Ron and Ella Wiki Page

Extremely Serious

Author: ron (Page 33 of 33)

Installing Nginx in Ubuntu

July 5, 2017 / / 0 Comments

Nginx is a lightweight HTTP server, reverse proxy and email proxy server.

Pre-requisite

  • Already running Ubuntu platform.

Procedure

  1. Sign-in to your machine with the non-root user but a sudoer.
  2. Install Nginx with the following command using the terminal: 
    sudo apt-get install nginx
  3. When you are asked Do you want to continue [Y/n]? press Enter and wait for it complete.

Validation

On the terminal run the following command:

curl http://localhost

If the installation was successful you will see  something similar to the following output:

If the output is not similar to the output above, most probably that the Nginx was not started after the installation. To start it, use the following command and repeat the curl command:

sudo service nginx start

Using NoIP’s Dynamic DNS Update Client (DUC) with Raspberry Pi

July 3, 2017 / / 0 Comments

Sometimes we wanted our personal service to be hosted in our own network at home and we wanted it to be accessible via internet. However, our ISP doesn't provided us with a static IP. Thus our public IP could be anything for some moment. Knowing this different IP's is not ideal and tedious. This is where a service like NoIP comes in where it gives a more easy to remember hostname that is attached to your current public IP. But keeping it updated is still a tedious thing to do.  This is where we can use Raspberry Pi to do this task for us.

Assumption

  • Windows is being used for configuration.

Pre-requisites

  • Existing NoIP account with registered hostname or sign up here and register a hostname.
  • Existing Raspberry Pi Server or setup a new one.
  • WinSCP is installed (or any SFTP client you know how to use). In the  procedure I am only using WinSCP for simplicity.
  • Putty is installed (or any SSH client you know how to use). In the procedure I am only using Putty for simplicity.

Procedure

  1. Download Dynamic DNS Update Client for Linux here (i.e. normally named noip-duc-linux.tar.gz).
  2. Using WinSCP upload the newly downloaded file to the home directory of the account with sudo group on your target Raspberry Pi. The output is similar to the following when using the default pi user:
  3. Using putty sign-in to your Raspberry Pi using the account you used in the previous step.
  4. In your home directory extract the tarball using the following command: 
    tar -zxf noip-duc-linux.tar.gz

    The extract is a directory similar to the following format:

    noip-<version>
  5. Go into the extracted folder and install using the following commands: 
    sudo make
sudo make install
  6. Type in your login or email address (i.e. you used on noip sign up ) and press Enter.
  7. Type in your password (i.e. you used on noip sign up ) and press Enter.
  8. Type in your update interval and press Enter or just press Enter (i.e. if default [30] is good for you).
  9. Press Enter and the output is similar to the following if your noip version is 2.1.9-1:
  10. Go to /etc/init.d directory with the following commad: 
    cd /etc/init.d
  11. Create a noip2 file with the following command: 
    sudo vi noip2
  12. Type i (i.e. insert mode) and paste the following script: 
    #! /bin/sh
#. /etc/rc.d/init.d/functions   # uncomment/modify for your killproc
case "$1" in
start)
echo "Starting noip2."
sleep 10
/usr/local/bin/noip2
;;
stop)
echo -n "Shutting down noip2."
killproc -TERM /usr/local/bin/noip2
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
exit 0
  13. Type :wq (i.e. write and quit) and then press enter.
  14. Make the script executable with the following command: 
    sudo chmod 755 noip2
  15. Go to /etc/rc3.d directory with the following command: 
    cd /etc/rc3.d
  16. Create a symbolic link named S05noip2 pointing to the noip2 script you've created earlier with the following command: 
    sudo ln -s ../init.d/noip2 S05noip2

Validation

After completing the procedure above, do the following:

  1. Identify your current public IP here and note it.
  2. Ping the hostname you've registered to NoIP using the command terminal and check if it is equal to the IP you've noted from the previous step.

HTTP Strict Transport Security (HSTS)

June 29, 2017 / / 0 Comments

Have you experience something that when you access a website it will always try to use the HTTPS scheme. This can happen because of the following reason:

The server requests a redirect to an https scheme.

Or

The browser receives an Strict-Transport-Security (STS) header .

In our case, I am talking about the second one. With the advent of Let's Encrypt CA, everybody now can have a free SSL certificate if we like that normally lasts for 3-months. To make it longer than that, just use or create a script that will do the automatic renewal of our certificate.

The server can tell the browser to always use HTTPS for a period of time using HSTS.

HTTP Strict Transport Security (HSTS) is a web security policy mechanism which helps to protect websites against protocol downgrade attacks and cookie hijacking. - https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security

We can observe HSTS in action using chrome via the developer tools. If you access a website via HTTP and we can notice from the picture at the bottom that there's an internal redirect going-on (i.e. 307 Internal Redirect). This is not a redirect request coming from the server but from the browser itself.  Another clue is the existence of Non-Authoritative-Reason : HSTS header.

The Upgrade-Insecure-Request header is telling the server that we prefer the secured content to be served. Thus if our websites contains a mixture of HTTP and HTTPS artifacts (e.g. CSS, Javascript), everything will be served as HTTPS.

Related Post
CLEARING DOMAIN HSTS IN CHROME

Windows Command Output to Clipboard

June 29, 2017 / / 0 Comments

Sometimes it is useful to get the output of a command and paste it to a text editor. For this we can use piping and the clip (i.e. sends the output to Windows clipboard) command.

Example:

If we go to any directory and run the tree command but it returns a very long output that exceeds the screen. We can redirect the output to Windows clipboard temporarily then paste it to a text editor.

  1. Open a command terminal.
  1. Try to run the following tree command.

%USERPROFILE%>tree

Where %USERPROFILE% is normally resolves to our local home directory.

The output might not fit to command terminal screen.

  1. Try redirecting it to a Windows clipboard with the following command:

%USERPROFILE%>tree | clip

You will see no output because it is directed to a Windows clipboard.

  1. Open a text editor of our choice (or anything where we wanted to paste the output).

Check if you can confirm the last entries from step 2 exists to our pasted output.

SSL Secured WordPress on Seagate Personal Cloud

June 26, 2017 / / 0 Comments
    1. Administrator Login on your Seagate Personal Cloud.
    2. Install WordPress application.
    3. Access the newly installed WordPress application.
    4. Setup the user information of the first user (i.e. admin by default) of WordPress.
    5. Update the the General Settings with the following:
      FieldValue
      WordPress Address (URL)https://<valid-url>/apps/wordpress
      Site Address (URL)https://<valid-url>/apps/wordpress
    6. Add the SSL Insecure Content Fixer plugin.
    7. Setup the SSL Insecure Content Fixer to have the following:
      FieldValue
      Fix insecure contentCapture All
      HTTPS detectionunable to detect HTTPS
Newer posts »

© 2025 Ron and Ella Wiki Page

Theme by Anders NorenUp ↑