Nagios – New installation on Debian 9

If you have to install a really great network those such as Nagios those will be steps needed:

1.Installing Apache2 + PHP (Skip if you already have one):

2.Installing Nagios core:

3.Installing Nagios Plugins (needed !)

4.Enable SSL for Nagios (and not only)

 

 

Facebooktwittergoogle_plusreddit

Let’s Encrypt – Error using old version

Using the old bash script for automatic renewal sometimes fail with this error (or similar one):

This is probably result of two things:

  1. Let’s Encrypt enforce limits on request count and domain count
  2. The official letsencrypt client change to certbot and is ported to few distros

If you are using Debian 8 with apache this is now the recommended way to renew certs:

For other configuration check https://certbot.eff.org/

Facebooktwittergoogle_plusreddit

GoGS with Apache2

First let us enable few modules that will be needed:

Sample vhosta config file for apache2:

Let us assure that gogs is running and the restart apache

 

To install gogs as service we need to create file, enable it and run:

 

Facebooktwittergoogle_plusreddit

Let’s encrypt – Green lock icon for ours web page – free SSL certificates

Let’s encrypt was created with one goal in mind, which was create secure platform that will give everybody ability to create valid certificates that we could use to enforce secure for ours web pages. That way our www can established secure and private connections with visitors so both sides will have benefits. Making all certificates generated this way valid we gain the ‘green lock icon’ in URL bar in web browsers, so every visitor don’t have to be scared away with big red warning message about unknown certificated being use (like it would when we use self-signed certificates)

On beginning I would suggest to read Apache Part 2: Enable SSL if you didn’t enabled SSL for your vhosts and also we will need self-signed certificates for full process to complete.

For now, as its 03/18/2016 letsencrypt allow for automatic certificates installation on Debian/Ubuntu platforms with Apache2 (as web server), and rest platforms/web servers are supported via manual installation.

Preparation

First step is to install git client, if we didn’t already:

Next we need to download latest letsencrypt script, which will help us with signing process:

If we ever need to update letsencrypt we would need to invoke just ‘pull’ command in git client like this:

If in middle of updating with git pull we will encounter message about local modification made by us, then there is a quick&dirty fix for that:

 

Lets Go!

Method 1: Automatically configure everything (Apache 2 + Debian/Ubuntu)

 

Method 2: Obtaining certificates for web server without automatic installation (webroot module)

 

Method 3: Obtaining certificates without using your web server but instead using build-in one (standalone module)

 

If we are using ‘apache’ module everything should work right away, in other case you need to manually add certificates in configure files of your vhosts.

Certificates are saves inside: /etc/letsencrypt/archive but the best is to use sym-links that are created in /etc/letsencrypt/live/

 

Renewing certificates!?

For now (03/18/2016) certificates created with Let’s Encrypt are valid for 90days. Renewing them is more like creating new ones. This process can be made by hand or with use of script proposed by Let’s Encrypt themself .

At first we can make dry run to see if there will be any errors while renewing certs:

If command was successful we can skip the –dry-run argument:

 

Command ‘renew’ use the last saved settings for creating certificates, so if we would like to use stronger encryption by using longer RSA key we can do it by:

 

While renewing certificates application check if valid date have passed. If not them script will skip renewing for that certificate, but we can force it by adding argument ‘--force-renew':

 

Automatic renewing 🙂

This is a copy of script from https://letsencrypt.org

We need to add script to cron, so we won’t need to remember about this

This way cron will try to renew every certificate we use each hour.

 

We could also skip this script and take other approach which is using cron with force-renewal argument:

This way each first day of month there will be generated new certificate for our domains. We go 90days to that so in theory we got 3 tries before our certificate became invalid.

 

Revoking certificate:

 

Update 06/11/2016:

You can update letsencrypt client, you need to run git command

While doing it you can hit on error saying that your local version is modified and you need to commit those changes. The simples way to fix this is reset your local repo:

 

Update 04/08/2017:

letsencrypt change name to certbot

Facebooktwittergoogle_plusreddit

Linux – Apache Part 4: MySQL and MariaDB Database

MariaDB and MySQL are both compatible with each other, the decision is on system administrator which one will be used.

MariaDB instalation:

 

MySQL Instalation:

 

You can always go back and check those posts:

Linux – Apache Part 1: Instalation and configuration

Linux – Apache Part 2: Enable SSL

Linux – Apache Part 3: PHP

 

After now your server should be ready to use 🙂

 

Facebooktwittergoogle_plusreddit

Linux – Apache Part 3: PHP

Enabling PHP for Apache server is trivial.

Lets check if PHP really works:

Use browser to check your info.php to confirm that php is up and running on your apache server.

 

You can always go back to check those steps:

You can always go back and check those posts:

Linux – Apache Part 1: Instalation and configuration

Linux – Apache Part 2: Enable SSL

Or go forward:

Linux – Apache Part 4: MySQL and MariaDB Database

Facebooktwittergoogle_plusreddit

Linux – Apache Part 2: Enable SSL

There are multiply reasons why you would like to use ssl for your http and create usable https for you and your viewers.

This post is about SSL configuration for your working www server. If you didn’t setup one right now please go back to this post: Linux – Apache Part 1: Instalation and configuration

Lets begin:

You can always go back and check those posts:

Linux – Apache Part 1: Instalation and configuration

or foward:

Linux – Apache Part 2: Enable SSL

Linux – Apache Part 3: PHP

Linux – Apache Part 4: MySQL and MariaDB Database

Facebooktwittergoogle_plusreddit

Linux – Apache Part 1: Instalation and configuration

Our own www server is sometimes needed when building webapp, it is also used in internal like in external networks.

Here is as simple recipe for it:

This configuration is proper for local use.

But if your server will be available outside your network then make those also:

Next parts:

Linux – Apache Part 2: Enable SSL

Linux – Apache Part 3: PHP

Linux – Apache Part 4: MySQL and MariaDB Database

 

Facebooktwittergoogle_plusreddit