NGINX Log Rotation (MS Windows)

enter image description here

By Default NGINX logs all IPs going through the reverse proxy. The log will keep growing in size.

To ease of maintainance and troubleshooting, it is advisable to get NGINX to create a new access.log everyday.

If NGINX is running on Windows this can be accomplished using a BAT file.

Create a new BAT file with the following

@echo off
SET DATE=%date%
SET DAY=%DATE:~0,2%
SET MONTH=%DATE:~3,2%
SET YEAR=%DATE:~6,4%
SET DATE_FRM=%YEAR%-%MONTH%-%DAY%


ECHO %DATE_FRM%

REM ECHO %YEAR%
REM ECHO %MONTH%
REM ECHO %DAY% 

move C:\nginx\logs\Access.log C:\nginx\logs\Old_Logs\Access_%DATE_FRM%.log
move C:\nginx\logs\Error.log C:\nginx\logs\Old_Logs\Error_%DATE_FRM%.log
call C:\nginx\nginx -p C:\nginx -s reopen

Change the Path to the path of your NGINX Log folder. Also create a new folder in the 'Logs' folder called 'Old_Logs'

Save the BAT file.

We now need to create a Scheduled Task to run this BAT file once a Day.

Create a Basic Task

enter image description here

Daily Task or Weekly depending on how often you want to create a new log.

Choose a Time for it to change logs, i chose 00:00:01 so it would create a new log after midnight.

Next select the location of the BAT file and click next until your seen the screen below.

enter image description here

Make sure to put a tick in the 'Open the properties dialog....' box and click finish.

For The Task to restart NGINX the same user has to run the Task Scheduler and the Service.

Select the correct user in 'Change User or Group' and tick the 'Run with highest privileges' box and click 'ok'.

Next run 'services.msc'

Find your NGINX Service and right click on it 'properties'.

On the 'log on' tab change it from 'Local System Account' to 'This Account' and enter the same username as you did for the Task Scheduler.

Finally click Apply and Ok. And that's it. The task will run, move the access.log to the new folder and rename it with the date. NGINX will then create a new access.log file and repeat.

Win10 Pro to Win10 Ent Upgrade

enter image description here Upgrading from a Pro version of Windows to Enterprise has never been easier than it is with Windows 10.

Recently our licencing changed and we had to move from Pro to Ent.

  1. Type 'changepk.exe' into run
  2. Run as Administrator
  3. Enter the Enterprise Licence Key

enter image description here 4. Done!

Yes its as simple as that, not formatting, uninstalling or driver changes.

Mailgun & Cloudflare

enter image description here enter image description here

You own a domain name and you use Cloudflare to proxy your websites, services or something else and now you want to have an email address with your new shiny domain name. Cloudflare doesnt support mail forwarding, some registrars have their own forwarding system but if you use Cloudflare then we need to look at Mailgun.

  1. Sign up for a free account at Mailgun.
  2. Add your domainname to Mailgun enter image description here
  3. Once added you need to verify you own the domain and setup the relevent records. Head over to Cloudflare and create the records, they will look similar to the below image. enter image description here This is what you will end up with. (Make sure the email CNAME status is the grey cloud!) enter image description here
  4. Head back to Mailgun. You will need to give the Records we created above some time to propogated across the internet. You can check this by clicking 'Check DNS Records Now' enter image description here
  5. Creating Routes. In Mailgun we need to specify routes or email addresses. This will define the recipient email and the action to take.

enter image description here

You can create a number of routes or you can create a 'catch all' or both. Priority is like rules, It will match the lowest priority first (lowest number), so if you set a 'catch all' rule set a high number priority e.g. 100. That way it will attempt to match everything else first.

  1. Finally in Mailgun we also need to validated our personal email address, hotmail, gmail or whatever. Head into Account Settings and then Authorised Recipients. Add your email address which will send a link to your email which you need to validate.

enter image description here

Once the DNS settings have been updated and you have validated your email you should now be able to receive any emails sent to *@mymedia.cf which will appear in your hotmail or gmail account.

Disable Wifi on Sonos Devices

enter image description here

Disabling the WiFi Link on a Sonos Music Player

SonosNet

All Sonos players attempt to establish a peer-to-peer wireless mesh network known as SonosNet as soon as they are powered up. While this is convenient, there are several situations in which turning off this WiFi connection makes sense:

You own a single player that you connected directly to your home router with an Ethernet cable. You don't need the built-in SonosNet, so why not deactivate it to reduce power consumption and electromagnetic radiations.

SonosNet relies on the spanning tree protocol (aka STP) to function properly, so if your other network equipment doesn't support this functionality your entire network will be overloaded by broadcast storms and frequently crash.

Instead of upgrading your network it is much easier and cheaper to eliminate the source of the problem. You're worried about WiFi-Jacking. Why leave a backdoor in your network that can't be strongly secured? It is possible to switch on or off the wireless adapter of each Sonos player individually. Here's how in 3 simple steps.

Step 1: Finding the IP address of the device

From the Sonos controller, click on the "about my sonos system" menu. You should see something like this:

PLAY:5: Bedroom
Serial Number: 00-0E-58-2D-B0-C3:3 
Version: 4.2 (build 24071060) 
Hardware Version: 1.16.4.1-1 
IP Address: 192.168.1.27 
OTP: 1.1.1(1-16-4-zp5s-0.5)

In the example above, the address is 192.168.1.27. We'll refer to it as in the rest of this article.

Step 2: Checking the status of the Wifi link

Sonos provides a little known on the port 1400 of their players that you can access from any web browser at the following URL:

http://<sonos_ip>:1400/status/ifconfig

You should see something like this:

enter image description here

The entrie labeled 'eth0' and 'eth1' correspond to the 2 wired ports. The 'lo' and 'br0' interfaces are virtual networking devices used internally by the Linux kernel. The entry we're interested in is labeled 'ath0', which stands for Atheros device 0. Atheros is the manufacturer of the embedded WiFi chip.

Step 3: Disabling the link

To disable the WiFi link start by issuing the following HTTP request:

http://<sonos_ip>:1400/wifictrl?wifi=off

You should get the following answer:

wifictrl request succeeded HTTP 200 OK

You can also check that the link has indeed been disabled by going back to the status page. The 'ath0' entry should not be present anymore. The setting is not persistent, so if you happen to be unable to connect to your player after disabling the WiFi you can undo the change by power cycling the player.

If you want to disable the WiFi link for good, simply issue the following http request:

http://<sonos_ip>:1400/wifictrl?wifi=persist-off

The change will now be preserved even after an upgrade. If you ever need to connect the player wirelessly in the future you can turn the WiFi back on as follow:

http://<sonos_ip>:1400/wifictrl?wifi=on

Impact on power consumption

I measured the power consumption of several players with a wattmeter which is accurate to +/- 0.5 watt. Turning off the WiFi link reduces the power consumption of the players by about 2 Watts. Here are the results measured when the players are idle:

Play:5 -       
Wifi On = 6.5W      
Wifi Off = 4.5W

Connect -  
Wifi On = 4W            
Wifi Off = 2W

ZeroSSL - Windows Tool

enter image description here I have posted previously regarding gaining a SSL certificate for your own domain name. Previous post here.

This post will demonstrate gaining a cert using a Windows Tool. The tool is available from ZeroSSL here.

ZeroSSL Tool

Download the file which represents your file system x32 or x64. Unzip the file and you should see a single file called le64.exe

enter image description here

NGINX Config & File Structure

To get the tool to automatically fetch certificates we need to amend the NGINX config slighty.

We need to add the following line to each server block

   location ^~ /.well-known/acme-challenge/ {
}

Here is my emby block with the line above

##EMBY Server##

    server {
    listen [::]:443 ssl http2;
    listen 443 ssl http2;
    server_name emby.mydomain.com; 

    include ssl.conf;

     location / {
        proxy_pass http://127.0.0.1:8096;  

        proxy_set_header Range $http_range;
        proxy_set_header If-Range $http_if_range;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_buffering off;
        }
        location ^~ /.well-known/acme-challenge/ {
}
}

The extra line allows the ACME challenge to verify you own the domain that you are trying to get a certificate for. The line above needs to be added to each Server Block for it to work.

Save the config and restart NGINX

LE64.exe

Next we need to use a command line to start le64.exe with our custom arguments.

In your command prompt change the directory to where you extracted the LE64.exe to

CD C:\le64\

Now run the following command

le64.exe --key account.key --email "[email protected]" --csr domain.csr --csr-key domain.key --crt domain.crt --domains "mydomain.com,emby.mydomain.com,www.mydomain.com,plex.mydomain.com" --generate-missing --unlink --path E:\NGINX\html\.well-known\acme-challenge

There's a few options you need to change

  • --email "[email protected]" - to your email address keeping the ""
  • --domains "mydomain.com,emby.mydomain.com" (list all your domains you want the cert to cover - i think max is 50~)
  • --path E:\NGINX\html.well-known\acme-challenge (change E:\NGINX to your NGINX locaiton, keeping the html.well-known....

when you hit enter it will test your setup for the correct files and config, it basically gets a fake certificate. if this completes with no errors you now need to add the argument --live to the end of the script above, like so

le64.exe --key account.key --email "[email protected]" --csr domain.csr --csr-key domain.key --crt domain.crt --domains "mydomain.com,emby.mydomain.com,www.mydomain.com,plex.mydomain.com" --generate-missing --unlink --path E:\NGINX\html\.well-known\acme-challenge --live

hit enter and it should go off an fetch your real domain.csr account.key and domain.crt and domain.key. these will be downloaded into the le64 folder. Keep the csr and account.key safe, you will need these for renewal.

Now you have all this setup you can re-run the above le64.exe script come renew and its all done.

Shared Printers for All Users

Windows

You've probably stumbled across this page if like me you were trying to find a way to install a shared printer to all users on a Windows machine.

By default a shared printer only gets installed to a users profile, when the next user comes along the printer needs to be reinstalled.

Normally you can install the printer using a local port or TCP-IP port which would then work for all users. However if you use a printer server or just shared it from another machine then you need to know the hack below which will install it for all users.

Step 1 - Printer Server/Shared Machine

  • Install the printer as you normally would on your print server. Either using a local port (USB) or TCP/IP (Network) and drivers.
  • Make any changes to the printer, trays, adding x86 and x64 drivers, set security permissions.
  • Share the printer

Step 2 - On the remote machine

Open up CMD and run as administrator

Copy the below into the CMD window, changing \\servername\printer to your details.

rundll32 printui.dll,PrintUIEntry /ga /n\\servername\printer

The tags mean

  • /ga - global (add to all users)
  • /n - network path
  • for more options use /?

You can also copy it into a .bat file to make it easier to install on multiple machines.

Give it a few minutes to install, once completed it will have installed the printer and kept all the Custom preferences set on the Server.