Certification Authority Authorization

Put simply Certification Authority Authorization or CAA is a speical type of DNS records that allows you to inform a certification authority if they are allowed to issue certificates for a domain (or subdomain). The standard is not that common at the moment but is begenning to get traction. The CA forum has mandated it as Qualys Reported In this example howson.me is allowed to have certificates issued by either Comodo or lets encrypt. Any violations are reported to hositng e-mail and the 128 means it is critical so howson.me 3600 IN CAA 128 iodef "hosting@howson.me"

Continue Reading

Secondry DNS with Hurricane Electric

Hurricane Electric based in the US provide a number of services to the internet. They are probably best known for Tunnel Broker however they also offer DNS hosting services. They do both primary (they host the DNS as the master) and slave zones. Sometimes known as backup DNS. While hosting my own name server is great and gives me all the flexibility of the many DNS records often not provided by companies having it running only on Linode infrastructure is a single point of failure from a provider perspective (they are in different data centers). Having HE in the mix

Continue Reading

Setting up SSHFP records

SSHFP Records are DNS records that allow you to publish fingerprints of your servers so they can be verified using DNS lookups when you connect to them. This can be done in a public or using an internal DNS server. Using this method will also stop you from blindly adding machines to your known_hosts file. Its also far quicker than manual verification and checked everytime. There is lots of software on the internet that allows you to generate SSHFP records however the easiest way is to run the command from the server where you have the public key installed.

Continue Reading

Picking a CPanel Provider - some considerations

CPanel is a very popular web hosting control panel. It allows you to manage a linxu, apachem PHP and MySQL server stack effortlessly and allows web hosting providers to offer affordable web and e-mail capabilities. When considering a CPanel provider there are a couple of things I look for. First I only use a provider that offers a dedicated IP address for your CPanel account. This offers a couple of benefits: You can use TLS certificates without changing IP's E-mail should be more reliable as its less likely to get black listed than if it was shared with many tenants.

Continue Reading

MySQL- Get Database size

A quick tip on getting the size of all MySQL databases: SELECT tableschema "Database Name", Round(Sum(datalength + indexlength) / 1024 / 1024, 1) "DB Size in MB" FROM informationschema.tables GROUP BY table_schema;

Continue Reading

Secure WebDav in Windows 7

When adding webdav in Windows 7 it may feel completely alien. The correct syntax if mapping using my computer is: \\yourserver.com@ssl\foldername In Windows 10 the URL can be used instead.

Continue Reading

Longview with Varnish

Linode's Longview service gives you a great insight into how welll your server is running. The standard automatic install failes when trying to set Nginx monitoring up if you have Varnish or something else listening on port 80. Thankfully there is a simple fix. When promted choose no to the automated setup. Add the following to your Nginx site configuration: server { listen 127.0.0.1:8090; server_name 127.0.0.1; location /nginx_status { stub_status on; allow 127.0.0.1; deny all; } } The above code will open a nginx status page (which Longview users to get

Continue Reading

Moved from Digital Ocean to Linode

A couple of days ago I moved from Digitial Ocean to Lindoe. I did a disk clone. While setup was fairly smooth a couple of gremelins crept in. This should now be fixed :-)

Continue Reading

YouView Control on Bose Solo 5 Sound Bar

I recently got a sound bar for Christmas. Looking online it looks like you can't programme the BT YouView box with the Bose universal remote. You can control it if you use the BT Vision Code 3637 under the cable / sat button.

Continue Reading

Setting G Suite Relay up in Ghost

Setting up a G Suite (formally Google Apps) is easy in Ghost. Simply configure G Suite to allow the IP address of the server in the SMTP relay service settings. To finish simply set the following mail settings in your instances config.js mail: { transport: 'SMTP', options: { host: 'smtp-relay.gmail.com', port: 587, } },

Continue Reading