nginx and TLS v1.2

Given that SSL and TLS, especially v1.0, suffer from serious security issues (e.g. https://en.wikipedia.org/wiki/Transport_Layer_Security#TLS) I thought it would be a good idea to use the latest and more secure version of it: v1.2. On CentOS 6.4 the openssl version included is quite old and doesn’t support TLS v1.1 and 1.2. So, first of all we have to install the latest version 1.0.1e, it can be done compiling from sources or by adding a third party repository; I chose the latter. …

Posted on

WordPress admin, SSL, Apache + nginx

Let’s say we have a WordPress blog and we would like to encrypt our login pages and the whole back-end of the site. There are many ways to do it, but since I already have a nginx instance configured as reverse proxy running in front of Apache I’ll use it to protect my admin pages and logins. In this page I’ll not cover Apache’s configuration, which, by the way, is trivial to say the least, so please refer to this other post: Apache + nginx as reverse proxy. …

Posted on

Linux Kernel 3.10 and VMware Workstation 9

A new Linux kernel version is released and guess what: VMware Workstation fucked up once again. The fix posted on the Arch Linux wiki is applicable also to Fedora 19, I’ll post it here for future reference. $ cd /tmp $ curl -O http://pkgbuild.com/git/aur-mirror.git/plain/vmware-patch/vmblock-9.0.2-5.0.2-3.10.patch $ curl -O http://pkgbuild.com/git/aur-mirror.git/plain/vmware-patch/vmnet-9.0.2-5.0.2-3.10.patch $ cd /usr/lib/vmware/modules/source # tar -xvf vmblock.tar # tar -xvf vmnet.tar # patch -p0 -i /tmp/vmblock-9.0.2-5.0.2-3.10.patch # patch -p0 -i /tmp/vmnet-9.0.2-5.0.2-3.10.patch # tar -cf vmblock. …

Posted on

DeaDBeeF compiled from source

Yesterday was the big day, Fedora Schrödinger's Cat 19 stable release was released. Since I had a free afternoon I decided to install it on my Thinkpad, and luckily everything was fine, even Anaconada installer issues with UMTS modules are gone, VMware Workstation 9.0.2 was working fine and so on. The only issue I had was with DeaDBeeF audio player, I am using it from quite a long time and I like it a lot; too bad it’s not included in the default Fedora’s repos nor in the epel ones so every time I have to install it manually. …

Posted on

Apache + nginx as reverse proxy

One of the things I was planning to do but never did is installing nginx as reverse proxyin front of Apache. nginx is present in the epel repos for CentOS, so the installation process is just a matter of:yum install nginx mysql mysql-server phpmyadmin httpd wget -q -O - http://www.atomicorp.com/installers/atomic | sh yum install mod_rpaf mkdir /etc/nginx/v.hosts vi /etc/nginx/nginx.con http { include v.hosts/*.conf; include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access. …

Posted on

Wireshark as unprivileged user

Documentation on the Wireshark wiki seems to not be really up to date, or at least it’s not completely applicable to Fedora 18, so here is what I did to make it work. After installing Wireshark (and its GUI) with the usual: yum install wireshark-gnome It should automatically create a group called wireshark and we are supposed to add our user (mafio in my case) to this group: usermod -a -G wireshark mafio newgrp wireshark ### used to force the new settings without having to logout/login Then issue this last command: …

Posted on

OpenVPN server and CentOS

OpenVPN is the de facto standard VPN free open source software; it is widely used, tested, well documented and also included in the CentOS repos (EPEL). .:. Server side configuration yum install openvpn easy-rsa dnsmasq When yum is done installing the required packages, copy the sample config file. cp /usr/share/doc/openvpn-*/sample/sample-config-files/server.conf /etc/openvpn Uncomment/edit the following lines in /etc/openvpn/server.conf: port 1194 proto udp dev tun ca ca.crt cert server.crt key server. …

Posted on

Logitech G500 and Linux

Despite not being a gamer at all I see having a decent mouse as an important thing, I spend 10 to 15 hours a day in front of my PC and probably for at least half of the time I’m using the mouse, so I don’t get why I should not have the best input peripherals on the market. My current mouse is a Logitech G500 (NP 910-001262), of course it being the best mouse on the market is an highly debatable thing since, along side with the keyboard, mouse choice is highly subjective. …

Posted on