aboutsummaryrefslogtreecommitdiff
path: root/static/files/articles
diff options
context:
space:
mode:
Diffstat (limited to 'static/files/articles')
-rw-r--r--static/files/articles/site-backend/0-editing-1024.pngbin0 -> 79220 bytes
-rw-r--r--static/files/articles/site-backend/0-editing-1024.webpbin0 -> 62528 bytes
-rw-r--r--static/files/articles/site-backend/0-editing-raw.pngbin0 -> 346242 bytes
-rw-r--r--static/files/articles/site-backend/0-editing.pngbin0 -> 123954 bytes
-rw-r--r--static/files/articles/site-backend/1-ssl-labs-20240530-1024.pngbin0 -> 22450 bytes
-rw-r--r--static/files/articles/site-backend/1-ssl-labs-20240530-1024.webpbin0 -> 17940 bytes
-rw-r--r--static/files/articles/site-backend/1-ssl-labs-20240530.pngbin0 -> 44361 bytes
-rw-r--r--static/files/articles/site-backend/2-securityheaders-1024.pngbin0 -> 21164 bytes
-rw-r--r--static/files/articles/site-backend/2-securityheaders-1024.webpbin0 -> 14280 bytes
-rw-r--r--static/files/articles/site-backend/2-securityheaders.pngbin0 -> 15081 bytes
-rw-r--r--static/files/articles/site-backend/pablotron.org.conf.txt51
-rw-r--r--static/files/articles/site-backend/script.js.txt37
-rw-r--r--static/files/articles/site-backend/style.sass.txt58
-rw-r--r--static/files/articles/site-backend/tls.conf.txt9
-rw-r--r--static/files/articles/site-backend/webhook.conf.txt34
15 files changed, 147 insertions, 42 deletions
diff --git a/static/files/articles/site-backend/0-editing-1024.png b/static/files/articles/site-backend/0-editing-1024.png
new file mode 100644
index 0000000..5bb018c
--- /dev/null
+++ b/static/files/articles/site-backend/0-editing-1024.png
Binary files differ
diff --git a/static/files/articles/site-backend/0-editing-1024.webp b/static/files/articles/site-backend/0-editing-1024.webp
new file mode 100644
index 0000000..3fcc332
--- /dev/null
+++ b/static/files/articles/site-backend/0-editing-1024.webp
Binary files differ
diff --git a/static/files/articles/site-backend/0-editing-raw.png b/static/files/articles/site-backend/0-editing-raw.png
new file mode 100644
index 0000000..e1ca53a
--- /dev/null
+++ b/static/files/articles/site-backend/0-editing-raw.png
Binary files differ
diff --git a/static/files/articles/site-backend/0-editing.png b/static/files/articles/site-backend/0-editing.png
new file mode 100644
index 0000000..1df3181
--- /dev/null
+++ b/static/files/articles/site-backend/0-editing.png
Binary files differ
diff --git a/static/files/articles/site-backend/1-ssl-labs-20240530-1024.png b/static/files/articles/site-backend/1-ssl-labs-20240530-1024.png
new file mode 100644
index 0000000..6e2c95f
--- /dev/null
+++ b/static/files/articles/site-backend/1-ssl-labs-20240530-1024.png
Binary files differ
diff --git a/static/files/articles/site-backend/1-ssl-labs-20240530-1024.webp b/static/files/articles/site-backend/1-ssl-labs-20240530-1024.webp
new file mode 100644
index 0000000..5664f4f
--- /dev/null
+++ b/static/files/articles/site-backend/1-ssl-labs-20240530-1024.webp
Binary files differ
diff --git a/static/files/articles/site-backend/1-ssl-labs-20240530.png b/static/files/articles/site-backend/1-ssl-labs-20240530.png
new file mode 100644
index 0000000..da74161
--- /dev/null
+++ b/static/files/articles/site-backend/1-ssl-labs-20240530.png
Binary files differ
diff --git a/static/files/articles/site-backend/2-securityheaders-1024.png b/static/files/articles/site-backend/2-securityheaders-1024.png
new file mode 100644
index 0000000..b709598
--- /dev/null
+++ b/static/files/articles/site-backend/2-securityheaders-1024.png
Binary files differ
diff --git a/static/files/articles/site-backend/2-securityheaders-1024.webp b/static/files/articles/site-backend/2-securityheaders-1024.webp
new file mode 100644
index 0000000..747507c
--- /dev/null
+++ b/static/files/articles/site-backend/2-securityheaders-1024.webp
Binary files differ
diff --git a/static/files/articles/site-backend/2-securityheaders.png b/static/files/articles/site-backend/2-securityheaders.png
new file mode 100644
index 0000000..8a92c38
--- /dev/null
+++ b/static/files/articles/site-backend/2-securityheaders.png
Binary files differ
diff --git a/static/files/articles/site-backend/pablotron.org.conf.txt b/static/files/articles/site-backend/pablotron.org.conf.txt
index 8934bad..b2c498b 100644
--- a/static/files/articles/site-backend/pablotron.org.conf.txt
+++ b/static/files/articles/site-backend/pablotron.org.conf.txt
@@ -1,49 +1,21 @@
+# unconditionally redirect to https://pablotron.org
<VirtualHost *:80>
- Use BASIC_SITE pablotron.org www-admin@pablotron.org
- Use BASIC_LOGS pablotron.org
- Use STRIP_WWW https://pablotron.org
- Use MOD_DEFLATE
-
- # unconditionally rewrite to https://pablotron.org
RewriteEngine On
RewriteRule ^/(.*)$ https://pablotron.org/$1 [R,L]
</VirtualHost>
<VirtualHost *:443>
- Use BASIC_SITE pablotron.org www-admin@pablotron.org
- Use BASIC_LOGS pablotron.org
+ # strip "www." prefix and enable mod_deflate
Use STRIP_WWW https://pablotron.org
Use MOD_DEFLATE
- SSLEngine on
- SSLCertificateFile /etc/letsencrypt/live/pablotron.org/cert.pem
- SSLCertificateKeyFile /etc/letsencrypt/live/pablotron.org/privkey.pem
- SSLCertificateChainFile /etc/letsencrypt/live/pablotron.org/fullchain.pem
-
- # redirect old rss feed to new one
- RewriteCond %{QUERY_STRING} theme=rss
- RewriteCond %{REQUEST_URI} ^/$
- RewriteRule (.*) /index.xml [R=301,L]
-
- # enable http2 (added 2022-01-29)
+ # enable http2
Protocols h2 http/1.1
- # set security headers
- # (added on 2021-10-17)
- #
- # refs:
- # - https://web.dev/security-headers/#xfo
- # - https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
- # - https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
- # - https://scotthelme.co.uk/a-new-security-header-referrer-policy/
- # - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
- # - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
- #
- # permissions-policy docs (seems poorly thought out):
- # * https://scotthelme.co.uk/goodbye-feature-policy-and-hello-permissions-policy/
- # * feature list (for old feature-policy header, but a good reference): https://source.chromium.org/chromium/chromium/src/+/master:third_party/blink/renderer/platform/feature_policy/feature_policy.cc;drc=ab90b51c5b60de15054a32b0bd18e4839536a1c9;l=138
- # https://github.com/w3c/webappsec-permissions-policy/blob/main/permissions-policy-explainer.md
- #
+ # set restrictive content security policy
+ Header append "Content-Security-Policy" "default-src 'self'; img-src 'self' https://pmdn.org"
+
+ # set remaining security headers
Header append "Strict-Transport-Security" "max-age=31536000"
Header append "X-Frame-Options" "SAMEORIGIN"
Header append "X-Content-Type-Options" "nosniff"
@@ -52,23 +24,18 @@
Header append "Access-Control-Allow-Origin" "https://pablotron.org"
Header append "Referrer-Policy" "strict-origin-when-cross-origin"
- # not sure about these yet
+ # set permissions policy
Header append "Permissions-Policy" "camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), usb=()"
# POST needed for /hooks
Header append "Access-Control-Allow-Methods" "POST, GET, HEAD, OPTIONS"
- # 'unsafe-inline' is needed for goldmark table cell alignment
- # Header append "Content-Security-Policy" "default-src 'self'; img-src 'self' https://pmdn.org; style-src 'self' 'unsafe-inline'"
- # removed all tables w/ alignment, so i nuked unsafe-inline (2021-10-21)
- Header append "Content-Security-Policy" "default-src 'self'; img-src 'self' https://pmdn.org"
-
# cache images, stylesheets, and javascript for 1 year
- # (added 2022-01-29, i may regret this...)
<FilesMatch "\.(ico|jpg|jpeg|png|gif|webp|svg|js|json|css)$">
Header set Cache-Control "max-age=31536000, public"
</FilesMatch>
+ # expose webhook
<Location /hooks/>
ProxyPass "http://localhost:9000/"
ProxyPassReverse "http://localhost:9000/"
diff --git a/static/files/articles/site-backend/script.js.txt b/static/files/articles/site-backend/script.js.txt
new file mode 100644
index 0000000..ecf41b8
--- /dev/null
+++ b/static/files/articles/site-backend/script.js.txt
@@ -0,0 +1,37 @@
+'use strict';
+
+//
+// script.js - script which handles:
+//
+// - set theme
+// - theme switcher and burger menu event handlers
+//
+
+const D = document,
+ C = D.body.parentElement.classList,
+ L = localStorage,
+ M = window.matchMedia,
+ on = (el, id, fn) => el.addEventListener(id, fn);
+
+// use theme if set, otherwise fall back to browser preference
+if (L && L.theme && L.theme === 'dark') {
+ C.add('dark'); // theme set to "dark"
+} else if ((!L || !L.theme) && M && M('(prefers-color-scheme: dark)').matches) {
+ C.add('dark'); // prefers dark color scheme
+}
+
+document.addEventListener('DOMContentLoaded', () => {
+ // theme toggle event handler
+ on(D.querySelector('.navbar-item[data-id="theme"]'), 'click', (e) => {
+ e.preventDefault(); // stop event
+ L.theme = C.toggle('dark') ? 'dark' : 'light'; // toggle
+ });
+
+ // iterate through burgers, bind to click events
+ D.querySelectorAll('.navbar-burger').forEach(e => on(e, 'click', () => {
+ // then toggle is-active on burger and menu
+ [e, D.getElementById(e.dataset.target)].forEach(
+ e => e.classList.toggle('is-active')
+ )
+ }));
+});
diff --git a/static/files/articles/site-backend/style.sass.txt b/static/files/articles/site-backend/style.sass.txt
new file mode 100644
index 0000000..febddd5
--- /dev/null
+++ b/static/files/articles/site-backend/style.sass.txt
@@ -0,0 +1,58 @@
+// style.sass: based on bulma-0.9.3/sass/bulma.sass with the following
+// changes:
+//
+// 1. all unused components removed
+// 2. monokai style for chroma added
+// 3. styles for navbar icon highlighting and table captions added
+// 4. dark mode styles added
+@charset "utf-8"
+
+// import chroma style
+//
+// generated with the following command:
+//
+// cd themes/hugo-pt2021/assets
+// hugo gen chromaclasses --style=monokai > chroma.css
+//
+@import "chroma"
+
+@import "bulma-0.9.3/sass/utilities/_all"
+@import "bulma-0.9.3/sass/base/_all"
+
+// elements
+@import "bulma-0.9.3/sass/elements/button"
+@import "bulma-0.9.3/sass/elements/container"
+@import "bulma-0.9.3/sass/elements/content"
+@import "bulma-0.9.3/sass/elements/image"
+@import "bulma-0.9.3/sass/elements/table"
+@import "bulma-0.9.3/sass/elements/title"
+@import "bulma-0.9.3/sass/elements/other"
+
+// components
+@import "bulma-0.9.3/sass/components/media"
+@import "bulma-0.9.3/sass/components/navbar"
+
+// grid (reenabled, used for images)
+@import "bulma-0.9.3/sass/grid/_all"
+
+// helpers
+@import "bulma-0.9.3/sass/helpers/_all"
+
+// layout
+@import "bulma-0.9.3/sass/layout/section"
+@import "bulma-0.9.3/sass/layout/footer"
+
+// dim navbar icons by default
+.navbar-item .menu-icon
+ opacity: 60%
+
+// highlight icons on hover
+.navbar-item:hover .menu-icon
+ opacity: 100%
+
+// table captions below tables
+table.table
+ caption-side: bottom
+
+// dark mode (2024-05-27)
+@import "dark"
diff --git a/static/files/articles/site-backend/tls.conf.txt b/static/files/articles/site-backend/tls.conf.txt
new file mode 100644
index 0000000..011930d
--- /dev/null
+++ b/static/files/articles/site-backend/tls.conf.txt
@@ -0,0 +1,9 @@
+# explicit list of cipher suites
+# (from ssl-config.mozilla.org)
+SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
+
+# use server priorities for cipher algorithm choice
+SSLHonorCipherOrder on
+
+# protocols to enable (TLS 1.2 and 1.3 only)
+SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
diff --git a/static/files/articles/site-backend/webhook.conf.txt b/static/files/articles/site-backend/webhook.conf.txt
new file mode 100644
index 0000000..254155d
--- /dev/null
+++ b/static/files/articles/site-backend/webhook.conf.txt
@@ -0,0 +1,34 @@
+[{
+ "id": "deploy-pablotron-org",
+ "execute-command": "/data/www/pablotron.org/git/bin/hook/deploy.rb",
+
+ "pass-arguments-to-command": [{
+ "source": "payload",
+ "name": "time"
+ }],
+
+ "pass-environment-to-command": [{
+ "source": "string",
+ "envname": "DEPLOY_HTDOCS_PATH",
+ "name": "/data/www/pablotron.org/builds/current"
+ }, {
+ "source": "string",
+ "envname": "DEPLOY_REPO_DIR",
+ "name": "/data/www/pablotron.org/git"
+ }, {
+ "source": "string",
+ "envname": "DEPLOY_BUILDS_DIR",
+ "name": "/data/www/pablotron.org/builds"
+ }],
+
+ "trigger-rule": {
+ "match": {
+ "type": "payload-hmac-sha256",
+ "secret": "(omitted)",
+ "parameter": {
+ "source": "header",
+ "name": "X-Hub-Signature"
+ }
+ }
+ }
+}]