssl/private/xoyize.xyz-fullchain.pem</span><span class="p">;</span>
<span class="c1"># replace with the IP address of your resolver</span>
<span class="k">resolver</span> <span class="mf">1.1</span><span class="s">.1.1</span><span class="p">;</span>
</code></pre></div></div>
<p><strong>xoyize.xyz.conf</strong></p>
<p>Créer le fichier <code class="language-plaintext highlighter-rouge">/etc/nginx/conf.d/xoyize.xyz.conf</code></p>
<div class="language-nginx highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">server</span> <span class="p">{</span>
<span class="kn">listen</span> <span class="mi">80</span><span class="p">;</span>
<span class="kn">listen</span> <span class="s">[::]:80</span><span class="p">;</span>
<span class="kn">server_name</span> <span class="s">xoyize.xyz</span><span class="p">;</span>
<span class="kn">return</span> <span class="mi">301</span> <span class="s">https://</span><span class="nv">$host$request_uri</span><span class="p">;</span>
<span class="p">}</span>
<span class="k">server</span> <span class="p">{</span>
<span class="kn">listen</span> <span class="mi">443</span> <span class="s">ssl</span> <span class="s">http2</span><span class="p">;</span>
<span class="kn">listen</span> <span class="s">[::]:443</span> <span class="s">ssl</span> <span class="s">http2</span><span class="p">;</span>
<span class="kn">server_name</span> <span class="s">xoyize.xyz</span><span class="p">;</span>
<span class="kn">root</span> <span class="n">/var/www/default-www</span><span class="p">;</span>
<span class="kn">index</span> <span class="s">index.html</span> <span class="s">index.php</span><span class="p">;</span>
<span class="c1"># Certificats Let's Encrypt </span>
<span class="c1"># TLS 1.3 only</span>
<span class="c1"># HSTS (ngx_http_headers_module is required) (63072000 seconds)</span>
<span class="c1"># OCSP stapling</span>
<span class="c1"># replace with the IP address of your resolver</span>
<span class="kn">include</span> <span class="n">/etc/nginx/tls-hsts-ocsp.conf</span><span class="p">;</span>
<span class="c1"># fichiers de configuration</span>
<span class="kn">include</span> <span class="n">/etc/nginx/conf.d/xoyize.xyz.d/*.conf</span><span class="p">;</span>
<span class="kn">location</span> <span class="p">~</span> <span class="sr">\.php$</span> <span class="p">{</span>
<span class="kn">include</span> <span class="s">php_fastcgi.conf</span><span class="p">;</span>
<span class="kn">fastcgi_pass</span> <span class="s">unix:/run/php/php8.1-fpm.sock</span><span class="p">;</span>
<span class="p">}</span>
<span class="p">}</span>
</code></pre></div></div>
<p>Créer le sous-dossier</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo mkdir -p /etc/nginx/conf.d/xoyize.xyz.d/
</code></pre></div></div>
<p>Vérifier</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo nginx -t
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
</code></pre></div></div>
<p>Recharger nginx</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo systemctl reload nginx
</code></pre></div></div>
<h3 id="page-daccueil-xoyizexyz">Page daccueil xoyize.xyz</h3>
<p>Déposer une image <code class="language-plaintext highlighter-rouge">wallpaper.jpg</code> dans le dossier <code class="language-plaintext highlighter-rouge">/var/www/default-www</code></p>
<p>Créer un fichier <code class="language-plaintext highlighter-rouge">/var/www/default-www/index.html</code></p>
<div class="language-html highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="cp">&lt;!DOCTYPE html&gt;</span>
<span class="nt">&lt;html&gt;</span>
<span class="nt">&lt;head&gt;</span>
<span class="nt">&lt;meta</span> <span class="na">charset=</span><span class="s">"UTF-8"</span><span class="nt">&gt;</span>
<span class="nt">&lt;title&gt;</span>xoyize.xyz<span class="nt">&lt;/title&gt;</span>
<span class="nt">&lt;style </span><span class="na">type=</span><span class="s">"text/css"</span> <span class="na">media=</span><span class="s">"screen"</span> <span class="nt">&gt;</span>
<span class="nt">html</span> <span class="p">{</span>
<span class="nl">margin</span><span class="p">:</span><span class="m">0</span><span class="p">;</span>
<span class="nl">padding</span><span class="p">:</span><span class="m">0</span><span class="p">;</span>
<span class="nl">background</span><span class="p">:</span> <span class="sx">url(wallpaper.jpg)</span> <span class="nb">no-repeat</span> <span class="nb">center</span> <span class="nb">fixed</span><span class="p">;</span>
<span class="nl">-webkit-background-size</span><span class="p">:</span> <span class="n">cover</span><span class="p">;</span> <span class="c">/* pour anciens Chrome et Safari */</span>
<span class="nl">background-size</span><span class="p">:</span> <span class="n">cover</span><span class="p">;</span> <span class="c">/* version standardisée */</span>
<span class="p">}</span>
<span class="nt">body</span> <span class="p">{</span> <span class="nl">color</span><span class="p">:</span> <span class="no">white</span><span class="p">;</span> <span class="p">}</span>
<span class="nt">a</span><span class="nd">:link</span> <span class="p">{</span>
<span class="nl">color</span><span class="p">:</span> <span class="n">grey</span><span class="p">;</span>
<span class="nl">background-color</span><span class="p">:</span> <span class="nb">transparent</span><span class="p">;</span>
<span class="nl">text-decoration</span><span class="p">:</span> <span class="nb">none</span><span class="p">;</span>
<span class="p">}</span>
<span class="nt">a</span> <span class="p">{</span>
<span class="nl">text-decoration</span><span class="p">:</span> <span class="nb">underline</span><span class="p">;</span>
<span class="nl">background-color</span><span class="p">:</span> <span class="nb">transparent</span><span class="p">;</span>
<span class="nl">color</span><span class="p">:</span> <span class="m">#a00</span><span class="p">;</span>
<span class="p">}</span>
<span class="nt">a</span><span class="nd">:visited</span> <span class="p">{</span>
<span class="nl">color</span><span class="p">:</span> <span class="m">#844</span><span class="p">;</span>
<span class="p">}</span>
<span class="nt">a</span><span class="nd">:hover</span><span class="o">,</span> <span class="nt">a</span><span class="nd">:focus</span><span class="o">,</span> <span class="nt">a</span><span class="nd">:active</span> <span class="p">{</span>
<span class="nl">text-decoration</span><span class="p">:</span> <span class="nb">none</span><span class="p">;</span>
<span class="nl">color</span><span class="p">:</span> <span class="no">white</span><span class="p">;</span>
<span class="nl">background</span><span class="p">:</span> <span class="m">#800</span><span class="p">;</span>
<span class="p">}</span>
<span class="nt">&lt;/style&gt;</span>
<span class="nt">&lt;/head&gt;</span>
<span class="nt">&lt;body&gt;</span>
<span class="nt">&lt;h1&gt;</span>Serveur xoyize.xyz<span class="nt">&lt;/h1&gt;</span>
<span class="nt">&lt;/body&gt;</span>
<span class="nt">&lt;/html&gt;</span>
</code></pre></div></div>
<p>Lien <a href="https://xoyize.xyz">https://xoyize.xyz</a> <br />
<img src="/images/xoyize_xyz.png" alt="" width="500" /></p>
<h3 id="fail2ban">Fail2Ban</h3>
<p>Le fichier de configuration principal est le jail.conf mais nous nallons pas lutiliser directement car ce fichier est souvent altéré après les mises à niveau. Pour cela nous allons faire une copie de ce fichier et le nommer jail.local avec la commande ci-après: cp jail.conf jail.local (en étant dans le répertoire /etc/fail2ban)</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
</code></pre></div></div>
<p>Nous allons à présent définir nos options dans le fichier jail.local
Les options à définir sont en dessous de la section <code class="language-plaintext highlighter-rouge">[DEFAULT]</code> (la section qui vient après <code class="language-plaintext highlighter-rouge">[INCLUDES]</code> )</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo nano /etc/fail2ban/jail.local
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code># "bantime" is the number of seconds that a host is banned.
bantime = 10m
# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime = 10m
# "maxretry" is the number of failures before a host get banned.
maxretry = 5
</code></pre></div></div>
<p>Et ajouter les lignes suivantes en fin de fichier</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>[ssh]
enabled = true
port = 55162
filter = sshd
logpath = /var/log/auth.log
[ssh-ddos]
enabled = true
port = 55145
filter = sshd-ddos
logpath = /var/log/auth.log
#
# HTTP servers
#
[nginx-auth]
enabled = true
filter = nginx-auth
action = iptables-multiport[name=NoAuthFailures, port="http,https"]
logpath = /var/log/nginx/*error*.log
[nginx-login]
enabled = false
filter = nginx-login
action = iptables-multiport[name=NoLoginFailures, port="http,https"]
logpath = /var/log/nginx/*access*.log
[nginx-badbots]
enabled = true
filter = apache-badbots
action = iptables-multiport[name=BadBots, port="http,https"]
logpath = /var/log/nginx/*access*.log
maxretry = 1
[nginx-proxy]
enabled = true
action = iptables-multiport[name=NoProxy, port="http,https"]
filter = nginx-proxy
logpath = /var/log/nginx/*access*.log
maxretry = 0
[nginx-dos]
enabled = true
port = http
filter = nginx-dos
logpath = /var/log/nginx/*access*.log
findtime = 120
maxretry = 200
</code></pre></div></div>
<p>Configuration des filtres</p>
<p>Les fichiers de configuration de filtre sont stockés dans <code class="language-plaintext highlighter-rouge">/etc/fail2ban/filter.d/</code></p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">cat</span> <span class="o">&gt;</span> /etc/fail2ban/filter.d/nginx-auth.conf <span class="o">&lt;&lt;</span> <span class="no">EOF</span><span class="sh">
#
# Auth filter /etc/fail2ban/filter.d/nginx-auth.conf:
#
# Blocks IPs that makes too much accesses to the server
#
[Definition]
failregex = ^&lt;HOST&gt; -.*"(GET|POST).*HTTP.*"
ignoreregex =
</span><span class="no">EOF
</span><span class="nb">cat</span> <span class="o">&gt;</span> /etc/fail2ban/filter.d/nginx-dos.conf <span class="o">&lt;&lt;</span> <span class="no">EOF</span><span class="sh">
#
# Ddos filter /etc/fail2ban/filter.d/nginx-dos.conf:
#
# Block IPs trying to ddos the server.
#
#
[Definition]
failregex = ^&lt;HOST&gt; -.*"(GET|POST).*HTTP.*"
ignoreregex =
</span><span class="no">EOF
</span><span class="nb">cat</span> <span class="o">&gt;</span> /etc/fail2ban/filter.d/nginx-login.conf <span class="o">&lt;&lt;</span> <span class="no">EOF</span><span class="sh">
#
# Login filter /etc/fail2ban/filter.d/nginx-login.conf:
#
# Blocks IPs that fail to authenticate using web application's log in page
#
# Scan access log for HTTP 200 + POST /sessions =&gt; failed log in
#
[Definition]
failregex = ^&lt;HOST&gt; -.*POST /wp-login.php.* HTTP/1</span><span class="se">\.</span><span class="sh">." 200
ignoreregex =
</span><span class="no">EOF
</span><span class="nb">cat</span> <span class="o">&gt;</span> /etc/fail2ban/filter.d/nginx-noscript.conf <span class="o">&lt;&lt;</span> <span class="no">EOF</span><span class="sh">
#
# Noscript filter /etc/fail2ban/filter.d/nginx-noscript.conf:
#
# Block IPs trying to execute scripts such as .php, .pl, .exe and other funny scripts.
#
# Matches e.g.
# 192.168.1.1 - - "GET /something.php
#
[Definition]
failregex = ^&lt;HOST&gt; -.*GET.*(</span><span class="se">\.</span><span class="sh">php|</span><span class="se">\.</span><span class="sh">asp|</span><span class="se">\.</span><span class="sh">exe|</span><span class="se">\.</span><span class="sh">pl|</span><span class="se">\.</span><span class="sh">cgi|</span><span class="se">\s</span><span class="sh">cgi)
ignoreregex =
</span><span class="no">EOF
</span><span class="nb">cat</span> <span class="o">&gt;</span> /etc/fail2ban/filter.d/nginx-proxy.conf <span class="o">&lt;&lt;</span> <span class="no">EOF</span><span class="sh">
#
# Proxy filter /etc/fail2ban/filter.d/nginx-proxy.conf:
#
# Block IPs trying to use server as proxy.
#
# Matches e.g.
# 192.168.1.1 - - "GET http://www.something.com/
#
[Definition]
failregex = ^&lt;HOST&gt; -.*GET http.*
ignoreregex =
</span><span class="no">EOF
</span><span class="nb">cat</span> <span class="o">&gt;</span> /etc/fail2ban/filter.d/sshd-ddos.conf <span class="o">&lt;&lt;</span> <span class="no">EOF</span><span class="sh">
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "&lt;HOST&gt;" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P&lt;host&gt;[</span><span class="se">\w\-</span><span class="sh">.^_]+)
# Values: TEXT
#
failregex = sshd(?:</span><span class="se">\[\d</span><span class="sh">+</span><span class="se">\]</span><span class="sh">)?: Did not receive identification string from &lt;HOST&gt;$
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
</span><span class="no">EOF
</span></code></pre></div></div>
<p>Après les modifications, relancer fail2ban</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>systemctl restart fail2ban
</code></pre></div></div>
<p>Tester les règles fail2ban</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>fail2ban-client -d
</code></pre></div></div>
<p>Statut</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>systemctl status fail2ban
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>● fail2ban.service - Fail2Ban Service
Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2022-04-17 16:53:00 UTC; 49s ago
Docs: man:fail2ban(1)
Process: 47209 ExecStartPre=/bin/mkdir -p /run/fail2ban (code=exited, status=0/SUCCESS)
Main PID: 47210 (fail2ban-server)
Tasks: 17 (limit: 2302)
Memory: 22.8M
CPU: 331ms
CGroup: /system.slice/fail2ban.service
└─47210 /usr/bin/python3 /usr/bin/fail2ban-server -xf start
Apr 17 16:53:00 xoyize.xyz systemd[1]: Starting Fail2Ban Service...
Apr 17 16:53:00 xoyize.xyz systemd[1]: Started Fail2Ban Service.
Apr 17 16:53:00 xoyize.xyz fail2ban-server[47210]: Server ready
</code></pre></div></div>
<h3 id="tiny-tiny-rss">Tiny Tiny RSS</h3>
<p><a href="/2022/04/12/Flux-RSS-Tiny-Tiny-RSS-avec-Nginx-PHP-FPM-et-MariaDB">Flux RSS - Tiny Tiny RSS Nginx PHP-FPM MariaDB</a><br />
<em>Côté client, seul un navigateur est nécessaire, côté serveur, Tiny Tiny RSS a besoin dun serveur web (Nginx), de PHP, dune interface permettant la communication entre le serveur web et PHP (PHP-FPM) et dune base de données (MariaDB). Amélioration des performances de tt-rss grâce à OPCache ,sécurisation des échanges grâce à un certificat SSL/TLS.</em></p>
<p>PHP8.0 pour <strong>Tiny Tiny RSS</strong></p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo apt-get install php8.0-fpm php8.0-cli php8.0-mysql php8.0-xml php8.0-mbstring php8.0-curl php8.0-gd php8.0-intl
</code></pre></div></div>
<p>Télécharger les sources de tt-rss dans le root du site web :</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo -s
# git clone https://git-gitea.tt-rss.org/schafdog/tt-rss /var/www/ttrss
git clone https://gitea.cinay.eu/yann/ttrss /var/www/ttrss
</code></pre></div></div>
<p>Modifier le propriétaire du répertoire /var/www/ttrss et lattribuer à un nouvel utilisateur dédié ttrss
Nginx est lancé sous lutilisateur www-data et doit avoir accès en lecture au répertoire /var/www/ttrss pour lire les ressources statiques (HTML, CSS, JS, etc.).
Attribuer le répertoire /var/www/ttrss au groupe www-data.</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code>useradd ttrss <span class="c"># création utilisateur dédié ttrss</span>
<span class="nb">chown</span> <span class="nt">-R</span> ttrss:www-data /var/www/ttrss <span class="c"># changement de propriétaire par ttrss et groupe par www-data</span>
</code></pre></div></div>
<p>Retirer toutes les permissions de ce répertoire aux autres utilisateurs.</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>chmod -R o-rwx /var/www/ttrss
</code></pre></div></div>
<p>Création des répertoires spécifiques</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>mkdir /var/www/ttrss/cache
mkdir -p /var/www/ttrss/cache/{export,feeds,images,upload}
chmod 777 -R /var/www/ttrss/cache # droits complets
mkdir -p /var/www/ttrss/{lock,feed-icons}
chmod 777 -R /var/www/ttrss/{lock,feed-icons}
</code></pre></div></div>
<p>Création du pool php-fpm dédié à Tiny Tiny RSS</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>nano /etc/php/8.0/fpm/pool.d/ttrss.conf
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>[ttrss]
listen = /run/php/php8.0-fpm-ttrss.sock
listen.owner = ttrss
listen.group = www-data
user = ttrss
group = www-data
pm = ondemand
pm.max_children = 6
pm.process_idle_timeout = 60s
pm.max_requests = 500
</code></pre></div></div>
<p>PHP - OPcache</p>
<p>Vérifier et/ou activer option opcache</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>nano /etc/php/8.0/fpm/php.ini
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>[opcache]
opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1
</code></pre></div></div>
<p>Redémarrer le service php-fpm</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>systemctl restart php8.0-fpm.service
</code></pre></div></div>
<p>Connexion mariadb et créer la base de données ttrss</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>mysql -uroot -e "CREATE DATABASE ttrss;"
</code></pre></div></div>
<p>à partir dune sauvegarde</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>mysql -uroot &lt; ttrss.sql
</code></pre></div></div>
<p>Créer un utilisateur MySQL ttrss dédié à la base de données ttrss, renseigner un mot de passe et ensuite lui donner les droits sur cette base de données :</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>mysql -uroot -e "CREATE USER 'ttrss'@'localhost'; SET password FOR 'ttrss'@'localhost' = password('mon_password'); GRANT ALL PRIVILEGES ON ttrss.* TO 'ttrss'@'localhost' IDENTIFIED BY 'mon_password_base_ttrss'; FLUSH PRIVILEGES;"
</code></pre></div></div>
<p>Configuration ttrss</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>/var/www/ttrss/config.php
</code></pre></div></div>
<div class="language-php highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="cp">&lt;?php</span>
<span class="c1">// *******************************************</span>
<span class="c1">// *** Database configuration (important!) ***</span>
<span class="c1">// *******************************************</span>
<span class="nb">putenv</span><span class="p">(</span><span class="s1">'TTRSS_DB_TYPE=mysql'</span><span class="p">);</span> <span class="c1">// or mysql</span>
<span class="nb">putenv</span><span class="p">(</span><span class="s1">'TTRSS_DB_HOST=localhost'</span><span class="p">);</span>
<span class="nb">putenv</span><span class="p">(</span><span class="s1">'TTRSS_DB_USER=ttrss'</span><span class="p">);</span>
<span class="nb">putenv</span><span class="p">(</span><span class="s1">'TTRSS_DB_NAME=ttrss'</span><span class="p">);</span>
<span class="nb">putenv</span><span class="p">(</span><span class="s1">'TTRSS_DB_PASS=mon_password_base_ttrss'</span><span class="p">);</span>
<span class="nb">putenv</span><span class="p">(</span><span class="s1">'TTRSS_DB_PORT=3306'</span><span class="p">);</span> <span class="c1">// usually 5432 for PostgreSQL, 3306 for MySQL</span>
<span class="nb">putenv</span><span class="p">(</span><span class="s1">'TTRSS_MYSQL_CHARSET=UTF8'</span><span class="p">);</span>
<span class="c1">// Connection charset for MySQL. If you have a legacy database and/or experience</span>
<span class="c1">// garbage unicode characters with this option, try setting it to a blank string.</span>
<span class="c1">// ***********************************</span>
<span class="c1">// *** Basic settings (important!) ***</span>
<span class="c1">// ***********************************</span>
<span class="nb">putenv</span><span class="p">(</span><span class="s1">'TTRSS_SELF_URL_PATH=https://rss.ouestyan.xyz'</span><span class="p">);</span>
<span class="c1">// Full URL of your tt-rss installation. This should be set to the</span>
<span class="c1">// location of tt-rss directory, e.g. http://example.org/tt-rss/</span>
<span class="c1">// You need to set this option correctly otherwise several features</span>
<span class="c1">// including PUSH, bookmarklets and browser integration will not work properly.</span>
<span class="nb">putenv</span><span class="p">(</span><span class="s1">'TTRSS_SINGLE_USER_MODE=false'</span><span class="p">);</span>
<span class="c1">// Operate in single user mode, disables all functionality related to</span>
<span class="c1">// multiple users and authentication. Enabling this assumes you have</span>
<span class="c1">// your tt-rss directory protected by other means (e.g. http auth).</span>
<span class="nb">putenv</span><span class="p">(</span><span class="s1">'TTRSS_SIMPLE_UPDATE_MODE=false'</span><span class="p">);</span>
<span class="c1">// Enables fallback update mode where tt-rss tries to update feeds in</span>
<span class="c1">// background while tt-rss is open in your browser. </span>
<span class="c1">// If you don't have a lot of feeds and don't want to or can't run </span>
<span class="c1">// background processes while not running tt-rss, this method is generally </span>
<span class="c1">// viable to keep your feeds up to date.</span>
<span class="c1">// Still, there are more robust (and recommended) updating methods </span>
<span class="c1">// available, you can read about them here: http://tt-rss.org/wiki/UpdatingFeeds</span>
<span class="c1">// *****************************</span>
<span class="c1">// *** Files and directories ***</span>
<span class="c1">// *****************************</span>
<span class="nb">putenv</span><span class="p">(</span><span class="s1">'TTRSS_PHP_EXECUTABLE=/usr/bin/php'</span><span class="p">);</span>
<span class="c1">// Path to PHP *COMMAND LINE* executable, used for various command-line tt-rss </span>
<span class="c1">// programs and update daemon. Do not try to use CGI binary here, it won't work. </span>
<span class="c1">// If you see HTTP headers being displayed while running tt-rss scripts, </span>
<span class="c1">// then most probably you are using the CGI binary. If you are unsure what to </span>
<span class="c1">// put in here, ask your hosting provider.</span>
<span class="nb">putenv</span><span class="p">(</span><span class="s1">'TTRSS_LOCK_DIRECTORY=lock'</span><span class="p">);</span>
<span class="c1">// Directory for lockfiles, must be writable to the user you run</span>
<span class="c1">// daemon process or cronjobs under.</span>
<span class="nb">putenv</span><span class="p">(</span><span class="s1">'TTRSS_CACHE_DIR=cache'</span><span class="p">);</span>
<span class="c1">// Local cache directory for RSS feed content.</span>
<span class="nb">putenv</span><span class="p">(</span><span class="s1">'TTRSS_ICONS_DIR=feed-icons'</span><span class="p">);</span>
<span class="nb">putenv</span><span class="p">(</span><span class="s1">'TTRSS_ICONS_URL=feed-icons'</span><span class="p">);</span>
<span class="c1">// Local and URL path to the directory, where feed favicons are stored.</span>
<span class="c1">// Unless you really know what you're doing, please keep those relative</span>
<span class="c1">// to tt-rss main directory.</span>
<span class="c1">//putenv('TTRSS_SIMPLE_UPDATE_MODE=true');</span>
<span class="c1">// **********************</span>
<span class="c1">// *** Authentication ***</span>
<span class="c1">// **********************</span>
<span class="c1">// Please see PLUGINS below to configure various authentication modules.</span>
<span class="nb">putenv</span><span class="p">(</span><span class="s1">'TTRSS_AUTH_AUTO_CREATE=true'</span><span class="p">);</span>
<span class="c1">// Allow authentication modules to auto-create users in tt-rss internal</span>
<span class="c1">// database when authenticated successfully.</span>
<span class="nb">putenv</span><span class="p">(</span><span class="s1">'TTRSS_AUTH_AUTO_LOGIN=true'</span><span class="p">);</span>
<span class="c1">// Automatically login user on remote or other kind of externally supplied</span>
<span class="c1">// authentication, otherwise redirect to login form as normal.</span>
<span class="c1">// If set to true, users won't be able to set application language</span>
<span class="c1">// and settings profile.</span>
<span class="c1">// *********************</span>
<span class="c1">// *** Feed settings ***</span>
<span class="c1">// *********************</span>
<span class="nb">putenv</span><span class="p">(</span><span class="s1">'TTRSS_FORCE_ARTICLE_PURGE=0'</span><span class="p">);</span>
<span class="c1">// When this option is not 0, users ability to control feed purging</span>
<span class="c1">// intervals is disabled and all articles (which are not starred) </span>
<span class="c1">// older than this amount of days are purged.</span>
<span class="c1">// *** PubSubHubbub settings ***</span>
<span class="nb">putenv</span><span class="p">(</span><span class="s1">'TTRSS_PUBSUBHUBBUB_ENABLED=false'</span><span class="p">);</span>
<span class="c1">// Enable client PubSubHubbub support in tt-rss. When disabled, tt-rss</span>
<span class="c1">// won't try to subscribe to PUSH feed updates.</span>
<span class="c1">// ****************************</span>
<span class="c1">// *** Sphinx search plugin ***</span>
<span class="c1">// ****************************</span>
<span class="nb">putenv</span><span class="p">(</span><span class="s1">'TTRSS_SPHINX_SERVER=localhost:9312'</span><span class="p">);</span>
<span class="c1">// Hostname:port combination for the Sphinx server.</span>
<span class="nb">putenv</span><span class="p">(</span><span class="s1">'TTRSS_SPHINX_INDEX=ttrss, delta'</span><span class="p">);</span>
<span class="c1">// Index name in Sphinx configuration. You can specify multiple indexes</span>
<span class="c1">// as a comma-separated string.</span>
<span class="c1">// Example configuration files are available on tt-rss wiki.</span>
<span class="c1">// ***********************************</span>
<span class="c1">// *** Self-registrations by users ***</span>
<span class="c1">// ***********************************</span>
<span class="nb">putenv</span><span class="p">(</span><span class="s1">'TTRSS_ENABLE_REGISTRATION=false'</span><span class="p">);</span>
<span class="c1">// Allow users to register themselves. Please be aware that allowing</span>
<span class="c1">// random people to access your tt-rss installation is a security risk</span>
<span class="c1">// and potentially might lead to data loss or server exploit. Disabled</span>
<span class="c1">// by default.</span>
<span class="nb">putenv</span><span class="p">(</span><span class="s1">'TTRSS_REG_NOTIFY_ADDRESS=user@cinay.eu'</span><span class="p">);</span>
<span class="c1">// Email address to send new user notifications to.</span>
<span class="nb">putenv</span><span class="p">(</span><span class="s1">'TTRSS_REG_MAX_USERS=10'</span><span class="p">);</span>
<span class="c1">// Maximum amount of users which will be allowed to register on this</span>
<span class="c1">// system. 0 - no limit.</span>
<span class="c1">// **********************************</span>
<span class="c1">// *** Cookies and login sessions ***</span>
<span class="c1">// **********************************</span>
<span class="nb">putenv</span><span class="p">(</span><span class="s1">'TTRSS_SESSION_COOKIE_LIFETIME='</span><span class="mf">.</span><span class="p">(</span><span class="mi">86400</span><span class="o">*</span><span class="mi">30</span><span class="p">));</span>
<span class="c1">// Default lifetime of a session (e.g. login) cookie. In seconds, </span>
<span class="c1">// 0 means cookie will be deleted when browser closes.</span>
<span class="c1">// *********************************</span>
<span class="c1">// *** Email and digest settings ***</span>
<span class="c1">// *********************************</span>
<span class="nb">putenv</span><span class="p">(</span><span class="s1">'TTRSS_SMTP_FROM_NAME=Tiny Tiny RSS'</span><span class="p">);</span>
<span class="nb">putenv</span><span class="p">(</span><span class="s1">'TTRSS_SMTP_FROM_ADDRESS=noreply@your.domain.dom'</span><span class="p">);</span>
<span class="c1">// Name, address and subject for sending outgoing mail. This applies</span>
<span class="c1">// to password reset notifications, digest emails and any other mail.</span>
<span class="nb">putenv</span><span class="p">(</span><span class="s1">'TTRSS_DIGEST_SUBJECT=[tt-rss] New headlines for last 24 hours'</span><span class="p">);</span>
<span class="c1">// Subject line for email digests</span>
<span class="nb">putenv</span><span class="p">(</span><span class="s1">'TTRSS_SMTP_SERVER=localhost:25'</span><span class="p">);</span>
<span class="c1">// Hostname:port combination to send outgoing mail (i.e. localhost:25). </span>
<span class="c1">// Blank - use system MTA.</span>
<span class="nb">putenv</span><span class="p">(</span><span class="s1">'TTRSS_SMTP_LOGIN='</span><span class="p">);</span>
<span class="nb">putenv</span><span class="p">(</span><span class="s1">'TTRSS_SMTP_PASSWORD='</span><span class="p">);</span>
<span class="c1">// These two options enable SMTP authentication when sending</span>
<span class="c1">// outgoing mail. Only used with SMTP_SERVER.</span>
<span class="nb">putenv</span><span class="p">(</span><span class="s1">'TTRSS_SMTP_SECURE='</span><span class="p">);</span>
<span class="c1">// Used to select a secure SMTP connection. Allowed values: ssl, tls,</span>
<span class="c1">// or empty.</span>
<span class="c1">// ***************************************</span>
<span class="c1">// *** Other settings (less important) ***</span>
<span class="c1">// ***************************************</span>
<span class="nb">putenv</span><span class="p">(</span><span class="s1">'TTRSS_CHECK_FOR_UPDATES=true'</span><span class="p">);</span>
<span class="c1">// Check for updates automatically if running Git version</span>
<span class="nb">putenv</span><span class="p">(</span><span class="s1">'TTRSS_ENABLE_GZIP_OUTPUT=false'</span><span class="p">);</span>
<span class="c1">// Selectively gzip output to improve wire performance. This requires</span>
<span class="c1">// PHP Zlib extension on the server.</span>
<span class="c1">// Enabling this can break tt-rss in several httpd/php configurations,</span>
<span class="c1">// if you experience weird errors and tt-rss failing to start, blank pages</span>
<span class="c1">// after login, or content encoding errors, disable it.</span>
<span class="nb">putenv</span><span class="p">(</span><span class="s1">'TTRSS_PLUGINS=auth_internal, auth_remote, note'</span><span class="p">);</span>
<span class="c1">// Comma-separated list of plugins to load automatically for all users.</span>
<span class="c1">// System plugins have to be specified here. Please enable at least one</span>
<span class="c1">// authentication plugin here (auth_*).</span>
<span class="c1">// Users may enable other user plugins from Preferences/Plugins but may not</span>
<span class="c1">// disable plugins specified in this list.</span>
<span class="c1">// Disabling auth_internal in this list would automatically disable</span>
<span class="c1">// reset password link on the login form.</span>
<span class="nb">putenv</span><span class="p">(</span><span class="s1">'TTRSS_LOG_DESTINATION=sql'</span><span class="p">);</span>
<span class="c1">// Log destination to use. Possible values: sql (uses internal logging</span>
<span class="c1">// you can read in Preferences -&gt; System), syslog - logs to system log.</span>
<span class="c1">// Setting this to blank uses PHP logging (usually to http server </span>
<span class="c1">// error.log).</span>
<span class="nb">putenv</span><span class="p">(</span><span class="s1">'TTRSS_CONFIG_VERSION=26'</span><span class="p">);</span>
<span class="c1">// Expected config version. Please update this option in config.php</span>
<span class="c1">// if necessary (after migrating all new options from this file).</span>
<span class="c1">// vim:ft=php</span>
</code></pre></div></div>
<p>rss.xoyize.xyz</p>
<p>Créer <code class="language-plaintext highlighter-rouge">/etc/nginx/conf.d/rss.xoyize.xyz.conf</code></p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>server {
listen 80;
listen [::]:80;
server_name rss.xoyize.xyz;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name rss.xoyize.xyz;
# Certificats Let's Encrypt
# TLS 1.3 only
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
# OCSP stapling
# replace with the IP address of your resolver
include /etc/nginx/tls-hsts-ocsp.conf;
root /var/www/ttrss/ ;
index index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php/php8.0-fpm-ttrss.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $request_filename;
}
access_log /var/log/nginx/ttrss-access.log;
error_log /var/log/nginx/ttrss-error.log;
}
</code></pre></div></div>
<p>Vérifier et recharger nginx</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>nginx -t
systemctl reload nginx
</code></pre></div></div>
<p>Ouvrir le lien https://rss.xoyize.xyz</p>
<p>Mise à jour automatique des flux</p>
<p>Processus en arrière plan, créer un service qui mettra automatiquement à jour les flux.
Créer le service /etc/systemd/system/ttrss-backend.service :</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>nano /etc/systemd/system/ttrss-backend.service
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>[Unit]
Description=News feed reader and aggregator
After=network.target mysql.service
[Service]
Type=simple
User=ttrss
Group=ttrss
WorkingDirectory=/var/www/ttrss/
ExecStart=/usr/bin/php8.0 /var/www/ttrss/update_daemon2.php
Restart=always
RestartSec=10
[Install]
WantedBy=multi-user.target
</code></pre></div></div>
<p>Activer et lancer le service ttrss-backend</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code>systemctl daemon-reload
systemctl <span class="nb">enable </span>ttrss-backend
systemctl start ttrss-backend
</code></pre></div></div>
<p>Authentification par certificat client</p>
<p>Il faut ajouter lautorité de certification <code class="language-plaintext highlighter-rouge">/usr/local/share/ca-certificates/ttrss-ca.crt</code> au serveur<br />
Puis mettre à jour <code class="language-plaintext highlighter-rouge">update-ca-certificates</code></p>
<p>Modifier le fichier de configuration nginx</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>server {
listen 80;
listen [::]:80;
server_name rss.xoyize.xyz;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name rss.xoyize.xyz;
# Certificats Let's Encrypt
# TLS 1.3 only
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
# OCSP stapling
# replace with the IP address of your resolver
include /etc/nginx/tls-hsts-ocsp.conf;
root /var/www/ttrss/ ;
index index.php;
# Authentification par certificat client
ssl_client_certificate /etc/ssl/certs/ttrss-ca.pem;
# Authentification uniquement par certificat
# ssl_verify_client on;
# Authentification par certificat ou par mot de passe
ssl_verify_client optional;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php/php8.0-fpm-ttrss.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $request_filename;
# Authentification par certificat client
fastcgi_param SSL_CLIENT_M_SERIAL $ssl_client_serial;
fastcgi_param SSL_CLIENT_S_DN $ssl_client_s_dn;
fastcgi_param SSL_CLIENT_V_START $ssl_client_v_start;
fastcgi_param SSL_CLIENT_V_END $ssl_client_v_end;
}
access_log /var/log/nginx/ttrss-access.log;
error_log /var/log/nginx/ttrss-error.log;
}
</code></pre></div></div>
<p>Il faut ajouter le certificat client aux navigateurs sinon<br />
<img src="/images/ttrss-err-certif.png" alt="" /></p>
<p>Au premier passage, une authentifiaction login mot de passe est demandée<br />
Ensuite ouvrir le Préférences &gt; Configuration et descendre vers le bas <br />
Cliquer sur <strong>sinscrire</strong> dans la rubrique Certificat SSL client<br />
<img src="/images/ttrss-certif.png" alt="" /><br />
Valider par Enregistrer la configuration</p>
</div>
<div class="d-print-none"><footer class="article__footer"><meta itemprop="dateModified" content="2022-04-22T00:00:00+02:00"><!-- start custom article footer snippet -->
<!-- end custom article footer snippet -->
<!--
<div align="right"><a type="application/rss+xml" href="/feed.xml" title="S'abonner"><i class="fa fa-rss fa-2x"></i></a>
&emsp;</div>
-->
</footer>
<div class="article__section-navigator clearfix"><div class="previous"><span>PRÉCÉDENT</span><a href="/2022/04/12/QEMU_KVM+virtio-fs-Partager_un_repertoire_hote_avec_une_machine_virtuelle.md.html">QEMU/KVM + virtio-fs - Partager un répertoire hôte avec une machine virtuelle</a></div><div class="next"><span>SUIVANT</span><a href="/2022/04/29/Verbatim_Keypad_Secure_USB_Drive.html">VERBATIM Clé USB 64Go Type C sécurisée par clavier</a></div></div></div>
</div>
<script>(function() {
var SOURCES = window.TEXT_VARIABLES.sources;
window.Lazyload.js(SOURCES.jquery, function() {
$(function() {
var $this ,$scroll;
var $articleContent = $('.js-article-content');
var hasSidebar = $('.js-page-root').hasClass('layout--page--sidebar');
var scroll = hasSidebar ? '.js-page-main' : 'html, body';
$scroll = $(scroll);
$articleContent.find('.highlight').each(function() {
$this = $(this);
$this.attr('data-lang', $this.find('code').attr('data-lang'));
});
$articleContent.find('h1[id], h2[id], h3[id], h4[id], h5[id], h6[id]').each(function() {
$this = $(this);
$this.append($('<a class="anchor d-print-none" aria-hidden="true"></a>').html('<i class="fas fa-anchor"></i>'));
});
$articleContent.on('click', '.anchor', function() {
$scroll.scrollToAnchor('#' + $(this).parent().attr('id'), 400);
});
});
});
})();
</script>
</div><section class="page__comments d-print-none"></section></article><!-- start custom main bottom snippet -->
<!-- end custom main bottom snippet -->
</div>
</div></div></div></div>
</div><script>(function() {
var SOURCES = window.TEXT_VARIABLES.sources;
window.Lazyload.js(SOURCES.jquery, function() {
var $body = $('body'), $window = $(window);
var $pageRoot = $('.js-page-root'), $pageMain = $('.js-page-main');
var activeCount = 0;
function modal(options) {
var $root = this, visible, onChange, hideWhenWindowScroll = false;
var scrollTop;
function setOptions(options) {
var _options = options || {};
visible = _options.initialVisible === undefined ? false : show;
onChange = _options.onChange;
hideWhenWindowScroll = _options.hideWhenWindowScroll;
}
function init() {
setState(visible);
}
function setState(isShow) {
if (isShow === visible) {
return;
}
visible = isShow;
if (visible) {
activeCount++;
scrollTop = $(window).scrollTop() || $pageMain.scrollTop();
$root.addClass('modal--show');
$pageMain.scrollTop(scrollTop);
activeCount === 1 && ($pageRoot.addClass('show-modal'), $body.addClass('of-hidden'));
hideWhenWindowScroll && window.hasEvent('touchstart') && $window.on('scroll', hide);
$window.on('keyup', handleKeyup);
} else {
activeCount > 0 && activeCount--;
$root.removeClass('modal--show');
$window.scrollTop(scrollTop);
activeCount === 0 && ($pageRoot.removeClass('show-modal'), $body.removeClass('of-hidden'));
hideWhenWindowScroll && window.hasEvent('touchstart') && $window.off('scroll', hide);
$window.off('keyup', handleKeyup);
}
onChange && onChange(visible);
}
function show() {
setState(true);
}
function hide() {
setState(false);
}
function handleKeyup(e) {
// Char Code: 27 ESC
if (e.which === 27) {
hide();
}
}
setOptions(options);
init();
return {
show: show,
hide: hide,
$el: $root
};
}
$.fn.modal = modal;
});
})();
</script><div class="modal modal--overflow page__search-modal d-print-none js-page-search-modal"><script>
(function () {
var SOURCES = window.TEXT_VARIABLES.sources;
window.Lazyload.js(SOURCES.jquery, function() {
// search panel
var search = (window.search || (window.search = {}));
var useDefaultSearchBox = window.useDefaultSearchBox === undefined ?
true : window.useDefaultSearchBox ;
var $searchModal = $('.js-page-search-modal');
var $searchToggle = $('.js-search-toggle');
var searchModal = $searchModal.modal({ onChange: handleModalChange, hideWhenWindowScroll: true });
var modalVisible = false;
search.searchModal = searchModal;
var $searchBox = null;
var $searchInput = null;
var $searchClear = null;
function getModalVisible() {
return modalVisible;
}
search.getModalVisible = getModalVisible;
function handleModalChange(visible) {
modalVisible = visible;
if (visible) {
search.onShow && search.onShow();
useDefaultSearchBox && $searchInput[0] && $searchInput[0].focus();
} else {
search.onShow && search.onHide();
useDefaultSearchBox && $searchInput[0] && $searchInput[0].blur();
setTimeout(function() {
useDefaultSearchBox && ($searchInput.val(''), $searchBox.removeClass('not-empty'));
search.clear && search.clear();
window.pageAsideAffix && window.pageAsideAffix.refresh();
}, 400);
}
}
$searchToggle.on('click', function() {
modalVisible ? searchModal.hide() : searchModal.show();
});
// Char Code: 83 S, 191 /
$(window).on('keyup', function(e) {
if (!modalVisible && !window.isFormElement(e.target || e.srcElement) && (e.which === 83 || e.which === 191)) {
modalVisible || searchModal.show();
}
});
if (useDefaultSearchBox) {
$searchBox = $('.js-search-box');
$searchInput = $searchBox.children('input');
$searchClear = $searchBox.children('.js-icon-clear');
search.getSearchInput = function() {
return $searchInput.get(0);
};
search.getVal = function() {
return $searchInput.val();
};
search.setVal = function(val) {
$searchInput.val(val);
};
$searchInput.on('focus', function() {
$(this).addClass('focus');
});
$searchInput.on('blur', function() {
$(this).removeClass('focus');
});
$searchInput.on('input', window.throttle(function() {
var val = $(this).val();
if (val === '' || typeof val !== 'string') {
search.clear && search.clear();
} else {
$searchBox.addClass('not-empty');
search.onInputNotEmpty && search.onInputNotEmpty(val);
}
}, 400));
$searchClear.on('click', function() {
$searchInput.val(''); $searchBox.removeClass('not-empty');
search.clear && search.clear();
});
}
});
})();
</script><div class="search search--dark">
<div class="main">
<div class="search__header">Recherche</div>
<div class="search-bar">
<div class="search-box js-search-box">
<div class="search-box__icon-search"><i class="fas fa-search"></i></div>
<input id="search-input" type="text" />
<div class="search-box__icon-clear js-icon-clear">
<a><i class="fas fa-times"></i></a>
</div>
</div>
<button class="button button--theme-dark button--pill search__cancel js-search-toggle">
Annuler</button>
</div>
<div id="results-container" class="search-result js-search-result"></div>
</div>
</div>
<!-- Script pointing to search-script.js -->
<script>/*!
* Simple-Jekyll-Search
* Copyright 2015-2020, Christian Fei
* Licensed under the MIT License.
*/
(function(){
'use strict'
var _$Templater_7 = {
compile: compile,
setOptions: setOptions
}
const options = {}
options.pattern = /\{(.*?)\}/g
options.template = ''
options.middleware = function () {}
function setOptions (_options) {
options.pattern = _options.pattern || options.pattern
options.template = _options.template || options.template
if (typeof _options.middleware === 'function') {
options.middleware = _options.middleware
}
}
function compile (data) {
return options.template.replace(options.pattern, function (match, prop) {
const value = options.middleware(prop, data[prop], options.template)
if (typeof value !== 'undefined') {
return value
}
return data[prop] || match
})
}
'use strict';
function fuzzysearch (needle, haystack) {
var tlen = haystack.length;
var qlen = needle.length;
if (qlen > tlen) {
return false;
}
if (qlen === tlen) {
return needle === haystack;
}
outer: for (var i = 0, j = 0; i < qlen; i++) {
var nch = needle.charCodeAt(i);
while (j < tlen) {
if (haystack.charCodeAt(j++) === nch) {
continue outer;
}
}
return false;
}
return true;
}
var _$fuzzysearch_1 = fuzzysearch;
'use strict'
/* removed: const _$fuzzysearch_1 = require('fuzzysearch') */;
var _$FuzzySearchStrategy_5 = new FuzzySearchStrategy()
function FuzzySearchStrategy () {
this.matches = function (string, crit) {
return _$fuzzysearch_1(crit.toLowerCase(), string.toLowerCase())
}
}
'use strict'
var _$LiteralSearchStrategy_6 = new LiteralSearchStrategy()
function LiteralSearchStrategy () {
this.matches = function (str, crit) {
if (!str) return false
str = str.trim().toLowerCase()
crit = crit.trim().toLowerCase()
return crit.split(' ').filter(function (word) {
return str.indexOf(word) >= 0
}).length === crit.split(' ').length
}
}
'use strict'
var _$Repository_4 = {
put: put,
clear: clear,
search: search,
setOptions: __setOptions_4
}
/* removed: const _$FuzzySearchStrategy_5 = require('./SearchStrategies/FuzzySearchStrategy') */;
/* removed: const _$LiteralSearchStrategy_6 = require('./SearchStrategies/LiteralSearchStrategy') */;
function NoSort () {
return 0
}
const data = []
let opt = {}
opt.fuzzy = false
opt.limit = 10
opt.searchStrategy = opt.fuzzy ? _$FuzzySearchStrategy_5 : _$LiteralSearchStrategy_6
opt.sort = NoSort
opt.exclude = []
function put (data) {
if (isObject(data)) {
return addObject(data)
}
if (isArray(data)) {
return addArray(data)
}
return undefined
}
function clear () {
data.length = 0
return data
}
function isObject (obj) {
return Boolean(obj) && Object.prototype.toString.call(obj) === '[object Object]'
}
function isArray (obj) {
return Boolean(obj) && Object.prototype.toString.call(obj) === '[object Array]'
}
function addObject (_data) {
data.push(_data)
return data
}
function addArray (_data) {
const added = []
clear()
for (let i = 0, len = _data.length; i < len; i++) {
if (isObject(_data[i])) {
added.push(addObject(_data[i]))
}
}
return added
}
function search (crit) {
if (!crit) {
return []
}
return findMatches(data, crit, opt.searchStrategy, opt).sort(opt.sort)
}
function __setOptions_4 (_opt) {
opt = _opt || {}
opt.fuzzy = _opt.fuzzy || false
opt.limit = _opt.limit || 10
opt.searchStrategy = _opt.fuzzy ? _$FuzzySearchStrategy_5 : _$LiteralSearchStrategy_6
opt.sort = _opt.sort || NoSort
opt.exclude = _opt.exclude || []
}
function findMatches (data, crit, strategy, opt) {
const matches = []
for (let i = 0; i < data.length && matches.length < opt.limit; i++) {
const match = findMatchesInObject(data[i], crit, strategy, opt)
if (match) {
matches.push(match)
}
}
return matches
}
function findMatchesInObject (obj, crit, strategy, opt) {
for (const key in obj) {
if (!isExcluded(obj[key], opt.exclude) && strategy.matches(obj[key], crit)) {
return obj
}
}
}
function isExcluded (term, excludedTerms) {
for (let i = 0, len = excludedTerms.length; i < len; i++) {
const excludedTerm = excludedTerms[i]
if (new RegExp(excludedTerm).test(term)) {
return true
}
}
return false
}
/* globals ActiveXObject:false */
'use strict'
var _$JSONLoader_2 = {
load: load
}
function load (location, callback) {
const xhr = getXHR()
xhr.open('GET', location, true)
xhr.onreadystatechange = createStateChangeListener(xhr, callback)
xhr.send()
}
function createStateChangeListener (xhr, callback) {
return function () {
if (xhr.readyState === 4 && xhr.status === 200) {
try {
callback(null, JSON.parse(xhr.responseText))
} catch (err) {
callback(err, null)
}
}
}
}
function getXHR () {
return window.XMLHttpRequest ? new window.XMLHttpRequest() : new ActiveXObject('Microsoft.XMLHTTP')
}
'use strict'
var _$OptionsValidator_3 = function OptionsValidator (params) {
if (!validateParams(params)) {
throw new Error('-- OptionsValidator: required options missing')
}
if (!(this instanceof OptionsValidator)) {
return new OptionsValidator(params)
}
const requiredOptions = params.required
this.getRequiredOptions = function () {
return requiredOptions
}
this.validate = function (parameters) {
const errors = []
requiredOptions.forEach(function (requiredOptionName) {
if (typeof parameters[requiredOptionName] === 'undefined') {
errors.push(requiredOptionName)
}
})
return errors
}
function validateParams (params) {
if (!params) {
return false
}
return typeof params.required !== 'undefined' && params.required instanceof Array
}
}
'use strict'
var _$utils_9 = {
merge: merge,
isJSON: isJSON
}
function merge (defaultParams, mergeParams) {
const mergedOptions = {}
for (const option in defaultParams) {
mergedOptions[option] = defaultParams[option]
if (typeof mergeParams[option] !== 'undefined') {
mergedOptions[option] = mergeParams[option]
}
}
return mergedOptions
}
function isJSON (json) {
try {
if (json instanceof Object && JSON.parse(JSON.stringify(json))) {
return true
}
return false
} catch (err) {
return false
}
}
var _$src_8 = {};
(function (window) {
'use strict'
let options = {
searchInput: null,
resultsContainer: null,
json: [],
success: Function.prototype,
searchResultTemplate: '<li><a href="{url}" title="{desc}">{title}</a></li>',
templateMiddleware: Function.prototype,
sortMiddleware: function () {
return 0
},
noResultsText: 'No results found',
limit: 10,
fuzzy: false,
debounceTime: null,
exclude: []
}
let debounceTimerHandle
const debounce = function (func, delayMillis) {
if (delayMillis) {
clearTimeout(debounceTimerHandle)
debounceTimerHandle = setTimeout(func, delayMillis)
} else {
func.call()
}
}
const requiredOptions = ['searchInput', 'resultsContainer', 'json']
/* removed: const _$Templater_7 = require('./Templater') */;
/* removed: const _$Repository_4 = require('./Repository') */;
/* removed: const _$JSONLoader_2 = require('./JSONLoader') */;
const optionsValidator = _$OptionsValidator_3({
required: requiredOptions
})
/* removed: const _$utils_9 = require('./utils') */;
window.SimpleJekyllSearch = function (_options) {
const errors = optionsValidator.validate(_options)
if (errors.length > 0) {
throwError('You must specify the following required options: ' + requiredOptions)
}
options = _$utils_9.merge(options, _options)
_$Templater_7.setOptions({
template: options.searchResultTemplate,
middleware: options.templateMiddleware
})
_$Repository_4.setOptions({
fuzzy: options.fuzzy,
limit: options.limit,
sort: options.sortMiddleware,
exclude: options.exclude
})
if (_$utils_9.isJSON(options.json)) {
initWithJSON(options.json)
} else {
initWithURL(options.json)
}
const rv = {
search: search
}
typeof options.success === 'function' && options.success.call(rv)
return rv
}
function initWithJSON (json) {
_$Repository_4.put(json)
registerInput()
}
function initWithURL (url) {
_$JSONLoader_2.load(url, function (err, json) {
if (err) {
throwError('failed to get JSON (' + url + ')')
}
initWithJSON(json)
})
}
function emptyResultsContainer () {
options.resultsContainer.innerHTML = ''
}
function appendToResultsContainer (text) {
options.resultsContainer.innerHTML += text
}
function registerInput () {
options.searchInput.addEventListener('input', function (e) {
if (isWhitelistedKey(e.which)) {
emptyResultsContainer()
debounce(function () { search(e.target.value) }, options.debounceTime)
}
})
}
function search (query) {
if (isValidQuery(query)) {
emptyResultsContainer()
render(_$Repository_4.search(query), query)
}
}
function render (results, query) {
const len = results.length
if (len === 0) {
return appendToResultsContainer(options.noResultsText)
}
for (let i = 0; i < len; i++) {
results[i].query = query
appendToResultsContainer(_$Templater_7.compile(results[i]))
}
}
function isValidQuery (query) {
return query && query.length > 0
}
function isWhitelistedKey (key) {
return [13, 16, 20, 37, 38, 39, 40, 91].indexOf(key) === -1
}
function throwError (message) {
throw new Error('SimpleJekyllSearch --- ' + message)
}
})(window)
}());
</script>
<!-- Configuration -->
<script>
SimpleJekyllSearch({
searchInput: document.getElementById('search-input'),
resultsContainer: document.getElementById('results-container'),
noResultsText: '<p>Aucun résultat!</p>',
json: '/search.json',
searchResultTemplate: '<li><a href="{url}">{date}&nbsp;{title}</a>&nbsp;(Création {create})</li>'
})
</script>
</div></div>
<script>(function() {
var SOURCES = window.TEXT_VARIABLES.sources;
window.Lazyload.js(SOURCES.jquery, function() {
function scrollToAnchor(anchor, duration, callback) {
var $root = this;
$root.animate({ scrollTop: $(anchor).position().top }, duration, function() {
window.history.replaceState(null, '', window.location.href.split('#')[0] + anchor);
callback && callback();
});
}
$.fn.scrollToAnchor = scrollToAnchor;
});
})();
(function() {
var SOURCES = window.TEXT_VARIABLES.sources;
window.Lazyload.js(SOURCES.jquery, function() {
function affix(options) {
var $root = this, $window = $(window), $scrollTarget, $scroll,
offsetBottom = 0, scrollTarget = window, scroll = window.document, disabled = false, isOverallScroller = true,
rootTop, rootLeft, rootHeight, scrollBottom, rootBottomTop,
hasInit = false, curState;
function setOptions(options) {
var _options = options || {};
_options.offsetBottom && (offsetBottom = _options.offsetBottom);
_options.scrollTarget && (scrollTarget = _options.scrollTarget);
_options.scroll && (scroll = _options.scroll);
_options.disabled !== undefined && (disabled = _options.disabled);
$scrollTarget = $(scrollTarget);
isOverallScroller = window.isOverallScroller($scrollTarget[0]);
$scroll = $(scroll);
}
function preCalc() {
top();
rootHeight = $root.outerHeight();
rootTop = $root.offset().top + (isOverallScroller ? 0 : $scrollTarget.scrollTop());
rootLeft = $root.offset().left;
}
function calc(needPreCalc) {
needPreCalc && preCalc();
scrollBottom = $scroll.outerHeight() - offsetBottom - rootHeight;
rootBottomTop = scrollBottom - rootTop;
}
function top() {
if (curState !== 'top') {
$root.removeClass('fixed').css({
left: 0,
top: 0
});
curState = 'top';
}
}
function fixed() {
if (curState !== 'fixed') {
$root.addClass('fixed').css({
left: rootLeft + 'px',
top: 0
});
curState = 'fixed';
}
}
function bottom() {
if (curState !== 'bottom') {
$root.removeClass('fixed').css({
left: 0,
top: rootBottomTop + 'px'
});
curState = 'bottom';
}
}
function setState() {
var scrollTop = $scrollTarget.scrollTop();
if (scrollTop >= rootTop && scrollTop <= scrollBottom) {
fixed();
} else if (scrollTop < rootTop) {
top();
} else {
bottom();
}
}
function init() {
if(!hasInit) {
var interval, timeout;
calc(true); setState();
// run calc every 100 millisecond
interval = setInterval(function() {
calc();
}, 100);
timeout = setTimeout(function() {
clearInterval(interval);
}, 45000);
window.pageLoad.then(function() {
setTimeout(function() {
clearInterval(interval);
clearTimeout(timeout);
}, 3000);
});
$scrollTarget.on('scroll', function() {
disabled || setState();
});
$window.on('resize', function() {
disabled || (calc(true), setState());
});
hasInit = true;
}
}
setOptions(options);
if (!disabled) {
init();
}
$window.on('resize', window.throttle(function() {
init();
}, 200));
return {
setOptions: setOptions,
refresh: function() {
calc(true, { animation: false }); setState();
}
};
}
$.fn.affix = affix;
});
})();
(function() {
var SOURCES = window.TEXT_VARIABLES.sources;
window.Lazyload.js(SOURCES.jquery, function() {
function toc(options) {
var $root = this, $window = $(window), $scrollTarget, $scroller, $tocUl = $('<ul class="toc toc--ellipsis"></ul>'), $tocLi, $headings, $activeLast, $activeCur,
selectors = 'h1,h2,h3', container = 'body', scrollTarget = window, scroller = 'html, body', disabled = false,
headingsPos, scrolling = false, hasRendered = false, hasInit = false;
function setOptions(options) {
var _options = options || {};
_options.selectors && (selectors = _options.selectors);
_options.container && (container = _options.container);
_options.scrollTarget && (scrollTarget = _options.scrollTarget);
_options.scroller && (scroller = _options.scroller);
_options.disabled !== undefined && (disabled = _options.disabled);
$headings = $(container).find(selectors).filter('[id]');
$scrollTarget = $(scrollTarget);
$scroller = $(scroller);
}
function calc() {
headingsPos = [];
$headings.each(function() {
headingsPos.push(Math.floor($(this).position().top));
});
}
function setState(element, disabled) {
var scrollTop = $scrollTarget.scrollTop(), i;
if (disabled || !headingsPos || headingsPos.length < 1) { return; }
if (element) {
$activeCur = element;
} else {
for (i = 0; i < headingsPos.length; i++) {
if (scrollTop >= headingsPos[i]) {
$activeCur = $tocLi.eq(i);
} else {
$activeCur || ($activeCur = $tocLi.eq(i));
break;
}
}
}
$activeLast && $activeLast.removeClass('active');
($activeLast = $activeCur).addClass('active');
}
function render() {
if(!hasRendered) {
$root.append($tocUl);
$headings.each(function() {
var $this = $(this);
$tocUl.append($('<li></li>').addClass('toc-' + $this.prop('tagName').toLowerCase())
.append($('<a></a>').text($this.text()).attr('href', '#' + $this.prop('id'))));
});
$tocLi = $tocUl.children('li');
$tocUl.on('click', 'a', function(e) {
e.preventDefault();
var $this = $(this);
scrolling = true;
setState($this.parent());
$scroller.scrollToAnchor($this.attr('href'), 400, function() {
scrolling = false;
});
});
}
hasRendered = true;
}
function init() {
var interval, timeout;
if(!hasInit) {
render(); calc(); setState(null, scrolling);
// run calc every 100 millisecond
interval = setInterval(function() {
calc();
}, 100);
timeout = setTimeout(function() {
clearInterval(interval);
}, 45000);
window.pageLoad.then(function() {
setTimeout(function() {
clearInterval(interval);
clearTimeout(timeout);
}, 3000);
});
$scrollTarget.on('scroll', function() {
disabled || setState(null, scrolling);
});
$window.on('resize', window.throttle(function() {
if (!disabled) {
render(); calc(); setState(null, scrolling);
}
}, 100));
}
hasInit = true;
}
setOptions(options);
if (!disabled) {
init();
}
$window.on('resize', window.throttle(function() {
init();
}, 200));
return {
setOptions: setOptions
};
}
$.fn.toc = toc;
});
})();
/*(function () {
})();*/
</script><script>
/* toc must before affix, since affix need to konw toc' height. */(function() {
var SOURCES = window.TEXT_VARIABLES.sources;
var TOC_SELECTOR = window.TEXT_VARIABLES.site.toc.selectors;
window.Lazyload.js(SOURCES.jquery, function() {
var $window = $(window);
var $articleContent = $('.js-article-content');
var $tocRoot = $('.js-toc-root'), $col2 = $('.js-col-aside');
var toc;
var tocDisabled = false;
var hasSidebar = $('.js-page-root').hasClass('layout--page--sidebar');
var hasToc = $articleContent.find(TOC_SELECTOR).length > 0;
function disabled() {
return $col2.css('display') === 'none' || !hasToc;
}
tocDisabled = disabled();
toc = $tocRoot.toc({
selectors: TOC_SELECTOR,
container: $articleContent,
scrollTarget: hasSidebar ? '.js-page-main' : null,
scroller: hasSidebar ? '.js-page-main' : null,
disabled: tocDisabled
});
$window.on('resize', window.throttle(function() {
tocDisabled = disabled();
toc && toc.setOptions({
disabled: tocDisabled
});
}, 100));
});
})();
(function() {
var SOURCES = window.TEXT_VARIABLES.sources;
window.Lazyload.js(SOURCES.jquery, function() {
var $window = $(window), $pageFooter = $('.js-page-footer');
var $pageAside = $('.js-page-aside');
var affix;
var tocDisabled = false;
var hasSidebar = $('.js-page-root').hasClass('layout--page--sidebar');
affix = $pageAside.affix({
offsetBottom: $pageFooter.outerHeight(),
scrollTarget: hasSidebar ? '.js-page-main' : null,
scroller: hasSidebar ? '.js-page-main' : null,
scroll: hasSidebar ? $('.js-page-main').children() : null,
disabled: tocDisabled
});
$window.on('resize', window.throttle(function() {
affix && affix.setOptions({
disabled: tocDisabled
});
}, 100));
window.pageAsideAffix = affix;
});
})();
</script><!---->
</div>
<script>(function () {
var $root = document.getElementsByClassName('root')[0];
if (window.hasEvent('touchstart')) {
$root.dataset.isTouch = true;
document.addEventListener('touchstart', function(){}, false);
}
})();
</script>
</body>
</html>
Reference in New Issue Copy Permalink