Wednesday, November 30, 2011

How to share network connection with iptables

While working in isolated environment you might need to share your machine internet connection with other computers or virtual machines (e.g. host only network in VirtualBox). Ensure you have iptables installed.
apt-get install iptables
There are two thing we need to do: let kernel know that it is permitted to forward network traffic.
echo "sysctl net.ipv4.ip_forward=1" >> \
    /etc/sysctl.d/ip_forward.conf
and apply masquerading for the interface that we what to share (eth0), add the following line to /etc/rc.local:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
You have to restart your computer so the changes take place during the next system boot.

Monday, November 28, 2011

How to rewrite all to https in nginx

Here we are going redirect all http traffic to https with nginx. I suppose you already have nginx installed, if not have a look here. We will store SSL certificates in /etc/nginx/ssl directory.
cd /etc/nginx
mkdir ssl
openssl req -new -x509 -days 9999 -nodes \
    -out ssl/cert.pem -keyout ssl/cert.key
chown -R www-data:www-data ssl
chmod -R 700 ssl
Here is nginx configuration:
upstream backend {
    server 127.0.0.1:8080;
}

server {
    listen  *:80;
    return 301 https://$host$request_uri;
    #if ( $scheme = "http" ) {
    #    rewrite  ^/(.*)$  https://$host/$1 permanent;
    #}
}

server {
    listen  *:443;

    ssl on;
    ssl_protocols SSLv3 TLSv1;
    ssl_certificate /etc/nginx/ssl/cert.pem;
    ssl_certificate_key /etc/nginx/ssl/cert.key;

    location / {
        proxy_pass http://backend;
    }
}
You have to reload nginx so the changes take place.