Persistant iptables

For debian 10…

apt install iptables-persistent
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -s 87.121.72.216 -j ACCEPT
iptables -P INPUT DROP
dpkg-reconfigure iptables-persistent

Lighttpd vhost config.

cat /etc/lighttpd/conf-available/10-vhost.conf
server.modules += ( "mod_openssl" )
 
$SERVER["socket"] == "[2404:9400:213c:6b01:0000:0000:0000:0001]:443" {
        ssl.engine  = "enable"
        ssl.privkey= "/etc/letsencrypt/live/1.mygeekvps.net/privkey.pem"
        ssl.pemfile = "/etc/letsencrypt/live/1.mygeekvps.net/cert.pem"
        ssl.ca-file= "/etc/letsencrypt/live/1.mygeekvps.net/chain.pem"
        ssl.cipher-list = "HIGH"
        server.document-root        = "/var/www/html1"
}
 
$SERVER["socket"] == "[2404:9400:213c:6b01:0000:0000:0000:0002]:443" {
        ssl.engine  = "enable"
        ssl.privkey= "/etc/letsencrypt/live/2.mygeekvps.net/privkey.pem"
        ssl.pemfile = "/etc/letsencrypt/live/2.mygeekvps.net/cert.pem"
        ssl.ca-file= "/etc/letsencrypt/live/2.mygeekvps.net/chain.pem"
        ssl.cipher-list = "HIGH"
        server.document-root        = "/var/www/html2"
}
 
$SERVER["socket"] == "[2404:9400:213c:6b01:0000:0000:0000:0003]:443" {
        ssl.engine  = "enable"
        ssl.privkey= "/etc/letsencrypt/live/3.mygeekvps.net/privkey.pem"
        ssl.pemfile = "/etc/letsencrypt/live/3.mygeekvps.net/cert.pem"
        ssl.ca-file= "/etc/letsencrypt/live/3.mygeekvps.net/chain.pem"
        ssl.cipher-list = "HIGH"
        server.document-root        = "/var/www/html3"
}

IPv6 additional addresses.

/etc/network/interfaces

iface eth0 inet6 static
address 2404:9400:213c:6b01:0000:0000:0000:0001/128
# use SLAAC to get global IPv6 address from the router
# we may not enable ipv6 forwarding, otherwise SLAAC gets disabled
autoconf 1
accept_ra 2
 
iface eth0 inet6 static
address 2404:9400:213c:6b01:0000:0000:0000:0002/128
# use SLAAC to get global IPv6 address from the router
# we may not enable ipv6 forwarding, otherwise SLAAC gets disabled
autoconf 1
accept_ra 2
 
iface eth0 inet6 static
address 2404:9400:213c:6b01:0000:0000:0000:0003/128
# use SLAAC to get global IPv6 address from the router
# we may not enable ipv6 forwarding, otherwise SLAAC gets disabled
autoconf 1
accept_ra 2

Create SQL databases

#!/usr/bin/env python3
 
 
import mysql.connector
 
weblist = ["ericafox", "ericascott", "ericastevens", "samarafox", "samarastevens", "williamscott", "woodytheduck"]
 
 
mydb = mysql.connector.connect(
  host="localhost",
  user="superuser",
  passwd="superuserpassword"
)
 
mycursor = mydb.cursor()
 
for site in weblist:
    mycursor.execute("CREATE DATABASE " + site)

WiFi in networkd

nano /etc/wpa_supplicant/wpa_supplicant-wlo1.conf
ctrl_interface=/run/wpa_supplicant
update_config=1
 
 
network={
        ssid="My SSID"
        psk=4a11d6d1d48bd83ae9f0dc4f804dddc60a91782653fc883c0b9f23c8a2db72ef
}
systemctl enable wpa_supplicant@wlo1.service

Enable networkd in Debian 9

mv /etc/network/interfaces /etc/network/interfaces.save
systemctl enable systemd-networkd
nano /etc/systemd/network/lan0.network
[Match]
Name=enp0s3
 
[Network]
DHCP=yes
 
[DHCP]
ClientIdentifier=mac
systemctl start systemd-networkd

Lambda@EDGE Add index.html to request

Node 8

'use strict';
exports.handler = (event, context, callback) => {
 
    // Extract the request from the CloudFront event that is sent to Lambda@Edge 
    var request = event.Records[0].cf.request;
 
    // Extract the URI from the request
    var olduri = request.uri;
 
    // Match any '/' that occurs at the end of a URI. Replace it with a default index
    var newuri = olduri.replace(/\/$/, '\/index.html');
 
    // Log the URI as received by CloudFront and the new URI to be used to fetch from origin
    console.log("Old URI: " + olduri);
    console.log("New URI: " + newuri);
 
    // Replace the received URI with the URI that includes the index page
    request.uri = newuri;
 
    // Return to CloudFront
    return callback(null, request);
 
};
Posted in Web