Installation
Requirements
Systemd Service
[Unit]
Description=Kulini
After=syslog.target
After=network.target
[Service]
Type=simple
User=[Benutzername]
Group=[Gruppe]
WorkingDirectory=/[Pfad zu Kulini]/kulini-backend/
ExecStart=/[Pfad zu Kulini]/kulini-backend/./kulini-backend
Restart=always
[Install]
WantedBy=multi-user.target
Webserver Configuration
nginx
server {
server_name [Domain];
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
}
server {
server_name [Domain];
root /[path to Ofenschlupfer]/client/dist;
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
add_header Content-Security-Policy "default-src 'none'; style-src 'self'; img-src 'self'; script-src 'self'; connect-src 'self'; frame-ancestors 'none'; form-action 'none'; base-uri 'none';";
add_header Strict-Transport-Security "max-age=63072000; preload;";
add_header X-Content-Type-Options "nosniff";
add_header X-Frame-Options "none";
add_header X-XSS-Protection "1; mode=block";
add_header Referrer-Policy "no-referrer";
ssl_certificate /[pfad to certificate]/fullchain.pem;
ssl_certificate_key /[pfad to certificate]/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_prefer_server_ciphers off;
# Client
location / {
try_files $uri $uri/ /index.html;
}
# Server
location /api/ {
proxy_pass http://localhost:[server port]/;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
Apache httpd
Warning
This configuration has not been tested.
<VirtualHost *:80>
ServerName [Domain]
RewriteEngine On
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
</VirtualHost>
<VirtualHost *:443>
ServerName [domain]
Protocols h2 http/1.1
SSLEngine on
SSLCertificateFile /[Pfad zum Zertifikat]/fullchain.pem
SSLCertificateKeyFile /[Pfad zum Zertifikat]/privkey.pem
Header always set Strict-Transport-Security "max-age=63072000"
Header set Content-Security-Policy "default-src 'none'; style-src 'self'; img-src 'self'; script-src 'self'; connect-src 'self'; frame-ancestors 'none'; form-action 'none'; base-uri 'none';"
Header set X-Content-Type-Options "nosniff";
Header set X-Frame-Options "none";
Header set X-XSS-Protection "1; mode=block";
Header set Referrer-Policy "no-referrer";
RewriteEngine On
RewriteBase /
RewriteRule ^index\.html$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.html [L]
ProxyPass /api/ http://localhost:[Backend-Port]/
</VirtualHost>
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder off
SSLSessionTickets off