05.20.08
Posted in Debian, Linux at 11:08 pm by Hedwig Lodrigo
This is in now way the definitive guide to getting ssl to work on your host. This is what worked for me.
First you need to get openssl
apt-get install openssl ssl-cert
Generate a self signed cert. This will protect your traffic however it will give warning in the browser of the user.
If you don’t want these warnings you will have to get a cert from a trusted certificate authority.
openssl req $@ -new -x509 -days 365 -nodes -out /etc/apache2/apache.pem -keyout /etc/apache2/apache.pem
It will ask some questions, you can fill in what you want on most of them, however
Common Name (eg, YOUR name) []: *.yoursite.com
Make sure you give the name of your top level domain there.
Give the pem file the right permissions:
chmod 600 /etc/apache2/apache.pem
You want the server to listen on the ssl port, so you change /etc/apache2/ports.conf to
Listen 80
Listen 443
You add the Listen 443 line.
Now you want have to edit the default file
vi /etc/apache2/sites-available/default
Change
NameVirtualHost *
To
NameVirtualHost *:80
NameVirtualHost *:443
I looked long for this part, for some reason I have to add this to my default file, else ssl doesn’t work on my
other virtual hosts.
SSLCertificateFile /etc/apache2/apache.pem
SSLEngine On
Then you have to
add
SSLEngine on
SSLCertificateFile /etc/apache2/apache.pem
to the definition of your host which you want to run with ssl.
sample:
ServerName sample.com
#other directives
SSLEngine on
SSLCertificateFile /etc/apache2/apache.pem
SSLCertificateKeyFile /etc/apache2/apache.pem
/etc/init.d/apache2 restart
That’s it.
Permalink
05.18.08
Posted in Debian, Linux, Miscellaneous, windows at 3:53 pm by Hedwig Lodrigo
GIT Version system
Git is a distributed file versioning system. It was initially created by Linus Torvalds. Linus is better known for the creation of linux.
This is some quick guide on getting started with GIT for people with a windows desktop and a linux server.
Download the windows GUI version of git from http://code.google.com/p/msysgit/downloads/list
Install it.
To create a new repository, only needed if you are starting a new project. If you are going to contribute to a existing project skip to the next section
Open a command line. navigate to the place where you want to start a new repository. Create a new directory for the repo.
sample:
md init_repo
cd init_repo
git init
cd ..
git clone –bare init_repo repo.git
Now upload the repo.git directory to your webserver. I do this with winscp, but you can use whatever way you like.
SSH into your server. Install git
example:
apt-get install git-core
To get a existing git repo.
Open a command line.
Navigate to the directory where you want to have the repo.
git clone ssh://username@host.com/path_to_git_repo
I’m using ssh instead of the daemon as I don’t really see an option to password protect the repo.
Permalink
07.16.07
Posted in Debian, Linux at 10:44 pm by Hedwig Lodrigo
Installing programs without a package manager.
I have been a webmaster for about two years now. But webmaser doesn’t really describe my level of proficiency with managing a linux server.
Truth be told, I got my linux server with LAMP on it out of the box. So I had to install very little on it. It’s a webserver not a desktop.
And when I had to install stuff manually I just wgeted the tar file which was needed, prayed to the gods that be, and did the configure, make and make install.
Now I have a new web server and I’m installing it from scratch and while I was installing some un named obscure software. My friend, which I ‘ll hereafter refer to by the name of Payne, was watching my shell session so he could aid me. And when I did my configure, make, make install routine he uttered NOooooooooo. Turns out that installing it like that is just a bad practice. Many of the thousands of people who ‘ll read this will frown and be slightly stunned, isn’t that how most of the people are doing this?
The good
You should download the source do a
configure
make
Explaining the debuild process is a bit large so I won’t get into it, but to summeraize it:
When you look at your software and you see a debian directory then it has already everything which is needed to turn it into a package with debuild.
You just launch debuild and when everything goes well you get a debian package in the parent directory.
The Bad
configure
make
make install
What makes this bad is that you bypass the package management system. Which means that package management doesn’t know about the
software you just installed. Later on you can install the same software through the packet manager. Then you end up with 2 versions in 2 different locations. The make install method doesn’t take care of dependencies. When you want to uninstall libraries which your make install software depend on
you will get no warning. After you uninstalled it, you will be baffled to find out your ‘make install’ software stopped working. Last problem with this method is uninstalling of the software itself. Other software can depend on it. So when you uninstall this software you can run into the same trouble as mentioned before.
The Ugly
configure –sysconfdir=/etc –prefix /usr/xx
make
checkinstall -D make install
Answer the question ‘The package documentation directory ./doc-pak does not exist.
Should I create a default set of package docs? [y]:’ with ‘y’ .
Enter a description for your package.
Fill in what you like, need. In the end press enter to continue.
Your software is installed and a Debian package is created, you can find in the installation directory.
You can use this package on other pc’s
dpkg -i /path/to/software.deb
Uninstalling can be done by call the dpkg with -r parameter.
dpkg -r the_software
This is the ugly way because your package does not come with dependency checks nor does it come with our of the box init scripts.
Permalink
06.23.07
Posted in Debian, Linux at 2:22 pm by Hedwig Lodrigo
This is a small howto on getting a ftp server on your linux box. After we got it on the box we want to config it. The way we config it is far from a definite guide to security 
If you are concerned about security you should not run a common ftp server without sll encryption in the first place. The ftp protocol sends user/password in plain text! That is why I opt not to set the ftp server up with the normal shell logins but with a speparate file in which the ftp users and passwords are stored.
First get the package
apt-get install proftpd
This installs the ftpd server and even creates a default config located at /etc/proftpd.conf.
Open up this file with your favorite text editor. And add the following 2 lines.
SystemLog /var/log/proftpd/system.log
AuthUserFile /etc/ftpd.passwd
The SystemLog directive sets up logging to /var/log/proftpd/system.log. This is handy when you get errors or want to audit the ftp server you can do it by checking this file.
AuthUserFile sets up the separate password file .
The server should be ok now. We only have to add users. On the shell go to /etc and execute the following commands.
mkdir /home/itkb
ftpasswd –passwd –name=itlk –uid=1002 –home=/home/itkb –shell=/bin/bash
You will be prompted for a password. Once you have done this you created a user itkb who can read files from /home/itkb.
Permalink