HTTPS, encrypt via SSL / TLS

Free SSL certificates and how to install on nginx in 10 steps

Here how you can get free SSL cerificates using Let’s Encrypt. Forget about the expire of certificates using the auto-renewal script. A complete reference to install a Let’s Encrypt certificate is this Digital Ocean’s howto. Here there’s a quick guide based on it, plus some additional suggestions. Here we go!

The following code download the script and make it executable. (1)

cd /usr/local/sbin
wget https://dl.eff.org/certbot-auto
chmod a+x /usr/local/sbin/certbot-auto

The following code create a path for ssl certificate. Change /usr/local/etc/my/files/path/ssl_cert with a path for where you’ll store certificates, you can select a path not in your document root. (2)

mkdir /usr/local/etc/my/files/path/ssl_cert

Now edit your /etc/nginx/conf.d/mysites.conf and add this into the server {…} directive to make available example.com/.well-known url (3):

        location ^~ /.well-known {
                alias /usr/local/etc/my/files/path/ssl_cert/.well-known;
                allow all;
        }

Now execute the script to install certificates for your domains. Remember to use the command with -d domain-without-www -d www-domain in this order. (4)

  1. Install all needed dependencies for your system (via yum on RedHat based distro and apt on Debian based)
  2. Generate a valid certificate
certbot-auto certonly -a webroot --webroot-path=/usr/local/etc/my/files/path/ssl_cert -d example.com -d www.example.com -d mysite.com -d www.mysite.com

An auto check will be performed and you will get a Congratulation message.

Now generate a strong Diffie-Hellman group with this command (5):

openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

Check syntax and if ok reload the nginx server to apply changes and . (6)

nginx -t
systemctl reload nginx

Auto-renewal

A certificate will be valid for a short period of time, e.g. 3 months.

To auto-renew the certificate for all of your domains, you should add the auto-renewal command to cron.

You can read how to renew certificates on cron here.

Enable SSL on nginx

To enable SSL on nginx, if you have already a mysite.conf file mapped for uncrypted connection on port 80. Inside the /etc/nginx/conf.d directory, copy the file as mysite_ssl.conf and:

Change all occurrences of:

listen 80;

to:

listen 443 ssl;

In this way nginx will listen to 443 port on SSL. Ensure you have this port available externally (firewall and/or Selinux audit2allow). (8)

In the original file, mysite.conf, you can delete all entries but you have to keep the well-know part (step 3). This will avoid errors by Let’s Encrypt script.

Add and enable cyphers. Here there’s a good cyphers list, reliable for compatibile but secure using TLS only. (9)

server {
    # the port your site will be served on
    listen      443 ssl;
    # the domain name it will serve for
    server_name example.com; # substitute your machine's IP address or FQDN
    ssl_certificate /etc/letsencrypt/live/mysite.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/mysite.com/privkey.pem;
    ##### Cyphers and SSL fine tuning #####
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_stapling on;
    ssl_stapling_verify on;
    add_header Strict-Transport-Security max-age=15768000;
    ##### END Cyphers and SSL fine tuning #####
    # charset     utf-8; etc...
}

Test nginx syntax with:

nginx -t

and then reload nginx to apply changes (10), on CentOS:

systemctl restart nginx
Advertisements

Transfer files from iPad to Windows wireless w/o cloud in 10 steps

10 steps to transfer files without using iCloud or other cloud services: an iPad and Windows are all you need.

Requirements:

  • Windows (tested on Windows 7)
  • Wi-fi router

Windows

  1. Create a new folder ipadshare on your disk (even removable) to host files
  2. Right click on the folder > Share with... > Specific users…
  3. Click on the bottom arrow on the dropdown > Create a new user > Another account (second to last element) > Create new account
  4. Type the name and the password for the new user (no Administrator)
  5. Back to the Share with…> Specific people… window:
    1. Select the new user from the dropdown
    2. Click on Add
    3. Give her read/write access
    4. Save

Ipad

  1. Connect to the same Wi-fi router your Windows PC is connected to
  2. From home screen go to Settings > Display and Brightness > Auto-Lock > Never
  3. From App Store, Install and open FileExplorer (free)
  4. Enter into Local or Photos
    1. Tap Edit and then Select all on the bottom (or select one element at time)
    2. Tap Copy into
  5. Select Connections > ipadshare. Type user and password and then tap Save.

Do not lock the screen during the transfer process since otherwise FileExplorer free can freeze. After the transfer, check the transferred items before deleting them from the ipad.

Photo by AddictiveTips.com.

Memory Error on pip install (SOLVED)

Memory Error when using pip install on Python can emerge both from command line or from a IDE like PyCharm, usually when the package size is big.

When you try to install a python package with pip install packagename but it fails due to a Memory Error, you can fix it in this way:

  1. Go to your console
  2. Optional: if your application is into a a virtual environment activate it
  3. pip install packagename --no-cache-dir

The package will now be downloaded with the cache disabled (see pip –help).

Thanks to David Wolever

No media key buttons on my keyboard: quick fix

How to add media key buttons adding customizable shortcuts on a standard keyboard (working example attached).

Not all keyboards have media keys but you can fix this issue adding a global shortcut for your Windows system:

  1. Download and install AutoHotkey
  2. Download the media keys shortcut zip file  and extract on your Desktop
  3. Double click to add the media shortcut to your systray: the shortcut are added
  4. Open your media player and
    1. Tracks
      1. AltGr+Right arrow: Next
      2. AltGr+Alt+Down arrow: Play / Pause
      3. AltGr+Alt+Left: Previous
    2. Volume
      1. AltGr+Shift+Right: Volume Up
      2. AltGr+Shift+Down: Mute
      3. AltGr+Shift+Left: Volume Down
    3. AltGr+Shift+F1: open this howto with the default browser
  5. Alternatively you can use Ctrl+Alt in place of AltGr

Remember to launch the script each time you start the system or to add on automatic execution on start. To do so, Start > Run paste the following:

%appdata%\Microsoft\Windows\Start Menu\Programs\Startup

And then Enter. In the opened folder Right Click > New > Shortcut and paste:

%UserProfile%\Desktop\media_keys_shortcut.ahk

And Next to add the shortcut every time you login.

Download media_keys_shortcut
MD5:
5595F1686DE184A817A0261297003415

You can also read the file as a simple text file with your file editor to add new shortcuts.

See also

Media Keys on superuser

Boycott Anti-AdBlock websites: the blacklist

Many users are using AdBlock and similar software to block ads. Since all the websites owner are experiencing a proportional decrease in ads impression, some of them are blocking the visit from AdBlock users intimidating them to disable the plugin or even change the browser configuration.

This decision is a huge interference in the user experience and it’s harmful to user freedom for the sake of money. Since other automated methods exists, the traditional way to solve this issue is to make a list, spread it and boycott all websites listed and contact the website owner until website owners abandon this practice.

There are 2 classes: the explicit AdBlock political warning (W) and navigation block and the misconfiguration (M). The following list comprehend only the website that are blocking or obstruct the navigation at all for all or some contents.

This is a list of fully blocking websites. Alert about AdBlock and suggestions to disable it are absolutely correct!

Do you know any Anti-AdBlock website? Write in the comment the URL displaying the message and I’ll ad it to the list.

See also

A comprehensive list about AdBlockers, open4adblocking

8 steps to speed up slow Windows

Your system worked well. Then, one day, the startup after login is very slow and you cannot figure out why. There are 4 diagnosis steps and 8 steps to follow to make your PC faster in these cases.

Diagnosis

  1. Windows orb > Search for “event”
  2. Click on “Event viewer”
  3. Take a look to critical and errors
  4. Go to Administrative events and explore errors to look for malfunctioning drivers or applications

How to fix

  1. Download Autoruns for Windows by Microsoft
  2. Extract Autoruns and enter the directory
    1. Right click on Autoruns64.exe (Autoruns.exe on 32 bit systems)
    2. Run as administrator
  3. Click on the Logon tab
  4. Remove check from all entries you think are slowing down the system
  5. Click on Services tab
  6. Remove check from all services you think are slowing down the system: be aware that some services are essential to some applications so if you don’t need them you have to unistall the application to avoid malfunctions
  7. Do not touch the driver tabs! Disabling the wrong driver you can compromise your system
  8. If you have more than one antivirus software, e.g Avira and Microsoft Security Essential update the one you want to keep and uninstall the other in order to avoid conflicts

Disable any application or services you don’t need, uninstall unwanted or malfunctioning applications, restart the system and check the time elapsed after login and the Event viewer.

If you think a USB device is the culprit you can try USB Oblivion to remove unused USB drivers.

Usually you can solve many issues this way but if you haven’t you can try a strongest method using an utility disk.

Tested on:

  • Windows 7

How to fix freezed Windows 7

If your Windows system is slow and you’ve already tried to clean up the autostarts you may have other issues. To do a global check on your system you can follow these steps:

  1. Download Hiren’s Boot CD (list of software installed here)
  2. Extract the zip file in a new folder (the zip contains many files)
  3. Use the shipped CD creation tools BurnCDDC or use the excellent cdrtools Frontend going to CD image > Write image and choosing the Hiren’s.BootCD.x.x.iso file inside
  4. Restart the PC with the CD in and boot from disk: after the boot a screen will be presented, usually you have to press a key like F12 to choose a boot device or press a key like F2 to go to BIOS and choose the boot order putting the DVD first
  5. Choose Start Mini Windows XP and press Enter
  6. After boot, you’ll see an interface similar to Windows XP: on Desktop click on My Computer to view if all drives are listed. Take a look at the space left on devices
  7. Start > Programs > Check disk, insert the letter of the drive to check and then Enter
  8. (Optional) After the disk check, you can also use other disk tools from Desktop > HBCD Menu > Programs > Hard disk tools if needed. Be careful, some tools can be dangerous and you have to know what you’re doing
  9. Now that disk error are fixed, go to Desktop > HBCD Menu > Programs > Antivirus/Spyware and choose Avira or Malawarebytes’ Anti-Malaware
  10. Choose the units and the scan mode and then run the tool
  11. Repeat these steps with all tools you need in the Antivirus / Spyware section
  12. Go to Desktop > HBCD Menu > Programs > Cleaners > CCleaner or ATF Cleaner and clean temporary files and entries from your system. Warning: personal data like browser saved password could be lost, choose the cleaning options carefully
  13. On Desktop > HBCD Menu > Programs > Cleaners > MyUninstaller uninstall all application you don’t need
  14. Check the space left on the disks on Desktop > My Computer. If little space is left on the main drive use Desktop > HBCD Menu > Programs > Cleaners > Windirstat to find big files (about Windirstat)
  15. Now it’s time to look at the apps in autostart: go to Desktop > HBCD Menu > Programs > Startup tools > Autoruns: this is a Microsoft app that lists all application executed automatically. Look for suspicious entries and disable what you don’t need
  16. You can explore other tools on this bootable CD depending on your needs

Tested with Hiren’s BootCD 15.2