Skip to content

Category: Hosting

traefik v3 example with uptime-kuma

Here is an example of Traefik, using Uptime-Kuma as an example with a domain for it plus using letsencrypt to secure the domain. We also redirect HTTP to HTTPS.

The Traefik dashboard is not secure, so please implement security or a firewall.

This is just an example.

version: "3"

services:
 uk1:
    image: louislam/uptime-kuma:1
    container_name: uk1
    volumes:
      - ./uk1-data:/app/data
    ports:
      - 3001:3001  # <Host Port>:<Container Port>
    restart: always
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.uk1.tls.certresolver=myresolver"
      - "traefik.http.routers.uk1-http.entrypoints=web"
      - "traefik.http.routers.uk1-http.rule=Host(`your_domain_here`)"
      - "traefik.http.routers.uk1-http.middlewares=uk1-https"
      - "traefik.http.middlewares.uk1-https.redirectscheme.scheme=https"
      - "traefik.http.routers.uk1.entrypoints=websecure"
      - "traefik.http.routers.uk1.rule=Host(`your_domain_here`)"
      - "traefik.http.routers.uk1.tls=true"
    depends_on:
      - traefik
 traefik:
  image: traefik:v3.0
  command:
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.myresolver.acme.httpchallenge=true"
      - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
      - "--certificatesresolvers.myresolver.acme.email=your_email_address_here"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
  ports:
    - 80:80
    - 443:443
    - 8080:8080
  volumes:
    - "./letsencrypt:/letsencrypt"
    - /var/run/docker.sock:/var/run/docker.sock

https://gist.github.com/xavier-hernandez/48042d5cdb66a89ac5e92a92ecfeb7b5

Leave a Comment

tls: failed to verify certificate: x509: certificate signed by unknown authority

In building a docker image for a Go application using the Apline image, I kept getting this error “tls: failed to verify certificate: x509: certificate signed by unknown authority”. I thought it was something with the code I was writing, but it had to do with the docker image.

Adding this to your Dockerfile should fix the problem. The problem is that the docker container doesn’t have the necessary certs to validate the connection. You might also get around this issue by adding the “ca-certificates” package to the image, but I didn’t try that.

COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/

or (depends on how your building your image)

COPY /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
Leave a Comment

IIS Crypto and Azure DevOps Agent SSL Issue

Ran across a problem all of a sudden with Azure DevOps agents giving me an SSL connection error. This seemed to be only affecting Windows 2012 R2 servers.

AgentServer] System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.

You’ll have to make sure to enable or re-enable the following ciphers by going into the Cipher Suites in IIS Crypto. This works even if you use the “Best Practices” or “PCI 3.2” template.

Also, enabling the “Server Defaults” template works as well because it re-enables those ciphers.

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

I found some information about this issue here: Azure DevOps Agent installed on Windows Server 2012 R2 unable to TLS1.2 handshake with Azure Devops Agent Server https://developercommunity.visualstudio.com/t/azure-devops-agent-installed-on-windows-server-201/1651426

IIS Crypto can be found here: https://www.nartac.com/Products/IISCrypto

Leave a Comment

GoAccess for Nginx Proxy Manager Logs

This docker container should work out of the box with Nginx Proxy Manager to parse proxy logs. The goaccess.conf has been configured to only access proxy logs and archived proxy logs. No fuss, no muss.

The docker image scans and includes files matching the following criteria: proxy-host-*_access.log.gz proxy-host-*_access.log

Currently using GoAccess version: 1.5.5

Unraid container is also available.

https://hub.docker.com/r/xavierh/goaccess-for-nginxproxymanager

Leave a Comment

Spanish Wordle / Wordle Espanol

Cloned a Worlde repository and populated it with a Spanish wordlist.

https://wordle-es.xavier.cc/

Docker Image: https://hub.docker.com/r/xavierh/wordle-spanish-espanol

Leave a Comment

Custom Redirect for an HTTP 400 Bad Request in IIS

Had an issue redirecting 400 errors using httpErrors. Seems like you need to pass in existingResponse=”Replace” for it to work.

For more information : https://docs.microsoft.com/en-us/previous-versions/iis/settings-schema/ms690497(v=vs.90)

<httpErrors errorMode="DetailedLocalOnly" existingResponse="Replace">
            <remove statusCode="400" subStatusCode="-1" />
            <remove statusCode="404" subStatusCode="-1" />
            <error statusCode="400" prefixLanguageFilePath="" path="https://somewhere/400.html" responseMode="Redirect" />
            <error statusCode="404" prefixLanguageFilePath="" path="https://somewhere/404.html" responseMode="Redirect" />
</httpErrors>
Leave a Comment

.NET and TLS

  • Before .NET 4.6 – TLS 1.1 is default and negotiations start down
  • .NET 4.6 – TLS 1.2 is default and negotiations start down
  • .NET 4.7 – the default value of this property is SecurityProtocolType.SystemDefault. This allows .NET Framework networking APIs based on SslStream (such as FTP, HTTP, and SMTP) to inherit the default security protocols from the operating system or from any custom configurations performed by a system administrator.
Leave a Comment

Setting up Rocket.Chat with Mongo 4.2 via Docker

I could not find a docker-compose.yml example with rocket.chat using 4.2 so I pieced one together.

Also, some tips on these errors.

Error: $MONGO_OPLOG_URL must be set to the ‘local’ database of a Mongo replica set

MongoError: not master and slaveOk=false

Visit my Github repo for more information: https://github.com/xavier-hernandez/rocket.chat/

Leave a Comment

WordPress Error – The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.

WordPress was installed on a windows machine and recently started getting this error. Seems that the web.config was modified.

To fix the error above I updated the web.config to look like this and it fixed the problem.

<configuration>
<system.webServer>
    <rewrite>
      <rules>
        <rule name="Main Rule" stopProcessing="true">
                <match url=".*" />
                <conditions logicalGrouping="MatchAll">
                    <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
                    <add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
                </conditions>
                <action type="Rewrite" url="/" />
            </rule>
        </rules>
    </rewrite>
</system.webServer>
</configuration>
Leave a Comment

soyoustart – arm ufw error

If you get this error:

modprobe: ERROR: could not insert 'ip_tables': Exec format error
iptables v1.6.0: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

Run this:
$ wget http://last.public.ovh.hdaas.snap.mirrors.ovh.net/ubuntu/pool/main/l/linux-modules-armada375/linux-modules-armada375_4.5.2-4_armhf.deb
$ dpkg -i linux-modules-armada375_4.5.2-4_armhf.deb

Found on: https://www.lowendtalk.com/discussion/comment/2806769/#Comment_2806769

Leave a Comment

Sharepoint – Application Server Role, Web Server (IIS) Role – Configuration Error

When installing Sharepoint 2013 on a virtual machine running Windows Server 2012 R2 I keep getting a configuration error for the Application Server Role. After reading a bunch of material and trying to install Windows updates I’ve found that the only thing necessary is to make a copy of C:\Windows\System32\ServerManager.exe and rename the copy to C:\Windows\System32\ServerManagerCMD.exe. This seems to fix my installation problems.

Make sure to close the server manager window as well if you have it open. It seems to make the installation hang if its open.

Leave a Comment

WordPress – Time To First Byte Slow – IIS

I had a problem with a WordPress website that I recently moved to a new server running PHP 5.4 and IIS. I found that the fix to my problem was in the wp-config.php file. I had to change the hostname of the MySQL db from localhost to 127.0.0.1. Maybe this is an issue with IPv6 being enabled on the server. I’ll try and look at that later.

From…

/** MySQL hostname */
define('DB_HOST', 'localhost');

To…

/** MySQL hostname */
define('DB_HOST', '127.0.0.1');

 

Leave a Comment

Hostigation – Good for backups!

Just wanted to share information on this hosting provider. I’ve been using Hostigation for a while now for backups, cheap and for the most part pretty stable. Lately they’ve been problems with a spammer, which is not allowed, but they’ve fixed the problem.

The plans just give you 64MB of RAM but that’s because you don’t need RAM if your just doing backups and these plans are just for backups.

You can get up to 300GB for a quarterly payment of $40. That’s less than $15 bucks a month.

http://hostigation.com

Leave a Comment