Intl domain configuration #41

esavkin · 2024-08-14T11:21:57+08:00

esavkin commented

2024-08-14 11:21:57 +08:00

~~Currently WIP, needs testing.~~
Already working.

~~Currently WIP, needs testing.~~ Already working.

esavkin added 4 commits 2024-08-14 11:21:57 +08:00

196d449a89 Add configuration for the m-labs-intl

Signed-off-by: Egor Savkin <es@m-labs.hk>

e5b216f749 Remove imap and pop3 ports proxy

Signed-off-by: Egor Savkin <es@m-labs.hk>

c679f0f38c Postfix instead of nginx streams

Signed-off-by: Egor Savkin <es@m-labs.hk>

2ec85bfa16 Move away from automated script

Signed-off-by: Egor Savkin <es@m-labs.hk>

esavkin force-pushed 134-intl-configuration from 2ec85bfa16 to 4bbf162a87

2024-08-15 13:09:21 +08:00

Compare

esavkin added 1 commit 2024-08-16 17:50:16 +08:00

df24c92e54 Remove request rate restriction and remove proxy protocol

Signed-off-by: Egor Savkin <es@m-labs.hk>

esavkin force-pushed 134-intl-configuration from df24c92e54 to eb7a22729a

2024-08-19 17:23:45 +08:00

Compare

esavkin force-pushed 134-intl-configuration from eb7a22729a to 7ecabeaadc

2024-08-22 11:50:53 +08:00

Compare

esavkin force-pushed 134-intl-configuration from 7ecabeaadc to dda6a06454

2024-10-18 17:37:08 +08:00

Compare

esavkin force-pushed 134-intl-configuration from dda6a06454 to 683a565a1d

2024-10-18 17:40:15 +08:00

Compare

esavkin changed title from ~~WIP: Intl domain configuration~~ to Intl domain configuration

2024-10-18 17:41:57 +08:00

sb10q reviewed 2024-10-18 17:47:49 +08:00

m-labs-intl/m-labs.hk.conf Outdated

						
				@ -0,0 +6,4 @@

				    encap = no

				    mobike = no

				    send_certreq = no

				    proposals = aes128gcm128-sha256-prfsha256-curve25519,aes128gcm128-sha256-prfsha256-ecp256

sb10q commented

2024-10-18 17:47:48 +08:00

That many?

esavkin commented

2024-10-18 17:50:59 +08:00

Legacy from https://git.m-labs.hk/M-Labs/it-infra/src/branch/master/remote-ipsec.txt .
I'm not fan of tweaking swanctl files

Legacy from https://git.m-labs.hk/M-Labs/it-infra/src/branch/master/remote-ipsec.txt . I'm not fan of tweaking swanctl files

sb10q reviewed 2024-10-18 17:51:56 +08:00

m-labs-intl/setup.md Outdated

						
				@ -0,0 +91,4 @@

				ufw allow 587/tcp

				ufw limit 500,4500/udp

				ufw route allow in on gre1 out on eth0

sb10q commented

2024-10-18 17:51:56 +08:00

This is already done in gretun.sh

Do we really need ufw at all anyway? Only ports open on VPS should be 22/80/443 anyway. What problem is ufw supposed to solve?

This is already done in gretun.sh Do we really need ufw at all anyway? Only ports open on VPS should be 22/80/443 anyway. What problem is ufw supposed to solve?

esavkin commented

2024-10-18 17:54:39 +08:00

UFW is persistent and just has simpler UX (it uses iptables anyway) -> less chances to misconfigure something and easier to read

sb10q commented

2024-10-18 18:21:33 +08:00

If it's persistent then it should not be in the gretun scripts?

The other question is not answered.

If it's persistent then it should not be in the gretun scripts? The other question is not answered.

esavkin marked this conversation as resolved

esavkin force-pushed 134-intl-configuration from 683a565a1d to c7c6e56a1e

2024-10-21 10:26:41 +08:00

Compare

sb10q merged commit d27ee750a2 into master

2024-10-21 15:48:17 +08:00

esavkin deleted branch 134-intl-configuration

2024-10-22 11:24:06 +08:00

Sign in to join this conversation.

No reviewers

No Label

No Milestone

No Assignees

2 Participants

Notifications

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: M-Labs/it-infra#41