n.kisl
/
learn
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

first

This commit is contained in:
Nikita 2024-01-31 13:48:04 +05:00
parent 9aac1370b6
commit e3605a83c6
12 changed files with 474 additions and 96 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

101
LICENSE
View File

@ -1,100 +1,9 @@
GNU GENERAL PUBLIC LICENSE
Version 1, February 1989
MIT License
Copyright (C) 1989 Free Software Foundation, Inc. 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
Copyright (c) <year> <copyright holders>
Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
Preamble
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
The license agreements of most software companies try to keep users at the mercy of those companies. By contrast, our General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. The General Public License applies to the Free Software Foundation's software and to any other program whose authors commit to using it. You can use it for your programs, too.
When we speak of free software, we are referring to freedom, not price. Specifically, the General Public License is designed to make sure that you have the freedom to give away or sell copies of free software, that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it.
For example, if you distribute copies of a such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must tell them their rights.
We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations.
The precise terms and conditions for copying, distribution and modification follow.
GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License Agreement applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any work containing the Program or a portion of it, either verbatim or with modifications. Each licensee is addressed as "you".
1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this General Public License and to the absence of any warranty; and give any other recipients of the Program a copy of this General Public License along with the Program. You may charge a fee for the physical act of transferring a copy.
2. You may modify your copy or copies of the Program or any portion of it, and copy and distribute such modifications under the terms of Paragraph 1 above, provided that you also do the following:
a) cause the modified files to carry prominent notices stating that you changed the files and the date of any change; and
b) cause the whole of any work that you distribute or publish, that in whole or in part contains the Program or any part thereof, either with or without modifications, to be licensed at no charge to all third parties under the terms of this General Public License (except that you may choose to grant warranty protection to some or all third parties, at your option).
c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the simplest and most usual way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this General Public License.
d) You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee.
Mere aggregation of another independent work with the Program (or its derivative) on a volume of a storage or distribution medium does not bring the other work under the scope of these terms.
3. You may copy and distribute the Program (or a portion or derivative of it, under Paragraph 2) in object code or executable form under the terms of Paragraphs 1 and 2 above provided that you also do one of the following:
a) accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Paragraphs 1 and 2 above; or,
b) accompany it with a written offer, valid for at least three years, to give any third party free (except for a nominal charge for the cost of distribution) a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Paragraphs 1 and 2 above; or,
c) accompany it with the information you received as to where the corresponding source code may be obtained. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form alone.)
Source code for a work means the preferred form of the work for making modifications to it. For an executable file, complete source code means all the source code for all modules it contains; but, as a special exception, it need not include source code for modules which are standard libraries that accompany the operating system on which the executable file runs, or for standard header files or definitions files that accompany that operating system.
4. You may not copy, modify, sublicense, distribute or transfer the Program except as expressly provided under this General Public License. Any attempt otherwise to copy, modify, sublicense, distribute or transfer the Program is void, and will automatically terminate your rights to use the Program under this License. However, parties who have received copies, or rights to use copies, from you under this General Public License will not have their licenses terminated so long as such parties remain in full compliance.
5. By copying, distributing or modifying the Program (or any work based on the Program) you indicate your acceptance of this license to do so, and all its terms and conditions.
6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein.
7. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns.
Each version is given a distinguishing version number. If the Program specifies a version number of the license which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of the license, you may choose any version ever published by the Free Software Foundation.
8. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally.
NO WARRANTY
9. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
10. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
Appendix: How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest possible use to humanity, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found.
learn Copyright (C) 19yy n.kisl
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 1, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
Also add information on how to contact you by electronic and paper mail.
If the program is interactive, make it output a short notice like this when it starts in an interactive mode:
Gnomovision version 69, Copyright (C) 19xx name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program.
You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here a sample; alter the names:
Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (a program to direct compilers to make passes at assemblers) written by James Hacker.
<signature of Ty Coon>, 1 April 1989 Ty Coon, President of Vice
That's all there is to it!
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

1
README.md
View File

@ -1,2 +1,3 @@
# learn
Тут будет всякое для инструкций.

4
esxi/config Normal file
View File

@ -0,0 +1,4 @@
#/etc/vmware/config
vmx.fullpath = "/bin/vmx"
isolation.tools.copy.disable="FALSE"
isolation.tools.paste.disable="FALSE"

18
esxi/local.sh Normal file
View File

@ -0,0 +1,18 @@
#!/bin/sh ++group=host/vim/vmvisor/boot
# local configuration options
# Note: modify at your own risk! If you do/use anything in this
# script that is not part of a stable API (relying on files to be in
# specific places, specific tools, specific output, etc) there is a
# possibility you will end up with a broken system after patching or
# upgrading. Changes are not supported unless under direction of
# VMware support.
# Note: This script will not be run when UEFI secure boot is enabled.
# set date for crack vipnet license
esxcli system time set --day=20 --month=3 --year=2022 --hour=10 --min=0 --sec=0
exit 0
# /etc/rc.local.d/local.sh

328
nginx.conf Normal file
View File

@ -0,0 +1,328 @@
# юзер
user www-data;
# воркеры
worker_processes auto;
worker_cpu_affinity auto;
worker_rlimit_nofile 30000;
pcre_jit on;
# логи
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
# евенты
events {
worker_connections 8192;
}
# настройка для всех страниц
http {
# типы файлов
include /etc/nginx/mime.types;
default_type application/octet-stream;
# лимиты всякие
sendfile on;
tcp_nopush on;
tcp_nodelay on;
reset_timedout_connection on;
keepalive_timeout 300;
keepalive_requests 10000;
send_timeout 1200;
client_body_timeout 30;
client_header_timeout 30;
types_hash_max_size 2048;
server_names_hash_max_size 4096;
client_max_body_size 10m;
proxy_connect_timeout 5;
proxy_send_timeout 10;
proxy_read_timeout 10;
proxy_temp_file_write_size 64k;
proxy_buffer_size 4k;
proxy_buffers 32 16k;
proxy_busy_buffers_size 32k;
charset_types text/xml text/plain text/css text/vnd.wap.wml application/javascript application/rss+xml;
# настройки сжатия
gzip on;
gzip_static on;
gzip_types text/plain text/css text/xml application/javascript application/json application/msword application/rtf application/pdf application/vnd.ms-excel image/x-icon image/svg+xml application/font-ttf application/font-woff;
gzip_comp_level 7;
gzip_proxied any;
gzip_min_length 1000;
gzip_disable "msie6";
gzip_vary on;
etag off;
open_file_cache max=10000 inactive=60s;
open_file_cache_valid 30s;
open_file_cache_errors on;
open_file_cache_min_uses 2;
# настройки для proxy_pass
proxy_set_header Host $host;
proxy_set_header Connection $http_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Scheme $scheme;
proxy_redirect off;
proxy_http_version 1.1;
proxy_cache_valid 1h;
proxy_cache_key $scheme$proxy_host$request_uri$cookie_US;
# защита от XSS
add_header 'Referrer-Policy' 'strict-origin-when-cross-origin';
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Content-Security-Policy "script-src 'self'; frame-src 'self'; object-src 'self'";
#хз
limit_conn_zone $binary_remote_addr$host zone=lone:10m;
limit_req_zone $binary_remote_addr$host zone=ltwo:10m rate=3r/s;
limit_req_zone $binary_remote_addr$host zone=highspeed:10m rate=20r/s;
log_format postdata '$remote_addr - $time_local - $request_body';
# Nginx Amplify format
log_format main_ext '$remote_addr - $host [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'rt=$request_time ua="$upstream_addr" '
'us="$upstream_status" ut="$upstream_response_time" '
'ul="$upstream_response_length" '
'cs=$upstream_cache_status' ;
log_format crypto '$remote_addr - $host - [$time_local] - $ssl_protocol - $ssl_cipher'
' "$http_user_agent" $ssl_early_data';
# логи
access_log /var/log/nginx/access.log main_ext;
access_log /var/log/nginx/ssl.log crypto;
# протоколы tls (1.1 вырублен - не безопасный)
ssl_protocols TLSv1.2 TLSv1.3;
# включены только безопасные алгоритмы шифрования (не нужно, если TlSv1.2 тоже вырубить)
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets on;
ssl_session_timeout 28h;
ssl_early_data on;
# ssl сертификаты
ssl_certificate /etc/letsencrypt/live/es.ukrtb.ru/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/es.ukrtb.ru/privkey.pem;
server_tokens off;
# hsts
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload;" always;
ssl_buffer_size 16k;
http2_chunk_size 8k;
http2_idle_timeout 5m;
resolver 77.88.8.8 valid=300s ipv6=off;
resolver_timeout 5s;
map $http_accept $webp_suffix {
"~*webp" ".webp";
}
map $msie $cache_control {
default "max-age=31536000, public, no-transform, immutable";
"1" "max-age=31536000, private, no-transform, immutable";
}
map $msie $vary_header {
default "Accept";
"1" "";
}
map $http_user_agent $limit_bots {
default 0;
~*(google|bing|yandex|msnbot) 1;
~*(AltaVista|Googlebot|Slurp|BlackWidow|Bot|ChinaClaw|Custo|DISCo|Download|Demon|eCatch|EirGrabber|EmailSiphon|EmailWolf|SuperHTTP|Surfbot|WebWhacker) 1;
~*(Express|WebPictures|ExtractorPro|EyeNetIE|FlashGet|GetRight|GetWeb!|Go!Zilla|Go-Ahead-Got-It|GrabNet|Grafula|HMView|Go!Zilla|Go-Ahead-Got-It) 1;
~*(rafula|HMView|HTTrack|Stripper|Sucker|Indy|InterGET|Ninja|JetCar|Spider|larbin|LeechFTP|Downloader|tool|Navroad|NearSite|NetAnts|tAkeOut|WWWOFFLE) 1;
~*(GrabNet|NetSpider|Vampire|NetZIP|Octopus|Offline|PageGrabber|Foto|pavuk|pcBrowser|RealDownload|ReGet|SiteSnagger|SmartDownload|SuperBot|WebSpider) 1;
~*(Teleport|VoidEYE|Collector|WebAuto|WebCopier|WebFetch|WebGo|WebLeacher|WebReaper|WebSauger|eXtractor|Quester|WebStripper|WebZIP|Wget|Widow|Zeus) 1;
~*(Twengabot|htmlparser|libwww|Python|perl|urllib|scan|Curl|email|PycURL|Pyth|PyQ|WebCollector|WebCopy|webcraw) 1;
}
# ssi
ssi on;
# подгружает конфиги сайтов из этой папки
# include /etc/nginx/sites-enabled/*;
# бэкенд некстклауда
upstream php-handler {
server unix:/var/run/php/php8.1-fpm.sock;
}
# Set the `immutable` cache control options only for assets with a cache busting `v` argument
map $arg_v $asset_immutable {
"" "";
default "immutable";
}
# настройка самих страниц
server {
# порты, которые слушаются (IPv4 и IPv6 соответственно)
listen 80;
listen [::]:80;
server_name es.ukrtb.ru www.es.ukrtb.ru;
# Prevent nginx HTTP Server Detection
server_tokens off;
# принудительный HTTPS
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name es.ukrtb.ru www.es.ukrtb.ru;
# корневая папка домена
root /var/www;
# кастомные странцицы ошибок
error_page 403 401 /custom_403.html;
error_page 404 /custom_404.html;
error_page 500 502 503 504 /custom_50x.html;
# для поисковых ботов
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# ald
location = /ald.sh {
return 301 https://es.ukrtb.ru/git/ukrtb/astra-ald/raw/branch/master/astra.sh;
}
# cs 1.6
location /cs {
autoindex on;
autoindex_localtime on;
autoindex_exact_size off;
location ~ /(.*)/.*\.cfg { # запрещаем скачивать cfg файлы
deny all;
}
location ~ /(.*)/addons/ { # запрещаем доступ к addons
deny all;
}
location ~ /(.*)/logs/ { # запрещаем доступ к addons
deny all;
}
}
# gitea
location /git/ {
add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'; object-src 'self'";
proxy_pass http://localhost:3000/;
}
# ssl
location ~ /.well-known {
root /usr/share/nginx/html;
allow all;
}
# nextcloud
location ^~ /nextcloud {
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'; object-src 'self'";
# Specify how to handle directories -- specifying `/nextcloud/index.php$request_uri`
# here as the fallback means that Nginx always exhibits the desired behaviour
# when a client requests a path that corresponds to a directory that exists
# on the server. In particular, if that directory contains an index.php file,
# that file is correctly served; if it doesn't, then the request is passed to
# the front-end controller. This consistent behaviour means that we don't need
# to specify custom rules for certain paths (e.g. images and other assets,
# `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
# `try_files $uri $uri/ /nextcloud/index.php$request_uri`
# always provides the desired behaviour.
index index.php index.html /nextcloud/index.php$request_uri;
# Rule borrowed from `.htaccess` to handle Microsoft DAV clients
location = /nextcloud {
if ( $http_user_agent ~ ^DavClnt ) {
return 302 /nextcloud/remote.php/webdav/$is_args$args;
}
}
# Rules borrowed from `.htaccess` to hide certain paths from clients
location ~ ^/nextcloud/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
location ~ ^/nextcloud/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
# Ensure this block, which passes PHP files to the PHP process, is above the blocks
# which handle static assets (as seen below). If this block is not declared first,
# then Nginx will encounter an infinite rewriting loop when it prepends
# `/nextcloud/index.php` to the URI, resulting in a HTTP 500 error response.
location ~ \.php(?:$|/) {
# Required for legacy support
rewrite ^/nextcloud/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /nextcloud/index.php$request_uri;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
fastcgi_param front_controller_active true; # Enable pretty urls
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
fastcgi_max_temp_file_size 0;
}
location ~ \.(?:css|js|svg|gif|png|jpg|ico|wasm|tflite|map)$ {
try_files $uri /nextcloud/index.php$request_uri;
add_header Cache-Control "public, max-age=15778463, $asset_immutable";
access_log off; # Optional: Don't log access to assets
location ~ \.wasm$ {
default_type application/wasm;
}
}
location ~ \.woff2?$ {
try_files $uri /nextcloud/index.php$request_uri;
expires 7d; # Cache-Control policy borrowed from `.htaccess`
access_log off; # Optional: Don't log access to assets
}
# Rule borrowed from `.htaccess`
location /nextcloud/remote {
return 301 /nextcloud/remote.php$request_uri;
}
location /nextcloud {
try_files $uri $uri/ /nextcloud/index.php$request_uri;
}
}
}
}

61
pkinit_extensions Normal file
View File

@ -0,0 +1,61 @@
[ kdc_cert ]
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
keyUsage = nonRepudiation, digitalSignature, keyEncipherment, keyAgreement
#Pkinit EKU
extendedKeyUsage = 1.3.6.1.5.2.3.5
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
# Copy subject details
issuerAltName=issuer:copy
# Add id-pkinit-san (pkinit subjectAlternativeName)
subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:kdc_princ_name
[kdc_princ_name]
realm = EXP:0, GeneralString:РЕАЛМ
principal_name = EXP:1, SEQUENCE:kdc_principal_seq
[kdc_principal_seq]
name_type = EXP:0, INTEGER:1
name_string = EXP:1, SEQUENCE:kdc_principals
[kdc_principals]
princ1 = GeneralString:krbtgt
princ2 = GeneralString:РЕАЛМ
[ client_cert ]
# These extensions are added when 'ca' signs a request.
basicConstraints=CA:FALSE
keyUsage = digitalSignature, keyEncipherment, keyAgreement
extendedKeyUsage = 1.3.6.1.5.2.3.4
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:princ_name
# Copy subject details
issuerAltName=issuer:copy
[princ_name]
realm = EXP:0, GeneralString:РЕАЛМ
principal_name = EXP:1, SEQUENCE:principal_seq
[principal_seq]
name_type = EXP:0, INTEGER:1
name_string = EXP:1, SEQUENCE:principals
[principals]
princ1 = GeneralString:КЛИЕНТ

5
wsr/ca-informing Normal file
View File

@ -0,0 +1,5 @@
### CA-Informing
1. Папка с Кросс-сертификатами
C:\ProgramData\Infotecs\ViPNet Administrator\KC\Key management\Certificates Issuers
2. Строка подключения к базе данных
Data Source=172.20.30.3\winnccsql;Initial Catalog=ViPNetAdministrator;User Id=KcaUser;Password=Number1;

11
wsr/cluster Normal file
View File

@ -0,0 +1,11 @@
### HW-VA cluster
1. Отключаем демона системы защиты от сбоев
failover stop
2. Редактируем конфиг
failover config edit
3. Врубаем режим кластера
failover config mode cluster
4. Запускаем файловер
failover start
5. Тест
failover show active-mac-address

17
wsr/iwtm-migration Normal file
View File

@ -0,0 +1,17 @@
### IWTM миграция
1. На старом сервере и новом серверах. останавливаете все процессы iwtm и базу
iwtm stop
systemctl stop postgresql-9.6
systemctl stop pgagent-9.6
2. Копируете файлы БД со старого сервера на новый, указываете ip-адрес нового сервера:
rsync -avz /u01/* root@192.168.56.102:/u01/
rsync -avz /u02/* root@192.168.56.102:/u02/
3. После завершения копирования запускаете на новом сервере все службы.
iwtm start
systemctl start postgresql-9.6
systemctl start pgagent-9.6
4. Необходимо проверить что вэб-интерфейс работает и все данные со старого сервера доступны на новом.
5. Если все ок, то отключаем службы БД на старом сервере
systemctl disable postgresql-9.6
systemctl disable pgagent-9.6
6. Старом сервере прописываем новый адрес сервера БД и другие параметры в конфиге /opt/iw/tm5/etc/postgresql.conf

10
wsr/postgres-migration Normal file
View File

@ -0,0 +1,10 @@
# Миграция шиндавс -> ляликс
1. Бекапим на винде
pg_dumpall.exe -U postgres -f backup.sql
2. Создаём бд (с тем же именем)
2.1 Запусти SQL SHELL
pgsql -U postgres
createdb iwdm
\q
3. Импортруем
psql -U postgres < backup.sql

9
wsr/publication-service Normal file
View File

@ -0,0 +1,9 @@
### Publication Service
1. Создать FTP со следующими папками
pubsrv-data
Issuers
UserCerts
CDP
otherCDP
2. Делаем общий доступ на AdminCA, добавляем сетевой диск на OperCA
C:\ProgramData\Infotecs\ViPNet Administrator\KC\Publication

5
wsr/ssh Normal file
View File

@ -0,0 +1,5 @@
### ssh
1. На клиенте сгенерируй ключи
ssh-keygen
2. Передай ключи на удалённый сервер
ssh-copy-id -i ~/.ssh/id_rsa.pub user@ip