Commit 74d24c0f authored by Elias Ojala's avatar Elias Ojala
Browse files

Import from legacy wiki

<!-- TITLE: Android Captiveportal Server -->
<!-- SUBTITLE: Set custom captive portal check server to your Android. -->
By default, Android is using Google's server for captive portal checking.
## Afwall custom script
# captive portal
settings put global captive_portal_detection_enabled 1
settings put global captive_portal_mode 1
settings put global captive_portal_use_https 1
settings put global captive_portal_server
settings put global captive_portal_http_url
settings put global captive_portal_https_url
Replace `` with your own server, if you want.
The server should return 204 on the root.
Example with PHP:
# Installation
<script src=""></script>
[link to gist](
<!-- TITLE: Certbot -->
<!-- SUBTITLE: My certbot stuff -->
### Required packages (Debian 9)
* [certbot]( (stretch-backports)
* [python3-certbot-dns-cloudflare]( (stretch-backports)
`sudo apt install certbot python3-certbot-dns-cloudflare -t stretch-backports`
### Required packages (CentOS 7)
* python2-certbot
* python2-certbot-dns-cloudflare
## Wildcard certificate (DNS, Cloudflare)
sudo certbot --server \
--dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/dnscloudflare.ini \
-d * -d certonly
## Wildcard (DNS, Manual)
sudo certbot --server \
--manual \
--preferred-challenges dns \
-d * -d certonly
## DH params
sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
## Cloudflare Credentials
sudo mkdir /etc/letsencrypt
sudo touch /etc/letsencrypt/dnscloudflare.ini
sudo chmod 600 /etc/letsencrypt/dnscloudflare.ini
sudo nano /etc/letsencrypt/dnscloudflare.ini
## Nginx Sites-available
server {
# SSL configuration
listen 443 ssl http2;
listen [::]:443 ssl http2;
include snippets/ssl-params.conf;
include snippets/ssl/;
root /var/www/;
# Add index.php to the list if you are using PHP
index index.php index.html;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
## nginx
sudo mkdir /etc/nginx/snippets/ssl/
sudo mkdir /etc/nginx/sites-available/_utilities
sudo nano /etc/nginx/snippets/ssl-params.conf
sudo nano /etc/nginx/sites-available/_utilities/http-redirect
sudo ln -s /etc/nginx/sites-available/_utilities/http-redirect /etc/nginx/sites-enabled/
sudo rm /etc/nginx/sites-enabled/default -rf
## http redirect
filename: `/etc/nginx/sites-available/_utilities/http-redirect`
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
location / {
return 301 https://$host$request_uri;
## nginx per-cert config
filename: `/etc/nginx/snippets/ssl/`
ssl_certificate /etc/letsencrypt/live/;
ssl_certificate_key /etc/letsencrypt/live/;
## SSL params
filename: `/etc/nginx/snippets/ssl-params.conf`
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
# modern configuration. tweak to your needs.
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;
resolver valid=300s;
resolver_timeout 5s;
add_header Strict-Transport-Security "max-age=63072000";
add_header X-Content-Type-Options nosniff;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
<!-- TITLE: Initial Server Setup Debian 9 -->
# Prevent login without pubkey
Change this in `/etc/ssh/sshd_config`:
PermitRootLogin yes
PermitRootLogin no
and this:
#PasswordAuthentication yes
to this:
PasswordAuthentication no
## SSH tweaks
Comment out line with `AcceptEnv LANG LC_*`
# Create new user
adduser eliaso
## sudo
apt update
apt install sudo -y
# add your user to sudo group
usermod -aG sudo eliaso
# setup firewall
sudo apt install ufw -y
Then, proceed here:
# enable login for your new user
sudo apt install rsync -y
rsync --archive --chown=eliaso:eliaso ~/.ssh /home/eliaso
<!-- this needs sudo -->
Then, restart sshd with the following command:
sudo service sshd restart
Then, login to your new user. Try `sudo whoami` for root.
<!-- TITLE: MySQL -->
This is my notebook for MySQL related stuff.
CREATE DATABASE database_name;
CREATE USER 'user_name'@'localhost' IDENTIFIED BY 'password';
GRANT ALL ON database_name.* TO 'user_name'@'localhost' IDENTIFIED BY 'password';
## Code generator
TODO: Make one
\ No newline at end of file
<!-- TITLE: Phusion Passenger -->
<!-- SUBTITLE: Phusion Passenger configuration -->
## Create new user
sudo adduser --no-create-home --disabled-login --disabled-password kouluruoka-turku-api
\ No newline at end of file
<!-- TITLE: Solus Wireguard -->
<!-- SUBTITLE: Guide for building Wireguard on Solus -->
## Dependencies
sudo eopkg it -c system.devel
sudo eopkg install libmnl-devel
sudo eopkg it -c kernel.devel
sudo eopkg install libelf-devel
sudo eopkg install jq # for azirevpn script
## Download repo
cd ~
git clone --depth=1
## Add this to your .bashrc or .zshrc
alias wg-rebuild='cd ~/WireGuard/ && git pull && cd src && make -j8 && sudo make install && make clean'
Then, run `wg-rebuild`.
## Thanks
* [@As4fN1v]( ([github](
\ No newline at end of file
<!-- TITLE: Useful Tools -->
<!-- SUBTITLE: Useful Tools for Server Administration -->
* [rpl]( - intelligent recursive search/replace utility ([guide on StackExchange](
* [dnstools]( - for example, `dig` utility is in this page. Not included in Debian, so useful package.
## commands to remember
`sudo named-checkconf` - check dns configuration
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment