Introduction: In order to know the location of the visits your website received before you started using Piwik with GeoIP you need to run a command. The reference to this command is at: https://piwik.org/faq/how-to/faq_167/ Problem: Unfortunately after having logged in as root in the server this command gave me the following error: Could not open …
Category: NGinX
Enabling SPDY and Strict-Transport-Security to NginX in Ubuntu 14.04
In Ubuntu 14.04 NginX is been compiled with the SPDY capability. To use it one must enable it inside the server {…} block for each virtual host. eg. server { server_name mprofi.com www.mprofi.com; root /var/www/mprofi.com; index index.php; # # Added to handle HTTP and HTTPS and SPDY listen 80; listen 443 ssl spdy; ssl_certificate /etc/letsencrypt/live/www.mysite.com/fullchain.pem; …
Redirecting HTTP to HTTPS in NginX
Here is a working method of redirecting any requested HTTP URL to HTTPS in NginX VirtualHosts that handles both HTTP and HTTPS. For example, to have a single vhost support both HTTP and HTTPS you have normally the following directives: # Support for HTTP and HTTPS listen 80; listen 443 ssl; ssl_certificate /etc/letsencrypt/live/www.myserver.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/www.myserver.com/privkey.pem; …
Issue free and CA signed SSL certificates for web servers from LetsEncrypt
Introduction: SSL Certificates provide two functions: 1. Authentication 2. Encryption Encryption can be achieved without authentication but, for some reason, someone decided to join them together in one certificate. It seem to make sense for banks and serious e-commerce sites which need to be properly authenticated. Therefore when the HTTPS protocol got developed it was …
Creating a web certificate CSR file.
The process of buying an SSL certificate for a web site is usually as follows: – You create a secret key and CSR files using the method showm in this post. – You cut and paste the content of the CSR file into a field in a SSL Vendor web site – The SSL vendor …
Configuring HAproxy load balancer in Ubuntu 14.04
Goal: In this example HTTP requests are proxied directly as HTTP requests to the HTTP web servers. In the case of HTTPS requests, they are handled with the certificates by HAproxy and then proxied to the web servers as HTTP requests. SSLCertificates: The certificates for all virtualhosts being proxied are stored as one PEM format …
Installing pure-ftpd in Debian/Ubuntu
Difficulty with FTP servers and firewall: If you configure a firewall for a host which runs an FTP server you normally need to leave the ports 1024-65365 range open, since you never know which port the FTP server will use to send data to the FTP client. This situation is quite critical if you have …
Fine tune Ubuntu TCP stack for web server
The following tips taken from the site will help reduce the TCP latency of Ubuntu as a web server : http://www.cyberciti.biz/faq/linux-tcp-tuning/
Installing NginX 1.9.2 in Ubuntu server 14.04.2 LTS
Since the version of NginX in Ubuntu Server 14.04.2 is only 1.4.6, we need to tell APT to install the more recent version of nginx directly from the NginX maintainer. Steps: Add the following lines in /etc/apt/sources.lst deb http://nginx.org/packages/mainline/ubuntu/ trusty nginx deb-src http://nginx.org/packages/mainline/ubuntu/ trusty nginx From your server download the signing key add it to …
TCP Load balancing email/web servers with NginX
I’ve got 2 synchronized email servers running and, in order to make sure I don’t have to change the servername settings of my mail client in case one server goes down, I was looking for a straight TCP layer load balancer. There are a few software packages on the market that can do that , …
Verifying a SSL certificate chain
In order to see if an SSL web site has the proper SSL Certificate chain, this simple command can help: echo “” | openssl s_client -showcerts -servername web.site.com -connect web.site.com:443 -CApath /etc/ssl/certs/ Example: echo ” ” | openssl s_client -showcerts -servername tipstricks.itmatrix.eu -connect tipstricks.itmatrix.eu:443 -CApath /etc/ssl/certs Result:(most important extract from full result) CONNECTED(00000003) depth=2 C …
NGINX: [emerg]: getgrnam(“…….”) failed in /etc/nginx/nginx.conf:1
As I installed nginx 1.6.x from Debian dotdeb repository, the daemon nginx started automatically using the user ‘www-data‘. As I wanted to change this user in the configuration file /etc/nginx/nginx.conf from: user www-data; TO user appuser; NGinX didn’t want to start any more and found the following line in the error logs: [emerg]: getgrnam(“appuser”) failed …