server conf article

.astro/content-modules.mjs

@@ -1,14 +1,14 @@
 
 export default new Map([
-["src/content/fragments/en/image-full.mdx", () => import("astro:content-layer-deferred-module?astro%3Acontent-layer-deferred-module=&fileName=src%2Fcontent%2Ffragments%2Fen%2Fimage-full.mdx&astroContentModuleFlag=true")],
+["src/content/articles/fr/sci-hub-blocage.mdx", () => import("astro:content-layer-deferred-module?astro%3Acontent-layer-deferred-module=&fileName=src%2Fcontent%2Farticles%2Ffr%2Fsci-hub-blocage.mdx&astroContentModuleFlag=true")],
-["src/content/fragments/en/super-cookies.mdx", () => import("astro:content-layer-deferred-module?astro%3Acontent-layer-deferred-module=&fileName=src%2Fcontent%2Ffragments%2Fen%2Fsuper-cookies.mdx&astroContentModuleFlag=true")],
+["src/content/articles/fr/the-day-I-jamd.mdx", () => import("astro:content-layer-deferred-module?astro%3Acontent-layer-deferred-module=&fileName=src%2Fcontent%2Farticles%2Ffr%2Fthe-day-I-jamd.mdx&astroContentModuleFlag=true")],
+["src/content/fragments/fr/buttons.mdx", () => import("astro:content-layer-deferred-module?astro%3Acontent-layer-deferred-module=&fileName=src%2Fcontent%2Ffragments%2Ffr%2Fbuttons.mdx&astroContentModuleFlag=true")],
+["src/content/fragments/fr/image-full.mdx", () => import("astro:content-layer-deferred-module?astro%3Acontent-layer-deferred-module=&fileName=src%2Fcontent%2Ffragments%2Ffr%2Fimage-full.mdx&astroContentModuleFlag=true")],
+["src/content/fragments/fr/super-cookies.mdx", () => import("astro:content-layer-deferred-module?astro%3Acontent-layer-deferred-module=&fileName=src%2Fcontent%2Ffragments%2Ffr%2Fsuper-cookies.mdx&astroContentModuleFlag=true")],
 ["src/content/articles/en/after-effects-expressions.mdx", () => import("astro:content-layer-deferred-module?astro%3Acontent-layer-deferred-module=&fileName=src%2Fcontent%2Farticles%2Fen%2Fafter-effects-expressions.mdx&astroContentModuleFlag=true")],
 ["src/content/articles/en/sci-hub-blocage.mdx", () => import("astro:content-layer-deferred-module?astro%3Acontent-layer-deferred-module=&fileName=src%2Fcontent%2Farticles%2Fen%2Fsci-hub-blocage.mdx&astroContentModuleFlag=true")],
 ["src/content/articles/en/the-day-I-jamd.mdx", () => import("astro:content-layer-deferred-module?astro%3Acontent-layer-deferred-module=&fileName=src%2Fcontent%2Farticles%2Fen%2Fthe-day-I-jamd.mdx&astroContentModuleFlag=true")],
 ["src/content/articles/en/video-compression.mdx", () => import("astro:content-layer-deferred-module?astro%3Acontent-layer-deferred-module=&fileName=src%2Fcontent%2Farticles%2Fen%2Fvideo-compression.mdx&astroContentModuleFlag=true")],
-["src/content/fragments/fr/buttons.mdx", () => import("astro:content-layer-deferred-module?astro%3Acontent-layer-deferred-module=&fileName=src%2Fcontent%2Ffragments%2Ffr%2Fbuttons.mdx&astroContentModuleFlag=true")],
+["src/content/fragments/en/image-full.mdx", () => import("astro:content-layer-deferred-module?astro%3Acontent-layer-deferred-module=&fileName=src%2Fcontent%2Ffragments%2Fen%2Fimage-full.mdx&astroContentModuleFlag=true")],
-["src/content/fragments/fr/image-full.mdx", () => import("astro:content-layer-deferred-module?astro%3Acontent-layer-deferred-module=&fileName=src%2Fcontent%2Ffragments%2Ffr%2Fimage-full.mdx&astroContentModuleFlag=true")],
+["src/content/fragments/en/super-cookies.mdx", () => import("astro:content-layer-deferred-module?astro%3Acontent-layer-deferred-module=&fileName=src%2Fcontent%2Ffragments%2Fen%2Fsuper-cookies.mdx&astroContentModuleFlag=true")]]);
-["src/content/fragments/fr/super-cookies.mdx", () => import("astro:content-layer-deferred-module?astro%3Acontent-layer-deferred-module=&fileName=src%2Fcontent%2Ffragments%2Ffr%2Fsuper-cookies.mdx&astroContentModuleFlag=true")],
-["src/content/articles/fr/sci-hub-blocage.mdx", () => import("astro:content-layer-deferred-module?astro%3Acontent-layer-deferred-module=&fileName=src%2Fcontent%2Farticles%2Ffr%2Fsci-hub-blocage.mdx&astroContentModuleFlag=true")],
-["src/content/articles/fr/the-day-I-jamd.mdx", () => import("astro:content-layer-deferred-module?astro%3Acontent-layer-deferred-module=&fileName=src%2Fcontent%2Farticles%2Ffr%2Fthe-day-I-jamd.mdx&astroContentModuleFlag=true")]]);
 		

src/content/articles/fr/configuration-serveur.md

@@ -0,0 +1,198 @@
+---
+title: 'Paramétrer un serveur pour héberger des trucs'
+subtitle: 'Guide personnel.'
+lang: fr
+slug: 'configuration-serveur'
+excerpt: Envie de mettre un site en ligne ? D'héberger vos propres outils plutôt que de payer des abonnements ? Bah lezgongue
+tags: ['Dev', 'Backend']
+type: articles
+createdAt: '2025-01-28T22:20:00.000Z'
+---
+
+## Mon mémo perso.
+
+Cet article est l'extension d'un fichier «&nbsp;pense-bête&nbsp;» que j'utilise depuis toujours quand je créé un nouveau serveur, généralement un <abbr lang="en" title="Virtual Private Server">VPS</abbr>, généralment sous debian (ou fedora).
+
+> Notez bien que je ne suis ni administrateur système ni expert en sécurité.
+
+## Conf serveur
+
+### Actions immédiates
+
+Se connecter en root via ssh puis…
+
+#### Paramétrer les locales
+
+Parfois il manque la configuration des [locales](https://www.tecmint.com/set-system-locales-in-linux/) et ça cause des erreurs.
+
+```bash
+# affiche la conf actuelle
+locale
+
+# debian
+nano /etc/default/locale
+# fedora
+nano /etc/locale.conf
+
+# compléter ces lignes si besoin
+LANG=en_US.UTF-8
+LANGUAGE=en_US.UTF-8
+LC_ALL=en_US.UTF-8
+```
+
+#### Mettre à jour le système
+
+```bash
+# debian
+apt update
+apt dist-upgrade
+# fedora
+dnf check-update
+dnf upgrade
+```
+
+#### Nouvel utilisateur
+
+- Ajouter et renseigner un nouvel utilisateur.
+- Ajouter l'utilisateur aux "sudoers".
+- Ajouter sa clé ssh à l'utilisateur.
+
+```bash
+adduser USERNAME
+
+# debian
+usermod -aG sudo USERNAME
+# fedora
+usermod -aG wheel USERNAME
+
+# si pas encore de clé ssh EN LOCAL
+ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519 -C "mail@domain.tld"
+# copier la clé publique
+cat ~/.ssh/id_ed25519.pub
+
+# sur le serveur
+su USERNAME
+mkdir ~/.ssh
+# coller la clé publique
+nano authorized_keys
+```
+
+#### bash alias
+
+Ajoute un alias `ll` pour un `ls` plus explicite.
+
+```bash title="~/.bashrc"
+alias ll='ls -lah'
+```
+
+### SSH
+
+configure [sshd_config](https://infosec.mozilla.org/guidelines/openssh)
+
+```ssh-config title="/etc/ssh/sshd_config"
+# Changer le port est recommandé mais pas obligatoire
+Port 10485
+
+# Désactive la connexion par mot de passe
+AuthenticationMethods publickey
+
+# Désactive la connexion via root
+PermitRootLogin No
+
+# modifier/adapter ces options si besoin
+LoginGraceTime 120
+StrictModes yes
+PubkeyAuthentication yes
+AuthorizedKeysFile /home/%u/.ssh/authorized_keys
+PermitEmptyPasswords no
+ChallengeResponseAuthentication no
+X11Forwarding no
+UseDNS no
+MaxStartups 10:30:60
+PermitTunnel no
+```
+
+Tester maintenant dans un autre terminal si la connexion ssh avec le nouvel utilisateur fonctionne.
+
+Si oui&nbsp;: **redémarrer&nbsp;!**
+
+### Pare-feu
+
+- Installer
+- Paramétrer
+- Activer
+
+#### Debian
+
+[ufw](https://www.codeflow.site/fr/article/how-to-set-up-a-firewall-with-ufw-on-debian-10)
+
+```bash
+ufw default deny incoming
+ufw default allow outgoing
+ufw allow ssh # ou ufw allow PORT
+ufw allow http # ufw allow 80
+ufw allow https # ufw allow 443
+ufw enable
+```
+
+#### Fedora
+
+[Firewalld](https://docs.fedoraproject.org/en-US/quick-docs/firewalld/#_viewing_the_current_status_of_firewalld)
+
+```bash
+dnf install firewalld
+systemctl unmask firewalld
+systemctl start firewalld
+systemctl enable firewalld
+firewall-cmd --zone=public --add-service=ssh
+firewall-cmd --zone=public --add-service=http
+firewall-cmd --zone=public --add-service=https
+firewall-cmd --runtime-to-permanent
+firewall-cmd --reload
+```
+
+### Crowdsec
+
+[Crowdsec](https://doc.crowdsec.net/docs/getting_started/install_crowdsec/) est un système de sécurité qui détecte et bloque les connexions malveillantes.
+
+- Installer crowdsec.
+- Installer un "<span lang="en">bouncer</span>"
+- Activer des scenarios
+
+```bash
+curl -s https://install.crowdsec.net | sudo sh
+
+# debian
+apt install crowdsec
+apt install crowdsec-firewall-bouncer-iptables
+# fedora
+dnf install crowdsec
+dnf install crowdsec-firewall-bouncer-nftables
+```
+
+## Conf web
+
+**Partie encore en cours de rédaction.**
+
+### Serveur web
+
+#### Coolify
+
+[Documentation.](https://coolify.io/docs/installation)
+
+```bash
+curl -fsSL https://cdn.coollabs.io/coolify/install.sh | sudo bash
+```
+
+#### OpenLiteSpeed
+
+[Documentation.](https://docs.openlitespeed.org/#CentOS_6_7_8_Debian_7_8_9_10_Ubuntu_1404_1604_1804_2004)
+
+Récupérer le mot de passe admin `cat /usr/local/lsws/adminpasswd`
+
+### Outils
+
+- git
+- [nvm](https://github.com/nvm-sh/nvm#install--update-script)
+- [yarn](https://classic.yarnpkg.com/en/docs/getting-started)/[pnpm](https://pnpm.io/installation)/[bun](https://bun.sh/)
+- [acme.sh](https://github.com/acmesh-official/acme.sh) ([tuto complet](https://www.nardu.in/fragments/acme-sh-tls-cert/))