- Ubuntu 20.04 (18.04, 16.04 works the same)
- Apache 2.4.18 or higher
- OpenSSL 1.0.2g-1ubuntu4.10 or higher
- e.g. LetsEncrypt certificate
OS: Ubuntu 20.04 Apache/2.4.18 1.0.2g-1ubuntu4.10 +
GAS85
/ apache_ssl.md
Last active
March 14, 2024 16:40
Apache 2.4.18+ with Letsencrypt on Ubuntu 20.04 - SSL config for A+ on SSLLabs.com
GAS85
/ fail2ban_cacti_deprecated.md
Last active
May 20, 2020 07:55
Fail2Ban and Cacti - read MySQL table
Please Note: This is an old way of working, for a newer please refer to https://gist.github.com/GAS85/4fd4715eb7c2c9f585dc0f6309940562
I took it from here, but becasue of newer MySQL it needs to be updated a bit.
- Ubuntu 16.04
GAS85
/ nextcloud_fail2ban.md
Last active
April 8, 2024 20:51
Harden Nextcloud 17+ with Fail2Ban, GUI and WebDAV - Ubuntu 20.04
GAS85
/ http2_apache2_ubuntu16.04.md
Last active
February 7, 2023 16:17
How to Enable HTTP/2 in Apache 2.4 on Ubuntu 16.04
-
Based on https://techwombat.com/enable-http2-apache-ubuntu-16-04/
-
This totorial is for an older Ubuntu 16.04, for a Ubuntu 18.04 please read here --> https://gist.github.com/GAS85/8dadbcb3c9a7ecbcb6705530c1252831 and for a Ubuntu 20.04 please read here* --> https://gist.github.com/GAS85/38eb5954a27d64ae9ac17d01bfe9898c
- A self-managed VPS or dedicated server with Ubuntu 16.04 running Apache 2.4.xx.
- For Ubuntu 18.04 please read here --> https://gist.github.com/GAS85/8dadbcb3c9a7ecbcb6705530c1252831
- A registered domain name with working HTTPS (TLS/SSL). HTTP/2 only works alongside HTTPS because most browsers, including Firefox and Chrome, don’t support HTTP/2 in cleartext (non-TLS) mode.
GAS85
/ battery_checker.md
Last active
October 16, 2018 08:10
Cubietruck + Battery + Armbian - shutdown server if critical battery level reached. Just added it to /etc/cron.hourly
MOVED TO https://github.com/GAS85/cubietruck
I create a script that will try to send Warning Email and and shutdown the system as soon as it goes below 10%.
I put it in cron hourly and script should automatically check and do loop if battery discharging and below e.g. 80%.
E-Mail is needed because last time I did not know that my power supply died and I did not know why sever stopped. This version is also producing logs that could be checked after cubietruck fails. That helps for trouble shooting, e.g. to find out that power supply could not produce enough current to charge battery.
Log output example:
GAS85
/ split_tunnel_VPN.md
Last active
April 24, 2024 13:03
Force Torrent/user Traffic through VPN Split Tunnel on Ubuntu 16.04
As per https://www.htpcguides.com/force-torrent-traffic-vpn-split-tunnel-debian-8-ubuntu-16-04/, but with few upgrades.
Everything in one script: https://github.com/GAS85/pia/blob/master/split_tunnel_VPN.sh
- Ubuntu 16.04
- Ubuntu 18.04
- Ubuntu 20.04 - DNS issue, different mechanism, read comments.
- Ubuntu 22.04 - DNS issue, different mechanism, read comments.
GAS85
/ apache2_restrictDirectAccess.md
Last active
March 23, 2020 09:01
Apache2 Restrict direct IP access to website
Just added this into Apache2 config. E.g. /etc/apache2/sites-available/900-restrictDirectIP.conf and enable it afterwards.
<VirtualHost 192.168.0.1:80>
ServerName 192.168.0.1
Redirect 403 /
ErrorDocument 403 "Sorry, direct IP access not allowed."
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error_directIPAccess.log
CustomLog ${APACHE_LOG_DIR}/access_directIPAccess.log combined
GAS85
/ http2_apache2_ubuntu18.04.md
Last active
September 29, 2023 12:00
How to Enable HTTP/2 in Apache 2.4 on Ubuntu 18.04
- Based on https://gist.github.com/GAS85/990b46a3a9c2a16c0ece4e48ebce7300
- This totorial is for an older Ubuntu 18.04, for a Ubuntu 20.04 please read here --> https://gist.github.com/GAS85/38eb5954a27d64ae9ac17d01bfe9898c
- A self-managed VPS or dedicated server with Ubuntu 18.04 running Apache 2.4.xx.
- A registered domain name with working HTTPS (TLS/SSL). HTTP/2 only works alongside HTTPS because most browsers, including Firefox and Chrome, don’t support HTTP/2 in cleartext (non-TLS) mode.
GAS85
/ apache2_HPKP.md
Last active
January 25, 2024 14:03
Activating HTTP Public Key Pinning (HPKP) on Let's Encrypt
Source: https://lilleengen.io/blog/index.php/posts/activating-http-public-key-pinning-hpkp-on-lets-encrypt
- Disclaimer: This might break your website, don't preceded if you don't know what you're doing.
Since the letsencrypt seems to create a new private key every time the certificate is renewed and Let's Encrypt requires you to renew you certificate once every ~80 days pinning using your certificate's SPKI is probably not the way to go. So, what should we pin then? Let's Encrypt is currently issuing from Authority X3, and using Authority X4 as a backup, so these two is a great place to start. We should also include the ISRG Root so this might support new Authorities with other SPKIs as well.
To generate the hash of the SPKI of these certificates run the following commands
OlderNewer