Skip to content

Blog

A note on securing Webmin

  • by

Webmin by default allows root access to a system, and by default allows terminal access to the root user. Care should be taken to properly setup Webmin to disable the root user. Enable Two-Factor Authentication TOTP authentication can be enabled without installing any extra modules. Enable it by allowing TOTP Authentication in the Webmin configuration. Then, for each user enable TOTP authentication separately and save the resulting QR code (authentication key) into a password manager like Bitwarden or Microsoft authenticator. Make sure to test your two factor authentication for each user before you continue. Root should probably have this setup before you disable it. Disable… Read More »A note on securing Webmin

Removing index.php from WordPress URLs with nginx

  • by

Since I use nginx and varnish with WordPress (and lighttpd as the webserver), I was interested in using nginx to remove the index.php “directory” that is added to WordPress URLs. Perhaps this can be disabled with a more appropriate WordPress configuration, however since I didn’t want to mess with that, I did it myself. The code is “simple,” however it took a few hours to figure out. if ($uri ~ index.php){ set $redirect_allow 1;}if ($uri !~ ((154)|(admin-ajax.php))){ set $redirect_allow 1$redirect_allow;}if ($redirect_allow = 11){ rewrite ^\/(index.php)\/(.*)$ /$2 redirect;}if ($uri !~ ((!((\/)!(.+))))|(\/index.php\/(.)$)|(\/(wp-admin)(.))|(\/(wp-content)(.))|(\/(wp-login)(.))|(\/(wp-includes)(.*)))# If the URL is not empty, or it doesn’t contain index.php or or doesn’t contain… Read More »Removing index.php from WordPress URLs with nginx

OPNsense: A wireguard interface and BuyVM

  • by

This guide will show you how to setup an interface will be routed through Wireguard (which is then routed through your primary internet connection). With DHCP, you can auto-assign IP addresses even though the gateway has a static IP address. You can even setup IPv6 without NAT so your IPv6 addresses are public facing and routed IP addresses, which means connections to IPv6 addresses from your VPS will be able to connect directly to the systems on your VPN interface. By extension, this can be translated into a VLAN, however that will not be shown in this guide. Let’s get started. Setup your BuyVM Slice… Read More »OPNsense: A wireguard interface and BuyVM

Website Updates

  • by

I’ve been doing some work on the back-end of this website. It now has Varnish caching with an Nginx reverse proxy for SSL. I have modified WordPress to eliminate the resulting redirect loop that was caused by the SSL detection not working properly because of Lighttpd. Also, I have setup servers in Las Vegas, Miami, and Luxembourg (soon to be Switzerland), with the intention of using Anycast or a CDN to make this site highly available and redundant and to speed page loading times around the world. I continue to work on the back-end of this website as I learn these new technologies, which are… Read More »Website Updates

The Art of Shaving

  • by

The best things I’ve learned: 1) Shaving properly, 2) how to cut my own hair. I have the entire BaByliss Pro FX+ set: clippers, trimmers, and both a double foil shaver and a single foil shaver. Together, I spent about $500 for them new last year. However, I can give myself a shave and haircut for free in 20 minutes and to keep my sink clean, I have a bib which attaches to the mirror via a suction cup that works fine and it only cost $10, and a shave and haircut here in Pittsburgh is about $35 a pop, not including tip. I can… Read More »The Art of Shaving

My thoughts on the “State of the Union”

  • by

What’s amazing about the trump administration to me is the tariffs. There’s been a LOT of political discussion on Facebook, many of it from friends, even some whom don’t normally post on Facebook. What stands out to me about the Trump administration is the tariffs. While I have mixed feelings on them, as they are both beneficial for this country and bad, I think they are a major turning point in this country and a symptom of a bad leader. This country was founded on rebellion against taxes from Great Britain as the 13 colonies, as we were dependent upon their imports. However, as you… Read More »My thoughts on the “State of the Union”

OPNsense: Setting up a Wireguard router with DHCPv6 for your IPv6 subnet

  • by

The title of this post is a bit vague, so let me explain more carefully what this post is about. With this guide, you will be able to setup OPNsense and a Wireguard client that will give you both IPv4 internet (via standard NAT) and IPv6 internet via public routed IPs. The magic is to use a bridge between your LAN interface and your Wireguard interface and then setup a DHCPv6 server to assign DHCP addresses with router advertisement. This guide assumes your Wireguard server is already setup and working. There is another guide in my blog which covers setting up the server, the process… Read More »OPNsense: Setting up a Wireguard router with DHCPv6 for your IPv6 subnet

Wireguard with Pi-hole, unbound and IPv6/DNSSEC/UFW

  • by

First, follow the instructions to setup Wireguard if you haven’t already done so using my guide. You may also need to update your system: sudo apt updatesudo apt upgrade Installing Pi-hole is very simple. My preferred method is to install from Git using the instructions below. Other instructions are available at the Pi-hole website. git clone –depth 1 https://github.com/pi-hole/pi-hole.git Pi-hole cd “Pi-hole/automated install/” sudo bash basic-install.sh Installing Unbound More information about the purpose of Unbound is available on Pi-hole’s website. Essentially, Pi-hole with Unbound adds an additional layer of privacy and security to your network by lessening the possibility of a man-in-the-middle attack as well… Read More »Wireguard with Pi-hole, unbound and IPv6/DNSSEC/UFW