The following procedure must be ran on an elevated cygwin terminal.
cygrunsrv --remove nginx
Page 34 of 34
The following procedure must be ran on an elevated cygwin terminal.
1. Run the following command and accept the defaults.
cygserver-config
2. Register the nginx as a service with the following command:
cygrunsrv --install nginx --path /usr/sbin/nginx.exe --disp "CYGWIN nginx" --termsig QUIT --shutdown --dep cygserver
Pre-requisites
- Nginx installed on your Raspberry Pi or you can follow the procedure from here.
- A router that can forward ports.
Procedure
- Access your router firmware and look for port forwarding configuration.
- Then configure your router port 80 to be forwarded to your local Raspberry Pi with Nginx with static IP also with port 80 (i.e. where Nginx is listening by default).
Port Forwarding Procedures
- Sign in to your Telecom Technicolor Gateway TG582n as Admin.
- Click Toolbox and then the Game and Application Sharing menu.
- At the bottom of the page select the Create a new game or application menu.
- Type in a name (e.g. Test Application), select Manual Entry of Port Maps then click the Next button.
- If your interest is to forward port 80 from the router to an internal port 80 on the local network. Fill up the port range from 80 to 80 and to be translated to a local port 80 and then click the Add button.
- After clicking the add button you will see two entries were added since we leave the value any in the protocol field.
- Click again the menu from step 2 and at the bottom of the page click the Assign a game or application to a local network device menu.
- Select the application (i.e. Test Application if you use the example from step 4) we've created earlier for the Game or Application field and select <User-defined...> for the Device field and type in the static IP of your local device (e.g. 192.168.1.10) to the additional field. Then click the Add button.
- After clicking the add button and no error you will see your application as a new entry in the list of the current page.
Pre-requisite
- An already running Raspberry Pi with Raspbian.
Procedure
Since Raspbian and Ubuntu are both based on Debian we can use the the same procedure and validation from here.
Nginx is a lightweight HTTP server, reverse proxy and email proxy server.
Pre-requisite
- Already running Ubuntu platform.
Procedure
- Sign-in to your machine with the non-root user but a sudoer.
- Install Nginx with the following command using the terminal:
sudo apt-get install nginx
- When you are asked Do you want to continue [Y/n]? press Enter and wait for it complete.
Validation
On the terminal run the following command:
curl http://localhost
If the installation was successful you will see something similar to the following output:
If the output is not similar to the output above, most probably that the Nginx was not started after the installation. To start it, use the following command and repeat the curl command:
sudo service nginx start
Sometimes we wanted our personal service to be hosted in our own network at home and we wanted it to be accessible via internet. However, our ISP doesn't provided us with a static IP. Thus our public IP could be anything for some moment. Knowing this different IP's is not ideal and tedious. This is where a service like NoIP comes in where it gives a more easy to remember hostname that is attached to your current public IP. But keeping it updated is still a tedious thing to do. This is where we can use Raspberry Pi to do this task for us.
Assumption
- Windows is being used for configuration.
Pre-requisites
- Existing NoIP account with registered hostname or sign up here and register a hostname.
- Existing Raspberry Pi Server or setup a new one.
- WinSCP is installed (or any SFTP client you know how to use). In the procedure I am only using WinSCP for simplicity.
- Putty is installed (or any SSH client you know how to use). In the procedure I am only using Putty for simplicity.
Procedure
- Download Dynamic DNS Update Client for Linux here (i.e. normally named noip-duc-linux.tar.gz).
- Using WinSCP upload the newly downloaded file to the home directory of the account with sudo group on your target Raspberry Pi. The output is similar to the following when using the default pi user:
- Using putty sign-in to your Raspberry Pi using the account you used in the previous step.
- In your home directory extract the tarball using the following command:
tar -zxf noip-duc-linux.tar.gz
The extract is a directory similar to the following format:
noip-<version>
- Go into the extracted folder and install using the following commands:
sudo make sudo make install
- Type in your login or email address (i.e. you used on noip sign up ) and press Enter.
- Type in your password (i.e. you used on noip sign up ) and press Enter.
- Type in your update interval and press Enter or just press Enter (i.e. if default [30] is good for you).
- Press Enter and the output is similar to the following if your noip version is 2.1.9-1:
- Go to /etc/init.d directory with the following commad:
cd /etc/init.d
- Create a noip2 file with the following command:
sudo vi noip2
- Type i (i.e. insert mode) and paste the following script:
#! /bin/sh #. /etc/rc.d/init.d/functions # uncomment/modify for your killproc case "$1" in start) echo "Starting noip2." sleep 10 /usr/local/bin/noip2 ;; stop) echo -n "Shutting down noip2." killproc -TERM /usr/local/bin/noip2 ;; *) echo "Usage: $0 {start|stop}" exit 1 esac exit 0 - Type :wq (i.e. write and quit) and then press enter.
- Make the script executable with the following command:
sudo chmod 755 noip2
- Go to /etc/rc3.d directory with the following command:
cd /etc/rc3.d
- Create a symbolic link named S05noip2 pointing to the noip2 script you've created earlier with the following command:
sudo ln -s ../init.d/noip2 S05noip2
Validation
After completing the procedure above, do the following:
- Identify your current public IP here and note it.
- Ping the hostname you've registered to NoIP using the command terminal and check if it is equal to the IP you've noted from the previous step.
Have you experience something that when you access a website it will always try to use the HTTPS scheme. This can happen because of the following reason:
The server requests a redirect to an https scheme.
Or
The browser receives an Strict-Transport-Security (STS) header .
In our case, I am talking about the second one. With the advent of Let's Encrypt CA, everybody now can have a free SSL certificate if we like that normally lasts for 3-months. To make it longer than that, just use or create a script that will do the automatic renewal of our certificate.
The server can tell the browser to always use HTTPS for a period of time using HSTS.
HTTP Strict Transport Security (HSTS) is a web security policy mechanism which helps to protect websites against protocol downgrade attacks and cookie hijacking. - https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
We can observe HSTS in action using chrome via the developer tools. If you access a website via HTTP and we can notice from the picture at the bottom that there's an internal redirect going-on (i.e. 307 Internal Redirect). This is not a redirect request coming from the server but from the browser itself. Another clue is the existence of Non-Authoritative-Reason : HSTS header.
The Upgrade-Insecure-Request header is telling the server that we prefer the secured content to be served. Thus if our websites contains a mixture of HTTP and HTTPS artifacts (e.g. CSS, Javascript), everything will be served as HTTPS.
Related Post
CLEARING DOMAIN HSTS IN CHROME
Sometimes it is useful to get the output of a command and paste it to a text editor. For this we can use piping and the clip (i.e. sends the output to Windows clipboard) command.
Example:
If we go to any directory and run the tree command but it returns a very long output that exceeds the screen. We can redirect the output to Windows clipboard temporarily then paste it to a text editor.
- Open a command terminal.
- Try to run the following tree command.
%USERPROFILE%>tree
Where %USERPROFILE% is normally resolves to our local home directory.
The output might not fit to command terminal screen.
- Try redirecting it to a Windows clipboard with the following command:
%USERPROFILE%>tree | clip
You will see no output because it is directed to a Windows clipboard.
- Open a text editor of our choice (or anything where we wanted to paste the output).
Check if you can confirm the last entries from step 2 exists to our pasted output.
-
- Administrator Login on your Seagate Personal Cloud.
- Install WordPress application.
- Access the newly installed WordPress application.
- Setup the user information of the first user (i.e. admin by default) of WordPress.
- Update the the General Settings with the following:
Field Value WordPress Address (URL) https://<valid-url>/apps/wordpress Site Address (URL) https://<valid-url>/apps/wordpress - Add the SSL Insecure Content Fixer plugin.
- Setup the SSL Insecure Content Fixer to have the following:
Field Value Fix insecure content Capture All HTTPS detection unable to detect HTTPS
Recent Comments