GAS85

Based on https://gist.github.com/GAS85/8dadbcb3c9a7ecbcb6705530c1252831

Requirements

• A self-managed VPS or dedicated server with Ubuntu 20.04 running Apache 2.4.xx.
• A registered domain name with working HTTPS (TLS/SSL). HTTP/2 only works alongside HTTPS because most browsers, including Firefox and Chrome, don’t support HTTP/2 in cleartext (non-TLS) mode.

Step 1: Install Apache2

Per default it will be apache2 version 2.4.41 what is enought for http2 support.

GAS85

Fail2ban and Portainer with Apache2 Reverse Proxy

Prerequsits

• Ubuntu 22.04
• Portainer with Remote access
• apache2 as reverse proxy e.g. as described here
• fail2ban and e.g. iptables are installed
• Portainer is accesible via https://YourDomain/portainer/

GAS85

Fail2ban and Transmission with Apache2 Reverse Proxy

Prerequsits

• Ubuntu 20.04
• Transmission with Remote access
• apache2 as reverse proxy
• fail2ban and e.g. iptables are installed
• Transmission is accesible via https://YourDomain/transmission/webui

GAS85

Fail2Ban and Cacti

Prerequsits

• Ubuntu 20.04
• cacti, fail2ban and e.g. iptables are installed

Setup

GAS85

Prerequisites

• Ubuntu 18.04+
• Apache 2.4.18 or higher setup as described here https://gist.github.com/GAS85/8dadbcb3c9a7ecbcb6705530c1252831
• OpenSSL 1.0.2g-1ubuntu4.10 or higher
• e.g. LetsEncrypt certificate

Install Pihole

Install pihole from the official repo as described here: https://github.com/pi-hole/pi-hole#one-step-automated-install, e.g. via

GAS85

OS: Ubuntu 18.04 Apache/2.4.18+
Aim: to ensure Aria2 access via reverse proxy
IP Addr of your Aria2 server is 192.168.0.111
Your local IP network is 192.168.0.0/24
Your domain is YourDomain.com
Aria2 installed as descibed https://gist.github.com/GAS85/79849bfd09613067a2ac0c1a711120a6

1. Ensure Reverse Proxy

a. Using Apache as a reverse proxy

GAS85

Activating HTTP Public Key Pinning (HPKP) on Let's Encrypt

Source: https://lilleengen.io/blog/index.php/posts/activating-http-public-key-pinning-hpkp-on-lets-encrypt

• Disclaimer: This might break your website, don't preceded if you don't know what you're doing.

Since the letsencrypt seems to create a new private key every time the certificate is renewed and Let's Encrypt requires you to renew you certificate once every ~80 days pinning using your certificate's SPKI is probably not the way to go. So, what should we pin then? Let's Encrypt is currently issuing from Authority X3, and using Authority X4 as a backup, so these two is a great place to start. We should also include the ISRG Root so this might support new Authorities with other SPKIs as well.

Generate HASH of Private Keys

To generate the hash of the SPKI of these certificates run the following commands

GAS85

• Based on https://gist.github.com/GAS85/990b46a3a9c2a16c0ece4e48ebce7300
• This totorial is for an older Ubuntu 18.04, for a Ubuntu 20.04 please read here --> https://gist.github.com/GAS85/38eb5954a27d64ae9ac17d01bfe9898c

Requirements

• A self-managed VPS or dedicated server with Ubuntu 18.04 running Apache 2.4.xx.
• A registered domain name with working HTTPS (TLS/SSL). HTTP/2 only works alongside HTTPS because most browsers, including Firefox and Chrome, don’t support HTTP/2 in cleartext (non-TLS) mode.

Step 1: Install Apache2

GAS85

Just added this into Apache2 config. E.g. /etc/apache2/sites-available/900-restrictDirectIP.conf and enable it afterwards.

<VirtualHost 192.168.0.1:80>
	ServerName 192.168.0.1
	Redirect 403 /
	ErrorDocument 403 "Sorry, direct IP access not allowed."
	DocumentRoot /var/www/html
	ErrorLog ${APACHE_LOG_DIR}/error_directIPAccess.log
	CustomLog ${APACHE_LOG_DIR}/access_directIPAccess.log combined

GAS85

As per https://www.htpcguides.com/force-torrent-traffic-vpn-split-tunnel-debian-8-ubuntu-16-04/, but with few upgrades.

Everything in one script: https://github.com/GAS85/pia/blob/master/split_tunnel_VPN.sh

Supported Systems:

• Ubuntu 16.04
• Ubuntu 18.04
• Ubuntu 20.04 - DNS issue, different mechanism, read comments.
• Ubuntu 22.04 - DNS issue, different mechanism, read comments.