CloudPanel website causing “Too many redirects”

I have installed CloudPanel and the new website caused a “Too many redirects” bug. This is because my SSL certificates are controlled by a proxy and this can cause some confusion between the systems. Also, because CloudPanel installs its own certificates.

This application can also install a Let’s Encrypt certificate, but this works only in more conventional systems. Mine is going through a DNS to a Proxy that listens to a certain IP address and that proxy redirects the request to a Virtual Machine on one of my servers.

So, here is my, probably unconventional method of disabling the SSL certificates on my CloudPanel installation:

  1. Open the CloudPanel controlpanel.
  2. Select the website you want to edit
  3. Choose the Vhost tab
  4. Change the following code into the new code:
server {
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
{{ssl_certificate_key}}
{{ssl_certificate}}
server_name subdomain.3xn.nl;
{{root}}

{{nginx_access_log}}
{{nginx_error_log}}

if ($scheme != "https") {
rewrite ^ https://$host$uri permanent;
}
server {
listen 80;
listen [::]:80;
# listen 443 ssl http2;
# listen [::]:443 ssl http2;
# {{ssl_certificate_key}}
# {{ssl_certificate}}
server_name subdomain.3xn.nl;
{{root}}

{{nginx_access_log}}
{{nginx_error_log}}

# if ($scheme != "https") {
# rewrite ^ https://$host$uri permanent;
# }

Done! Your website should now say “Hello world :-)”

You can see that I have disabled the listen to port 443, the certificate keys, the forced https and the path to the keys. I chose to switch off the forced HTTP, because my proxy is already taking care of that.

This post is subject to change, but this helps you along your way!

Loading

Archivebox Docker superuser root issues

Since unraid forum is throwing a hissyfit with its captcha thing, I’ll just post it on my own website.

Issue:

root@<containername>:/data# archivebox manage createsuperuser
[i] [2021-11-11 14:29:07] ArchiveBox v0.6.2: archivebox manage createsuperuser
> /data

[i] ArchiveBox should never be run as root!
For more information, see the security overview documentation:
https://github.com/ArchiveBox/ArchiveBox/wiki/Security-Overview#do-not-run-as-root

Oh noes. Open the unraid console and type:

$ sudo docker exec -it --user archivebox <containername> /bin/bash

If you do not know the name of your docker, open the console panel of the archivebox docker and search in the url for “container=”. The number behind that is the name of your docker.

So your prompt looks like this:

archivebox@<containerid>:/data$

Then run:

archivebox manage createsuperuser

Sauce: https://forums.unraid.net/topic/95296-run-docker-as-another-user/?do=findComment&comment=993988

Loading

[Solved] HP LaserJet 300 colorMFP M375nw scan to network folder fails

“Cannot connect to the network folder. Ensure the shared folder name is correct”

TL;DR: Switch SMB 1.0/CIFS support ON in Windows 10. Share folder to everyone. Maybe use the computer’s user/pass. Done.

My HP LaserJet 300 colorMFP M375nw suddenly stopped scanning to a network folder in Windows 10. After many hours of futile searching, I have found the solution.

Perhaps it is not the safest solution, but heck it needs to work. Now.

If you have not changed anything to your share folder, please proceed to step 2.

STEP ONE.
Setting up your shared folder is a drag in Windows 10, since you can basically do it in multiple ways with one showing something differently than the other.

1. R-Click the folder that you want to share
2. Click Properties
3. Click the Share tab
4. Select Everyone in the pull-down menu
5. Click Add
6. Select Read/Write on the right of the Everyone entry
7. Click the Share button
8. Click Ready or OK
9. Close the Properties window

STEP TWO.
1. Open the control panel
2. Click Programs and Features
3. Click Programs and Functions in the top right corner
4. Click Add/Remove Windows Features in the left column. (the one with the shield ,I am translating this from Dutch)
5. Search for SMB 1.0/CIFS support and check that box
6. Click OK
7. Reboot

Thing should be working again and if not, do check if the shared folder address in your printer’s share panel is correct.

Loading

How to set up a domain and e-mail with Virtualmin

Virtualmin is a rock solid control panel for your VPS, it’s simple as that. It’s sometimes not so simple to set it up correctly due to its many options.

I’ve tried my best to make a decent manual that explains how to set up a domain and email in a quick and dirty way. I’m not talking about security and stuff yet. It’s just about setting things up.

I am also assuming your freshly (re)built VPS has a root password set and that you are now ssh-ing into it. If not, do it now.

  1. First thing you need to do is find the name of your network interface
    ifconfig

    It’s probably venet0 (that’s venetzero)

  2. apt-get update
  3. apt-get install wget nano curl ca-certificates -y
  4. cd ~
  5. wget http://software.virtualmin.com/gpl/scripts/install.sh
  6. sudo /bin/sh install.sh
  7. READ THE TEXT BEFORE PRESSING Y
  8. Press Y and enter to continue. It will now do the thing. Patience, young one. Phase 1, 2 and 3 should all install without a hitch.  [ OK! ]
  9. While you are waiting, go set up the DNS at your registrar.
    @ 1000 MX 10 mail.domainname.tld
    
    * 1000 A 0 VPS_IP_ADDRESS
    
    @ 1000 A 0 VPS_IP_ADDRESS
    
    ftp 1000 A 0 VPS_IP_ADDRESS
    
    localhost 1000 A 0 127.0.0.1
    
    mail 1000 A 0 VPS_IP_ADDRESS
    
    pop 1000 A 0 VPS_IP_ADDRESS
    
    www 1000 A 0 VPS_IP_ADDRESS

    Don’t worry about the SPF, domainkey, the acme-challenge and the dmarc yet.

  10. If you get “Device “link” does not exist.”, type in the name of the network interface you found at step 1

All should be ready now and you should see a few success messages. If not, go fix.

Time for a little maintenance.
  1. apt-get update
  2. apt-get upgrade -y
  3. apt-get dist-upgrade -y
  4. apt-get autoremove
  5. apt-get autoclean
  6. RESTART THE VPS
To the control panel mobile!

https://HOSTNAME:10000

  1. Log in with your root password
  2. You will now have to go through the post-installation wizard, press Next
  3. Set everything up to according to your wishes. For me, that’s:
    Preload Virtualmin libraries? yes
    Run email domain lookup server? yes
    next
    Run ClamAV server scanner? yes
    next
    Run SpamAssassin server filter? yes
    next
    Run MariaDB/MySQL database server? yes
    Run PostgreSQL database server? no
    next
    Set a MySQL password. Make it strong!
    MariaDB/MySQL configuration size: 
    next
    Primary nameserver : YOUR_HOSTNAME and tick the checkbox “Skip check for resolvability”
    next
    Password storage mode: Only store hashed passwords
    next
    Virtualmin post-installation configuration is now complete!
    next
Are we done yet? D: No.
  1. Click “Re-check and refresh configuration”If you get

    Virtualmin is configured to setup DNS zones, but this system is not setup to use itself as a DNS server. Either add 127.0.0.1 to the list of DNS servers, or turn off the BIND feature on the module config page.

    Click list of DNS servers and add 127.0.0.1 in the DNS Servers field and press Save. Next, click Apply Configuration. Then, click the Virtualmin on top, click System Settings and then Re-check Configuration.

  2. No errors? Click Return To Virtual Servers List

Your Virtualmin installation is now ready to had domain names etc added.

Set up your first virtual server
  1. Click Add New Virtual Server, Owned By: <new user>
  2. Enter the following data:
    Domain name: YOUR_DOMAINNAME.TLD
    Description: Optional, but make a short desc.
    Administration Password: STRONG_PASSWORD!Under Enabled Features tick the options you would like to have. I basically tick everything except for “Setup IP-based virtual FTP” since I don’t need it.
  3. Click Create Server
  4. If all went well, click Return To Virtual Server Details where you can check things again
Time to install a SSL certificate for your domain
  1. Is your domain available already under simple http://? If you have moved your domain and changed your DNS, ping your domain as well to see if everything is set correctly and has been propagated completely. Your frontpage of your domain should say “Apache2 Debian Default Page”
  2. Time to make some DNS additions! Click Server Configuration and then click DNS Records.
  3. Move the following data over to your DNS settings at your registrar:
    SPF, _acme-challenge.mail and _acme-challengeSo, here’s an example:For SPF:

    DOMAINNAME 1000 TXT 0 v=spf1 a mx a:DOMAINNAME.TLD ip4:IPADDRESS1 ip4:IPADDRESS2 ?all

    For the acme challenges:

    _acme-challenge.mail 1000 TXT 0 RANDOMSTRING_OFCHARACTERS
    
    _acme-challenge 1000 TXT 0 RANDOMSTRING_OFCHARACTERS
  4. When everything is set up, go to the Virtualmin tab, click Server Configuration and then click SSL Certificate
  5. Click Let’s Encrypt
  6. Did you set up your DNS according to the pre-filled list you see in the field named “Domains associated with this server”? Then you’re good to go and click Request Certificate. If not, manually enter the domain and subdomains.At this point, the request either succeeds or fails. In the latter case, click SSL Certificate again, then Let’s Encrypt and correct the wrong entry.TIP: If you have errors and try to get a certificate too many times, you get an error about that as well. If you get the following message, go play outside for a little bit or proceed with setting up email as described in the next part.
    Error requesting challenges: Error creating new authz :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/
  7. dfdsfsf
Setting up e-mail
  1. Click the Virtualmin tab, then Edit Users
  2. Click + Add a user to this server
  3. Enter a mailbox name, like “info”
  4. Enter a password
  5. Click the Create button

Now this has been set up, you can poke your DNS settings again! Woo!

  1. Click the Virtualmin tab, then Email Settings, then DomainKeys Identified Mail
  2. Click Install Now and wait
  3. At the bottom of the page, it should read
    installation completed successfully
  4. Click Return To DKIM Form
  5. Set the DKIM up as follows:Signing of outgoing mail enabled? yes
    Selector for DKIM record name: 2018
    Reject incoming email with invalid DKIM signature? yes
    Size of new DKIM key: 2048Press Save when done
  6. All should be well, so click Return To DKIM Form
  7. Click Return To Virtual Servers List
  8. Click the Virtualmin tab, then Server Configuration, then DNS Options
  9. Set this form up as follows:SPF record enabled? yes
    Allowed sender hostnames: DOMAINNAME.TLD
    DMARC record enabled? yesPress Save when done
  10. Click the Virtualmin tab, then Server Configuration, then DNS Records
  11. Copy the _dmarc entry over to your DNS settings at your registrar
  12. Click the Virtualmin tab, then Email Settings, then DomainKeys Identified Mail
  13. Set “Signing of outgoing mail enabled?” to yes
  14. Click the Save button
  15. Click Return to DKIM form
  16. Copy part of the content of the field “DNS records for additional domains” over to your DNSExample:
    2018._domainkey IN TXT ( “v=DKIM1; k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8/I4PwduFS/q”
    “U4y6pDFNFYf868Z2p+BNw+QRMphZ6YnVt1MWeVtNIXnYvhUtf6jhAX2BZ5gl8R2ILyL9NCkFe8W5cAVR”
    “/cZkZl6OIc7fdTiLePYNCS3HcVcTiE0Szb3zwDRAZE2XyAqFvNQJuVe/H5tJxlOAu1vhqv3FuZM1viv9”
    “VfiPQ77oQ9eOmQMZH59+QL/Vw4fnUnui4QhqRaH+iLb1bQdcJqIu1y3M+bgSCmrSu7v40V1G+wmUY13J”
    “fg41SIvYbuEe+CGjwMjVW0KFC15x3m5ChwM3q68b5gBv0L+JeMG27+DDQ5CSUIZSAJU0XifyeAfTIfRe”
    “5L+Bec7hQIDAQAB” )This will end in a train wreck, so remove the first part, namely:2018._domainkey IN TXT ( …. )

    Now, clean up the rest in Notepad++:

    “v=DKIM1; k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8/I4PwduFS/q” “U4y6pDFNFYf868Z2p+BNw+QRMphZ6YnVt1MWeVtNIXnYvhUtf6jhAX2BZ5gl8R2ILyL9NCkFe8W5cAVR” “/cZkZl6OIc7fdTiLePYNCS3HcVcTiE0Szb3zwDRAZE2XyAqFvNQJuVe/H5tJxlOAu1vhqv3FuZM1viv9” “VfiPQ77oQ9eOmQMZH59+QL/Vw4fnUnui4QhqRaH+iLb1bQdcJqIu1y3M+bgSCmrSu7v40V1G+wmUY13J” “fg41SIvYbuEe+CGjwMjVW0KFC15x3m5ChwM3q68b5gBv0L+JeMG27+DDQ5CSUIZSAJU0XifyeAfTIfRe” “5L+Bec7hQIDAQAB”

  17. Really, clean up the text before entering it into your DNS.

VALIDATE and install FAIL2BAN

(sorry, i can’t remember how to proceed this installation since the last edit was two years ago.)

Good luck.

Loading

Set up Catch-All in Virtualmin

  1. Go to your control panel
  2. Choose your virtual server by selecting the desired domain in the pulldown menu.
  3. Click Edit Mail Aliases
  4. Select All Users
  5. Choose the way you wish to have it delivered

I, for example, want to have it delivered to a gmail box, so i do the following:

  1. Select “Yes, forward to addresses”
  2. Enter off-site email address in the field with the title: “Forward to other address?”

Click Save and you’re set.

Loading