directory - Dave's Blog

Search

Let's Encrypt NearlyFreeSpeech.net Setup

2016 Feb 4, 2:48

2016-Nov-5: Updated post on using Let's Encrypt with NearlyFreeSpeech.net

I use NearlyFreeSpeech.net for my webhosting for my personal website and I've just finished setting up TLS via Let's Encrypt. The process was slightly more complicated than what you'd like from Let's Encrypt. So for those interested in doing the same on NearlyFreeSpeech.net, I've taken the following notes.

The standard Let's Encrypt client requires su/sudo access which is not available on NearlyFreeSpeech.net's servers. Additionally NFSN's webserver doesn't have any Let's Encrypt plugins installed. So I used the Let's Encrypt Without Sudo client. I followed the instructions listed on the tool's page with the addition of providing the "--file-based" parameter to sign_csr.py.

One thing the script doesn't produce is the chain file. But this topic "Let's Encrypt - Quick HOWTO for NSFN" covers how to obtain that:

curl -o domain.chn https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem

Now that you have all the required files, on your NFSN server make the directory /home/protected/ssl and copy your files into it. This is described in the NFSN topic provide certificates to NFSN. After copying the files and setting their permissions as described in the previous link you submit an assistance request. For me it was only 15 minutes later that everything was setup.

After enabling HTTPS I wanted to have all HTTP requests redirect to HTTPS. The normal Apache documentation on how to do this doesn't work on NFSN servers. Instead the NFSN FAQ describes it in "redirect http to https and HSTS". You use the X-Forwarded-Proto instead of the HTTPS variable because of how NFSN's virtual hosting is setup.

RewriteEngine on
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R=301]

Turning on HSTS is as simple as adding the HSTS HTTP header. However, the description in the above link didn't work because my site's NFSN realm isn't on the latest Apache yet. Instead I added the following to my .htaccess. After I'm comfortable with everything working well for a few days I'll start turning up the max-age to the recommended minimum value of 180 days.

Header set Strict-Transport-Security "max-age=3600;" 

Finally, to turn on CSP I started up Fiddler with my CSP Fiddler extension. It allows me to determine the most restrictive CSP rules I could apply and still have all resources on my page load. From there I found and removed inline script and some content loaded via http and otherwise continued tweaking my site and CSP rules.

After I was done I checked out my site on SSL Lab's SSL Test to see what I might have done wrong or needed improving. The first time I went through these steps I hadn't included the chain file which the SSL Test told me about. I was able to add that file to the same files I had already previously generated from the Let's Encrypt client and do another NFSN assistance request and 15 minutes later the SSL Test had upgraded me from 'B' to 'A'.

PermalinkCommentscertificate csp hsts https lets-encrypt nearlyfreespeech.net

Unicode Character Set Mappings

2012 Jun 11, 2:36

A leaf directory in a whole set of files that map from character set byte value to Unicode code point.  This one is a set of Microsoft character set byte mappings, but there are other vendors in there too.

PermalinkCommentstechnical unicode charset

PowerShell Script Batch File Wrapper

2011 May 22, 7:20

I'm trying to learn and use PowerShell more, but plenty of other folks I know don't use PowerShell. To allow them to use my scripts I use the following cmd.exe batch file to make it easy to call PowerShell scripts. To use, just name the batch file name the same as the corresponding PowerShell script filename and put it in the same directory.

@echo off
if "%1"=="/?" goto help
if "%1"=="/h" goto help
if "%1"=="-?" goto help
if "%1"=="-h" goto help

%systemroot%\system32\windowspowershell\v1.0\powershell.exe -ExecutionPolicy RemoteSigned -Command . %~dpn0.ps1 %*
goto end

:help
%systemroot%\system32\windowspowershell\v1.0\powershell.exe -ExecutionPolicy RemoteSigned -Command help %~dpn0.ps1 -full
goto end

:end

Additionally for PowerShell scripts that modify the current working directory I use the following batch file:

@echo off
if "%1"=="/?" goto help
if "%1"=="/h" goto help
if "%1"=="-?" goto help
if "%1"=="-h" goto help

%systemroot%\system32\windowspowershell\v1.0\powershell.exe -ExecutionPolicy RemoteSigned -Command . %~dpn0.ps1 %*;(pwd).Path 1> %temp%\%~n0.tmp 2> nul
set /p newdir=
PermalinkCommentspowershell technical programming batch file console

DVD Ripping and Viewing in Windows Media Center

2010 Aug 17, 3:05

I've just got a new media center PC connected directly to my television with lots of HD space and so I'm ripping a bunch of my DVDs to the PC so I don't have to fuss with the physical media. I'm ripping with DVD Rip, viewing the results in Windows 7's Windows Media Center after turning on the WMC DVD Library, and using a powershell script I wrote to copy over cover art and metadata.

My powershell script follows. To use it you must do the following:

  1. Run Windows Media Center with the DVD in the drive and view the disc's metadata info.
  2. Rip each DVD to its own subdirectory of a common directory.
  3. The name of the subdirectory to which the DVD is ripped must have the same name as the DVD name in the metadata. An exception to this are characters that aren't allowed in Windows paths (e.g. <, >, ?, *, etc)
  4. Run the script and pass the path to the common directory containing the DVD rips as the first parameter.
Running WMC and viewing the DVD's metadata forces WMC to copy the metadata off the Internet and cache it locally. After playing with Fiddler and reading this blog post on WMC metadata I made the following script that copies metadata and cover art from the WMC cache to the corresponding DVD rip directory.

Download copydvdinfo.ps1

PermalinkCommentspowershell wmc technical tv dvd windows-media-center

Google Code Blog: Introducing the Google Font API & Google Font Directory

2010 May 19, 1:56Google offers up a directory of fonts available for use in your css.PermalinkCommentsgoogle font technical css typography

Bookmarklet Directory - Marklets.com

2009 Aug 24, 8:23PermalinkCommentsweb browser javascript bookmarklet technical

Apple - Web apps - All Categories

2008 Apr 23, 2:42Web apps intended for the iPhone could easily be made into activities for IE8.PermalinkCommentsapple directory activity iphone software web tool tools

Main Page - Gutenberg

2008 Jan 5, 10:39Project Gutenberg is a directory of public domain literature.PermalinkCommentsarchive books fiction database directory literature writing free gutenberg public-domain

Windows Media Center and Zune Integration Hack

2007 Nov 28, 1:23One of the new Zune features that had me the most excited was the claimed improved Windows Media Center integration which unfortunately turned out to simply mean support for the Win MCE video format (with an exception for HD). I wanted to be able to pick shows recorded by my Win MCE and have the Zune automatically sync up the latest episodes. However, with the improved podcast support in the Zune software one can easily create a ridiculous hack to accomplish this.

The new Zune software has podcast support which does everything I'd want to do with a Win MCE recorded TV series so the goal is to shoehorn a TV series into a Zune podcast. An overview of the steps: Create an XSLT that converts Win MCE data to a podcast, run the XSLT as a scheduled task every few hours per TV series, setup a Web server pointed at the resulting podcasts and the Win MCE Recorded TV directory, and subscribe to the resulting podcasts in the Zune software.
  1. Reading through the Win MCE data stored as an XML file in "C:\ProgramData\Microsoft\eHome\Recording\Recordings.xml" and the spec for podcasts I created an XSLT to convert a series from Win MCE data to a podcast.
  2. I added a new task to the Scheduled Tasks to run my XSLT using my xsltproc.js script. The task runs a handful of commands that look something like the following:

    C:\windows\system32\wscript.exe C:\users\dave\bin\xsltproc.js C:\Users\Dave\Documents\trunk\development\mce-zune\mce-to-podcast.xslt C:\ProgramData\Microsoft\eHome\Recording\Recordings.xml --param title "The Daily Show With Jon Stewart" --param max 4 --param baseURI "http://groucho/" --param thisRelURI "tds.xml" -o "D:\recorded tv\tds.xml"

    For each TV series I run a command like the above and that outputs a podcast for that series into my "D:\Recorded TV\" directory.
  3. Zune only allows http URIs for its podcasts so I installed a web server on my Win MCE server. I'm running Vista Ultimate so it was quick and easy for me to install IIS7 but any Web server will do. Then I pointed it at "D:\Recorded TV\".
  4. Once all the above was done I just subscribed to the resulting podcasts via my Web server and viola! Since I'm forced to use a Web server I can even run the Zune software on a machine other than my Win MCE server. You can see a screen-shot above of my Zune software showing my Colbert Report podcast.
PermalinkCommentstechnical xml mce hack windows media center zune windows xslt podcast

Backup Notes

2007 Jul 13, 8:30I bought an external backup drive a few weekends ago. I've previously setup a Subversion repository so I decided to move everything into the repository and then back it up. So in went the contents of all of my %USERPROFILE% and ~ directories with a bit of sorting and pruning. Not too much though given its much easier to dump in everything and search for what I want then to take the time to examine and grade each file. What follows are the notes I took while setting this up. It takes me a bit of time to look up the help on each command so I figure I'll write it all down here for the benefit of myself and potentially others...

Setting Up the Backup Drive For Linux
I first changed the filesystem on the drive to ext3. I plugged it into my USB2.0 port and ran fdisk:

sudo fdisk /dev/sda

Useful commands I used to do this follow mostly in order:
m
help
p
print current partitions
d
delete current partition
n
create new partition (I used the defaults)
w
write changes and exit
Then I formatted for ext3.

sudo mkfs.ext3 /dev/sda1

I made it easy to mount:

sudo vim /etc/fstab
# added line to end:
/dev/sda1 /media/backup ext3 rw,user,noauto 0 0

I setup the directory structure on the disk

mount /media/backup
sudo mkdir /media/backup/users
sudo mkdir /media/backup/users/dave
sudo chown dave:dave /media/backup/users/dave


After all that its easy to make a copy of the Subversion repository:

mount /media/backup
cp -Rv /home/dave/svn /media/backup/users/dave/
umount /media/backup

Next on the agenda is to add a cron job to do this regularly.

Subversion Command Reference
On a machine that has local access to the Subversion repository you can check out a specific subdirectory as follows using the file scheme:

svn co file:///home/dave/svn/trunk/web/dave%40deletethis.net/public_html

Note also that although one of my directories is named 'dave@deletethis.net' Subversion requires the '@' to be percent-encoded.
Other useful subversion commands:
svn help
help
svn list file:///home/dave/svn/
list all files in root dir of svn depot
svn list -R file:///home/dave/svn/
list all files in svn depot
svn list -R file:///home/dave/svn/ | grep \/$
list all directories
svn status
List status of all files in the working copy directory as in - modified, not in repository, etc
svn update
Brings the working copy up to date wrt the repository
svn commit
Commit changes from the working copy to the repository
svn add / move / delete
Perform the specified action -- occurs immediately


Setting up Windows Client for Auto Auth into SVN
When using an SVN client on Windows via svn+ssh its useful to have the Windows automatically generate connections to the SVN server. I use putty on my Windows machines so I read the directions on using public keys with putty.

putty.exe dave@deletethis.net
cd .ssh
vim authorized_keys # leave the putty window open for now
puttygen.exe
Click the 'generate' button
Move the mouse around until finished
Copy text in 'Public key for pasting into OpenSSH authorized_keys file:' to putty window & save & close putty window
Enter Key passphrase & Comment in puttygen
Save the private key somewhere private
pageant.exe
'Add Key' the private key just saved.



Checking out using Tortoise SVN
On one of my Windows machines I've already installed Tortoise SVN. Checking out from my SVN repository was really easy. I just right clicked in Explorer in a directory and selected "SVN Checkout...". Then in the following dialog I entered the svn URI:

svn+ssh://dave@deletethis.net/home/dave/svn/trunk/web/dave%40deletethis.net/public_html/

Note again that the '@' that is part of the directory name is percent-encoded as '%40' while the '@' in the userinfo is not.

Windows Command Line Check Out
On my media center I didn't want to install Tortoise SVN so rather I used the command line tool. I setup pageant like before the only difficulty was getting the SVN command line tool to use putty. With the default configuration you can use the SVN_SSH environment variable to point at a compliant SSH command line tool. The trick is that its interpreted as a backslash escaped string. So I set mine thusly:

set SVN_SSH=C:\\users\\dave\\bin\\putty\\plink.exe

The escaping solved the vague error I received about not being able to create the tunnel.PermalinkCommentsbackup technical personal windows svn linux subversion

Web2.0 List, Web 2.0 Site

2006 Apr 3, 3:05PermalinkCommentsbookmark design web internet ajax web2.0 directory search
Older Entries Creative Commons License Some rights reserved.