By default, you can’t use prints in a django app, because mod_wsgi restricts that. You can change that by putting this in your configuration:
WSGIRestrictStdout Off
Page 26 of 52
To change a virtual host in apache to ssl:
#Redirect all normal traffic to the https site. <VirtualHost *:80> RewriteEngine on RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [L,R] </VirtualHost> # This virtual host was *:80 first <VirtualHost *:443> DocumentRoot /bla # If I don't specify this, nagios's check_ssl_cert doesn't work. ServerName www.joho.com # These lines were added to make it SSL SSLEngine on SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key # if you have an official certificate, also add some of these: SSLCertificateChainFile /etc/ssl/certs/bla <Directory /bla> Order allow,deny Allow from all AllowOverride None Options -MultiViews FollowSymlinks Indexes </Directory> </VirtualHost>
When a site is available under multiple domains, it is usually bad idea to not have them all redirect to one domain. In apache, do this:
RewriteEngine On RewriteCond %{HTTP_HOST} !=www.domain.com RewriteRule ^(.*)$ http://www.domain.com$1 [L,R=permanent]
I don’t really trust the security of RDP, so therefore I’d like to take some extra security measures. I found this article explaining a lot.
First put users in the remote desktop group. You can do this by right clicking on my computer, or through the conventional manager.
Administrators are always allowed access and you may want to disable this. To do that, click Start – Programs – Administrative Tools (%SystemRoot%\system32\secpol.msc /s), then Local Security Policy. With “Allow logon through Terminal Services” you can define the groups that can logon with RDP. Remote Administrators if you want.
Now you want to have some kind of automatic block after a certain number of failed attempts. In the same policy editor, go to “Account Policies – Account Lockout Policy”. Set the threshold to something useful, with useful values. I prefer not to use indefinate timeouts, to avoid legitimate people from being blocked forever.
Next you want to change the encryption level. You can do this by running “%SystemRoot%\system32\gpedit.msc /s”, going to Administrative Templates – Windows Components – Terminal Services. From there it depends on the windows version, but look for security and change:
- Set client connection encryption level. Enabled, to high.
- Always prompt client for password upon connection. Enabled.
- Require Secure RPC Communication. Enabled.
Unfortunately, forcing SSL is incompatible with the linux rdesktop client.
You may need to run gpupdate (source).
To create a self-signed certificate for courier-imap:
openssl req -new -x509 -days 3650 -nodes -out imapd.pem -keyout imapd.pem
This will create a pem file with key and certificate in it. When asked for the common-name, enter the FQDN.
Don’t forget to specify the maildir path correctly in the imapd-ssl config file, as well as some other config parameters that are duplicated for imapd-ssl.
Sometimes you want automated access for root on your MySQL database. One way of accomplishing that is by doing this:
/root
touch .my.cnf
chmod 640 .my.cnf
And put in it:
[client] user=root password=foobar
For the record, when deploying mod wsgi apps, remember to enable optimizations in mod_wsgi.conf. Otherwise debug will be true.
By default, Asterisk always plays its own vm-intro as voicemail intro. To enable the user to record their own message, the entry in extensions.conf which sends a caller to the voicemail should be:
exten => _0123456789,n,Voicemail(1@<context>|s,u)
The s is to skip the default greeting. The u is for the unavailable message. You can also say b for busy message.
‘show application voicemail’ shows usage information and all the options you can give.
When you forward a port to an internal machine on the network, you still can’t access that host using your WAN-IP from within the LAN. This article explains it well. In short, it’s because the reply the machine your connecting to makes, goes to the LAN IP directly, and not back through the router.
To fix it, we need to add a SNAT rule for that port forward as well. In the example that we want to forward port 80 to 10.50.0.4 on our 10.50.0.0/16 LAN and 10.50.0.1 is our router, these two rules are necessary:
iptables -t nat -A PREROUTING -d WANIP -p tcp --dport 80 -m comment --comment "Forward www to 10.50.0.4." -j DNAT --to-destination LANIP iptables -t nat -A POSTROUTING -p tcp --source 10.50.0.0/16 --dest 10.50.0.4 --dport 80 -j SNAT --to-source 10.50.0.1 --match comment --comment "Allow our LAN to access port 80 from the WAN side as well."
Normally when forwarding, I would not use -d WANIP, but –in-interface eth0, but that won’t work here, because the LAN requests are not on eth0.
Also, the –source in the second rule is not strictly necessery, but if you don’t specify this rule, it will also match incoming requests for the internet, which is ugly, especially if you have logging rules.
I don’t like that firefox nowadays opens new tabs after the current tab. When I open stuff, I remember in which order I opened it and I don’t want that order changed by having tabs inserted.
Change:
browser.tabs.insertRelatedAfterCurrent
to false.
Recent Comments