Gospel. Culture. Technology. Music.

Category: Technology Page 1 of 17

Redirecting HTTP Requests to HTTPS on Same Port in NGINX

I had a particular need with Shoutcast (since the application is 1) able to do HTTP and HTTPS on the same port, and 2) since I wanted to reverse proxy those requests for security filtering with ModSecurity) to have HTTP requests that hit the HTTPS port to upgrade those requests to HTTPS on the same port instead of just erroring out (bad protocol error). Some of this had to do with browser and other client-end mechanisms forcing an HTTPS upgrade of late, but finding it wasn’t working correctly all the time. I struggled to find a good solution but came to an answer finally on stackoverflow. I’m documenting it here for future reference and for those that may need that kind of functionality since it’s a very specific request. I normally just do a 301 redirect for situations like this, but it doesn’t seem to work when streaming media for whatever reason using particular media clients. This has done the trick.

IPv6 Firewall Rules (EdgeRouter 4) – Part 3

In my last post, I explained how to go about utilizing IPv6 prefix delegation using a Ubiquiti EdgeRouter 4, connected to an AT&T internet router that has IPv6 enabled on both the WAN and the LAN side. Now we’re going to walk through the basic firewall rules you need in place to protect your IPv6 network. And when I say basic, I mean the bare minimum to make sure the entire internet can’t get to your IPv6 devices, because if you’ve finished with the last post, your devices are likely open right now. šŸ˜

Enabling IPv6 Prefix Delegation on AT&T Internet for a Second Firewall (EdgeRouter 4) – Part 2

From the outset, it’s important to note that this is intended only for those who already have completed part one on the AT&T router, which is 1) enabling IPv6 on the LAN side and 2) enabling prefix delegation for the LAN. In addition, I’m using a Ubiquiti EdgeRouter 4 for my second firewall and this guide reflects that. However, if you’re using another IPv6 capable router, you may be able to glean settings from this and match them to your configuration.

Enabling IPv6 on AT&T Internet – Part 1

*Disclaimer: If you enable this and mess with it in such a way as to make your network insecure, I’m not responsible for what may or may not happen due to your lack of security implementation related to traffic passing in and out of your internal network, i.e. if you get hacked, sorry, although I’ll gladly get employed to mitigate the situation ;).

Chrome Remote Desktop Running on Ubuntu 18.04

These are the settings I had to change in the config file to get Chrome Remote Desktop working on my Ubuntu 18.04 server. Thanks to this site: https://superuser.com/questions/778028/configuring-chrome-remote-desktop-with-ubuntu-gnome-14-04

  1. Make a backup and then edit /opt/google/chrome-remote-desktop/chrome-remote-desktop
  2. Add screen size(s if multiples) to DEFAULT_SIZES to look like this:
    DEFAULT_SIZES = “1920×1080,3840×2160”
  3. Changed display number to 0:
    FIRST_X_DISPLAY_NUMBER = 0
  4. Comment out this section:
    #while os.path.exists(X_LOCK_FILE_TEMPLATE % display):
    #display += 1

  5. In this section, comment out self._launch_x_server(x_args) and self._launch_x_session() (shown below) and then add this:

    display = self.get_unused_display_number()
    self.child_env[“DISPLAY”] = “:%d” % display

    so that it looks like this:

    def launch_session(self, x_args):
    self._init_child_env()
    self._setup_pulseaudio()
    self._setup_gnubby()
    #self._launch_x_server(x_args)
    #self._launch_x_session()
    display = self.get_unused_display_number()
    self.child_env[“DISPLAY”] = “:%d” % display

  6. Save and exit, then stop and start the Chrome Remote Desktop service from the command line:
    sudo service chrome-remote-desktop stop
    sudo service chrome-remote-desktop start

OpenVPN IPv6 Setup on Ubuntu

Documenting settings to get IPv6 setup within the configuration for OpenVPN, plus forwarding all IPv6 traffic through the VPN. This has no explanation of how you obtain IPv6 address prefixes frrom your ISP or how it works differently from IPv4, just simply how to get it working within OpenVPN. Will update if needed.

Ubiquiti EdgeRouter 4 IPv6 Setup

Update: for a newer version of this information set within the Config Tree portion of the web interface of the EdgeRouter 4, read this post, with pictures and all! šŸ™‚ https://davidwesterfield.net/2021/03/enabling-ipv6-prefix-delegation-on-att-internet-for-a-second-firewall/


I’m archiving this information for future reference because I (or others) may need it. This was extremely helpful in getting AT&T’s allotted IPv6 subnet(?) (properly called: delegated prefix) setup in my EdgeRouter 4, although I wound up having to use the web interface and configuring the same settings within the Config section. Without further ado (or a whole lot of ado below) here is Bradley Heilbrun’s explanation.


Social Media Engagement Guidelines From the Larger Catechism

From the Westminster Larger Catechism. Iā€™m still learning how all of this applies in the realm of social media engagement specifically and desire to walk this way (albeit imperfectly).

Q. 144. What are the duties required in the ninth commandment?

A. The duties required in the ninth commandment are, the preserving and promoting of truth between man and man, and the good name of our neighbor, as well as our own; appearing and standing for the truth; and from the heart, sincerely, freely, clearly, and fully, speaking the truth, and only the truth, in matters of judgment and justice, and in all other things whatsoever; a charitable esteem of our neighbors; loving, desiring, and rejoicing in their good name; sorrowing for and covering of their infirmities; freely acknowledging of their gifts and graces, defending their innocency; a ready receiving of a good report, and unwillingness to admit of an evil report, concerning them; discouraging talebearers, flatterers, and slanderers; love and care of our own good name, and defending it when need requireth; keeping of lawful promises; studying and practicing of whatsoever things are true, honest, lovely, and of good report.

Q. 145. What are the sins forbidden in the ninth commandment?

A. The sins forbidden in the ninth commandment are, all prejudicing the truth, and the good name of our neighbors, as well as our own, especially in public judicature; giving false evidence, suborning false witnesses, wittingly appearing and pleading for an evil cause, outfacing and overbearing the truth; passing unjust sentence, calling evil good, and good evil; rewarding the wicked according to the work of the righteous, and the righteous according to the work of the wicked; forgery, concealing the truth, undue silence in a just cause, and holding our peace when iniquity calleth for either a reproof from ourselves, or complaint to others; speaking the truth unseasonably, or maliciously to a wrong end, or perverting it to a wrong meaning, or in doubtful or equivocal expressions, to the prejudice of the truth or justice; speaking untruth, lying, slandering, backbiting, detracting, talebearing, whispering, scoffing, reviling, rash, harsh, and partial censuring; misconstructing intentions, words, and actions; flattering, vainglorious boasting, thinking or speaking too highly or too meanly of ourselves or others; denying the gifts and graces of God; aggravating smaller faults; hiding, excusing, or extenuating of sins, when called to a free confession; unnecessary discovering of infirmities; raising false rumors, receiving and countenancing evil reports, and stopping our ears against just defense; evil suspicion; envying or grieving at the deserved credit of any; endeavoring or desiring to impair it, rejoicing in their disgrace and infamy; scornful contempt, fond admiration; breach of lawful promises; neglecting such things as are of good report, and practicing, or not avoiding ourselves, or not hindering what we can in others, such things as procure an ill name.

ERLC Releases Statement on Artificial Intelligence

https://erlc.com/resource-library/articles/why-we-need-a-statement-of-principles-for-artificial-intelligence

“For the first time in a long time, I believe that we can speak the words of truth into an issue that can have true and lasting effects on how tools like AI are developed and used in our world. The benefits of this technology are great, but the dangers are real. Just as electricity changed everything about our society, AI is due to change even more in a shorter period of time. We are entering a new age of AI where everything about your life and our communities will be different. The church has the unique opportunity and obligation to speak boldly to a watching word with a word of hope and peace that who you are is not tied to what you do, rather your dignity is tied to the One that created the entire world. No matter how advanced AI might become in the future or how dependent our society already is on the technology, nothing can change who you are as an image bearer of God. This guiding ethic drives everything we do as Christians and has life-altering applications to the issues that AI is presenting to our homes, communities, and world.”

Security Mashup: Four Steps to Secure WordPress

After working through a number of WordPress sites over the years and either preventing hack attempts or intervening in cleaning up hacked sites, I’ve “engineered” a free way to keep your site secure with the use of these plugins in conjunction:

  1. iQ Block Country: This plugin will prevent certain countries that you set from accessing either the front-end of your site, or (in the cases I use it for almost exclusively) the back-end. For the purposes of the sites I manage, I block all except the United States on the back-end and leave the front-end open to all.
  2. Jetpack: this is a great plugin to utilize anyway just for stats collection, image/CDN offloading, but included within this plugin is the ability to turn on brute force login protection. Another very helpful prevent if these other tools don’t catch something.
  3. WordFence: this free tool (that actually does have a subscription service for even better protection) is a web application firewall for use directly within WordPress. One of the big things it prevents are brute force login attacks, XSS attacks and SQL injection attacks, amongst others. Now, a web app firewall (like ModSecurity or some other hardware appliance like a Barricuda or Cisco firewall) in front of the application itself would work even better at preventing attacks before they even got to your WordPress site (if setup correctly), but can be quite advanced to install and configure. Regardless, this plugin is a great way to keep those kinds of attacks at bay.
  4. Invisible reCaptcha: this utilizes the newer version 3 of Google’s reCaptcha to prevent automated bots from either spamming the comment sections of your posts or pages or from brute force attempts to login to your site as admin.

None of these methods are fool proof from attacks getting through some other threat vector, but I’ve found this to catch quite a bit of junk on all the sites I’ve set them up on.

And one last thing: make sure and secure your site with SSL?!? šŸ™‚

Page 1 of 17

Powered by WordPress & Theme by Anders Norén