How to fix a WordPress HTTPS redirect loop with an NGINX reverse proxy

If your WordPress site is set up to use HTTPS and a reverse proxy, such as an NGINX reverse proxy, is put in front of it you may wind up with an infinite redirect loop.

Following the redirect in dev tools, it looks like this is happening:
https://example.com -> https://example.com

A head scratcher for sure, but understanding what is going on behind the scenes reveals the issue and the solution together.

Here is what is actually happening:

  • Request is made to https://example.com
  • The reverse proxy catches the request and makes it’s own request to http://example.com. Take special note that the schema changed to http.
  • The WordPress site sees a request for http://example.com and says, “Hey, that’s not right, I am at https://example.com” and tells the browser to go there
  • Repeat indefinitely

You could change the site to support http to the exclusion of https, however that is hacky and anything wanting https will still work itself into an infinite redirect.

An easier solution is to trick WordPress into thinking the request is https enabled.

WordPress looks at a server variable when determining the status of https. Open your wp-config.php file and add the following just after the <?php tag:

if ( $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https' ) {
    $_SERVER['HTTPS'] = 'on';
    $_SERVER['SERVER_PORT'] = 443;
}

And now your site will work as originally anticipated.

Dastardly isn’t it 😉

Invalid JSON response nginx docker

I’ve recently gotten pihole setup in a docker and use nginx to access it via “dockerhostip/pihole” and all is /was working well.

Today I decided to start playing with internal domain names for my lan so I added one to reference the docker host via the “Local DNS records” section. After testing that worked I went back to the admin page to add some more local domains, however I have discovered when ever I go to the “Local DNS records” page while accessing via domain name I get:

DataTables warning: table id=customDNSTable - Invalid JSON response. For more information about this error, please see http://datatables.net/tn/1

but if I revert back to accessing via IP it works fine.

The reason for this behaviour is because The web interface is only available when accessed by the hostname, pi.hole, or the IP address set in /etc/pihole/setupVars.conf.

You can set your hostname to pihole.home if you’d like.

You could also add it as another valid domain by following these instructions:

Add this to /etc/lighttpd/external.conf (or create it if it doesn’t exist):

setenv.add-environment = ( "VIRTUAL_HOST" => "pihole.home" )

Then restart lighttpd: sudo service lighttpd restart

Automatically purge orphaned objects in Docker

Sometimes your Docker host will fill up with orphaned volumes, containers, images and netowrks.  You can use this image to automatically trim your orphaned volumes every 24 hours:

sudo docker run -d \
--name=docker-prune \
-v /var/run/docker.sock:/var/run/docker.sock \
-e INTERVAL=86400 \
-e "OBJECTS=container volume image network" \
-e "OPTIONS=--filter until=24h" \
docker.io/xjokay/prune:latest

Pulled from Docker Prune

Raspberry Pi as Dashboard Controller

Raspberry Pi is a useful embedded computer that can be used for many things including powering informational dashboards.  There are several ways to achieve this with varying complexity however In this tutorial, we will show how to utilise a Raspberry Pi as a Dashboard Controller in a simple straight forward manner.  We are using a Pi 4 revision B however the below has been tested on Pi 3b revisions.

The Pi needs to be configured properly in order to satisfy the following needs:

  • The screen should be fully filled with the view
  • After booting, the predefined screen should be loaded automatically
  • The screen should not sleep after some period of time
  • The mouse cursor should not be visible in the screen
  • Menus and the taskbar should not be visible
  • After an unclean reboot (i.e. after power outage), there should be no browser warning about the unclean shutdown
  • It should be possible to connect to the device remotely to reload or change the view

What you need

  • RaspberryPi
  • 8GB microSD card (preferably with microSD -> SD adapter)
  • (preferably) RaspberryPi case
  • DC charger with 5V output of 2 Amperes and with USB C jack (very common nowadays, as it is used for charging smartphones and tablets).
  • USB keyboard for configuration. A mouse is not necessary

Step 1 – Update your Raspberry Pi

Once you have setup the Raspberry Pi  and are presented with a desktop screen we need to update the device  The following commands are to be run in a Terminal:

sudo apt-get update && sudo apt-get upgrade -y && sudo reboot

Its also a good idea to update the firmware on your Pi:

sudo rpi-update

Once the firmware is updated reboot the device for the next step.

Step 2 – Disable screen timeout

To prevent the screen going blank you need to disable screen timeout.  In the latest versions of RaspbianOS, this is now an option that can be set in the GUI.

Click Start>Preferences>Raspberry Pi Configuration and select the Display tab:

From here, disable Screen Blanking and click ok.  now reboot your Pi again.

Step 3 – Install Unclutter

Unclutter is a tool to disable the mouse being viable when there is no input.  Simply install with the following command in Terminal:

sudo apt-get install unclutter

Step 4 – Create Autostart for Chromium Browser with LXDE

Create two files in /home/pi/.config/lxsession/LXDE-pi – autostart and desktop.conf this can either be by using nano or creating via a ssh tool like WinSCP.

Add the below to autostart and save the file.  You can place the URL of your dashboard after the –incognito flag:

@lxpanel --profile LXDE-pi
@pcmanfm --desktop --profile LXDE-pi
# @xscreensaver -no-splash
@point-rpi

@xset s off
@xset -dpms
@xset s noblank
@unclutter

@chromium-browser --noerrdialogs --kiosk --disable-infobars --incognito http://URL-GOES-HERE

Add the contents of desktop.conf and save the file:

[Session]
window_manager=openbox-lxde-pi
disable_autostart=no
polkit/command=lxpolkit
clipboard/command=lxclipboard
xsettings_manager/command=build-in
proxy_manager/command=build-in
keyring/command=ssh-agent
quit_manager/command=lxsession-logout
quit_manager/image=/usr/share/lxde/images/logout-banner.png
quit_manager/layout=top
lock_manager/command=lxlock
terminal_manager/command=lxterminal
launcher_manager/command=lxpanelctl

[GTK]
sNet/ThemeName=PiX
sNet/IconThemeName=PiX
sGtk/FontName=Roboto Light 12
iGtk/ToolbarStyle=3
iGtk/ButtonImages=0
iGtk/MenuImages=0
iGtk/CursorThemeSize=18
iXft/Antialias=1
iGtk/AutoMnemonics=1
iGtk/EnableMnemonics=1
sGtk/ColorScheme=selected_bg_color:#4d4d9898f5f5nselected_fg_color:#ffffffffffffnbar_bg_color:#ededececebebnbar_fg_color:#000000000000n
sGtk/CursorThemeName=PiX
iGtk/ToolbarIconSize=1
iNet/EnableEventSounds=1
iNet/EnableInputFeedbackSounds=1
iXft/Hinting=1
sXft/HintStyle=hintfull
sXft/RGBA=rgb

[Mouse]
AccFactor=20
AccThreshold=10
LeftHanded=0

[Keyboard]
Delay=500
Interval=30
Beep=1

[State]
guess_default=true

[Dbus]
lxde=true

[Environment]
menu_prefix=lxde-pi-

Reboot the Pi and after a few moments the display should now show the URL dashboard you enetered in autostart.

To rotate more than one dashboard page

The easiest way to achieve this is by installing Revolver – Tabs from the chrome webstore. this can be done by closing down the dashboard instance of Chromium by pressing CFRL-F4 then opening the Chromium Browser from START>Internet>Chromium Browser and clicking the link above.

You’ll need to change settigns within Revolver Tabs, notably rotation time in seconds, auto start and optionally reload.  If you have Reload enabled, you can prevent tabs reloading by specifying their URL’s.  Remember to click save.

As we loaded Chromium in Incognito, you need to enable Revolver Tabs for incognito mode is Google chromium extensions settings.

Once setup second and subsequent URLs you have entered in autostart will automatically rotate.  subsequent URLs can be added with a space in between them:

@chromium-browser --noerrdialogs --kiosk --disable-infobars --incognito http://URL-1 http://URL-2 http://url-3

 

 

 

 

 

 

 

 

 

Official Windows 7 SP1 ISO Image Downloads

These are now available for those who currently have Microsoft Windows 7 with Genuine Activation Keys. These are the legitimate downloads, full ISO image to burn to a good quality blank DVD using any good image burning program such as ImgBurn or the like.

These ISO image download have Service Pack 1 integrated into the installation setup, so therefore there is no need to separately install SP1 after the initial install of Windows 7.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Windows 7 SP1 ISO Download Links Including English and Foreign Language Versions:

 

These are very high speed downloads which should take anywhere from 30 minutes to about 50 minutes, if you have a high-speed broadband connection.

My download took approximately 18 minutes from start to finish. Both IE9 and Firefox have their own download managers you may use to accomplish the download.

Thеѕе аrе NOT illegal – Thеѕе аrе јυѕt thе download links fοr Windows 7 SP1 ISO whісh іѕ a retail wrap thаt offers a 30-day trial period. Yου need tο activate уουr Windows afterwards wіth a genuine license activation key tο continue using іt. Downloading thеѕе files frοm Digital River іѕ absolutely legal аnԁ completely free οf charge.

Link Aggregation on Cisco Switch

First, you need to access the console of your Cisco Switch.

In our example, we are going to use an Opensource software named Putty and a computer running Windows.

The Putty software is available on the putty.org website.

After finishing the download, run the software and wait for the following screen.

To access the console of a Cisco Switch model 2960 or 3750, you will need to select the Serial Connection category and use the following options:

• Connection type: Serial
• Serial line: COM1
• Speed: 9600

If COM1 does not work you will need to try to use COM2, COM3, COM4 or the next.

Using either the console, telnet or ssh, connect to the command-line of your switch and log in with a user who has administrative privileges.

On the prompt screen, enter the administrative login information.

After a successful login, the console command-line will be displayed.

Switch>

Use the enable command to enter the privilege mode.

Switch> enable

Use the configure terminal command to enter the configuration mode.

Switch# configure terminal

Create a new vlan, select an identification number and add a brief description.

Switch(config)# vlan 100
Switch(config-vlan)# name Voip Network
Switch(config)# vlan 200
Switch(config-vlan)# name Data Network
Switch(config-vlan)# exit

On the configuration mode, you need to clear all the configuration from the switch port.

Switch(config)# default interface gigabitEthernet 0/21
Switch(config-if)# default interface gigabitEthernet 0/22

On the configuration mode, add the switch ports to a link aggregation group.

Switch(config)# interface gigabitethernet0/21
Switch(config-if)# channel-group 1 mode active
Switch(config)# interface gigabitethernet0/22
Switch(config-if)# channel-group 1 mode active
Switch(config-if)# exit

In our example, the switch ports 21 and 22 were configured as members of the link aggregation group 1.

To configure the link aggregation ports as a Vlan member, you need to use the following commands.

Switch(config)# interface Port-channel 1
Switch(config)# switchport mode access
Switch(config-if)# switchport access vlan 200
Switch(config-if)# exit
Switch(config)# exit

In our example, the Switch port group 1 was configured as a member of VLAN 200.

To configure the link aggregation ports as a Trunk, you need to use the following commands.

Switch(config)# interface Port-channel 1
Switch(config)# switchport mode trunk
Switch(config-if)# switchport trunk native vlan 1
Switch(config-if)# switchport trunk allowed vlan add 1,100,200
Switch(config-if)# exit

In our example, the Switch port group 1 was configured as a trunk.

The trunk configuration allows the communications of Vlans 1, 100 and 200.

Don’t forget to save your switch configuration.

Switch# copy running-config startup-config

You have successfully configured a link aggregation on a Cisco switch 🙂

WinSCP as Sudo Root

To allow for a WinSCP session to operate as sudo the following string can be added.  Thai ia most useful when attempting to change the content of config files that are owned by the root account.

sudo su -c /usr/lib/sftp-server

Found on the advanced settings page for your site:

 

 

Restart Veeam Services

If the occasion arises that requires a restart of your Veeam backup server, you can try restarting the Veeam services to avoid restarting the host server.

Open Powershell as Admin and use the following commands:

Get-process | where {($_.Name -like “Veeam*”)} | stop-process -Force
Get-Service | where {($_.Name -like “Veeam*”)-and ($_.Status -eq “Running”)} | Stop-service -Force
Get-Service | where {($_.Name -like “Veeam*”)-and ($_.Status -eq “Stopped”)} | Start-service

 

 

 

 

 

Veeam Rename HyperVisor host

If you have renamed HyperV Hostname and Veeam cannot connect to enumerate the VMs running, use this script to change the hostname of the HyperVisor:

Asnp VeeamPSSnapin
$server = Get-VBRServer | ?{$_.name -eq "IpOfVC"}
$server.SetName("NewIP")

This will rename the host from the existing in Veeam to the new one you have set.  No reboot required.

 

 

 

Raspberry Pi Disable Bluetooth

The steps below shows how to disable on-board Bluetooth and related services. Those steps also disable loading the related kernel modules such as bluetooth, hci_uart, btbcm, etc at boot.

1 Open /boot/config.txt file.

sudo nano /boot/config.txt

2 Add below, save and close the file.

# Disable Bluetooth
dtoverlay=pi3-disable-bt

3 Disable related services.

sudo systemctl disable hciuart.service
sudo systemctl disable bluealsa.service
sudo systemctl disable bluetooth.service

4 Reboot to apply the changes

sudo reboot

Even after disabling on-board Bluetooth and related services, Bluetooth will be available when a Bluetooth adapter (e.g. Plugable Bluetooth Adapter) is plugged in.

Disable Bluetooth completely

If Bluetooth is not required at all, uninstall Bluetooth stack. It makes Bluetooth unavailable even if external Bluetooth adapter is plugged in.

1 Uninstall BlueZ and related packages:

sudo apt-get purge bluez -y
sudo apt-get autoremove -y

Uninstalling Bluetooth stack also disabling related services, and loading related kernel modules.