Posted on

ssl wildcard apache

1. New
certbot certonly --manual --preferred-challenges=dns --email admin@example.com --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d *.example.com

2. Adding TXT record
_acme-challenge	TXT	"xxxxxxxxxxxxxxxxxxxxxx"

3. Your cert will expire on 2022-02-28.

4. Renew: 
  certbot certonly --manual -d '*.example.com'

4.1 New if Renew is failed (if 4.Renew failed then: Retry the Certification Process)
  certbot certonly --manual --preferred-challenges dns -d example.com

5. Lookup (on windows)
  nslookup -type=TXT _acme-challenge.domain.com
  or
  https://dnschecker.org/#TXT/_acme-challenge.domain.com
4.1. Update DNS with TXT value
4.2. Before continuing, verify the record is deployed. Press Enter to Continue
4.3. Restart apache2 or wait 15min
4.4 Your cert will expire on 
        2025-12-22
        2025-09-23(new server)
        2025-07-19
        2025-04-19
        2025-01-24
        2024-11-10
        2024-08-19
        2024-05-21
        2024-02-25
        2023-11-27
        2023-08-28
        2023-05-26, 
        2023-02-24, 
        2022-11-26, 
        2022-08-28, 
        2022-05-29

shop:
2024-10-07
2024-05-21
2024-02-25
2023-11-07

h:
 2026-02-08
 2025-11-08
 2025-07-19
 2025-04-25
 2025-04-19 (err)
 2025-01-24
 2024-11-10
 2024-05-21

https://bobcares.com/blog/certbot-wildcard-certificate-apache/
apache rewrite domain with wildcard:

RewriteEngine on
RewriteCond %{HTTP_HOST} (\w+.domain.lt)
RewriteRule ^ https://%1%{REQUEST_URI} [L,R=301]

https://serverfault.com/questions/809437/rewrite-of-insecure-to-secure-domain-with-wildcard
Posted on

apache reverse proxy(loadbalancer)

LOAD BALANCER (vidinis: 10.10.10.1)

apache2.conf

<VirtualHost *:80>
<Proxy balancer://mycluster>
BalancerMember http://vidinis.ip (arba isorinis)
BalancerMember http://vidinis.ip (arba isorinis)
</Proxy>

ProxyPreserveHost On

ProxyPass / balancer://mycluster/
ProxyPassReverse / balancer://mycluster/

</VirtualHost>

domain-le-ssl.conf

<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin mail@mail.com
ServerName example.com
ServerAlias www.example.com

SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf

</VirtualHost>
</IfModule>

 

WEB SERVER

<Directory /home/test/www/balancer2/>
Options FollowSymLinks
AllowOverride All
Require all granted

Order deny,allow
Deny from all

#from balancer
Allow from 10.10.10.1 (vidinis)
</Directory>

 

https://www.digitalocean.com/community/tutorials/how-to-use-apache-as-a-reverse-proxy-with-mod_proxy-on-ubuntu-16-04

Posted on

hyper-v on windows 10 home

Create hv.bat and run as administrator (restart pc after)

 pushd "%~dp0"
 dir /b %SystemRoot%\servicing\Packages\*Hyper-V*.mum >hv.txt
 for /f %%i in ('findstr /i . hv.txt 2^>nul') do dism /online /norestart /add-package:"%SystemRoot%\servicing\Packages\%%i"
 del hv.txt
 Dism /online /enable-feature /featurename:Microsoft-Hyper-V -All /LimitAccess /ALL
 pause

 

https://docs.microsoft.com/en-us/answers/questions/29175/installation-of-hyper-v-on-windows-10-home.html

Posted on

switch php version

Apache:

$ sudo a2dismod php5.6
$ sudo a2enmod php7.1
$ sudo service apache2 restart

Command Line:

$ sudo update-alternatives --set php /usr/bin/php7.1
$ sudo update-alternatives --set phar /usr/bin/phar7.1
$ sudo update-alternatives --set phar.phar /usr/bin/phar.phar7.1
Posted on

sshd_config

AllowUsers user1 user2
https://ostechnix.com/allow-deny-ssh-access-particular-user-group-linux/
Match user ben_files
        # The following two directives force ben_files to become chrooted
        # and only have sftp available.  No other chroot setup is required.
        ChrootDirectory /var/www/vhosts/mydomain.com/files
        #ForceCommand internal-sftp
        ForceCommand /usr/bin/git
        # For additional paranoia, disallow all types of port forwardings.
        AllowTcpForwarding no
        GatewayPorts no
        X11Forwarding no
Posted on

usermod

https://www.tecmint.com/usermod-command-examples/

Add you user to the webserver user group:
sudo usermod -a -G www-data username
Add shell
usermod -s /usr/bin/bash username
usermod -s /usr/bin/git-shell username
Add directory
usermod -d /hime/username username

Options

  • -c = We can add comment field for the useraccount.
  • -d = To modify the directory for any existing user account.
  • -e = Using this option we can make the account expiry in specific period.
  • -g = Change the primary group for a User.
  • -G = To add a supplementary groups.
  • -a = To add anyone of the group to a secondary group.
  • -l = To change the login name from tecmint to tecmint_admin.
  • -L = To lock the user account. This will lock the password so we can’t use the account.
  • -m = moving the contents of the home directory from existing home dir to new dir.
  • -p = To Use un-encrypted password for the new password. (NOT Secured).
  • -s = Create a Specified shell for new accounts.
  • -u = Used to Assigned UID for the user account between 0 to 999.
  • -U = To unlock the user accounts. This will remove the password lock and allow us to use the user account.