This is just a note since I create a lot of certificates so I don’t have to Google each time.
Generate a key:
openssl genrsa -out key.pem 2048
openssl req -new -sha256 -key key.pem -out example_com.csr
openssl req -x509 -newkey rsa:2048 -sha256 -nodes -keyout key.pem -out cert.pem -days 365
ECC and CA certificates: here
This article is simplified and slightly modified from the reference for a general purpose IKEv2 VPN proxy running on a fresh installed Ubuntu 16.04.
letsencrypt to obtain a certificate for your domain (e.g. vpn.example.com)
Note: During my configuration process, the certificates must be pointed directly from the ipsec configuration files instead of a link, or you may get a “Permission Denied” error.
2. Install strongSwan and MS-CHAPv2 plugin for username / password authentication
sudo apt install strongswan strongswan-plugin-eap-mschapv2
3. Configure ipsec
This is a basic configuration that allows username / password authentication and multiple connections for each user.
Click Here to open the demo.
A simple Python script for automated conversion.
It is possible that the mysterious
"File not found" errors will occur on complex nginx configurations, php-fpm workers only write a
"Primary script unknown" message to stderr, thus the information for debugging is limited.
Recently I found a powerful tool
strace which can trace I/O operations of any process, with this tool, we will be able to figure out the path php-fpm workers actually tried to read.
strace -p pid to attach a php-fpm worker, then start requesting on client side.