Poor & Dumb

I did not have the heart to say harshly.
If you’re rich, you don’t need to work.
If you’re smart, you don’t need to study.
If you have ever studied and worked, it means you have been poor and dumb.
Think!

Advertisements

HTTPS Web Proxy

Hi.

server {
		server_name lily.domain.id;
		return 301 https://$server_name$request_uri;
}


server {
		listen 443;
		server_name lily.domain.id;
		ssl on;
		ssl_certificate /etc/letsencrypt/live/lily.domain.id/fullchain.pem;
		ssl_certificate_key /etc/letsencrypt/live/lily.domain.id/privkey.pem;
		ssl_session_timeout 1d;
		ssl_protocols TLSv1.2;
		add_header Strict-Transport-Security max-age=15768000;

		location / {
				proxy_pass         http://192.168.212.103;
				proxy_redirect     off;
				proxy_set_header   Host $http_host;
				proxy_set_header   X-Real-IP $remote_addr;
				proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
				proxy_set_header   X-Forwarded-Host $server_name;
				proxy_set_header   X-Forwarded-Proto $scheme;
		}	
}

server {
		server_name magnolia.domain.id;
		return 301 https://$server_name$request_uri;
}

server {
		listen 443;
		server_name magnolia.domain.id;
		ssl on;
		ssl_certificate /etc/letsencrypt/live/magnolia.domain.id/fullchain.pem;
		ssl_certificate_key /etc/letsencrypt/live/magnolia.domain.id/privkey.pem;
		ssl_session_timeout 1d;
		ssl_protocols TLSv1.2;
		add_header Strict-Transport-Security max-age=15768000;

		location / {
				proxy_pass         http://192.168.212.108;
				proxy_redirect     off;
				proxy_set_header   Host $http_host;
				proxy_set_header   X-Real-IP $remote_addr;
				proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
				proxy_set_header   X-Forwarded-Host $server_name;
			proxy_set_header   X-Forwarded-Proto $scheme;
		}
}

server {
		server_name rose.domain.id;
		location / {
			proxy_pass http://192.168.212.110;
			proxy_set_header Host $http_host;
			proxy_set_header X-Real-IP $remote_addr;
			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
			proxy_set_header X-Forwarded-Proto $scheme;
		}
}

server {
		server_name jasmine.domain.id;
		return 301 https://$server_name$request_uri;
}

server {
		listen 443;
		server_name jasmine.domain.id;
		ssl on;
		ssl_certificate /etc/letsencrypt/live/jasmine.domain.id/fullchain.pem;
		ssl_certificate_key /etc/letsencrypt/live/jasmine.domain.id/privkey.pem;
		ssl_session_timeout 1d;
		ssl_protocols TLSv1.2;
		add_header Strict-Transport-Security max-age=15768000;

		location / {
			proxy_pass         http://192.168.212.112;
			proxy_redirect     off;
			proxy_set_header   Host $http_host;
			proxy_set_header   X-Real-IP $remote_addr;
			proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
			proxy_set_header   X-Forwarded-Host $server_name;
			proxy_set_header   X-Forwarded-Proto $scheme;
		}
}

server {
		server_name orchid.domain.id;
		return 301 https://$server_name$request_uri;
}

server {
		listen 443;
		server_name orchid.domain.id;
		ssl on;
		ssl_certificate /etc/letsencrypt/live/orchid.domain.id/fullchain.pem;
		ssl_certificate_key /etc/letsencrypt/live/orchid.domain.id/privkey.pem;
		ssl_session_timeout 1d;
		ssl_protocols TLSv1.2;
		add_header Strict-Transport-Security max-age=15768000;

		location / {
			proxy_pass         http://192.168.212.113;
			proxy_redirect     off;
			proxy_set_header   Host $http_host;
			proxy_set_header   X-Real-IP $remote_addr;
			proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
			proxy_set_header   X-Forwarded-Host $server_name;
			proxy_set_header   X-Forwarded-Proto $scheme;
		}
}

Thank you, NGINX.

Apache2 Server Hardening

How to Disable Browsable Web Directories on Apache2

Add this line to your site configuration.

  Options All -Indexes

Example

<VirtualHost *:8080>
	ServerAdmin webmaster@localhost
	DocumentRoot /var/www/html
	<Directory /var/www/html>
		Options All -Indexes
		AllowOverride None
	</Directory>
	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

To disable the Apache2 manual page, add a comment at this line.

# IncludeOptional conf-enabled/*.conf

Reload your Apache2 service.

sudo systemctl reload apache2

Finish.

How to Disable HTTP TRACE / TRACK Methods

Add this line to your Apache2 configuration.

TraceEnable off

Reload your Apache2 service.

sudo systemctl reload apache2

Create TRACE request to verify configuration.

$ curl -i -X TRACE http://localhost/
HTTP/1.1 405 Method Not Allowed
Date: Mon, 03 Sep 2018 06:53:36 GMT
Server: Apache/2.4.18 (Ubuntu)
Allow: 
Content-Length: 223
Content-Type: text/html; charset=iso-8859-1

Method Not Allowed
The requested method TRACE is not allowed for the URL /.

Finish.

Web Proxy

NGINX better than MikroTik.

server {

		server_name your.domain.id;
		#return 301 https://$server_name$request_uri;
}

server {
		listen 443;
	server_name your.domain.id;
	ssl on;
		ssl_certificate /etc/letsencrypt/live/your.domain.id/fullchain.pem;
		ssl_certificate_key /etc/letsencrypt/live/your.domain.id/privkey.pem;
		ssl_session_timeout 1d;
		ssl_protocols TLSv1.2;
		add_header Strict-Transport-Security max-age=15768000;

		location / {
				proxy_pass         http://127.0.0.1:8000;
				proxy_redirect     off;
				proxy_set_header   Host $http_host;
				proxy_set_header   X-Real-IP $remote_addr;
				proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
				proxy_set_header   X-Forwarded-Host $server_name;
		}
}

server {
		server_name orchid.domain.id;
		location / {
				proxy_pass http://192.168.200.103;
		proxy_set_header Host $http_host;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Proto $scheme;
		}
}
server {
		server_name rose.domain.id;
		location / {
				proxy_pass http://192.168.200.108;
		proxy_set_header Host $http_host;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Proto $scheme;
		}
}
server {
		server_name jasmine.domain.id;
		location / {
				proxy_pass http://192.168.200.110;
		proxy_set_header Host $http_host;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Proto $scheme;
		}
}
server {
		server_name lily.domain.id;
		location / {
				proxy_pass http://192.168.200.112;
		proxy_set_header Host $http_host;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Proto $scheme;
		}
}
server {
		server_name magnolia.domain.id;
		location / {
				proxy_pass http://192.168.200.113;
		proxy_set_header Host $http_host;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Proto $scheme;
		}
}

Tell me about HAProxy.