From d5dfa9c124fd2ecddad5c056554051558ce15e4d Mon Sep 17 00:00:00 2001 From: Samuel Sloniker Date: Sun, 11 Aug 2024 17:51:42 -0700 Subject: [PATCH] Setup instructions --- README.md | 31 +++++++++++++++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 25d0e75..bbd6b1c 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,30 @@ -# zerotest +# ZeroTest -Test utility for 0.0.0.0 Day \ No newline at end of file +To set up a ZeroTest instance, simply set up a Web server to host `index.html` over an unencrypted HTTP connection. (ZeroTest will not work if loaded over HTTPS, because [restrictions on mixed content](https://developer.mozilla.org/en-US/docs/Web/Security/Mixed_content) will block its requests.) + +A public instance is available at [https://zerotest.kj7rrv.com/](https://zerotest.kj7rrv.com/); it uses the following Nginx configuration: + +```nginx +server { + listen 80; + listen [::]:80; + server_name zerotest.kj7rrv.com; + + add_header Content-Security-Policy "connect-src 0.0.0.0:*;"; + + root /var/www/zerotest; + charset utf-8; +} + +server { + listen 443; + listen [::]:443; + server_name zerotest.kj7rrv.com; + + return 301 http://zerotest.kj7rrv.com; + + include /etc/nginx/templates/ssl.tmpl; +} +``` + +Note that if a [Content Security Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) is set, it must allow `fetch` requests to all ports on `0.0.0.0`; the header in the example Nginx configuration (`connect-src 0.0.0.0:*;`) works well. \ No newline at end of file