Skip to content

Instantly share code, notes, and snippets.

View EvilBMP's full-sized avatar
👋

Axel Böswetter EvilBMP

👋
6 followers · 3 following
View GitHub Profile
@GAS85
GAS85 / apache2_HPKP.md
Last active January 25, 2024 14:03
Activating HTTP Public Key Pinning (HPKP) on Let's Encrypt

Activating HTTP Public Key Pinning (HPKP) on Let's Encrypt

Source: https://lilleengen.io/blog/index.php/posts/activating-http-public-key-pinning-hpkp-on-lets-encrypt

  • Disclaimer: This might break your website, don't preceded if you don't know what you're doing.

Since the letsencrypt seems to create a new private key every time the certificate is renewed and Let's Encrypt requires you to renew you certificate once every ~80 days pinning using your certificate's SPKI is probably not the way to go. So, what should we pin then? Let's Encrypt is currently issuing from Authority X3, and using Authority X4 as a backup, so these two is a great place to start. We should also include the ISRG Root so this might support new Authorities with other SPKIs as well.

Generate HASH of Private Keys

To generate the hash of the SPKI of these certificates run the following commands

@GAS85
GAS85 / apache_ssl.md
Last active March 14, 2024 16:40
Apache 2.4.18+ with Letsencrypt on Ubuntu 20.04 - SSL config for A+ on SSLLabs.com

Prerequisites

  • Ubuntu 20.04 (18.04, 16.04 works the same)
  • Apache 2.4.18 or higher
  • OpenSSL 1.0.2g-1ubuntu4.10 or higher
  • e.g. LetsEncrypt certificate
OS: Ubuntu 20.04 Apache/2.4.18 1.0.2g-1ubuntu4.10 +
@tinogomes
tinogomes / DNS_TO_LOCALHOST.markdown
Last active September 17, 2024 08:30
Public DNS Pointing to localhost (127.0.0.1)

Available Public Wildcard DNS Domains pointing to localhost (127.0.0.1)

The best way to safely and securely use local domains pointing to 127.0.0.1 is to edit your local settings (/etc/hosts) and add your own settings. Keep in mind if you want to use subdomains, you need to enter all variations.

Example:

# Adding bottom of your current file /etc/hosts
################# MY LOCAL DOMAINS
127.0.0.1 local.com admin.local.com
127.0.0.1 domain1.com
@ql-owo-lp
ql-owo-lp / ddns-start
Last active March 12, 2023 00:04
Asus-Merlin-DuckDNS
#!/bin/sh
# register a subdomain at https://www.duckdns.org/ to get your token
# put 'hostname:token' in the 'Host Name' field under DDNS
# e.g. myhost:abcdefgh-1234-5678-9876-f71b0ed7a7fe
DDNS_HOSTNAME_FIELD=$(nvram get ddns_hostname_x)
SUBDOMAIN=$(echo "$DDNS_HOSTNAME_FIELD" | awk -F':' '{print $1}')
TOKEN=$(echo "$DDNS_HOSTNAME_FIELD" | awk -F':' '{print $2}')
IPV4=$(nvram get wan0_ipaddr)
@tommeier
tommeier / .htaccess
Last active August 19, 2020 03:55
Qnap Serviio Update Scripts
# reload after change "/etc/init.d/Qthttpd.sh restart"
php_value magic_quotes_gpc off
AuthName "Serviio - Admin Restricted Access (Use NAS admin credentials)"
AuthType Basic
# AuthUserFile /mnt/HDA_ROOT/rootfs_2_3_6/root/.htpasswd
AuthUserFile /mnt/HDA_ROOT/.config/shadow
AuthGroupFile /dev/null
# require valid-user
@mdesantis
mdesantis / unicorn_init_script.sh
Last active March 21, 2018 13:18 — forked from romaimperator/unicorn_init_script.sh
Unicorn init script; it uses start-stop-daemon and supports every Ruby version manager (RVM, rbenv, chruby...)
#!/bin/sh
### BEGIN INIT INFO
# Provides: unicorn
# Required-Start: $all
# Required-Stop: $network $local_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: starts the unicorn instances
# Description: starts the unicorn server instances using start-stop-daemon
#