-
Nginx redirect and SSL configuration example
Over the past few months I’ve been working with WordPress sites a surprising amount. During this same time, I decided to switch all of my sites over to HTTPS exclusively. The switch was relatively painless, especially since free SSL certificate are now available. I started with the HTML 5 Boilerplate team’s Nginx configuration snippets maintained […]
-
Create a self-signed SSL certificate for Nginx
If your application has any sort of login page or transmits sensitive information, it’s wise to make those sections accessible only via HTTPS. Even if your site has no sensitive information, it’s worth considering using HTTPS as Google now considers it a ranking signal. For any pages a general user will access, you’ll want to…
-
LEMP stack installation scripts for Ubuntu 14.04
This weekend I overhauled my quick-lemp scripts for automating part of the server setup and LEMP stack installation process. The basic functionality is the same: standard new server setup is performed and a fully functioning LEMP stack is installed along with a sample Flask applications. What has changed is the way the scripts are divided and how…
-
Obtain and install a free SSL certificate on Nginx
Until the past year I never really bothered to put my projects behind SSL. It always seemed like more of a hassle than it was worth, and I didn’t like the idea of paying $50+ for a properly-signed SSL certificate when none of my projects were commercial or transmitting sensitive information. As my projects become more elaborate,…
-
Poodlebleed exploits SSL 3.0
Despite being 15 years old, and theoretically replaced by TLS, SSL 3.0 is still in widespread use. As luck would have it, yesterday Google researchers revealed a vulnerability in 3.0 which allows for the decryption of secure connections. Poodlebleed is a vulnerability in the design of SSL version 3.0. Poodle is actually an acronym for Padding Oracle…
-
Nginx and uWSGI configuration for Flask app deployment
For someone new to application or server deployment (or any field, really), the vast assortment of commands, arguments, variables, and parameters can be overwhelming. That’s why I encourage friends and coworkers to break those daunting projects into smaller, more digestible pieces. Once they understand what is right in front of them and can relate it…
-
Initial steps on a new Ubuntu 14.04 server
Ubuntu 14.04 If you just logged in to a fresh installation of Ubuntu 14.04 (Trusty Tahr), there are a few steps you’ll want to take immediately to help secure your new server. The IP blocks used by the various VPS providers are constantly being scanned, and brute force attacks will begin even if you’re deploying…
-
A LAMP stack with Nginx is a LEMP stack
LEMP stack not LNMP stack For years I’ve referred to a stack consisting of Linux, Nginx, MySQL/MariaDB, and PHP/Python/Perl as a LEMP stack. While using LEMP might seem odd at first, it actually makes a lot of sense given that Nginx is pronounced “engine x.” While I knew from my own searching that the term wasn’t heavily used, I didn’t…
-
Update Bash on Linux and Mac machines to protect against ShellShock vulnerability
If you have any Linux or Mac machines, you’ll want to update Bash due to a vulnerability announced by RedHat called ShellShock. This vulnerability allows an attacker to inject their own code into Bash using environment variable assignment. You can check if your machine is vulnerable by running the following at a Bash prompt: env…
-
Configure Redmine SMTP or Sendmail settings for outgoing email
Once you have Redmine up and running, you’ll want to configure it to send and receive emails. For this tutorial you’ll either need a locally installed Sendmail server or credentials for an SMTP server. If you don’t have either of these, you can create a Gmail account for your Redmine installation and use the SMTP…