Link to create a sitemap for Dokuwiki: https://www.dokuwiki.org/sitemap. (enable sitemap option in config and submit http://nhergert.homenet.org/doku.php?do=sitemap
Use Github for hosting with Octopress or similar?
Free hosting, linked via CDN, easy HTTPS, etc. https://www.toptal.com/github/unlimited-scale-web-hosting-github-pages-cloudflare
For namecheap.
crontab -e # Append for every 1 minute check * * * * * /home/nhergert/update_ip.sh > /home/nhergert/update_ip.log # Run cron on boot update-rc.d cron defaults
# Only writes to server if ip address changes # Keeps log of old ip to below txt file old_ip_file="update_ip.txt" myip="$(dig +short myip.opendns.com @resolver1.opendns.com)" # Create file if it doesn't exist if [ ! -e "$old_ip_file" ]; then echo "${myip}" > "$old_ip_file" fi # Read in file oldip=`cat $old_ip_file` echo "$oldip" # Why not "==" ??? Different behavior in cron vs interactive shell >.< # https://serverfault.com/questions/734202/bash-if-statment-unexpected-behavior-in-crontab-job if [ "${myip}" = "${oldip}" ] then echo "They match!" exit fi # New value found echo "${myip}" > "${old_ip_file}" echo "Updating WAN/Public IP address from ${oldip} to ${myip}" wget -q -O - "https://dynamicdns.park-your-domain.com/update?host=nhergert&domain=ozeo.org&password=<dynamic dns password here, diff than normal password>&ip=${myip}" wget -q -O - "https://dynamicdns.park-your-domain.com/update?host=@&domain=ozeo.org&password=<dynamic dns password here, diff than normal password>&ip=${myip}"
Can use let's encrypt for free certificate. Cool.
Super easy to do, requires no account: https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-16-04
Probably more frustrating than useful both for me and attacker, but here's something. https://www.raspberrypi.org/documentation/configuration/security.md, https://www.pluralsight.com/blog/it-ops/linux-hardening-secure-server-checklist.
Like I like to tell people, “if you have enough money to attack with, anything is possible. However, if their target doesn't have money, it's probably not a big deal”
Also, using a container might give some peace of mind, but hardening and not being stupid is generally good enough. https://security.stackexchange.com/questions/100389/can-i-make-my-online-server-more-secure-using-docker
Probably want to use “A record”. However, it's not working for some reason…
Need to contact their support for main domain and potential subdomains.
/etc/httpd/logs2
Macbook is 15 W idle ($1.50 per month). Chromebook (Intel celeron) is 2.5 watts idle ($.25 per month).
Maybe I want to migrate to the chromebook??? Interesting.
Unfortunately is not done through power options in menu.
sudo vim /etc/systemd/logind.conf find line "#HandleLidSwitch=suspend" Replace line with "HandleLidSwitch=ignore" (no hash in front) finaly, restart service: sudo systemctl restart systemd-logind.service
sudo apt-get install apache2 php libapache2-mod-php php-common php-xml php-mbstring
libapache2-mod-php7.2
? Bummer…sudo service apache2 restart
@reboot
in crontab# Done :-) curl -k https://freedns.afraid.org/dynamic/update.php?<YOUR HASH HERE>
sudo apt-get install git-core; wget -q -O - http://pkg.jenkins-ci.org/debian/jenkins-ci.org.key | sudo apt-key add -;
. Add to /etc/apt/sources.list: deb http://pkg.jenkins-ci.org/debian binary/
. Then sudo apt-get update; sudo apt-get install jenkins
/etc/apache2/sites-enabled
<VirtualHost *:80> # The ServerName directive sets the request scheme, hostname and port that # the server uses to identify itself. This is used when creating # redirection URLs. In the context of virtual hosts, the ServerName # specifies what hostname must appear in the request's Host: header to # match this virtual host. For the default virtual host (this file) this # value is not decisive as it is used as a last resort host regardless. # However, you must set it for any further virtual host explicitly. #ServerName www.example.com ServerAdmin webmaster@localhost DocumentRoot /var/www/html DirectoryIndex index.php index.html <Directory /var/www/html> Options Indexes FollowSymLinks MultiViews AllowOverride none Order allow,deny allow from all </Directory> <LocationMatch "/(data|conf|bin|inc)/"> Order allow,deny Deny from all Satisfy All </LocationMatch> # Available loglevels: trace8, ..., trace1, debug, info, notice, warn, # error, crit, alert, emerg. # It is also possible to configure the loglevel for particular # modules, e.g. #LogLevel info ssl:warn ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined # For most configuration files from conf-available/, which are # enabled or disabled at a global level, it is possible to # include a line for only one particular virtual host. For example the # following line enables the CGI configuration for this host only # after it has been globally disabled with "a2disconf". #Include conf-available/serve-cgi-bin.conf </VirtualHost> # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
/etc/php5/apache2/php.ini
upload_max_filesize = 2M
and post_max_size = 8M
to whatever you want, then restart apache using sudo /etc/init.d/apache2 restart
# Not very secure, but given a sandbox computer it's probably okay. # sudo vi /env/apache2/envvars # Edit APACHE_RUN_USER/GROUP from www-data to your username # Then restart apache # Done! #Make user www-data in charge of /var/www sudo chown -R www-data:www-data /var/www # Allow user and group read/write/execute permissions on /var/www sudo chmod -R 770 /var/www # Add to group www-data user nhergert #sudo usermod -a -G www-data nhergert # Tsk tsk, but maybe needed for Dropbox? sudo usermod -a -G nhergert www-data # List groups of nhergert id nhergert # List users of www-data getent group www-data # Remove user from www-data #gpasswd -d <user> www-data # For some reason apache doesn't want to follow symlinks even with setting? # So need to move files from Dropbox to /var/www/html and then make a symlink in Dropbox directory #mv ~/Dropbox/dokuwiki2/* /var/www/html #rmdir ~/Dropbox/dokuwiki2 #ln -s /var/www/html ~/Dropbox/dokuwiki2 # Then restart computer (but maybe just log off) to apply changes
//Client ssh-keygen -t rsa ssh-copy-id user@my.host
//Host sudo apt-get install fail2ban
Not using right now
/var/log/nginx/error.log
(for some reason nginx is silent on cmd line and you have to check here for errors/etc/nginx/nginx.conf
/etc/nginx/sites-available
, virtual sites you set up. sites-enabled
is linked to this folderMight still need to fix permissions using these
//In httpd.conf Options (Indexes FollowSymLinks MultiViews) -> (FollowSymLinks MultiViews) AllowOverride None -> All
rsync --verbose --progress --stats --compress --recursive --times --links --delete -az -e "ssh -i ~/.ssh/id_rsa" /Users/Nolan/DropboxArchive nolanher@nolanhergert.com:~/public_html/dropbox/