H-O-O-T-S/Open-RSC-Docker-Home
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Changed Tomcat to operate on port 8080 and PHPMyAdmin to port 9000

Browse Source 
Cloudflare by default only permits specific ports to pass through in the security mode we use. Since PHPMyAdmin should be hard to access, by binding it to port 9000, Cloudflare does not allow traffic unless you bypass it.
This commit is contained in:
Marwolf
2018-08-04 10:09:59 -04:00
parent e5c7f34d26
commit 4d84f9d211
8 changed files with 28 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
README.md
View File

@@ -95,8 +95,9 @@ ___
2. Open your favorite browser:
* [http://localhost](http://localhost/) (username: Marwolf, password: malware)
* [http://localhost:8080](http://localhost:8080/) PHPMyAdmin (username: root, password: root)
* [http://localhost](http://localhost) (username: Marwolf, password: malware)
* [http://localhost:9000](http://localhost:9000) PHPMyAdmin (username: root, password: root)
* [http://localhost:8080](http://localhost:8080) Apache Tomcat webserver, used to serve files over HTTP
3. Start the game's Docker containers, then run the game server and client:
@@ -154,6 +155,15 @@ ___
You will need to edit:
#### Docker-Compose.xml Ghost URL
* The main website is running through Ghost Blog. Scroll to the bottom of Docker-Compose.xml (located in the root of the Docker-Home repository folder) and edit this line with your hostname / IP: "url: 'http://localhost' #change this!"
* You will need to reload all docker containers. Shortcut command: "sudo make stop && sudo make start"
* Nginx has a hostname reference for localhost at the top of the file. It can be safely left alone.
#### PHPMyAdmin MariaDB SQL users
* Create a new user in PHPMyAdmin, grant permissions, remove existing users.

9
Setup_Linux_Mac.sh
View File

@@ -99,7 +99,7 @@ if [ "$install" == "1" ]; then
echo ""
echo "Configuring UFW to allow good ports and block MySQL from outside"
echo ""
sudo ufw allow 22/tcp && ufw allow 80/tcp && ufw allow 8082/tcp && ufw allow 443/tcp && ufw allow 80/tcp && ufw allow 53595/tcp && ufw deny 3306/tcp
sudo ufw allow 22/tcp && ufw allow 80/tcp && ufw allow 8080/tcp && ufw allow 443/tcp && ufw allow 9000/tcp && ufw allow 53595/tcp && ufw deny 3306/tcp
sudo sed -i 's/DEFAULT_FORWARD_POLICY="DENY"/DEFAULT_FORWARD_POLICY="ACCEPT"/g' /etc/default/ufw
sudo ufw reload
echo ""
@@ -138,7 +138,8 @@ if [ "$install" == "1" ]; then
echo "Permitting good ports through the firewall."
echo ""
firewall-cmd --permanent --add-port=53595/tcp
firewall-cmd --permanent --add-port=8082/tcp
firewall-cmd --permanent --add-port=8080/tcp
firewall-cmd --permanent --add-port=9000/tcp
firewall-cmd --permanent --add-port=80/tcp
firewall-cmd --permanent --add-port=443/tcp
firewall-cmd --permanent --add-port=22/tcp
@@ -222,8 +223,8 @@ if [ "$install" == "1" ]; then
echo ""
echo "Permitting ports through the firewall."
firewall-cmd --permanent --add-port=53595/tcp
firewall-cmd --permanent --add-port=8082/tcp
firewall-cmd --permanent --add-port=80/tcp
firewall-cmd --permanent --add-port=8080/tcp
firewall-cmd --permanent --add-port=9000/tcp
firewall-cmd --permanent --add-port=443/tcp
firewall-cmd --permanent --add-port=22/tcp
firewall-cmd --reload

9
docker-compose.yml
View File

@@ -6,7 +6,7 @@ services:
container_name: nginx
volumes:
- "./etc/nginx/default.conf:/etc/nginx/conf.d/default.conf"
- "./Website:/var/www/html/public"
#- "./Website:/var/www/html/public"
- "./etc/nginx/default.template.conf:/etc/nginx/conf.d/default.template"
- "./etc/logs/nginx:/var/log/nginx"
- "./etc/logs/letsencrypt:/var/log/letsencrypt"
@@ -35,7 +35,7 @@ services:
image: phpmyadmin/phpmyadmin
container_name: phpmyadmin
ports:
- "8080:80"
- "9000:80"
environment:
- PMA_ARBITRARY=1
- PMA_HOST=mysql
@@ -75,10 +75,10 @@ services:
# labels: "MySQL"
tomcat:
image: tomcat:9.0.10-jre10-slim
image: tomcat:latest
container_name: tomcat
ports:
- "0.0.0.0:8082:8082"
- "8080:8080"
restart: always
volumes:
- "./Website:/usr/local/tomcat/webapps/ROOT"
@@ -105,6 +105,7 @@ services:
environment:
NODE_ENV: production
privacy__useUpdateCheck: 0
url: 'http://localhost' #change this!
# logging:
# driver: splunk
# options:

4
etc/nginx/HTTPS_default.template.conf
View File

@@ -47,7 +47,7 @@ server {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://tomcat:8082;
proxy_pass http://tomcat:8080;
}
####### Protections and efficiencies #######
@@ -110,7 +110,7 @@ server {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://tomcat:8082;
proxy_pass http://tomcat:8080;
}
####### Protections and efficiencies #######

2
etc/nginx/default.conf
View File

@@ -42,7 +42,7 @@ server {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://tomcat:8082;
proxy_pass http://tomcat:8080;
}
####### Protections and efficiencies #######

2
etc/nginx/default.template.conf
View File

@@ -42,7 +42,7 @@ server {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://tomcat:8082;
proxy_pass http://tomcat:8080;
}
####### Protections and efficiencies #######

2
etc/tomcat/server.xml
View File

@@ -66,7 +66,7 @@
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
-->
<Connector port="8082" protocol="HTTP/1.1"
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<!-- A "Connector" using the shared thread pool-->

2
website_backup.json
View File

File diff suppressed because one or more lines are too long