Proxy website through NGiNX to get on the TOR network

This tutorial assumings the set up below NGINX CLEARWEB (web site hosted via SSL port 443) -> NGINX (reverse proxy for HTTPS website, converts website to HTTP and rewrites all 'DOMAIN.COM' to new .ONION address) -> TOR PROXY SERVICE Install Tor apt install tor Configure Tor nano /etc/tor/torrc Add the lines below to the file above HiddenServiceDir /var/lib/tor/domain.com/ HiddenServicePort 80 127.0.0.1:4879 Find Tor hostname
MORE →

Generate Wildcard cert with acme.sh

MORE →

Fix Nextcloud Issues

Below is how to fix the Your web server is not properly set up to resolve /.well-known/webfinger /.well-known/nodeinfo error if using NGiNX since everything else I could find was for Apache/HTTPD. Add the following to your NGiNX config file for nextcloud. Usualy found in /etc/nginx/sites-enabled/ or /etc/nginx/conf.d/ location = /.well-known/webfinger { return 301 $scheme://$host/index.php/.well-known/webfinger; } location = /.well-known/nodeinfo { return 301 $scheme://$host/index.php/.well-known/nodeinfo; } ACPu errors when doing stuff on the command line.
MORE →

htpassword generation opnsense/bsd

MORE →

Pleroma with Backblaze-B2 behind Cloudflare CDN

Make sure Backblaze is working with Cloudflare. This can be found HERE Uncomment out the below. I made my Backblaze URL s3.DOMAIN.COM nano /etc/pleroma/config.exs # Configure S3 support if desired. # The public S3 endpoint (base_url) is different depending on region and provider, # consult your S3 provider's documentation for details on what to use. # config :pleroma, Pleroma.Upload, uploader: Pleroma.Uploaders.S3, base_url: "https://s3.DOMAIN.COM/file" # config :pleroma, Pleroma.
MORE →

Keycloak behind NGiNX

Configure NGiNX nano /etc/nginx/conf.d/sso.domain.com.conf server { listen 443 ssl http2; server_name sso.domain.com; ssl_certificate /etc/nginx/ssl/sso.domain.com/fullchain.crt; ssl_certificate_key /etc/nginx/ssl/sso.domain.com/key; ssl_session_timeout 5m; location / { proxy_pass http://127.0.0.1:8080/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-Port $server_port; proxy_set_header X-Forwarded-Proto $scheme; } } Configure Keycloak The following is needs to be ran for Keycloak to work behind nginx cd bin ./jboss-cli.sh 'embed-server,/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=proxy-address-forwarding,value=true)'
MORE →

DroneCI behind NGiNX reverse proxy

This so far has been working for me to have DroneCI behind an NGiNX reverse proxy working with Gitea NGiNX Code nano /etc/nginx/sites-available/droneci.domain.com ln -s /etc/nginx/sites-available/droneci.domain.com /etc/nginx/sites-enabled upstream droneci { server 127.0.0.1:8080; } server { server_name droneci.domain.com drone.domain.com; listen 443 ssl http2; ssl_certificate /etc/certs/droneci.domain.com/fullchain.crt; ssl_certificate_key /etc/certs/droneci.domain.com/key; ssl_session_cache builtin:1000 shared:SSL:10m; ssl_protocols TLSv1.2 TLSv1.3; location / { proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host droneci.domain.com; proxy_pass http://droneci; proxy_redirect off; proxy_http_version 1.1; proxy_buffering off; chunked_transfer_encoding off; } } Here is the code for the docker container docker run \ --volume=/var/lib/drone:/data \ --env=DRONE_GITEA_SERVER="https://git.
MORE →

Create self signed cert easily

MORE →

acme.sh with haproxy

MORE →

acme.sh/LetsEncrypt with 301 https redirect

MORE →

Multi-Domain SSL Setup with “Subject Alternative Names”

Here’s how to create a cert/csr with more than one domain name. First you’ll want to create the directory. I use NGiNX so I like to put my certs in /etc/nginx/ssl, but you can put yours anywhere So now we will create the directory mkdir /etc/nginx/ssl/domainName Now we will cd into the directory cd /etc/nginx/ssl/domainName Now we will paste the following in the sslConfig.txt file. [req] default_bits = 4096 prompt = no default_md = sha256 req_extensions = req_ext distinguished_name = dn [ dn ] C=US ST=YOURstateHERE L=YOURcityHERE O=YOURorgNAMEhere CN = YOURmainDOMAINhere [ req_ext ] subjectAltName = @alt_names [ alt_names ] DNS.
MORE →

Equalize Pricing Tables Height with Divi

How to make the pricing table height the same. When using the pricing tables module you will see that the height of each table is going to rely on the content you put there, so if you have different content in each table, you will see something like this: This might be okay, but you may want to have those tables show with the same height. You can use the following CSS code:
MORE →

Acme.sh with NGiNX

First you have to install acme.sh. I like using acme.sh because it’s all bash based. As with all posts I take no responsibility for anything and this is more of a quick help instead of a full guide. I have a script that I use to deploy my WordPress sites. The only thing I recommend is if you use it make sure to add the xml-rpc.php block. I haven’t added that to it yet.
MORE →

Search and replace Wordpress Database

I NO LONGER RECOMEND USING THIS WAY. I RECOMEND USING WP-CLI SEARCH-REPALCE. HOW TO USE CAN BE FOUND HERE. Below is the search and replace for WP which I find really helpful when changing to a new domain. I DO NOT TAKE ANY RESPONSIBILITY FOR USING THIS. MAKE SURE TO BACK UP YOUR DATABASE BEFORE YOU USE THIS SOFTWARE. ALSO THIS MAY NOT BE THE NEWEST VERSION SO IF YOU WANT THE NEWEST VERSION FOR SURE GO TO THE SITE.
MORE →

NextCloud with Apache behind NGINX reverse proxy on CentOS

This is probably useful to figure out how to reverse proxy Apache behind NGINX, but I was finally able to get NextCloud working on NGINX with no problem I like to use NGINX as my web server because that’s what I’ve always worked with. I’ve tried a couple times to get NGINX to work with NextCloud, but it would also end up not letting me log in. I did some Googleing and I guess it has something to do with how the cache is handled in NGINX.
MORE →

Cert Roadmap

MORE →

Mail Server

I ended up switching to modoboa. I’ve been very happy with it on ServerCheap. I finally set up my own mail server using a couple guides. Just putting this here for my memory. Thank you to the great people who write amazing blogs. How to set up the server When put behind cloudflare you need to add the bellow to /etc/nginx/nginx.conf in the http { location # CF set real ip set_real_ip_from 103.
MORE →

IPTables Fun

I found these scripts years ago and decided to use them. I might as well share them First the ipset and iptables need to be installed apt install iptables ipset Now we need to create the ipset lists ipset create drop hash:net ipset create allowHTTPS hash:net ipset create allowSSH hash:net ipset create directHTTPS hash:net ipset create google hash:net script to update files and countries. If you go to the ipdeny site you can find which countries you can add.
MORE →

Install php7, nginx, mariadb centos 7

I am not a pro, this is just what I’ve learned over the years and noticed that a bunch of tutorials didn’t have all the info I needed/used so I figured I’d make my own. rpm -Uvh https://rpms.remirepo.net/enterprise/remi-release-7.rpm yum update yum install -y nginx mariadb-server mariadb git yum --enablerepo=remi-php72 install php-fpm php-common php-opcache php-pecl-apcu php-cli php-pear php-pdo php-mysqlnd php-pgsql php-pecl-mongodb php-pecl-redis php-pecl-memcache php-pecl-memcached php-gd php-mbstring php-mcrypt php-xml php-pecl-zip php-gmp Next we are going to want to enable everything to run on start up systemctl enable php-fpm systemctl enable nginx systemctl enable mariadb systemctl start mariadb
MORE →

Useful Scripts

for f in *; do cd $f; mv * ..; cd ..; rmdir $f; done find . -type f ! -iname "*.mp4" ! -iname "*.jpg" ! -iname "*.wmv" ! -iname "*.mkv" ! -iname "*.mpg" ! -iname "*.avi" ! -iname "*.m4v" sed 's#^#what to add to begging of line#' oldfile > newfile sed 's#$#text to add to end of line#' oldfile > newfile mkvmerge -o <output>.mkv –default-track 0 –language 0:eng <subtitles>.srt input find .
MORE →

Docker and IP-Tables

Over the weekend I got attacked. I realized the cause of this was because I rebooted my server and the docker IPTables rules overwrote the IPTables-Persistent rules I had. After realizing this was the case I uninstalled docker since I wasn’t using it and while I was making firewall changes I set up ipset to block most foreign countries. I also removed IPTables-Persistent and instead just added the post up to the /etc/network/interfacespost-up ipset restore < /etc/iptables/ipset.
MORE →

Install KodExplorer

How I installed KodExplorer. This is running on Debian 8.1. Things might be different on whatever OS/Version you’re running. I am by no means a pro. This is pieced together from everything I’ve learned. You first have to install nginx and php apt install ngnix php5-fpm git if it’s a newer version of debian or ubuntu you might have to run apt install php7-fpm mkdir -p /etc/nginx/ssl/site.com cd /etc/nginx/ssl/site.
MORE →

Make nginx return 403 error when accessing non defined sites or direct IP

I was running into an issue where when people would go to the IP of my server or a domain was pointed at my server and the domain wasn’t configured in NGINX it would for some reason redirect to one of my domains when I didn’t want it to. Below is the config block that I added to a file. This make NGINX return a 403 error when accessing the server via IP or an reconfigured domain.
MORE →