Posts

Showing posts from November, 2022

Invalid HTTP_HOST header: '.your-domain.com'. The domain name provided is not valid according to RFC 1034/1035 (You may need to add u'domain.com' to ALLOWED_HOSTS.).

Image
I have several Django projects published and my mailbox and log files are constantly inundated with spider errors and hacking attempts to connect to my applications. These error messages have an email subject: "[Django] ERROR (EXTERNAL IP): Invalid HTTP_HOST ...".  So after spending a long time with this, I solved this problem with Apache (Require). The correct format for "Require" and "SetEnvIfExpr" is: ^[^_]+  would match a string of 1 or more character containing any character except underscore. <VirtualHost  xxx.xxx.xxx.xxx:80 >      ...     SetEnvIfNoCase Host "^[^_]+\.my-domain\.com" VALID_HOST     <Location / >         <RequireAll>             Require all granted             Require env VALID_HOST         </RequireAll>     </Location>     ... </VirtualHost> Or to be more safe we can apply it to   wsgi.py   file : <VirtualHost  xxx.xxx.xxx.xxx:80 >      ...      SetEnvIfNoCase  Host  "^[^

How to Configure DKIM (OpenDKIM) with Postfix

Image
Install OpenDKIM and Postfix sudo apt install opendkim opendkim-tools postfix Configure OpenDKIM OpenDKIM can add DKIM signatures to outbound mail and check DKIM signatures on inbound mail. It can be configured to reject mail that has missing or invalid DKIM signatures. Create a directory structure that will store trusted hosts, key tables, signature tables, and crypto keys: sudo mkdir /etc/opendkim sudo mkdir /etc/opendkim/keys # or one line sudo mkdir -p /etc/opendkim/keys Generate the key pair for your DNS domain and selector: For key generation, the opendkim-tools package provides the opendkim-genkey program. This program generates a private key named  <my_selector>.private  in the specified directory, as well as a public key  <my_selector>.txt  ready to be included in a bind DNS zone file. sudo -u opendkim opendkim-genkey -D /etc/opendkim/keys -d my-domain.org -s my_selector Now, edit  /etc/opendkim.conf . For the socket, the easiest option is to use a  TCP socket  

How to Deploy a Rails 7 Application with Capistrano, Nginx, Puma, Postgresql, LetsEncrypt on Ubuntu 20.04 / Amazon Linux 2

Image
What are we going to do So whenever I start a new project and want to deploy it to production, I need to research from scratch how to setup a Amazon Linux 2 (Ubuntu Server) including Firewall, how to setup Capistrano, get NGINX to work with Puma etc. That’s why I summarize everything I do to get a Project deployed. Create the Rails project Make sure you have Postgresql installed and running locally. rails - v # Rails 7.0.3 rails new mysite -- database = postgresql rake db:setup rails db:migrate rails s # rails s -b 0.0.0.0 Now you should be able to visit  http://localhost:3000  in your browser. Server Setup Ubuntu 20.04 (hetzner cloud) or Amazon Linux 2 (AWS ec2 instance). SSH Config I always make sure to select my public key when I create the server so that one is already entered in the  ~/.ssh/authorized_keys  file for the root user.  Otherwise we can generate a new key like below: # https://docs.github.com/en/authentication/connecting-to-github- with -ssh/gene