25-03-2025

docs/macos/webserver/geoipfast.md

@@ -0,0 +1,160 @@
+# geoipfast
+
+
+
+Version:
+
+```bash
+$ geoip2fast -v
+GeoIP2Fast v1.2.2 Usage: geoip2fast.py [-h] [-v] [-d] [-i] [data_filename_to_be_used] <ip_address_1>,<ip_address_2>,<ip_address_N>,...
+```
+
+Self-test:
+
+```bash
+$ geoip2fast geoip2fast-city-asn.dat.gz --self-test-city
+GeoIP2Fast v1.2.2 is ready! geoip2fast-city-asn.dat.gz loaded with 2.405.140 networks in 0.25481 seconds and using 268.59 MiB.
+
+Starting a self-test...
+
+> x37,106,248,137          <invalid ip address>           [0.000017000 sec]  Cached > [0.000003042 sec]
+> 90.120.130.164/32        <invalid ip address>           [0.000002542 sec]  Cached > [0.000001209 sec]
+> 23.172.161.24         -- <not found in database>        [0.000027041 sec]  Cached > [0.000001750 sec]
+> 192.168.134.8         -- Private Network Class C        [0.000044917 sec]  Cached > [0.000006208 sec]
+> 61.158.159.224        CN China                          [0.000039167 sec]  Cached > [0.000004166 sec] Shangqiu
+> 51.251.173.172        GB United Kingdom                 [0.000022625 sec]  Cached > [0.000002917 sec]
+> 176.134.67.240        FR France                         [0.000020708 sec]  Cached > [0.000003834 sec] Les Touches
+> 118.34.78.111         KR South Korea                    [0.000019292 sec]  Cached > [0.000004084 sec] Seosan City
+
+Self-test with 30 randomic IPv4 addresses.
+	- Average Lookup Time: 0.000025018 seconds.
+	- Average Cached Lookups: 0.000004118 seconds.
+```
+
+```bash
+$ geoip2fast --self-test-city
+GeoIP2Fast v1.2.2 is ready! geoip2fast.dat.gz loaded with 494.069 networks in 0.02374 seconds and using 31.25 MiB.
+
+Starting a self-test...
+
+> x14,15,17,31             <invalid ip address>           [0.000012000 sec]  Cached > [0.000002959 sec]
+> 59.92.124.53/32          <invalid ip address>           [0.000002208 sec]  Cached > [0.000001166 sec]
+> 23.172.162.217        -- <not found in database>        [0.000019792 sec]  Cached > [0.000001583 sec]
+> 172.31.55.201         -- Private Network Class B        [0.000018125 sec]  Cached > [0.000002958 sec]
+> 1.250.34.180          KR South Korea                    [0.000010416 sec]  Cached > [0.000001459 sec]
+> 62.138.239.182        DE Germany                        [0.000011333 sec]  Cached > [0.000001375 sec]
+> 192.46.25.17          US United States                  [0.000011458 sec]  Cached > [0.000001334 sec]
+> 83.125.115.33         DE Germany                        [0.000011792 sec]  Cached > [0.000001416 sec]
+> 81.58.16.237          NL The Netherlands                [0.000015500 sec]  Cached > [0.000002208 sec]
+> 32.187.65.34          US United States                  [0.000013208 sec]  Cached > [0.000001625 sec]
+> 77.152.80.234         FR France                         [0.000012500 sec]  Cached > [0.000001583 sec]
+> 93.9.4.164            FR France                         [0.000009959 sec]  Cached > [0.000001375 sec]
+> 7.231.125.137         US United States                  [0.000011500 sec]  Cached > [0.000001334 sec]
+
+Self-test with 30 randomic IPv4 addresses.
+	- Average Lookup Time: 0.000011775 seconds.
+	- Average Cached Lookups: 0.000001539 seconds.
+```
+
+Mise-à-jour des bases:
+
+```bash
+$ geoip2fast --update-file geoip2fast-city-asn.dat.gz
+geoip2fast-city-asn.dat.gz
+
+# Allowed values: 
+# geoip2fast.dat.gz OR geoip2fast-ipv6.dat.gz OR
+# geoip2fast-asn.dat.gz OR geoip2fast-asn-ipv6.dat.gz OR
+# geoip2fast-city.dat.gz OR geoip2fast-city-ipv6.dat.gz OR
+# geoip2fast-city-asn.dat.gz OR geoip2fast-city-asn-ipv6.dat.gz
+```
+
+
+
+Le fichier data par défaut:
+
+```bash
+$ geoip2fast -i
+{
+   "database_content": "Country with IPv4 only",
+   "database_fullpath": "/Users/bruno/.local/pipx/venvs/geoip2fast/lib/python3.12/site-packages/geoip2fast/geoip2fast.dat.gz",
+   "file_size": 1192502,
+   "uncompressed_file_size": 4970211,
+   "source_info": "MAXMIND:GeoLite2-Country-IPv4-en-20240618",
+   "dat_version": 120,
+   "country": {
+      "main_index_size": 99,
+      "first_ip_list_size": 494069,
+      "country_code_id_list_size": 494069,
+      "netlength_list_size": 494069,
+      "country_names": 267,
+      "ipv4_networks": 494069,
+      "ipv6_networks": 0,
+      "number_of_chunks": 99,
+      "chunk_size": 5000
+   }
+}
+```
+
+
+
+On choisit le fichier data:
+
+```bash
+# Fibre
+
+$ geoip2fast 86.235.4.116 geoip2fast-city-asn.dat.gz
+{
+   "ip": "86.235.4.116",
+   "country_code": "FR",
+   "country_name": "France",
+   "city": {
+      "name": "Chenôve",
+      "subdivision_code": "BFC",
+      "subdivision_name": "Bourgogne-Franche-Comté",
+      "latitude": null,
+      "longitude": null
+   },
+   "cidr": "86.235.0.0/20",
+   "hostname": "",
+   "asn_name": "Orange",
+   "asn_cidr": "86.234.0.0/15",
+   "is_private": false,
+   "elapsed_time": "0.000076166 sec"
+}
+```
+
+```bash
+# 4G
+
+$ geoip2fast 92.184.105.244 geoip2fast-city-asn.dat.gz
+{
+   "ip": "92.184.105.244",
+   "country_code": "FR",
+   "country_name": "France",
+   "city": {
+      "name": "Paris",
+      "subdivision_code": "IDF",
+      "subdivision_name": "Île-de-France",
+      "latitude": null,
+      "longitude": null
+   },
+   "cidr": "92.184.96.0/20",
+   "hostname": "",
+   "asn_name": "Orange",
+   "asn_cidr": "92.184.96.0/19",
+   "is_private": false,
+   "elapsed_time": "0.000069667 sec"
+}
+```
+
+
+
+
+
+
+
+
+
+https://www.maxmind.com/en/accounts/356803/geoip/downloads
+

docs/macos/webserver/mod-php.md

@@ -195,6 +195,7 @@ $ pecl install apcu
 # fatal error: 'pcre2.h' file not found
 
 $ ln -s /opt/homebrew/Cellar/pcre2/10.42/include/pcre2.h /opt/homebrew/Cellar/php/
+$ ln -s /opt/homebrew/opt/pcre2/include/pcre2.h /opt/homebrew/opt/php@8.4/include/php/ext/pcre/
 
 ln -s /opt/homebrew/Cellar/pcre2/10.42/include/pcre2.h /opt/homebrew/Cellar/php/8.3.1/include/php/ext/pcre/pcre2.h
 

docs/macos/webserver/php-fpm.md

@@ -178,6 +178,21 @@ Si PHP n'est pas interprété, redémarrer le mac.
 
 
 
+### PHP interactif:
+
+Executer PHP dans le terminal.
+
+```bash
+$ php -a
+Interactive shell
+
+php > $var = 'ABCDEFGH:/MNRPQR/';
+php > echo "Original: $var<hr />\n";
+Original: ABCDEFGH:/MNRPQR/<hr />
+```
+
+
+
 ### Changer de version:
 
 *PHP switcher script*: 

docs/macos/webserver/security-txt.md

@@ -0,0 +1,117 @@
+# security.txt
+
+
+
+Créer le fichier security.txt sur https://securitytxt.org
+
+```bash
+Contact: mailto:bruno@clicclac.info
+Expires: 2026-09-05T18:00:00.000Z
+Encryption: openpgp4fpr:2D5E 6C77 2EC1 15C8 21BD  6D8A 4B92 F1D5 84F5 513F
+Preferred-Languages: en,fr
+Canonical: https://photos-nas.ovh/.well-known/security.txt
+```
+
+Créer une signature numérique:
+
+```bash
+gpg --output security.txt.sig --armor --detach-sig security.txt
+gpg: using "2D5E6C772EC115C821BD6D8A4B92F1D584F5513F" as default secret key for signing
+```
+
+Vérifier la signature:
+
+```bash
+gpg --verify security.txt.sig security.txt
+gpg: Signature faite le Jeu  5 sep 15:35:53 2024 CEST
+gpg:                avec la clef RSA 2D5E6C772EC115C821BD6D8A4B92F1D584F5513F
+gpg: Bonne signature de « Bruno Pesenti <bruno@clicclac.info> » [ultime]
+```
+
+Ajouter la signature au fichier security.txt
+
+```bash
+cat security.txt.sig >> security.txt
+```
+
+
+
+
+
+```bash
+gpg --clearsign -o security-signed.txt security.txt
+gpg: using "2D5E6C772EC115C821BD6D8A4B92F1D584F5513F" as default secret key for signing
+```
+
+```bash
+gpg --verify -v security-signed.txt
+gpg: enabled compatibility flags:
+gpg: en-tête d'armure : Hash: SHA256
+gpg: nom de fichier original : «  »
+gpg: Signature faite le Jeu  5 sep 16:02:58 2024 CEST
+gpg:                avec la clef RSA 2D5E6C772EC115C821BD6D8A4B92F1D584F5513F
+gpg: utilisation du modèle de confiance pgp
+gpg: Bonne signature de « Bruno Pesenti <bruno@clicclac.info> » [ultime]
+gpg: signature mode texte, algorithme de hachage SHA256, algorithme de clef rsa4096
+```
+
+```bash
+mv security-signed.txt security.txt
+```
+
+```bash
+cat security.txt
+
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA256
+
+Contact: https://photos-nas.ovh/contact/
+Expires: 2026-09-05T18:00:00.000Z
+Encryption: openpgp4fpr:2D5E 6C77 2EC1 15C8 21BD  6D8A 4B92 F1D5 84F5 513F
+Preferred-Languages: en,fr
+Canonical: https://photos-nas.ovh/.well-known/security.txt
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCAAdFiEELV5sdy7BFcghvW2KS5Lx1YT1UT8FAmbZuhIACgkQS5Lx1YT1
+UT9hsg/6AjjR0ASQ1UA0rHwVeKw7WOlLJv1lkdypKi5Sou1sYZcM3sFNwq1T/KX8
+lkgy3Y0uAH2QJ/nbsyhyNi5tHI2oA1zhF7U/l9ovRD3esQGoZ0iRIFRKzoKwNsBb
+yxOzS1BJEvH3ntE2QwcTCBPx5D8RNBcIa3xK8DnrZCfkIU3tm49yRNyFo+MUWDZw
+f0ASIWFwvPrB3oKdB9orzwQHq2UtwIK8yPkeZV2Tbe3OuN0utVSaqeSXDyNewCDI
+ziorAnjl5TL41Lo3UtO69ByYB2yCHaIgGr/9EK19fZG7jx/AcD8wCQ5FKdj8woQB
+KwCEu4PqoHpi8yncHAUZPsrH9XHTm5GegeGHU6/uguzDw4jc5Nxg/ARpDvD/337m
+iWKoA7UXoffmGNizyGiP//zkzkp4wTStD9G8i9TA3BSSKIFtHQqYFqYQlJQEopRd
+ju8KIHPORXxyR1GX58V0UUJ2Gtzk4AHRS5/XqAqSHyQyI9YK0O79iufx6nGW+zkR
+c1MmVp4YkhQcHB5NbWH0XC/6lOn5jfx7hNfQDbPBemPOpBZ2n9V13ckxhgynlurh
+hBNQQT526cZmxhLTXWrSRcuFiWjtpi8CgJaWMw7ebhncLb1dHlebq8cispqJn2vK
++v6pgoN0aJvtKZC8ugHi62SniVaX22B55QQDbfhGFvlhWnzJSl4=
+=8KJk
+-----END PGP SIGNATURE-----
+```
+
+
+
+### Content Security Policy (CSP)
+
+https://content-security-policy.com/examples/
+
+https://www.magentix.fr/blog/strategie-de-securite-du-contenu-content-security-policy.html
+
+
+
+Ajouter l'entête:
+
+```html
+<meta http-equiv="Content-Security-Policy" content="default-src 'self'; img-src https://*; child-src 'none';">
+```
+
+```php
+<?php
+	header("Content-Security-Policy: default-src 'self'");
+?>
+```
+
+
+
+### HSTS
+
+https://hstspreload.org/