Author:
erics , September 14th, 2023
Summary In this blog we explore how to use certificates from Let’s Encrypt to secure self-hosted Bamboo and Crucible. Process To Follow Install Certbot Ensure that external DNS resolves to the correct IP addressping example.yourdomain.com Ensure that Port 80 is open from the outside to that IP address so that Let’s Encrypt can validate the […]
How-To's , Technology Tags: Bamboo , Crucible , howto , https , keytool , openssl , security , ssl , tips No comments
Author:
erics , July 15th, 2020
sudo chgrp grafana / etc / letsencrypt / archive / www . yourdomain . com / privkey1 . pem
sudo chmod g + r / etc / letsencrypt / archive / www . yourdomain . com / privkey1 . pem
sudo vi / etc / grafana / grafana . ini
sudo service grafana - server restart
[ server ]
# Protocol (http, https, socket)
; protocol = http
protocol = https
# https certs & key file
; cert_file =
; cert_key =
cert_file = / etc / letsencrypt / archive / www . yourdomain . com / fullchain1 . pem
cert_key = / etc / letsencrypt / archive / www . yourdomain . com / privkey1 . pem
How-To's , Technology Tags: cert , certificate , Certs , chgrp , chmod , Enable , Existing , Grafana , Grafana Server , howto , https , LetsEncrypt , Restart , service , ssl , sudo , tips No comments
Author:
erics , November 17th, 2017
RewriteEngine On
RewriteCond % { HTTPS } off
RewriteRule ( . * ) https : //%{HTTP_HOST}%{REQUEST_URI}
How-To's , Technology Tags: apache , Apache 2.2 , Apache2 , howto , http , https , mod_rewrite , redirect , tips No comments
Author:
erics , September 5th, 2017
Step 1: Enable Apache status and lock it down: Make sure mod_status is being loaded:
shell > grep - Rn mod_status / etc / httpd / *
/ etc / httpd / conf . modules . d / 00 - base . conf : 58 : LoadModule status_module modules / mod_status . so
Add support for the call just under the first DocumentRoot statement:
shell > vim / etc / httpd / conf / httpd . conf
< Location / server - status >
SetHandler server - status
Require ip 127.0.0.1
Require ip :: 1
Require ip { Your_IP_Here }
< / Location >
Step 2. Prepare your environment:
shell > cpan YAML HTML :: TableExtract
Step 3: Create and run the status script: (See the astat contents at the bottom)
shell > vim / root / astat
shell > chmod 755 / root / astat
shell > vi ~ / . bashrc
ADD : alias ipw = 'while true; do sleep 5; /root/astat; done'
shell > ipw
1.2.3.4 | yourdomain . com : 443 | POST / wp - cron . php ? doing_wp_cron = 1563901063.57946491241455078125 |
/root/astat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
#!/usr/bin/perl
use strict ;
use HTML :: TableExtract ;
# PATH to "curl" utility
my $ CURL = "/usr/bin/curl" ;
# URL of the server-status we want to process
my $ STATUS_URL = "http://localhost/server-status" ;
# those are the headers in the first row of the table we want to extract
# Used by HTML::TableExtract to search for our table, within the whole HTML output
my $ headers = [ 'Srv' , 'PID' , 'Acc' , 'M' , 'CPU' , 'SS' , 'Req' , 'Conn' , 'Child' , 'Slot' , 'Client' , 'VHost' , 'Request' ] ;
# Let's fetch the status page...
my $ output = ` $ CURL - s $ STATUS_URL ` ;
# Let's search for our table within the HTML...
my $ tables = HTML :: TableExtract -> new ( headers = > $ headers ) ;
# We found it (hopefully), so let's parse it...
$ tables -> parse ( $ output ) ;
# ...and let's stick to the first one
my $ status_table = $ tables -> first_table_found ;
# Now let's loop allover the rows...
foreach my $ row_ref ( $ status_table -> rows ) {
# Let's de-reference the ARRAY reference, so to better manager
# the various elements...
my @ row = @ $ row_ref ;
# Let's check for IP
next if $ row [ 10 ] = ~ / 127.0.0.1 / ;
next if $ row [ 10 ] = ~ / 216.66.125.161 / ;
next if $ row [ 10 ] = ~ / 69.162.124.235 / ;
# Let's check for an OPTIONS row...
if ( $ row [ 12 ] = ~ / OPTIONS / ) {
# simply skip to next row in the loop
next ;
}
# Let's choose whatever columns we want (first column has index "0")
# So here we have Srv, PID, Client and Request
#foreach my $column (0,1,10,12) {
foreach my $ column ( 10 , 11 , 12 ) {
print $ row [ $ column ] . "|" ;
}
print "\n" ;
}
How-To's , Technology Tags: 2.4 , apache , Apache 2.4 , CPAN , howto , http , httpd , https , mod_status , perl , Status , tips , YAML No comments
Author:
erics , August 21st, 2017
This post does not cover configuring letsencrypt or ssl/https. First, make sure your LetsEncrypt configuration points to the actual WordPress document root directory cat /etc/letsencrypt/renewal/www.yourdomain.com.conf
. . .
[ [ webroot_map ] ]
yourdomain . com = / volumes / data / www / yourdomain . com / prod / wordpress
www . yourdomain . com = / volumes / data / www / yourdomain . com / prod / wordpress
Second, use the new macro language feature in Apache 2.4 to configure an https redirect macro which does NOT redirect to https for anything in the .well-known subdirectory. This […]
How-To's , Technology Tags: 2.4 , Acme , apache , Apache 2.4 , Encrypt , https , LetsEncrypt , redirect , Renew , well-known , WordPress No comments
Author:
erics , July 4th, 2016
If you get this error when starting Apache or via apachectl configtest: [warn] _default_ VirtualHost overlap on port 443, the first has precedence then you must add: NameVirtualHost *:443 to /etc/httpd/conf/httpd.conf, then restart Apache
How-To's , Technology Tags: 443 , apache , AWS , CentOS , howto , https , Linux , Overlap , ssl , tips , VirtualHost , Web No comments
Author:
erics , February 9th, 2016
I was getting the following errors when using an older version of the Amazon EC2 API Tools: $ ec2-describe-regions Unknown problem connecting to host: ‘https://ec2.amazonaws.com’ Unable to execute HTTP request: peer not authenticated The solution was to upgrade to the latest AWS CLI tools and start using the aws command instead. For example: aws ec2 […]
How-To's , Technology Tags: Amazon , API , API Tools , apitools , AWS , awscli , cli , EC2 , http , https , Peer , Peer Not Authenticated , Request , Unknown problem No comments
Author:
erics , March 19th, 2014
After I upgraded to iOS 7.1, Enterprise application deployments no longer worked. I would get the following error: “Cannot install applications because the certificate is not valid”, and the download would fail. As it turns out, Apple changed the rules without notification again, and is now requiring https for part of the process. For those […]
How-To's , Technology Tags: 7.1 , apple , AWS , howto , http , https , iOS , iOS 7.1 , tips 1 comment
Author:
erics , May 11th, 2012
$protocol = (!empty($_SERVER[‘HTTPS’]) && $_SERVER[‘HTTPS’] !== ‘off’) ? “https:” : “http:”;
How-To's , Technology Tags: $_SERVER , 443 , 80 , howto , http , https , php , Port 443 , Port 80 , Protocol , tips No comments
Author:
erics , October 26th, 2011
RewriteEngine On
RewriteCond % { HTTPS } off
RewriteRule ( . * ) https : //%{HTTP_HOST}%{REQUEST_URI}
How-To's , Technology Tags: apache , Apache2 , Force , howto , http , httpd , httpd.conf , https , mod_rewrite , RewriteCond , RewriteEngine , RewriteRule , tips No comments
erics, September 14th, 2023 
Categories: How-To's, Technology Bamboo, Crucible, howto, https, keytool, openssl, security, ssl, tips
| 
No comments 
