DEV Community: Katz Ueno

Concrete CMS + Cloudflare: How to fix logging out problem

Katz Ueno — Fri, 19 May 2023 07:05:26 +0000

You have a Concrete CMS website and using Cloudflare. When you enable DNS proxy of Cloudflare, your Concrete CMS website started to log out frequently and became uneditable.

The reason why you get logged out

It's because Concrete CMS (Symfony framework) thinks you maybe compromised because your IP keeps changing.

Concrete CMS is built with Symfony framework. Symfony framework has security measurement to monitor user's session and IP address.

If user's IP address changes but the user session is the same, Symfony thinks that user session was hijacked and Symfony invalidates the session (log you out).

Why?

When you enable Cloudflare's DNS proxy mode, your traffic start to go through Cloudflare servers, then reaches Concrete CMS server.

Now, your Concrete CMS server see Cloudflare's IP as user's IP address instead of your IP address.

Since Cloudflare has so many edge locations, you often access to different edges every time you access your site.

Which means that Concrete CMS sees the same user is accessed from different IP request after request.

Symfony's trusted_proxy setting

But here is a good news. Symfony is already providing the solution.

You can set the range of Cloudflare's IP range.

Once you set the proxy address, the PHP application start to respect X-Forwarded-For header.

When the traffic go through Cloudflare, the Cloudflare embed the header called X-Forwarded-For which include the original user's IP address.

For more detail info you can read Symfony documentation: How to Configure Symfony to Work behind a Load Balancer or a Reverse Proxy

I will skip why Symfony does it but it's very important security measurement.

How to set-up Concrete CMS.

Anyway, where is Cloudflare's IPs?

Of course, Cloudflare provides its IP ranges at their own IP page.

You set these IP ranges to Concrete CMS.

Concrete CMS of course has Trusted Proxy config.

It can set it up via dashboard or CLI add-on.

Dashboard way

Here is the steps.

Disable Cloudflare DNS proxy for a moment
Log-in to Concrete CMS as an admin
Visit System and Settings
Go to Permission and Access - Trusted Proxy page
Enter the Cloudflare's IP range in the text box and save
Enable Cloudflare DNS proxy and test if it works.
Come back to visit Cloudflare's IP Range page and update the trusted proxies.

Concrete CMS: Cloudflare Proxy add-on

The above trusted proxy way is a bit troublesome since you may need to check periodically. (Although Cloudflare seems to update IP range once every other year or less frequent.)

Good news is that Cloudflare offers simple text pages of IP ranges. ( IPv4 & IPv6 )

Then Concrete CMS has an add-on to update the IP range via those page, called Cloudflare Proxy add-on.

It is CLI based add-on.

Visit the github page
- https://github.com/concretecms/cloudflare_proxy
Download the zip file
Rename the folder as cloudflare_proxy
Run composer install in the cloudflare_proxy
Upload or deploy the package folder to Concrete CMS's packages folder
Install the package via dashboard or CLI
Set-up cron to run the following command periodically.

How to update the list

The command to run is

Concrete CMS v9

[path/to/]concrete/bin/concrete cf:ip:update

Concrete CMS v8

[path/to/]concrete/bin/concrete5 cf:ip:update

Then the package fetch the current IP range and update it.

If you would like to see the current IP list

Find out the list

Concrete CMS v9

[path/to/]concrete/bin/concrete cf:ip:list

Concrete CMS v8

[path/to/]concrete/bin/concrete5 cf:ip:list

Cron sample

The following is the crontab sample. It is to run at 1am everyday. It is different if you setup at /etc/crontab or systemd timer.

You may need to set php path in cron.

Concrete CMS V9 and later

0  1  *  *  * (user) [path/to/]concrete/bin/concrete cf:ip:update

Concrete CMS V8

0  1  *  *  * (user) [path/to/]concrete/bin/concrete5 cf:ip:update

Anyway, this should solve the troublesomeness.

Conclusion

If you cannot figure out Cloudflare proxy add-on, juat set-it up at trusted proxy page via dashboard.

Cloudflare doesn't update the IP often, anywa.

If your Concrete CMS doesn't accept public user login, you just need to update when the user starts to complain that they started to get logged out. That's when you need to check Cloudflare IP page and update the trusted proxy IP. :p

By the way, this also applies to Concrete CMS environment with CloudFront and/or ELB. You will set-up IP range of those.

How to handle yarn's parse error

Katz Ueno — Wed, 12 Oct 2022 02:45:22 +0000

I've been struggling the unknown parse error while building storybook.

I've been puzzled why it keeps happening.

It turned out that cache may have been corrupted and resulted with the error.

You could simply delete npm cache and node_modules directory.

Error sample

I was experiencing the following error

[ssh@example.com]$ NODE_OPTIONS=--max_old_space_size=4096 yarn build-storybook:coding
yarn run v1.22.19
$ BASE_PATH=/storybook build-storybook -o dist/storybook
info @storybook/vue3 v6.5.10
info 
info => Cleaning outputDir: /var/www/html/dist/storybook
info => Loading presets
info => Compiling manager..
ERR! => Failed to build the manager
ERR! Cannot parse records: Unexpected end of JSON input while parsing near ''
ERR! TypeError: previewBuilder.bail is not a function
ERR!     at /var/www/html/node_modules/@storybook/core-server/dist/cjs/build-static.js:219:26
ERR!     at processTicksAndRejections (node:internal/process/task_queues:96:5)
ERR!     at async Promise.all (index 0)
ERR!     at async buildStaticStandalone (/var/www/html/node_modules/@storybook/core-server/dist/cjs/build-static.js:218:28)
ERR!     at async buildStatic (/var/www/html/node_modules/@storybook/core-server/dist/cjs/build-static.js:254:5)
ERR!  TypeError: previewBuilder.bail is not a function
ERR!     at /var/www/html/node_modules/@storybook/core-server/dist/cjs/build-static.js:219:26
ERR!     at processTicksAndRejections (node:internal/process/task_queues:96:5)
ERR!     at async Promise.all (index 0)
ERR!     at async buildStaticStandalone (/var/www/html/node_modules/@storybook/core-server/dist/cjs/build-static.js:218:28)
ERR!     at async buildStatic (/var/www/html/node_modules/@storybook/core-server/dist/cjs/build-static.js:254:5)
info => Loading presets
error Command failed with exit code 1.

So, the main error says

ERR! Cannot parse records: Unexpected end of JSON input while parsing near ''

STEP 1: Try to delete npm cache

Simply, let's try to run npm cache clear command

npm cache clean –force

STEP 2: Try to delete `node_modules/.cache` directory

If STEP 1 doesn't work, just try to delete the .cache directory manually.

STEP 3: Try to delete `node_modules` directory

Perhaps, there may be some conflict, so maybe you want to delete the entire node_modules directory and rebuild.

STEP 4: Check installed node, npm, yarn versions

If you have multiple environments such as local, co-workers, and servers, and some environment worked but not the others, you may need to check the installed version of each environment.

After matching those, start over from STEP1.

Good luck.

References

https://www.danroo.com/web/post-666/
https://github.com/storybookjs/storybook/issues/4034#issuecomment-780694848

Nginx Simple Cheatsheet

Katz Ueno — Wed, 26 Jan 2022 07:00:18 +0000

This is my own Nginx cheatsheet. Checked with CentOS6, 7 and Amazon Linux and Amazon Linux 2

All commands are under assumption that you are root, or use with sudo

Start

nginx

Stop

CentOS 6 & Amazon Linux

nginx -s stop

CentOS 7 & Amazon Linux 2

systemctl stop nginx
service nginx stop

Restart

entOS 6 & Amazon Linux

/etc/init.d/nginx restart

CentOS 7 & Amazon Linux 2

systemctl restart nginx
service nginx restart

Register startup

CentOS 7 & Amazon Linux 2

systemctl enable nginx
systemctl disable nginx

Reload config

CentOS6 & Amazon Linux

nginx reload
service nginx reload

CentOS7 & Amazon Linux 2

systemctl reload nginx
service nginx reload

Check config

nginx -t

General location of config

Main

cd /etc/nginx/

Virtual hosts

cd /etc/nginx/conf.d/

How to disable web fonts

Katz Ueno — Wed, 26 Jan 2022 06:03:42 +0000

This is the quick tip to be able to disable all CSS fonts

We had a website which contains a lot of line separator (U+2028) character.

How to install

Make a bookmark on bookmark bar (just add anything as dummy)
- "Bookmark bar" is the bar that you see the list of icon right below the address bar
Edit the newly created bookmark, replace the URL to the following javascript code & rename it to whatever you like
Done

Javascript

javascript:Array.prototype.forEach.call(document.getElementsByTagName("*"),
function(e){e.style.fontFamily ="Source Sans Pro"})

How to use

Visit a page
Click the bookmark icon that you just made

Why need this

If you are using modern web font, they treat line separator as space.

However, we had a client whose customers maybe using older computer. They were viewing the page without web font. Then line separator are showing up as corrupted square letters.

We need to remove those characters, but it's hard to locate unless we disable web font.

Thank you user10089632 of StackExchange!
https://superuser.com/questions/1209191/force-chrome-to-use-my-preferred-font-over-the-authors?newreg=20d74beb36514f629acc2f7222727626

Very Simple PHP Redirect

Katz Ueno — Sun, 17 Oct 2021 11:53:21 +0000

If you've moved (are planning to move) to new domain & you don't want to simply redirect to new domain.
You want to tell your site visitors that your domain has changed.

This simple PHP script shows very simple message that domain has changed for set amount of seconds, then redirected to the new domain.

It is also render 301 status code. So Google will know your page was moved, too.

It will fetch the current request URL, and redirect to the new domain with exact same URI.

By the way, it has Japanese text, too :)

https://github.com/katzueno/simple-php-redirect

This post was copied from Readme. If there is a newer version and newer description at GitHub readme, refer to GitHub's readme.

Requirement

For Apache server, mod_rewrite module should be enabled, and allowing to use .htaccess
- You could set it in Apache config.
For Nginx server
- PHP-FPM
- Ability to set nginx config

How to install

Change the config values such as new domain to index.php to your desired state.
Place (or upload) index.php script to your old domain's webroot and clear all other files
Edit your apache config, .htaccess or Nginx config so that all request will go through this index.php
Enjoy the rest

Where to set

$newDomain: Enter the new domain name. Starts with https://

$siteNameEn: Site name in English.

$siteNameJa: Site name in Japanese.

$sec: Seconds to wait and redirect

Apache's .htaccess example

Create .htaccess file (if your server is allowing it), and enter the following.
If you want to place it under some directory, make sure to change RewriteBase.

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase / # if it's lives under subdirectory, add the directory accordingly
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME}/index.html !-f
RewriteCond %{REQUEST_FILENAME}/index.php !-f
RewriteRule . index.php [L]
</IfModule>

Nginx config example

I assume you know about Nginx server and its config.
Add the following config in your nginx config.
I assume you've set ~ \.php($|/) location to send it to php-fpm.
Change location to sub-directory if you want just to place underneath, and absolute_redirect must be turned off.

location / {
    index index.php index.html index.htm;
    if (!-e $request_filename) {
        rewrite ^ /index.php last;
    }
}

Enjoy.

How to delete .DS_Store, or some system files recursively

Katz Ueno — Mon, 11 Oct 2021 03:50:21 +0000

When you zip files in Mac OS or Windows, it sometime include system files that you don't see when you were working.

When you unzip the files, you see them.

You go nuts!

Well, you probably set .gitignore to ignore those system files. It will probably be harmless.

However, you just don't want to leave those junk.

You will use find command to delete them

Originally posted on my blog
https://en.katzueno.com/2021/10/11/how-to-delete-ds_store-php-files-recursively/

Delete `.DS_Store` or `._*` files

cd [Path/To/UnarivedFolder]
find . -name ".DS_Store" -delete; find . -name "._*" -delete

find command is very useful to delete some junk files systematically.

Delete .bak files

cd [Path/To/UnarivedFolder]
find . -name "*.bak" -delete

TIPS: Configure your Mac not to save .DS_Store files

# Start terminal
# Set default not to store .DS_Store file
defaults write com.apple.desktopservices DSDontWriteNetworkStores true
# Force restart Finder
killall Finder

How to set proxy in PHP-FPM

Katz Ueno — Fri, 08 Oct 2021 03:06:01 +0000

One of our clients server lives inside of tight security VPC.

Therefore, all of our EC2 web server must use HTTP_PROXY, HTTPS_PROXY.

When I try to use Concrete CMS (formally concrete5) to fetch the latest language files from remote server, I've got the curl timeout error and couldn't update the language.

So I need to set the proxy for PHP-FPM.

If you use Apache's PHP module or CLI, PHP will use server's environment settings.

However, for php-fpm you must also configure in php.d/www.conf.

Checked & tested with Amazon Linux 2 with PHP7.4 installed via amazon-linux-extra.

Condition

For example, you have your proxy set for both http and https.

http://10.0.0.1:8080

STEP 1. Set environment globally

Although php-fpm doesn't reference to server's global setting, you may still want to use PHP-CLI to run via SSH. So let's set it.

$ sudo vi /etc/environment
export http_proxy="http://10.0.0.1:8080"
export https_proxy="http://10.0.0.1:8080"
export HTTP_PROXY="http://10.0.0.1:8080"
export HTTPS_PROXY="http://10.0.0.1:8080"
export no_proxy="127.0.0.1,localhost"
export NO_PROXY=$no_proxy

Some middleware may use lowercase or capitol variable, so let's set both.

STEP 2. Set php-fpm environment

Set it to your php-fpm config.

$ sudo vi /etc/php-fpm.d/www.conf
# Add the following two lines anywhere
env[HTTP_PROXY] = 10.0.0.1:8080
env[HTTPS_PROXY] = 10.0.0.1:8080

STEP 3. Set php-fpm environment

Then, reload php-fpm service

sudo service php-fpm reload

STEP 4. Test run

I've prepared the sample PHP script.
Change $proxy variable to your proxy.
And save it to your webroot.

Get my sample PHP script here.
https://en.katzueno.com/2021/10/08/how-to-set-proxy-in-php-fpm/

How to filter S3 bucket to download millions of log files

Katz Ueno — Wed, 06 Oct 2021 03:41:02 +0000

I started to have more occasions to download log files which is stored on S3 bucket.

Whether they are Nginx, or Apache log being aggregated from auto scaling group, OR CloudFront access log.

Those files on S3 bucket are enormously huge number. It is impossible to browse through the management console.

It's impossible to download all logs locally.

Here is how I usually do it.

Try to narrow down the date and time

Make sure that you minimize the date and time range of the log that you want to acquire.

I have a good habit of trying to log what I've done with timestamp.

For example, when you deploy some new code, you try to create a slack thread, and type comment at the each step of deployment. You don't need to be too precise. Slack has the time stamp automatically.

You could use Google Spreadsheet or Notion to use they checkbox feature. It will record when you check the checkbox.

We use the service called Backlog which is Japanese project management SaaS service which has the checkbox feature when we deploy the code to production or upgrade a CMS system.

Find a block of logs chronologically through S3 Management Console

Log-in to your AWS Management Console and go into S3 page.

Browse the S3 bucket.

Try to find proper prefix.

For example, the CloudFront log format is like the following

[CloudFront ID].YYYY-MM-DD-##.[some ID].gz

For CloudFront log, you should be able to get your CloudFront ID, you could guess the date.

However, it could still be large amount of log file for 1 entire day of access.

You still want to find out which portion of ## (numbers) logs files you want to get.

So you filter the S3 bucket by [CloudFront ID].YYYY-MM-DD-, then from the result, you try to sort by time from the column.

Then find out which ## of files you want to get.

Let's say you now know you want all of E0EEEEEEEEEEE0-10-05-05* log files.

Get IAM Access Key and Secret to access S3 bucket Log

Issue IAM Access Key, or log-in to EC2 instances which has the IAM Role to access S3 bucket.

Run `aws s3 cp`

Run the aws s3 cp command to fetch the log files to your local or remote EC2 instance.

For aws s3 commands, you can only filter by path. You cannot use wildcard (*) in the s3:// URL. You neext to use --exclude --include options.

First, you exclude all files, then you specify what pattern of object names you want to include.

aws s3 cp s3://S3-Bucket-Name/Folder-if-any/ ./ --recursive --exclude "*" --include "[CloudFront ID].YYYY-MM-DD-05*"

From previous example.

aws s3 cp s3://S3-Bucket-Name/Folder-if-any/ ./ --recursive --exclude "*" --include "E0EEEEEEEEEEE0-10-05-05*"

Then, you should be able to download all of your desired log files.

Search UTF8mb4 text of MySQL in PHP

Katz Ueno — Wed, 09 Jun 2021 05:06:23 +0000

MySQL has utf8 & utf8mb4 charcter collation.

Although UTF8 is one encoding type, MySQL's (MariaDB) utf8 only allows to store upto 3-byte characters.

Therefore, some new emojis and Japanese and Chinese characters are not able to store it unless you use utf8mb4.

My CTO at concrete5 Japan, Inc and I came up with the solution to export mysqldump and search the txt in PHP.

It was difficult to search the text only by using SQL.

Export MySQL Database with MySQLDump

We used --skip-extended-insert option so that each record has one line

mysqldump -h {$host} -u {$db_username} --password="{$db_password}" --default-character-set=utf8mb4 --single-transaction --skip-extended-insert {$db_name} {$db_tables} > {$SQL_FILENAME}

If you need forgot to change your DB collation to utf8mb4, and need to re-work on the existing data, you may want to mysqldump using --replace --no-create-info options.

mysqldump -h {$host} -u {$db_username} --password="{$db_password}" --default-character-set=utf8mb4 --single-transaction --replace --no-create-info --skip-extended-insert {$db_name} {$db_tables} > {$SQL_FILENAME}

Search UTF8MB4 characters in PHP

Save this as textsearch.php and run it on your local or server.

<?php
$searchRegex = '/[\x{10000}-\x{10FFFF}]/iu';
$matches = [];

$handle = fopen("SQL_FILENAME", "r");
if ($handle) {
    while (!feof($handle)) {
        $buffer = fgets($handle);
        if (preg_match($searchRegex, $buffer)) {
            $matches[] = $buffer;
        }
        /*
        // If you want to print out which characters are really UTF8MB4, use this pref_match_all instead.
        if (preg_match_all($searchRegex, $buffer, $matchesChar)) {
            echo "Character(s): " . implode(',', $matchesChar[0]) . "\n";
            print_r($buffer);
        }
        */
    }
    fclose($handle);
} else {
    echo "nope! cant open it\n";
}

$ php textsearch.php > {$result.sql}

It will filter you the utf8mb4 SQL.

Tested with PHP 7.4.20 with mbstring extension.

How To Check mysqldump character-set

Katz Ueno — Wed, 09 Jun 2021 04:52:52 +0000

Learning from mistake.

mysqldump doesn't respect database's collation, but mysql client.

Check your mysqldump default character set by typing

mysqldump --help | grep default-character-set

You always want to add --default-character-set option

Example

mysqldump -h {$host} -u {$db_username} --password="{$db_password}" --default-character-set=utf8mb4 --single-transaction {$db_name} > {$SQL_file_name}

--single-transition option is my preferences for the database which mainly uses InnoDB

Auto git deploy php script

Katz Ueno — Thu, 08 Aug 2019 01:33:16 +0000

I've made a sample PHP script to auto deploy git using webhook feature which GitHub, Bitbucket and other servives provide.

Please read the comments inside of deployments.php for the option and how to set-it up.

This deployment script requires certain level of git and server knowledge.

This script is intended for single server use.

Please check it out and test drive, and send me issue or PR to improve the script.

GitHub Repo

https://github.com/katzueno/git-Webhooks-Auto-Deploy-PHP-Script

How to set it up

1. Set up git

Prepare your git repo

2. Set-up server

It is highly recommended to prepare two different domain or subdomains within the same server.
Set-up where you set git deployment script and public area where your actual git deployment.

You must make sure git deploy script is protected with basic auth and SSL.

Obtain all necessary information such as server paths.

3. Git clone to the server

Regular way

Login via SSH
cd to the path
git clone [GIT PATH]
- Make sure you git clone as the same user as web server. If you're using shared host, you may not have to worry about.
- e.g.,) sudo -u (nginx|apache) git clong [GIT PATH]
Make sure that /.git directory is NOT publicly visible to the web.
- Apache: add this line to .htaccess: RedirectMatch 404 /\.git (mod_rewrite is required)
- Nginx: add this line to your Nginx config location ~ /\.git { return 404; }

Separate Git Directory and Work Directory (more secure)

Is is very secure way of place git repository outside of publicly visible www root.

Login via SSH
cd to the path
git clone --mirror [GIT PATH] to the directory
GIT_WORK_TREE=[www_path] git checkout -f [your desired branch]

3. Set your config & upload the file

Set all necessary config setting inside of deployement.php
- Read carefully from line 1-45. You won't need to change below Main Section
Upload your deployment.php to where you stage your script
- Make sure to upload in secure area.
- You may rename filename.

4. Set-up a webhook and test drive

Your web hook URL will be like this.
Set it up as webhook of GitHub, Bitbucket, Gitlab or whatever other git services which supports webhook.

https://[Basic Auth ID]:[Basic Auth Pass]@example.com/deployments.php?key=YourSecretKeyHere

and enjoy the rest of auto deployment.

Setting up Let's Encrypt on CentOS7 (Amazon Linux 2)

Katz Ueno — Thu, 08 Aug 2019 01:17:28 +0000

This notes explains how to install Let's Encrypt onto Amazon Linux 2 (Running a
PHP+MySQL CMS, concrete5).

I've tested on Amazon Linux 2. But it will probably works on any CentOS7 and RHLE7.

Step 0: Initial Set-up

Run my concrete5 Ansible script to set-up basic web server.
https://github.com/concrete5cojp/ansible-c5-ma

This script will install all necessary repo and middleware to run a PHP web application.

Install epel repo.

sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

Then, make sure you finish configuring 80 port config and availabl already.

Using auto configuration

Step 1: Install Certbot

$ sudo yum install certbot python2-certbot-nginx # Nginx server
$ sudo yum install certbot python2-certbot-apache # Apache server

Step 2: Install Let's Encrypt Certificatte

sudo certbot

Step 3: Set-up cron to auto-renew

$ sudo vi /etc/crontab
# Let's Encrypt Renewal - Nginx
39 11,23  *  *  * root /usr/bin/certbot renew --no-self-upgrade --renew-hook "systemctl restart nginx"
# Let's Encrypt Renewal - Apache
39 11,23  *  *  * root /usr/bin/certbot renew --no-self-upgrade --renew-hook "service httpd restart"

Manual Method

Issue an certificate for the domain

$ sudo certbot certonly \
     --manual \
     --manual-public-ip-logging-ok \
     -d EXAMPLE.com \
     -d *.EXAMPLE.com \
     -m nospam@EXAMPLE.com \
     --agree-tos \
     --debug

Get the full paths of key

Set web server config

Nginx Config

    ssl_certificate         /etc/letsencrypt/live/EXAMPLE.com/fullchain.pem;
    ssl_certificate_key     /etc/letsencrypt/live/EXAMPLE.com/privkey.pem;
    include                 /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam             /etc/letsencrypt/ssl-dhparams.pem;

Apache Config

SSLCertificateFile /etc/letsencrypt/live/DOMAIN/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/DOMAIN/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/DOMAIN/chain.pem
SSLCACertificateFile /etc/letsencrypt/live/DOMAIN/fullchain.pem

Cron setting

$ sudo vi /etc/crontab
# Let's Encrypt Renewal
39 11,23  *  *  * root /usr/bin/certbot renew --no-self-upgrade --renew-hook "service nginx reload -s"

When you failed

Clear all Let's Encrypt Setting

sudo rm -R /opt/eff.org/certbot

Make sure to set SSL on default-server (For Dynamic site with cache)

Even if you only need SSL access to additional virtual host server, you may want to set SSL settings on your default-server, so that when people tried to access your server via IP, it will return blank request.

It's important tactics to prevent cache poisoning if you use CMS such as WordPress or Concrete CMS.

If you've got the following error in Nginx error log and keep failing to access SSL, you didn't set proper 443 config on your Nginx's default-server config.

no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: ***.***.***.***, server: 0.0.0.0:443

server {
    listen       80 default_server;
    listen       [::]:80;
    listen       443 ssl http2 default_server;
    listen       [::]:443 ssl http2;

    server_name  EXAMPLE.com;
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";

    charset      utf-8;

    access_log   /var/log/nginx/dummy_access.log main;
    error_log    /var/log/nginx/dummy_error.log warn;

    root         /var/www/html;

    ssl_certificate         /etc/letsencrypt/live/EXAMPLE.com/fullchain.pem;
    ssl_certificate_key     /etc/letsencrypt/live/EXAMPLE.com/privkey.pem;
    include                 /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam             /etc/letsencrypt/ssl-dhparams.pem;


    location / {
        index  index.html;
    }
}

How to delete unused and/or old certificates

# Show which certificates are installed & get the certificate names to delete
$ sudo certbot certificates

# Delete the certificate
$ sudo certbot delete --cert-name example.com-0001

Reference

This one is good article.
http://nopipi.hatenablog.com/entry/2019/01/08/013654

https://higherhope.net/?p=2710

https://qiita.com/HeRo/items/f9eb8d8a08d4d5b63ee9

https://qiita.com/MysteriousMonky/items/f26316447c1ff390ce21

https://worklog.be/archives/3352

DEV Community: Katz Ueno

Concrete CMS + Cloudflare: How to fix logging out problem

The reason why you get logged out

Symfony's trusted_proxy setting

How to set-up Concrete CMS.

Dashboard way

Concrete CMS: Cloudflare Proxy add-on

How to update the list

Find out the list

Cron sample

Conclusion

How to handle yarn's parse error

Error sample

STEP 1: Try to delete npm cache

STEP 2: Try to delete node_modules/.cache directory

STEP 3: Try to delete node_modules directory

STEP 4: Check installed node, npm, yarn versions

References

Nginx Simple Cheatsheet

Start

Stop

Restart

Register startup

Reload config

Check config

General location of config

How to disable web fonts

How to install

Javascript

How to use

Why need this

Very Simple PHP Redirect

Requirement

How to install

Where to set

Apache's .htaccess example

Nginx config example

How to delete .DS_Store, or some system files recursively

Delete .DS_Store or ._* files

Delete .bak files

TIPS: Configure your Mac not to save .DS_Store files

How to set proxy in PHP-FPM

Condition

STEP 1. Set environment globally

STEP 2. Set php-fpm environment

STEP 3. Set php-fpm environment

STEP 4. Test run

How to filter S3 bucket to download millions of log files

Try to narrow down the date and time

Find a block of logs chronologically through S3 Management Console

Get IAM Access Key and Secret to access S3 bucket Log

Run aws s3 cp

Search UTF8mb4 text of MySQL in PHP

Export MySQL Database with MySQLDump

Search UTF8MB4 characters in PHP

How To Check mysqldump character-set

Auto git deploy php script

GitHub Repo

How to set it up

1. Set up git

2. Set-up server

3. Git clone to the server

Regular way

Separate Git Directory and Work Directory (more secure)

3. Set your config & upload the file

4. Set-up a webhook and test drive

Setting up Let's Encrypt on CentOS7 (Amazon Linux 2)

Step 0: Initial Set-up

Using auto configuration

Step 1: Install Certbot

Step 2: Install Let's Encrypt Certificatte

Step 3: Set-up cron to auto-renew

Manual Method

Issue an certificate for the domain

Set web server config

Nginx Config

Apache Config

Cron setting

When you failed

Clear all Let's Encrypt Setting

STEP 2: Try to delete `node_modules/.cache` directory

STEP 3: Try to delete `node_modules` directory

Delete `.DS_Store` or `._*` files

Run `aws s3 cp`