[SUCS Devel] [Git][sucssite/gameauth][master] 3 commits: Added service file

Imran Hussain imranh at sucs.org
Sun Aug 21 11:35:49 BST 2016 

Imran Hussain pushed to branch master at sucssite / gameauth


Commits:
f8515810 by Laurence Bowes at 2016-04-26T23:02:47+00:00
Added service file

- - - - -
e867e810 by Laurence Bowes at 2016-04-26T23:03:26+00:00
Committed apache conf

- - - - -
c0a3e81b by Imran Hussain at 2016-08-21T11:28:11+01:00
Push up the actual firewall rules running on games...

- - - - -


3 changed files:

- + firewall.service
- firewall.sh
- + gameauth-apache.conf


Changes:

=====================================
firewall.service
=====================================
--- /dev/null
+++ b/firewall.service
@@ -0,0 +1,10 @@
+[Unit]
+Description=Gameauth Firewall
+
+[Service]
+Type=oneshot
+ExecStart=/var/www/gameauth/firewall.sh start
+ExecStop=/var/www/gameauth/firewall.sh stop
+
+[Install]
+WantedBy=multi-user.target


=====================================
firewall.sh
=====================================
--- a/firewall.sh
+++ b/firewall.sh
@@ -1,29 +1,60 @@
 #!/bin/bash
+### BEGIN INIT INFO
+# Provides:          games-firewall
+# Required-Start:    $network $syslog $remote_fs
+# Required-Stop:     $network $syslog $remote_fs
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: Set firewall rules and clear games user table
+# Description:       Sets default INPUT policy to DROP and adds default
+#                    rules for access from SUCS and for exposed services.
+#                    Sets default INPUT policy to accept when stopped.
+#                    The game server user table is purged when the firewall
+#                    is started or stopped in order to ensure it reflects the
+#                    current firewall state.
+### END INIT INFO
 
 start(){
 	/sbin/iptables -F INPUT
 	/sbin/iptables -P INPUT DROP
 	/sbin/iptables -A INPUT -i lo -j ACCEPT
-	/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+	/sbin/iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
 	/sbin/iptables -A INPUT -s 137.44.10.0/24 -j ACCEPT
 	/sbin/iptables -A INPUT -p TCP --dport 80 -j ACCEPT
 	/sbin/iptables -A INPUT -p TCP --dport 443 -j ACCEPT
-	/usr/local/src/gameauth/empty_users_table.py
+	/var/www/gameauth/gameauth-task.php
 }
 stop(){
 	/sbin/iptables -F INPUT
 	/sbin/iptables -P INPUT ACCEPT
-	/usr/local/src/gameauth/empty_users_table.py
+	/var/www/gameauth/gameauth-task.php
 }
 
 case "$1" in
-    start)
-          start
-	  ;;
-    stop)
-          stop
-	  ;;
-    *)
-    	  echo "Usage: $0 {start|stop}"
-	  exit 1
-esac
+	start)
+		echo -n "Starting firewall..."
+		start
+		echo "done."
+		;;
+	stop)
+		echo -n "Stopping firewall..."
+		stop
+		echo "done."
+		;;
+	restart)
+		echo -n "Restarting firewall..."
+		stop
+		start
+		echo "done."
+		;;
+	force-reload)
+		echo -n "Restarting firewall..."
+		stop
+		start
+		echo "done."
+		;;
+	*)
+		echo "Usage: $0 {start|stop|restart|force-reload}"
+		echo "restart and force-reload are equivalent"
+		exit 1
+esac
\ No newline at end of file


=====================================
gameauth-apache.conf
=====================================
--- /dev/null
+++ b/gameauth-apache.conf
@@ -0,0 +1,44 @@
+<VirtualHost *:80>
+	ServerAdmin games at sucs.org
+	DocumentRoot /var/www/gameauth
+	ServerName games.sucs.org
+	ServerAlias www.games.sucs.org
+	CustomLog /var/log/apache2/gameauth_access.log combined
+	ErrorLog /var/log/apache2/gameauth_error.log
+	AddHandler application/x-httpd-php .php
+
+	RewriteEngine on
+        ReWriteCond %{SERVER_PORT} !^443$
+        RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
+
+	Alias /dynmap /var/www/minecraft-dynmap
+	Alias /tekkit-dynmap /var/www/tekkit-dynmap/
+
+</VirtualHost>
+<VirtualHost *:443>
+        ServerAdmin games at sucs.org
+        DocumentRoot /var/www/gameauth
+        ServerName games.sucs.org
+        ServerAlias www.games.sucs.org
+        CustomLog /var/log/apache2/gameauth_access.log combined
+        ErrorLog /var/log/apache2/gameauth_error.log
+        AddHandler application/x-httpd-php .php
+
+        SSLEngine on
+
+        SSLCipherSuite AES128+EECDH:AES128+EDH
+        SSLProtocol All -SSLv2 -SSLv3
+        SSLHonorCipherOrder On
+        Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
+        Header always set X-Frame-Options DENY
+        Header always set X-Content-Type-Options nosniff
+        SSLCompression off
+
+	SSLCertificateFile /etc/letsencrypt/live/games.sucs.org/fullchain.pem
+	SSLCertificateKeyFile /etc/letsencrypt/live/games.sucs.org/privkey.pem
+	SSLCertificateChainFile /etc/letsencrypt/live/games.sucs.org/chain.pem
+
+	Alias /dynmap /var/www/minecraft-dynmap
+	Alias /tekkit-dynmap /var/www/tekkit-dynmap/
+
+</VirtualHost>



View it on GitLab: https://projects.sucs.org/sucssite/gameauth/compare/ce68df8738b4bcbbdd6402e41d20c418c4860ad0...c0a3e81b40bc2414dd3a4c5e04dbb3c62d7dc48b
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sucs.org/pipermail/devel/attachments/20160821/77a55f71/attachment-0001.html>

More information about the Devel mailing list