Tag Cloud
Currently Reading
Latest Book Reviews
- Certified Kubernetes Application Developer (CKAD) Study Guide, 2nd Edition Posted on January 11, 2025
- Rancher Deep Dive Posted on March 31, 2023
- Leveraging Kustomize for Kubernetes Manifests Posted on March 24, 2023
- Automating Workflows with GitHub Actions Posted on October 13, 2022
- Deep-Dive Terraform on Azure Posted on August 30, 2022 All Book Reviews
Latest Posts
- Installing gmond in Solaris 11 Posted on March 1, 2014
- Setting up a Git Server in CentOS 6.5 Posted on February 18, 2014
- Securing the WordPress Admin Dashboard Posted on February 15, 2014
- Reverse SSL Proxy with Nginx Posted on February 15, 2014
- Problems installing Chrome on OpenSuSE 13.1 Posted on January 6, 2014
March 1, 2014
Installing gmond in Solaris 11
by Alpha01
Package is installed using OpenCSW
Install the installation source
root@solaris:~# pkgadd -d http://get.opencsw.org/now
I updated my PATH via ~/.profile
export PATH=/usr/bin:/usr/sbin:/opt/csw/bin
Install the CSWgangliaagent package
root@solaris:~# pkgutil --install CSWgangliaagent
Enable the service in SMF
root@solaris:~# svcadm enable svc:/network/cswgmond:default
solaris ganglia February 18, 2014
Setting up a Git Server in CentOS 6.5
by Alpha01
1). Install git
[root@svn ~]# yum install git
2). Add the developers group, all git users will be part of this group.
[root@svn ~]# groupadd developers
3). Create the git user which will own all the repos.
[root@svn ~]# useradd -s /sbin/nologin -g developers git
[root@svn ~]# passwd git
Changing password for user git.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
4). Update Permissions.
[root@svn ~]# chmod 2770 /home/git/
5). Create an empty Git repo.
[root@svn project1]# git init --bare --shared
Initialized empty shared Git repository in /home/git/project1/
6). Update file ownership and permissions.
[root@svn project1]# chown -R git .
[root@svn project1]# chmod 2770 /home/git/project1
7). Create a git user account.
[root@svn git]# useradd -s /usr/bin/git-shell -g developers -d /home/git tony
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
[root@svn git]# passwd tony
Changing password for user tony.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
Usage
At this point a regular user should be able to checkout the project1 repo from the Git server.
tony@apha05:~$ mkdir ~/testing_shit/git_test
tony@apha05:~$ cd ~/testing_shit/git_test && git init
tony@apha05:~/testing_shit/git_test$ git remote add origin tony@svn:/home/git/project1
Note: Interestingly enough, an initial first commit has to be made onto the repo in order for any regular user to be able to push the repo, ie master branch. I received the following error when trying do so.
Error
tony@apha05:~/testing_shit/git_test$ git push origin master
tony@svn's password:
error: src refspec master does not match any.
error: failed to push some refs to 'tony@svn:/home/git/project1'
Fix
tony@apha05:~/testing_shit/git_test$ git commit -m 'Initial'
[master (root-commit) 7bb7337] Initial
1 file changed, 0 insertions(+), 0 deletions(-)
create mode 100644 README.txt
tony@apha05:~/testing_shit/git_test$ git push origin master
tony@svn's password:
Counting objects: 3, done.
Writing objects: 100% (3/3), 209 bytes | 0 bytes/s, done.
Total 3 (delta 0), reused 0 (delta 0)
To tony@svn:/home/git/project1
* [new branch] master -> master
git centos February 15, 2014
Securing the WordPress Admin Dashboard
by Alpha01
So the primary reason why I wanted to add SSL support to www.rubyninja.org is because I want all my /wp-admin traffic to be served securely.
Configuring WordPress to force the login page and all wp-admin traffic to be served over SSL is simply just a matter of defining the FORCE_SSL_LOGIN and FORCE_SSL_ADMIN constants in wp-config.php.
define( 'FORCE_SSL_LOGIN', true );
define( 'FORCE_SSL_ADMIN', true );
wordpress February 15, 2014
Reverse SSL Proxy with Nginx
by Alpha01
Nginx is turning to be an awesome SSL reverse proxy server, although I can’t say I’ve really put it to real heavy duty use or how it well scale since my sites have relatively slow traffic. Thus said, a reverse SSL proxy using Nginx is working flawless in my environment!
Since all of my sites are being served within a KVM guest using NAT networking, all SSL traffic has to go through the KVM host of which Nginx is being used to proxy the requests to the guest KVM. Nginx is awesome since it supports specifying multiple server blocks (think of virtual hosts in Apache) set to listen on port 443 within the main http block. With this configuration available, it is possible to specify different reverse proxy end points.
On my server I have enabled SSL for www.rubysecurity.org and www.rubyninja.org.
First thing I needed to do is to map the sites local IPs to the KVM hosts file.
192.168.100.208 rubysecurity.org www.rubysecurity.org
192.168.100.209 rubyninja.org www.rubyninja.org
Then configure nginx.conf (sample server blocks):
server {
listen 443;
server_name www.rubysecurity.org;
ssl on;
ssl_certificate /etc/nginx/certs/www.rubysecurity.org.bundled.crt;
ssl_certificate_key /etc/nginx/certs/www.rubysecurity.org.key;
location / {
proxy_pass https://www.rubysecurity.org;
### Set headers ####
proxy_set_header Accept-Encoding "";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header X-Forwarded-Proto https;##
#This is better##
proxy_set_header X-Forwarded-Proto $scheme;
add_header Front-End-Https on;
# We expect the downsteam servers to redirect to the right hostname, so don't do any rewrites here.
proxy_redirect off;
}
}
server {
listen 443;
server_name www.rubyninja.org;
ssl on;
ssl_certificate /etc/nginx/certs/www.rubyninja.org.bundled.crt;
ssl_certificate_key /etc/nginx/certs/www.rubyninja.org.key;
location / {
proxy_pass https://www.rubyninja.org;
### Set headers ####
proxy_set_header Accept-Encoding "";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header X-Forwarded-Proto https;##
#This is better##
proxy_set_header X-Forwarded-Proto $scheme;
#add_header Front-End-Https on;
# We expect the downsteam servers to redirect to the right hostname, so don't do any rewrites here.
proxy_redirect off;
}
}
One interesting thing in Nginx with SSL is that it doesn’t have a dedicated Certificate Authority (CA) ssl certificate directive, unlike SSLCACertificateFile in Apache. Instead the CA certificate has to be bundled with the public ssl certificate, which it’s really not a big deal given that multiple CA’s tend to bundle their intermediate CA certificates similarly.
security nginx January 6, 2014
Problems installing Chrome on OpenSuSE 13.1
by Alpha01
Error
linux-5n99:/home/tony/Downloads # rpm -ivh google-chrome-stable_current_x86_64.rpm
warning: google-chrome-stable_current_x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 7fac5991: NOKEY
error: Failed dependencies:
lsb >= 4.0 is needed by google-chrome-stable-31.0.1650.63-1.x86_64
Fix
linux-5n99:/home/tony/Downloads # yast --install lsb
opensuse