Tag Archives: Nginx

Computer Networks, Software Engineering Curriculum

Topic 2 – Introduction to Computer Networks

Leave a comment

Why do I need to learn about computer networks?

Because you will develop software system that usually connects with other software systems via various networks.

What can I do after finishing learning computer networks?

You will be able to set up various software systems such as Domain Name System, Active Directory System, Electronic Mail, File Transfer Protocol System, Remote Desktop Services, File Services, HTTP Services.

You will be prepared to learn about network programming, game development, web application development, and distributed systems and blockchain.

What should I do now?

Please audit this The Bits and Bytes of Computer Networking course and complete all the quizzes.

Alternatively, you can read
– this Andrew S. Tanenbaum and David J. Wetherall (2021). Computer Networks. Pearson Education book, and
– this James F. Kurose and Keith W. Ross (2021). Computer Networking: A Top-Down Approach. Pearson book.

After that please read
– this Brian Svidergol et al. (2018). Mastering Windows Server 2016. Wiley book, and
– this Larry L. Peterson and Bruce S. Davie (2021). Computer Networks: A Systems Approach. Morgan Kaufmann book.

Terminology Review:

  • Computer Networking.
  • Computer Networks, Peer-to-Peer Systems, Local Area Networks, Wide Area Networks, Virtual Private Networks, ISP Networks, The Internet.
  • Network Software, Distributed Systems, World Wide Web, Network Protocols.
  • The OSI Reference Model: The Physical Layer, The Data Link Layer, The Network Layer, The Transport Layer, The Session Layer, The Presentation Layer, The Application Layer.
  • The TCP/IP Reference Model: The Link Layer, The Internet Layer, The Transport Layer, The Application Layer.
  • The TCP/IP 5-Layer Model: The Physical Layer, The Data Link Layer, The Network Layer, The Transport Layer, The Application Layer.
  • Network Interface Cards, RJ45 Ports and Plugs, Cables, Hubs, Switches, Routers, Servers, Clients, Nodes.
  • Bit, Octet (Byte), Modulation, Line Coding, Twisted Pair Cables, Simplex Communication, Duplex Communication, Full-Duplex, Half-Duplex.
  • Collision Domain, Ethernet, Carrier-Sense Multiple Access with Collision Detection (CSMA/CD), MAC Address.
  • Unicast, Broadcast, Multicast.
  • Data Packet, Ethernet Frame, Virtual LAN (VLAN), VLAN Header.
  • First-in-First-Out (FIFO).
  • IPv4 Addresses, IIPv4 Datagrams, IPv4 Address Classes, Address Resolution Protocol (ARP), Subnet Masks, CIDR (Classless Inter-Domain Routing).
  • Routing Tables, Autonomous System, Interior Gateway Protocols,  Exterior Gateway Protocols, Distance Vector Routing Protocols, Link State Routing Protocols, Core Internet Routers, Border Gateway Protocol (BGP), Non-Routable Address Space.
  • Multiplexing, Demultiplexing, Ports.
  • TCP Segment, TCP Control Flags, Three-way Handshake, Four-way Handshake, Transmission Control Protocol (TCP), TCP Socket, TCP Socket States.
  • Connection-Oriented Protocols, Connectionless Protocols.
  • User Datagram Protocol (UDP).
  • Firewall.
  • Network Address Translation.
  • Frames, Packets, Messages.
  • Network Socket.
  • Transport Service Primitives: LISTEN, CONNECT, SEND, RECEIVE, DISCONNECT.
  • Domain Name System (DNS).
  • Electronic Mail, SMTP Protocol.
  • File Transfer Protocol System.
  • Remote Desktop Services.
  • File Services.
  • HTTP Services.
  • Time Services.
  • Short Message Service (SMS).
  • Public Switched Telephone Network (PSTN), Plain Old Telephone Service (POTS), Modems, Dial-up (Phone Lines), Usenet.
  • Broadband, T-Carrier Technologies, Digital Subscriber Line (DSL, Phone Lines), Asymmetric Digital Subscriber Line (ADSL), Symmetric Digital Subscriber Line (SDSL), High Bit-Rate Digital Subscriber Line (HDAL), Digital Subscriber Line Access Multiplexers (DSLAM).
  • Cable Broadband (Television Lines), Cable Modems, Cable Modem Termination System (CMTS).
  • Fiber to the X (FTTX), Fiber to the Neighborhood (FTTN), Fiber to the Building (FTTB), Fiber to the Home (FTTH), Fiber to the Premises (FTTP), Optical Network Terminator.
  • Point to Point Protocol (PPP), Network Control Protocol (NCP), Link Control Protocol (LCP), Point to Point Protocol over Ethernet (PPPoE).

After finishing learning about computer networks please click Topic 3 – Introduction to Programming to continue.

 

Operating Systems

How to Set File Permissions for WordPress on Ubuntu

Leave a comment

Motivation:

  • You have a WordPress instance on Ubuntu Nginx.
  • You want to ensure that only the Nginx process can access WordPress files.

Procedure:

  1. View current file owner and group:
ls -l /var/html

The root folder should be owned by www-data user. www-data is the user that web servers like Apache and Nginx on Ubuntu use by default for their normal operation.

2. Change file owner and group to www-data if necessary:

sudo chown -R www-data:www-data /var/html

3. Set minimum permissions for folders:

cd /var/html
sudo find . -type d -exec chmod 755 {} \; # directory permissions rwxr-xr-x

4. Set minimum permissions for files:

cd /var/html
sudo find . -type f -exec chmod 644 {} \; # file permissions rw-r--r--

5. Verify the changes:

ls -l /var/html
Web Application Development

How to Use Let’s Encrypt

Leave a comment

Motivation:

Why use an SSL/TLS certificate to secure your website?

– To protect your website users from man-in-the-middle attacks.

– To ensure the integrity of the data being sent to your website.

Why use Let’s Encrypt SSL/TLS certificate?

– Because it is FREE.

Tested environment:

  1. Windows Server 2016/IIS 10
  2. win-acme.v2.2.9.1701.x64.pluggable
  3. Ubuntu 18.04
  4. certbot 0.27.0

On Windows and IIS:

  1. If you are using a cloud provider then ensure that HTTP and HTTPS service are enabled on cloud firewall.
  2. Log in a Windows server.
  3. Download
  4. win-acme.v2.2.9.1701.x64.pluggable.zip
  5. on https://github.com/win-acme/win-acme/releases.
  6. Unzip the files to C:\inetpub\win-acme.v2.2.9.1701.x64.pluggable
  7. Open Command Prompt (Admin) and execute below commands. 
    cd C:\inetpub\win-acme.v2.2.9.1701.x64.pluggable
  8. Type wacs.exe and press Enter
  9. Follow the instructions.
  10. Open Task Scheduler and ensure that a task with description “Check for renewal of ACME certificates.” has been created.
  11. Open Firewall port 443 if needed.
  12. Open the selected website using HTTPS protocol.
  13. Update emails to which notifications will be sent: Open wacs.exe, type O, then A, then y, and enter an email.
  14. Remove website from automatic renewal: 
    wacs.exe --list // Copy the exact name between ": " and " - renewed" without quotes. // Example: [IISBinding] huybien.com 
wacs.exe --cancel --friendlyname "[IISBinding] huybien.com"

Upgrading win-acme

  1. Go to the old version folder, type wacs, press a, press c to cancel renewal.
  2. Download and extract new version.
  3. Go to the new version folder, type wacs, press N to create new certificates, and select option to replace the existing scheduled task.
  4. Delete the old version folder.

Redirecting HTTP to HTTPS in IIS7

  1. Install the Microsoft URL Rewrite Module if needed.
  2. Make sure Require SSL is NOT checked under SSL Settings for your website.
  3. Copy and paste the following code between the <rules> and </rules> tags in your web.config file in your website root directory. 
    <rule name="HTTP to HTTPS redirect" stopProcessing="true">
   <match url="(.*)" />
      <conditions>
         <add input="{HTTPS}" pattern="off" ignoreCase="true" />
      </conditions>
   <action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}/{R:1}" />
</rule>
  4. Open your site using HTTP protocol and ensure that you are redirected to the HTTPS site.

Multiple SSL Certificates per IP Address

  1. You have to use Server 2012 IIS to support Server Name Indication (SNI) which allows you to bind multiple SSL certificates to a single IP Address.
  2. Please repeat the Procedure for each site, then go to the IIS site, Bindings and ensure that the check box Require Server Name Indication is selected and the corresponding SSL Certificate is selected.
  3. Please be noted that SNI does not work with Windows XP clients.

On Ubuntu and nginx

  1. Login as root via SSH to a Ubuntu server.
  2. Execute 3 commands below.
sudo apt install python-certbot-nginx
sudo certbot --nginx -d huybien.com -d www.huybien.com -d example.com -d www.example.com 
sudo certbot renew --dry-run

3. Remove a certificate:

sudo certbot delete

4. Update emails to which notifications will be sent:

sudo certbot register --update-registration --email [email protected]

5. Review Let’s Encrypt’s log file:

sudo nano /var/log/letsencrypt/letsencrypt.log
# Press Ctrl+W, then enter a string to be found.
# Press Alt+W to find a next match.