ssl

Notes about setting up HTTPS on websites using LetEncrypt and certbot

As a note to self, I added SSL/TLS certificates to a couple of websites using LetEncrypt. Here are a couple of notes about the process:

The keytool password for the Java security cacerts file is ...

In case you ever need to manually a certificate to your ${JAVA_HOME}/jre/lib/security/cacerts file, it turns out the password for that file when using the Java keytool command is changeit.

To add a certificate to that file, you’ll want to use a command like this:

keytool \
    -import \
    -alias "foobar.com" \
    -keystore ${JAVA_HOME}/jre/lib/security/cacerts \
    -file foobar.com.crt

I had to do this today for a Java/Scala script that accesses an HTTPS URL, and the site I’m accessing uses a “Let’s Encrypt” certificate.

Notes on how to configure HTTPS/SSL with Nginx (on a Linode Ubuntu server)

Table of Contents1 - Summary2 - New Linode Server3 - Update Everything4 - Ubuntu Firewall5 - Add a New User6 - Disabling Root Login (sshd_config)7 - Limit Login Attempts (sshd_config)8 - Install Nginx and MySQL9 - Adjust Firewall10 - Nginx Configuration11 - Installing Java on Ubuntu12 - NOT what I used: Let’s Encrypt on Ubuntu 16.0413 - (1) Create a cert (openssl)14 - (2) Create a strong Diffie-Hellman group15 - (3) Configure Nginx to Use SSL16 - Adjust the Nginx Configuration to Use SSL17 - (Alternative Configuration) Allow Both HTTP and HTTPS Traffic18 - Adjust the Firewall19 - Enable the Changes in Nginx20 - Test in Browser21 - Nginx "default_server"22 - Can change to a permanent redirect (301)23 - More Security: Preventing Information Disclosure24 - More Security: Fail2Ban25 - Restricting Access by IP Address26 - See also

Without any introduction or discussion, here are the notes I made while learning how to get HTTPS working with Nginx. These are just for me, but if something helps you, cool.

Private Git repository hosting services

Private Git hosting services FAQ: What companies offer Git hosting, in particular private Git hosting services?

I recently started looking for a private Git hosting service, and the obvious first place to look is GitHub. They provide free Git hosting for open source projects, and their service has been excellent. But when I looked at their private Git hosting service, I was really surprised by the cost of their plans. Their lowest price private Git hosting plan is $7/month, and that allows only five Git projects, and relatively little disk space. Since I want a private Git hosting service to store all my projects, I'd immediately need to go to one of their paid Git hosting plans, and their Git hosting prices go up quickly from there.

Update: Github has changed their policies significantly since I first wrote this article.

Test your Putty SSH tunnel and Firefox SOCKS proxy

(This is the final part of a four-part tutorial. Here's a link to the introduction.)

Step 5: Test your Putty SSH tunnel and Firefox SOCKS proxy

As an initial test of the tunnel just try to go to a website like google.com in Firefox. If everything has been configured right, and your Putty tunnel is up and running, you should connect just fine.

Configure Firefox to use the Putty SSH tunnel as a SOCKS proxy

(This is Part 3 of a four-part tutorial. Here's a link to the introduction.)

Step 4: Configure Firefox to use the Putty SSH tunnel as a SOCKS proxy

Configuring Firefox to use this new SSH tunnel is simple. Start Firefox, then select the Tools menu, and then select the Options... menu item. Now click the Advanced icon (on the upper-right of the dialog), and then select the Network tab. This is shown in the next figure:

Configuring a tunnel to your SSH server

(This is Part 2 of a four-part tutorial. Here's a link to the introduction.)

Step 3: Configuring a tunnel to your SSH server

Next, we'll use Putty to create an SSH tunnel and connect to your remote server. For the purposes of this example let's assume we are connecting to a site named "myremotesshserver.com".

When you start Putty you should see a window that looks like the next figure:

A PayPal PHP IPN example

If you're looking for a PayPal IPN example written in PHP, I believe the following code works okay. It's based on the PayPal PHP IPN example (from the PayPal developer site), but I fixed some bugs from their example, added an alternate PHP socket example so you don't have to use SSL to connect to PayPal, and added more variables to the script.