The Perfect Reverse Proxy (NGINX, SSL, WebUI Management)

Reverse Proxy.  I’ve been implementing reverse-proxy solutions in lab and in production for some time now, but I always come across the same problem; It’s not the easiest type of a system to manage, especially when there are SSL certificates involved. Now, before I started looking for an easy-to-manage SSL solution, I figured I’d find some sort of web interface for the NGINX config files and other basic server management. After some searching and testing, I decided on Ajenti. Ajenti is a python-based linux control panel that makes installing packages…

Read More

Easy SSL for ScreenConnect with NGINX Reverse Proxy

On the topic of NGINX Reverse Proxy, it just so happens that the process for installing an SSL certificate onto your ScreenConnect server can be rather difficult, and a much more flexible approach is by using NGINX over SSL to reverse-proxy to the ScreenConnect instance. This is how you can do it yourself. Modify ScreenConnect settings: To begin, we should change the port that ScreenConnect listens on for incoming web connections. This is so NGINX can use ports 80 and 443. On Linux, screen connect is in installed to /opt/screenconnect/ Open…

Read More

netdata: A remarkable server monitoring utility.

I wanted to write a short introduction to a tool that I’ve been using a lot on my newest servers and development projects. This tool seriously provides the most amazing way of monitoring and comprehending your server’s performance and other metrics that I’ve seen in such a simple, lightweight installation. Here’s the current RAM utilization of my server, thanks to netdata: From the readme: netdata is a system for distributed real-time performance and health monitoring. It provides unparalleled insights, in real-time, of everything happening on the system it runs (including…

Read More

NGINX Security Hardening

 After setting up an NGINX webserver with a GoDaddy-issued SSL certificate, I did an SSL test and saw that I was graded a C. That’s average! I want a secure site. So I looked around at a couple of things, and decided to put together a small list of things you can add to your NGINX configuration/server block for enhancing security. I’m going to assume you’re already using an SSL certificate. If you aren’t, start there, and THEN look into how you can improve security 😉   1. Redirect all…

Read More

How to install NGINX, get a free SSL certificate, and configure a reverse proxy (part two)

This is part two, the final part of configuring NGINX with SSL as a reverse proxy. Now that you have successfully installed NGINX and obtained a free SSL cert, you can proceed.   There is one important thing to note when configuring reverse proxy: For each “subfolder” you want to act as a proxy to another server, you must have that server configured to listen on that subfolder.   This makes little sense in plain english so let’s review briefly, using CouchPotato as our example: Say I run CouchPotato on…

Read More

How to install NGINX, get a free SSL certificate, and configure a reverse proxy (part one)

This is part one of a two-part series for using NGINX as a reverse proxy for microservices on the same server or hosted on other servers/ports Click here for part two. In this article, we will: Install NGINX Install LetsEncrypt CertBot Obtain free SSL certificate Configure NGINX for SSL In part two, we will go over how to turn the basic HTTPS encrypted NGINX site into a reverse proxy for your other services. Installing NGINX and CertBot Auto We are using Ubuntu 14.04.5 Download certbot-auto to the /usr/local/sbin directory

Make sure…

Read More

Enable root login over SSH in Ubuntu 16.04 LTS

When I spin up a VM in the cloud like Vultr or Digital Ocean, I get root access. On the other hand, in AWS and Azure, I am stuck in a user account. Security and best practices aside, this is an inconsistency from a developer standpoint. I find that I need to log in with root access over SSH to my Ubuntu systems sometimes, and this is disabled in most cases. If you need to log in to root over SSH, here’s how: Edit the file:

Change

to…

Read More

How to git pull and overwrite file conflicts

I use git for version control. One of the biggest conveniences for me is running “git pull” to download the latest commits. But sometimes, the git pull fails because of a file that changed on the server. That’s usually my fault.

So here’s how to go about pulling from git anyways: From the directory you are trying to “git pull”

Your shell will read “Fetching origin” Then execute the git reset command:

You will see something similar to this output: HEAD is now at 76637bf fix truncate…

Read More

Where is the default WWW directory for BitNami LAMP stack?

If you’re like me and don’t really read much when you think you know what you’re doing, you might hit a few road blocks occasionally.   Like when I installed BitNami LAMP stack for the first time; I thought for sure I would put my data in

but to my surprise that directory didn’t exist. Of course, there’s documentation available; but if you’re like me, you also may not be looking at that. So, where do you put your www data? The default directory is

  Old habits die…

Read More

How to: Fix acd_cli ERROR: sqlite3.DatabaseError: database disk image is malformed

I was using acd_cli, mounted to my file system last night, and picked up today to finish up. I navigated to the directory I mount ACD in and listed the contents.

Only to see an error that I haven’t seen yet (in my experience with ACD_CLI.) I thought maybe the mount went bad. It was throwing an  error when I tried to mount the file system again:

Since the local cache could be corrupt, let’s go ahead and clear it: Your cache directory should be .cache in your…

Read More