Example of command:
curl -s https://validator.w3.org/nu/?doc=https%3A%2F%2Feasybiny.com | grep "The document validates according to the specified schema(s)" | wc -l
where you can add your url in RED.
Result interpretation:
if 0 -> not valid
if 1 -> HTML is valid
Saturday, January 4, 2020
Thursday, January 2, 2020
Implement HTTP Basic Authentification for your website
1. Create password file and add user/pass:
sudo htpasswd -c /etc/httpd/passwd/.easybiny user
2. Add the following directive to your desired virtual host/folder:
<Directory "/var/www/html/easybiny/stage">
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/httpd/passwd/.easybiny
Require valid-user
</Directory>
3. Test - it shall work like a charm:
sudo htpasswd -c /etc/httpd/passwd/.easybiny user
2. Add the following directive to your desired virtual host/folder:
<Directory "/var/www/html/easybiny/stage">
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/httpd/passwd/.easybiny
Require valid-user
</Directory>
3. Test - it shall work like a charm:
Wednesday, January 1, 2020
Install free SSL certificate for Apache HTTPD/AWS Linux 2 Instance
After you have your site in place, but https traffic is not enabled, you shall follow the next steps to generate free certificate from https://letsencrypt.org/ :
1. Install and enable proper EPEL
cd /tmp
wget -O epel.rpm –nv https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
sudo yum install -y ./epel.rpm
2. Install required certbot tool:
sudo yum install python2-certbot-apache.noarch
3. Use following command to install first certificate with certbot:
sudo certbot -i apache -a manual --preferred-challenges dns -d easybiny.com
Note: At some point, you are prompted to deploy a DNS TXT record with the name “_acme-challenge.easybiny.com” with the supplied value.
If using AWS Route53, this is fairly simple by adding another TXT record with proper value.
Before going forward, please make sure the value was properly propagated:
nslookup
set ty=txt
>_acme-challenge.easybiny.com
4. Optional security step:
Edit the file
vi /etc/letsencrypt/options-ssl-apache.conf
Look for the line beginning with SSLProtocol and change it to the following - this is to prevent TLS 1.2 from being used:
SSLProtocol all -SSLv2 -SSLv3 -TLSv1
5. Restart Apache:
service httpd restart
6. Make sure port 443 is inbound enabled at AWS SecurityGroup Level.
Note: To renew certificate or add a new one (e.g. for subdomain like stage.easybiny.com), following commnad is to be used:
certbot certonly --webroot -w /var/www/html/easybiny/stage -d stage.easybiny.com
Important: If Basic Auth is enabled for the site, you will need to temporary disable it for the certificate renewal to succeed.
1. Install and enable proper EPEL
cd /tmp
wget -O epel.rpm –nv https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
sudo yum install -y ./epel.rpm
2. Install required certbot tool:
sudo yum install python2-certbot-apache.noarch
3. Use following command to install first certificate with certbot:
sudo certbot -i apache -a manual --preferred-challenges dns -d easybiny.com
Note: At some point, you are prompted to deploy a DNS TXT record with the name “_acme-challenge.easybiny.com” with the supplied value.
If using AWS Route53, this is fairly simple by adding another TXT record with proper value.
Before going forward, please make sure the value was properly propagated:
nslookup
set ty=txt
>_acme-challenge.easybiny.com
4. Optional security step:
Edit the file
vi /etc/letsencrypt/options-ssl-apache.conf
Look for the line beginning with SSLProtocol and change it to the following - this is to prevent TLS 1.2 from being used:
SSLProtocol all -SSLv2 -SSLv3 -TLSv1
5. Restart Apache:
service httpd restart
6. Make sure port 443 is inbound enabled at AWS SecurityGroup Level.
Note: To renew certificate or add a new one (e.g. for subdomain like stage.easybiny.com), following commnad is to be used:
certbot certonly --webroot -w /var/www/html/easybiny/stage -d stage.easybiny.com
Important: If Basic Auth is enabled for the site, you will need to temporary disable it for the certificate renewal to succeed.
Subscribe to:
Posts (Atom)