Author: Thomas Faddegon

Bla bla bla

Howto: Configure cloudflare for wordpress

My web hosting company don’t support subdomain SSL certificates. And because Google’s Chrome in July is required HTTPS on all websites (otherwise you get an error your website isn’t safe) I had some deadline to make my blog HTTPS. Cloudflare is a nice reverse proxy solution and the basic plan is free to use also.

So what I did was create a cloudflare account and put my website behind it. After I did that I forced the HTTPS and voila my website was HTTPS. The steps you must take.

Note: this trick will also work if you want to use cloudflare as a reverse proxy to prevent DDoS, to optimize your site security, hide your hosting party backend and make your website a lot faster. If you use a raspbery Pi for example at your home location you can put cloudflare between the visitor and your home IP and save you a lot of trouble.

  • If you use the wordfence plugin also be sure your PHP version is higher than 5.6. Otherwise you get some errors and conflicts (more info)
  • Go to cloudflare an create an account
  • Configure your DNS

  • (temporary) disable your DNSSEC at you domain if that is enabled (cloudflare cannot succesfully transfer your DNS otherwise). For me I had to create a ticket with my domain register company
  • Cloudflare give you 2 new name servers. Ask your domain registry company to change these DNS name servers if you can change it by yourself

  • After a succesfull DNS nameserver change cloudflare shows in the portal everything is ok:

  • Optimize your cloudflare for wordpress in the cloudflare wordpress plugin and enable HTTPS rewrites

  • Now edit your url in the settings >general in your wordpress

  • And finaly go to cloudflare and enable always uses HTTPS under crypto

Now everything is done and your website is fully HTTPS at the frontend (with automatic HTTP > HTTPS URL rewrites). Because my backend don’t have an SSL certificate all the data between cloudflare and my hosting company is still unencrypted. So this is a nasty workaround but you don’t have any problem with Chrome HTTPS problems in the near future anymore.

Ubuntu Linux cannot ping FQDN

Because this is the fifth time I fixed this issue I write a blog about it…

Microsoft uses .local as the recommended root of internal domains, and serves them via unicast dns. Linux uses .local as the root of multicast dns. If you’re stuck on a broken MS network like this, reconfigure your linux multicast DNS to use a different domain like .alocal.

To do this, add a domain-name=.alocal line to the [server] section of /etc/avahi/avahi-daemon.conf, then restart avahi-daemon: sudo service avahi-daemon restart.

[server]
domain-name=.alocal

You may need to flush the DNS, mDNS and resolver cache, as well as restart your web browsers to clear their internal cache.

Source: http://www.lowlevelmanager.com/2011/09/fix-linux-dns-issues-with-local.html

How to truncate Mirrored Database Log File

First backup your transaction logging:

  1. Tasks > Backup
  2. Select transactionlog backup en select a disk where to backup
  3. Now check the status with DBCC LOGINFO(DATABASENAME)
  4. Check if the last status record is 0 (zero)
  5. When the status is 2 make another backup
  6. When the status is 0 you can run: DBCC SHRINKFILE(2)

You can use this script also:
Backup LOG DBNAME
TO DISK = 'C:\SQL_TMP\transactionlog.trn'
WITH STATS
GO
DBCC LOGINFO(DBNAME)
DBCC SHRINKFILE(2)

Move a window when you don’t have any focus

Method #1
Won’t work with a maximized Window.

  • Alt-Tab or Click On the Window
  • Press “Alt & Space”
  • Press “M”
  • Use your arrow keys to move the Window
  • Press Enter to exit

Method #2
Will move your Window to the right or left half of the screen in the same manner as dragging a window to the right or left of the screen will.

  • Press the Windows Key & Right Arrow or Left Arrow
  • Move a Window with the Keyboard-right

Method #3
will move your Window one display to the right or left.

  • Press the Windows Key & Shift & Right Arrow or Left Arrow

This is an copy paste from a website. All credits to: http://www.sevenforums.com/tutorials/77361-move-window-keyboard.html

Create a strong self-signed certificate for multiple years

If you follow these steps you can create a self signed certificate with the following specifications:

  • Wildcard certificate
  • SHA256 hash
  • 10 years
  • 2048 bits public key
  • Client and server verification
  • Sha1 fingerprint

Be aware that self-signed certificates can manipulate by a man-in-the-middle. You should not use this in critical production environments.

Please use windows 10 powershell in admin mode. Otherwise you will get errors

New-SelfSignedCertificate -certstorelocation cert:\localmachine\my -dnsname *.domain.local -NotBefore $([datetime]::now.AddDays(-15)) -NotAfter $([datetime]::now.AddDays(3560))

Now export the certificates. Before you copy/paste change the thumbprint with the thumbprint you get from the above command.

$CertPassword = ConvertTo-SecureString -String "YourPassword" -Force –AsPlainText
Export-PfxCertificate -Cert cert:\LocalMachine\My\C6B46CEB7D3A40DB08E78B19FEDD3A24EA7A7919  -FilePath C:\test.pfx -Password $CertPassword
Export-Certificate -Cert Cert:\LocalMachine\My\C6B46CEB7D3A40DB08E78B19FEDD3A24EA7A7919 -FilePath C:\tstcert.cer

Now you can import the PFX with IIS and bind the certificate in IIS.
And import the *.CER in your MMC > Certificates > Computer account > trusted root Certification authority > Certificates

Have fun with your certificate the next 10 years 😀

command-prompt-powershell

Inspiration