Linux

Let’s Encrypt certificates with WordPress MultiSite

by on Jan.27, 2020, under Computer Stuff, Linux

Lately, everyone seems to be moving to WordPress. It’s a rock-solid platform for publishing, with a low cost of administration. To securely allow a remote login to your WordPress site, you MUST use an SSL certificate to encrypt the login communications.
I’ve found that LetsEncrypt.org really solves that problem, and with minimal setup required. The biggest catch that I found to using LetsEncrypt.org certificates with my domains was this:
You need a DNS host that supports CAA records.  SSLMate publishes a list of those hosts here.


So first, you MAY need to move your authoritative DNS zone to a host that supports CAA records. I’ll wait.

After that, you need a CAA record for the root of your domain name.
It should look something like this:
@ CAA 6h 0 issue “letsencrypt.org”

Once your record is in place, you can validate it using DNSSpy here

Now that your DNS record is answering correctly, it’s time to address the WordPress installation. WordPress can be installed in any number of ways. I usually use Apache2, MySQL, PHP, etc.. A common Linux LAMP stack.

Traditionally, when installing multiple WordPress sites on the same web server, I’d create a separate virtual host and directory for each site. Things have changed, though, and now, I can use WordPress Multisite. This allows(requires that) all of your sites use the same virtual directory. (In most cases, that’s the main web root of your server. On most Linux OSs, that’s /var/www/html )

For a basic WordPress installation, see this link.
For a deep-dive into the WordPress Network creation and enabling Multisite, see this link.

Since Apache2 comes with a default virtual directory and a default virtual host definition that covers the root of the web server, you don’t *need* to add a virtual host directive for each site you add using WordPress Multisite, because WordPress Multisite handles requests for each site. However, if you want to take advantage of a free, auto-renewing 3-month SSL certificate from Let’s Encrypt, you need an Apache virtualhost entry for each site in WordPress Multisite.
So, we’ve just installed WordPress Multisite, and we’ve created our first site of testdomain.com.
In Apache2 on Ubuntu 18, you need to edit 2 files. They are:

/etc/apache2/sites-available/000-default.conf
/etc/apache2/sites-available/000-default-le-ssl.conf

##/etc/apache2/sites-available/000-default.conf##
(this is the default, leave it alone)
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html <- same root for all sites
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

(you’re going to add this for each new site, changing the site name)
<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerName testdomain.com
ServerAlias www.testdomain.com
DocumentRoot /var/www/html <- same root for all sites
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
<Directory /var/www/html>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
RewriteEngine on
RewriteCond %{SERVER_NAME} =testdomain.com [OR]
RewriteCond %{SERVER_NAME} =www.testdomain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

##/etc/apache2/sites-available/000-default-le-ssl.conf##
<VirtualHost *:443>
ServerAdmin webmaster@localhost
ServerName testdomain.com
DocumentRoot /var/www/html
<Directory /var/www/html>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
</VirtualHost>

After you install and run certbot, you’ll see these lines added to the end of each virtual host in the SSL config file above:
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/testdomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/testdomain.com/privkey.pem

1 Comment more...

Building a linux terminal server with vncserver

by on Jun.09, 2017, under Computer Stuff, Linux

Sometimes you need to allow multiple people to login to a linux server, and run something that requires Xorg/X11/Xwhatever they’re calling it these days. (xenocara if you’re cool ;)
So, from the start. Install your OS, (I’m using Ubuntu) install gnome, xfce4, openssh-server and vncserver, and add your users.

  • Setting up your user accounts for VNCserver

Log in as your first user, and run the command: vncserver in a terminal. This will start an instance of the vncserver, and allocate an available port to you. It should look something like this:

username@laptop:/home/username$ vncserver
You will require a password to access your desktops.

Password: (enter password)

Verify: (verify password)

xauth: file /home/username/.Xauthority does not exist

New 'laptop:1 (username)' desktop is laptop:1

Creating default startup script /home/username/.vnc/xstartup

Starting applications specified in /home/username/.vnc/xstartup

Log file is /home/username/.vnc/laptop:1.log

Immediately after this, you’ll want to kill the server with:

username@laptop:/home/username$ vncserver -kill :1

You’ll want to do that for each user account, so later, we can use their passwd file to start the vncserver as a system service, so it will run the vncserver every time the server boots up. The next user you add and run vncserver for should get port :2 (or, 5902)

We can see that this was the first instance of vncserver to run on this server, because we were assigned port :1 (technically, port 5901)
This will also create the .vnc folder in your home dir. In my case, this is ‘/home/username/.vnc’.  Inside this hidden folder, you’ll find the passwd file you created when setting your password for vncserver, and the xstartup file that is created by default.

It doesn’t tend to be extremely useful out of the box, so we’ll replace the contents of it with this for a Gnome desktop in your vnc session:

#!/bin/sh
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
x-terminal-emulator -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
x-window-manager &
gnome-session &
gnome-panel &
gnome-settings-daemon &
metacity &
nautilus &

Replace it with this for an xfce4 desktop in your vnc session:

#!/bin/sh
unset SESSION_MANAGER

unset DBUS_SESSION_BUS_ADDRESS

startxfce4 &

[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup

[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources

xsetroot -solid grey &

One you’ve got your xstartup configured the way you want it, run vncserver once more, and make sure that you get the desktop you expect when connecting.

Immediately after this, you’ll want to kill the server with:

username@laptop:/home/username$ vncserver -kill :1

  • Configure vncserver as a system service for each user

As of right now, each user would need to first ssh to the server, and start their instance of vncserver manually to take over an X desktop. This is not what we want. We want their individual vncserver instances to run every time the server boots, and this way, we can restart the vncserver instance for each individual user, rather than having to kill the entire server to reset one connection.

For that, we need to install some init scripts in /etc/init.d/ You need to be root to do this, or able to use sudo.

(at this point I wonder if I should outline how to edit files.. I feel like if you’ve read this far, you already know, or are googling it as I speak.. )

username@laptop:/home/username# vi /etc/init.d/vncserver-username

Insert the following into the newly created file:

#!/bin/sh -e
### BEGIN INIT INFO
# Provides: vncserver:1
# Required-Start: networking
# Required-Stop:
# Default-Start: S
# Default-Stop: 0 6
### END INIT INFO

# The Username:Group that will run VNCserver
export USER=”username”
#${RUNAS}

# The display that VNC will use
DISPLAY=”1″

# Color depth (between 8 and 32)
DEPTH=”16″

# The name that the VNC Desktop will have.
NAME=”username on Laptop”

. /lib/lsb/init-functions

case “$1” in
start)
log_action_begin_msg “Starting vncserver for user ‘$USER’ on localhost:$DISPLAY”
su username -c “/usr/bin/vncserver :1 -geometry 1920×1080 -geometry 1280×1024 -geometry 1024×768 -f ~/.vnc/passwd”
;;

stop)
log_action_begin_msg “Stoping vncserver for user ‘$USER’ on localhost:$DISPLAY”
su username -c “/usr/bin/vncserver -kill :1”
;;

restart)
$0 stop
$0 start
;;
esac


exit 0

IMPORTANT: To add another service for another user, you’ll need to copy /etc/init.d/vncserver-username to /etc/init.d/vncserver-newuser, and then edit the file for the new username and port info. Especially important is the “Provides: vncserver:1” line, as this is the name that the system uses to identify the service, and it must be unique for each instance of the service that you want to run. Name each user’s service for the port that they were assigned when they first ran vncserver. So, assuming that newuser got port :2, you’d replace ALL of the “username” with “newuser” and all of the “:1” with “:2”. Read carefully. ;)

Save and exit this file, and then make it executable:
chmod +x /etc/init.d/vncserver-username

Anytime you make a change to the init scripts, you have to tell the system:
systemctl daemon-reload

Now, update the runlevels:
update-rc.d vncserver-username defaults 99

Last, start your system service:
/etc/init.d/vncserver-username start

Comments Off on Building a linux terminal server with vncserver more...

Upgrading VMWare ESXi hosts from the vSphere CLI

by on Jun.25, 2012, under Computer Stuff, Linux

1. Download the vSphere CLI, and the ESXi upgrade file you need from vmware.com.(~200MB)
(install the CLI, and save the ESXi update file as c:update.zip)
2. Place the ESXi host in Maintenance Mode and either power off or migrate all VMs on the host
3. Launch the vSphere CLI. (Start -> All Programs -> VMware -> VMware vSphere CLI -> Command Prompt)
4. type cd bin
5. Enter this command:

## For ESXi 4.x to 5.0:
vihostupdate.pl -b c:esxiupdate.zip -url https://SERVER_NAME_OR_IP/sdk/webservice -i

## For ESXi 5.0 to 5.0.x:
esxcli --server=SERVER_NAME_OR_IP software vib install --depot="[DATASTORE_NAME]esxiupdate.zip"

Provide the root account username and password when prompted.
After the install completes, you will be instructed to reboot your ESXi Host.
After your host comes back, exit maintenance mode, and start up your VMs

**UPDATE for ESXi 5.0 machines**

ESXi 5.0 uses a single installer wizard for fresh installations and upgrades.
ESXi 5.0 also provides a new option for deploying ESXi directly into the host
memory with vSphere Auto Deploy. The vihostupdate and esxupdate utilities
are not supported for ESXi 5.0. You cannot upgrade or migrate to ESXi 5.0 by
using any command-line utility.
After you have upgraded or migrated to
ESXi 5.0, you can upgrade or patch ESXi 5.0 hosts using vCLI esxcli commands

such as:

Install all new VIBs from a ZIP file on the target server, copied into a datastore
esxcli --server=SERVER_NAME_OR_IP software vib install --depot="[DATASTORE_NAME]esxiupdate.zip"

##IMPORTANT##
After you upgrade or migrate your host to ESXi 5.0, you cannot
roll back to your version 4.x ESX or ESXi software. Back up your host before
you perform an upgrade or migration, so that, if the upgrade or migration fails,
you can restore your 4.x host.

Comments Off on Upgrading VMWare ESXi hosts from the vSphere CLI :, more...

DMARC/DKIM is coming. You're all gonna have to learn about encryption.

by on Apr.15, 2012, under Computer Stuff, Linux, Mac OSX, Networking, OpenBSD, Windows Info

HAHAHAHAHAHAHA
Told ya.
Here it comes, check this out. If you work in the technology field, you need to read this:
http://dmarc.org/

Comments Off on DMARC/DKIM is coming. You're all gonna have to learn about encryption. : more...

Ubuntu 11.04 rocks mah werld.

by on May.01, 2011, under Linux

So, a couple of days ago, I did an in-place version upgrade to 11.04 on my laptop.
(Lenovo SL510 Core2Duo, 6GB of RAM, 300gb SATA)
Now, I *use* my laptop.. A lot. Every day. There are several applications at work that require Windows, so I boot virtual machines using Virtualbox, and bridge them to wherever I need them. After upgrading and rebooting, I logged in, and started a Windows 7 Enterprise VM, bridged to the wireless card. It started, I opened a web browser on the VM, and my homepage opened. This is not the cool part. Read on.
In the past, whenever I allowed my laptop to sleep, it would hang the X server, hang the VM, and sometimes even corrupt the disk image that was booted at the time. I haven’t been able to “sleep” this laptop since it was new. It *always* caused problems.
While my laptop was sitting there, freshly upgraded, with the VM booted and running and connected, I had an idea.
“Why not close the lid?” I thought. So, of course, I immediately did. I’m impulsive. whatever. ;)
I fully expected to open it up, have to switch to another virtual terminal, kill the X server, and start over.
This time, however, It. Just. Worked. tm
When I opened the lid, not only did the X server come back quickly, I logged in, was still online, and so was the *STILL WORKING* Windows 7 VM!! I had to do it 3 more times to make sure it wasn’t a fluke!! Since I probably spend somewhere near 6 hours a week shutting it down, and booting it up, this is fantastic!

Canonical rocks! Thank you for this release!!

Comments Off on Ubuntu 11.04 rocks mah werld. : more...

Just installed Virtualbox 4.0 on Ubuntu 10.10

by on Feb.19, 2011, under Linux, Mac OSX, Networking, OpenBSD, Windows Info

Now, with a preview of the running VM!! ;)

1 Comment more...

Linux as a Windows domain member server

by on Sep.06, 2010, under Linux, Networking

I’m not going to try to write a how-to on this, but suffice to say that it finally works!
I configured Samba3, PAM, and Kerberos on Ubuntu 9.10, and I can share folders to Windows client workstations using their existing authentication to the domain controller. I can even set ACLs that seem to be obeyed, and use Windows group membership to determine access rights.
Here are some links with relevant information:

The Samba WIKI (geared towards RHEL, but still helpful.)
How To Integrate Samba Using Active Directory For Authentication (geared towards Gentoo linux, but still helpful)
Ubuntu Samba info

I’ll certainly try to answer any questions you’ve got, just post ’em.

Comments Off on Linux as a Windows domain member server more...

*kick-ass* personal streaming media server

by on Jul.15, 2010, under Amusement, Computer Stuff, Linux

I just installed Ampache on Ubuntu-10.04 LTS. All I can say is WOW. You need this… Right now…
I’ve got an mp3 archive somewhere in the neighborhood of 135GB, making it too large for traditional file sharing.
Ampache is the answer.

Comments Off on *kick-ass* personal streaming media server :, more...

Ubuntu Eye Candy

by on Jul.11, 2009, under Linux

Linux has become a very utilitarian object for me. I use it in lots of places and situations to make life easier. In fact, most large OEM computer manufacturers have realised this, and use/ship Linux boot CDs to install firmware and low-level drivers. (some even facilitate the installation of a Windows OS to disk using GNU tools.)

Anyway, I’ve been running Ubuntu Linux (Intrepid) as a host OS on a Lenovo X61 tablet. It has everything I need for network engineering, security analysis, troubleshooting, and programming, right there up against the hardware. For tasks requiring the use of Windows, I can boot a virtual machine in Virtualbox, and use that. Today, after booting up, I noticed that I’ve been running the default Intrepid theme since install. I decided it’s time for a change. I went looking for themes, and found:

The Bisigi Project

Nice work, Mr. Vogelweith. Easy to install, beautiful to see. Thank you for sharing. I hope you don’t mind that I changed your logo just slightly, it wouldn’t show up here otherwise!

Comments Off on Ubuntu Eye Candy more...

Antivirus on Linux

by on Feb.26, 2009, under Amusement, Linux

antivirus on linux is like lipstick on a pig… sure, you can put it there, but it’s a waste of time, and it annoys the pig…

1 Comment more...


Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

CryptedNets is proudly powered by

Entries (RSS) and Comments (RSS)
Register - Login

Visit our friends!

A few highly recommended friends...