Urs Riggenbach Webdesign, Consulting, Renewable Energies

My Time

Open Access to Renewable Energies

Since 2012 I've been working with GoSol.org toward initiating a global wave of solar enterpreneurship.

Practical Tools for Change

Building web-platforms and systems with purpose that connect actors, empower people and facilitate change.


Projects

Curriculum Vitae

I am a Web-Designer, Sysadmin and Renewable Energy specialist. I'm a UWC and COA graduate, Farmer, Human Ecologist, Open Source Enthusiast, Techno Peasant, Biker, Longboarder, Scout, Hiker, Junglist and Salsa dancer.

My mantra is Global Collaboration - Local Production.

I bring an international Baccalaureate from the United World College, India and BA in Human Ecology from the College of Atlantic, US.

GoSol.solar
Chief Operating Officer

June 2012 - now
Launch of innovative platform for the spread of solar thermal energy solutions.

Solar Fire Concentration Ltd, Finland
Chief Operating Officer

June 2012 - now
Solar thermal technology solutions in the humanitarian and industrial sector.
- Technological development, project management, IT consulting, web and communication.

Autodesk Inc, San Francisco
Pier 9 Impact Residency

February 2017 - May 2017
- Industrial CNC machine training (Waterjet, Lasercuting, 5 axis CNC)
- Rapid prototyping using state of the art CNC machinery

Oekozentrum Langenbruck, Switzerland
Swiss Civil Service

August 2013 - February 2014
- Support in research and development.

WWF Switzerland
Swiss Civil Service

February 2013 - July 2013
- Development of exhibition on renewable energies.

Sustainable Design/Build, Yestermorrow, USA
Semester course in sustainable design and building practices

- Instructors from the fields of architecture, construction and joinery/Carpentry
- Application of principles of sustainability and sustainable design in the architecture of a "tiny house" of 227 square feet.
- Project planning and management with different build milestones.
- Construction of entire tiny house, see it in New York Post "Tiny House 227".
- Study and implementation of HVAC systems.

College of the Atlantic, USA
Bachelor of Arts in Human Ecology

September 2008 - June 2012
- Relevant Coursework: Agroecology, Economic Development, International Water Resource Management, Physics II, Collaborative Leadership, Fieldwork: Seminar in Community-based Research, Documentary Film Making, Webdesign, Fixing Food Systems, Sustainability, Local Production - Global Collaboration.
- Senior project in Nepal installing renewable energy framework at rural school
- Spanish proficiency during project-stay in Yucatán, Mexico
- Davis UWC Scholar: full scholarship awarded

United World College, India
International Baccalaureate, IB

September 2006 - May 2008
- International Baccelaurate (IB) with major biology and economics.
- Course language English.
- Extended essay: Sugarcane Cultivation in the Mulshi Valley, India.
- Full Scholarship from the Swiss Association for UWC

Born

Blog

Blog

Set default server on NGINX

Posted Friday 19 June 2015 by Urs Riggenbach.

When NGINX can’t match a virtual host to a requested domain name it serves the first server-block registered in the system. This results in all unconfigured domain names serving the same website, which negatively affects SEO.

To serve a site for all unconfigured domain names, use the default_server property to serve a placeholder page. Don’t forget to set it on both HTTP:80 and HTTPS:443.

Create a file in /etc/nginx/sites-enabled/ and paste this config to serve a static html page stored at /var/www. Don’t forget to adjust the reference to the SSL key and crt.

Don’t forget to restart the nginx server afterwards (Debian):
service nginx restart

Sample fallback config file

server {
        listen   80 default_server;

        root /var/www;
        index index.html index.htm;

        # Make site accessible from http://localhost/
        server_name localhost;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ /index.html;
                # Uncomment to enable naxsi on this location
                # include /etc/nginx/naxsi.rules
        }

       
}



# HTTPS server
#
server {
        listen 443 default_server;
        server_name localhost;

       root /var/www;
       index index.html index.htm;

ssl on;
ssl_certificate /etc/nginx/fallback.crt;
ssl_certificate_key /etc/nginx/fallback.key;

#enables all versions of TLS, but not SSLv2 or 3 which are weak and now deprecated.
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

#Disables all weak ciphers
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";

ssl_prefer_server_ciphers on;

        location / {
                try_files $uri $uri/ =404;
        }
}
Leave a comment

PiWik behind proxy in LXC or Qemu

Posted Wednesday 3 June 2015 by Urs Riggenbach.

PiWik can lookup your site visitor’s IPs to geolocate them. But if you’re running PiWik as an LXC container and forward traffic with Apache or Nginx to the container, PiWik thinks you’re coming from the IP the last network interface, eg. 10.0.0.2 or your server’s public facing IP.

I assume that the container runs Debian and you’re running PiWik with Apache.

1. Make sure you forward the original remote IP as HTTP headers to your Piwik install.
If you use NGINX as a proxy, you’d do it as follows:

proxy_set_header X-Real- $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

2. Configure Piwik to use the remote HTTP headers instead of normal ones:

nano /var/www/html/config/config.ini.php

and add these three lines below the [General] settings:

; Uncomment line below if you use a standard proxy
proxy_client_headers[] = HTTP_X_FORWARDED_FOR
proxy_host_headers[] = HTTP_X_FORWARDED_HOST

You may also need to enable the Apache RPAF module.

apt-get install libapache2-mod-rpaf
nano /etc/apache2/mods-enabled/rpaf.conf

Change RPAFproxy_ips setting to include your bridge network’s IP, or public IP depending on your set up, eg. 10.0.0.2

service apache2 restart

Check your PiWik and see visitor’s IPs. PiWik can automatically anonymize IP adresses to retain privacy.

Leave a comment

1 2 3 4 5 6 7

Contact Me

Send me an email to mail@ursrig.com