I hereby claim:
- I am x448nax on github.
- I am thexanman (https://keybase.io/thexanman) on keybase.
- I have a public key ASDOFq3U9WEAK2eyIkfvZD_w8PqFrITPEs7lAqAA-lVg6go
To claim this, I am signing this object:
X488NAX X448NAX
This is an OpenPGP proof that connects my OpenPGP key to this Github account. For details check out https://keyoxide.org/guides/openpgp-proofs
[Verifying my OpenPGP key: openpgp4fpr:A1E987C6A8AA5EA031411AAF70FEEBB21535B6FA]
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| no-auto-key-retrieve | |
| no-emit-version | |
| no-greeting | |
| personal-cipher-preferences AES256 AES192 AES | |
| personal-digest-preferences SHA512 SHA384 SHA256 | |
| personal-compress-preferences BZIP2 ZLIB ZIP Uncompressed | |
| default-new-key-algo ed25519/cert,sign+cv25519/encr | |
| default-preference-list SHA512 SHA384 SHA256 AES256 AES192 AES BZIP2 ZLIB ZIP Uncompressed | |
| cert-digest-algo SHA512 | |
| s2k-digest-algo SHA512 |
X448NAX
/ slash etc slash nginx slash sites-enabled slash yourdomain.tld
Created
December 25, 2021 03:20
Nginx Modern Secure Configuration Servers & Reverse Proxies 2022
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Note: Assumes use of an ECC TLS certificate. The primary benefit over RSA is better or comparable security with far smaller keys. | |
| # Updating to an ECC cert from an RSA one is very easy if you use certbot. | |
| # If you are intent on using an RSA cert, replace "ECDHE" with "DHE" in the cipher list below and ensure you have strong custom generated dh_params. | |
| server { | |
| listen 443 ssl http2; | |
| listen [::]:443 ssl http2; | |
| server_name yourdomain.tld; | |
| ssl_certificate /etc/letsencrypt/live/yourdomain.tld/fullchain.pem; |
X448NAX
/ hide-modify-nginx-server-string.md
Created
December 25, 2021 08:20
How to hide and customise the server info in the HTTP header for Nginx on Ubuntu server (good security practice and a bit of fun)
Note: only tested on Ubuntu 20.04.3 LTS. Should work with other versions of Ubuntu Server as well as distros based on Ubuntu or Debian.
Based on reading it seems to not be so easy for other distros however. If you use a distro not derived from Ubuntu or Debian you may need to compile Nginx yourself.
But assuming you're running an Ubuntu server, all you need to do is run this command:
sudo apt install libnginx-mod-http-headers-more-filter
X448NAX
/ daisy.ubuntu.com-whoopsie-guide.md
Created
December 26, 2021 22:35
"What the hell is daisy.ubuntu.com? How do I get rid of it from my DNS logs?"
X448NAX
/ Writefreely Caddyfile
Last active
January 12, 2022 13:48
Caddyfile for Writefreely reverse proxy + server
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| servers { | |
| protocol { | |
| experimental_http3 | |
| strict_sni_host | |
| } | |
| } | |
| } | |
| blog.your.domain |