Skip to content

Instantly share code, notes, and snippets.

View GAS85's full-sized avatar
😁
Live is on going

Georgiy Sitnikov GAS85

😁
Live is on going
View GitHub Profile
@GAS85
GAS85 / apache_ssl.md
Last active March 14, 2024 16:40
Apache 2.4.18+ with Letsencrypt on Ubuntu 20.04 - SSL config for A+ on SSLLabs.com

Prerequisites

  • Ubuntu 20.04 (18.04, 16.04 works the same)
  • Apache 2.4.18 or higher
  • OpenSSL 1.0.2g-1ubuntu4.10 or higher
  • e.g. LetsEncrypt certificate
OS: Ubuntu 20.04 Apache/2.4.18 1.0.2g-1ubuntu4.10 +
@GAS85
GAS85 / aria2c_webUI.md
Last active November 28, 2023 13:41
Aria2 + Ubuntu 18.04 + Apache2 + Web UI
OS: Ubuntu 18.04 Apache/2.4.18 1.0.2g-1ubuntu4.10
Aim: to install Aria2 with WebUI and secure Token.
IP Addr of your Aria2 server is 192.168.0.111
Your local IP network is 192.168.0.0/24

Aria 2

1. Installation

Install aria2 package:

@GAS85
GAS85 / fail2ban_cacti_deprecated.md
Last active May 20, 2020 07:55
Fail2Ban and Cacti - read MySQL table
@GAS85
GAS85 / nextcloud_fail2ban.md
Last active April 8, 2024 20:51
Harden Nextcloud 17+ with Fail2Ban, GUI and WebDAV - Ubuntu 20.04

Fail2ban and Nextcloud

Prerequsits

  • Ubuntu 20.04
  • nextcloud, fail2ban and e.g. iptables are installed

Note

@GAS85
GAS85 / http2_apache2_ubuntu16.04.md
Last active February 7, 2023 16:17
How to Enable HTTP/2 in Apache 2.4 on Ubuntu 16.04

Requirements

  • A self-managed VPS or dedicated server with Ubuntu 16.04 running Apache 2.4.xx.
  • For Ubuntu 18.04 please read here --> https://gist.github.com/GAS85/8dadbcb3c9a7ecbcb6705530c1252831
  • A registered domain name with working HTTPS (TLS/SSL). HTTP/2 only works alongside HTTPS because most browsers, including Firefox and Chrome, don’t support HTTP/2 in cleartext (non-TLS) mode.
@GAS85
GAS85 / battery_checker.md
Last active October 16, 2018 08:10
Cubietruck + Battery + Armbian - shutdown server if critical battery level reached. Just added it to /etc/cron.hourly

MOVED TO https://github.com/GAS85/cubietruck

I create a script that will try to send Warning Email and and shutdown the system as soon as it goes below 10%.

I put it in cron hourly and script should automatically check and do loop if battery discharging and below e.g. 80%.

E-Mail is needed because last time I did not know that my power supply died and I did not know why sever stopped. This version is also producing logs that could be checked after cubietruck fails. That helps for trouble shooting, e.g. to find out that power supply could not produce enough current to charge battery.

Log output example:

@GAS85
GAS85 / split_tunnel_VPN.md
Last active March 27, 2024 05:15
Force Torrent/user Traffic through VPN Split Tunnel on Ubuntu 16.04
@GAS85
GAS85 / apache2_restrictDirectAccess.md
Last active March 23, 2020 09:01
Apache2 Restrict direct IP access to website

Just added this into Apache2 config. E.g. /etc/apache2/sites-available/900-restrictDirectIP.conf and enable it afterwards.

<VirtualHost 192.168.0.1:80>
	ServerName 192.168.0.1
	Redirect 403 /
	ErrorDocument 403 "Sorry, direct IP access not allowed."
	DocumentRoot /var/www/html
	ErrorLog ${APACHE_LOG_DIR}/error_directIPAccess.log
	CustomLog ${APACHE_LOG_DIR}/access_directIPAccess.log combined
@GAS85
GAS85 / http2_apache2_ubuntu18.04.md
Last active September 29, 2023 12:00
How to Enable HTTP/2 in Apache 2.4 on Ubuntu 18.04

Requirements

  • A self-managed VPS or dedicated server with Ubuntu 18.04 running Apache 2.4.xx.
  • A registered domain name with working HTTPS (TLS/SSL). HTTP/2 only works alongside HTTPS because most browsers, including Firefox and Chrome, don’t support HTTP/2 in cleartext (non-TLS) mode.

Step 1: Install Apache2

@GAS85
GAS85 / apache2_HPKP.md
Last active January 25, 2024 14:03
Activating HTTP Public Key Pinning (HPKP) on Let's Encrypt

Activating HTTP Public Key Pinning (HPKP) on Let's Encrypt

Source: https://lilleengen.io/blog/index.php/posts/activating-http-public-key-pinning-hpkp-on-lets-encrypt

  • Disclaimer: This might break your website, don't preceded if you don't know what you're doing.

Since the letsencrypt seems to create a new private key every time the certificate is renewed and Let's Encrypt requires you to renew you certificate once every ~80 days pinning using your certificate's SPKI is probably not the way to go. So, what should we pin then? Let's Encrypt is currently issuing from Authority X3, and using Authority X4 as a backup, so these two is a great place to start. We should also include the ISRG Root so this might support new Authorities with other SPKIs as well.

Generate HASH of Private Keys

To generate the hash of the SPKI of these certificates run the following commands