作者: rogerlin0105

Install Redmine

rogerlin0105

Package versions:

Ruby 2.3.3
Rails 4.2.*
MySql 5.5
Apache2

Steps:

  1. Install prerequisite from apt
    sudo apt-get install git-core curl zlib1g-dev build-essential libssl-dev libreadline-dev libyaml-dev libsqlite3-dev sqlite3 libxml2-dev libxslt1-dev libcurl4-openssl-dev python-software-properties libffi-dev nodejs libmagickwand-dev libmysqlclient-dev libapr1-dev libaprutil1-dev bison libgdbm-dev
  2. Install apache2, mysql
    sudo apt-get install apache2 mysql-server-5.5 apache2-dev
  3. Prepare database
    CREATE DATABASE redmine CHARACTER SET utf8;
    CREATE USER 'redmine'@'localhost' IDENTIFIED BY 'my_password';
    GRANT ALL PRIVILEGES ON redmine.* TO 'redmine'@'localhost';
    FLUSH PRIVILEGES;
  4. Install ruby 2.3.3 from source
    wget https://cache.ruby-lang.org/pub/ruby/2.3/ruby-2.3.3.tar.gz
    tar -zxvf ruby-2.3.3.tar.gz
    cd ruby-2.3.3
    ./configure
    make
    sudo make install
    ruby -v
  5. Install rails 4.2.*
    curl -sL https://deb.nodesource.com/setup_4.x | sudo -E bash -
    sudo apt-get install -y nodejs
    sudo gem install rails -v 4.2.7.1
  6. Install bundler
    gem install bundler
  7. Install red mine 3.3.2
    wget 'http://www.redmine.org/releases/redmine-3.3.2.tar.gz'
    tar -zxvf redmine-3.3.2.tar.gz
    sudo mv redmine-3.3.2 /usr/share/
    sudo ln -s /usr/share/redmine-3.3.2 /usr/share/redmine
    cd /usr/share/redmine
    sudo cp config/database.yml.example config/database.yml
    sudo nano config/database.yml
    change database settings
    bundle install --without development test postgresql sqlite
    bundle exec rake generate_secret_token
    RAILS_ENV=production bundle exec rake db:migrate
    RAILS_ENV=production bundle exec rake redmine:load_default_data
    sudo chown -R rogerlin:www-data files log tmp public/plugin_assets
    sudo chmod -R 755 files log tmp public/plugin_assets
  8. Test your installation with Webrick
    bundle exec rails server webrick -e production
  9. Install passenger
    sudo gem install passenger
    sudo passenger-install-apache2-module
    Copy and paste the code generated from passenger into your Apache site configuration file(site.conf)
  10. Configure site configurations
    Add the following code into your site configuration file and restart Apache service.
    PassengerAppRoot /usr/share/redmine
    RailsBaseURI /redmine
    Alias /redmine /usr/share/redmine/public

ASP.NET response headers

rogerlin0105發表留言

目標:調整伺服器回應的 Header,進一步減少資訊揭露。

移除 X-AspNet-Version,在 web.config中加入下列設定:

<system.web>
<httpRuntime targetFramework="4.0″ enableVersionHeader="false" />
</system.web>

移除 X-AspNetMvc-Version,在 Global.asax中 Application_Start事件:

MvcHandler.DisableMvcResponseHeader = true;

移除 X-Powered-By,在 web.config中加入下列設定:

<system.webServer>
<httpProtocol>
<customHeaders>
<remove name="X-Powered-By" />
</customHeaders>
</httpProtocol>
</system.webServer>

修改 Server,在 web.config中加入下列設定:

<system.webServer>
<rewrite>
<outboundRules>
<rule name="Remove RESPONSE_Server">
<match serverVariable="RESPONSE_Server" pattern=".+" />
<action type="Rewrite" value"MyServer" />
</rule>
</outboundRules>
</rewrite>
</system.webServer>

關於 Server這個 Header,另外也可能找到其他的解法,要在 Global.asax中,在 PreSendResponseHeaders時進行處理,雖然這個方法看似有效,但是卻只對於動態內容有用。對於靜態內容( *.js,*.css等等)卻沒有用。原因是靜態內容的要求不會進到這邊來處理。
為了因為上述的問題,有些人會強制要求靜態內容的要求也進入 httpModule中來處理,因此會在 web.config中加入這樣的設定

<modules runAllManagedModulesForAllRequests="true">

但是這樣的做法會有嚴重的效能問題。
所以我採用了改寫 Server的值而不是去移除它。畢竟,大家都知道這個 Header的存在,隱藏變得不是那麼的重要,重點在於不讓人輕易的知道伺服器的平台。

Enable Fusion Log

rogerlin0105發表留言

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
Add:
DWORD ForceLog set value to 1
DWORD LogFailures set value to 1
DWORD LogResourceBinds set value to 1
DWORD EnableLog set value to 1
String LogPath set value to folder for logs (e.g. C:\FusionLog\)