KNOK

In this article I introduced how to use frp to establish an SSH connection to a local server. In fact, services running on a local server also can be exposed to the internet via frp's TCP forwarding. For instance, I ran a chat service on my old laptop without public IP address and made it accessible over the internet. However, a potential security issue is that the traffic between the local client and server is plaintext if you just use the tcp or http mode. This article records how to enable TLS feature.

- READ MORE -

Aria2 is a lightweight and powerful download utility. However, since aria2 is operated using command, it is slightly difficult for the normal user. Therefore, typically I use AriaNg as the web frontend to visualize the aria2.

- READ MORE -

As Typecho does not support audio and video, playing them on Typecho pages requires a plugin. However, most plugins obtain audio resources from playlists on Netease Cloud or QQ Music, which means the song choices are limited. In addition, some guys, like me, prefer not to use these APPs to listen to music. Plyr is a simple HTML5, YouTube, and Vimeo player, and it was ported to Typecho called Typecho-Plugin-Plyr. The audio/video can be played by using this tiny tool.

- READ MORE -

In a previous article I introduced how to issue an SSL cert for a single subdomain using acme. If there are several services running on a server (e.g., cloud storage, blog, chatroom), and each service has a subdomain, it is helpful to secure multiple subdomain names (hosts) under the same base domain using the wildcard cert.

- READ MORE -

If a server has RAM less than 1 GB or uses resource heavy services, it would be a good idea to enable swap space as the RAM may be exhausted here. This article records how I enable Swap on Linux.

- READ MORE -

frp is a fast reverse proxy to expose a local server behind a network address translation (NAT) or firewall to the internet. This article introduces how to use frp to establish a SSH connection with a server that does not have a public IP address, even if two servers are not in same local area network (LAN).

- READ MORE -

Since buying the first server last year, I have bought several servers up to now. Because they are exposed to the internet, some necessary configurations in terms of firewall, ssh, etc., are required for security issues. This article records how I setup a server from scratch. I generally use Debian/Ubuntu, and Debian is used as an example server in this article. Some commands may differ for other distributions, but the overall process is similar.

- READ MORE -

From July 1, 2018, Chrome shows all sites that do not use SSL certificates as "not secure", while sites with SSL certificates receive a boost in weight ranking. In fact, it is easy to issue, install, and renew an SSL/TLS certificate. All needed are a virtual private server (VPS) and a domain name pointing to this server's IP. In this article, I'm going to show how to acquire an SSL cert using acme.

- READ MORE -