How to configure HSTS on Apache

HTTP Strict Transport Security (HSTS) is a web security policy mechanism which helps to protect websites against protocol downgrade attacks and cookie hijacking.

Here is how to enable it on Apache2

1. Enable mod_headers

a2enmod headers

2. Add the additional header to the HTTPS VirtualHost directive. Max-age is measured in seconds. Put this into your VirtualHost *:443 section

Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"

Setting up R to connect to MySQL/MariaDB

If you need R to connect to MySQL or getting the error below from your script:

Error in dyn.load(file, DLLpath = DLLpath, ...) : 
  unable to load shared object '/usr/local/lib/R/site-library/RMySQL/libs/RMySQL.so':
  libmysqlclient.so.18: cannot open shared object file: No such file or directory

Then it can be solved by these commands

R -i
install.packages("RMySQL")

You will get a question about choosing a mirror to get the package from, just choose the one nearest to you.

How to get an A+ Rating with 100% score on the SSLLabs Test with NGINX

It can be a challange to get an A+ rating on a SSLLabs test, but i have done a configuration below that you are welcome to steal.

listen   443;


        ssl    on;
        ssl_prefer_server_ciphers on;
        ssl_session_cache    shared:SSL:50m;
        ssl_session_timeout  10m;
        ssl_dhparam /etc/nginx/ssl/dhparam.pem;
        add_header Strict-Transport-Security "max-age=31536000";
        ssl_certificate    /etc/nginx/ssl/pvangsgaard.com.pem;
        ssl_protocols       TLSv1.1 TLSv1.2;
        ssl_ciphers TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA:TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:AES256+EECDH:AES256+EDH:TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:!aNULL;
        ssl_ecdh_curve secp384r1;
        ssl_certificate_key    /etc/nginx/ssl/pvangsgaard.com.key;

My pem file is just a text file containing the signed certificate and a SSL bundle.

To generate your dhparam.pem file, run in the terminal

openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048

How To Install HipChat on Linux Mint 18.3

If you are using Hipchat from Atlassain for work or projec chat then the install guide for Linux is made for Ubuntu.

Only problem if you are using another distribution based on Ubuntu like Linux Mint 18.3 Cinnamon then it will fail to install.

The original guide looks like this

The problem is that the repository that the install guide will generate is wrong and not existing.

Just replace $(lsb_release -c -s) with xenial like this

sudo sh -c 'echo "deb https://atlassian.artifactoryonline.com/atlassian/hipchat-apt-client xenial main" > /etc/apt/sources.list.d/atlassian-hipchat4.list'
wget -O - https://atlassian.artifactoryonline.com/atlassian/api/gpg/key/public | sudo apt-key add -
sudo apt-get update
sudo apt-get install hipchat4

That will match with the Ubuntu 16.04 branch that Linux Mint 18.3 is based on.

If you allready have done the damage using the guide from Atlassain then just edit the file with

sudo nano /etc/apt/sources.list.d/atlassian-hipchat4.list

And find the sylvia line, replace it with xenial so it looks like this

deb https://atlassian.artifactoryonline.com/atlassian/hipchat-apt-client xenial main

Then

sudo apt update
sudo apt install hipchat4