How to fix Chromium forgets cookies at reboot

Warn: this topic have hatred.

I had updated Chromium on the other day. You know... some sites didn’t want to show some very useful content like videos of raccoons when you’re using old browser. Even if your browser had updated two months ago. So I had done it. I had updated Chromium and do you know what I had gotten? Nothing bad. It had been continuing its work. But for a while. Did I already said that I like hate flarking updates? After week or two weeks I closed browser and open it again. And it required interference. No, it didn’t frozed up. And it did’t want to hug. It forgot all cookies!

As the matter of fact it is no neccessary to descend deeper than may seem for looking for decision. The solution was on surface.

I dunno why but after flarking updates Chromium decided to change my privacy settings (and may be some options more). In a specific case how browser relates to keeping cookies at reboot.

So only what you need to do it is disable option “Keep local data only until you quit your browser” in Cookies settings which you can find at

 9   5 d  

Setting up Linux firewall for make more safe web server

Server works in network with opened every ports — sounds not very safety. Let’s protect it by using netfilter firewall which delivered together with Linux. Netfilter, in turn, managed by iptables utility. So, iptables is what we need.

Warning: if you don’t have physical access to real server (working with it remotely e. g. by SSH) first you need find anybody (e. g. supportguy from hosting provider) who could restore SSH access to you or do something else if you accidentally, suddenly or not specially will block yourself.

So, iptables. I should warn you iptables doesn’t save self settings and after server restart, iptables settings will restored to default. Therefore it is possible to use iptables-persistent program which can save iptables settings when you ask about it. Let’s install it:

sudo apt install iptables-persistent

Setup program will ask you would you want to save present rules. Why not? Of course you want to save present rules because you will change it in next steps. Later on you can save your rules anytime by using next command:

sudo dpkg-reconfigure iptables-persistent

The next what you should know that netfilter will process rules in reverse order. If you block packet in some rule it won’t go to rule above last.

Every iptables command neccessary enter into the console. I added comments to every command for you know what it do.

sudo -i # Working with root privileges
iptables -L -n # Will show list of current rules in system
iptables -F # Will delete all current rules 
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP # Will block null-packets
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP # Will drop XMAS packets
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP # Will protect from Syn-flood
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT # Don't forget allow access to SSH oneself (change 22 port if your SSH working on another port)
iptables -A INPUT -i lo -j ACCEPT # Will allow access to local interface. It is neccessary for database, mail, etc.
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT # Will allow 80 port for access to sites by HTTP
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT # It will allow 443 port for access to sites by HTTPS (if you have)
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT # Allow ping our server (if you block it external services will think that our server doesn't work)
iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # It is neccessary for server updates
iptables -P OUTPUT ACCEPT # Allow output traffic from our server
iptables -P INPUT DROP # It will close left ports
iptables -L -n # Check set rules

Now you need to exit from ssh connection and relogin it again. Check it. It’s ok? Now check how work sites on 80 or 443 port. Also check disallowed ports e. g. 2525:

telnet your_server_IP 2525

Warning: if you got “Connected” it is mean something wrong.

If all is good save your rules:

sudo dpkg-reconfigure iptables-persistent
 20   13 d  

How to find IPs with highest count of requests in access.log

First command will show you IPs sorted by number and them count of requests:

cat access.log | awk '{print $1}' | sort | uniq -c

You will be able to find IP masks with highest count of requests:


Next command will show you IPs sorted by count of requests:

less access.log | cut -d' ' -f1 | sort | uniq -c | sort -bg

For example:

 21   23 d  

How to fix wrong javascript after using Tidy

Almost every time when I updating something I become mean! In newest versions of Tidy (newest – 2015, lol) I found disappoint problem that javascript codes stopped working. Because Tidy converted javascript codes in page e. g.:

    script.onload = () => resolve(script);


            script.onload = () => resolve(script);

Instead of (in early versions):

    // <![CDATA[
            script.onload = () => resolve(script);
    // ]]>

If you have the same problem then don’t worry. Most likely Tidy tidying codes to xml or xhtml format default now. I found due solution this problem -- use option “output-html”:

$code = $tidy->repairString($code, [
    'output-html' => 1,
], 'utf8');
 20   24 d  

How to fix issue when Munin doesn’t zoom/show graphs by day

For nginx:

sudo apt-get install spawn-fcgi libcgi-fast-perl libapache2-mod-fcgid
sudo spawn-fcgi -s /var/run/munin/fcgi-graph.sock -U www-data -u www-data -g www-data /usr/lib/munin/cgi/munin-cgi-graph

For Apache2:

sudo apt-get install libapache2-mod-fcgid
sudo a2enmod fcgid
sudo service apache2 restart
 26   1 mon  
 21   1 mon  

How to get list all user agents ordered by the number of times they appear from access.log

awk -F\" '{print $6}' access.log | sort | uniq -c | sort -bg

Response example:

  46547 Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36
  89768 API/1.0 (+Legacy)
 104304 Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36
 133439 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36
 149988 Mozilla/5.0 (compatible; YandexBot/3.0; +
 400785 Bad Bot
 22   1 mon  

How to block UserAgent with nginx

Open host file:

sudo mcedit /etc/nginx/sites-available/...

And put into server section condition:

if ($http_user_agent ~* (BadUserAgent) ) {
    return 404;

Where “BadUserAgent” change to what you want.

Do you want to block multiple UserAgents? Use this:

if ($http_user_agent ~* (BadUserAgentFirst|BadUserAgentSecond|BadUserAgentNext) ) {
    return 404;

At last, check nginx configuration and reload it if it’s ok:

sudo nginx -t
sudo service nginx reload
 17   1 mon  

How to set up Let’s Encrypt on Ubuntu

At first, it is necessary to add the certbot repository and to install the letsencrypt packet from one:

sudo apt install software-properties-common
sudo add-apt-repository ppa:certbot/certbot
sudo apt update
sudo apt upgrade
sudo apt install letsencrypt

It is possible to edit command which will be excecuted every time after certificates had updated. Here:

sudo mcedit /etc/letsencrypt/cli.ini

Change post-hook to that you need:

post-hook = service nginx reload

To the next, you need to register Let’s Encrypt account:

certbot register --email

Create .well-known directory in public root directory of your website. Let’s Encrypt will save temporary necessary data in directory stated above:

mkdir -p /var/www/your_web_site/public/.well-known

Check whether this catalog works:

echo '1234' > /var/www/your_web_site.localhost/public/.well-known/test.txt

Open http ://your_web_site.localhost/.well-known/test.txt in your browser, then:

rm /var/www/your_web_site.localhost/public/.well-known/test.txt

Directory .well-known has to be clean before you goint to the next step!

So, let’s try to create temporary SSL cerificate for testing.

letsencrypt certonly --dry-run -d your_web_site.localhost -d www.your_web_site.localhost

When it asks “webroot”, enter:


If check is complete well then create the really SSL certificate:

letsencrypt certonly -d your_web_site.localhost -d www.your_web_site.localhost

Check whether new SSL cerificate really works:

openssl x509 -text -in /etc/letsencrypt/live/your_web_site.localhost/cert.pem

Now, it necessary to configuring web server.

Configuring webserver


Add next lines to your host configuration section:

ssl_certificate /etc/letsencrypt/live/your_web_site.localhost/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/your_web_site.localhost/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/your_web_site.localhost/chain.pem;
ssl_ciphers EECDH:+AES256:-3DES:RSA+AES:RSA+3DES:!NULL:!RC4;

For fix OCSP stapling use next command:

tee /etc/nginx/conf.d/ssl_stapling.conf <<EOF
ssl_stapling on;
ssl_stapling_verify on;

BUT If you don’t have a local DNS cache server then use this:

nameserver=$(grep nameserver /etc/resolv.conf | head -1 | cut -f2 -d" ")
sed -i s/$nameserver/ /etc/nginx/conf.d/ssl_stapling.conf
grep resolver /etc/nginx/conf.d/ssl_stapling.conf


Example of host:

# Notice port of SSL host
<VirtualHost *:443>

    # <!-- SSL certificate
    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/your_web_site.localhost/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/your_web_site.localhost/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/your_web_site.localhost/chain.pem
    # -->

    ServerAdmin admin@localhost
    ServerName your_web_site.localhost
    DocumentRoot /var/www/your_web_site.localhost/
    <Directory /var/www/your_web_site.localhost/>
        Options Indexes FollowSymLinks
        php_admin_value open_basedir /var/www/your_web_site.localhost/
        AllowOverride All
        Require all granted
    ErrorLog /var/www/logs/your_web_site.localhost-error.log
    LogLevel warn
    CustomLog /var/www/logs/your_web_site.localhost-access.log combined
 54   1 mon  
Earlier Ctrl + ↓