GAS85 / apache_ssl.md

Last active February 18, 2025 11:14

Apache 2.4.18+ with Letsencrypt on Ubuntu 20.04 - SSL config for A+ on SSLLabs.com

Prerequisites

Ubuntu 20.04 (18.04, 16.04 works the same)
Apache 2.4.18 or higher
OpenSSL 1.0.2g-1ubuntu4.10 or higher
e.g. LetsEncrypt certificate

OS: Ubuntu 20.04 Apache/2.4.18 1.0.2g-1ubuntu4.10 +

GAS85 / aria2c_webUI.md

Last active July 8, 2024 00:16

Aria2 + Ubuntu 18.04 + Apache2 + Web UI

OS: Ubuntu 18.04 Apache/2.4.18 1.0.2g-1ubuntu4.10
Aim: to install Aria2 with WebUI and secure Token.
IP Addr of your Aria2 server is 192.168.0.111
Your local IP network is 192.168.0.0/24

Aria 2

1. Installation

Install aria2 package:

GAS85 / fail2ban_cacti_deprecated.md

Last active May 20, 2020 07:55

Fail2Ban and Cacti - read MySQL table

Fail2Ban and Cacti - read MySQL/MariaDB table

Please Note: This is an old way of working, for a newer please refer to https://gist.github.com/GAS85/4fd4715eb7c2c9f585dc0f6309940562

I took it from here, but becasue of newer MySQL it needs to be updated a bit.

Prerequsits

Ubuntu 16.04

GAS85 / nextcloud_fail2ban.md

Last active September 29, 2024 10:00

Harden Nextcloud 17+ with Fail2Ban, GUI and WebDAV - Ubuntu 20.04

Fail2ban and Nextcloud

Prerequsits

Ubuntu 20.04
nextcloud, fail2ban and e.g. iptables are installed

Note

GAS85 / http2_apache2_ubuntu16.04.md

Last active February 7, 2023 16:17

How to Enable HTTP/2 in Apache 2.4 on Ubuntu 16.04

Based on https://techwombat.com/enable-http2-apache-ubuntu-16-04/
This totorial is for an older Ubuntu 16.04, for a Ubuntu 18.04 please read here --> https://gist.github.com/GAS85/8dadbcb3c9a7ecbcb6705530c1252831 and for a Ubuntu 20.04 please read here* --> https://gist.github.com/GAS85/38eb5954a27d64ae9ac17d01bfe9898c

Requirements

A self-managed VPS or dedicated server with Ubuntu 16.04 running Apache 2.4.xx.
For Ubuntu 18.04 please read here --> https://gist.github.com/GAS85/8dadbcb3c9a7ecbcb6705530c1252831
A registered domain name with working HTTPS (TLS/SSL). HTTP/2 only works alongside HTTPS because most browsers, including Firefox and Chrome, don’t support HTTP/2 in cleartext (non-TLS) mode.

GAS85 / battery_checker.md

Last active October 16, 2018 08:10

Cubietruck + Battery + Armbian - shutdown server if critical battery level reached. Just added it to /etc/cron.hourly

MOVED TO https://github.com/GAS85/cubietruck

I create a script that will try to send Warning Email and and shutdown the system as soon as it goes below 10%.

I put it in cron hourly and script should automatically check and do loop if battery discharging and below e.g. 80%.

E-Mail is needed because last time I did not know that my power supply died and I did not know why sever stopped. This version is also producing logs that could be checked after cubietruck fails. That helps for trouble shooting, e.g. to find out that power supply could not produce enough current to charge battery.

Log output example:

GAS85 / split_tunnel_VPN.md

Last active October 4, 2024 12:58

Force Torrent/user Traffic through VPN Split Tunnel on Ubuntu 16.04

As per https://www.htpcguides.com/force-torrent-traffic-vpn-split-tunnel-debian-8-ubuntu-16-04/, but with few upgrades.

Everything in one script: https://github.com/GAS85/pia/blob/master/split_tunnel_VPN.sh

Supported Systems:

Ubuntu 16.04
Ubuntu 18.04
Ubuntu 20.04 - DNS issue, different mechanism, read comments.
Ubuntu 22.04 - DNS issue, different mechanism, read comments.

GAS85 / apache2_restrictDirectAccess.md

Last active September 25, 2024 05:58

Apache2 Restrict direct IP access to website

Just added this into Apache2 config. E.g. /etc/apache2/sites-available/900-restrictDirectIP.conf and enable it afterwards.

<VirtualHost 192.168.0.1:80>
	ServerName 192.168.0.1
	Redirect 403 /
	ErrorDocument 403 "Sorry, direct IP access not allowed."
	DocumentRoot /var/www/html
	ErrorLog ${APACHE_LOG_DIR}/error_directIPAccess.log
	CustomLog ${APACHE_LOG_DIR}/access_directIPAccess.log combined

GAS85 / http2_apache2_ubuntu18.04.md

Last active September 29, 2023 12:00

How to Enable HTTP/2 in Apache 2.4 on Ubuntu 18.04

Based on https://gist.github.com/GAS85/990b46a3a9c2a16c0ece4e48ebce7300
This totorial is for an older Ubuntu 18.04, for a Ubuntu 20.04 please read here --> https://gist.github.com/GAS85/38eb5954a27d64ae9ac17d01bfe9898c

Requirements

A self-managed VPS or dedicated server with Ubuntu 18.04 running Apache 2.4.xx.
A registered domain name with working HTTPS (TLS/SSL). HTTP/2 only works alongside HTTPS because most browsers, including Firefox and Chrome, don’t support HTTP/2 in cleartext (non-TLS) mode.

Step 1: Install Apache2

GAS85 / apache2_HPKP.md

Last active January 25, 2024 14:03

Activating HTTP Public Key Pinning (HPKP) on Let's Encrypt

Source: https://lilleengen.io/blog/index.php/posts/activating-http-public-key-pinning-hpkp-on-lets-encrypt

Disclaimer: This might break your website, don't preceded if you don't know what you're doing.

Since the letsencrypt seems to create a new private key every time the certificate is renewed and Let's Encrypt requires you to renew you certificate once every ~80 days pinning using your certificate's SPKI is probably not the way to go. So, what should we pin then? Let's Encrypt is currently issuing from Authority X3, and using Authority X4 as a backup, so these two is a great place to start. We should also include the ISRG Root so this might support new Authorities with other SPKIs as well.

Generate HASH of Private Keys

To generate the hash of the SPKI of these certificates run the following commands

Georgiy Sitnikov GAS85

Prerequisites

Aria 2

1. Installation

Fail2Ban and Cacti - read MySQL/MariaDB table

Please Note: This is an old way of working, for a newer please refer to https://gist.github.com/GAS85/4fd4715eb7c2c9f585dc0f6309940562

Prerequsits

Fail2ban and Nextcloud

Prerequsits

Note

Requirements

Supported Systems:

Requirements

Step 1: Install Apache2

Activating HTTP Public Key Pinning (HPKP) on Let's Encrypt

Generate HASH of Private Keys