How to Enable TLS 1.3 in Apache on Fedora 30
Using a Different System? TLS 1.3 is a version of the Transport Layer Security (TLS) protocol that was published in 2018 as a proposed standard in RFC 8446
NodeBB is a Node.js based forum. It utilizes web sockets for instant interactions and real-time notifications. NodeBB source code is publicly hosted on Github. This guide will walk you through the NodeBB installation process on a fresh Fedora 28 Vultr instance using Node.js, MongoDB as a database, Nginx as a reverse proxy and Acme.sh for SSL certificates.
NodeBB requires the following software to be installed:
A
/AAAA
records set upCheck the Fedora version.
cat /etc/fedora-release
# Fedora release 28 (Twenty Eight)
Create a new non-root user account with sudo
access and switch to it.
useradd -c "John Doe" johndoe && passwd johndoe
usermod -aG wheel johndoe
su - johndoe
NOTE: Replace johndoe
with your username.
Set up the timezone.
timedatectl list-timezones
sudo timedatectl set-timezone 'Region/City'
Ensure that your system is up to date.
sudo dnf check-upgrade || sudo dnf upgrade -y
Install necessary packages.
sudo dnf install -y git wget vim gcc-c++ make
For simplicity, disable SELinux and Firewall.
sudo setenforce 0
sudo systemctl stop firewalld
sudo systemctl disable firewalld
NodeBB is driven by Node.js, and so it needs to be installed. The installation of the current LTS version of Node.js is recommended.
Install Node.js.
sudo dnf install -y nodejs
Verify the installation of Node.js and npm.
node -v && npm -v
# v8.11.3
# 5.6.0
MongoDB is the default database for NodeBB.
Install MongoDB.
sudo dnf install -y mongodb mongodb-server
Check the version.
mongo --version | head -n 1 && mongod --version | head -n 1
# MongoDB shell version v3.6.3
# db version v3.6.3
Enable and start the MongoDB service.
sudo systemctl enable mongod.service
sudo systemctl start mongod.service
Create a MongoDB database and user for NodeBB.
First connect to the MongoDB server.
mongo
Switch to the built-in admin
database.
> use admin
Create an administrative user.
> db.createUser( { user: "admin", pwd: "<Enter a secure password>", roles: [ { role: "readWriteAnyDatabase", db: "admin" }, { role: "userAdminAnyDatabase", db: "admin" } ] } )
NOTE: Replace the placeholder <Enter a secure password>
with your own selected password.
Add a new database called nodebb
.
> use nodebb
The database will be created and context switched to nodebb
. Next create the nodebb
user with the appropriate privileges.
> db.createUser( { user: "nodebb", pwd: "<Enter a secure password>", roles: [ { role: "readWrite", db: "nodebb" }, { role: "clusterMonitor", db: "admin" } ] } )
NOTE: Again, replace the placeholder <Enter a secure password>
with your own selected password.
Exit the Mongo shell.
> quit()
Restart MongoDB and verify that the administrative user created earlier can connect.
sudo systemctl restart mongod.service
mongo -u admin -p your_password --authenticationDatabase=admin
Install Nginx.
sudo dnf install -y nginx
Check the version.
sudo nginx -v
# nginx version: nginx/1.12.1
Enable and start Nginx.
sudo systemctl enable nginx.service
sudo systemctl start nginx.service
NodeBB by default runs on port 4567
. To avoid typing http://example.com:4567
, we will configure Nginx as a reverse proxy for the NodeBB application. Every request on port 80
or 443
(if SSL is used) will be forwarded to port 4567
.
Run sudo vim /etc/nginx/conf.d/nodebb.conf
and populate it with the basic reverse proxy configuration below.
server {
listen [::]:80;
listen 80;
server_name forum.example.com;
root /usr/share/nginx/html;
client_max_body_size 50M;
location /.well-known/acme-challenge/ {
allow all;
}
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_hide_header X-Powered-By;
proxy_set_header X-Nginx-Proxy true;
proxy_pass http://127.0.0.1:4567;
proxy_redirect off;
# Socket.IO Support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
In the config above, update the server_name
directive with your domain/hostname.
Check the configuration.
sudo nginx -t
Reload Nginx.
sudo systemctl reload nginx.service
Securing your forum with HTTPS is not necessary, but it will secure your site's traffic. Acme.sh is a pure unix shell software for obtaining SSL certificates from Let's Encrypt with zero dependencies.
Download and install Acme.sh.
sudo mkdir /etc/letsencrypt
git clone https://github.com/Neilpang/acme.sh.git
cd acme.sh
sudo ./acme.sh --install --home /etc/letsencrypt --accountemail [email protected]
cd ~
source ~/.bashrc
Check the version.
/etc/letsencrypt/acme.sh --version
# v2.7.9
Obtain RSA and ECDSA certificates for the forum.example.com
domain/hostname.
# RSA 2048
sudo /etc/letsencrypt/acme.sh --issue --home /etc/letsencrypt -d forum.example.com --webroot /usr/share/nginx/html --reloadcmd "sudo systemctl reload nginx.service" --accountemail [email protected] --ocsp-must-staple --keylength 2048
# ECDSA/ECC P-256
sudo /etc/letsencrypt/acme.sh --issue --home /etc/letsencrypt -d forum.example.com --webroot /usr/share/nginx/html --reloadcmd "sudo systemctl reload nginx.service" --accountemail [email protected] --ocsp-must-staple --keylength ec-256
After running the commands above, your certificates and keys will be in the following directories:
/etc/letsencrypt/forum.example.com
/etc/letsencrypt/forum.example.com_ecc
After obtaining certificates from Let's Encrypt, we need to configure Nginx to use them.
Run sudo vim /etc/nginx/conf.d/nodebb.conf
again and configure Nginx as an HTTPS reverse proxy.
server {
listen [::]:443 ssl http2;
listen 443 ssl http2;
listen [::]:80;
listen 80;
server_name forum.example.com;
root /usr/share/nginx/html;
client_max_body_size 50M;
location /.well-known/acme-challenge/ {
allow all;
}
# RSA
ssl_certificate /etc/letsencrypt/forum.example.com/fullchain.cer;
ssl_certificate_key /etc/letsencrypt/forum.example.com/forum.example.com.key;
# ECDSA
ssl_certificate /etc/letsencrypt/forum.example.com_ecc/fullchain.cer;
ssl_certificate_key /etc/letsencrypt/forum.example.com_ecc/forum.example.com.key;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://127.0.0.1:4567;
proxy_redirect off;
# Socket.IO Support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
Check the configuration.
sudo nginx -t
Reload Nginx.
sudo systemctl reload nginx.service
Create a document root directory.
sudo mkdir -p /var/www/nodebb
Change ownership of the /var/www/nodebb
directory to johndoe
.
sudo chown -R johndoe:johndoe /var/www/nodebb
Navigate to the document root folder.
cd /var/www/nodebb
Clone the latest NodeBB into the document root folder.
git clone -b v1.10.x https://github.com/NodeBB/NodeBB.git .
Run the NodeBB setup command and answer each question when prompted.
./nodebb setup
After NodeBB setup is completed, run ./nodebb start
to manually start your NodeBB server.
./nodebb start
After this command, you will be able to access your forum in your web browser.
When started via ./nodebb start
, NodeBB will not automatically start up again when the system reboots. To avoid that, we will need to setup NodeBB as a system service.
If it is running, stop NodeBB.
./nodebb stop
Create a new nodebb
user.
sudo useradd nodebb
Change the ownership of the /var/www/nodebb
directory to nodebb
user.
sudo chown -R nodebb:nodebb /var/www/nodebb
Create the nodebb.service
systemd unit config file. This unit file will handle startup of the NodeBB deamon. Run sudo vim /etc/systemd/system/nodebb.service
and populate the file with the following content.
[Unit]
Description=NodeBB
Documentation=https://docs.nodebb.org
After=system.slice multi-user.target mongod.service
[Service]
Type=forking
User=nodebb
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=nodebb
Environment=NODE_ENV=production
WorkingDirectory=/var/www/nodebb
PIDFile=/var/www/nodebb/pidfile
ExecStart=/usr/bin/env node loader.js
Restart=always
[Install]
WantedBy=multi-user.target
NOTE: Set username and directory paths according to your chosen names.
Enable nodebb.service
on reboot and immediately start nodebb.service
.
sudo systemctl enable nodebb.service
sudo systemctl start nodebb.service
Check the nodebb.service
status.
sudo systemctl status nodebb.service
sudo systemctl is-enabled nodebb.service
That's it. Your NodeBB instance is now up and running.
Using a Different System? TLS 1.3 is a version of the Transport Layer Security (TLS) protocol that was published in 2018 as a proposed standard in RFC 8446
¿Usando un sistema diferente? osTicket es un sistema de tickets de soporte al cliente de código abierto. El código fuente de osTicket está alojado públicamente en Github. En este tutorial
Using a Different System? WonderCMS is an open source, fast and small flat file CMS written in PHP. WonderCMS source code is hosted on Github. This guide wil
¿Usando un sistema diferente? October 1.0 CMS es un sistema de gestión de contenido (CMS) simple y confiable, gratuito y de código abierto creado en el marco de Laravel
Using a Different System? MyBB is a free and open source, intuitive and extensible forum program. MyBB source code is hosted on GitHub. This guide will sho
Using a Different System? Redaxscript 3.2 CMS is a modern and ultra lightweight, free and open source Content Management System (CMS) with rocket-fas
¿Usando un sistema diferente? NGINX se puede utilizar como servidor HTTP / HTTPS, servidor proxy inverso, servidor proxy de correo, equilibrador de carga, terminador TLS o cachin
¿Usando un sistema diferente? ImpressPages CMS 5.0 es un sistema de gestión de contenido (CMS) simple y efectivo, gratuito y de código abierto, fácil de usar y basado en MVC
¿Usando un sistema diferente? Pagekit 1.0 CMS es un sistema de administración de contenido (CMS) hermoso, modular, extensible y liviano, gratuito y de código abierto con
Using a Different System? Gitea is an alternative open source, self-hosted version control system powered by Git. Gitea is written in Golang and is
Using a Different System? Paste 2.1 is a simple and flexible, free and open source pastebin application for storing code, text and more. It was initiall
¿Usando un sistema diferente? ProcessWire CMS 3.0 es un sistema de gestión de contenido (CMS) simple, flexible y potente, gratuito y de código abierto. ProcessWire CMS 3.
Using a Different System? Omeka Classic 2.4 CMS is a free and open source digital publishing platform and Content Management System (CMS) for sharing digita
¿Usando un sistema diferente? MODX Revolution es un sistema de gestión de contenido (CMS) de nivel empresarial rápido, flexible, escalable, gratuito y de código abierto escrito i
¿Usando un sistema diferente? TaskWarrior es una herramienta de gestión de tiempo de código abierto que es una mejora en la aplicación Todo.txt y sus clones. Debido a th
Using a Different System? Lychee 3.1 Photo Album is a simple and flexible, free and open source photo-management tool which runs on a VPS server. It install
Using a Different System? HTMLDoc will dynamically parse Postscript (PDF 1.6) documents from correctly written Hypertext (HTML 3.2). This will allow you t
Using a Different System? Matomo (formerly Piwik) is an open source analytics platform, an open alternative to Google Analytics. Matomo source is hosted o
¿Usando un sistema diferente? Couch CMS es un sistema de gestión de contenido (CMS) simple y flexible, gratuito y de código abierto que permite a los diseñadores web diseñar
Introduction MyCLI is a command line client for MySQL and MariaDB that allows you to auto-complete and helps with the syntax of your SQL commands. MyCL
Los ataques de ransomware van en aumento, pero ¿puede la IA ayudar a lidiar con el último virus informático? ¿Es la IA la respuesta? Lea aquí, sepa que la IA es una bendición o una perdición
ReactOS, un sistema operativo de código abierto y gratuito, está aquí con la última versión. ¿Puede satisfacer las necesidades de los usuarios de Windows de hoy en día y acabar con Microsoft? Averigüemos más sobre este estilo antiguo, pero una experiencia de sistema operativo más nueva.
Whatsapp finalmente lanzó la aplicación de escritorio para usuarios de Mac y Windows. Ahora puede acceder a Whatsapp desde Windows o Mac fácilmente. Disponible para Windows 8+ y Mac OS 10.9+
Lea esto para saber cómo la Inteligencia Artificial se está volviendo popular entre las empresas de pequeña escala y cómo está aumentando las probabilidades de hacerlas crecer y dar ventaja a sus competidores.
Recientemente, Apple lanzó macOS Catalina 10.15.4, una actualización complementaria para solucionar problemas, pero parece que la actualización está causando más problemas que conducen al bloqueo de las máquinas Mac. Lee este artículo para obtener más información
13 Herramientas comerciales de extracción de datos de Big Data
Nuestra computadora almacena todos los datos de una manera organizada conocida como sistema de archivos de diario. Es un método eficiente que permite a la computadora buscar y mostrar archivos tan pronto como presiona buscar.
A medida que la ciencia evoluciona a un ritmo rápido, asumiendo muchos de nuestros esfuerzos, también aumentan los riesgos de someternos a una singularidad inexplicable. Lea, lo que la singularidad podría significar para nosotros.
Una mirada a 26 técnicas analíticas de Big Data: Parte 1
La IA en la salud ha dado grandes pasos desde las últimas décadas. Por tanto, el futuro de la IA en el sector sanitario sigue creciendo día a día.