Ruby is a popular web programming language that is used for a variety of things while Ruby on Rails is a popular web programming framework that is used to create websites.
The traditional way of transferring files from one server to another is slow and requires a bunch of setup whether its done via archiving, imaging or direct file copy.
Instead you can use LFTP to easily mirror a remote directory on a new VPS.
Step 0:
We need to install lftp
sudo apt-get install lftp
Step 1:
Now we need to connect via ssh to our old server whilst on the new server’s terminal (this is to add its host key otherwise you may get an error in the next step)
ssh -p 22 root@website.com
Step 2:
Use the following series of commands to mirror the directory
open -u user,password sftp://website.com
mirror /path/remoteDir /path/localDir
quit
So a little while back, I was playing around with my machine’s BIOS, and without going into specifics. I messed it up big time.
So much so that eventually I couldn’t get a display to show and no display-out. Hence, I’ve decided to make this tutorial to help those in the same or a similar situation.
The techniques in this article should still apply to any other kind of laptop or computer system where there is a EEPROM that has enough space around it to attach an test clip to.
Note that this should be a LAST-DITCH effort to fix your machine. Try everything else, if it doesn’t work then proceed(Accept that I’m not responsible for anything that goes wrong on your machine).
Prerequisites:
To do this SPECIFIC repair you will require a 25 seriesEEPROM programmer. The series will vary depending on the model number of the BIOS chip on your machine.
You’ll need a programming software, in this tutorial we will use the open source AsProgrammer (Don’t worry the program has an English translation as well).
After extracting it you’ll find the CHA341A drivers in the package, install the parallel drivers.
WARNING: DO NOT ATTEMPT TO FLASH USING THE BIOS FILE ON THE MANUFACTURER’S WEBSITE, IT WILL NOT WORK AS IT IS DESIGNED TO BE USED WITH THEIR FLASHING PROGRAM NOT A DIRECT FLASH TO CHIP USING A SEPARATE PROGRAMMER.
In the case of this laptop it is the MXIC MX25L12873F, notice the 25L part, that refers to the series. It is important to get a programmer that is compatible with YOUR chip as they may have different spacing. Note the little dot on the left hand corner, that is the Pin 1 position, REMEMBER it, it is important later.
Step 3:
Disconnect the Laptop Battery (push the metal cover forward, then pull cable up)
Disconnect the CMOS Battery (pull out)
Step 4:
Use the assembled test clip to attach to the bios chip, MAKING SURE, that pin 1 position(the dot indicates pin 1) is connected to the wire that is coloured red/purple. You may need to adjust it several times till you can get a good connection, note that the 2nd red light on the programmer may not turn on until you attempt to write to the chip.
Step 5:
Open AsProgrammer and select IC->Search and put the model number of YOUR bios chip, double click it when you find it.
Step 6:
Now we need to make sure that the connection is good, unfortunately I haven’t found a really easy way of doing this.
Option 1: If you haven’t flashed before using a hardware programmer you can try to read the chip and make sure that you don’t get all 00 or FF in the hex view.
Option 2: You can try to Protect and UnProtect the chip, as this process will hang unless you have a good connection.
Option 3: You can try to program the IC with some random file or data and then read to see if the same hex data was read that was written.
Either way, once you’ve verified that the connection is good you can proceed.
Step 7:
Now its time to erase the IC and program it with the BIOS file you downloaded earlier.
First Erase the Bios, and wait for the complete message to appear below
Now open up the BIOS file
Now click Program IC
Then let it finish
Now its time to verify it was written correctly, so click Read IC
And ensure that the contents of the hex view are the same as before (just check the starting bits and the ending non-zero bytes to make sure they are the same)
Start
End
Step 8:
Now its time to re-assemble the laptop, first re-connect the CMOS Battery, then the Laptop Battery, reassemble the laptop case, then plug in the charger, and give it a try. Hopefully at this point your machine should boot.
That’s it 😉
Hope this tutorial helps you out of a bind, it took me a while to figure this stuff out.
Helpful tip: If you are modding and have used the official updater program and are wondering why your BIOS keeps updating/bricking itself upon reboot, you need to remove the firmware BIOS update driver, in device manager (as that is where it installs)
Recently, I ran into a problem when I tried to install another copy of windows on a different drive.
You see I had no idea that Windows 10 only keeps one copy of its boot-loader no matter many operating systems are installed.
I also had no idea that it merges any existing boot-loaders into the new one upon installation. In other words, when I installed windows on the new drive my old boot-loader was deleted and its contents were put into the new boot-loader ON THE NEW DRIVE.
This wouldn’t of been a problem if I hadn’t intended on using that drive for a completely different machine. Which is exactly what I did.
That meant that I couldn’t boot up my original machine anymore (without the new drive) because the boot-loader no longer existed on it.
After much trial and error, I ended up with a solution to this, and many other boot-loader issues.
The following steps should recover from almost any kind of boot-loader corruption/problem.
Step 1:
Boot into the Windows Recovery Environment using a USB or using the existing recovery partition on your system.
Open up command prompt and locate your windows drive. (Sometimes the drive letter will change in the recovery environment so be sure to find the correct letter).
Step 2:
Run the following commands in order, keeping in mind the drive letter you found earlier (be sure to replace the bracketed content and remove the brackets):
bootrec /ScanOs bootrec /FixMbr bootsect /nt60 SYS bootrec /FixBoot diskpart list disk sel disk [Windows Disk # Here] list part sel part [System Partition # Here] assign letter=V: exit bcdboot [EXISTING WINDOWS DRIVE LETTER]:\Windows /s V: /f UEFI bootrec /RebuildBcd
Step 3:
Reboot to Windows
Note you may have multiple windows entries, try each one till you find the one that works
Now you can delete the extra entries using msconfig utility, and then check the box that says make boot changes permanent and hit apply.
Sometimes we spend so much time protecting our websites that we forget about protecting our users. It is more efficient to be proactive than reactive.
For this reason its a good idea to set some security HTTP headers so that if your users do get targeted by a hacker that they won’t be able to as easily fool them into handing over their credentials.
Step 1:
First lets open up the LiteSpeed WebAdmin console by heading over to
https://yourwebsite.com:7080
Now click on the magnifying glass icon to edit the virtual host and navigate to context
Navigate to the context tab and hit add
Make the type “Static” and hit the skip icon to the upper-right to go next
Now fill out the following, in the URI section put “/” or any subdomain you want, set accessible radio button to yes and add the following in the Header Operations box
NOTE: It is a good idea to understand exactly what Content-Security-Policy does before adding it, as if you use this without checking first if your scripts are loading anything outside your domain name it will stop those scripts from loading in browsers.
If you would like to learn more about these headers I suggest researching them individually.
Especially if you would like to have a more fine-tuned setup.
Please note that some of these settings can break your website if it isn’t built to use HTTPS or if it has errors/bad-practices in its make-up, please research/test each individual header prior to going to production with them.
Now as to how to run firefox, if you are using gnome you can just use the plugin mentioned previously and browse to it, however if you are trying to run it from console flatpak has a way to do that
Recently I’ve been getting these emails from Microsoft saying that my OneDrive account is about to be frozen ( Apparently they decided to chop everyone’s storage down after the fact to 5GB and then charge people for the excess storage they’ve already used up thinking it was free /facepalm ).
Thing is that I’ve been so busy with Life especially with the Covid-19 pandemic going on that I really don’t care about sorting out my OneDrive right now.
That being said my home connection sucks, I mean it’s really bad.
On a good day I get about 5-6mbit/s down and at that rate it would take about 37 Hours to download my entire OneDrive storage to my local system, not to mention it would piss off everyone else who wants to use the internet in the house.
Then I thought why don’t I just transfer these files to my VPS since I have the excess storage anyways and my VPS’s connection is a much more palatable 100mbit/s+ down.
In comes obstacle one, OneDrive doesn’t officially support Linux, so we’ll be using rclone to connect and download our files instead.
Step 1:
First we need to install rclone
curl https://rclone.org/install.sh | sudo bash
Easy enough am I right?
Step 2:
We need to configure rclone to connect to our onedrive account so it can fetch and mount the files for us.
Thing is this process actually requires a web-browser for the authentication part, so you cannot do it easily via console. In my case I ended up installing VNC (for which you can check my tutorial below) and Firefox (via flatpak which I will post soon).
Run the configuration prompt and type new to create a new remote server configuration
root@oneserver:~# rclone config
2020/06/16 14:31:56 NOTICE: Config file "/root/.config/rclone/rclone.conf" not found - using defaults
No remotes found - make a new one
n) New remote
s) Set configuration password
q) Quit config
n/s/q> n
Next you’ll be asked what type of storage you wish to configure, in my case OneDrive was 23rd down the list but this may change in the future so be sure to check
Type of storage to configure.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
1 / 1Fichier
\ "fichier"
2 / Alias for an existing remote
\ "alias"
3 / Amazon Drive
\ "amazon cloud drive"
4 / Amazon S3 Compliant Storage Provider (AWS, Alibaba, Ceph, Digital Ocean, Dreamhost, IBM COS, Minio, etc)
\ "s3"
5 / Backblaze B2
\ "b2"
6 / Box
\ "box"
7 / Cache a remote
\ "cache"
8 / Citrix Sharefile
\ "sharefile"
9 / Dropbox
\ "dropbox"
10 / Encrypt/Decrypt a remote
\ "crypt"
11 / FTP Connection
\ "ftp"
12 / Google Cloud Storage (this is not Google Drive)
\ "google cloud storage"
13 / Google Drive
\ "drive"
14 / Google Photos
\ "google photos"
15 / Hubic
\ "hubic"
16 / In memory object storage system.
\ "memory"
17 / Jottacloud
\ "jottacloud"
18 / Koofr
\ "koofr"
19 / Local Disk
\ "local"
20 / Mail.ru Cloud
\ "mailru"
21 / Mega
\ "mega"
22 / Microsoft Azure Blob Storage
\ "azureblob"
23 / Microsoft OneDrive
\ "onedrive"
24 / OpenDrive
\ "opendrive"
25 / OpenStack Swift (Rackspace Cloud Files, Memset Memstore, OVH)
\ "swift"
26 / Pcloud
\ "pcloud"
27 / Put.io
\ "putio"
28 / QingCloud Object Storage
\ "qingstor"
29 / SSH/SFTP Connection
\ "sftp"
30 / Sugarsync
\ "sugarsync"
31 / Tardigrade Decentralized Cloud Storage
\ "tardigrade"
32 / Transparently chunk/split large files
\ "chunker"
33 / Union merges the contents of several upstream fs
\ "union"
34 / Webdav
\ "webdav"
35 / Yandex Disk
\ "yandex"
36 / http Connection
\ "http"
37 / premiumize.me
\ "premiumizeme"
38 / seafile
\ "seafile"
Storage> 23
Next you’ll be asked to enter Microsoft App Client Id and Secret, which we’ll ignore for now since we will be using the web authentication (just hit enter)
** See help for onedrive backend at: https://rclone.org/onedrive/ **
Microsoft App Client Id
Leave blank normally.
Enter a string value. Press Enter for the default ("").
client_id>
Microsoft App Client Secret
Leave blank normally.
Enter a string value. Press Enter for the default ("").
client_secret>
Next it will ask you if you wish to enter advanced configuration, hit no unless you have something special planned
Edit advanced config? (y/n)
y) Yes
n) No (default)
y/n> n
Now is when you’ll be asked if you would like to auto-configure, and for this step we type yes
Use auto config?
* Say Y if not sure
* Say N if you are working on a remote or headless machine
y) Yes (default)
n) No
y/n> y
Now is when either your browser will open up for you or you’ll have to manually go to the link (note that I wasn’t able to connect to this port remotely, so it may be that you have to open it locally), once you go there you’ll be asked to login to your Microsoft account and allow rclone a bunch of privileges it needs to do its thing
If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth?state=SECRETHERE
Log in and authorize rclone for access
Waiting for code...
Got code
Next we’ll be asked to describe exactly what type of account this is, which is a little redundant to be honest.. but well.. select 1 for OneDrive
Choose a number from below, or type in an existing value
1 / OneDrive Personal or Business
\ "onedrive"
2 / Root Sharepoint site
\ "sharepoint"
3 / Type in driveID
\ "driveid"
4 / Type in SiteID
\ "siteid"
5 / Search a Sharepoint site
\ "search"
Your choice> Your choice> 1
Next it will search for “drives” on the remote server, if you happen to have multiple drives you can pick which one. In my case I only have one so I select 0
Found 1 drives, please select the one you want to use:
0: (personal) id=uniqueid834avsaf
Chose drive to use:> 0
Now it will ask you to confirm the root of the drive, just type yes
Found drive 'root' of type 'personal', URL: https://onedrive.live.com/?cid=uniqueid834avsaf
Is that okay?
y) Yes (default)
n) No
y/n> y
At this point it will ask you to confirm that the access token was set correctly, type yes again
[onedrive]
type = onedrive
token = {"access_token":"AWHOLEBUNCHOFSESSIONTOKENTEXTTHATYOUSHOULDNTSHAREWITHANYONE","expiry":"2020-06-16T15:40:51.775771327Z"}
drive_id = uniqueid834avsaf
drive_type = personal
--------------------
y) Yes this is OK (default)
e) Edit this remote
d) Delete this remote
y/e/d> y
Now that were done with the configuration we can type quit
Current remotes:
Name Type
==== ====
onedrive onedrive
e) Edit existing remote
n) New remote
d) Delete remote
r) Rename remote
c) Copy remote
s) Set configuration password
q) Quit config
e/n/d/r/c/s/q> q
Step 3:
Now lets create the folder we will mount this OneDrive to
mkdir ~/OneDrive
We need to decide what type of mounting we want, in this case we wish to have full read/write access to our files even if they disappear from the server so we use –vfs-cache-mode full
Wireguard is a next-generation open-source VPN connection protocol that claims to be faster and more secure than Open-VPN.
In this tutorial we will cover how to setup and configure a WireGuard VPN Server on a Debian Linux Distribution as well as how to get a Windows machine to route all traffic through that VPN using WireGuard’s Windows Client.
Step 0 : Install Un-Attended Updates
First, lets ensure we setup automated updates as we will want security patches and its likely that we wont be touching this VPS for a while.
KEYS PROVIDED HERE ARE JUST EXAMPLES, DO NOT USE THEM AS THEY ARE PUBLIC AND INSECURE NOW
wg genkey
It’s important to write this down somewhere safe and private it’ll look something like this
uDXR7FnTzGarLNj+E3ePv4gOwsbjumZ7M9YjcKAQ8WI=
Now its time to generate the corresponding VPN’spublic key using the private key we just generated
echo "uDXR7FnTzGarLNj+E3ePv4gOwsbjumZ7M9YjcKAQ8WI=" | wg pubkey
It’ll look something like this, write it down somewhere
9XIklpw4lGQ/I0S9L3gqTjwjJYsXJPluihomcCCrEzU=
Now its time to generate the User’s private and public key pair, note you will one for each user of the VPN (this essentially the same process as before)
wg genkey
Write down the User’s private key somewhere safe
0IoyeQyyWPYVGf4P4DosBGHHrl/T7k+2fqFc8JZRmGo=
Now lets generate the User’s public key
echo "0IoyeQyyWPYVGf4P4DosBGHHrl/T7k+2fqFc8JZRmGo=" | wg pubkey
Write this down somewhere
JoYcG0Bq5+dMrEAc8eSTG6QCFBjwUWxfXTy7LWmhC0k=
Step 2 : Configuration of WireGuard Server
First we need to find our active interface
ip l
Will show something like
1: lo: mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether 53:55:00:91:36:5c brd ff:ff:ff:ff:ff:ff
Here eth0 is our interface, now lets check our public IP address
ip a show dev eth0
2: eth0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 53:55:00:91:36:5c brd ff:ff:ff:ff:ff:ff
inet 5.1.1.1/24 brd 5.188.238.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 2103:90c0:186::20/48 scope global
valid_lft forever preferred_lft forever
inet6 fe80::5058:ff:fe89:c66d/64 scope link
valid_lft forever preferred_lft forever
So here we can see our public IPv4 address is 5.1.1.1/24
Now lets create our configuration file
sudo nano /etc/wireguard/wg0s.conf
add the following, note where the User’s public/ VPN’s private keys go as well as our public IPv4 address and client’s public IPv4 address
In this tutorial we will be using Windows 10 64 bit so hit the button for downloading that version
Run through the installer and then open up the WireGuard Interface
Click Add Tunnel -> Add Empty Tunnel
Now add the following in, being careful to swap the keys with yours (note here we are providing the User’s Private Key followed by the VPN’s Public Key, and that the first Address is our local address)
Now to check that it’s working head over to https://www.dnsleaktest.com/ on your Windows 10 machine and you should now see your VPN’s IP Address as if it were your own
NOTE: I’ve yet to get this working myself over the internet, certain ISPs may block this protocol and there may be some bugs yet. This information was compiled from various sources over the internet, use at your own discretion.
Lets ensure we can access the included WebAdmin GUI for OpenLiteSpeed by running the initial configuration script
sudo /usr/local/lsws/admin/misc/admpass.sh
You will be asked to set a username and password, set them to something secure and be sure to write them down somewhere so you don’t forget
Now you can load and access the GUI from a browser at any time wish:
SERVER_IP_ADDRESS:7080
Note: That you may encounter a certificate error on some chromium browsers, its okay to ignore this at this point, and proceed anyway if your browser allows it, otherwise use a different browser
Now lets do the initial configuration for MariaDB
sudo systemctl start mysql && sudo mysql_secure_installation
Important! You will be asked for the MySQL root password by default this is empty so just hit enter at this point
Now press “y” to set a secure MySQL root database password, then answer “y” to all the remaining questions (remember to write it down somewhere)
Step 2 : Configuring OpenLiteSpeed
Lets create the directory for a virtual domains and setup the directory structure in such a way that we can easily add more domains to our server in the future (remember to replace website.com with whatever your domain name is)
mkdir -p /var/www/website.com/{conf,logs,html}
cd /var/www
chown -R lsadm:lsadm *
Now ideally we’d want our configuration files to all be in /var/www/website.com/conf
For some silly reason OpenLiteSpeed wont allow that so we have to do a bit of a Linux trick to get make it think we are actually under its directory of /usr/local/lsws/conf/vhosts
Lets first delete the existing directory located there (note if you have existing configuration files from a previous install, be sure to back them up; by default only an Example configuration is here)
rm -rf /usr/local/lsws/conf/vhosts
Now lets use a symlink to link our /var/www/ to /usr/local/lsws/conf/vhosts
ln -s /var/www /usr/local/lsws/conf/vhosts
Lets go login to WebAdmin (again located at SERVER_IP_ADDRESS:7080)
Now click on Virtual Hosts – > + Sign to add a Virtual Host
Now hit save and you’ll get an input error, click the link to create the file
Ensure the following radio buttons are selected and hit save again
Now lets hit the green graceful restart button on the top right to get rid of this warning (note you will have to do this again every-time you update something in your configuration, i will only mention it this once but be sure you remember to do so)
Now hit the magnifying glass to view our configuration again and go to the General tab and edit the Document Root to $VH_ROOT/html and hit save again
Now hit Listeners on the left-hand navigation bar
Delete the default 8088 configuration as we wont be using it
Now create a new Listener in a similar fashion that we made the Virtual Host earlier
Well call this listener HTTP
Set it up to listen on port 80
HTTP isn’t a secure protocol, so we set Secure to No
Now save and create another Listener
Well call this listener HTTPS
Set it up to listen on port 443
HTTPS is a secure protocol, so we set Secure to Yes
Now we need to add Virtual Host Mapping to our listeners , first click add on Virtual Host Mappings
Next put the following values, and save
Virtual Host: website.com
Domains: website.com
This needs to repeated for the HTTPS Listener as well
Step 2.1 : Updating DNS Records
Ensure that both the A record for @ and www are pointing to your SERVER_IP_ADDRESS
Step 2.2 : Continuation of Configuration
Now if we head over to website.com in a browser we should get the following 404 error screen since we don’t have anything in our html folder yet
Congratulations if you’ve gotten to this point you’ve successfully configured your OpenLiteSpeed installation
Step 3 : SSL/HTTPS Configuration & Automation of LetsEncrypt
Important Note: This part of the guide is something you should do after creating all your Virtual Hosts for your domain names, as there is a verification step that will fail if your DNS isn’t properly configured
First install the certbot package, this will handle the certification generation for you.
sudo apt-get install certbot
Now use the following command to generate a certificate for each of your domain name(s) (remember to replace website.com with your domain name)
Now enter your email address, and agree to the terms as needed
If all goes well you’ll get a Congratulations!
Note the following two file paths as they are important
Your certificate and chain have been saved at: /etc/letsencrypt/live/website.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/website.com/privkey.pem
Its time to configure our Virtual Host Configuration to utilize these, this time navigate to the SSL tab
Values to be set as follows:
TIP: You can use $VH_NAME in place of website.com but this trick wont work for the Listener section that is about to come
Private Key File :
/etc/letsencrypt/live/$VH_NAME/privkey.pem
Certificate File:
/etc/letsencrypt/live/$VH_NAME/fullchain.pem
Chain Certificate:
Yes
Now save and check all the Protocol Versions in the SSL Protocols section and save again
We do this to have broad compatibility with different browsers
Now we must repeat these steps for the HTTPS listener, as it will be the default mode (which then gets over-written by our specific Virtual Host Configuration)
Basically if no SSL certificate is found in the Virtual Host Configuration this one will be used
Currently it is mandatory to set this in OpenLiteSpeed
Note that here we cannot use $VH_NAME so we must use the domain name
Head over to https://website.com and now you should see a re-assuring SSL Lock indicator on the left which means everything was configured correctly
Optionally: Use this same Certificate and KeyFile for your OpenLiteSpeed WebAdmin (gets rid of the certificate error when using website.com:7080 instead of using SERVER_IP_ADDRESS:7080)
Now this certificate is only valid for next ~ 3 months, so to avoid an issue where users will get a certificate error in 4 months time, lets setup auto-renewal for our certificate(s)
First lets test that certbot is functioning correctly
sudo certbot renew --dry-run
Now assuming nothing went wrong lets create the cron-job to renew our certificates every month
Since we may want to access this same panel from various domains, lets create a symlink for our current domain instead of copying the folder over to the html folder
cd /var/www/website.com/html
ln -s /var/www/phpmyadmin phpmyadmin
Now lets configure it to use our MySQL root user
sudo mysql -u root
use mysql;
update user set plugin='' where User='root';
flush privileges;
\q
Some may tell you to create a separate user here for security reasons, but the fact is that phpmyadmin is most useful when run as root
We will address security concerns in the NinjaFirewall section
Now we need to generate a secret for the blowfish encryption, so just put any alphanumber character combination of length 32 here (May also grab one from https://www.random.org/strings/)
For example (DON’T USE THIS SAME STRING – MAKE YOUR OWN)
$cfg['blowfish_secret'] = 'csVH6hmV4_E5jNN7lVP8oWT_cY9avX_3'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */
Now head over to https://website.com/phpmyadmin/index.php and login with your MySQL root user
Important Note: Avoid using phpmyadmin over HTTP as it is vulnerable to a man-in-the-middle attack
Step 5 : Installation and Configuration of NinjaFirewall
Ninja Firewall is a Freemium Model General PHP Application Firewall that is most excellent in my experience at preventing exploitation of PHP Applications on your server
Again for easy management we can create a symlink in our virtual host directory
cd /var/www/website.com/html
ln -s /var/www/fw fw
We also need to set the correct permissions
cd /var/www/fw
chmod -R 0777 conf
chmod -R 0777 nfwlog
Now lets head over to https://website.com/fw/install.php to start the installation
You may have an error telling us our PHP configuration doesn’t have cURL support and to install it even though you already did
In this case simply do a complete server restart since there is some configuration nonsense for lsphp that doesn’t update when just the OpenLiteSpeed service is restarted
sudo reboot
Now they should all be green
Now hit the next until you get to the the setting an administrator username and password (pick a secure user-password and record it somewhere safe)
In the integration section, ensure the following is set
Protected Directory: /var/www
HTTP Server and PHP SAPI: Litespeed
Select the PHP Initialization file: php.ini
Now we need add our prepends accordingly
sudo nano /var/www/.htaccess
Put
# BEGIN NinjaFirewall
php_value auto_prepend_file /var/www/fw/firewall.php
# END NinjaFirewall
Then select next on the installer and hopefully you get no errors 🙂
Lastly we need to make our config file writable
chmod 0777 /var/www/fw/conf/options.php
You can now login and manage your Ninja Firewall at https://website.com/fw/ note should you have any issues installing/using applications later on, it is highly advised to check the firewall logs first!
Step 6 : Some Final Tweaks
It is a good idea to force HTTPS on your domains to ensure your login information isn’t snooped on
Lets go to the virtual host configuration again, this time on the Rewrite tab and do the following
Enable Rewrite : Yes
Auto Load from .htaccess : Yes (This setting will help with installation scripts later)
This notebook uses a misidentified SYNA3602 ; which in actuality is likely a Hantick Touchpad.
Problem One – Non-Working TouchPad
The first problem is that the i2c_hid portion of the Linux kernel expects this device to throw an interrupt after being reset, which it doesn’t do.
So for example in Clear Linux there may be failure to reset touchpad error messages.
Apparently this was patched later, pushed upstream and yet somehow is still breaking after reboots.
So in order to get a touchpad that is working between reboots you need to build/install the following package (note here I’m using Manjaro, but the code is simple enough you can build your own script for in other distros fairly easily):
This will usually get the touchpad to start working after a reboot (wait for the service to run before presuming it didn’t work).
To build and install under Manjoro:
pacman -S base-devel
makepkg -si
and be sure to Reboot
Important Note:
If your touchpad(or even the touchscreen) wasn’t working before, this may not fix it.
That’s because the touchpad, and even the touchscreen can lock-up completely if they are improperly initialized by Linux. Something to do with voltage spike maybe? I’m not sure.
In this scenario the only solution I’ve found is to install Windows 10 and then install the proper driver pack, reboot and then install Linux (a real pain to be sure). However to minimize this pain you can use Rufus to install Windows 10 onto a USB drive and then boot it as a Live-USB, which can help avoid the whole re-installing Linux part.
After booting Windows 10 (with the proper driver pack installed) the touchpad and the touchscreen should resume working in Linux. You can actually repeat this as necessary until you get a working installation in which case I highly recommend getting a full system image backup.
Note: It’s a good idea to disable driver updates in Administrative Templates in Windows if you plan on doing this, otherwise Windows may override your good drivers with bad ones from Windows Update.
Problem Two – The Touchscreen Rotation Issues
First lets install the sensor proxy :
sudo pacman -S iio-sensor-proxy
Next lets install the build requirements for GuLinux’s ScreenRotator (https://github.com/GuLinux/ScreenRotator)
git clone https://github.com/GuLinux/ScreenRotator
mkdir ScreenRotator/build
cd ScreenRotator/build
but wait there is a problem…
The orientations used do not match the Goodix TouchScreen orientations matrix.
If we build and run as is we will have the screen oriented in the wrong direction as we turn it around. Specifically the following needs to be interchanged:
RightUp <==> TopUp
LeftUp <==> TopDown
So lets be sure to update the /src/orientationsensor.cpp accordingly.