Archives pour avril, 2011

Nginx : redirection HTTPS avec header STS

Ce n’est pas nouveau, donc direction wikipédia si besoin est.

server {
 listen 80;
 server_name     mon.webmail.fr

 # Strict Transport Security
 add_header Strict-Transport-Security max-age=2592000;

 return 301 https://mon.webmail.fr$request_uri;
}

Iptables : flusher les règles IPv4/IPv6

La manière simple (et dangereuse) de flusher un firewall iptables :

#!/bin/sh
# ipv4
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
# ipv6
ip6tables -F
ip6tables -X
ip6tables -t mangle -F
ip6tables -t mangle -X
ip6tables -P INPUT ACCEPT
ip6tables -P FORWARD ACCEPT
ip6tables -P OUTPUT ACCEPT

Debian : script de démarrage spawn-fcgi / PHP

# more /etc/init.d/php-fcgi
#! /bin/sh -e
### BEGIN INIT INFO
# Provides:          glassfish
# Required-Start:    $local_fs $remote_fs $network $syslog
# Required-Stop:     $local_fs $remote_fs $network $syslog
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: starts PHP FastCGI
# Description:       starts PHP FastCGI
### END INIT INFO

PATH=/sbin:/usr/sbin:/bin:/usr/bin

NAME=php-fcgi
DESC=php-fcgi
PIDFILE=/var/run/$NAME.pid
USER=root
GROUP=root
SCRIPTNAME=/etc/init.d/$NAME

SPAWN_FCGI=/usr/bin/spawn-fcgi
PHP_FCGI=/usr/bin/php5-cgi
PHP_FCGI_CHILDREN=15
PHP_FCGI_MAX_REQUESTS=1000
PHP_FCGI_SOCKET=/var/run/php-fcgi.sock
PHP_FCGI_SOCKET_USER=www-data
PHP_FCGI_SOCKET_GROUP=www-data
PHP_FCGI_SOCKET_PERMS=600

test -x $SPAWN_FCGI || exit 0
test -x $PHP_FCGI || exit 0

. /lib/lsb/init-functions

SPAWN_FCGI_PARAMETERS="-s $PHP_FCGI_SOCKET -u $PHP_FCGI_SOCKET_USER -g $PHP_FCGI_SOCKET_GROUP -f $PHP_FCGI -C $PHP_FCGI_CHILDREN"

d_start() {
 FCGI_MAX_REQUESTS=$PHP_FCGI_MAX_REQUESTS start-stop-daemon --start \
 --pidfile $PIDFILE --make-pidfile --chuid $USER:$GROUP --chdir /tmp \
 --exec $SPAWN_FCGI -- $SPAWN_FCGI_PARAMETERS
}

d_stop() {
 rm -f $PIDFILE
 rm -f $PHP_FCGI_SOCKET
 killall -q -w -u $PHP_FCGI_SOCKET_USER $PHP_FCGI
 RETVAL=$?
}

d_status() {
 if [ -f "$PIDFILE" ] && ps `cat $PIDFILE` >/dev/null 2>&1; then
 return 0
 else
 return 1
 fi
}

case "$1" in
 start)
 echo "Starting $DESC ..."
 d_start
 ;;

 stop)
 echo "Stopping $DESC ..."
 d_stop
 ;;

 status)
 if d_status; then
 echo "$NAME is running."
 else
 echo "$NAME is not running."
 fi
 ;;

 restart|force-reload)
 echo "Restarting $NAME."
 d_stop
 sleep 1
 d_start
 ;;

 *)
 echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
 exit 1
 ;;
esac

exit 0
Haut de page