Tuesday, November 7, 2017

[Tutorial] NGINX How to force SSL with WWW or without WWW, the clean way !


To force HTTPS without WWW you can use the following block in your server block :

        if ($host ~* www\.(.*)){
                set $host_without_www $1;
                return 301 https://$host_without_www$request_uri;
        }
        if ($scheme = http)
        {
                return 301 https://$server_name$request_uri;
        }


and to force HTTPS with WWW you can use the following block :

        if ($host !~* ^www\.){
                return 301 https://www.$host$request_uri;
        }
        if ($scheme = http)
        {
                return 301 https://www.$server_name$request_uri;
        }

One can save the above blocks in separate files (force_ssl.conf and force_ssl_www.conf) and simply include the conf files in their vhost servers whenever needed.

~ Mos
at No comments:

Sunday, October 1, 2017

Installing the latest version of okular in Ubuntu



sudo apt-get build-dep okular

sudo apt-get install libpoppler-qt5-dev libzip-dev

mkdir -p ~/src

cd ~/src

git clone git://anongit.kde.org/okular

cd okular

mkdir build

cd build

cmake -DCMAKE_INSTALL_PREFIX=/opt/okular ..

make

sudo make install

at No comments:

Sunday, August 20, 2017

Disabling CSF Blocked IP alerts

You need to disable the following options in CSF to disable permanent block alerts:

LF_PERMBLOCK_ALERT = "0"

LF_NETBLOCK_ALERT = "0"


but CSF would continue to send you alerts ! This is a tricky one, had to look into the whole config file to figure out what was wrong, you should also disable the following option to get it working :

LF_EMAIL_ALERT = "0"

or do a search and replace to replace all _ALERT = "1" with _ALERT = "0" 
at No comments:

Sunday, August 13, 2017

How to proxy EVERYTHING in LINUX / MacOS

I had setup my ubuntu box to use a socks / https proxy for all the traffic and it was working fine except for a few softwares such as Teamviewer for ubuntu , and teamviewer proxy settings was not functioning either ! So I had to either manually route teamviewer subnets to use a vpn adapter such as softether or find an easy way to REALLY forward all the traffic through a proxy server . sshuttle   was my friend here ! so could finally set a TRUE GLOBAL proxy by installing sshuttle :

pip install -y sshuttle

and proxying everything :

sshuttle -r ketab 0.0.0.0/0

where ketab is the name of the ssh connection in your ssh config file . One windows one can use Softether for such an incident to proxy everything through a vpn tunnel . To proxy a specific port, you can use the following command :

sshuttle -r ketab 0.0.0.0/0:5938

where 5938 is the port number
at No comments:

Friday, March 17, 2017

PowerDNS PIPE backend api python example


We recently needed a pipe backend to return a CNAME record for all requests on powerdns 3, so I started reading the docs and developing the backend. So:

yum install pdns pdns-backend-pipe -y

vi /etc/pdns/pdns.conf 
 
launch=bind,pipe
pipe-command=/etc/pdns/pdns-backend.py

Here is my final script (Thanks to Jan Spike for his blog post):

vi /etc/pdns/pdns-backend.py

#!/usr/bin/python -u

from sys import stdin, stdout
data = stdin.readline()
stdout.write("OK\tMy Backend\n")
stdout.flush()

cname='cname-value.com'

while True:
    data = stdin.readline().strip()
    kind, qname, qclass, qtype, id, ip = data.split('\t')
    if kind == 'Q' and qname not in cname:
 r="DATA\t"+qname+"\t"+qclass+"\t"+"SOA\t86400\t-1\tsupport"+qname+" ns1.domain.org 2008080300 1800 3600 604800 3600\n"
        if qtype == 'ANY' or qtype == 'CNAME':
            r += "DATA\t"+qname+"\t"+qclass+"\tCNAME\t86400\t"+id+"\t"+cname+"\n"
        stdout.write(r)
    stdout.write("END\n")
    stdout.flush() 
 
at No comments:
Subscribe to: Posts (Atom)

How to disable Debian 12 sleep on production servers

 Debian 12 has power saver enabled by default which causes your server to go to sleep if there is no mouse / keyboard interaction. To resolv...