Posts

Nginx with Naked Domains

This right I'm going naked on everything! Non-www and everything lowercase. Just to simplify my urls. If you couldn't write it out naturally or if it takes too long then I avoid making it a path. Special cases like unique guid url parameters being the exception. For the sites that have a ton parameters this its understandable but for the domains this rule really should be applied. In some cases might say the path is up to the application however if the framework doesn't handle this is a fall back. https://superuser.com/questions/432674/nginx-remove-www-from-https https://www.digitalocean.com/community/tutorials/how-to-redirect-www-to-non-www-with-nginx-on-ubuntu-14-04 http://nginx.org/en/docs/http/server_names.html

Orchard 1.10.1 - Seo & Social Module

Most of the work I do for orchard is open source, this is because nothing other than content is property of my employer. Even if open source makes some employers uncomfortable a lot of my work is about success of a given project or the development process flow. In other words is everyone able to achieve what with the development or features created within a given project. That's just my take on things, I'm sure someone will disagree, putting security in a much higher priority. Which I think is a big part of my reason for being open source on the things I could improve unpon. Notes: https://stackoverflow.com/questions/11149157/orchard-getting-the-contents-title-from-the-theme-layout https://stackoverflow.com/questions/11688626/orchard-theme-placement-not-overriding-module-placement https://stackoverflow.com/questions/13000711/add-individual-page-titles-to-html-document-head-in-orchard-cms https://stackoverflow.com/questions/17737509/orchard-cms-custom-theme-every-page-d

Content Security Policy & Best Practices

Image
This article is mostly on configuration with nginx and maybe a little on IIS. Notes: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors https://csp-evaluator.withgoogle.com https://securityheaders.io/

Nginx Best Practices Extended

Based on a gisthub configuration, which I thought was worth going through piece by piece. https://gist.github.com/plentz/6737338 https://github.com/BIAndrews/nginx-compliance-config HTTP2  https://www.digitalocean.com/community/tutorials/how-to-set-up-nginx-with-http-2-support-on-ubuntu-16-04 https://developers.google.com/web/tools/lighthouse/audits/http2 https://docs.microsoft.com/en-us/iis/get-started/whats-new-in-iis-10/http2-on-iis Avoid If https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/ SSL Configuration https://mozilla.github.io/server-side-tls/ssl-config-generator/ https://stackoverflow.com/questions/24594971/how-to-changehide-the-nginx-server-signature  Strict Transport Security (HSTS) https://hstspreload.org/ https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/ https://en.wikipedia.org/wiki/DNS_Certification_Authority_Authorization https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility

Bootstrap Cheatsheet

There are many things I wouldn't call myself a master of but bootstrap is one of them. I never seem to have difficultly with css but do forget a few things cause they aren't really all that important ! Haha css joke... https://stackoverflow.com/questions/11425115/css-media-queries-for-pixel-density-moz-min-device-pixel-ratio-vs-min-moz-de https://stackoverflow.com/questions/23700941/bootstrap-full-responsive-navbar-with-logo-or-brand-name-text https://stackoverflow.com/questions/8805208/css-min-width-and-max-width-and-flexible-layout Positions Learn CSS Positioning in Ten Steps: position static relative absolute float CSS z-index property CSS Positioning Free responsive html5 CSS website templates, create your own free website How to Center Anything with CSS 50+ Nice Clean CSS Tab-Based Navigation Scripts Table centering using CSS or HTML: theodorakis.net HTML5 Simplequiz 6: Zeldman’s fat footer | HTML5 Doctor CSSTidy https://css-tricks.com/multi

CSharp Cheatsheet

Owin & Katana An Overview of Project Katana | Microsoft Docs Understanding OWIN and Katana - CodeProject Data Access ASP.NET Data Access - Recommended Resources | Microsoft Docs async and parallel programming with .NET 4+ (TPL) String Modifying http://stackoverflow.com/questions/444798/case-insensitive-containsstring Entity Framework c# - Dynamic filtering and sorting with Entity Framework entity framework - Code-first vs Model/Database-first Entity Framework Code-Based Configuration (EF6 onwards) Performance Improving http://stackoverflow.com/questions/30816496/why-do-local-variables-require-initialization-but-fields-do-not c# - Will using 'var' affect performance? http://blog.slaks.net/2015-01-12/linq-count-considered-occasionally-harmful Miscellaneous: (will clean up later) https://msdn.microsoft.com/en-us/library/bb964711.aspx?f=255&MSPPError=-2147217396 concepts https://stackoverflow.com/questions/2220134/displaying-a-pdf-file-from-winf

Linux: Set Default Permissions with Directives

I would normally put this in an update for one of my cheatsheets, and will probably put a link to it for linux for this article. However I don't see a lot of people talk about this often and use these commands normally when I'm setting up a folder for a web application. I'll normally work in the /var/www folder but I attached the Gitlab CI to this but nginx needs read access. sudo setfacl -d -m g::rwx EXAMPLE sudo getfacl EXAMPLE Note:  https://linux.die.net/man/1/setfacl