How to get an A+ Rating with 100% score on the SSLLabs Test with NGINX

It can be a challange to get an A+ rating on a SSLLabs test, but i have done a configuration below that you are welcome to steal.

listen   443;


        ssl    on;
        ssl_prefer_server_ciphers on;
        ssl_session_cache    shared:SSL:50m;
        ssl_session_timeout  10m;
        ssl_dhparam /etc/nginx/ssl/dhparam.pem;
        add_header Strict-Transport-Security "max-age=31536000";
        ssl_certificate    /etc/nginx/ssl/pvangsgaard.com.pem;
        ssl_protocols       TLSv1.1 TLSv1.2;
        ssl_ciphers TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA:TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:AES256+EECDH:AES256+EDH:TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:!aNULL;
        ssl_ecdh_curve secp384r1;
        ssl_certificate_key    /etc/nginx/ssl/pvangsgaard.com.key;

My pem file is just a text file containing the signed certificate and a SSL bundle.

To generate your dhparam.pem file, run in the terminal

openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048

How To Install HipChat on Linux Mint 18.3

If you are using Hipchat from Atlassain for work or projec chat then the install guide for Linux is made for Ubuntu.

Only problem if you are using another distribution based on Ubuntu like Linux Mint 18.3 Cinnamon then it will fail to install.

The original guide looks like this

The problem is that the repository that the install guide will generate is wrong and not existing.

Just replace $(lsb_release -c -s) with xenial like this

sudo sh -c 'echo "deb https://atlassian.artifactoryonline.com/atlassian/hipchat-apt-client xenial main" > /etc/apt/sources.list.d/atlassian-hipchat4.list'
wget -O - https://atlassian.artifactoryonline.com/atlassian/api/gpg/key/public | sudo apt-key add -
sudo apt-get update
sudo apt-get install hipchat4

That will match with the Ubuntu 16.04 branch that Linux Mint 18.3 is based on.

If you allready have done the damage using the guide from Atlassain then just edit the file with

sudo nano /etc/apt/sources.list.d/atlassian-hipchat4.list

And find the sylvia line, replace it with xenial so it looks like this

deb https://atlassian.artifactoryonline.com/atlassian/hipchat-apt-client xenial main

Then

sudo apt update
sudo apt install hipchat4

WordPress | Writing Code in Your Posts

If you wan’t to use some of the special characters in your posts that overlabs html codes then will be hidden because they overlab HTML codes.

But there is a solution for that, you can use character codes in your source instead, just switch to Text view and replace them.

Here is a list of most used special character entities:

< = &lt; or &#60;
> = &gt; or &#62;
/ = &#47;  	
] = &#93;
[ = &#91;
" = &quot; or &#34;
' = &#39;
“ = &ldquo; or &#8220;
” = &rdquo; or &#8220;
‘ = &lsquo; or &#8216;
’ = &rsquo; or &#8217;
& = &amp; or &#38;

apache | redirect from http to https

I found this guide to how to redirect http to https on the apache wiki

https://wiki.apache.org/httpd/RewriteHTTPToHTTPS

I use it within the virtualhost container like this

<VirtualHost *:80>
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

ServerAdmin webmaster@somesite.tld
ServerName somesite.tld
ServerAlias www.somesite.tld
DocumentRoot /home/somesite/public_html

ErrorLog /var/log/apache2/somesite.tld-error.log
CustomLog /var/log/apache2/somesite.tld-access.log combined

DocumentRoot /home/somesite/public_html

ErrorLog /var/log/apache2/somesite.tld-error.log
CustomLog /var/log/apache2/somesite.tld-access.log combined
</virtualhost>

Then you can have your ssl <virtualhost *:443> section

That ensure that if another application like wordpress wan’t to write something to .htacces then it will not we overwritten.