From the mind of a G33k

Generic placeholder image
Quickly enable broadcom bcm4352 in KDE Neon


Having trouble setting up your Broadcom bcm4352? 

For most users you'll be up and running in a 2 small steps!

  1. sudo apt update
  2. sudo apt install bcmwl-kernel-source

Once this command is completed your WiFi will be working. Not too bad right?


read more

Generic placeholder image
Creating a self signed ssl certificate with Debian and NGINX

Here is how you can easily setup your own ssl certificate on a Debian server running NGINX

In this guide we're going to assume the following details:

Site Hostname: ssl.lg
Server Name: web01
Web Server: NGINX
Distro & Release: Debian 9

You can name these files anything that you want. I suggest using a naming schema that matches your site hostname so that if you run multiple webs on a single server you won't get confused.

  1. Create your SSL certificate
    a. sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/ssl.lg.key -out /etc/ssl/certs/ssl.lg.crt
    You will be asked several questions but most importantly make sure that your "Common Name" matches your site hostname.

  2. Now you'll want to create a Diffie-Hellman Group (This will take a long time...)
    a. sudo openssl dhparam -out /etc/nginx/dhparam.pem 4096
  3. Setup your configuration snippets
    a. sudo nano /etc/nginx/snippets/ssl.lg.self-signed.conf
    b. Add "ssl_certificate /etc/ssl/certs/ssl.lg.crt;" and "ssl_certificate_key /etc/ssl/private/ssl.lg.key;"

    c. sudo nano /etc/nginx/snippets/ssl-params.conf
    d. Add the following
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparam.pem;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
ssl_session_timeout  10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off; # Requires nginx >= 1.5.9
ssl_stapling on; # Requires nginx >= 1.3.7
ssl_stapling_verify on; # Requires nginx => 1.3.7
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
# Disable strict transport security for now. You can uncomment the following
# line if you understand the implications.
# add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";

4. Now we need to edit our site configuration
    a. sudo nano /etc/nginx/sites-enabled/ssl.lg.conf
    b. Add the following

        listen 443 ssl;
        listen [::]:443 ssl;
        include snippets/ssl.lg.self-signed.conf;
        include snippets/ssl-params.conf;


     c. Make sure you haven't made any errors by running an nginx test
        sudo nginx -t
        (ignore the "nginx: [warn] "ssl_stapling" ignored, issuer certificate not found" as it's not required for self signed certs)

5. Reload NGINX
    a. sudo nginx -s reload

6. Check that SSL is enabled properly from a browser by visiting https://ssl.lg (Or whatever your site hostname is)

7. Click Advanced and then "Add Exception"

8. View the certificate to make sure that it is in fact yours!

9. Click "Confirm Security Exception"

read more