Tag Archives: Linux

How to configure HSTS on Apache

HTTP Strict Transport Security (HSTS) is a web security policy mechanism which helps to protect websites against protocol downgrade attacks and cookie hijacking.

Here is how to enable it on Apache2

1. Enable mod_headers

a2enmod headers

2. Add the additional header to the HTTPS VirtualHost directive. Max-age is measured in seconds. Put this into your VirtualHost *:443 section

Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"

Setting up R to connect to MySQL/MariaDB

If you need R to connect to MySQL or getting the error below from your script:

Error in dyn.load(file, DLLpath = DLLpath, ...) : 
  unable to load shared object '/usr/local/lib/R/site-library/RMySQL/libs/RMySQL.so':
  libmysqlclient.so.18: cannot open shared object file: No such file or directory

Then it can be solved by these commands

R -i

You will get a question about choosing a mirror to get the package from, just choose the one nearest to you.

How to get an A+ Rating with 100% score on the SSLLabs Test with NGINX

It can be a challange to get an A+ rating on a SSLLabs test, but i have done a configuration below that you are welcome to steal.

listen   443;

        ssl    on;
        ssl_prefer_server_ciphers on;
        ssl_session_cache    shared:SSL:50m;
        ssl_session_timeout  10m;
        ssl_dhparam /etc/nginx/ssl/dhparam.pem;
        add_header Strict-Transport-Security "max-age=31536000";
        ssl_certificate    /etc/nginx/ssl/pvangsgaard.com.pem;
        ssl_protocols       TLSv1.1 TLSv1.2;
        ssl_ecdh_curve secp384r1;
        ssl_certificate_key    /etc/nginx/ssl/pvangsgaard.com.key;

My pem file is just a text file containing the signed certificate and a SSL bundle.

To generate your dhparam.pem file, run in the terminal

openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048