SSL HTTPS on IIS - https://letsencrypt.org/

Google Chrome now blocks access to HTML5 geoocation stuff I need... unless it comes form HTTPS secure server.  Here are a few notes - mainly for Windows IIS.

1) SSL is really for 2 things (a) encryption (b) authentication of your server    - self-signed certificates are fine for (a) but not (b)

IIS - self certificates are really easy to generate and use on HTTPS site but you will get msg about not being trusted as (b) above

2) There's a relatively new Cert authority trying to make HTTPS free   --- https://letsencrypt.org/ 

they seem to have been set up April 2016

You can download a file and put on server to authenticate you are who you say you are...  without FTP you can still do this manually but need to create a file path on your Web server which has folder .well-known    which Windows doesn't like but you can make it do it by doing this:

 .well-known. (the last dot is important), Windows will create the folder and automatically will remove the last dot.

The certificate can then be downloaded and installed on IIS... you need to import the Cert  in  Microsoft Management console if on Windows.. then Complete the certificate import in IIS.

ALT to 2) Instead of going the time consuming pain of (2) then this makes life a lot lot easier.. (Windows)

Download the compiled version of this source   https://github.com/Lone-Coder/letsencrypt-win-simple   from here  https://github.com/Lone-Coder/letsencrypt-win-simple/releases  

Run the letsencrypt.exe on your server.. answer the prompts.. it does the authentication using letsencrypt.org and installs the certificate for you on IIS

Job done...  :-)

IMU - complementary filter

Some links on complementary filters for IMU

http://blog.bitify.co.uk/2013/11/using-complementary-filter-to-combine.html





http://www.geekmomprojects.com/mpu-6050-dmp-data-from-i2cdevlib/


http://stackoverflow.com/questions/32228629/imu-orientation-constantly-changing/32231388#32231388

Getting I2C to work on Rapsberry Pi

Recently been trying to get an I2C sensor to work on a Raspberry Pi.. found these articles very useful.

Two parts

Part 1) Turn on in BIOS

http://www.raspberrypi-spy.co.uk/2014/11/enabling-the-i2c-interface-on-the-raspberry-pi/

sudo raspi-config

In the advanced settings turn on I2C

Now complete the following steps :

• Select “8 Advanced Options”
• Select “A7 I2C”
• Select “Yes”

The screen will ask if you want the interface to be enabled :

• Select “Yes”
• Select “Ok”

The screen will ask if you want the module to be loaded by default :

• Select “Yes”

The screen will state the module will be loaded by default :

• Select “Ok”
• Select “Finish” to return to the command line

When you next reboot the I2C module will be loaded.

_______


Part TWO  - setup software

https://www.raspberrypi.org/forums/viewtopic.php?t=74763


Add this to /etc/modules and reboot

i2c-bcm2708
i2c-dev



sudo apt-get install python-smbus
sudo apt-get install i2c-tools



sudo i2cdetect -y 1

Resize Oracle Virtual Box Machine’s Hard Drive Size

On Windows host PC….

Goto CMD and type:

C:\Program Files\Oracle\VirtualBox>VBoxManage modifyhd f:\virtualmachine.vdi –resize  500000

(to make new drive size 500GB)

plpythonu + numpy and other modules - on a linux server (in this case a Raspberry Pi)

Setting up some plpython functions inside a PostgreSQL database on Linux is great...

sudo apt-get install postgresql-contrib postgresql-plpython    (with correct version numbers added)


and python module installations

pip install numpy

Test it in Python 

------------------
import numpy
print (numpy.e)


However on creating a plpython2u function the error msg report numpy couldn't be found ??

After much searching and looking to add the path of the user that installed the module - the easiest fix was to go back to the server (Rasp Pi2 in this case) and switch to the postgresql user

su postgres
{answer password prompt}

then do                    pip install numpy
also in this case        pip install nltk
then run  python as this user (postgres)

import nltk
nltk.download()
{select all - wait to download - close dialogue box}

Now the plpython2u modules that the postgres user sees has all the necessary data files to work properly...

Multiple Web Hosting across many VMs on a Single Server (1 IP address but many URLs)

 

It is easy enough to host many sites on IIS or Apache using virtual host (or binding) on a single machine. However I have a need to run several VMs on single machine, each VM being accessible to different colleagues. Using Virtual Box (ver 5) it is easy enough to enable the Remote Desktop option, whereby you can remote desktop (eg mstsc / remote desktop app) to a VM directly.

However what was so apparent was how each VMs IIS could share a single ‘real’ world facing IP address (eg 1.2.3.4) while each VM had its own subnet (eg 10.0.2.15). The VMs could not be in the same subnet range as only 1 external IP address was available.

To achieve this goal a few things need to happen:

1) Install URL Rewrite (ver 2.0 was used) on IIS – this requires additional packages to be installed via Web Platform Installer (Application Request Routing)

2) Set up NAT on each VM virtual box setting – so that data can be sent between subnets

eg VM1 – NAT HOST port 8081 mapped to GUEST (VM) 8081
             NAT  HOST port 8082 mapped to GUEST (VM) 8082

VM2 – NAT HOST port 8083 mapped to GUEST (VM) 8083

3)Configure the IIS on the HOST with a new website for each website URL hosted on this server

eg website:  www.testsite1.com

4) Create a URL Rewrite rule
For each website on the host (as created above) add a URL Rewrite rule…

The top box is the INTERNAL web address (in this case 1.2.3.4:8081)
.. and the lowest box of the 3 is the URL (eg www.testsite1.com)

One further step (needed for gzipped compressed websites) is to add HTTP_ACCEPT_ENCODING to the Server variables. This is done in the URL_REWRITE rule (set value to 0 as GUI needs an entry).

… and then again you need to set this again from a drop down list (start typing for list to appear) of server variables.

5) Configure the IIS on the VM

The VM IIS running the website needs to be listening on the specified port (eg 8081), and not be bound to a given URL (ie binding is left blank). Also ensure the Windows Firewall on the VM is open for the port you are using (eg 8081).

Repeat using a different port for each website, and adding the details to the Firewall, Host URL Rewrite, VM NAT Port forwarding, and VM IIS website (port).

Block IP addresses on Windows server

Windows Server - block IP addresses of DoS / hacking attempts


Powershell  (as Admin) - one time only 

Set-ExecutionPolicy RemoteSigned


then save this script... (.ps1)

PS1 Script:

$DT = [DateTime]::Now.AddDays(-1) # check only last 24 hours

$l = Get-EventLog -LogName 'Security' -InstanceId 4625 -After $DT | Select-Object @{n='IpAddress';e={$_.ReplacementStrings[-2]} } # select Ip addresses that has audit failure 
$g = $l | group-object -property IpAddress  | where {$_.Count -gt 9} | Select -property Name # get ip adresses, that have more than 9 wrong logins

$fw = New-Object -ComObject hnetcfg.fwpolicy2 # get firewall object

$ar = $fw.rules | where {$_.name -eq 'Block IP addresses'} # get firewall rule named 'Block IP Addresses' (must be created manually)

$arRemote = $ar.RemoteAddresses -split(',') #split the existing IPs into an array so we can easily search for existing IPs

$w = $g | where {$_.Name.Length -gt 1 -and  !($arRemote -contains $_.Name + '/255.255.255.255') } # get ip addresses that are not already in firewal rule. Include the subnet mask which is automatically added to the firewall remote IP declaration.

$w| %{$ar.remoteaddresses += ',' + $_.Name} # add IPs to firewall rule

Source: http://serverfault.com/questions/233222/ban-ip-address-based-on-x-number-of-unsuccessful-login-attempts

Set up a Scheduled task to run this script every day... or whenever you wish.