Skip to content

Instantly share code, notes, and snippets.

Avatar
😁
Live is on going

Georgiy Sitnikov GAS85

😁
Live is on going
View GitHub Profile
@GAS85
GAS85 / apache_ssl.md
Last active Jan 3, 2023
Apache 2.4.18+ with Letsencrypt on Ubuntu 20.04 - SSL config for A+ on SSLLabs.com
View apache_ssl.md

Prerequisites

  • Ubuntu 20.04 (18.04, 16.04 works the same)
  • Apache 2.4.18 or higher
  • OpenSSL 1.0.2g-1ubuntu4.10 or higher
  • e.g. LetsEncrypt certificate
OS: Ubuntu 20.04 Apache/2.4.18 1.0.2g-1ubuntu4.10 +
@GAS85
GAS85 / aria2c_webUI.md
Last active Nov 29, 2022
Aria2 + Ubuntu 18.04 + Apache2 + Web UI
View aria2c_webUI.md
OS: Ubuntu 18.04 Apache/2.4.18 1.0.2g-1ubuntu4.10
Aim: to install Aria2 with WebUI and secure Token.
IP Addr of your Aria2 server is 192.168.0.111
Your local IP network is 192.168.0.0/24

Aria 2

1. Installation

Install aria2 package:

@GAS85
GAS85 / fail2ban_cacti_deprecated.md
Last active May 20, 2020
Fail2Ban and Cacti - read MySQL table
View fail2ban_cacti_deprecated.md
@GAS85
GAS85 / nextcloud_fail2ban.md
Last active Nov 21, 2022
Harden Nextcloud 17+ with Fail2Ban, GUI and WebDAV - Ubuntu 20.04
View nextcloud_fail2ban.md

Fail2ban and Nextcloud

Prerequsits

  • Ubuntu 20.04
  • nextcloud, fail2ban and e.g. iptables are installed

Note

@GAS85
GAS85 / http2_apache2_ubuntu16.04.md
Last active Jun 4, 2022
How to Enable HTTP/2 in Apache 2.4 on Ubuntu 16.04
View http2_apache2_ubuntu16.04.md

Requirements

  • A self-managed VPS or dedicated server with Ubuntu 16.04 running Apache 2.4.xx.
  • For Ubuntu 18.04 please read here --> https://gist.github.com/GAS85/8dadbcb3c9a7ecbcb6705530c1252831
  • A registered domain name with working HTTPS (TLS/SSL). HTTP/2 only works alongside HTTPS because most browsers, including Firefox and Chrome, don’t support HTTP/2 in cleartext (non-TLS) mode.
@GAS85
GAS85 / battery_checker.md
Last active Oct 16, 2018
Cubietruck + Battery + Armbian - shutdown server if critical battery level reached. Just added it to /etc/cron.hourly
View battery_checker.md

MOVED TO https://github.com/GAS85/cubietruck

I create a script that will try to send Warning Email and and shutdown the system as soon as it goes below 10%.

I put it in cron hourly and script should automatically check and do loop if battery discharging and below e.g. 80%.

E-Mail is needed because last time I did not know that my power supply died and I did not know why sever stopped. This version is also producing logs that could be checked after cubietruck fails. That helps for trouble shooting, e.g. to find out that power supply could not produce enough current to charge battery.

Log output example:

@GAS85
GAS85 / split_tunnel_VPN.md
Last active Oct 17, 2022
Force Torrent/user Traffic through VPN Split Tunnel on Ubuntu 16.04
View split_tunnel_VPN.md
@GAS85
GAS85 / apache2_restrictDirectAccess.md
Last active Mar 23, 2020
Apache2 Restrict direct IP access to website
View apache2_restrictDirectAccess.md

Just added this into Apache2 config. E.g. /etc/apache2/sites-available/900-restrictDirectIP.conf and enable it afterwards.

<VirtualHost 192.168.0.1:80>
	ServerName 192.168.0.1
	Redirect 403 /
	ErrorDocument 403 "Sorry, direct IP access not allowed."
	DocumentRoot /var/www/html
	ErrorLog ${APACHE_LOG_DIR}/error_directIPAccess.log
	CustomLog ${APACHE_LOG_DIR}/access_directIPAccess.log combined
@GAS85
GAS85 / http2_apache2_ubuntu18.04.md
Last active Jan 30, 2022
How to Enable HTTP/2 in Apache 2.4 on Ubuntu 18.04
View http2_apache2_ubuntu18.04.md

Requirements

  • A self-managed VPS or dedicated server with Ubuntu 18.04 running Apache 2.4.xx.
  • A registered domain name with working HTTPS (TLS/SSL). HTTP/2 only works alongside HTTPS because most browsers, including Firefox and Chrome, don’t support HTTP/2 in cleartext (non-TLS) mode.

Step 1: Install Apache2

@GAS85
GAS85 / apache2_HPKP.md
Last active Oct 27, 2021
Activating HTTP Public Key Pinning (HPKP) on Let's Encrypt
View apache2_HPKP.md

Activating HTTP Public Key Pinning (HPKP) on Let's Encrypt

Source: https://lilleengen.io/blog/index.php/posts/activating-http-public-key-pinning-hpkp-on-lets-encrypt

  • Disclaimer: This might break your website, don't preceded if you don't know what you're doing.

Since the letsencrypt seems to create a new private key every time the certificate is renewed and Let's Encrypt requires you to renew you certificate once every ~80 days pinning using your certificate's SPKI is probably not the way to go. So, what should we pin then? Let's Encrypt is currently issuing from Authority X3, and using Authority X4 as a backup, so these two is a great place to start. We should also include the ISRG Root so this might support new Authorities with other SPKIs as well.

Generate HASH of Private Keys

To generate the hash of the SPKI of these certificates run the following commands