Raspberry Pi
Edit SSH server port
- Open file
/etc/ssh/sshd_config - Change line
Port 22 - Restart service
sudo service ssh restart
Disable password authentication
- Open file
/etc/ssh/sshd_config - Change line
PasswordAuthentication no - Restart service
sudo service ssh restart
Export SSH tunnels
GatewayPorts yes in /etc/ssh/sshd_config
SSH tunnel
At remote server:
ssh -p 443 -R 19999:localhost:22 user@home
This assumes that home has SSH server on port 443. Home will have additional SSH server on port 19999 that will tunnel to remote server.
Long SSH connections
Prevents the "broken pipe". In .ssh/config:
ServerAliveInterval 60
ServerAliveCountMax 1000
ddclient external IP
By default ddclient will use internal IP. Edit /etc/ddclient.conf
protocol=dyndns2
use=web, web=myip.dnsdynamic.com
server=www.dnsdynamic.org
login='user'
password='password'
mydomain.com
Install dig
sudo apt-get install dnsutils
Change shell to bash
First check the shell you are using:
ps -p $$
chsh user --shell /bin/bash
Test internet connection speed
git clone https://github.com/sivel/speedtest-cli
Build nginx from source
With SPDY support included!
See: http://nginx.org/en/linux_packages.html#mainline
Add signing key from http://nginx.org/keys/nginx_signing.key
wget http://nginx.org/keys/nginx_signing.key sudo apt-key add nginx_signing.key
Edit /etc/apt/sources.list and add:
deb http://nginx.org/packages/mainline/debian/ codename nginx
deb-src http://nginx.org/packages/mainline/debian/ codename nginx
Where codename for current Raspberry Pi OS will be wheezy.
As the repository doesn't contain binaries we need to build nginx from source:
sudo apt-get update
sudo apt-get -y install build-essential debhelper libpcre3-dev
apt-get -b source nginx
sudo dpkg -i --force-overwrite nginx...deb
Nginx configuration
Check configuration:
sudo nginx -t
Restart only when configuration is valid:
sudo /etc/init.d/nginx reload
Nginx SSL configuration
server {
listen 443 ssl spdy;
server_name server_name;
server_tokens off;
ssl on;
ssl_certificate /etc/nginx/conf.d/ssl-unified.crt;
ssl_certificate_key /etc/nginx/conf.d/ssl.key;
ssl_stapling on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:RC4:HIGH:!MD5:!aNULL:!EDH;
ssl_prefer_server_ciphers on;
location / {
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_redirect off;
proxy_buffering off;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8080/;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
add_header X-Frame-Options SAMEORIGIN;
}
}
Decrypt private key
openssl rsa -in ssl.key -out ssl.key
Concatenate certificates
wget https://www.startssl.com/certs/ca.pem
wget https://www.startssl.com/certs/sub.class1.server.ca.pem