Digital Nut

My pathetic & feeble excuse for a blogsite!

Preventing man-in-the-middle attacks by locking servers to Cloudflare

Script to update UFW with Cloudflare IPs This script was kindly written by Leow Kah Man and I’ve added a few tweaks! Setup Assuming that you already have ufw installed (now a pre-installed package in most linux distros), firstly ensure that ufw is not enabled; sudo ufw status verbose If it’s not enabled, the response should be Status: inactive but if not, let’s disable it; sudo ufw disable Clear out any existing rules;

Reconfiguring the TalkTalk DSL-3680 Router to work with a home network

After switching to TalkTalk, and installing their DSL-3680 Router, the first thing that I noticed was that I was unable to access my Raspberry Pi Apache web server, which serves various things including this personal blog, environmental data feeds and IP cameras. Even trying the private IP addresses I was directed to the router administration page. So after a few frustrating days and lots of reading I managed to get everything to play nice together, so I’ve written it up in case it helps others facing the same problems, but see the warning at the bottom first.

Enable https on a Raspberry Pi using the 'free' StartSSL certificates

SSL certificates can be quite expensive, but StartSSL offer class 1 certificates free, and which on most browsers do not flag up the ‘untrusted site’ warning. However, I found their website wizard quite difficult to follow, and this guide helped me sort it out. NOTE: ensure that you download the sha256 intermediate certificate, and not the sha1 intermediate certificate as prompted in the StartCom toolbox. (see this article). Port forwarding Ensure that port 443 is open in your router