To ensure . files get moved/copied in one go.

Run - shopt -s dotglob

Then example - mv /tmp/home/source/* /home/destination/

You can put - shopt -s dotglob in your ~/.bashrc if you want it to be the default

Then run - source ~/.bashrc for it to reload

This I got from: Ubuntu Answers

Recently I have seen a lot of hub-dub about India going "make in India", especially towards governmental suits. Now, I really would love to have that done for India. Given if India goes OSS, while propagating so much about OSS, would really be the right step. Instead what has happened is going to zoho. Now zoho may claim to be secure and stuff, but we all know one thing for sure, unless I know what the software is made of, to the last line of code, how can I really be going OSS, or for that sake safe?

Even though I do not know how to read the whole code, but if the code is open and available, it gives me a security and risk free of knowing the community is aware and will surely raise or has already raised what is there, and what not, inflight risks included.

What actually is happening, or rather what has already gone BAU: Zoho lands GOI contract for 7 years

Email accounts of 12 lakh Central government employees now run on Zoho’s platform

Community at large is aware of what Zoho did recently. The so called "ulaa browser" is simply a closed sourced duplicate of Chromium + whatever they are hiding behind the wall. They landed lakhs of rupees in this doing, which was the start of blinding the already foolish bureaucrats.

Politics is all about money, power and the 4 legs of a chair. This contract is nothing but one and all of those pointers. There is nothing unique abut Zoho. There is nothing right about their so called whatsapp replacement, arratai.

Zoho reminds me of how bollywood is the best in copy-pasting. How Netflix readily copies from some original French or German movie/series and whips up a Spanish series. I will not deny, copy-pasting and trying to hide it is a big art, and artists like this are abundant, but eyes open one day, for everyone. Trouble is, it is already too late by then.

Wake up India. Rather while you are already awake, please stop wasting tax payers money, and do not use closed source software and compromising public data with closed sourced conglomerates as well.

We did not allow it. We did not bring you to power for doing what is not right. Remember, public has the biggest power. Pen really is mightier than 4 legs of your chair.

Meanwhile, GOI nonsense which raked my brain was:

Union Ministry of Education said that the Zoho Office Suite was already incorporated in the NIC mail system and “by embracing Zoho’s indigenous office productivity tools, we take a bold step in the Swadeshi movement, empowering India to lead with home-grown innovation, strengthen digital sovereignty, and secure our data for a self-reliant future.”

& furthermore, what is this supposed to mean?

A senior official said Zoho’s suite has also been activated to ensure that government employees do not use open source applications to create word files, spreadsheets and presentations.

Though the suite was available earlier, not many government employees were using it. “It was found that many government employees were using open source tools, which could compromise security of files, and it was decided to make them aware and display its features prominently on the internal mail platform,” said the official.

Are you even aware what you are saying? Simply put, "Seriously!!!"

So you mean millions of developers and trillions of users of OSS/FOSS/FLOSS are brainless? Everyone is getting compromised by using OSS/FOSS/FLOSS stuff?

This is one cake; MoE, are you even aware what you just did?

On October 3, the Union Ministry of Education issued an order nudging officials to use the Zoho suite “in alignment with the Government of India’s broader vision of transforming the nation from a service economy into a product nation, and in pursuit of building a self-reliant ecosystem in technology, hardware, and software solutions”.

This reminds me of how everyone thinks foogle is the "guru of search" (ref: The Vault Of Vishnu - Ashwin Sanghi, page 85, line 5 from top). Makes me laugh out loud.

I have reached out to The Hindu & The Zoho & will also reach out to MoE specifically to recant those words, and publicly apologies. They are already so deep into ego, they need to learn: they are the one in need of a real education and not the other way round here.

Introduction

In this tutorial, I will guide you through the process of setting up a let's encrypt ssl/https certificate (reverse proxy) on a unique port other than 80/443, example port:4545 on the root server for hosting using Hestia Control Panel (See installation URL given under prerequisites below). Hestia Control Panel is a popular open source web server control panel that simplifies the management of your website, email accounts, databases, and other hosting-related tasks. This tutorial is compatible with both VPS and Root Server offerings by netcup.

Assumptions:

• You already have a sub-domain setup and the requisite service installed at the specified http port (example - http://sd1.domain.tld:4545).
• You have the sub-domain setup with SSL/HTTPS (443) setup (example - https://sd1.domain.tld)
• You have bare minimum knowledge of terminal, web servers, vhosts, reverse proxy.

The reading time of this tutorial is about 35 minutes; implementation will take approximately 60-70 minutes.

Background

The objective of Let’s Encrypt and the ACME protocol is to make it possible to set up an HTTPS server and have it automatically obtain browser-trusted certificates without any human intervention. This is accomplished by running an ACME client on a web server. To know more, visit Let's Encrypt. This also forms a part for use in Nginx reverse proxy configuration.

Forgejo is a self-hosted lightweight software forge (simple software project management). Easy to install and low maintenance, it just does the job.

In the world of open-source software, the story of how a project is governed is often as important as the code itself. Forgejo is a powerful testament to this fact. It is a “soft fork” of Gitea, created by a community of users and contributors to ensure that the project’s future remains in the hands of a non-profit, community-driven organization.

Born out of concerns following the creation of a for-profit company to manage Gitea, Forgejo’s mission is to be a truly free and open-source software (FOSS) forge, managed under the stewardship of the Codeberg e.V. non-profit. It is technically very similar to Gitea, but philosophically, it represents a commitment to community ownership and non-commercial governance.

Since Forgejo by default/design runs on port 4545 and many other projects also default to port 4545, I chose a different port (example 4545 here). This helps me keep it running in the background without conflicting with other applications. This was necessary for 2 more reasons:

• Clean url everytime Example instead having to type or visit https://git.example.com:4545 every time, I will have a cleaner url as https://git.example.com.
• Issue an HTTPS/SSL/TLS enabled URL and enjoy the higher level of security. Visitors & users of my site would also know they are safe.

Prerequisites

• A server from netcup with latest Ubuntu 20.04/22.04/LTS; Debian 10/11/12/LTS or later installed (see the below URL) - use minimal mode of installation, also called clean installation. Installation Tutorial or the blog guide here.
• A registered domain name
• Access to your server

Step 1: Update your system

Before we begin, it's essential to ensure that your system is up-to-date. Log in to your server via SSH as the root user and run the following command:

For Ubuntu/Debian:

apt update && apt upgrade -y

Step 2: Add the necessary changes to the service (example git)

username@serverip:port

I created a normal subdomain at normal 80/443 ports with LE SSL generated. Then in the git app.ini (/etc/git/app.in) file, added this under [server]

nano /etc/git/app.ini
--------------
[server]
ENABLE_ACME = enable
HTTPS_PORT = 4545 ssl
ROOT_URL = https://git.domain.tld
-------------- **(save changes to the file by typing CTRL+X simultaneously)**
CTRL+X
Y
Enter

Then under nginx.conf ($HESTIADATA\conf\web\git.domain.tld\nginx.conf) I added

nano /$HESTIADATA\conf\web\git.domain.tld\nginx.conf
--------------
 location / {
     client_max_body_size 4096M;
     proxy_pass http://localhost:4545;
     proxy_set_header Connection $http_connection;
     proxy_set_header Upgrade $http_upgrade;
     proxy_set_header Host $host;
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Proto $scheme;
-------------- **(save via)**
CTRL+X
Y
Enter

Then under apache2.conf ($HESTIADATA\conf\web\git.domain.tld\apach2.conf) I added

nano /$HESTIADATA\conf\web\git.domain.tld\apache2.conf
--------------
     ProxyPreserveHost On
     ProxyRequests off
     AllowEncodedSlashes NoDecode
     ProxyPass / http://localhost:4545/ nocanon
-------------- **(save via)**
CTRL+X
Y
Enter

Then under apache2.ssl.conf ($HESTIADATA\conf\web\git.domain.tld\apache2.ssl.conf) I added

nano /$HESTIADATA\conf\web\git.domain.tld\apach2.ssl.conf
--------------
 < VirtualHost git.domain.tld:8443 https >
*****************************
*****************************
    ProxyPreserveHost On
     ProxyRequests off
     AllowEncodedSlashes NoDecode
     ProxyPass / http://localhost:4545/ nocanon
-------------- **(save via)**
CTRL+X
Y
Enter

I also enabled the following to ensure the proxy works:

 a2enmod proxy
 a2enmod proxy_http
 a2enmod proxy_balancer
 a2enmod proxy_wstunnel
 systemctl restart apache2

Then I restarted all services

 systemctl restart apache2
 systemctl restart nginx
 systemctl start git.service

I got the help from these:

APache SSL long record rrror

Let's Encrypt SSL certificate

Gitea reverse proxy - Apache HTTPD

Gitea reverse proxy - general conf

Gitea reverse proxy - NGINX

Someone's personal Forgejo guide

Conclusion

Awesome! You've successfully set up a let's encrypt certificate on a unique port other than the usual 443/8443.

So just a bit of rant here. When you are in the corporate nonsense, a layer matters, I guess? People are so filled with ego, that they will ask someone what your level is. Example: Security, Bull, Bombay, or even Greece, does not matter, but if there is a swipe machine at the gate, I am sure it is not there as a museum piece, right? You need to swipe it, so swipe it for god's sake. What has someone's level in the company gotta do with it? I saw him/her entering without swiping. I requested, please swipe. The look was killing. Blurted: what "f level are you?"

---

🤣🤣🤣

So you see, why the SIRE comes into picture, MY LORD?

---

Point-Love-15

I came back from Pune FOSS Meetup (monthly ones usually) today (my first ever). The monthly meetup was nice, interactive, and the room was filled (approx 40-45 of us were there) with youngsters beaming for new things, knowledge, and pretty shy as well. 🪭😳

Onkar, Sriya, Agastya, Prathamesh, Khushi (FOSSUnited) and Joshua (host/Technogise) were very supportive, open and made every one feel very welcomed. It was real nice to be there, got to know a lot.

• Shreya took us through a very interesting topic: Secure & Encrypt your stuff. More: TLS inside a cluster | TLS in Kubernetes: a guide
• Yash took us through Kubernetes & backstage to build a dev portal of our own. More: Backstage-CNCF | Backstage-Source | Red hat article about its inception

What I really liked was that youngsters were filled with thoughts about what FOSS is all about? They were intently listening, even interacting, asking questions, and I saw few take notes. I am bad at remembering names (not faces though), so I am not sure I recall the names (anger management). Anyways, I heard one enthusiast take the name of Joplin, which peaked my height, as being India, and knowing how things go (to a certain extent of course), I liked it and started to pitch for the usage of F-Droid as well, which I was sad to see, hardly anyone knew.

Some knew of AuroraStore as well, and were using it daily. I was pitching more on take control and switch from closed source to open source. I spoke about some nightmares of my rooting experience of more than a decade & half back, which was like a WOAH for me too.

All working individuals were pitching Linux/Unix, which was so nice. I kept cringing about being a non-dev 😜, and liked how we had a good interactive session throughout.

What I found odd, and I have been vocal anyways: usage of google and proprietary stuff a lot by everyone. We need to move out of the GAFAM nonsense and take back our privacy, which I tried to pitch as much as possible. Drumming the R.E.M. Privacy is Scrooge McDuck saving his Lucky Coin from Cruella, Money from Maa Beagle & Beagle Boys.

Another thing I found odd, XMPP is missing from India & FOSS. Start using it too people. 🙂

FYI: I host a lot of stuffs, and own my domain and what not. Start using them, and happy to have that traffic.. --> LibreQR | 4G Search | LibreY Search | PasteBin | Hosts

To wrap this post up...

There were refreshments for everyone and the best part for me; they kept it vegetarian. 👌👌 Overall, I enjoyed being there, and I hope they liked my butting too. 😎🫡

---

---

Keeping this small so as not to bore anyone wishing to read this. Unfortunately, I will not be able to attend the Bangalore one. Guess, I can do it next year.

Install Termux & Termux Styling

Upgrade packages & install openssh and iproute2 on termux.Also, install root packages & busybox package if you need them.

pkg update -y && pkg upgrade -y
pkg install openssh -y
pkg install iproute2 -y
pkg install root-repo -y
pkg install busybox termux-services -y

If you like, you can also add the following termux repositories:

echo "deb https://grimler.se/termux-packages-24 stable main" > $PREFIX/etc/apt/sources.list
echo "deb https://grimler.se/termux-packages-24 stable main" > $PREFIX/etc/apt/sources.list.d/game.list
echo "deb https://grimler.se/termux-packages-24 stable main" > $PREFIX/etc/apt/sources.list.d/science.list

Ensure to setup the storage and stuff beforehand. See here: Setup Storage

Create SSH Private/Public Key Pair on Android - Termux

In our android device, we need to generate SSH key pair for connecting to SSH server the remote machine (example debian). So, run the following command (this will also name the file as android for easy referencing):

ssh-keygen -t ed25519 -f id_ed25519_android

This will create the public & private key files in the ~/.ssh folder (/data/data/com.termux/files/homes/.ssh)

Send SSH Public Key to Remote Machine

Run cat ~/.ssh/id_ed25519_android.pub from termux which will return the public key for your android device.

It will be something like this:

ssh-ed25519 ABCDE1AaaA1aAAA1AAA1AAAAAAAAAaaaA1AaaAaaaAaaa1aAAAAaaAAAAaAaaaAAaaAA user@host

Now copy and paste this key to your remote machine either via the chat box option in the file transfer assistant app PlainApp or copying the id_ed25519_android.pub file across to your remote machine and then copy the content to ~/.ssh/authorized_keys file ($HOME/.ssh/authorized_keys).

Now kill any running sshd service by typing in termux: pkill -9 sshd. This is to let go of any cache or broken service pipes.

Now rerun sshd and connect to your remote server using the private key as pairing for the public key, via:

ssh -i ~/.ssh/id_ed25519_android user@host -p 1234

Sources & my own racking of 5 days:

Termux Wiki | Termux Repos | Some Logic

Sample images:

• Main Screen

• SSH Connected

• Sample Commands

Anyways.. To redirect a website, say example.co.uk to say example.co.uk/file.php

RewriteEngine on RewriteCond %{HTTP_HOST} ^example\.co\.uk$
[OR] RewriteCond %{HTTP_HOST} ^www\.example\.co\.uk$
RewriteRule ^/?$ "https\:\/\/example\.co\.uk\/file.php"
[R=301,L]

To rewrite PHP files

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^([^.]+)/?$ $1.php [NC,L]
RewriteCond %{THE_REQUEST} /([^.]+)\.php [NC]
RewriteRule ^ /%1 [NC,L,R]
RewriteCond %{REQUEST_FILENAME}.php -f
RewriteRule ^ %{REQUEST_URI}.php [NC,L]

To rewrite HTML files

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^([^.]+)$ $1.html [NC,L]
RewriteEngine on
RewriteCond %{THE_REQUEST} /([^.]+)\.html [NC]
RewriteRule ^ /%1 [NC,L,R]
RewriteCond %{REQUEST_FILENAME}.html -f
RewriteRule ^ %{REQUEST_URI}.html [NC,L]

To ensure access is limited and not exposed

<Files 403.shtml>
order allow,deny
allow from all
</Files>

Even though they have their guides, it somehow never works for me (possible as I am using a master user)

I will just describe the steps here for traditional installation on either a shared hosting or on a control panel based hosting.

CD to the folder under html of the virtual host.

• wget https://github.com/RSS-Bridge/rss-bridge/archive/refs/heads/master.zip
• unzip master.zip
• mv rss-bridge-master/.* .
• rm rss-bridge-master && rm master.zip && cp config.default.ini.php config.ini.php
• optionally you can delete the "docker" files/folders
• make necessary changes where you wish. If on a shared server, do not enable all bridges
• chown -R user:user ./* ./.* && chown -R user:www-data ./cache && cd

Check if immutable attribute is currently applied or not:

lsattr /etc/resolv.conf

Result

----i---------e------- /etc/resolv.conf

Remove it:

sudo chattr -i /etc/resolv.conf

Verify:

lsattr /etc/resolv.conf

Result

--------------e------- /etc/resolv.conf

Make changes to the resolv file for DNS nameservers:

nano /etc/resolv.conf CTRL+X (save) > Y > ENTER

Apply the attribute again:

sudo chattr +i /etc/resolv.conf

Verify:

lsattr /etc/resolv.conf

Result

----i---------e------- /etc/resolv.conf

Ubuntu Forum

CHOWN

chown -R user:mail ./* ./.[!.]*

---

CHMOD

-#to remove executable permissions

chmod -R 600 /path

-# to make directories transversal

chmod -R u=rwX,g=,o= /path

Above. for the user owner i'm giving capital "X", so it does apply only to directories and not files

-# all files in the current directory, recursively, including hidden files

chmod 755 -R ./* ./.[!.]*

-#all files in the current directory, not recursively, including hidden files

chmod 755 ./* ./.[!.]*

Notes: This will not change an exception filename starting with 2 dots, as example,

./..weirdfilenamehere.txt

Also, be careful not to remove the x bit, or else all your directories will not be accessible (one needs the x bit to cd into a directory).

Remember this: never use bare * but ./* instead.

To avoid problems setting permissions on directories, use find instead.

find . -type f -exec chmodVALUE{} \;

---

ACL (Access Control Level)

-# To apply the ACL

setfacl -Rm u::rwX,g::0,o::0 /path

-# To make the applied ACL default policy so newly created files will inherit the desired permissions.

setfacl -Rm d:u::rwX,g::0,o::0 /path

Again using capital X so it applies only to directories and not files.

CHOWN - Stackoverflow Forum || CHMOD & ACL - SuperUser Forum