How to Redirect www URL to non-www and non-www URL to www with Nginx

This tutorial will show you how to redirect a www URL to non-www, e.g. www.example.com to example.com, with Nginx. We will also show you how to redirect in the other direction, from a non-www URL to www.

Configure DNS Records

In order to set up the desired redirect, www.example.com to example.com or vice versa, you must have an A record for each name.

Option 1: Redirect www to non-www

server {
    server_name www.example.com;
    return 301 $scheme://example.com$request_uri;
}
sudo systemctl restart nginx

Option 2: Redirect non-www to www

server {
    server_name example.com;
    return 301 $scheme://www.example.com$request_uri;
}
sudo systemctl restart nginx

How to Redirect HTTP to HTTPS in Nginx

All login credentials transferred over plain HTTP can easily be sniffed by a MITM attacker, but it is not enough to encrypt the login forms. If you are visiting plain HTTP pages while logged in, your session can be hijacked, and not even two-factor authentication will protect you. To protect all info sent between your visitors – which includes you – and your web server, we will redirect all requests that are coming over plain HTTP to the HTTPS equivalent.

Redirect All Sites

server {
    listen 80 default_server;

    server_name _;

    return 301 https://$host$request_uri;
}

Redirect Specific Sites

server {
    listen 80;

    server_name foo.com;
    return 301 https://foo.com$request_uri;
}

Optional: App Configuration

server {
    listen 443 ssl default_server;
    server_name foo.com;
}

server {
    listen 443 ssl;
    server_name bar.com;
}

# and so on...

named bind server – adding multiple TXT records for the same domain

named bind server – adding multiple TXT records for the same domain

_acme-challenge IN      TXT "JoM6ibdd4vWEwiYNj4XRSftAL1XD1w5WNrHFiRs_Hn-U"
_acme-challenge IN      TXT "6EmvVKhLSn40QKDtGFZXyVPYnSIe1OiD1TSyYkE_yd8g"

apache2/httpd – IP based restriction to a virtual host

The Require provides a variety of different ways to allow or deny access to resources. In conjunction with the RequireAll, RequireAny, and RequireNone directives, these requirements may be combined in arbitrarily complex ways, to enforce whatever your access policy happens to be.

example:

<VirtualHost *:80>

ServerName example.net
Documentroot /var/www/html/

<Location />
      Require ip 192.168.0.0/24  10.0.0.2
</Location>

</VirtualHost>

linux swap memory limits – reference guide

Table 1: Recommended system swap space in Fedora 28 documentation

Amount of system RAMRecommended swap spaceRecommended swap with hibernation
less than 2 GB2 times the amount of RAM3 times the amount of RAM
2 GB – 8 GBEqual to the amount of RAM2 times the amount of RAM
8 GB – 64 GB0.5 times the amount of RAM1.5 times the amount of RAM
more than 64 GBworkload dependenthibernation not recommended

Table 2: Recommended system swap space per the author

Amount of RAMRecommended swap space
≤ 2GB2X RAM
2GB – 8GB= RAM
>8GB8GB

adminer setup script

Adminer (formerly phpMinAdmin) is a full-featured database management tool written in PHP. Conversely to phpMyAdmin, it consists of a single file ready to deploy to the target server. Adminer is available for MySQL, MariaDB, PostgreSQL, SQLite, MS SQL, Oracle, Firebird, SimpleDB, Elasticsearch, and MongoDB.

install script

sudo mkdir /usr/share/adminer
sudo wget "http://www.adminer.org/latest.php" -O /usr/share/adminer/latest.php
sudo ln -s /usr/share/adminer/latest.php /usr/share/adminer/adminer.php
echo "Alias /adminer.php /usr/share/adminer/adminer.php" | sudo tee /etc/apache2/conf-available/adminer.conf
sudo a2enconf adminer.conf
# restart apache/httpd

git – using multiple remote URLs

When using Git for version control, many people use GitHub as a place to hold remote repositories and push their repositories there. I recently started using BitBucket also and wanted to be able to simultaneously update my GitHub and BitBucket repositories when changes were made.

To begin, rename your current remote (most likely named origin) to a different name. I’d rename this to the name of the service you are using, such as Github or bitbucket.

git remote rename origin github

You can then add the remote for your second remote repository, in this case, a BitBucket repository.

git remote add bitbucket git@bitbucket.org:username/example.git

Afterward, you’ll want to set up your origin remote to push to both of these. Issue the following command:

git config -e

You will be greeted with your Git configuration (most likely using vim). Add the [remote "origin"] section to the bottom of the file with the URLs from each remote repository you’d like to push to.

.git/config

[core]
  repositoryformatversion = 0
  filemode = true
  bare = false
  logallrefupdates = true
  ignorecase = true
  precomposeunicode = false
[branch "master"]
  remote = github
  merge = refs/heads/master
[remote "github"]
  url = git@github.com:username/repo.git
  fetch = +refs/heads/*:refs/remotes/github/*
[remote "bitbucket"]
  url = git@bitbucket.org:username/repo.git
  fetch = +refs/heads/*:refs/remotes/bitbucket/*
[remote "origin"]
  url = git@github.com:username/repo.git
  url = git@bitbucket.org:username/repo.git

You can then push to both repositories by issuing:

git push origin master

Or to a single one by issuing either of these commands:

git push github master
git push bitbucket master

mysqld – Got packet bigger than ‘max_allowed_packet’ bytes when dumping table `memcache` at row

  1. Add --max_allowed_packet=512M to your mysqldump command.
  2. Or add max_allowed_packet=512M to [mysqldump] the section of your my.cnf

Note: it will not work if it is not under the [mysqldump] section…

Cron job for Automatic Feed updates in Openvas

To get updated content from the feeds you need to run the following scripts (in this order) on a daily base

# crontab -e

0 1 * * * /usr/sbin/greenbone-nvt-sync > /dev/null
0 2 * * * /usr/sbin/greenbone-scapdata-sync > /dev/null
0 3 * * * /usr/sbin/greenbone-certdata-sync > /dev/null

If there is any issue during the sync the scripts should give you additional info.