another meaningless subtitle

uwot.eu

last update:

This post is meant to be the sequel of the one I wrote one month ago about CentOS as router, transparent proxy, and much more. A big chunk of the precedent article is on how configure squid and squidGuard to act as a transparent proxy with URLs filtering capabilities. But there’s a problem with that: nowadays many sites (f4c3b00k.c0m just to name the most annoying one) are HTTPS. With HTTP one can really easily intercept a packet and read the payload (which contains the URL) but with HTTPS this is not possible anymore since the payload is encrypted.

I got a new TV for the living room (a Panasonic Viera TX-L39E6E) which is DLNA capable. To be honest I’m also planning to build some kind of media center, maybe a really low power one, based on some kind of raspeberry-pi lookalike device. Anyway, for now I’m using my workstation (Fedora 19 x86_64) to stream video contents using miniDLNA. First of all, let’s install it with the usual: $ sudo yum install minidlna Then, edit the following file:

As usual, long story short: I’ve to setup a firewall to log traffic, block some stuff and do some other things. – epel repo is required – The system is made of a single CentOS machine with 2 physical network adapters: 1. eth0, connected to WAN, static IP address 192.168.0.3 2. eth1, connected to LAN, static IP address 10.0.0.1⁄24 .:. Network adapters configuration WAN network adapter: [root@CentOS ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE="

Ok, I know I fucked up, I know everyone who knows me just a little bit would never expect this, but I got my first mobile phone or, like they call them nowadays: a smartphone. I don’t like the “smartphone” buzzword since I think the only smart ones here are the guys who are able to sell this stuff for hundreds of bucks to billions of people, so I’ll stick with the old and almost forgotten “mobile phone” name.

CentOS 6.4, QEMU+KVM

It’s summer, it’s hot as hell, I am back home from mountains and I’ve plenty of free time. Between a barbecue and the next one I spend my time playing with and learning new stuff: this week new stuff is called QEMU-KVM. Yesterday I also tried XenServer but to be honest I wasn’t impressed, it just look like to be an old version of CentOS minimal install with some custom repos and a fancy GUI.

nginx and TLS v1.2

Given that SSL and TLS, especially v1.0, suffer from serious security issues (e.g. https://en.wikipedia.org/wiki/Transport_Layer_Security#TLS) I thought it would be a good idea to use the latest and more secure version of it: v1.2. On CentOS 6.4 the openssl version included is quite old and doesn’t support TLS v1.1 and 1.2. So, first of all we have to install the latest version 1.0.1e, it can be done compiling from sources or by adding a third party repository; I chose the latter.

Let’s say we have a WordPress blog and we would like to encrypt our login pages and the whole back-end of the site. There are many ways to do it, but since I already have a nginx instance configured as reverse proxy running in front of Apache I’ll use it to “protect” my admin pages and logins. In this page I’ll not cover Apache’s configuration, which, by the way, is trivial to say the least, so please refer to this other post: Apache + nginx as reverse proxy.

A new Linux kernel version is released and guess what: VMware Workstation fucked up once again. The fix posted on the Arch Linux wiki is applicable also to Fedora 19, I’ll post it here for future reference. $ cd /tmp $ curl -O http://pkgbuild.com/git/aur-mirror.git/plain/vmware-patch/vmblock-9.0.2-5.0.2-3.10.patch $ curl -O http://pkgbuild.com/git/aur-mirror.git/plain/vmware-patch/vmnet-9.0.2-5.0.2-3.10.patch $ cd /usr/lib/vmware/modules/source # tar -xvf vmblock.tar # tar -xvf vmnet.tar # patch -p0 -i /tmp/vmblock-9.0.2-5.0.2-3.10.patch # patch -p0 -i /tmp/vmnet-9.0.2-5.0.2-3.10.patch # tar -cf vmblock.

Yesterday was the big day, Fedora “Schrödinger’s Cat” 19 stable release was released. Since I had a free afternoon I decided to install it on my Thinkpad, and luckily everything was fine, even Anaconada installer issues with UMTS modules are gone, VMware Workstation 9.0.2 was working fine and so on. The only issue I had was with DeaDBeeF audio player, I am using it from quite a long time and I like it a lot; too bad it’s not included in the default Fedora’s repos nor in the epel ones so every time I have to install it manually.

One of the things I was planning to do but never did is installing nginx as reverse proxy in front of Apache. nginx is present in the epel repos for CentOS, so the installation process is just a matter of: yum install nginx mysql mysql-server phpmyadmin httpd Add another repository for the Apache module mod_rpaf… wget -q -O - http://www.atomicorp.com/installers/atomic | sh …and install it: yum install mod_rpaf At this point everything needed should be installed, now it’s time to configure Apache and nginx to work together.