_.:=iTake=:._

Title: A Star Is Born Genre: Drama, Music, Romance Director: Bradley Cooper Cast: Bradley Cooper, Lady Gaga, Sam Elliott, Andrew Dice Clay, Dave Chappelle, Anthony Ramos, Michael Harney, Rafi Gavron, Rebecca Field, D.J. "Shangela" Pierce, Willam Belli, Greg Grunberg, Ron Rifkin, Lukas Nelson, Anthony LoGerfo, Corey McCormick, Logan Metz, Tato Melgar, Eddie Griffin, Luenell, Marlon Williams, Brandi Carlile, Halsey, Alec Baldwin, Don Roy King, Barry Shabaka Henley, Michael D. Roberts, Drena De Niro, Gabe Fazio, Jacob Schick Release: 2018-10-03 Runtime: 135 Plot: Seasoned musician Jackson Maine discovers — and falls in love with — struggling artist Ally. She has just about given up on her dream to make it big as a singer — until Jack coaxes her into the spotlight. But even as Ally's career takes off, the personal side of their relationship is breaking down, as Jack fights an ongoing battle with his own internal demons. [Hidden Content]

Title: Avengers: Infinity War Tagline: An entire universe. Once and for all. Genre: Adventure, Action, Fantasy Director: Joe Russo, Anthony Russo Cast: Robert Downey Jr., Chris Hemsworth, Mark Ruffalo, Chris Evans, Josh Brolin, Zoe Saldana, Chris Pratt, Paul Bettany, Elizabeth Olsen, Tom Holland, Bradley Cooper, Dave Bautista, Scarlett Johansson, Don Cheadle, Benedict Cumberbatch, Chadwick Boseman, Karen Gillan, Tom Hiddleston, Anthony Mackie, Sebastian Stan, Idris Elba, Danai Gurira, Peter Dinklage, Benedict Wong, Pom Klementieff, Vin Diesel, Gwyneth Paltrow, Benicio del Toro, Sean Gunn, William Hurt, Letitia Wright, Terry Notary, Tom Vaughan-Lawlor, Carrie Coon, Michael James Shaw, Stan Lee, Winston Duke, Florence Kasumba, Kerry Condon, Monique Ganderton, Jacob Batalon, Tiffany Espensen, Isabella Amara, Ethan Dizon, Ariana Greenblatt, Ameenah Kaplan, Ross Marquand, Michael Anthony Rogers, Stephen McFeely, Aaron Lazar, Robert Pralgo, Olaniyan Thurmon, Blair Jasin, Matthew Zuk, Laura Miller, Kenneth Branagh, Samuel L. Jackson, Cobie Smulders Release: 2018-04-25 Runtime: 149 Plot: As the Avengers and their allies have continued to protect the world from threats too large for any one hero to handle, a new danger has emerged from the cosmic shadows: Thanos. A despot of intergalactic infamy, his goal is to collect all six Infinity Stones, artifacts of unimaginable power, and use them to inflict his twisted will on all of reality. Everything the Avengers have fought for has led up to this moment - the fate of Earth and existence itself has never been more uncertain.

Title: Mortal Engines Tagline: Some Scars Never Heal Genre: Science Fiction, Action, Adventure, Fantasy, Thriller Director: Christian Rivers Cast: Hera Hilmar, Robert Sheehan, Hugo Weaving, Jihae, Ronan Raftery, Leila George, Patrick Malahide, Stephen Lang, Colin Salmon, Mark Mitchinson, Regé-Jean Page, Menik Gooneratne, Frankie Adams, Leifur Sigurdarson, Kahn West, Andrew Lees, Sophie Cox, Kee Chan, Sarah Peirse, Mark Hadlow, Caren Pistorius, Poppy Macleod, Joel Tobeck, Terry Norris, Calum Gittins, Megan Edwards, Peter Rowley, Aaron Jackson, Stephen Ure, Nathaniel Lees, Paul Yates, Nick Blake, Beatrice Joblin, Thomas Lahood, Simbarashe Matshe, Lee Tuson, Jason Whyte, Michael Homick, Royden Davys, Richard Mills, Shane Rangi, Yoson An, Nicholas Quirke, Lynda Lester, Rick Baker Release: 2018-11-27 Runtime: 129 Plot: Many thousands of years in the future, Earth’s cities roam the globe on huge wheels, devouring each other in a struggle for ever diminishing resources. On one of these massive traction cities, the old London, Tom Natsworthy has an unexpected encounter with a mysterious young woman from the wastelands who will change the course of his life forever.

Title: Creed II Tagline: There's More to Lose than a Title Genre: Drama Director: Steven Caple Jr. Cast: Michael B. Jordan, Sylvester Stallone, Wood Harris, Phylicia Rashād, Dolph Lundgren, Florian Munteanu, Tessa Thompson, Andre Ward, Brigitte Nielsen, Milo Ventimiglia, Russell Hornsby, Carl Weathers, Robbie Johns, Jacob 'Stitch' Duran, Patrice Harris, Ana Gerena, Christopher Mann, Robert Douglas, Benjamin Vaynshelboym, Angelina Shipilina, Pavel Vakunov, Oleg Ivanov, Pete Postiglione, Billy Vargus, Zack Beyer, Chrisdine King, Johanna Tolentino, Eleni Delopoulos, Marcia Myers, Ivo Nandi, Dmitry Torgovitsky, Michael Buffer, Jim Lampley, Max Kellerman, Roy Jones Jr. Release: 2018-11-21 Runtime: 130 Plot: Between personal obligations and training for his next big fight against an opponent with ties to his family's past, Adonis Creed is up against the challenge of his life.

Title: Green Book Tagline: Inspired by a True Friendship Genre: Drama, Comedy, Music Director: Peter Farrelly Cast: Viggo Mortensen, Mahershala Ali, Linda Cardellini, Dimiter D. Marinov, Mike Hatton, Iqbal Theba, Sebastian Maniscalco, Von Lewis, P. J. Byrne, Montrel Miller, Tom Virtue, Don Stark, Brian Stepanek, Dennis W. Hall, Randal Gonzalez, Maggie Nixon, Brian Distance, Don DiPetta, Frank Vallelonga, Nick Vallelonga, Suehyla El-Attar, Jenna Laurenzo, Johnny Williams, Joe Cortese, David Kallaway, Paul Sloan, Anthony Mangano, David An, Ninja N. Devoe, Jim Klock, Daniel Greene, Martin Bats Bradford, Tracy Brotherton, William E. Harris, Geraldine Singer, Rebecca Chulew, Emily LaGroue, Ricky Muse, Leslie Castay, Jon Michael Davis, Harrison Stone, Gralen Bryant Banks, Brett Beoubay, Quinn Duffy, Mike Young, Kenneth Israel, Brian Hayes Currie, Jeffrey Klemmer, Kate Kuen, Elton LeBlanc, Craig DiFrancia, Cynthia LeBlanc, Shane Partlow, Jared Drennan Release: 2018-11-16 Runtime: 130 Plot: Tony Lip, a bouncer in 1962, is hired to drive pianist Don Shirley on a tour through the Deep South in the days when African Americans, forced to find alternate accommodations and services due to segregation laws below the Mason-Dixon Line, relied on a guide called The Negro Motorist Green Book.

Title: Spider-Man: Into the Spider-Verse Tagline: More Than One Wears the Mask Genre: Action, Adventure, Animation, Science Fiction, Comedy Director: Bob Persichetti, Peter Ramsey, Rodney Rothman Cast: Shameik Moore, Jake Johnson, Hailee Steinfeld, Mahershala Ali, Brian Tyree Henry, Lily Tomlin, Lauren Vélez, Kimiko Glenn, John Mulaney, Nicolas Cage, Liev Schreiber, Chris Pine, Zoë Kravitz, Kathryn Hahn, Lake Bell, Jorma Taccone, Marvin 'Krondon' Jones III, Joaquín Cosio, Post Malone, Cliff Robertson, Stan Lee, Oscar Isaac, Greta Lee, Donald Glover, Nick Jaine, Muneeb Rehman, Melanie Haynes, Natalie Morales, Edwin H. Bravo, Kim Yarbrough, Lex Lang, Christopher Miller, Scott Menville, Juan Pacheco, Miguel Jiron Release: 2018-12-07 Runtime: 117 Plot: Miles Morales is juggling his life between being a high school student and being a spider-man. When Wilson "Kingpin" Fisk uses a super collider, others from across the Spider-Verse are transported to this dimension.

Title: Aquaman Tagline: Home Is Calling Genre: Action, Adventure, Fantasy, Science Fiction Director: James Wan Cast: Jason Momoa, Amber Heard, Nicole Kidman, Willem Dafoe, Patrick Wilson, Dolph Lundgren, Yahya Abdul-Mateen II, Tainu Kirkwood, Tamor Kirkwood, Kaan Guldur, Otis Dhanji, Kekoa Kumano, Graham McTavish, Temuera Morrison, Ludi Lin, Randall Park, Michael Beach, Djimon Hounsou, Natalia Safran, Sophia Forrest, Leigh Whannell, Julie Andrews, Andrew Crawford, John Rhys-Davies, Patrick Cox, Jon Quested, Winnie Mzembe, Connor Zegenhagen, Gabriella Petkova, Braden Lewis, Vincent B. Gorce, Sasha Dulics, Rhianna Palmer, Robert Longstreet, Luke Owen Release: 2018-12-07 Runtime: 143 Plot: Once home to the most advanced civilization on Earth, the city of Atlantis is now an underwater kingdom ruled by the power-hungry King Orm. With a vast army at his disposal, Orm plans to conquer the remaining oceanic people -- and then the surface world. Standing in his way is Aquaman, Orm's half-human, half-Atlantean brother and true heir to the throne. With help from royal counselor Vulko, Aquaman must retrieve the legendary Trident of Atlan and embrace his destiny as protector of the deep.

This has been well tested on Ubuntu 16.04 and 18.04 x64.. Let me know if anyone needs help setting it up... I can set it up for you for a cup of ... I know it looks scary and complicated ...

Using the built-in IPSEC VPN on Apple Devices Configure IPsec Find the corresponding mobileconfig (Apple Profile) for each user and send it to them over AirDrop or other secure means. Apple Configuration Profiles are all-in-one configuration files for iOS and macOS devices. On macOS, double-clicking a profile to install it will fully configure the VPN. On iOS, users are prompted to install the profile as soon as the AirDrop is accepted. Enable the VPN On iOS, connect to the VPN by opening Settings and clicking the toggle next to "VPN" near the top of the list. If using WireGuard you can also enable the VPN from the WireGuard app. On macOS, connect to the VPN by opening System Preferences -> Network, finding the Algo VPN in the left column, and clicking "Connect." Check "Show VPN status in menu bar" to easily connect and disconnect from the menu bar. Managing "Connect On Demand" If you enabled "Connect On Demand" the VPN will connect automatically whenever it is able. Most Apple users will want to enable "Connect On Demand", but if you do then simply disabling the VPN will not cause it to stay disabled; it will just "Connect On Demand" again. To disable the VPN you'll need to disable "Connect On Demand". On iOS, you can turn off "Connect On Demand" in Settings by clicking the (i) next to the entry for your Algo VPN and toggling off "Connect On Demand." On macOS, you can turn off "Connect On Demand" by opening System Preferences -> Network, finding the Algo VPN in the left column, unchecking the box for "Connect on demand", and clicking Apply.

Android client setup Installation via profiles Install the WireGuard VPN Client. Open QR code configs/<ip_address>/wireguard/<username>.png and scan it in the WireGuard app

Windows client manual setup Automatic installation To install automatically, use the generated user Powershell script. Copy the user PowerShell script (windows_USER.ps1) to the client computer. Open Powershell as Administrator. Run the following command: [iCODE]powershell -ExecutionPolicy ByPass -File C:\path\to\windows_USER.ps1 -Add[/iCODE] If you have more than one account on your Windows 10 machine (e.g. one with administrator privileges and one without) and would like to have the VPN connection available to all users, pass the parameter -AllUsers [iCODE]powershell -ExecutionPolicy ByPass -File C:\path\to\windows_USER.ps1 -Add -AllUsers[/iCODE] The command has help information available. To view its full help, run this from Powershell: [iCODE]Get-Help -Name .\windows_USER.ps1 -Full | more[/iCODE] Manual installation Copy the CA certificate (cacert.pem) and user certificate (USER.p12) to the client computer Open PowerShell as Administrator. Navigate to your copied files. If you haven't already, you will need to change the Execution Policy to allow unsigned scripts to run. Set-ExecutionPolicy Unrestricted -Scope Process In the same window, run the necessary commands to install the certificates and create the VPN configuration. Note the lines at the top defining the VPN address, USER.p12 file location, and CA certificate location - change those lines to the IP address of your Algo server and the location you saved those two files. Also note that it will prompt for the "User p12 password", which is printed at the end of a successful Algo deployment. If you have more than one account on your Windows 10 machine (e.g. one with administrator privileges and one without) and would like to have the VPN connection available to all users, then insert the line [iCODE]AllUserConnection = $true[/iCODE] after [iCODE]$EncryptionLevel = "Required"[/iCODE]. $VpnServerAddress = "1.2.3.4" $UserP12Path = "$Home\Downloads\USER.p12" $CaCertPath = "$Home\Downloads\cacert.pem" $VpnName = "Algo VPN $VpnServerAddress IKEv2" $p12Pass = Read-Host -AsSecureString -Prompt "User p12 password" Import-PfxCertificate -FilePath $UserP12Path -CertStoreLocation Cert:\LocalMachine\My -Password $p12Pass Import-Certificate -FilePath $CaCertPath -CertStoreLocation Cert:\LocalMachine\Root $addVpnParams = @{ Name = $VpnName ServerAddress = $VpnServerAddress TunnelType = "IKEv2" AuthenticationMethod = "MachineCertificate" EncryptionLevel = "Required" } Add-VpnConnection @addVpnParams $setVpnParams = @{ ConnectionName = $VpnName AuthenticationTransformConstants = "GCMAES256" CipherTransformConstants = "GCMAES256" EncryptionMethod = "AES256" IntegrityCheckMethod = "SHA384" DHGroup = "ECP384" PfsGroup = "ECP384" Force = $true } Set-VpnConnectionIPsecConfiguration @setVpnParams Your VPN is now installed and ready to use.

Ubuntu Server 18.04 example sudo apt-get install strongswan libstrongswan-standard-plugins: install strongSwan /etc/ipsec.d/certs: copy <name>.crt from algo-master/configs/<server_ip>/pki/certs/<name>.crt /etc/ipsec.d/private: copy <name>.key from algo-master/configs/<server_ip>/pki/private/<name>.key /etc/ipsec.d/cacerts: copy cacert.pem from algo-master/configs/<server_ip>/pki/cacert.pem /etc/ipsec.secrets: add your user.key to the list, e.g. <server_ip> : ECDSA <name>.key /etc/ipsec.conf: add the connection from ipsec_user.conf and ensure leftcert matches the <name>.crt filename sudo ipsec restart: pick up config changes sudo ipsec up <conn-name>: start the ipsec tunnel sudo ipsec down <conn-name>: shutdown the ipsec tunnel One common use case is to let your server access your local LAN without going through the VPN. Set up a passthrough connection by adding the following to /etc/ipsec.conf: conn lan-passthrough leftsubnet=192.168.1.1/24 # Replace with your LAN subnet rightsubnet=192.168.1.1/24 # Replace with your LAN subnet authby=never # No authentication necessary type=pass # passthrough auto=route # no need to ipsec up lan-passthrough To configure the connection to come up at boot time replace auto=add with auto=start. Other Devices Depending on the platform, you may need one or multiple of the following files. cacert.pem: CA Certificate user.mobileconfig: Apple Profile user.p12: User Certificate and Private Key (in PKCS#12 format) ipsec_user.conf: strongSwan client configuration ipsec_user.secrets: strongSwan client configuration windows_user.ps1: Powershell script to help setup a VPN connection on Windows Setup an SSH Tunnel If you turned on the optional SSH tunneling role, then local user accounts will be created for each user in config.cfg and SSH authorized_key files for them will be in the configs directory (user.ssh.pem). SSH user accounts do not have shell access, cannot authenticate with a password, and only have limited tunneling options (e.g., ssh -N is required). This ensures that SSH users have the least access required to setup a tunnel and can perform no other actions on the Algo server. Use the example command below to start an SSH tunnel by replacing user and ip with your own. Once the tunnel is setup, you can configure a browser or other application to use 127.0.0.1:1080 as a SOCKS proxy to route traffic through the Algo server. ssh -D 127.0.0.1:1080 -f -q -C -N user@ip -i configs/ip_user.ssh.pem SSH into Algo Server To SSH into the Algo server for administrative purposes you can use the example command below by replacing ip with your own: ssh root@ip -i ~/.ssh/algo.pem If you find yourself regularly logging into Algo then it will be useful to load your Algo ssh key automatically. Add the following snippet to the bottom of ~/.bash_profile to add it to your shell environment permanently. [iCODE]ssh-add ~/.ssh/algo > /dev/null 2>&1[/iCODE] Note the admin username is ubuntu instead of root on providers other than Digital Ocean. Adding or Removing Users If you chose to save the CA certificate during the deploy process, then Algo's own scripts can easily add and remove users from the VPN server. Update the users list in your config.cfg Open a terminal, cd to the algo directory, and activate the virtual environment with source env/bin/activate Run the command: ./algo update-users After this process completes, the Algo VPN server will contain only the users listed in the config.cfg file. Additional Documentation Setup instructions Documentation for available Ansible roles Deploy from Fedora Workstation (26) Deploy from RedHat/CentOS 6.x Deploy from Windows Deploy from Ansible directly [*]Client setup Setup Android clients Setup Generic/Linux clients with Ansible Setup Ubuntu clients to use WireGuard Setup Apple devices to use IPSEC [*]Cloud setup Configure Amazon EC2 Configure Azure Configure DigitalOcean Configure Google Cloud Platform [*]Advanced Deployment Deploy to your own FreeBSD server Deploy to your own Ubuntu 18.04 server Deploy to an unsupported cloud provider [*]FAQ [*]Troubleshooting Source: [Hidden Content]

Algo VPN is a set of Ansible scripts that simplify the setup of a personal IPSEC and Wireguard VPN. It uses the most secure defaults available, works with common cloud providers, and does not require client software on most devices. See our release announcement for more information. Features Supports only IKEv2 with strong crypto (AES-GCM, SHA2, and P-256) and WireGuard Generates Apple profiles to auto-configure iOS and macOS devices Includes a helper script to add and remove users Blocks ads with a local DNS resolver (optional) Sets up limited SSH users for tunneling traffic (optional) Based on current versions of Ubuntu and strongSwan Installs to DigitalOcean, Amazon Lightsail, Amazon EC2, Vultr, Microsoft Azure, Google Compute Engine, Scaleway, OpenStack, or your own Ubuntu 18.04 LTS server Anti-features Does not support legacy cipher suites or protocols like L2TP, IKEv1, or RSA Does not install Tor, OpenVPN, or other risky servers Does not depend on the security of TLS Does not require client software on most platforms Does not claim to provide anonymity or censorship avoidance Does not claim to protect you from the FSB, MSS, DGSE, or FSM Deploy the Algo Server The easiest way to get an Algo server running is to let it set up a new virtual machine in the cloud for you. Setup an account on a cloud hosting provider. Algo supports DigitalOcean (most user friendly), Amazon Lightsail, Amazon EC2, Vultr, Microsoft Azure, Google Compute Engine, Scaleway, and DreamCompute or other OpenStack-based cloud hosting. Download Algo. Unzip it in a convenient location on your local machine. Install Algo's core dependencies. Open the Terminal. The python interpreter you use to deploy Algo must be python2. If you don't know what this means, you're probably fine. cd into the algo-master directory where you unzipped Algo, then run: macOS: $ python -m ensurepip --user $ python -m pip install --user --upgrade virtualenv Linux (deb-based): $ sudo apt-get update && sudo apt-get install \ build-essential \ libssl-dev \ libffi-dev \ python-dev \ python-pip \ python-setuptools \ python-virtualenv -y Linux (rpm-based): See the Pre-Install Documentation for RedHat/CentOS 6.x Windows: See the Windows documentation 4. Install Algo's remaining dependencies. Use the same Terminal window as the previous step and run: $ python -m virtualenv --python=`which python2` env && source env/bin/activate && python -m pip install -U pip virtualenv && python -m pip install -r requirements.txt On macOS, you may be prompted to install cc. You should press accept if so. 5. List the users to create. Open config.cfg in your favorite text editor. Specify the users you wish to create in the userslist. 6. Start the deployment. Return to your terminal. In the Algo directory, run ./algo and follow the instructions. There are several optional features available. None are required for a fully functional VPN server. These optional features are described in greater detail in deploy-from-ansible.md. That's it! You will get the message below when the server deployment process completes. You now have an Algo server on the internet. Take note of the p12 (user certificate) password in case you need it later, it will only be displayed this time. You can now setup clients to connect it, e.g. your iPhone or laptop. Proceed to Configure the VPN Clients below. "\"#----------------------------------------------------------------------#\"", "\"# Congratulations! #\"", "\"# Your Algo server is running. #\"", "\"# Config files and certificates are in the ./configs/ directory. #\"", "\"# Go to [Hidden Content] after connecting #\"", "\"# and ensure that all your traffic passes through the VPN. #\"", "\"# Local DNS resolver 172.16.0.1 #\"", "\"# The p12 and SSH keys password is XXXXXXXX #\"", "\"#----------------------------------------------------------------------#\"", Configure the VPN Clients Certificates and configuration files that users will need are placed in the configs directory. Make sure to secure these files since many contain private keys. All files are saved under a subdirectory named with the IP address of your new Algo VPN server. Apple Devices WireGuard is used to provide VPN services on Apple devices. Algo generates a WireGuard configuration file, wireguard/<username>.conf, and a QR code, wireguard/<username>.png, for each user defined in config.cfg. On iOS, install the WireGuard app from the iOS App Store. Then, use the WireGuard app to scan the QR code or AirDrop the configuration file to the device. On macOS Mojave or later, install the WireGuard app from the Mac App Store. WireGuard will appear in the menu bar once you run the app. Click on the WireGuard icon, choose Import tunnel(s) from file..., then select the appropriate WireGuard configuration file. Enable "Connect on Demand" by editing the tunnel configuration in the WireGuard app. Installing WireGuard is a little more complicated on older version of macOS. See Using macOS as a Client with WireGuard. If you prefer to use the built-in IPSEC VPN on Apple devices, then see Using Apple Devices as a Client with IPSEC. Android Devices WireGuard is used to provide VPN services on Android. Install the WireGuard VPN Client. Import the corresponding wireguard/<name>.conf file to your device, then setup a new connection with it. See the Android setup instructions for more detailed walkthrough. Windows 10 Copy your PowerShell script windows_{username}.ps1 to the Windows client and run the following command as Administrator to configure the VPN connection. powershell -ExecutionPolicy ByPass -File windows_{username}.ps1 -Add For a manual installation, see the Windows setup instructions. Linux Network Manager Clients (e.g., Ubuntu, Debian, or Fedora Desktop) Network Manager does not support AES-GCM. In order to support Linux Desktop clients, choose the "compatible" cryptography during the deploy process and use at least Network Manager 1.4.1. See Issue #263 for more information. Linux strongSwan Clients (e.g., OpenWRT, Ubuntu Server, etc.) Install strongSwan, then copy the included ipsec_user.conf, ipsec_user.secrets, user.crt (user certificate), and user.key (private key) files to your client device. These will require customization based on your exact use case. These files were originally generated with a point-to-point OpenWRT-based VPN in mind.

We have fixed the issue, thanks for reporting...

OpenVPN installer for Debian, Ubuntu, Fedora, CentOS and Arch Linux. This script will let you setup your own secure VPN server in just a few seconds. You can also check out how to setup WireGuard, a simple, safer, faster and more modern VPN protocol. Usage First, get the script and make it executable : curl -O [Hidden Content] chmod +x openvpn-install.sh Then run it : ./openvpn-install.sh You need to run the script as root and have the TUN module enabled. The first time you run it, you'll have to follow the assistant and answer a few questions to setup your VPN server. When OpenVPN is installed, you can run the script again, and you will get the choice to : Add a client Remove a client Uninstall OpenVPN In your home directory, you will have .ovpn files. These are the client configuration files. Download them from your server and connect using your favorite OpenVPN client. Features Installs and configures a ready-to-use OpenVPN server Iptables rules and forwarding managed in a seamless way If needed, the script can cleanly remove OpenVPN, including configuration and iptables rules Customisable encryption settings, enhanced default settings (see Security and Encryption below) OpenVPN 2.4 features, mainly encryption improvements (see Security and Encryption below) Variety of DNS resolvers to be pushed to the clients Choice to use a self-hosted resolver with Unbound (supports already existing Unbound installations) Choice between TCP and UDP NATed IPv6 support Compression disabled by default to prevent VORACLE. LZ4 and LZ0 algorithms available otherwise. Unprivileged mode: run as nobody/nogroup Block DNS leaks on Windows 10 Randomised server certificate name Choice to protect clients with a password (private key encryption) Many other little things! Source: [Hidden Content]

Advanced UFW rules You can also add specific IP address to allow and deny access to all services. Run the following command to allow the IP 192.168.0.200 to access all services on the server: # ufw allow from 192.168.0.200 To deny the IP 192.168.0.200 to access all services on server: # ufw deny from 192.168.0.200 You can allow range of IP address in UFW. Run the following command to allow all the connections from IP 192.168.1.1 to 192.168.1.254: # ufw allow from 192.168.1.0/24 To allow IP address 192.168.1.200 access to port 80 using TCP, run the following linux command: # ufw allow from 192.168.1.200 to any port 80 proto tcp To allow access to tcp and udp port range from 2000 to 3000, run the following linux command: # ufw allow 2000:3000/tcp # ufw allow 2000:3000/udp If you want to block access to port 22 from IP 192.168.0.4 and 192.168.0.10 but allow all other IPs to access to port 22, run the following command: # ufw deny from 192.168.0.4 to any port 22 # ufw deny from 192.168.0.10 to any port 22 # ufw allow from 192.168.0.0/24 to any port 22 To allow HTTP traffic on network interface eth0, run the following linux command: # ufw allow in on eth0 to any port 80 By default UFW allows ping requests. if you want to deny ping request, you will need to edit /etc/ufw/before.rules file: # nano /etc/ufw/before.rules Remove the following lines: -A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT -A ufw-before-input -p icmp --icmp-type source-quench -j ACCEPT -A ufw-before-input -p icmp --icmp-type time-exceeded -j ACCEPT -A ufw-before-input -p icmp --icmp-type parameter-problem -j ACCEPT -A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT Save the file, when you are finished. If you ever need to Reset UFW, removing all of your rules, you can do so via the following linux command. # ufw reset Configure NAT with UFW If you want to NAT the connections from the external interface to the internal using UFW. Then you can do this by editing /etc/default/ufw and /etc/ufw/before.rules file. First, open /etc/default/ufw file using nano editor: # nano /etc/default/ufw Change the following line: DEFAULT_FORWARD_POLICY="ACCEPT" Next, you will also need to allow ipv4 forwarding. You can do this by editing /etc/ufw/sysctl.conf file: # nano /etc/ufw/sysctl.conf Change the following line: net/ipv4/ip_forward=1 Next, you will need to add NAT to ufw’s configuration file. You can do this by editing /etc/ufw/before.rules file: # nano /etc/ufw/before.rules Add the following lines just before the filter rules: # NAT table rules *nat :POSTROUTING ACCEPT [0:0] # Forward traffic through eth0 - Change to match you out-interface -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE # don't delete the 'COMMIT' line or these nat table rules won't # be processed COMMIT Save the file when you are finished. Then restart UFW with the following linux command: ufw disable ufw enable Configure Port Forwarding with UFW If you want to forward traffic from Public IP eg. 150.129.148.155 port 80 and 443 to another internal server with IP address 192.168.1.120. Then you can do this by editing /etc/default/before.rules: # nano /etc/default/before.rules Change the file as shown below:: PREROUTING ACCEPT [0:0] -A PREROUTING -i eth0 -d 150.129.148.155 -p tcp --dport 80 -j DNAT --to-destination 192.168.1.120:80 -A PREROUTING -i eth0 -d 150.129.148.155 -p tcp --dport 443 -j DNAT --to-destination 192.168.1.120:443 -A POSTROUTING -s 192.168.1.0/24 ! -d 192.168.1.0/24 -j MASQUERADE Next, restart UFW with the following command: # ufw disable # ufw enable Next, you will also need to allow port 80 and 443. You can do this by running the following command: # ufw allow proto tcp from any to 150.129.148.155 port 80 # ufw allow proto tcp from any to 150.129.148.155 port 443

UFW also known as Uncomplicated Firewall is an interface to iptables and is particularly well-suited for host-based firewalls. UFW provide an easy to use interface for beginner user who is unfamiliar with firewall concepts. It is most popular firewall tool originating from Ubuntu. It supports both IPv4 and IPv6. In this tutorial, we will learn how to install and use UFW firewall on Linux. Requirements Any Linux based distribution installed on your system root privileges setup on your system Installing UFW Ubuntu By default, UFW is available in most Ubuntu based distributions. If it is deleted, you can install it by running the following linux command. # apt-get install ufw -y Debian You can install UFW in Debian by running the following linux command: # apt-get install ufw -y CentOS By default, UFW is not available in CentOS repository. So you will need to install the EPEL repository to your system. You can do this by running the following linux command: # yum install epel-release -y Once the EPEL repository is installed, you can install UFW by just running the following linux command: # yum install --enablerepo="epel" ufw -y After installing UFW, start UFW service and enable it to start on boot time by running the following linux command. # ufw enable Next, check the status of UFW with the following linux command. You should see the following output: # ufw status Status: active You can also disable UFW firewall by running the following linux command: # ufw disable Set UFW Default Policy By default, UFW default policy setup to block all incoming traffic and allow all outgoing traffic. You can setup your own default policy with the following linux command. ufw default allow outgoing ufw default deny incoming Add and Delete Firewall Rules You can add rules for allowing incoming and outgoing traffic in two ways, using the port number or using the service name. For example, if you want to allow both incoming and outgoing connections of HTTP service. Then run the following linux command using the service name. ufw allow http Or, run the following command using the port number: ufw allow 80 If you want to filter packets based on TCP or UDP, then run the following command: ufw allow 80/tcp ufw allow 21/udp You can check the status of added rules with the following linux command.ufw status verbose You should see the following output: Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), deny (routed) New profiles: skip To Action From -- ------ ---- 80/tcp ALLOW IN Anywhere 21/udp ALLOW IN Anywhere 80/tcp (v6) ALLOW IN Anywhere (v6) 21/udp (v6) ALLOW IN Anywhere (v6) You can also deny any incoming and outgoing traffic any time with the following commands: # ufw deny 80 # ufw deny 21 If you want to delete allowed rules for HTTP, simply prefix the original rule with delete as shown below: # ufw delete allow http # ufw delete deny 21

In this tutorial we can check how to Configure and Install Varnish on CentOS/Ubuntu server. Varnish is the most powerful open source HTTP engine/reverse HTTP proxy that has the capability to increase the site speed, especially when there is high traffic on the site. Varnish Cache visits your page only once for caching the page and all the future request for that page will be served by varnish cache Install varnish Before installing varnish, we need to add varnish repositories to the server. For Ubuntu Users [iCODE]# curl [Hidden Content] | sudo apt-key add – # apt-get update # apt-get install varnish[/iCODE] For CentOS Users [iCODE]# yum install -y epel-release # yum update # yum install -y varnish[/iCODE] Configuring Varnish on both Ubuntu and CentOS After installation, we need to configure varnish to reduce the load on the server. For Ubuntu Users Search and uncomment the lines under “DAEMON_OPTS” on the varnish configuration file /etc/default/varnish and edit the lines similar to the following. [iCODE]# vi /etc/default/varnish DAEMON_OPTS=”-a :80 \ -T localhost:6082 \ -f /etc/varnish/default.vcl \ -S /etc/varnish/secret \ -s malloc,256m”[/iCODE] After saving this file open varnish default file which tells varnish to look for server content. Edit this file to tell varnish to look for the content on port 8080. The code will be similar to the below example. [iCODE]# vi /etc/varnish/default.vcl backend default { .host = “127.0.0.1”; .port = “8080”; }[/iCODE] For CentOS users. Edit varnish configuration file to change the varnish port. [iCODE]# vi /etc/varnish/varnish.params VARNISH_LISTEN_PORT=80[/iCODE] Save the file and open the default file of varnish to look the content on port 8080. The code should be similar to the following example. [iCODE]# vi /etc/varnish/default.vcl backend default { .host = “127.0.0.1”; .port = “8080”; }[/iCODE] Configure apache to work with varnish By default, apache is listening to port 80. We have to change the port for apache to 8080 to run it behind varnish. For Ubuntu Users. Edit the port.conf file to change apache port to 8080. The file should be similar to the example below. [iCODE]# vi /etc/apache2/ports.conf NameVirtualHost 127.0.0.1:8080 Listen 127.0.0.1:8080[/iCODE] Also, edit the apache configuration file to change the port. [iCODE]# vi /etc/apache2/sites-available/default <VirtualHost 127.0.0.1:8080>[/iCODE] Save this file and restart both services to enable the changes. [iCODE]# service apache2 restart # service varnish restart[/iCODE] For CentOS users Edit apache configuration file to change the port to 8080. [iCODE]# vi /etc/httpd/conf/httpd.conf Listen 8080[/iCODE] Restart both services to reflect the changes. [iCODE]# systemctl restart varnish # systemctl restart httpd[/iCODE] After the installation, you can verify whether the vanish is working or not by using the following command. [iCODE]# curl -I [Hidden Content]] Then the output should be something similar to the following: [iCODE]HTTP/1.1 200 OK Date: Wed, 04 Nov 2015 10:21:07 GMT Server: Apache/2.4.6 (CentOS) Last-Modified: Fri, 02 Oct 2015 10:36:53 GMT ETag: “6c-5211cdbf61c14” Content-Length: 108 Content-Type: text/html; charset=UTF-8 X-Varnish: 32770 Age: 0 Via: 1.1 varnish-v4 Connection: keep-aliveHTTP/1.1 200 OK Date: Wed, 04 Nov 2015 10:21:07 GMT Server: Apache/2.4.6 (CentOS) Last-Modified: Fri, 02 Oct 2015 10:36:53 GMT ETag: “6c-5211cdbf61c14” Content-Length: 108 Content-Type: text/html; charset=UTF-8 X-Varnish: 32770 Age: 0 Via: 1.1 varnish-v4 Connection: keep-alive [/iCODE][/indent]

To install Let’s Encrypt SSL Certificate on CentOS 6/7, please follow the steps below. 1) Make sure that Apache Web Server is already installed in your server. If not, the use the command below to install it. [iCODE]$ yum install httpd[/iCODE] 2) Install the SSL/TLS module. [iCODE]$ yum -y install mod_ssl[/iCODE] 3) Start the apache server by using the following command. [iCODE]$ service httpd start [On RHEL/CentOS 6] $ systemctl start httpd.service [On RHEL/CentOS 7][/iCODE] 4) To install Let’s Encrypt Client, the simplest method is to clone github repository in your filesystem. To install git on your system you must enable Epel repositories first. Use below command for this. [iCODE]$ yum install epel-release[/iCODE] 5) After Epel repos are added in your system, then install the git client using the command below. [iCODE]$ yum install git[/iCODE] 6) Now you have installed all the required dependencies. Next go to /usr/local/ directory and start pulling the Let’s Encrypt client form its official github repository by using the following command [iCODE]$ cd /usr/local/ $ git clone [Hidden Content]] 7) To obtain the SSL Certificate, we need to run Let’s Encrypt script command. For this go to Let’s Encrypt installation directory from /usr/local/letsencrypt and run the letsencrypt-auto command by providing –apache option and the -d flag for every subdomain that needs a certificate. [iCODE]$ cd /usr/local/letsencrypt $ ./letsencrypt-auto –apache -d your_domain.tld[/iCODE] 8) After completing the process, a new window will be displayed and here you can provide an email address that will be used by Let’s Encrypt to recover your lost key or for urgent notices. 9) The next winnow will display the terms of service of the license. Select agree and please hit the Enter key. 10) On the next window Let’s Encrypt will prompt you to select a virtual host. It will not find any virtual host available, so select the ssl.conf file to be automatically modified by Let’s Encrypt client and press Enter to continue. 11) Next, you will see two methods, one is the easy method and the other is the secure method. Choose the easy method for HTTP requests and hit the Enter key to move forward. 12) After completing all these processes, a congratulation message will be displayed on the screen. Press the Enter key to release the prompt. Now you have successfully issued a SSL/TLS certificate for your domain. Now you can start browsing your website using HTTPS protocol. 13) You can test the SSL/TLS certificate of your domain by visiting the bellow link. [iCODE][Hidden Content]]

Source: [Hidden Content]

Step Four — Configure Nginx to Process PHP Pages Now, we have all of the required components installed. The only configuration change we still need to do is tell Nginx to use our PHP processor for dynamic content. We do this on the server block level (server blocks are similar to Apache's virtual hosts). Open the default Nginx server block configuration file by typing: [iCODE]sudo vi /etc/nginx/conf.d/default.conf[/iCODE] Currently, with the comments removed, the Nginx default server block looks like this: [iCODE]/etc/nginx/conf.d/default.conf — original server { listen 80; server_name localhost; location / { root /usr/share/nginx/html; index index.html index.htm; } error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } }[/iCODE] We need to make some changes to this file for our site. First, we need to add an index.php option as the first value of our index directive to allow PHP index files to be served when a directory is requested We also need to modify the server_name directive to point to our server's domain name or public IP address The actual configuration file includes some commented out lines that define error processing routines. We will uncomment those to include that functionality For the actual PHP processing, we will need to uncomment a portion of another section. We will also need to add a try_files directive to make sure Nginx doesn't pass bad requests to our PHP processor The changes that you need to make are in red in the text below. If you prefer, you may just copy and paste everything, then replace the value of server_name with the appropriate domain name or IP address: [iCODE]/etc/nginx/conf.d/default.conf — updated server { listen 80; server_name server_domain_name_or_IP; # note that these lines are originally from the "location /" block root /usr/share/nginx/html; index index.php index.html index.htm; location / { try_files $uri $uri/ =404; } error_page 404 /404.html; error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } location ~ \.php$ { try_files $uri =404; fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } }[/iCODE] When you've made the above changes, you can save and close the file. Restart Nginx to make the necessary changes: [iCODE]sudo systemctl restart nginx[/iCODE] Step Five — Test PHP Processing on your Web Server In order to test that our system is configured properly for PHP, we can create a very basic PHP script. We will call this script info.php. In order for Apache to find the file and serve it correctly, it must be saved to a very specific directory, which is called the "web root". In CentOS 7, this directory is located at /usr/share/nginx/html/. We can create the file at that location by typing: [iCODE]sudo vi /usr/share/nginx/html/info.php[/iCODE] This will open a blank file. We want to put the following text, which is valid PHP code, inside the file: [iCODE]Test PHP Script <?php phpinfo(); ?>[/iCODE] When you are finished, save and close the file. Now we can test whether our web server can correctly display content generated by a PHP script. To try this out, we just have to visit this page in our web browser. You'll need your server's public IP address again. The address you want to visit will be: Open in a web browser: [iCODE][Hidden Content]] The page that you come to should look something like this: This page basically gives you information about your server from the perspective of PHP. It is useful for debugging and to ensure that your settings are being applied correctly. If this was successful, then your PHP is working as expected. You probably want to remove this file after this test because it could actually give information about your server to unauthorized users. To do this, you can type this: [iCODE]sudo rm /usr/share/nginx/html/info.php[/iCODE] You can always recreate this page if you need to access the information again later. Conclusion Now that you have a LEMP stack installed, you have many choices for what to do next. Basically, you've installed a platform that will allow you to install most kinds of websites and web software on your server.

Introduction A LEMP software stack is a group of open source software that is typically installed together to enable a server to host dynamic websites and web apps. This term is actually an acronym which represents the Linux operating system, with the ENginx web server (which replaces the Apache component of a LAMP stack). The site data is stored in a MySQL database (using MariaDB), and dynamic content is processed by PHP. In this guide, we'll get a LEMP stack installed on an CentOS 7 VPS. CentOS will fulfill our first requirement: a Linux operating system. Prerequisites Before you begin with this guide, you should have a separate, non-root user account set up on your server. You can learn how to do this by completing steps 1-4 in the initial server setup for CentOS 7. Note about SELinux: If you run into issues with Nginx not running, make sure the SELinux context of your Nginx configuration files is correct or change the SELinux mode to permissive or disabled. Step One — Install Nginx In order to display web pages to our site visitors, we are going to employ Nginx, a modern, efficient web server. To add the CentOS 7 EPEL repository, open terminal and use the following command: [iCODE]sudo yum install epel-release [/iCODE] Since we are using a sudo command, these operations get executed with root privileges. It will ask you for your regular user's password to verify that you have permission to run commands with root privileges. Now that the Nginx repository is installed on your server, install Nginx using the following yum command: [iCODE]sudo yum install nginx [/iCODE] Afterwards, your web server is installed. Once it is installed, you can start Nginx on your VPS: [iCODE]sudo systemctl start nginx [/iCODE] You can do a spot check right away to verify that everything went as planned by visiting your server's public IP address in your web browser (see the note under the next heading to find out what your public IP address is if you do not have this information already): [iCODE] Open in a web browser: [Hidden Content] [/iCODE] You will see the default CentOS 7 Nginx web page, which is there for informational and testing purposes. It should look something like this: If you see this page, then your web server is now correctly installed. Before continuing, you will want to do is enable Nginx to start on boot. Use the following command to do so: [iCODE]sudo systemctl enable nginx [/iCODE] How To Find Your Server's Public IP Address If you do not know what your server's public IP address is, there are a number of ways you can find it. Usually, this is the address you use to connect to your server through SSH. From the command line, you can find this a few ways. First, you can use the iproute2 tools to get your address by typing this: ip addr show eth0 | grep inet | awk '{ print $2; }' | sed 's/\/.*$//' This will give you one or two lines back. They are both correct addresses, but your computer may only be able to use one of them, so feel free to try each one. An alternative method is to use an outside party to tell you how it sees your server. You can do this by asking a specific server what your IP address is: [iCODE]curl [Hidden Content]] Regardless of the method you use to get your IP address, you can type it into your web browser's address bar to get to your server. Step Two — Install MySQL (MariaDB) Now that we have our web server up and running, it is time to install MariaDB, a MySQL drop-in replacement. MariaDB is a community-developed fork of the MySQL relational database management system. Basically, it will organize and provide access to databases where our site can store information. Again, we can use yum to acquire and install our software. This time, we'll also install some other "helper" packages that will assist us in getting our components to communicate with each other: [iCODE]sudo yum install mariadb-server mariadb[/iCODE] When the installation is complete, we need to start MariaDB with the following command: [iCODE]sudo systemctl start mariadb[/iCODE] Now that our MySQL database is running, we want to run a simple security script that will remove some dangerous defaults and lock down access to our database system a little bit. Start the interactive script by running: [iCODE]sudo mysql_secure_installation[/iCODE] The prompt will ask you for your current root password. Since you just installed MySQL, you most likely won’t have one, so leave it blank by pressing enter. Then the prompt will ask you if you want to set a root password. Go ahead and enter Y, and follow the instuctions: [iCODE]mysql_secure_installation prompts: Enter current password for root (enter for none): OK, successfully used password, moving on...[/iCODE] Setting the root password ensures that nobody can log into the MariaDB root user without the proper authorisation. [iCODE]New password: password Re-enter new password: password Password updated successfully! Reloading privilege tables.. ... Success![/iCODE] For the rest of the questions, you should simply hit the "ENTER" key through each prompt to accept the default values. This will remove some sample users and databases, disable remote root logins, and load these new rules so that MySQL immediately respects the changes we have made. The last thing you will want to do is enable MariaDB to start on boot. Use the following command to do so: [iCODE]sudo systemctl enable mariadb[/iCODE] At this point, your database system is now set up and we can move on. Step Three — Install PHP PHP is the component of our setup that will process code to display dynamic content. It can run scripts, connect to our MySQL databases to get information, and hand the processed content over to our web server to display. We can once again leverage the yum system to install our components. We're going to include the php-mysql and php-fpm packages as well: [iCODE]sudo yum install php php-mysql php-fpm[/iCODE] Configure the PHP Processor We now have our PHP components installed, but we need to make a slight configuration change to make our setup more secure. Open the main php-fpm configuration file with root privileges: [iCODE]sudo vi /etc/php.ini[/iCODE] What we are looking for in this file is the parameter that sets cgi.fix_pathinfo. This will be commented out with a semi-colon ( and set to "1" by default. This is an extremely insecure setting because it tells PHP to attempt to execute the closest file it can find if a PHP file does not match exactly. This basically would allow users to craft PHP requests in a way that would allow them to execute scripts that they shouldn't be allowed to execute. We will change both of these conditions by uncommenting the line and setting it to "0" like this: [iCODE]/etc/php.ini excerpt cgi.fix_pathinfo=0[/iCODE] Save and close the file when you are finished. Next, open the php-fpm configuration file www.conf: [iCODE]sudo vi /etc/php-fpm.d/www.conf[/iCODE] Find the line that specifies the listen parameter, and change it so it looks like the following: [iCODE]/etc/php-php.d/www.conf — 1 of 3 listen = /var/run/php-fpm/php-fpm.sock[/iCODE] Next, find the lines that set the listen.owner and listen.group and uncomment them. They should look like this: [iCODE]/etc/php-php.d/www.conf — 2 of 3 listen.owner = nobody listen.group = nobody[/iCODE] Lastly, find the lines that set the user and group and change their values from "apache" to "nginx": [iCODE]/etc/php-php.d/www.conf — 3 of 3 user = nginx group = nginx[/iCODE] Then save and quit. Now, we just need to start our PHP processor by typing: [iCODE]sudo systemctl start php-fpm[/iCODE] This will implement the change that we made. Next, enable php-fpm to start on boot: [iCODE]sudo systemctl enable php-fpm[/iCODE]

this is exactly what im talking about... thx anyways

why are these girls all fat... Indian men do not care or what.... damn....

eeew.. this looks nasty