Skip to content

Instantly share code, notes, and snippets.

View GAS85's full-sized avatar
😁
Live is on going

Georgiy Sitnikov GAS85

😁
Live is on going
9 followers · 0 following
View GitHub Profile
@GAS85
GAS85 / http2_apache2_ubuntu20.04.md
Last active April 19, 2024 18:11
How to Enable HTTP/2 in Apache 2.4 on Ubuntu 20.04

Based on https://gist.github.com/GAS85/8dadbcb3c9a7ecbcb6705530c1252831

Requirements

  • A self-managed VPS or dedicated server with Ubuntu 20.04 running Apache 2.4.xx.
  • A registered domain name with working HTTPS (TLS/SSL). HTTP/2 only works alongside HTTPS because most browsers, including Firefox and Chrome, don’t support HTTP/2 in cleartext (non-TLS) mode.

Step 1: Install Apache2

Per default it will be apache2 version 2.4.41 what is enought for http2 support.

@GAS85
GAS85 / nextcloud_fail2ban.md
Last active April 8, 2024 20:51
Harden Nextcloud 17+ with Fail2Ban, GUI and WebDAV - Ubuntu 20.04

Fail2ban and Nextcloud

Prerequsits

  • Ubuntu 20.04
  • nextcloud, fail2ban and e.g. iptables are installed

Note

@GAS85
GAS85 / split_tunnel_VPN.md
Last active March 27, 2024 05:15
Force Torrent/user Traffic through VPN Split Tunnel on Ubuntu 16.04
@GAS85
GAS85 / apache_ssl.md
Last active March 14, 2024 16:40
Apache 2.4.18+ with Letsencrypt on Ubuntu 20.04 - SSL config for A+ on SSLLabs.com

Prerequisites

  • Ubuntu 20.04 (18.04, 16.04 works the same)
  • Apache 2.4.18 or higher
  • OpenSSL 1.0.2g-1ubuntu4.10 or higher
  • e.g. LetsEncrypt certificate
OS: Ubuntu 20.04 Apache/2.4.18 1.0.2g-1ubuntu4.10 +
@GAS85
GAS85 / apache2_HPKP.md
Last active January 25, 2024 14:03
Activating HTTP Public Key Pinning (HPKP) on Let's Encrypt

Activating HTTP Public Key Pinning (HPKP) on Let's Encrypt

Source: https://lilleengen.io/blog/index.php/posts/activating-http-public-key-pinning-hpkp-on-lets-encrypt

  • Disclaimer: This might break your website, don't preceded if you don't know what you're doing.

Since the letsencrypt seems to create a new private key every time the certificate is renewed and Let's Encrypt requires you to renew you certificate once every ~80 days pinning using your certificate's SPKI is probably not the way to go. So, what should we pin then? Let's Encrypt is currently issuing from Authority X3, and using Authority X4 as a backup, so these two is a great place to start. We should also include the ISRG Root so this might support new Authorities with other SPKIs as well.

Generate HASH of Private Keys

To generate the hash of the SPKI of these certificates run the following commands

@GAS85
GAS85 / aria2_apache2_reverseProxy.md
Created February 12, 2020 11:45
Aria2 + Ubuntu 18.04 + Apache2 + Reverse Proxy + Web UI 
OS: Ubuntu 18.04 Apache/2.4.18+
Aim: to ensure Aria2 access via reverse proxy
IP Addr of your Aria2 server is 192.168.0.111
Your local IP network is 192.168.0.0/24
Your domain is YourDomain.com
Aria2 installed as descibed https://gist.github.com/GAS85/79849bfd09613067a2ac0c1a711120a6

1. Ensure Reverse Proxy

a. Using Apache as a reverse proxy

@GAS85
GAS85 / apache2_transmission_fail2ban.md
Created June 22, 2020 08:04
Harden Transmission and Apache2 Reverse Proxy with fail2ban

Fail2ban and Transmission with Apache2 Reverse Proxy

Prerequsits

@GAS85
GAS85 / apache2_pihole.md
Last active December 6, 2023 03:20
Apache2 config for pihole with custom / non-admin link
@GAS85
GAS85 / apache2_portainer_fail2ban.md
Last active November 29, 2023 09:49
Harden Portainer and Apache2 Reverse Proxy with fail2ban

Fail2ban and Portainer with Apache2 Reverse Proxy

Prerequsits

  • Ubuntu 22.04
  • Portainer with Remote access
  • apache2 as reverse proxy e.g. as described here
  • fail2ban and e.g. iptables are installed
  • Portainer is accesible via https://YourDomain/portainer/
@GAS85
GAS85 / aria2c_webUI.md
Last active November 28, 2023 13:41
Aria2 + Ubuntu 18.04 + Apache2 + Web UI 
OS: Ubuntu 18.04 Apache/2.4.18 1.0.2g-1ubuntu4.10
Aim: to install Aria2 with WebUI and secure Token.
IP Addr of your Aria2 server is 192.168.0.111
Your local IP network is 192.168.0.0/24

Aria 2

1. Installation

Install aria2 package: