Generate Certificates

This is just a note since I create a lot of certificates so I don’t have to Google each time.

Generate a key:


Self-signed certificate:

ECC and CA certificates: here

Setup IKEv2 service on Ubuntu 16.04


This article is simplified and slightly modified from the reference for a general purpose IKEv2 VPN proxy running on a fresh installed Ubuntu 16.04.

1. Use letsencrypt to obtain a certificate for your domain (e.g.
Note: During my configuration process, the certificates must be pointed directly from the ipsec configuration files instead of a link, or you may get a “Permission Denied” error.

2. Install strongSwan and MS-CHAPv2 plugin for username / password authentication

3. Configure ipsec

Sample /etc/ipsec.conf configuration:
This is a basic configuration that allows username / password authentication and multiple connections for each user.

Continue reading

WoSign and StartCom Distrusted

WoSign and StartCom CA will get distrusted soon.
I switched to GeoTrust and Comodo.

Google Security Blog:

Mozilla’s Announcement:

Update from Apple:

A list of WoSign issues from Mozilla:

Continue reading

Another way to debug “File not found” error on LNMP

It is possible that the mysterious "File not found" errors will occur on complex nginx configurations, php-fpm workers only write a "Primary script unknown" message to stderr, thus the information for debugging is limited.

Recently I found a powerful tool strace which can trace I/O operations of any process, with this tool, we will be able to figure out the path php-fpm workers actually tried to read.

Simply use strace -p pid to attach a php-fpm worker, then start requesting on client side.