daisy.ubuntu.com
is a domain Ubuntu phones home to with "diagnostic infomation". In plain English, it is a tracking domain.
whoopsie
is the process on Ubuntu that phones home to the above domain.
Open a terminal and run this:
{ | |
servers { | |
protocol { | |
experimental_http3 | |
strict_sni_host | |
} | |
} | |
} | |
blog.your.domain |
Note: only tested on Ubuntu 20.04.3 LTS. Should work with other versions of Ubuntu Server as well as distros based on Ubuntu or Debian.
Based on reading it seems to not be so easy for other distros however. If you use a distro not derived from Ubuntu or Debian you may need to compile Nginx yourself.
But assuming you're running an Ubuntu server, all you need to do is run this command:
sudo apt install libnginx-mod-http-headers-more-filter
# Note: Assumes use of an ECC TLS certificate. The primary benefit over RSA is better or comparable security with far smaller keys. | |
# Updating to an ECC cert from an RSA one is very easy if you use certbot. | |
# If you are intent on using an RSA cert, replace "ECDHE" with "DHE" in the cipher list below and ensure you have strong custom generated dh_params. | |
server { | |
listen 443 ssl http2; | |
listen [::]:443 ssl http2; | |
server_name yourdomain.tld; | |
ssl_certificate /etc/letsencrypt/live/yourdomain.tld/fullchain.pem; |
no-auto-key-retrieve | |
no-emit-version | |
no-greeting | |
personal-cipher-preferences AES256 AES192 AES | |
personal-digest-preferences SHA512 SHA384 SHA256 | |
personal-compress-preferences BZIP2 ZLIB ZIP Uncompressed | |
default-new-key-algo ed25519/cert,sign+cv25519/encr | |
default-preference-list SHA512 SHA384 SHA256 AES256 AES192 AES BZIP2 ZLIB ZIP Uncompressed | |
cert-digest-algo SHA512 | |
s2k-digest-algo SHA512 |
This is an OpenPGP proof that connects my OpenPGP key to this Github account. For details check out https://keyoxide.org/guides/openpgp-proofs
[Verifying my OpenPGP key: openpgp4fpr:A1E987C6A8AA5EA031411AAF70FEEBB21535B6FA]
I hereby claim:
To claim this, I am signing this object: