OS: Ubuntu 18.04 Apache/2.4.18+
Aim: to ensure Aria2 access via reverse proxy
IP Addr of your Aria2 server is 192.168.0.111
Your local IP network is 192.168.0.0/24
Your domain is YourDomain.com
Aria2 installed as descibed https://gist.github.com/GAS85/79849bfd09613067a2ac0c1a711120a6
Source: https://lilleengen.io/blog/index.php/posts/activating-http-public-key-pinning-hpkp-on-lets-encrypt
- Disclaimer: This might break your website, don't preceded if you don't know what you're doing.
Since the letsencrypt seems to create a new private key every time the certificate is renewed and Let's Encrypt requires you to renew you certificate once every ~80 days pinning using your certificate's SPKI is probably not the way to go. So, what should we pin then? Let's Encrypt is currently issuing from Authority X3, and using Authority X4 as a backup, so these two is a great place to start. We should also include the ISRG Root so this might support new Authorities with other SPKIs as well.
To generate the hash of the SPKI of these certificates run the following commands
Based on https://gist.github.com/GAS85/8dadbcb3c9a7ecbcb6705530c1252831
- A self-managed VPS or dedicated server with Ubuntu 20.04 running Apache 2.4.xx.
- A registered domain name with working HTTPS (TLS/SSL). HTTP/2 only works alongside HTTPS because most browsers, including Firefox and Chrome, don’t support HTTP/2 in cleartext (non-TLS) mode.
Per default it will be apache2 version 2.4.41 what is enought for http2 support.
As per https://www.htpcguides.com/force-torrent-traffic-vpn-split-tunnel-debian-8-ubuntu-16-04/, but with few upgrades.
Everything in one script: https://github.com/GAS85/pia/blob/master/split_tunnel_VPN.sh
- Ubuntu 16.04
- Ubuntu 18.04
- Ubuntu 20.04 - DNS issue, different mechanism, read comments.
- Ubuntu 22.04 - DNS issue, different mechanism, read comments.