Skip to content

QUICK: let’s encrypt cert-auto : auto generate + config + run ssl certificates for nginx and apache on Linux Only

let’s encrypt cert-auto :

auto generate + config + run ssl certificates for nginx and apache on Linux Only

 

# curl https://dl.eff.org/certbot-auto -o certbot-auto

% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 57312 100 57312 0 0 10055 0 0:00:05 0:00:05 –:–:– 13684

# chmod +x certbot-auto
# ./certbot-auto

Bootstrapping dependencies for Debian-based OSes… (you can skip this with –no-bootstrap)

Enter email address (used for urgent renewal and security notices) (Enter ‘c’ to
cancel): ……..@remote-admins.com

(A)gree/(C)ancel: A


(Y)es/(N)o: N

Which names would you like to activate HTTPS for?
——————————————————————————-
1: …………….
2: …………….
3: …………….
4: tickets.remote-admins.com
——————————————————————————-

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel): 3 4

Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for …………………
tls-sni-01 challenge for tickets.remote-admins.com
Enabled Apache socache_shmcb module
Enabled Apache ssl module
Waiting for verification…
Cleaning up challenges….

……… some other lines of info, if interaction: read and then do

…………………………………………………………………………………………………….
Created an SSL vhost at /etc/apache2/sites-enabled/004-tickets-le-ssl.conf
Deploying Certificate for tickets.remote-admins.com to VirtualHost /etc/apache2/sites-enabled/004-tickets-le-ssl.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
——————————————————————————-
1: No redirect – Make no further changes to the webserver configuration.
2: Redirect – Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you’re confident your site works on HTTPS. You can undo this
change by editing your web server’s configuration.
——————————————————————————-

Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2

Redirecting vhost in /etc/apache2/sites-enabled/000-default.conf to ssl vhost in /etc/apache2/sites-enabled/000-………………….-le-ssl.conf
Redirecting vhost in /etc/apache2/sites-enabled/004-tickets.conf to ssl vhost in /etc/apache2/sites-enabled/004-tickets-le-ssl.conf

——————————————————————————-
Congratulations! You have successfully enabled https://………………………….
and https://tickets.remote-admins.com

and that’s all.

Thats a cheatsheet shit, please if you  copy/paste do not flood me with questions.

If anything goes wrong  you will have to search for sysadmin

Advertisements

FIX: GPG error: http://www.deb-multimedia.org jessie InRelease: The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY 5C808C2B65558117

……on the command line:

The Reason:
# apt-get update
The Error:
 W: GPG error: http://www.deb-multimedia.org jessie InRelease: The following signatures   couldn’t be verified because the public key is not available: NO_PUBKEY  5C808C2B65558117

The Solution:
 # apt-get install deb-multimedia-keyring
# apt-get update

FIX: Windows Server 2016 Auto Restarting with Reason Code: 0x80020010 (or HOWTO: stop WinSRV2016 autoUpdates and autoRestarts!!)

The EventLog logged event by the issue is:

The process C:\WINDOWS\system32\svchost.exe (“servername”) has initiated the restart of computer “servername” on behalf of user NT AUTHORITY\SYSTEM for the following reason: Operating System: Service pack (Planned)
Reason Code: 0x80020010
Shutdown Type: restart

After Disabling of Automatic Updates in Settings/WindowsUpdates in the local Settings interface ‘Settings’ , the server continue to auto update critical updates and auto-restart after it, WITHOUT any notification.

Here is howto stop this madness!?. There are some other methods described in windows documentation ( read the docs: https://docs.microsoft.com/en-us/windows/deployment/update/waas-wu-settings ), but still to edit the Group Policy is best practice for managing windows updates in details, granular.

so, Open the Edit Group Policy interface, and navigate to:

Computer Configuration\Administrative Templates\Windows Components\Windows update\Configure Automatic Update , the set it to ENABLE and choose OPTION 2.

and that’s should be what it says to be, but still , i will update this post if it’s not. 🙂

Here is a Exported_list file from the particular section, you can just import with in your group policy

Aaand The Exported Export-List txt file content:

Setting State Comment
Defer Windows Updates
Setting State Comment
Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box Not configured No
Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box Not configured No
Enabling Windows Update Power Management to automatically wake up the system to install scheduled updates Not configured No
Turn off auto-restart for updates during active hours Not configured No
Always automatically restart at the scheduled time Not configured No
Specify deadline before auto-restart for update installation Not configured No
Configure Automatic Updates Enabled Yes
Specify intranet Microsoft update service location Not configured No
Automatic Updates detection frequency Not configured No
Do not allow update deferral policies to cause scans against Windows Update Not configured No
Remove access to use all Windows Update features Not configured No
Do not connect to any Windows Update Internet locations Not configured No
Allow non-administrators to receive update notifications Not configured No
Do not include drivers with Windows Updates Enabled Yes
Turn on Software Notifications Not configured No
Allow Automatic Updates immediate installation Not configured No
Turn on recommended updates via Automatic Updates Not configured No
No auto-restart with logged on users for scheduled automatic updates installations Not configured No
Re-prompt for restart with scheduled installations Not configured No
Delay Restart for scheduled installations Not configured No
Reschedule Automatic Updates scheduled installations Not configured No
Enable client-side targeting Not configured No
Allow signed updates from an intranet Microsoft update service location Not configured No

rom the original microsoft’s doc, here is some details about the configured OPTION 2:

Read more…

HOWTO: Windows Server Hyper-V in Hyper-V a.k.a. Windows Server Nested Virtualization

The requirements are:

  • A Hyper-V host running Windows Server 2016 or Windows 10 Anniversary Update.
  • A Hyper-V VM running Windows Server 2016 or Windows 10 Anniversary Update.
  • A Hyper-V VM with configuration version 8.0 or greater.
  • An Intel processor with VT-x and EPT technology.

So, the only thing you have to do is to:

  1. Install windows server 2016 and add the Hyper-V role
  2. Enter the powershell command:
    Set-VMProcessor -VMName <VMName> -ExposeVirtualizationExtensions $true

Then in virtual Machines Server Manager, add the Hyper-V role

 

hint: to disabled nested virtualization enter powershell command:

Set-VMProcessor -VMName <VMName> -ExposeVirtualizationExtensions $false

 

but not least, please read the full user-guide: https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/user-guide/nested-virtualization

FIX: Windows Server 2016 AutoRestarting with Reason Code: 0x80020010

Windows Server 2016 secret auto restarts after secret autoupdates

From The Event Log:

The process C:\Windows\system32\svchost.exe (PLATFORM) has initiated the restart of computer PLATFORM on behalf of user NT AUTHORITY\SYSTEM for the following reason: Operating System: Service pack (Planned)
 Reason Code: 0x80020010
 Shutdown Type: restart
 Comment:

 

The Problem Descriped and Solution Explain in microsoft tech blog:

Read more…

FIX: NGINX Log: an upstream response is buffered to a temporary file /var/cache/nginx/fastcgi_temp/1/05/0000000051 while reading upstream

The warning message in the nginx error.log:

[warn] 13081#13081: *1964 an upstream response is buffered to a temporary file /var/cache/nginx/fastcgi_temp/1/05/0000000051 while reading upstream, client: 78.90.167.79, server: http://www.domain.com, request: “GET / HTTP/1.1”, upstream: “fastcgi://10.11.12.141:10080”, host: “www.domain.com”

The solution:

fastcgi_buffers 8 4k;

The info:

http://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_buffers

and link on pretty-well description:

QUICK HOWTO: ( 2x Nginx Balancers + 2x PHP-FPM Backends + 1x PostgreSQL ) – Websites needs PHP Performance

This is not howto. That’s only a reminder on centos6.7, nginx, php-fpm and pgsql. All the ‘examples’ are commands recorded in shell history.

So, The ‘infrastructure’ include 2x Centos 6.7 hosts for Web (http/https) running Nginx and PHP,  and 1x Centos 6.7 host for central db , running on PostgreSQL.

  1. Some Initial configs, startup configs, firewall, yum reposiptables-save during the setup:
iptables-save during the setup:
............
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m multiport --dports 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m multiport --dports 80,443 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

selinux during the setup

[root@web2 ~]# setenforce 0

repos needed for the setup ( nginx and php5.6 ):

Read more…