Pupli – Page 11

Configure Nginx for WordPress on Ubuntu

December 21, 2023

sudo mkdir -p /var/www/html/wordpress

Navigate to /etc/nginx/sites-available. There, create a file with the name example.com. The name should be the same as your domain.

# Redirect HTTP -> HTTPS
server {
    listen 80;
    server_name www.example.com example.com;

    return 301 https://example.com$request_uri;
}

# Redirect WWW -> NON-WWW
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name www.example.com;

    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;

    return 301 https://example.com$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name example.com;

    root /var/www/html/wordpress;
    index index.php;

    # SSL parameters
    ssl_protocols         TLSv1.2 TLSv1.3;
    ssl_ciphers           HIGH:!aNULL:!MD5;
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;
    ssl_session_timeout 1d;
    ssl_session_cache shared:MozSSL:10m;
    ssl_session_tickets off;
    ssl_prefer_server_ciphers off;
    ssl_stapling on;
    ssl_stapling_verify on;
    resolver 1.1.1.1 1.0.0.1 valid=300s;
    resolver_timeout 30s;

    # log files
    access_log /var/log/nginx/example.com.access.log;
    error_log /var/log/nginx/example.com.error.log;

    location = /favicon.ico {
    log_not_found off;
    access_log off;
    }

    location = /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
    }

    location / {
    try_files $uri $uri/ /index.php?$args;
    }

    location ~ \.php$ {
    include snippets/fastcgi-php.conf;
    fastcgi_pass unix:/run/php/php8.1-fpm.sock;
    }

    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
    expires max;
    log_not_found off;
    }
}

then create a symbolic link to the sites-enabled directory.

sudo ln -s /etc/nginx/sites-available/sample.com /etc/nginx/sites-enabled/sample.com

sudo nginx -t
nginx -s reload

References
https://www.hostinger.com/tutorials/how-to-install-wordpress-with-nginx-on-ubuntu/
https://www.nginx.com/resources/wiki/start/topics/recipes/wordpress/
https://wordpress.org/documentation/article/nginx/

Add More Security to Nginx Configuration

December 21, 2023

sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

ssl_dhparam /etc/ssl/certs/dhparam.pem;

ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;

ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;

ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 30s;

add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;

References
https://linuxize.com/post/secure-nginx-with-let-s-encrypt-on-ubuntu-20-04/

Install Redis on Ubuntu 22.04

December 19, 2023

sudo apt install redis-server

sudo nano /etc/redis/redis.conf

Inside the file, find the supervised directive. This directive allows you to declare an init system to manage Redis as a service, providing you with more control over its operation. The supervised directive is set to no by default. Since you are running Ubuntu, which uses the systemd init system, change this to systemd

. . .

# If you run Redis from upstart or systemd, Redis can interact with your
# supervision tree. Options:
#   supervised no      - no supervision interaction
#   supervised upstart - signal upstart by putting Redis into SIGSTOP mode
#   supervised systemd - signal systemd by writing READY=1 to $NOTIFY_SOCKET
#   supervised auto    - detect upstart or systemd method based on
#                        UPSTART_JOB or NOTIFY_SOCKET environment variables
# Note: these supervision methods only signal "process is ready."
#       They do not enable continuous liveness pings back to your supervisor.
supervised systemd

. . .

sudo systemctl restart redis.service

References
https://www.digitalocean.com/community/tutorials/how-to-install-and-secure-redis-on-ubuntu-22-04

Install Redis on Windows using WSL

December 19, 2023

Turn on Windows Subsystem for Linux

Open PowerShell as Administrator and run this command to enable Windows Subsystem for Linux (WSL):

Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux

Launch Microsoft Windows Store and then search for Ubuntu, or your preferred distribution of Linux, and download the latest version.

Install Redis server

sudo apt-add-repository ppa:redislabs/redis
sudo apt-get update
sudo apt-get upgrade
sudo apt-get install redis-server

Restart the Redis server

sudo service redis-server restart

Verify if your Redis server is running

 $ redis-cli
 127.0.0.1:6379> set user:1 "Jane"
 127.0.0.1:6379> get user:1
"Jane"

Stop the Redis Server

sudo service redis-server stop

References
https://developer.redis.com/create/windows/
https://redis.io/docs/install/install-redis/install-redis-on-windows/

Configure Remote Access for MongoDB on Ubuntu

December 18, 2023

sudo nano /etc/mongod.conf

Find the network interfaces section, then the bindIp value:

. . .
# network interfaces
net:
  port: 27017
  bindIp: 127.0.0.1

. . .

Append a comma to this line followed by your MongoDB server’s public IP address:

. . .
# network interfaces
net:
  port: 27017
  bindIp: 127.0.0.1,mongodb_server_ip

. . .

Please note that this should be the IP address of the server on which you’ve installed MongoDB, not the IP address of your trusted remote machine.

sudo systemctl restart mongod

References
https://www.digitalocean.com/community/tutorials/how-to-configure-remote-access-for-mongodb-on-ubuntu-20-04

ASP.NET Authentication with Identity in a Web API with Bearer Tokens & Cookies in .NET 8

December 3, 2023

We’ll use the in-memory database for this example.

dotnet add package Microsoft.AspNetCore.Identity.EntityFrameworkCore
dotnet add package Microsoft.EntityFrameworkCore.InMemory
dotnet add package Swashbuckle.AspNetCore.Filters

class MyUser : IdentityUser {}

public class DataContext : IdentityDbContext<MyUser>
{
    public DataContext(DbContextOptions<DataContext> options) : base(options)
    {

    }
}

Program.cs

using Microsoft.EntityFrameworkCore;
using Swashbuckle.AspNetCore.Filters;
using WebApplication1;
using WebApplication1.Data;

var builder = WebApplication.CreateBuilder(args);

builder.Services.AddControllers();
builder.Services.AddEndpointsApiExplorer();
builder.Services.AddSwaggerGen(options =>
{
    options.AddSecurityDefinition("oauth2", new Microsoft.OpenApi.Models.OpenApiSecurityScheme
    {
        In = Microsoft.OpenApi.Models.ParameterLocation.Header,
        Name = "Authorization",
        Type = Microsoft.OpenApi.Models.SecuritySchemeType.ApiKey
    });

    options.OperationFilter<SecurityRequirementsOperationFilter>();
});


builder.Services.AddDbContext<DataContext>(options => options.UseInMemoryDatabase("AppDb"));
builder.Services.AddAuthentication();
builder.Services.AddIdentityApiEndpoints<MyUser>()
    .AddEntityFrameworkStores<DataContext>();


var app = builder.Build();

if (app.Environment.IsDevelopment())
{
    app.UseSwagger();
    app.UseSwaggerUI();
}

app.MapIdentityApi<MyUser>();

app.UseHttpsRedirection();

app.UseAuthorization();

app.MapControllers();

app.Run();

In Swagger

References
https://www.youtube.com/watch?v=8J3nuUegtL4
https://devblogs.microsoft.com/dotnet/whats-new-with-identity-in-dotnet-8/

Install .NET 8 on Ubuntu 22.04 using Microsoft package feed

December 3, 2023

Remove the existing .NET packages from your distribution. You want to start over and ensure that you don’t install them from the wrong repository.

sudo apt remove 'dotnet*' 'aspnet*' 'netstandard*'

Configure your package manager to ignore the .NET packages from the distribution’s repository. It’s possible that you’ve installed .NET from both repositories, so you want to choose one or the other.

touch /etc/apt/preferences
nano /etc/apt/preferences

Package: dotnet* aspnet* netstandard*
Pin: origin "<your-package-source>"
Pin-Priority: -10

Make sure to replace <your-package-source> with your distribution’s package source, for example, on Ubuntu you may use archive.ubuntu.com in the US.

Use the apt-cache policy command to find the source:

apt-cache policy '~ndotnet.*' | grep -v microsoft | grep '/ubuntu' | cut -d"/" -f3 | sort -u

# Get Ubuntu version
declare repo_version=$(if command -v lsb_release &> /dev/null; then lsb_release -r -s; else grep -oP '(?<=^VERSION_ID=).+' /etc/os-release | tr -d '"'; fi)

# Download Microsoft signing key and repository
wget https://packages.microsoft.com/config/ubuntu/$repo_version/packages-microsoft-prod.deb -O packages-microsoft-prod.deb

# Install Microsoft signing key and repository
sudo dpkg -i packages-microsoft-prod.deb

# Clean up
rm packages-microsoft-prod.deb

# Update packages
sudo apt update

sudo apt-get update && \
  sudo apt-get install -y dotnet-sdk-8.0

References
https://learn.microsoft.com/en-us/dotnet/core/install/linux-ubuntu-2204
https://learn.microsoft.com/en-us/dotnet/core/install/linux-ubuntu
https://learn.microsoft.com/en-us/dotnet/core/install/linux-package-mixup?pivots=os-linux-redhat

Install ChromeDriver on Fedora

November 10, 2023

sudo dnf install chromedriver

Install NVIDIA Driver and sign the Kernel module on Fedora 39

November 9, 2023April 25, 2024

sudo dnf install kmodtool akmods mokutil openssl

sudo kmodgenca -a

sudo mokutil --import /etc/pki/akmods/certs/public_key.der

You will be asked to enter a password, it doesn’t have to be very strong, just make sure to remember it. You’ll only need it once during these steps.

sudo reboot

After reboot you will see MOK Manager interface and will be asked to enroll the key.
First select “Enroll MOK“.
Then “Continue“.
Hit “Yes” and enter the password.
Then select “OK” and your device will reboot again.

sudo dnf install kernel-devel-$(uname -r)

sudo dnf install gcc kernel-headers kernel-devel akmod-nvidia xorg-x11-drv-nvidia xorg-x11-drv-nvidia-libs xorg-x11-drv-nvidia-libs.i686

sudo akmods --force

sudo dracut --force

sudo reboot

lsmod | grep -i nvidia

References
https://blog.monosoul.dev/2022/05/17/automatically-sign-nvidia-kernel-module-in-fedora-36/
https://rpmfusion.org/Howto/NVIDIA#Current_GeForce.2FQuadro.2FTesla

Deploy applications in Run as Administrator mode in Windows using PyInstaller and Inno Setup

November 5, 2023

PyInstaller

venv\Scripts\pyinstaller.exe --noconsole --onefile --icon=images/icons8-anki-512.ico --manifest=MyAnki.exe.manifest --uac-admin -n MyAnki app.py

MyAnki.exe.manifest

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>

inno_setup.iss

[Setup]
PrivilegesRequired=admin