HTTP Strict Transport Security (HSTS) is a web security policy mechanism which helps to protect websites against protocol downgrade attacks and cookie hijacking.
Here is how to enable it on Apache2
1. Enable mod_headers
2. Add the additional header to the HTTPS VirtualHost directive. Max-age is measured in seconds. Put this into your VirtualHost *:443 section
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
If you need R to connect to MySQL or getting the error below from your script:
Error in dyn.load(file, DLLpath = DLLpath, ...) :
unable to load shared object '/usr/local/lib/R/site-library/RMySQL/libs/RMySQL.so':
libmysqlclient.so.18: cannot open shared object file: No such file or directory
Then it can be solved by these commands
You will get a question about choosing a mirror to get the package from, just choose the one nearest to you.
It can be a challange to get an A+ rating on a SSLLabs test, but i have done a configuration below that you are welcome to steal.
add_header Strict-Transport-Security "max-age=31536000";
ssl_protocols TLSv1.1 TLSv1.2;
My pem file is just a text file containing the signed certificate and a SSL bundle.
To generate your dhparam.pem file, run in the terminal
openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048
If you need to check what TLS version and SSL ciphers that a site supports, then it can be done by the nmap command below… replace the domain with your own 😉
nmap --script ssl-enum-ciphers -p 443 www.pvangsgaard.com
The output could look like
If you get a lot of mails to your root account with output from your cronjob then it can be solved by redirecting your output from the job to /dev/null by adding >/dev/null 2>&1 to the end of your crontab line.
Like this example from my /etc/crontab where i sync my nameservers during the day
*/30 5-23 * * * root /root/sync_dns >> /var/log/sync-dns.log >/dev/null 2>&1