Technical blog

  • Harden apache on debian and wordpress

    I checked out

    https://securityheaders.com/

    # set security headers in apache

    # test with https://www.keycdn.com/blog/http-security-headers



    and added in cat /etc/apache2/conf-enabled/security.conf 

    Header set X-XSS-Protection “1; mode=block”

    Header set X-Frame-Options “SAMEORIGIN”

    Header set X-Content-Type-Options “nosniff”

    Header set Feature-Policy “autoplay ‘none’; camera ‘none'”

    Header always set Referrer-Policy “same-origin”

    Header set Strict-Transport-Security “max-age=31536000; includeSubDomains; preload”

    Header always set Permissions-Policy “geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()”

    Then I went to the the WordPress installed directory

    See: https://blog.sucuri.net/2012/07/wordpress-and-server-hardening-taking-security-to-another-level.html

    # adduser wordpressuser
    # cd /var/www/pathtoyoursite
    # chown -R wordpressuser:apache .
    # chmod -R 750 .
    # find . -type f -exec chmod 440 {} \;
    #find . -name “*.php” -exec chmod 440 {} \;
    #find . -type d -exec chmod 750 {} \;

    update WordPress I do with the wp.cli commands:

    since I use root I run it with –allow-root:

    #wp plugin install wordfence –activate –allow-root
    #wp plugin install cookie-law-info –activate –allow-root
    #wp core update –skip-plugins –skip-themes –allow-root
    #wp theme update –all –allow-root
    #wp plugin update –all –allow-root

  • what’s next

    You’ve probably heard that Pokemon Go players are going out and “catching ’em all”. Well, in honor of them (and you caught my drift), let’s talk about how to reach heaven. I’m not talking about Heaven itself here. I’m talking about how to get there from here.

    We all want to live forever. And we all want free Wi-Fi everywhere and a smart blender. But the 5 steps you need to take to get there are different.

    The afterlife is a mysterious place, and it can be hard to predict what’s waiting for us when we die. However, that hasn’t stopped people from trying to describe it. Below are 5 descriptions of the afterlife from famous scientists\’ statements on religion. Hearing more after my logic thought “5 steps? What can that really be?”. Did I have an idea of what this could be? Of course. Could I have guessed it in advance? Not even in the farthest corner of my mind could I have considered this possibility.

    The afterlife is a big unknown. It’s hard to imagine what it will be like, but many of us want to know what happens when we die.

    There are many theories about what happens after we die, but there is no scientific evidence that any of them are true. However, there are some things we do know about death and the afterlife:

    We don’t need food or water after we die. Our bodies stop working and start to decay.

    Our brains stop working very soon after our hearts stop beating. This means that if you’re not brain dead, your mind will still be active until you’re dead.

    When your brain stops working, other organs in your body stop working as well — especially those organs that control breathing and heartbeat. This means that once your brain stops working, it won’t ever work again, even if someone brings you back from the brink of death with CPR or defibrillation (both forms of life support). The exception is if someone keeps you alive using artificial life support machines for years after your heart stops beating and your brain stops functioning normally — in which case you might eventually regain consciousness again if doctors can keep machines like ventilators going long enough for you to recover from being

    In this article, I am going to introduce you to the five most common ways of getting into the afterlife.

    1: The soul is recycled and reborn into another body. This is done by your soul being sent back to earth in a new body with a different genetic makeup. The idea is that every time we die, our soul goes through a rebirth cycle where it takes on new experiences, encounters and interactions with the world at large. This process continues until you have learned all that you need to learn from life on Earth and can then move on to higher levels of existence.

    2: The soul lives in heaven for eternity. This one is pretty straightforward; after death, your soul goes straight up to heaven where it lives out an eternal life of happiness and joy with no other worries or cares in the world. Heaven is usually depicted as being somewhere above us (and possibly outside our solar system), but some people believe that there are multiple heavens (or multiple levels) within this one universe and that they may even exist within other universes as well! Many religions teach that God Himself will welcome us into His wonderful kingdom when we die, but others say that only those who have earned their way

    The afterlife is a location that is either in another dimension or plane of existence, or an imagined realm that transcends physical reality. The concept of an afterlife is found in many religious and philosophical systems, as well as in fiction.

    The Abrahamic religions believe that a human soul can survive death and reach an afterlife, where it will be judged by God. According to these religions, the dead will then be consigned to heaven (the Garden of Eden) or hell (the Netherworld).

    There are different traditions regarding the timing of a person’s death and the transition to the afterlife. In some cultures, such as those of Ancient Egypt and ancient Greece, funerary rituals included provisions for a safe passage to the afterlife; this was accomplished through magic spells and offerings made to gods, who were thought to intervene in human affairs.[11] Other cultures like the Vikings and Japanese left their dead on board ship for transportation to Valhalla.[12] In most pre-modern pagan traditions, such as those of northern Europe and modern-day Scandinavia, a person’s fate after death was often tied directly to the circumstances surrounding their birth; for example if they were born under poor astrological conditions,

    There are five methods to get there alive:

    1. You can become immortal through the use of science and technology (becoming a cyborg or an AI).
    2. You can become immortal by making yourself immortal by having an heir or heirship that will carry on after you die (i.e., having children).
    3. You can become immortal through faith in God or a higher power, either by being saved after death (by going to Heaven) or being resurrected from death (by returning as a zombie).
    4. You can become immortal by using science and technology but not getting caught (i.e., not dying at all, or at least not until you want to).
    5. You can become immortal by using faith in God or a higher power but not getting caught (i.e., not dying at all, or at least not until you want to).
  • HTTP 2.2

    Where is the gold

    freelancer-green https://cheapsslsecurity.com/p/the-advantages-of-http2/
    https://www.howtoforge.com/how-to-enable-http-2-in-apache/
    https://http2.pro/doc/Apache
    https://www.collectiveray.com/what-is-http2
    https://www.tecmint.com/enable-http2-in-apache-on-ubuntu/

    Debian 10

    apt-get install php7.4-fpm
    a2dismod php7.4
    a2enconf php7.4-fpm
    a2enmod proxy_fcgi

     

    a2dismod mpm_prefork
    a2enmod mpm_event
    a2enmod ssl

    a2enmod http2

    systemctl restart apache2



    Protocols h2 http/1.1

    ServerName example.com
    ServerAlias www.example.com
    DocumentRoot /var/www/public_html/example.com
    SSLEngine on
    SSLCertificateKeyFile /path/to/private.pem
    SSLCertificateFile /path/to/cert.pem
    SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
    Protocols h2 http/1.1
     
  • remote desktop
    what a farce remote desktop

    XRDP installation

    https://linuxize.com/post/how-to-install-xrdp-on-debian-10/
  • How to handle VOIP
    External Phone

    install software on laptop / mobile

    https://www.64characters.com/telephone/

    for installation see LINK

    check out this one link voyced.eu

  • Reset wordpress password for user from mysql
    MYSQL

    mysql -u USER -p
    use database;
    select id, user_login, user_pass FROM wp-users;

    update wp-users set user_pass = MD5(MYNEWPASSWORD);
    select id, user_login, user_pass FROM wp-users;

  • Adding old files to awstats
    awstats
    /usr/lib/cgi-bin/awstats.pl -update -config="example.com" -LogFile="/usr/share/awstats/tools/logresolvemerge.pl /var/log/apache2/access.log* |"
  • debian lamp with php 7.3.

    apt-get -y update

    apt-get -y upgrade

    # install apache software-prop

    apt-get -y install tasksel apache2 software-properties-common mariadb-client mariadb-server  python-certbot-apache lsb-release apt-transport-https ca-certificates

    # install php 7.3

    apt -y install lsb-release apt-transport-https ca-certificates

    wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg

    echo “deb https://packages.sury.org/php/ $(lsb_release -sc) main” | tee /etc/apt/sources.list.d/php7.3.list

    apt-get -y updateapt-get -y upgradeapt-get -y install libapache2-mod-php7.3 php7.3-gd php7.3-mysql php7.3-curl php7.3-intl php7.3-xsl php7.3-mbstring php7.3-zip php7.3-bcmath php7.3-soap php7.3-imagick

  • making a lamp with P H P

    apt-get -y update
    apt-get -y upgrade

    # install apache software-prop

    apt-get -y install tasksel apache2 software-properties-common mariadb-client mariadb-server  python-certbot-apache lsb-release apt-transport-https ca-certificates

    # install php 7.3
    apt -y install lsb-release apt-transport-https ca-certificates
    wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
    echo “deb https://packages.sury.org/php/ $(lsb_release -sc) main” | tee /etc/apt/sources.list.d/php7.3.listapt-get -y update

    apt-get -y upgrade

    apt-get -y install libapache2-mod-php7.3 php7.3-gd php7.3-mysql php7.3-curl php7.3-intl php7.3-xsl php7.3-mbstring php7.3-zip php7.3-bcmath php7.3-soap php7.3-imagick

    ### install lets encrypt#
    apt-get -y install python-certbot-apache
    # set cert
    certbot –apache

    ## harden mysql

    mysql_secure_installation

  • Letsencrypt on haproxy

    I created a couple of scripts

    1/ the script to create the certs

    root@groupmgt:~# cat createCert.sh 

    #######################################

    ### create cert with letsencrypt    ###

    #######################################

    #!/bin/ksh

    file=”${1:-/dev/null}”

    while read domain

    do

       echo “==================================” 

       echo “$domain”

       #ping -c 1 $domain

       #

       # run command letsencrupt

       letsencrypt certonly –text –webroot –webroot-path /tmp -d $domain –renew-by-default –agree-tos –email rcveen@gmail.com

       echo “==================================” 

    done <"$file" 

    the second script will create the pem files for haproxy

    root@groupmgt:~# cat createCert.sh 

    #######################################

    ### create cert with letsencrypt    ###

    #######################################

    #!/bin/ksh

    file=”${1:-/dev/null}”

    while read domain

    do

       echo “==================================” 

       echo “$domain”

       #ping -c 1 $domain

       #

       # run command letsencrupt

       letsencrypt certonly –text –webroot –webroot-path /tmp -d $domain –renew-by-default –agree-tos –email rcveen@gmail.com

       echo “==================================” 

    done <"$file" 

    root@groupmgt:~# cat createAll_PEM.sh 

    echo “================================”

    echo “===  CREATE INPUT FILES      ===”

    echo “================================”

    cd /etc/letsencrypt/live

    ls -1 > /root/Alldirs.txt

    while read dir

    do

      echo “dir:$dir”

      cd $dir

      ls -l 

      cat privkey.pem fullchain.pem | tee haproxy.pem

      cat privkey.pem fullchain.pem | tee $dir.pem

      cp $dir.pem ../../all/.

      echo “created: $dir/haproxy.pem”

      cd /etc/letsencrypt/live

    done <"/root/Alldirs.txt"

    echo “================================”

    echo “=== DONE : all haproxy.pem created   ===”

    And the third script will update the cerst and update the haproxy part

    root@groupmgt:~# cat refreshCert.sh 

    /usr/bin/letsencrypt renew >> /var/log/certRenewal.log

    /root/createAll_PEM.sh >> /var/log/cert_createPEM.log

    The haproxy part like installation and restartting after the update of the created pem’s that’s something which will not be written out in this section 🙂

  • Add script to start at boot

    cp  script.sh  /etc/init.d/.
    chmod 755 /etc/init.d/script.sh
    vi /etc/rc.local
    # add in file
    /etc/init.d/script.sh

  • Debian Update Magento 2.2.7 to 2.3.0

    requirements for os


    First, do the Debian updates/upgrades:
    su – 
    apt-get update
    apt-get upgrade
    apt-get dist-upgrade
    reboot

    Login again:

    cat /etc/os-release


    update php

    apt-get remove php7.0
    apt install apt-transport-https lsb-release ca-certificates
    wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
    sh -c ‘echo “deb https://packages.sury.org/php/ $(lsb_release -sc) main” > /etc/apt/sources.list.d/php.list’
    apt update
    apt-get install php7.1 php7.1-common

    apt-get install php7.1-curl php7.1-xml php7.1-zip php7.1-gd php7.1-mysql php7.1-mbstring php7.1-mcrypt php7.1-intl php7.1-xsl php7.1-bcmath php7.1-iconv php7.1-fpm php7.1-soap

    a2enmod proxy_fcgi setenvif
    a2enconf php7.1-fpm
    systemctl restart apache2


    NOTICE: You are seeing this 


    update Magento:

    cd

    composer require magento/product-community-edition 2.3.0 –no-update

    Specify additional packages for composer Run this

    composer require --dev phpunit/phpunit:~6.2.0 friendsofphp/php-cs-fixer:~2.10.1 lusitanian/oauth:~0.8.10 pdepend/pdepend:2.5.2 sebastian/phpcpd:~3.0.0 squizlabs/php_codesniffer:3.2.2 --no-update

    composer require –dev phpunit/phpunit:~6.2.0 friendsofphp/php-cs-fixer:~2.10.1 lusitanian/oauth:~0.8.10 pdepend/pdepend:2.5.2 sebastian/phpcpd:~3.0.0 squizlabs/php_codesniffer:3.2.2 –no-update

    Remove unused packages

    composer remove --dev sjparkinson/static-review fabpot/php-cs-fixer --no-update

    Update autoload

    Open composer.json and edit the "autoload": "psr-4" section to include "Zend\\Mvc\\Controller\\": "setup/src/Zend/Mvc/Controller/" :

    "Magento\\Framework\\": "lib/internal/Magento/Framework/",
    "Magento\\Setup\\": "setup/src/Magento/Setup/",
    "Magento\\": "app/code/Magento/",
    "Zend\\Mvc\\Controller\\": "setup/src/Zend/Mvc/Controller/"

    composer update

    composer require magento/product-community-edition 2.3.0 –no-update
    composer update

    error with symfony:
    composer require –dev phpunit/phpunit:~6.2.0 friendsofphp/php-cs-fixer:~2.10.1 lusitanian/oauth:~0.8.10 pdepend/pdepend:2.5.2 sebastian/phpcpd:~3.0.0 squizlabs/php_codesniffer:3.2.2 –no-update

    Error with sampledata:
    ./bin/magento sampledata:reset


    Error with sampledata:

    edit composer.json and remove the sampledata
    see: magentosite
    try again:
    composer update



    ./bin/magento sampledata:deploy

    chown -R www-data .
    find . -type f -exec chmod 400 {} \;
    find . -type d -exec chmod 500 {} \;
    find var/ -type f -exec chmod 600 {} \;
    find media/ -type f -exec chmod 600 {} \;
    find var/ -type d -exec chmod 700 {} \;
    find media/ -type d -exec chmod 700 {} \;
    chmod 775 /bin/magento

  • Updating Magento with CLI
    Updating magento with cli can be handled as following:
    # set the correct package
    composer require magento/product-community-edition 2.2.3 –no-update
    composer update
    # Manually clear var subdirectories:
    rm -rf var/cache/*
    rm -rf var/page_cache/*
    rm -rf var/generation/*
    #correct rights magento
    chmod 770 bin/magento
    # Update the database schema and data:
    ./bin/magento setup:upgrade
    # Put your storefront online
    ./bin/magento maintenance:disable
    # Set rights
    chown -R www-data:www-data .
    chown -R www-data:www-data *.*
    chown -R www-data:www-data .*
    find . -type d -exec chmod 775 {} \;
    find . -type f -exec chmod 664 {} \;
    Problem after updating is that the products won’t show. This is caused by the template.. so just check if the correct version of the template is there …