NGINX - To allow a specific User-Agent from one IP address only

Step 1: Define the Map BlocksAdd this configuration inside the http {} block of your /etc/nginx/nginx.conf file. This logic evaluates the incoming User-Agent and IP address to flag unauthorized requests


http {
    # ... your existing http config ...

    # 1. Check if the User-Agent matches the restricted one
    map $http_user_agent $is_restricted_ua {
        default         0;
        "~*YourCustomUserAgent" 1; # Replace with your target User-Agent (regex matching)
    }

    # 2. Check if the client IP is NOT the authorized one
    map $remote_addr $is_unauthorized_ip {
        default        1;
        "192.168.1.50" 0; # Replace with your ONLY allowed IP address
    }

    # 3. Combine both conditions: Flag if it's the target UA AND an unauthorized IP
    map "$is_restricted_ua$is_unauthorized_ip" $block_request {
        default   0;
        "11"      1; # 1 (Restricted UA) + 1 (Unauthorized IP) = Block
    }
}



Step 2: Apply the Block RuleOpen your website's specific server configuration file (e.g., inside /etc/nginx/sites-available/) and use the combined variable to reject requests with a 403 Forbidden error.

server {
    listen 80;
    server_name yourdomain.com;

    # Place this rule globally inside the server block or inside a specific location block
    if ($block_request) {
        return 403;
    }

    location / {
        # ... your standard site configuration ...
    }
}

TLS/SSL certificate CSR

 
# CSR
openssl req -new -newkey rsa:4096 -keyout domain.key -out domain.csr


# Remove key password
openssl rsa -in encrypted.key -out decrypted.key


chain = crt + intermediary

Certificate - PEM to PKCS12

 

Convert Lets encrypt PEM to tomcat PKCS12 

openssl pkcs12 -export \ -in fullchain.pem \ -inkey privkey.pem \ -out server.p12 \ -name my-domain-alias 

Add nginx repository Ubuntu

 Add nginx repository Ubuntu

# 1. Download the NGINX signing key
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null


# 2. Add the NGINX Repository
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://nginx.org/packages/mainline/ubuntu `lsb_release -cs` nginx" | sudo tee /etc/apt/sources.list.d/nginx.list


echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900" | sudo tee /etc/apt/preferences.d/99nginx

 

Reiniciar VCenter

 

Opção 1: Pela Interface VAMI (Recomendado)

1. Acesse o portal de gerenciamento pelo endereço: https://<IP_DO_VCENTER_OU_FQDN>:5480.
2. Efetue login com as credenciais de root.
3. No menu de navegação, clique em Actions (Ações).
4. Selecione Reboot (Reiniciar). [1, 2]

Opção 2: Pelo Host ESXi

1. Acesse o VMware Host Client diretamente no host ESXi onde o vCenter está alocado.
2. Localize a máquina virtual do vCenter na lista e clique com o botão direito nela.
3. Vá em Power e selecione Reboot Guest OS.

 

Ou por SSH e comando reboot 

Export/import windows server DNS zones

You can use Export-DnsServerZone and Import-DnsServerZone. 

1. Export: Export-DnsServerZone -Name "test.com" -Filename "test.com.dns"
2. Import: Import-DnsServerZone -Name "test.com" -Filename "test.com.dns"

The file "test.com.dns" will be created in "C:\windows\system32\dns" folder

Only export dns records:

Get-DnsServerResourceRecord -ZoneName "test.com" | Export-Csv -Path "C:\temp\dns.csv" 

Command ip examples

 
# Forcefully close a connection to a specific destination
sudo ss -K dst 192.168.1.100

# view routes
ip r
ip route

# To reject a route (block traffic to an IP)
ip route add unreachable 74.1.1.0/24
ip route del unreachable 74.1.1.0/24

  
# add route 
sudo ip route add {NETWORK/MASK} via {GATEWAYIP}
sudo ip route add {NETWORK/MASK} dev {DEVICE}
sudo ip route add default {NETWORK/MASK} dev {DEVICE}
sudo ip route add default {NETWORK/MASK} via {GATEWAYIP}

# Here is another example where I am setting up route for my VPN gateway:
ip link set dev tun0 up mtu 1500
ip addr add dev tun0 10.8.0.2/24 broadcast 10.8.0.255
ip route add 139.59.2.125/32 via 192.168.2.254
ip route add 0.0.0.0/1 via 10.8.0.1
ip route add 128.0.0.0/1 via 10.8.0.1


Edit config file such as /etc/sysconfig/network-scripts/route-eth0 on a CentOS/RHEL/Fedora Linux for interface eth0 using a text editor such as nano command or vim command:
vim /etc/sysconfig/network-scripts/route-eth0

Append the following text:
172.10.1.0/24 via 10.0.0.100 dev eth0

Save and exit (close) the file in a vim text editor. Finally, restart your network service on a CentOS/RHEL/Fedora Linux so they take effect:
systemctl restart network.service



A note about ip command and persistence static routing on a Debian/Ubuntu

Edit your /etc/network/interfaces file for say eth0:
vi /etc/network/interfaces

Update it as follows:

auto eth0
iface eth0 inet static
address 192.168.1.2
netmask 255.255.255.0
gateway 192.168.1.254
## static ip config START ##
up /sbin/ip route add 172.10.1.0/24 via 10.8.0.1 dev eth0
down /sbin/ip route delete 172.10.1.0/24 via 10.8.0.1 dev eth0
## static ip config END ##

## How to find the route used for an destination IP

The syntax is as follows:
ip route get to {IPv4_address_here}
ip route get to {IPv6_address_here}
ip route get to 172.66.43.74

Outputs indicating that 172.66.43.74 can be reached via the wg0 interface with 192.168.13.4 as source IP:

172.66.43.74 dev wg0 table 51832 src 192.168.13.4 uid 1000 
    cache