Set Up Nginx Load Balancing with SSL Termination

Nginx can be configured as a load balancer to distribute incoming traffic around several backend servers. SSL termination is the process that occurs on the load balancer which handles the SSL encryption/decryption so that traffic between the load balancer and backend servers is in HTTP. The backends must be secured by restricting access to the load balancer’s IP, which is explained later in this article.

Prerequisites
In this tutorial the commands must be run as the root user or as a user with sudo privileges. You can see how to set that up in the Users Tutorial. Continue reading “Set Up Nginx Load Balancing with SSL Termination” »

Share

Install webmin in Centos 7

Step 1 — Installing Webmin

First, we need to add the Webmin repository so that we can easily install and update Webmin using our package manager. We do this by adding a new file called /etc/yum.repos.d/webmin.repo that contains information about the new repository.

Create and open this new file using your text editor:

sudo vi /etc/yum.repos.d/webmin.repo

Then add these lines to the file to define the new repository:

/etc/yum.repos.d/webmin.repo
[Webmin]
name=Webmin Distribution Neutral
#baseurl=http://download.webmin.com/download/yum
mirrorlist=http://download.webmin.com/download/yum/mirrorlist
enabled=1

Save the file and exit the editor. Next, add the Webmin author’s PGP key so that your system will trust the new repository: Continue reading “Install webmin in Centos 7” »

Share

Important Exim Commands

To get a count of messages in the queue

exim -bpc

Print a listing of the messages in the queue (time queued, size, message-id, sender, recipient)

exim -bp

Print a summary of messages in the queue (count, volume, oldest, newest, domain, and totals):

exim -bp | exiqsumm

Print what Exim is doing right now:

exiwhat

Display the version of Exim and the location of Exim configuration file: Continue reading “Important Exim Commands” »

Share

The SSL/TLS Handshake: an Overview

Obligatory SSL/TLS Handshake Graphic
All SSL/TLS-related sites have their own version of a handshake diagram – here’s ours! (Click to enbiggen.)

Let’s Clear Up Some Confusion, If We Can
Some confusion about how SSL/TLS handshakes work is due to the handshake being only the prelude to the actual, secured session itself. Let’s try to address some common points: Continue reading “The SSL/TLS Handshake: an Overview” »

Share

Test your DNS using Dig, Nmap, Tcpdump

For DNS resolution to succeed to 192.168.0.1, the DNS server at 192.168.0.1 will need to accept TCP and UDP traffic over port 53 from our server. A port scanner such as the nmap tool can be used to confirm if the DNS server is available on port 53 as shown below.

Note: To install nmap run ‘yum install nmap -y’.

[root@centos ~]# nmap -sU -p 53 192.168.0.1
Starting Nmap 6.40 ( http://nmap.org ) at 2015-08-26 15:22 AEST
Nmap scan report for 192.168.0.1
Host is up (0.00091s latency).
PORT STATE SERVICE
53/udp open|filtered domain
MAC Address: 02:00:79:55:00:0D (Unknown)
Nmap done: 1 IP address (1 host up) scanned in 0.29 seconds

[root@centos ~]# nmap -sT -p 53 192.168.0.1
Starting Nmap 6.40 ( http://nmap.org ) at 2015-08-26 15:22 AEST
Nmap scan report for 192.168.0.1
Host is up (0.00099s latency).
PORT STATE SERVICE
53/tcp open domain
MAC Address: 02:00:79:55:00:0D (Unknown)
Nmap done: 1 IP address (1 host up) scanned in 0.07 seconds

Continue reading “Test your DNS using Dig, Nmap, Tcpdump” »

Share

Let’s Encrypt service with Pound server

In order to install Certbot on your server, follow the next steps: (make sure you have “git” installed on your system)

$sudo apt-get install git (if not previously installed)
$cd /opt
$sudo git clone https://github.com/certbot/certbot

Running the above commands will download the Certbot latest release from their git repo in the /opt folder. Then we need to stop any service that might be using port 80 on our server, since the installation type we will be performing on this tutorial is the “standalone” type described on the Cerbot documentation, there are other ways to install the certificates, it is up to your preference.
Since this tutorial is about Pound, we are assuming the daemon is already installed so we need to stop it:

$sudo service pound stop

once the service is stopped, run:

$cd /opt/certbot
$sudo ./letsencrypt-auto --text --email YOUR@EMAIL -d YOUR_DOMAIN --agree-tos --standalone certonly

by default, running the command above will generate the necessary key files (*.pem) in the following folder:

/etc/letsencrypt/live/YOUR_DOMAIN/

now, we need to create a private key file that Pound can understand, to do so run the following:

$sudo cat /etc/letsencrypt/live/YOUR_DOMAIN/privkey.pem /etc/letsencrypt/live/YOUR_DOMAIN/fullchain.pem > /etc/ssl/YOUR_DOMAIN.pem

doing so, will concatenate the privkey.pem file and the fullchain.pem file generated by Cerbot into a single file that will be stored into your ssl certificates folder, this is very important! Continue reading “Let’s Encrypt service with Pound server” »

Share

Add Google Calendar to Thunderbird Mail Client

There are two plugins that must be installed:

Install both of these plugins, from within Thunderbird (Menu button | Plugins | See all and then search for Lightning and then Provider for Google. Click Add to Thunderbird and then, when prompted, restart the app).

Once these have been installed, and Thunderbird restarted, you’re ready to configure.

Adding a Google Calendar
Open up the Lightning calendar tab (click on the Lightning icon in the top right corner of the Thunderbird window). Right-click a blank spot in the Calendar pane (left side of the window) and click New Calendar. In the resulting window (Figure A), click On the Network and then click Next.

Created with GIMP

Figure A

Creating a new calendar in Lightning.
In the Locate your calendar window (Figure B), select Google Calendar, and click Next. Continue reading “Add Google Calendar to Thunderbird Mail Client” »

Share

LEMP on Centos 6

In this guide, we’ll walk you through installing all of these components (except for Linux, which is already installed as your OS when you create the server).

Install the Extra Packages for Enterprise Linux Repository (or EPEL for short):sudo yum install epel-release
Run a yum update to sync your packages with the new EPEL repository:

sudo yum update

Install MySQL:

sudo yum install mysql-server

Activate MySQL:

sudo service mysqld start

Configure your MySQL installation:

sudo /usr/bin/mysql_secure_installation

Make it so that MySQL will start automatically on server reboot: Continue reading “LEMP on Centos 6” »

Share

Best Practices on Email Protection: SPF, DKIM and DMARC

Once we installed Zimbra Collaboration, we need to be aware of some additional configurations that will allow us to send emails to other Email systems with an improve Security, such Gmail, Hotmail, Yahoo!, etc. This Wiki article will show the different Email Protection resources that exists, depends of the volume of sent email, will be better to implement only one, or two, or maybe all of them, depends.

SPF
Sender Policy Framework (SPF) is an email validation system, designed to prevent unwanted emails using a spoofing system. To check this common security problem, SPF going to verify the source IP of the email and compare it with a DNS TXT record with a SPF content. 

Where needs to be configured?
SPF needs to be configured in the Public DNS Continue reading “Best Practices on Email Protection: SPF, DKIM and DMARC” »

Share

How to start Google Chrome in Incognito Mode default

  1. Place a Google Chrome shortcut on the desktop (or any other desired location).
  2. Rename the shortcut to any convenient name like – Private Chrome.
  3. Right click on the shortcut and select “˜Properties’.
  4. On the “˜Target’ field add an –incognito to the end of program path. (Note: Make sure there is a space between the last apostrophe and the dash).
  5. Your incognito browser is now ready for launch. If you select “˜New Window’ from settings, you will get a normal non-incognito chrome window.

Continue reading “How to start Google Chrome in Incognito Mode default” »

Share