Access Your Files ANYWHERE You Go — The Ultimate Pi 5 Setup
Reply
Category Archives: Internet
You NEED to setup Gluetun!
How to disable Xfinity hotspot on my modem?
To disable the Xfinity hotspot, use the Xfinity app, going to WiFi > View Wi-Fi equipment > Advanced settings > Xfinity WiFi hotspot network, and toggle it off; alternatively, use the website at customer.xfinity.com/#/settings/security/hotspot, but some hidden Xfinity networks (like for TV boxes) might still broadcast.
Does GL.iNet belong in your Home Network, and does it do VLANs? Hot Take! Flint
Your Boss Thinks You’re at Home… GL.iNet Flint 3
WireGuard and pivpn
PiVPN (https://www.pivpn.io/) – You can install it on any Debian OS, including Ubuntu
Letsencrypt and Certbot
Certbot User Guide
https://eff-certbot.readthedocs.io/en/latest/using.html
Instructions to install Certbot and a DNS plugin:
https://certbot.eff.org/instructions?ws=nginx&os=snap&tab=wildcard
Request a certificate via Cloudflare plugin:
Remove Snap Certbot (if exists)
sudo snap remove certbot
Install Certbot via APT (Debian/Ubuntu package):
sudo apt update
sudo apt install certbot python3-certbot-dns-cloudflare
Request a certificate:
# certbot-dns-cloudflare plugin
# https://certbot-dns-cloudflare.readthedocs.io/en/stable/
sudo certbot certonly \
--dns-cloudflare \
--dns-cloudflare-credentials /root/.secrets/certbot/cloudflare.ini \
--dns-cloudflare-propagation-seconds 60 \
-d mycompliancetracker.com \
-d *.mycompliancetracker.com \
-d myctracker.com \
-d *.myctracker.com \
-d myctrackerpro.com \
-d *.myctrackerpro.com
cloudflare.ini content
# cloudflare.ini
# Cloudflare API token used by Certbot
# Get if from https://dash.cloudflare.com/profile/api-tokens
# You have to create a new one - you cannot see the value of an existing one.
# The token needs Zone:DNS:Edit permission
dns_cloudflare_api_token = 0123456789abcdef0123456789abcdef01234567
Change the permissions of the file:
chmod 600 cloudflare.ini
Test automatic renewal
sudo certbot renew --dry-run
Delete a certificate
certbot delete --cert-name mycompliancetracker.com
# or to choose from a list:
certbot delete
Sync the certificates
ssh-keygen -t rsa -b 4096 -C "Let's Encrypt sync key" -f ~/.ssh/letsencrypt_sync_key
ssh-copy-id ubuntu@dev-server.mycompliancetracker.com
ssh-copy-id -f -i ~/.ssh/letsencrypt_sync_key.pub -o IdentityFile=~/.ssh/dev-server.mycompliancetracker.com ubuntu@dev-server.mycompliancetracker.com
ssh-copy-id -f -i ~/.ssh/letsencrypt_sync_key.pub angel@ionos-ubuntu-01.anichin.com
-- Test to log in with the new key - Works
ssh -o 'IdentityFile=/root/.ssh/letsencrypt_sync_key' 'ubuntu@dev-server.mycompliancetracker.com'
ssh -o 'IdentityFile=/root/.ssh/letsencrypt_sync_key' 'angel@ionos-ubuntu-01.anichin.com'
ssh -o 'IdentityFile=/root/.ssh/letsencrypt_sync_key' 'root@ionos-ubuntu-01.anichin.com'
Transfer Certificates to Target Server
rsync -avz -e "ssh -i /root/.ssh/letsencrypt_sync_key" --rsync-path="mkdir -p /home/angel/letsencrypt/live/anichin.com && rsync" /etc/letsencrypt/live/anichin.com/ angel@ionos-ubuntu-01.anichin.com:/home/angel/letsencrypt/live/anichin.com/
rsync -avz -e "ssh -i /root/.ssh/letsencrypt_sync_key" --rsync-path="mkdir -p /home/angel/letsencrypt/archive/anichin.com && rsync" /etc/letsencrypt/archive/anichin.com/ angel@ionos-ubuntu-01.anichin.com:/home/angel/letsencrypt/archive/anichin.com/
rsync -avz -e "ssh -i /root/.ssh/letsencrypt_sync_key" --rsync-path="mkdir -p /home/angel/letsencrypt/renewal && rsync" /etc/letsencrypt/renewal/anichin.com.conf angel@ionos-ubuntu-01.anichin.com:/home/angel/letsencrypt/renewal/
rsync -avz -e "ssh -i /root/.ssh/letsencrypt_sync_key" --rsync-path="mkdir -p /home/angel/letsencrypt/live/pautalia.ca && rsync" /etc/letsencrypt/live/pautalia.ca/ angel@ionos-ubuntu-01.anichin.com:/home/angel/letsencrypt/live/pautalia.ca/
rsync -avz -e "ssh -i /root/.ssh/letsencrypt_sync_key" --rsync-path="mkdir -p /home/angel/letsencrypt/archive/pautalia.ca && rsync" /etc/letsencrypt/archive/pautalia.ca/ angel@ionos-ubuntu-01.anichin.com:/home/angel/letsencrypt/archive/pautalia.ca/
rsync -avz -e "ssh -i /root/.ssh/letsencrypt_sync_key" --rsync-path="mkdir -p /home/angel/letsencrypt/renewal && rsync" /etc/letsencrypt/renewal/pautalia.ca.conf angel@ionos-ubuntu-01.anichin.com:/home/angel/letsencrypt/renewal/
rsync -avz -e "ssh -i /root/.ssh/letsencrypt_sync_key" --rsync-path="mkdir -p /home/angel/letsencrypt/live/vickisplace.org && rsync" /etc/letsencrypt/live/vickisplace.org/ angel@ionos-ubuntu-01.anichin.com:/home/angel/letsencrypt/live/vickisplace.org/
rsync -avz -e "ssh -i /root/.ssh/letsencrypt_sync_key" --rsync-path="mkdir -p /home/angel/letsencrypt/archive/vickisplace.org && rsync" /etc/letsencrypt/archive/vickisplace.org/ angel@ionos-ubuntu-01.anichin.com:/home/angel/letsencrypt/archive/vickisplace.org/
rsync -avz -e "ssh -i /root/.ssh/letsencrypt_sync_key" --rsync-path="mkdir -p /home/angel/letsencrypt/renewal && rsync" /etc/letsencrypt/renewal/vickisplace.org.conf angel@ionos-ubuntu-01.anichin.com:/home/angel/letsencrypt/renewal/
Option 1: Use sudo Without Password Prompt
sudo visudo
angel ALL=(ALL) NOPASSWD: /bin/systemctl reload nginx