Friday, February 10, 2017

[howto] Install DokuWiki in Ubuntu 14.04 and nginx on DigitalOcean VPS

This is the base link I used:

https://www.digitalocean.com/community/tutorials/how-to-install-dokuwiki-with-nginx-on-an-ubuntu-12-04-vps

Its slightly old, meant for Ubuntu 12.04. But if you're somewhat familiar with linux and how nginx works, you should have no trouble getting it working.

Comments on the bottom also have changes needed to get it working in 16.04, the next LTS.

Thursday, February 09, 2017

[howto] Fix certbot-auto renew failure (404)

Here's how to fix this type of error:

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/my-domain-example.com.conf
-------------------------------------------------------------------------------
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for my-domain-example.com
http-01 challenge for www.my-domain-example.com
Waiting for verification...
Cleaning up challenges
Attempting to renew cert from /etc/letsencrypt/renewal/my-domain-example.com.conf produced an unexpected error: Failed authorization procedure. my-domain-example.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://my-domain-example.com/.well-known/acme-challenge/0s8Ci_55qtap46cwbXbL8uhGRRnf_M7_tkcH1DjObjU: "
404 Not Found

404 Not Found


", www.my-domain-example.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.my-domain-example.com/.well-known/acme-challenge/3ZwAH4Q5mgHx3hCKty7OYsDHgh9ZiwlgrI-JnSMA6XQ: "
404 Not Found

404 Not Found


". Skipping.

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/my-domain-example.com/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: my-domain-example.com
   Type:   unauthorized
   Detail: Invalid response from
   http://my-domain-example.com/.well-known/acme-challenge/:
   "
   404 Not Found
   
   

404 Not Found

   
"

   Domain: www.my-domain-example.com
   Type:   unauthorized
   Detail: Invalid response from
   http://www.my-domain-example.com/.well-known/acme-challenge/:
   "
   404 Not Found
   
   

404 Not Found

   
"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address.

The error is showing that the client is getting a 404 error webpage as a response to its challenge. The reason this seemed to be happening was that I had HSTS on, which prevented the challenge from going through properly.

For me the the answer was to disable SSL for that website. Then run the certbot-auto renew. This allowed the script to renew the certs. Afterwards simply re-enable SSL.

The simplest way for me to disable SSL was to remove the relevant entries in my config file.
/etc/nginx/sites-available/ 

Sunday, December 18, 2016

[howto][svn] Quickly revert a commit

There are more flexible ways, but here is a quick way to simply revert one commit.

svn merge -c -[R]

R = Revision.

So reverting commit 5400 would be:

svn merge -c -5400
Don't forget that dash before the revision.

Taken from:

 http://stackoverflow.com/questions/13330011/how-do-i-revert-an-svn-commit

Tuesday, December 06, 2016

[VirtualBox][howto] Map COM port higher than COM9

According to https://www.virtualbox.org/ticket/6421

Trying to map a COM port higher than COM9 in virtual box will result in this error:

(VERR_FILE_NOT_FOUND).
Details:
Fehlercode: E_FAIL (0x80004005)
Komponente: Console
Interface: IConsole {6375231a-c17c-464b-92cb-ae9e128d71c3}

The solution is to give the full path:

COM12 would be \\.\COM12.

Saturday, October 08, 2016

[Kodi] [howto] Enable Chinese Subtitles

Enabling chinese ( or really any non-western character based) subtitles in Kodi should be simple, but requires a few steps that, when not performed perfectly, leads to a frustrating set of garbage characters.


1.) Replace Kodi's default arial.ttf ( or add ) a font that has full unicode support. Most tutorials online use DejaVuSans+DriodSansFallback.ttf. Unfortunately the post I found had a faulty link, but a bit of quick googling showed it was available here:

DejaVu Sans Font Free by DejaVu Fonts | Font Squirrel


2.) Place the .ttf file in Kodi's "Fonts" folder. Depending on your platform this can be in different places. Here are the common ones I've found:

Linux: /usr/share/kodi/media/Fonts/.
OSX: /Users//Library/Application Support/Kodi/kodi/media/Fonts

(For OSX, the Fonts folder wasn't there, so I had to create it).

3.) Choose the font in: Settings>Video>Subtitles>Font for use for Subtitles.

4.) Choose the right character set: Settings>Video>Subtitles>Character Set (for Chinese I used "Chinese Simplified (GBK)". Without this step, you will get garbage output, regardless of the font.

5.) Optional: Add the language you'd like to Download for, if you use the subtitle downloaders, which are quite helpful.

If any options don't appear, make sure you're in the "Expert" mode for the settings.

Troubleshooting:

If you're seeing BOXES for the text, then your font doesn't support the right character set, change your font.

If you're seeing GARBAGE for the test, then you haven't chosen the correct character in the settings. Choose the correct one.

Saturday, June 25, 2016

[howto] [Linux] proxychains + SOCKS5 best practices

Recently was messing around with proxychains in order to allow some commands and programs that don't natively support proxies to be used more securely.

I followed this excellent tutorial:


This worked great, but it requires an SSH tunnel. This is great if you have access to a VPS. But what if you're using some kind of commercial VPN service ( such as PIA ). You need to set up proxychains to use SOCKS5. 

This isn't very difficult. You simply need to add the following line to the [ProxyList] section of your proxychains.conf file:

socks5 IP Port Username Password

I set it up for PIA, so this was my config:

 socks5 109.201.154.239 1080   username ( the one starting with x) password (yes hardcoded, but later on we have a work-around for this glaring security hole).

Unfortunately proxychains seems to not handle DNS names, so I used an IP for PIA's socks proxy ( proxy-nl.privateinternetaccess.com ).

The instructions are available at:

PIA Instructions Page

nslookup proxy-nl.privateinternetaccess.com yielded quite a few IPs:

Name:    proxy-nl.privateinternetaccess.com
Address: 109.201.138.234
Name:    proxy-nl.privateinternetaccess.com
Address: 109.201.154.245
Name:    proxy-nl.privateinternetaccess.com
Address: 109.201.154.165
Name:    proxy-nl.privateinternetaccess.com
Address: 46.166.186.204
Name:    proxy-nl.privateinternetaccess.com
Address: 109.201.138.229

.
.
.
.






You can pick any one to use. Though, I imagine they are used in round-robbin to share the load of the users. So if your proxy stops working all of a sudden, try changing to another IP.

Also the default setting:

# socks4  127.0.0.1 9050

Should be disabled, if you are using strict_chain, since it will error at not being able to contact the DNS through the (non-existant) TOR tunnel.

Test the connection:

proxychains wget www.google.com

Last of all, is the security concern about having to hard-code your password in a .conf file. My workaround has been to use a local, user-only file. Instead of using the above in /etc/proxychains.conf, create the same file in:

~/.proxychains/proxychains.conf

Create the directory if its not already there. Then ensure that only your user may read the file:


chmod go-rwx ~/.proxychains/proxychains.conf

A hash or shadow file would be better, but I haven't quite figured out how to have proxychains use something like that unfortunately.

Hope this is helpful!
 


Wednesday, April 27, 2016

initramfs + cron

If you find that your cron jobs aren't running until you first "edit" the cron job ( even though it was set in the initial initramfs). Check that you have the proper cron.update file, and that both files are owned by root. If one is owned by another user, say the user that you used to create the file, cron will read the config but not run the job. Silently.