Author: Condless

Categories
Linux

Proxmox

And the Japanese Car.

Proxmox Virtual Environment (PVE) is an open source server virtualization environment based on Debian. It allows VMs and LXCs, software-defined storage and networking, and high-availability clustering.

To backup the configuration of the server itslef use the command:

tar -zcvf /var/lib/vz/dump/srv_etc_root-$(date +"%Y_%m_%d-%H_%M_%S").tar.gz /etc /root

To disable option of removal/restoration of LXC, enable the Protection option. To allow users to make backups grant them the permission PVEDatastoreUser on the storage path and PVEVMUser on the VM path.

To limit the number of the saved backups created automatically, use the Max Backups option (Datacenter => Storage).

To use NAT within PVE, create a Linux bridge with the LAN IP, and to adjust the build-in firewall to work with the VMs/LXCs, add the directives to /etc/network/interfaces file:

post-up   iptables -t raw -I PREROUTING  -i fwbr+ -j CT --zone 1
post-down iptables -t raw -D PREROUTING  -i fwbr+ -j CT --zone 1

To config new storage go into Server => Storage and Datacenter => Storage.

As you probably have noticed- the word Proxmox has no meaning, it was chosen following a short catchy domain name that was available, in order to be on the safe side and not end up like the Japanese automobile manufacturer Nissan, which still struggling to achieve the nissan.com address.

Categories
Linux

ISPConfig

And the Pied Piper.

ISPConfig is an open source hosting control panel for Linux (preferably Debian). It allows multiple server management from one control panel includes web server management, mail server management, and DNS server management.

For strict privacy policy websites disable the web statistics program.

To create resources for some client use the feature “login as client”.

To change the code configuration use the path /usr/local/ispconfig/server/conf-custom/.

To activate SSL for a website, first enable the SSL and than the Let’s Encrypt SSL, you may use the Rewrite HTTP to HTTPS and SEO Redirect (domain.tld => www.domain.tld, after creating automatic www subdomain) options. To clean old SSL certificates use the command (newer certificates will have higher suffix number): 

certbot delete

To use ISPConfig behind NAT, enable the Skip Lets Encrypt Check option (System => Server Config => Web => SSL Settings), use the WAN IP in DNS Settings and Website Settings, and the LAN IP in Server Config and Server IP Addresses.

For better recovering process enable rescue option (Server Config tab).

To restore a website from a server backup, it is possible to export and import the website files & database backup and the relevant backup record from the ISPConfig database, to manual run all the configured backups use the command:

php /usr/local/ispconfig/server/cron_debug.php --cronjob=500-backup.inc.php

To enhance the email policy edit the directives in /etc/postfix/main.cf:

smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_hostname, reject_non_fqdn_hostname, reject_unknown_recipient_domain, reject_non_fqdn_recipient, reject_unauth_destination, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_rbl_client cbl.abuseat.org,reject_rbl_client dul.dnsbl.sorbs.net,reject_rbl_client ix.dnsbl.manitu.net, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_client_hostname, check_client_access mysql:/etc/postfix/mysql-virtual_client.cf

To workaround the CSRF block while deleting resources, delete it directly inside the Database.

As you probably have noticed- the oldest written accounts of the Pied Piper of Hamelin was created in Lüneburg, the same town the ISPConfig software is developed.

Categories
WordPress

WooCommerce

And Back to the Future.

WooCommerce is an open source E-commerce software which comes as a plugin for WordPress, it is the most popular way of creating E-commerce websites. From many clearing options, order management, shipping types to inventory settings, the plugin covers all the requirements that may arise in creating E-commerce websites.

To edit the mobile menu button text in Storefront theme:

add_filter( 'storefront_menu_toggle_text', 'condless_storefront_menu_toggle_text' );
function condless_storefront_menu_toggle_text( $text ) {
	$text = __( 'My menu' );
	return $text;
}

To edit the Update cart button text in mobile:

add_filter( 'gettext', 'condless_change_update_cart_text', 20, 3 );
function condless_change_update_cart_text( $translated, $text, $domain ) {
if ( wp_is_mobile() && is_cart() && $translated == 'Update cart' ) {
$translated = 'Text for mobile';
}
return $translated;
}

Auto change the order status from “On hold” to “Processing”, for example, to allow a customer who pay in bank transfer (which take some time) to view the digital product download link on the “Order Received” page (must refresh the page):

add_action( 'woocommerce_thankyou', 'condless_woocommerce_auto_processing_orders' );
function condless_woocommerce_auto_processing_orders( $order_id ) {
    if ( ! $order_id )
        return;
    $order = wc_get_order( $order_id );
    if( $order->has_status( 'on-hold' ) ) {
        $order->update_status( 'processing' );
    }
}

Reordering checkout fields:

add_filter( 'woocommerce_checkout_fields', 'condless_reordering_checkout_fields' );
function condless_reordering_checkout_fields( $fields ) {
    $billing_order = array(
        'billing_first_name',
        'billing_last_name',
        'billing_email',
        'billing_phone',
        'billing_company',
        'billing_address_1',
        'billing_address_2',
        'billing_postcode',
        'billing_city',
        'billing_state',
        'billing_country'
    );
    $count = 0;
    $priority = 10;
    foreach($billing_order as $field_name){
        $count++;
        $fields['billing'][$field_name]['priority'] = $count * $priority;
    }
    $fields['billing']['billing_email']['class'] = array('form-row-first');
    $fields['billing']['billing_phone']['class'] = array('form-row-last');
    $fields['billing']['billing_postcode']['class'] = array('form-row-first');
    $fields['billing']['billing_city']['class'] = array('form-row-last');
    return $fields;
}

Hiding some variations of product:

add_filter( 'woocommerce_dropdown_variation_attribute_options_args', 'condless_hide_dropdown_variation_args', );
function condless_hide_dropdown_variation_args( $args ) {
    $args['show_option_none'] = false;
    foreach( $args['options'] as $key => $option ){
        if( $option === "2,5 kg" ) {
            unset($args['options'][$key]);
        }
    }
    return $args;
}

Add fields validation in the checkout page. for example, to allow ASCII chars only (as well as disallow non-English letters):

add_action( 'woocommerce_after_checkout_validation', 'condless_ascii_validate_checkout', 10, 2 );
function condless_ascii_validate_checkout( $fields, $errors ){
if ( preg_match( '/[^[:ascii:]]/', $fields[ 'billing_first_name' ] ) )
$errors->add( 'validation', '<strong>Billing First name</strong> contains non-English letters.' );
if ( preg_match( '/[^[:ascii:]]/', $fields[ 'billing_last_name' ] ) )
$errors->add( 'validation', '<strong>Billing Last name</strong> contains non-English letters.' );
if ( preg_match( '/[^[:ascii:]]/', $fields[ 'billing_company' ] ) )
$errors->add( 'validation', '<strong>Billing Company</strong> contains non-English letters.' );
if ( preg_match( '/[^[:ascii:]]/', $fields[ 'billing_address_1' ] ) )
$errors->add( 'validation', '<strong>Billing Address</strong> contains non-English letters.' );
if ( preg_match( '/[^[:ascii:]]/', $fields[ 'billing_address_2' ] ) )
$errors->add( 'validation', '<strong>Billing Address details</strong> contains non-English letters.' );
if ( preg_match( '/[^[:ascii:]]/', $fields[ 'billing_city' ] ) )
$errors->add( 'validation', '<strong>Billing City</strong> contains non-English letters.' );
if ( preg_match( '/[^[:ascii:]]/', $fields[ 'shipping_first_name' ] ) )
$errors->add( 'validation', '<strong>Shipping First name</strong> contains non-English letters.' );
if ( preg_match( '/[^[:ascii:]]/', $fields[ 'shipping_last_name' ] ) )
$errors->add( 'validation', '<strong>Shipping Last name</strong> contains non-English letters.' );
if ( preg_match( '/[^[:ascii:]]/', $fields[ 'shipping_company' ] ) )
$errors->add( 'validation', '<strong>Shipping Company</strong> contains non-English letters.' );
if ( preg_match( '/[^[:ascii:]]/', $fields[ 'shipping_address_1' ] ) )
$errors->add( 'validation', '<strong>Shipping Address</strong> contains non-English letters.' );
if ( preg_match( '/[^[:ascii:]]/', $fields[ 'shipping_address_2' ] ) )
$errors->add( 'validation', '<strong>Shipping Address details</strong> contains non-English letters.' );
if ( preg_match( '/[^[:ascii:]]/', $fields[ 'shipping_city' ] ) )
$errors->add( 'validation', '<strong>Shipping City</strong> contains non-English letters.' );
}

Manipulate the product price display, for example, to display the discount on sale products:

add_filter( 'woocommerce_get_price_html', 'condless_simple_product_price_format', 10, 2 );
function condless_simple_product_price_format( $price, $product ) {
   if ( $product->is_on_sale() && $product->is_type('simple') ) {
      $price = sprintf( __( '<div class="was-now-save"><div class="was">WAS %1$s</div><div class="now">NOW %2$s</div><div class="save">SAVE %3$s</div></div>', 'woocommerce' ), wc_price ( $product->get_regular_price() ), wc_price( $product->get_sale_price() ), wc_price( $product->get_regular_price() - $product->get_sale_price() )  );      
   }
   return $price;
}

Display the TAX/VAT amount and the product price with/without it:

add_filter( 'woocommerce_get_price_suffix', 'condless_price_vat_suffix', 10, 4 );
function condless_price_vat_suffix( $html, $instance, $price, $qty ) {
if ( is_product() ) {
        $html .=  ' + ' . wc_price(wc_get_price_including_tax($instance) - wc_get_price_excluding_tax($instance)) . ' VAT =  ' . wc_price(wc_get_price_including_tax($instance)); }
return $html;
}

Remove the product added/removed messages:

add_filter( 'wc_add_to_cart_message_html', '__return_null' );
add_filter( 'woocommerce_cart_item_removed_notice_type', '__return_null' );

Display only products in built-in WordPress search results:

add_filter('pre_get_posts','condless_search_wc');
function condless_search_wc( $query ) {
if ( $query->is_search ) {
$query->set( 'post_type', 'product' );
}
return $query;
}

To allow only one item from the product to be bought in a single order, when low stock threshold:

add_filter( 'woocommerce_is_sold_individually', 'condless_wc_remove_quantity_fields', 10, 2 );
function condless_wc_remove_quantity_fields( $return, $product ) {
	if ( $product->get_stock_quantity() <= $product->get_low_stock_amount() )
  		return true;
}

To set up minimum payment for purchase with shipping, write in the “Cost” field (replace $min_order with your value):

$min_order - [fee percent="100" max_fee="$min_order"]

Popup creator. For example notifying the customer in product page about discount ineligibility since purchase not enough items from it, add the Auto Open trigger and the product id page and the custom conditions (update the product id and the quantity for discount):

add_filter( 'pum_get_conditions', 'condless_pum_cart_product_quantity_conditions' );
function condless_pum_cart_product_quantity_conditions( $conditions ) {
        return array_merge( $conditions, array(
                'password_page_unlocked' => array(
                        'group'    => __( 'Products' ),
                        'name'     => __( 'Products: Cart Quantity' ),
                        'callback' => 'cart_product_quantity',
                ),
        ) );
}
function cart_product_quantity() {
        foreach ( WC()->cart->get_cart() as $cart_item ) {
                if ( $cart_item['product_id'] == 772 && $cart_item['quantity'] < 3 ) {
                                return true;
                }
        }
        return false;
}

Conditional shipping methods.

Booking and Appointments.

Wholesale.

Products personalization.

Recover abandoned carts.

Apply coupons automatically.

Shipment tracking.

Payment methods for payment apps which don’t have API.

Fees and discounts by payment method.

Payment method by product.

Request for quote payment option.

Advanced pricing.

Products filter.

Crowdfunding.

Bulk edit for variable products.

Multi vendor.

Selling digital media access (video courses, images, music, content), create virtual product for each media file with direct link to it / to the page on which it is embedded (use Vimeo Plus for heavy videos), restrict the media files / relevant pages that only those who purchased the compatible product on the WooCommerce may view it, enable content protection, limit connection to only one device, and activate 2FA.

As you probably have noticed- Jigowatt ltd, the developers of Jigoshop on which WooCommerce code is based, was named after the pronunciation mistake of the word Gigawatt in the movie Back to the Future.

Categories
WordPress

WordPress RTL

And the Engraved Stone.

WordPress and WooCommerce support right to left languages such as Arabic, Persian, and Urdu.

To edit CSV files with non-English letters, encode it to UTF-8 using Notepad / Google Sheets.

To fix WordPress build-in code block, use the CSS:

pre.wp-block-code {
	text-align: left;
	direction: ltr;
}

To fix Owl Carousel based slider elements, use the CSS:

.owl-carousel,
.bx-wrapper { direction: ltr; }
.owl-carousel .owl-item { direction: rtl; }

To fix Chosen Drop based dropdown elements, use the CSS:

.chosen-container .chosen-drop { left: 9999px; }

To create Twenty Twenty child theme, create the path wp-content/themes/twentytwenty-child, and create inside the files style.css and style-rtl.css with the content: 

/*
 Theme Name:   twentytwenty Child
 Template:     twentytwenty
*/

And the file functions.php with the content: 

<?php
add_action( 'wp_enqueue_scripts', 'condless_theme_enqueue_styles' );
function condless_theme_enqueue_styles() {
        if ( is_rtl() ) {
                wp_enqueue_style( 'parent-style-rtl', get_template_directory_uri() . '/style-rtl.css' );
        }
        else {
                wp_enqueue_style( 'parent-style', get_template_directory_uri() . '/style.css' );
        }
}

To create Storefront child theme, create the path wp-content/themes/storefront-child, and create inside the files style.css and style-rtl.css with the content:

/*
Theme Name: Storefront Child
Template: storefront
*/

And the file functions.php with the content:

<?php
add_action( 'wp_enqueue_scripts', 'condless_theme_enqueue_styles', 9999 );
function condless_theme_enqueue_styles() {
	if ( is_rtl() ) {
        	wp_dequeue_style( 'storefront-child-style' );
		wp_enqueue_style( 'child-style-rtl', get_stylesheet_directory_uri() . '/style-rtl.css', 'storefront-style' );
	}
}

As you probably have noticed- most of the Middle Eastern languages are written from right to left, it is suggested that as stone was the main material used, it being easier to chisel right to left. With ink, suggestions continue, moving left to right prevented smudging.

Categories
WordPress

WordPress

And the Jazz Artists.

WordPress is an open source content management system. This system is the most popular CMS due to the great flexibility it provides and the option to manage a site even without extensive programming knowledge.

A significant option in WordPress is to create a Multisite network, ie multiple sites based on the same code, making it easier to manage and maintain them.

To improve system security at the server level: Update frequently, choose passwords at least 8 characters long (lower and upper case alphabets, numbers and symbols) and replace them frequently, verify that there is a firewall and DDOS protection, and config the Intrusion Prevention System (enable mod_remoteip if used with reverse proxy), set up hiding of the web server details, scan the server files and pass on the logs frequently.

To improve system security at the WordPress level: Update frequently, report any suspicious activity in your account to your hosting provider, use the build-in tool “Site Health”, install few plugins as possible, remove unused themes, install SSL certificate, set up Two-Factor Authentication, and disable the themes and plugins editors by adding the directive to wp-config.php file:

define( 'DISALLOW_FILE_EDIT', true );

Disable the XML-RPC function and the directory browsing option by adding the directives to the .htacess file:

<Files "xmlrpc.php">
Order Allow,Deny
Deny from all
</Files>

Options -Indexes

And disable PHP execution in the uploads directory by creating inside a .htaccess file with the content:

<Files "*.php">
Order Deny,Allow
Deny from All
</Files>

Scan frequently the code in the WordPress directory and database for malwares detection and delete unused items, create full backup before each modification, consider reinstalling WordPress (core files, themes and plugins) from the Dashboard. Make use of the recently modified files command:

find ./ -type f -mtime -15

To remove the Mobile Spam Popup malware, delete the wp-tmp.php, wp-vcd.php, wp-feed.php files from wp-includes directory and delete the code which is creating them from the themes’ functions.php.

To remove the Japanese Keyword Hack malware, clean the malicious code from .htaccess, wp-config.php, sitemap.xml files and uploads directory.

To run WordPress website with SSL in reverse proxy, add the directive to wp-config.php (above “That’s all, stop editing!”):

$_SERVER['HTTPS'] = 'on';

To workaround the loopback error while using the Theme Editor, edit the theme while another theme is temporarily active.

To improve the SEO for the WordPress: use responsive template, config permalink by post name and the media path without date, set the URL slugs in English, and speed up the WordPress.

To optimize the WordPress Speed: Turn off Trackbacks & Pingbacks, decrease media size before upload, disable posts Update Services, and limit autosaves and revisions by adding the directives to the wp-config.php file:

define('AUTOSAVE_INTERVAL', 300 );
define('WP_POST_REVISIONS', false );

To control the file storage and upload size limit, the available space on the server, the size of the hosting plan, the hosting panel settings, the WordPress multisite settings, and the files (located in multiple locations): php.ini, .user.ini, .htaccess, wp-config.php, functions.php.

To change theme files in WordPress, create child theme. To change WordPress functionality, use built-in hooks (which are seperated to actions and filters), add the hooks into child theme’s functions.php. To change WordPress styles, use the Dashboard => Appearance => Customize => Additional CSS, and in order the change the styles of the Dashboard itself:

add_action( 'admin_head', 'condless_admin_custom_css' );
function condless_admin_custom_css() { 
	echo '<style>
	// Your custom CSS
	</style>'; 
}

To customize the Twenty Twenty theme header structure, make use of the CSS:

.cover-header-inner-wrapper { min-height: 60vh !important; }
.home .entry-header { display: none; }
.home .post-inner { padding: 0; }

To limit the length of the code block, make use of the CSS:

pre.wp-block-code { max-height: 30vh; }

To use new fonts, make use of the CSS:

@font-face {
    font-family: $font_family_name;  
    src: url($font_url);  
    font-weight: normal;
}

* { font-family: $font_family_name, Arial, sans-serif; }

To limit post/page creation for author:

add_filter( 'wp_insert_post_empty_content', 'condless_cancel_post_save', 99, 2 );
function condless_cancel_post_save( $maybe_empty, $postarr ) {
	$post_query = new WP_Query( array( 'post_author' => $postarr[ 'post_author' ], 'post_type' => $postarr[ 'post_type' ], 'post_status' => array ( 'any', 'trash', 'draft' ) ) );
	if ( $postarr[ 'ID' ] == 0 && ( $postarr[ 'post_type' ] == 'page' || $postarr[ 'post_type' ] == 'post' ) && ! current_user_can( 'manage_categories' ) && $post_query->found_posts >= 3 ) {
		return true;
	}
	return $maybe_empty;
}

Enable use of session variables:

add_action( 'init', 'condless_activate_session', 1 );
function condless_activate_session() {
    if( ! session_id() ) {
        session_start();
    }
}

E-commerce.

Tags for effective social media sharing.

Contact forms. For custom design, make use of the CSS:

.wpcf7-form {
	background: #dcc8a5;
	padding: 10px 20px;
	border: 2px solid #f6efdf;
	border-radius: 7px;
	max-width: 300px;
}
 
.wpcf7-form p {
	color: #4f2a0f;
	margin-bottom: 5px;
}
 
.wpcf7-form input, .wpcf7-form textarea, .wpcf7-form select {
	background: #f6efdf;
	padding: 5px 7px;
	margin: 4px 0 8px 0;
	border: 3px solid #ccb58c;
	color: #4f4f4f;
	border-radius: 7px;
}
 
.wpcf7-form .wpcf7-submit {
	background: #4f2a0f;
	padding: 5px 15px;
	color: #fff;
	min-width: 100px;
}
 
.wpcf7-form input[type="submit"]:hover {
 	background: #000;
}

Multi language.

Forums with moderation options.

Social network with private area.

Ads board.

Slider. To create full width video, make use of the CSS:

.wp-video, video.wp-video-shortcode, .mejs-container, .mejs-overlay.load {
	width: 100% !important;
	height: 100% !important;
}
.mejs-container {
	padding-top: 56.25%;
}
.wp-video, video.wp-video-shortcode {
	max-width: 100% !important;
}
video.wp-video-shortcode {
	position: relative;
}
.mejs-mediaelement {
	position: absolute;
	top: 0;
	right: 0;
	bottom: 0;
	left: 0;
}
.mejs-controls {
	display: none;
}
.mejs-overlay-play {
	top: 0;
	right: 0;
	bottom: 0;
	left: 0;
	width: auto !important;
	height: auto !important;
}

Image hover effects.

As you probably have noticed- Pastorius, Carter, Valdés, and all other WordPress Version names, are names of popular jazz artists, inspired by WordPress core developers, who share a love of jazz music.

Categories
Security

Two-Factor Authentication

And Kim Dotcom.

TOTP-based Two-Factor Authentication makes it difficult for unauthorized access to your account, becuase that besides your password, it will required to obtain the code generated in your app in real time and log in immediately (the code changes every short time) or to locate your secret.

In this verification process, a one-time code is created using an algorithm that uses your secret code and the current time, so that each code is set to change over time.

Two-Factor Authentication is part of the information security system required in every business. To use this authentication method it is required to download an OTP app.

To config TOTP as a second factor to WordPress:

  • Install and activate the plugin
  • Scan the QR code through the app
  • Click update profile

To config TOTP as a second factor to the Roundcube webmail:

  • Install and activate the plugin
  • Enable the option via the setting tab

To config TOTP as a second factor to the phpMyAdmin:

  • Install and activate the feature
  • Enable the option via the setting tab

To config TOTP as a second factor to the VPS SSH:

  • Install libpam-google-authenticator
  • Config google-authenticator
  • In /etc/pam.d/sshd file comment @include common-auth and add auth required pam_google_authenticator.so
  • In /etc/ssh/sshd_config file change ChallengeResponseAuthentication value to yes, PasswordAuthentication value to no, and add AuthenticationMethods publickey,keyboard-interactive
  • Restart the SSH service

To config TOTP as a second factor to the VPS Control Panel:

  • Press the TFA button in the user list
  • Randomize the secret key (optional)
  • Set the Issuer Name (optional)
  • Scan the QR code through the app
  • Enter your password
  • Enter the TOTP Value the app generated
  • Press Apply

As you probably have noticed- Kim Dotcom threatened to sue all the major web services offering this kind of authentication, bases on its patent from 2000. Currently the European Patent Office revoked his patent in light of an earlier 1998 US patent held by AT&T.

Categories
Linux

Debian

And Toy Story.

Debian is a very popular Linux distribution for servers and is considered to be the most stable. Its social contract highlights values of transparency, community contribution, and adherence to the principles of Free software.

To improve the successfull mail delivery rate from the server set up for the domain names: SPF, DKIM, DMARC, and make sure the server hostname appear at the A record, rDNS, server control panel, MTA (includes mailname), and content filter configuration values.

To config relay host in Postfix, use the commands:

apt-get install libsasl2-modules
postconf -e 'relayhost = $relay_host_ip'
postconf -e 'smtp_sasl_auth_enable = yes'
postconf -e 'smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd'
postconf -e 'smtp_sasl_security_options ='
echo "$relay_host_ip   yourEmail:yourPassword" > /etc/postfix/sasl_passwd
chown root:root /etc/postfix/sasl_passwd
chmod 600 /etc/postfix/sasl_passwd
postmap /etc/postfix/sasl_passwd
/etc/init.d/postfix restart

To disallow root to connect via SSH, in /etc/ssh/sshd_config use the directive:

PermitRootLogin no

To define which logs will be saved and where, the /etc/rsyslog.conf file should be edited according to the instructions.

To config the intrusion prevention system Fail2ban, create a jail.local file and use the commands, for example to enable the recidive ssh protection:

[recidive]
enabled = true

[sshd]
enabled = true

To config multiple log files:

logpath = /var/www/clients/client12/web*/log/access.log
          /var/www/clients/client13/web*/log/access.log

And to unban IP use the command:

fail2ban-client set sshd unbanip $IP

To config NAT and port forwarding with iptables use in /etc/network/interfaces the directives:

post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '$LAN-IP-SUBNET' -o eno1 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '$LAN-IP-SUBNET' -o eno1 -j MASQUERADE
post-up iptables -t nat -A PREROUTING -i eno1 -p tcp -m multiport --dports $PORTS -j DNAT --to $DESTINATION-LAN-IP
post-down iptables -t nat -D PREROUTING -i eno1 -p tcp -m multiport --dports $PORTS -j DNAT --to $DESTINATION-LAN-IP

To config a reverse proxy in Apache web server, which keeps the original reciever address and don’t pass the SSL certificates requests use those directives:

ProxyPreserveHost On
ProxyPass /.well-known/acme-challenge !
ProxyPass /$PATH http://$LAN-IP:$PORT/$PATH
ProxyPassReverse /$PATH http://$LAN-IP:$PORT/$PATH
ProxyPass / http://$LAN-IP:$PORT/
ProxyPassReverse / http://$LAN-IP:$PORT/

To use PureFTP in passive mode (allows using behind Firewall), use the commands:

echo "30510 30610" > /etc/pure-ftpd/conf/PassivePortRange
service pure-ftpd-mysql restart

To hide the Apache web server details, add the directives into /etc/apache2/apache2.conf:

ServerTokens Prod
ServerSignature Off

As you probably have noticed- Buster, Strech, Jessie, and all other Debian distribution code names, are names of characters from the Toy Story movie, inspired by Bruce Ferns who worked at Pixar besides his tenure as the Debian project leader.