Introduction

In this article, we will see how to setup a WordPress website using Docker. Containerization has changed the face of how the applications are packaged and deployed. WordPress hosting using docker containers makes it easy to host and manage the hosting.

For setting up the website, a WordPress container and a SQL database container are required. As we are using the containers, configurations can be fed into the containers during the creation by defining them in the Docker compose file.

Prerequisites

A host with docker engine and docker-compose installed.

Here we are using Ubuntu 20.04 as the host. Docker and Docker-compose packages are installed using the below code.

Docker engine installation

The latest stable version of the docker can be installed by executing just 2 lines of code in your Linux shell. Detailed documentation is available at https://docs.docker.com/engine/install/ubuntu/

curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh

Add the current user (user ubuntu in my case) to the docker group

sudo usermod -aG docker ubuntu

Close the session and re-login for the user to update the permission

Docker-Compose installation

sudo apt install docker-compose -y

Docker network configuration

Two networks are defined for separating the web traffic and database connection.

sudo docker network create --subnet 10.10.10.0/24 data_default
sudo docker network create --subnet 10.10.11.0/24 proxy_default

WordPress and MariaDB Installation

As Docker loses its knowledge of data on reboot, the WordPress and the DB data has to be stored in a persistent storage (i.e. in a storage).

Following are the configuration details:

WordPress:

• Container name – testweb_wp
• local data folder ‘/opt/data/wp_testweb/html’ mapped to the wordpress container instance at ‘/var/www/html’
• container port 80 is mapped to host port 8089
• The container runs with the user account ubuntu with pid 1001(check your account puid and pgid and provide the number accordingly)
• WordPress container connects to 2 bridge networks proxy_nw >> proxy_default and hosts_nw >. data_default
• and the configurations to connect to the database

MariaDB:

• Container name – testweb_db_host
• There is no port mapping to the host machine as the it communicates internally to the wordpress container
• local data folder ‘/opt/data/wp_test/db’ mapped to database container instance at ‘/config’

Create necessary folders

sudo mkdir /opt/data/ /opt/data/wp_testweb/ /opt/data/wp_testweb/html/ /opt/data/wp_testweb/db/

WordPress Docker Compose YAML

Create yaml file

cd /opt/data/wp_testweb/
sudo touch docker-compose.yaml

Use any text editor and add the following yaml code to the docker-compose file

version: '2'
services:
  testweb_db_host:
    image: linuxserver/mariadb:latest
    networks:
      - hosts_nw
    volumes:
      - /opt/data/wp_testweb/db:/config
    environment:
      - PUID=1001
      - PGID=1001
      - MYSQL_USER=wp_user
      - MYSQL_DATABASE=testweb_db
      - MYSQL_PASSWORD=Sup35ComplexPass
      - MYSQL_ROOT_PASSWORD=^3ryComplexPass
    restart: unless-stopped
  testweb_wp:
    image: wordpress:latest
    networks:
      - proxy_nw
      - hosts_nw
    ports:
      - 8089:80
    volumes:
      - '/opt/data/wp_testweb/html:/var/www/html'
    depends_on:
      - testweb_db
    environment:
      - PUID=1001
      - PGID=1001
      - WORDPRESS_DB_HOST=testweb_db_host
      - WORDPRESS_DB_USER=wp_user
      - WORDPRESS_DB_NAME=testweb_db
      - WORDPRESS_DB_PASSWORD=Sup35ComplexPass
    restart: unless-stopped

networks:
  proxy_nw:
    external: true
    name: proxy_default
  hosts_nw:
    external: true
    name: data_default

Powering UP the docker containers

The above configuration is to be saved as docker-compose.yaml and run following command from the saved folder.

docker-compose up -d

If your docker-compose fails with the following error,

ERROR: The Compose file './docker-compose.yaml' is invalid because:
networks.hosts_nw value Additional properties are not allowed ('name' was unexpected)
networks.proxy_nw value Additional properties are not allowed ('name' was unexpected)

The docker-compose has to be upgraded to the latest version. The latest stable version is now v2.1.1

sudo curl -L https://github.com/docker/compose/releases/download/v2.1.1/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose

Reboot the server for the changes to take effect and install the package gnome-keyring

# To reboot the server
sudo reboot

# Install gnome-keyring package
sudo apt install gnome-keyring

Now execute the command again “docker-compose up -d”

Summary

Now the containers are up and running. Verify with the command ” docker ps”

ubuntu@dockhost:/opt/data/wp_testweb$ docker ps
CONTAINER ID   IMAGE                        COMMAND                  CREATED          STATUS          PORTS                                   NAMES
46ae07cacda9   linuxserver/mariadb:latest   "/init"                  21 seconds ago   Up 17 seconds   3306/tcp                                wp_testweb-testweb_db_host-1
15c2f3ac5099   wordpress:latest             "docker-entrypoint.s…"   23 seconds ago   Up 16 seconds   0.0.0.0:8089->80/tcp, :::8089->80/tcp   wp_testweb-testweb_wp-1

Open any web browser and access the URL http://<ipaddress>:8089/

Well, you have your wordpress running !

Hope you like this article and thank you for reading.

For any industry, IT or non-IT, Information or data is the key. There are various ways by which the information can be stored. Financial or structured data usually takes a table form and resides in a database. In the case of the non-structured generic data such as project documentation, knowledge base or personal documentation can be maintained well using a documentation platform rather than keeping it in files.

By keeping these informations in a platform, it is very easy to manage, edit, search the content as compared to the handling of files.

Introduction

There are many such platforms out in the market which we can use. Confluence by Atlassian is one such feature-rich platform. It also does provide a free edition with 2GB storage. If you like to keep all your data with you, self hosting will be best option.

Of all the products, BookStack is the one which I like the most. Bookstack is free and open source and the page editor has a simple WYSIWYG interface. BookStack has a very simple interface and all content can be broken down into Shelf, Books, Chapters, and Pages. It has built-in diagrams.net for easy creation of diagrams and many more.

In this article, we will discuss how to self-host BookStack in docker.

Prerequisites

Linux Server

The prerequisite is to have a Linux OS either in a public cloud or in your home server. Here I am using Ubuntu 20.04.

Docker Engine Installation

The latest stable version of the docker can be installed by executing just 2 lines of code in your Linux shell. Detailed documentation is available at https://docs.docker.com/engine/install/ubuntu/

curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh

Add the current user (user ubuntu in my case) to the docker group

sudo usermod -aG docker ubuntu

Close the session and re-login for the user to update the permission

Bookstack Installation

Bookstack uses a SQL database to store the data. We use MariaDB as our database. Both the BookStack and MariaDB docker container images are from https://www.linuxserver.io/

Docker Network configuration

Let’s create a network the containers

sudo docker network create --subnet 10.10.10.0/24 data_default

Database Installation

Execute the below docker command to install the DB container.

docker run -d \
--name=bookstackdb \
-e PUID=1001 \
-e PGID=1001 \
-e MYSQL_ROOT_PASSWORD=pass123456 \
-e MYSQL_DATABASE=bookstackapp \
-e MYSQL_USER=bookstackuser \
-e MYSQL_PASSWORD=pass123456997 \
-v /opt/data/bookstack/db:/config \
--restart unless-stopped \
--network=data_default \
linuxserver/mariadb

Running the above command will download the MariaDB image and create a container from the repository and run it with the specified configuration as mentioned in the environment variables. The container will be attached to the data_default network with the name bookstackdb.

The data folder will be created “/opt/data/bookstack/db” if not already exist.

BookStack Installation

Execute the below docker command to install the BookStack container

docker run -d \
--name=bookstack \
-e PUID=1001 \
-e PGID=1001 \
-e DB_HOST=bookstackdb \
-e DB_USER=bookstackuser \
-e DB_PASS=pass123456997  \
-e DB_DATABASE=bookstackapp \
-e APP_URL=http://wiki.yourdomain.com:5865 \
-p 5865:80 \
-v /opt/data/bookstack/config:/config \
--restart unless-stopped \
--network=data_default \
linuxserver/bookstack

Make sure to properly configure the environment variables such as – database user and password, URL, port, etc.

To check the container status, run “docker ps” and it should show the below result. Book stack is listening at port 5865.

ubuntu@webserver:/opt/data/bookstack$ docker ps
CONTAINER ID   IMAGE                   COMMAND   CREATED          STATUS          PORTS                                            NAMES
33effffbf170   linuxserver/bookstack   "/init"   3 minutes ago    Up 2 minutes    443/tcp, 0.0.0.0:5865->80/tcp, :::5865->80/tcp   bookstack
b7540622f83b   linuxserver/mariadb     "/init"   25 minutes ago   Up 25 minutes   3306/tcp                                         bookstackdb

Make necessary DNS entry to point the domain wiki.domain.com to the virtual machine IP and all set. BookStack is ready for use.

Final Steps

Open any web browser and type in the URL http://wiki.yourdomain.com:5865 to access your wiki site.

This should take us to the BookStack login

The default admin login of BookStack is admin@admin.com with the password password

Ensure to change the login email and the password after you login. Refer to the BookStack documentation https://www.bookstackapp.com/docs/admin/security/ for further configuration

Hope you liked this article and thank you for reading

Before we dig into securing the website login, let see some introduction of Cloudflare.

What is Cloudflare?

As we all know, Cloudflare is one of the best CDN(Content delivery network) and DNS(Domain Name System) out there in the market.

Is Cloudflare just a DNS and CDN?

Well No! It’s also an internet reverse proxy service provider. There are many security features that come with Cloudflare.

Why cloudflare?

When the website domain is configured in Cloudflare DNS with “proxy” switched on, it acts as a reverse proxy for the website. All the traffic coming into the website and going out of it will be through the Cloudflare security infrastructure. So we can use it to inspect what type of traffic is coming in and to which URL’s. The malicious content can be filtered out thereby protecting our website. Cloudflare also do provide free SSL for our website and makes it HTTPS. Behind Cloudflare network, it connects to the real web server by different means such as HTTP or HTTPS (strict or flexible)

Need to know more, Have a look at https://www.cloudflare.com/

Benefits of using Cloudflare

• DDoS protection – As cloudflare faces the internet, it takes the initial hit, so the website is protected in case of a DDoS attack
• Firewall (3 rules in the free plan)
• Rule based page caching (3 rules in the free plan)
• Ultra fast DNS
• Has a reCaptcha feature to get rid of robots.
• Client certificate authentication
• Caching and mimify(html, css and js)
• And many more…

Securing the WordPress website login using Cloudflare and Wireguard VPN

Now let’s start the configuration

Changing the WordPress admin page url

Everyone knows, the login page of WordPress is https://domainname.com/wp-login.php, so anyone can try a random combination of credentials or even do a brute-force attack.
As a precaution, we first change the login URL using a WordPress plugin – https://wordpress.org/plugins/wps-hide-login/
The plugin should be installed which will then appear in the admin panel “Settings > WPS Hide Login”. Change the URL to something “not so common” and save the settings.

Now the URL of the WordPress login page is changed and when someone tries https://domainname.com/wp-admin they will be redirected to the 404 page or we can set it to any page as required.
This gives a certain level of protection as the URL is not a well-known phrase.

A self-hosted Wireguard VPN

By self-hosting a VPN(Virtual Private Network) in your cloud VPS, the VPN server will modify the source IP address of the traffic to the VPN server’s IP address. Connecting to the VPN changes our IP address and this IP can be whitelisted in Cloudflare’s firewall. So only we have access to the WordPress login page URL. This step is not needed if you own a static IP from your ISP which is not always the case.

Wireguard is a new and lightweight VPN solution that can be easily deployed using a docker container. There is a wireguard docker container from linuxserver.io which can be easily deployed.

Follow tekcookie.com for upcoming VPN articles.

The VPN can be configured as a split tunnel allowing only the website IP or a tunnel mode VPN tunneling the entire traffic. It’s better to use split-tunnel mode VPN as it does not take much of the network bandwidth.

For split-tunnel configuration, IPTables of the wireguard server has to be configured to allow only the website traffic

PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -d tekcookie.com -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -d tekcookie.com -o eth0 -j MASQUERADE

In the VPN Client software, the AllowedIPs parameter should have the public IP address of the website.

AllowedIPs = 132.123.13.123/32, 111.222.212.123/32

If there is more than one IP to the website, it can be added as shown in the sample above. The IP address of the domain is obtained by nslookup to any DNS servers out on the internet.

By this, only the website traffic is tunneled through the VPN and other traffic takes the normal internet.

Cloudflare Firewall Rules

In the Cloudflare firewall, a rule is added to block all the traffic to the login URL except the traffic having the VPN server’s IP as the source address.

Navigate to Firewall > Firewall Rules and click the “Create a Firewall rule” button to create a new rule.

In the rule, custom login page URL is added with the VPN server’s IP address.

This is a “Block” rule which blocks all the traffic to https://domainname.com/randomurl if the source IP address does not match the VPN server’s IP address.

Means, this page is only accessible if the VPN is connected.

Along with the IP address filtering, there are many more filters available such as Country, cookie, user agent, client certificate verified, etc. Just explore it out and frame your own rules for better security.

Conclusion

This article explains how to secure the WordPress login. But this does not guarantee the overall website security from internet threats. For that, a vulnerability assessment has to be performed to identify the loopholes. The WordPress and the plugins have to be kept updated to protect from the known security issues. There are also many WordPress plugins that help to increase website security.

The sad truth of security is nothing is 100% secure.

Hope you liked this article and thank you for reading.

OpenSSL is available at https://www.openssl.org/source/

Once installed, OpenSSL is accessed using command prompt.

Generate PFX from Private and Public RSA Keys

In this example the certificate has only the private key and the public key but not the information of intermediate or root CA.

Below are the file list

• Private Key – csc_private.key

• Public Key – csc_public.pem

With OpenSSL, the key can be converted to PFX format.

Open command prompt and enter the below command

openssl pkcs12 -export -out ClientCert.pfx -inkey "C:\Cert\csc_private.key" -in "C:\Cert\csc_public.pem" 

This command will prompt to enter the password to secure the certificate. After entering the password, the certificate will be generated.

After the command execution, the certificate file is generated with the name “ClientCert.pfx” as mentioned in the -out parameter in the openssl command.

If certificate chain has to added to the pfx file, then the root and intermediate files can be appended to end of the above command as separate -in parameter. For example ” -in rootCA.pem -in intermCA.pem”

Hope you liked this article and thank you for reading.

We use powersell command-let invoke-command to execute the command in the remote systems. Invoke-Command is the most used command-let to execute scripts remotely.

To use Invoke-Command, powershell remoting has to be enabled in the remote system. Group policy can be used to deploy this feature in the organization.

One liner to fetch local administrator group details

Invoke-Command -ScriptBlock { Get-LocalGroupMember administrators } -ComputerName pc1, pc2, pc3 | select PSComputerName, Name, SID, PrincipalSource

Result:

PSComputerName Name                 SID                                            PrincipalSource
 -------------- ----                 ---                                            ---------------
 pc1            pc1\Administrator    S-1-5-21-1644265705-1531034170-3899888674-500  Local          
 pc1            pc1\user             S-1-5-21-1644265705-1531034170-3899888674-1002 Local          
 pc2            pc2\Administrator    S-1-5-21-1644265705-1531034170-3899899674-500  Local          
 pc3            pc3\Administrator    S-1-5-21-1644265705-1531034170-3899875674-500  Local  

This one liner will connect to the respective computers mentioned in the ComputerName parameter and lists out the member details. The PrincipalSource shows whether the object belongs to local or domain.

Note: As the script will connect to the remote computers, we need to run it with a user account which has access to these machines.

Get-LocalGroupMember command-let is part of Microsoft.PowerShell.LocalAccounts and was made available from the version Powershell 5.1.

Further details of al commands are documented at https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.localaccounts/?view=powershell-5.1

Script to fetch the local administrator group details

We will now wrap the above one liner to a function with the necessary checks to ensure that the computers are online by checking with a ping request.

function Fetch-LocalAdminMembers
 {
     [CmdletBinding()]
     [Alias()]
     Param
     (
         [Parameter(Mandatory=$true)]
         [String[]]$Computers,
         [Parameter()]
         [pscredential]$Credential
     )
     begin
     {
         #Checking whether the systems are online
         #OnlineComputers variable will have all the computers which responded to ping
         $OnlineComputers = @()
         $Computers | ForEach-Object {
             if(Test-Connection $_ -Count 1 -ErrorAction SilentlyContinue) {
                 $OnlineComputers += $_
             }
         }

     }

     process
     {
         #If credentials are not passed, the script runs in current user context
         if($Credential -eq $null)
         {
             Invoke-Command -ScriptBlock {Get-LocalGroupMember administrators; Start-Sleep -Seconds 2} -ComputerName $OnlineComputers   | select PSComputerName, Name, SID, PrincipalSource
         }
         else
         {
             Invoke-Command -ScriptBlock {Get-LocalGroupMember administrators; Start-Sleep -Seconds 2} -ComputerName $OnlineComputers -Credential $Credential  | select PSComputerName, Name, SID, PrincipalSource
         }
     }

     end
     {
         $OnlineComputers = $Credential = $null
     }
 }

Executing the function

Fetch-LocalAdminMembers -Computers pc1, pc2

Result:

PSComputerName Name                 SID                                            PrincipalSource
 -------------- ----                 ---                                            ---------------
 pc1           pc1\Administrator    S-1-5-21-1644265705-1531034170-3899888674-500  Local          
 pc1           pc1\user             S-1-5-21-1644265705-1531034170-3899888674-1002 Local          
 pc2           pc2\Administrator    S-1-5-21-1644265705-1531034170-3894649674-500  Local          
 pc2           pc2\user2            S-1-5-21-1644265705-1531034170-3894649674-1002 Local  

We can refine the script further for faster execution, If you can identify it, I highly recommend you to comment it with the code snippet.

This will be helpful for the readers and will make this more interactive.

Hope you liked the article and thank you for reading

Last Windows Update Information

We use the com object Microsoft.Update.Session to get the update results.

Below one liner will tell us the previous update search and the last update installation date.

(New-Object -com "Microsoft.Update.AutoUpdate").Results

Output:

LastSearchSuccessDate LastInstallationSuccessDate
--------------------- --------------------------- 
 6/17/2021 3:54:31 AM  6/16/2021 3:57:34 AM

New Windows Update Count

Furthermore, to get the number of updates which are yet to be installed.

$UpdateSession = New-Object -ComObject Microsoft.Update.Session
$UpdateSearcher = $UpdateSession.CreateupdateSearcher()
$Updates = @($UpdateSearcher.Search("IsInstalled=0").Updates)

#This will give the number of updates yet to install.
$Updates.Title.count 

Pending Operating System Restart

Any pending restart because of previous update can be identified through the registry “HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired”

The entry will have a value “true” if the operating system is waiting for a restart which is needed to complete an update.

Windows Update Status

Above codes can be combined to get following information about a computer.

1. LastSearchSuccessDate
2. LastInstallationSuccessDate
3. NewUpdateCount
4. PendingReboot

We can now wrap the script with invoke-command to remote execute in multiple systems

function Get-WindowsUpdateInformation()
 {
     param
     (
         [Parameter()]
         [string[]]
         $ComputerName="localhost"
     )


     $Results = Invoke-Command -ScriptBlock  {     
         $result = (New-Object -com "Microsoft.Update.AutoUpdate").Results     
         $UpdateSession = New-Object -ComObject Microsoft.Update.Session     
         $UpdateSearcher = $UpdateSession.CreateupdateSearcher()     
         $Updates = @($UpdateSearcher.Search("IsInstalled=0").Updates)     
         $PendingReboot = $false     
    
         #Checking pending reboot
         if (Get-Item "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired" -EA Ignore) { $PendingReboot=$true }     
   
         #Framing the result to a list
         New-Object psobject -Property @{         
              LastSearchSuccessDate = $result.LastSearchSuccessDate         
              LastInstallationSuccessDate = $result.LastInstallationSuccessDate         
              NewUpdateCount = $Updates.Title.count         
              PendingReboot = $PendingReboot     
         } 
     } -ComputerName $ComputerName 

     $Results | Select-Object @{Name="ServerName"; Expression={$_.PSComputerName}}, LastSearchSuccessDate, LastInstallationSuccessDate, NewUpdateCount, PendingReboot
 }
 

Multiple server/computer names can be passed as an array to get the update information, or the server name can also be read from a text file and passed as parameter.

Get-WindowsUpdateInformation -ComputerName testhost1, testhost2

Output:

ServerName LastSearchSuccessDate LastInstallationSuccessDate NewUpdateCount PendingReboot
---------- --------------------- --------------------------- -------------- -------------
 testhost1  6/17/2021 5:31:12 PM  5/16/2021 2:56:21 PM                     1         False
 testhost2  6/16/2021 6:33:22 PM  5/21/2021 4:22:34 AM                     1         False

If you have some better ideas or know other ways of doing this, please comment it. It will be informative for me and for the readers.

Hope you liked this article and thank you for reading

CloudFlare does provide free plan where one can add one domain and proxy the traffic for FREE. Cloudflare also do give the provision to manage the domain using API’s.

We will see how to create a DNS record and update the record using PowerShell.

To manage the DNS record in cloudflare, we need to obtain the API token and permission to edit the DNS records.

To obtain the API token, login to cloudflare, under your domain portal, click on “Get your API token”. Also note the “Zone Id” in the page, which is required in the API.

Click on “API Tokens” tab and click “Create Token” button.

click the “Use Template” button as shown below.

Select the zone setings as below with the required domain details and click “Continue to summary”

Click “Create Token” to generate the api key.

Copy the generated key to access the DNS using PowerShell.

Sample Token : p6bfghn0rsdfghc-34ggb5tdas8w7ysdftj-C4
Sample ZoneID : 6cd345qefad7c71dfg5q23573017

Validating cloudflare API key using Powershell

Run the below script in PowerShell to validate the access

Invoke-RestMethod -Method Get -Uri "https://api.cloudflare.com/client/v4/user/tokens/verify" -Headers @{
 "Authorization" = "Bearer p6bfghn0rsdfghc-34ggb5tdas8w7ysdftj-C4"
 "Content-Type" = "application/json"
 } 

Result with success = True shows that the key is valid and accepted.

To know your public IP, please refer to my other post

Adding a new record to Cloudflare DNS

 $token = "p6bfghn0rsdfghc-34ggb5tdas8w7ysdftj-C4"
 $hostname = "dyDNS.domain.com"
 $ip = Invoke-RestMethod -uri "https://ifconfig.io/ip"  #Your Public IP 
 $zoneid = "6cd345qefad7c71dfg5q23573017"
 $url = "https://api.clouflare.com/client/v4/zones/$zoneid/dns_records"

 $Body = @{
     "type" = "A"
     "name" =  $hostname
     "content" = $ip
     "proxied" = $true # To mask the real IP
 }

 $Body = $Body | ConvertTo-Json

 $result = Invoke-RestMethod -Method post -Uri $url -Headers @{
 "Authorization" = "Bearer p6bfghn0rsdfghc-34ggb5tasdas8w7ysdftj-C4"
 } -Body $Body -ContentType "application/json"

 $result.result

Edit an existing Cloudflare DNS record

 $hostname = "dyDNS.domain.com"
 $zoneid = "6cd345qefad7c71dfg5q23573017"
 $token = "p6bfghn0rsdfghc-34ggb5tdas8w7ysdftj-C4"
 $url = "https://api.cloudflare.com/client/v4/zones/$zoneid/dns_records" 

 # Fetch the record information
 $record_data = Invoke-RestMethod -Method get -Uri "$url/?name=$hostname" -Headers @{
 "Authorization" = "Bearer $token"
 } 

 # Modify the IP from the fetched record
 $record_ID = $record_data.result[0].id
 $record_data.result[0].content = Invoke-RestMethod -uri "https://ifconfig.io/ip" #Your Public IP 

 $body = $record_data.result[0] | ConvertTo-Json

 # Update the record
 $result = Invoke-RestMethod -Method put -Uri "$url/$record_ID" -Headers @{
 "Authorization" = "Bearer $token"
 } -Body $body -ContentType "application/json"

Run this script in a Scheduled Task, your Public IP will get updated in DNS !!!

Hope you like this article and thank you for reading.

To get information about our public IP, open any web browser and visit the page https://ifconfig.io/.

The same page also provide api to get the details.

Public IP using PowerShell

( Invoke-WebRequest -uri "https://ifconfig.io/ip" ).content 

Refer to https://ifconfig.io/ to get more information about the API

Hope you like this article and thank you for reading.

We can leverage the pnputil.exe tool to perform the installation fast and easy.

Consider a scenario of a multiple drivers packed to an iso image. Below script will install all the required drivers.

# Mount the driver iso image
Mount-DiskImage D:\Driver\drivers-windows.iso

# Get the mount point/drive letter, considering that the above one is the only disk mounted
$isoMount = (Get-DiskImage -DevicePath \\.\CDROM0  | Get-Volume).DriveLetter

# Find the inf files and install
Get-ChildItem "$($isoMount):\" -Recurse -Include *.inf | ForEach-Object {
     $_.FullName
     pnputil /add-driver $_.FullName /install 
}

Running the script would update all the drivers which are meant for your system hardware.

Hope you like this article and thank you for reading.

PowerShell commands can be executed on a remote systems by using PowerShell-Remoting. By default, PowerShell remoting is disabled on clients operating systems.

We can either enable PowerShell remoting by executing the command “Enable-PSRemoting -Force” under administrative context. This can be either done locally on each systems by executing the commands or remotely via a group policy or through SCCM.

But if we have administrative access to a system, we can execute PowerShell commands remotely by means of PSEXEC.EXE (https://docs.microsoft.com/en-us/sysinternals/downloads/psexec)

PSEXEC shell does not work well (interactively) with PowerShell as it works with cmd commands.

Interactive Powershell prompt with PSExec

In windows 10, the interactive part is much better.

Enabling PowerShell Remoting using PSEXEC

#cmd.exe in the administrative context
#navigate to the sysinternals tools folder or add the folder to the PATH
#executing the below command would take us to the powershell prompt of the remote system
psexec.exe \\<computerName powershell.exe

#run the below command to enable PS Remoting or any commands as we wish
Enable-PSRemoting -Force

Execute multiple Powershell commands with PSExec

So, rather than going with interactive way, we can also issue a single command to do the same task

#navigate to the sysinternals suite folder, to directly execute from the prompt, add the folder to the PATH
psexec.exe \\<computerName> powershell.exe -command "& {Enable-PSRemoting -Force}"

Execute multiple Powershell commands with PSExec

We can also execute multiple commands as a single statement

#navigate to the sysinternals suite folder, to directly execute from the prompt, add the folder to the PATH
psexec.exe \\<computerName> powershell.exe -command "& {Get-Process; Get-service; $num1 = 2; $num2 = 1; $num1 + $num2}"

Also, please have a look at my other post about PSEXEC

Hope you liked this article and thank you for reading