@coliver said in CentOS7 Server Apache Disable old TLS for higher versions: @jaredbusch said in CentOS7 Server Apache Disable old TLS for higher versions: @coliver said in CentOS7 Server Apache Disable old TLS for higher versions: @DustinB3403 I really like this site for information on securing various web servers. https://cipherli.st/ I just implemented their Nginx setting but getting back that TLSv1 was accepted? https://www.ssllabs.com/ssltest/analyze.html?d=naggaroth.daerma.com First line should read TLS1.2 if you don't have a version of Nginx that supports 1.3. Correct. That is the only change I made to their config. I even reran dhparam

@scottalanmiller Yeah both of my webservers use mariadb for example

@jaredbusch said in Fedora Update Breaks httpd: So, if you followed the original instructions, you can use this to fix it. sed -i "s/access\.log/httpd\/access_log/" /etc/httpd/conf.d/bookstack.conf Then start apache. systemctl start httpd As always, thanks @JaredBusch that fixed it for me as well.

@jaredbusch said in Apache Struts - Critical Security Flaw: Was the Eqifax breech because of the march strus flaw or a more recent one? Just making sure the actual facts are known. The one from March.

@zachary715 said in Certbot Apache plugin broken in Fedora 26: @scottalanmiller said in Certbot Apache plugin broken in Fedora 26: I ran into this issue, forgot about this thread, went through LetsEncrypt's threads and their solution for this problem led me... here! Very nice. Just did the exact same thing. Let'sEncrypt forum had the link which led me here right about the time @JaredBusch was responding in my other thread. It has been posted on here more than one time. I should probably find one of those posts and make @scottalanmiller tag it appropriately. Edit: Or too slow..

Thank you, I'll investigate from here.

@aaronstuder said in Installing Varnish Cache to a LAMP Stack on Fedora 25 with SaltStack: @scottalanmiller said in Installing Varnish Cache to a LAMP Stack on Fedora 25 with SaltStack: Varnish Cache cannot handle TLS connections, so Apache will continue to server HTTPS on port 443, for now at least. That's unfortunate I use Varnish on Cloudways, but everything is HTTPS... Does that mean Varnish is doing nothing? It just means that an SSL layer has to be in front of it. Nginx is used on most platforms to handle SSL.

I've added an article on using NGinx to accelerate SSL in front of LAMP: https://mangolassi.it/topic/13177/deploying-an-nginx-reverse-proxy-with-ssl-on-a-lamp-server-with-saltstack/

Did you use my instructions for Zimbra with Apache on CentOS? https://mangolassi.it/topic/8344/installing-zimbra-email-8-6-on-centos-7

Just as a comparison, here's what it would look like with Ansible: name: Recursively own html files file: path: /var/www/html owner: apache group: apache state: directory recurse: yes

Location matters very little. I would stick to the standards.

I might put this on my project list one of these days.

@scottalanmiller Also, using just using the root domain name for the conf file name is potentially confusing depending on how much you are hosting. Even for my gaming website, I have a bunch of sub domains setup. www.daerma.com.conf goes to the root and www. oc.daerma.com.conf is owncloud obelisk.daerma.com.conf is my nodeBB forum That does not even get into what do you do about the ones that you have multiple TLD names for such as .it, .com, .org, etc.

@scottalanmiller said in Installing a Basic LAMP Stack on CentOS 7: @NashBrydges said in Installing a Basic LAMP Stack on CentOS 7: @scottalanmiller I haven't yet. About to give it a try. Stuck to legacy since that was what I was reading everywhere. Where is everywhere? Technet says to not use legacy. https://technet.microsoft.com/en-us/windows-server-docs/compute/hyper-v/supported-centos-and-red-hat-enterprise-linux-virtual-machines-on-hyper-v Legacy is a fallback driver that you never want to use, it's low performance and high overhead. If you needed that for CentOS, it would make Hyper-V a silly, non-production ready platform. But Hyper-V is a good, solid performer. Not only that, but I install all of my CentOS 7 VM's as Generation 2 when on Hyper-V they work perfectly with default settings for everything except secure boot. Uncheck secure boot. Everything else is 100% default settings.

@scottalanmiller said in Elastix login page gives error HTTP ERROR 500 when login: @dbeato said in Elastix login page gives error HTTP ERROR 500 when login: @denny said in Elastix login page gives error HTTP ERROR 500 when login: systemctl stop firewalld disable selinux find /var/www/html/var/ -type d -exec chmod 755 {} ; find /var/www/html/var/ -type f -exec chmod 755 {} ; Way to necro a post, security and firewall ar of the upmost importance. No system ever needs to be setup open this way.... I think that he was being tongue in cheek. Okay, I didn't get it LOL

Very valid point. Let me invite him here. Thanks @scottalanmiller

Getting lots of eyes on this thread today. Very interesting.

@scottalanmiller said in ownCloud 8.2.4 to 9.0.2 upgrade problem: have you tested yet? I have more systems that I can upgrade, but I have not done so yet.

This looks interesting https://github.com/archiecobbs/mod-authn-otp Need to test and see how this works and how does it give the users option to see the OTP

@Dashrender said: Have you done any reading on Carousel? Something about ads being faster - though some are saying that it reduces choice... Nope, and a quick search I cannot even turn up what you are referring to.

@scottalanmiller said: Nothing scarier than things that fix themselves Seriously upset about this. I will be rebooting the machine a few times today trying to make it do it again.

@WingCreative said: ... about the performance and efficiency gains one can expect from switching to nginx. Most performance gains from nGinx are from developments in the last few months or relate only to certain workloads. For average users Apache is easier to use, far more mature, often the more performant for very small workloads, far more broadly compatible and known. Given those factors, people who need nGinx (like us, we are using it right now) tend to be trained admins and know when and why to deploy it and those that just need basic reliability and simplicity will get Apache by default. Even today where Apache is not the big winner it used to be, it seems like it is still a sensible default.

Like this... cat > observium.conf <<'_EOF' <VirtualHost *:80> DocumentRoot /opt/observium/html/ ServerName observium.domain.com CustomLog /opt/observium/logs/access_log combined ErrorLog /opt/observium/logs/error_log <Directory "/opt/observium/html/"> AllowOverride All Options FollowSymLinks MultiViews Require all granted </Directory> </VirtualHost> _EOF

It looks like it is trying to connect but it gives me two choices for a SSL cert when I do... then it give me an error. I will have to look into a bit more when I have time.