HOWTO: APACHE – permanent redirect to another server & port

I’m using CentOS 7.2 & the corresponding layout as seen here.

So, I have a few VMs that host sites and I elected *not* to move on with AWS due to my very strained budget and it’s using Ubuntu and docker.
That being said, I kept an Ubuntu VM and it can’t share port 80 due to just a single Internet connection inbound and I was forced to make changes.

Here’s what I did to get around it (mind you, none of this is actual):

Take your /etc/httpd/sites-enabled file and make some additions:

# cat blog-toloughlin.conf

ServerName blog.toloughlin.com
ServerAlias blog.toloughlin.com
RedirectPermanent / http://www.blog.toloughlin.com:81
# optionally add an AccessLog directive for
# logging the requests and do some statistics
Next time you visit that domain, it’ll push the traffic back to port 81 (translated by your router).

Caveat: you’ll see :81 in your URL bar and some of your site may not work correctly (things coded to use the domain & no port numbers).

It’s hackey, but it works … fairly well.

corrupted or tampered with during downloading ???

Well, I guess it’s common now to see this when trying to install OS X. My example happened when I tried to install El Capitan, fresh (no upgrade) on a newly formatted SSD – and had me scratching my bean.

I got this:
This copy of the Install OS X El Capitan application can't be verified. It may have been corrupted or tampered with during downloading

People have identified the need to set the clock back via Terminal, right before you install the OS after boot-up.

I checked my time & it was spot on (although it thought I was on the Left Coast, which I’m not).

I COULD have ran the infamous date command (date MMDDHHmmYY), but elected not to.

I deleted the installer and downloaded El Capitan yet again. Guess what? It worked.

Here is what I’m thinking. If you download & set it aside for a while, you need to roll your clock back. If not, you’re good to go.

So if you don’t have the luxury of downloading the OS again, see what the time/date stamp shows up as and set the date back to a week later than that and you should be all set.

So, if you see this (for example):

But it’s April, 2016 now … run:
date 0401101016

Exit the Terminal App and try the install again.

HOWTO: MOSH – when you need to SSH and there’s intermittent connectivity problems

Read about is here: https://mosh.mit.edu/

I loaded it up on RHEL 7.2, and here’s the process that I went through …

Add pre-requisite packages:
yum -y install git protobuf-c autoconf automake wget bzip2 gcc-c++ zlib-devel libutempter ncurses-devel openssl-devel net-tools

Run all of these commands:

PREFIX=$HOME
wget http://protobuf.googlecode.com/files/protobuf-2.4.1.tar.bz2
tar -xf protobuf-2.4.1.tar.bz2
cd protobuf-2.4.1
./configure --prefix=$PREFIX
make
make install

export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:/root/lib/pkgconfig

$ git clone https://github.com/mobile-shell/mosh
$ cd mosh
$ ./autogen.sh
$ ./configure
$ make
# make install

echo "export LD_LIBRARY_PATH=/root/lib" >> ~/.bashrc ; source ~/.bashrc

firewall-cmd –add-port=60000-61000/udp

Have you heard that RHEL is available ‘free’ for your Development Environment?

It sure is – woo hoo!

Dance on over to https://developer.redhat.com, sign up and accept their terms.

You can then download the latest ISO (7.2 at the time of this writing) and load it up on a server or VM. Make sure you select “Developer Tools” during the installation.

If you selected Basic (no GUI), you’ll need to run a few extra steps after installing, in order to get your yum updates.

First:

# subscription-manager register

Registering to: subscription.rhn.redhat.com:443/subscription
Username: your new shiny name
Password:
The system has been registered with ID: XXXXXXXX

Then:

# subscription-manager attach

 

Installed Product Current Status:
Product Name: Red Hat Enterprise Linux Server
Status: Subscribed

Finally:

# subscription-manager repos --enable=rhel-server-rhscl-7-rpms
# subscription-manager repos --enable=rhel-7-server-optional-rpms
# subscription-manager repos --enable=rhel-7-server-extras-rpms

 



Now don’t be a jerk and try to use it in production; all it takes is one support call and accidentally outing yourself to cause your entire company to be forced to conduct a licensing audit.  That won’t be fun. 

HOWTO: firewalld – allowing individual host access

So, you’re rolling out a new webserver and want only certain people to take a look at the content? Here’s how you do it.
CentOS 7.2 is the OS being used.

What zone are you in?
[root@blog-test ~]# firewall-cmd --get-default-zone
public

OK, let’s make a new zone:

firewall-cmd --permanent --new-zone=blog
systemctl reload firewalld

Now, let’s add your IP & a friends IP to start testing … given you’re using apache & it’s still on port 80:

firewall-cmd --permanent --zone=blog --add-source=YOUR_IP/32
firewall-cmd --permanent --zone=blog --add-source=FRIENDS_IP/32
firewall-cmd --permanent --zone=blog --add-port=80/tcp

NOTE:  If you are using that port in another zone, remove it from that other zone first, because it can’t be in 2 zones at once.

That’s all there is. Move along now.

 

Windows 7 – Can’t Check for Updates

So, I booted up a Win7 VM that hasn’t been online in 11 months — Windows Update won’t work!

Microsoft was nice enough to give me this message:

Windows Update Cannot Check For Updates, Because The Service Is Not Running

I tried letting Microsoft “fix it for me” from this page, but it didn’t work:
https://support.microsoft.com/en-us/kb/2730071

Here’s the fix.

Start -> type cmd
Right-click on cmd and click on: Run as administrator
Type the following lines, hitting enter after each one:

net stop wuauserv
cd %systemroot%
ren SoftwareDistribution SoftwareDistribution.bad
net start wuauserv

Launch Windows Update again – and — let the updates begin!

Need WordPress to send email, but you’re on Comcast?

Sending mail with Comcast as your ISP – this is on CentOS 7.2.

Install:
# yum install cyrus-sasl{,-plain}

Edit /etc/postfix/main.cf and insert the following below the other ‘relayhost’ references:
relayhost = [smtp.comcast.net]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/smtp_password
smtp_sasl_security_options =

Note: smtp_sasl_security_options = … is intentionally blank.

Edit:
/etc/postfix/smtp_password and insert:
[smtp.comcast.net]:587
username@comcast.net:password

Lock down the perms:
# chmod 600 /etc/postfix/smtp_password

Run:
postmap hash:/etc/postfix/smtp_password

Create a localhost-rewrite rule. This must be done, or else the Comcast SMTP server will reject your mail as coming from an invalid domain. Insert the following into:
/etc/postfix/sender_rewrite:
/^([^@]*)@.*$/ $1@<
your_domain_here>.com

Allow SELinux to accept apache’s access to send mail:
# setsebool -P httpd_can_sendmail 1

Restart postfix:
# systemctl restart postfix

Test. If it fails, tail /var/log/maillog!

** NEW INFO **
I had some troubles with this (mail still showing root@localhost in the maillog) – and here were a few more steps, if that doesn’t completely work.

vi /etc/postfix/sender_canonical

… and insert the following, to make “root” appear to be the “wordpressuser” on outbound mail. This should have been rewritten by the rule up above, but it wasn’t doing it.

root wordpressuser@yourdomain.com

Create /etc/postfix/sender_canonical.db file
postmap hash:/etc/postfix/sender_canonical

Add sender_canonical variable to /etc/postfix/main.cf
postconf -e "sender_canonical_maps=hash:/etc/postfix/sender_canonical"

Restart postfix:
# systemctl restart postfix

Do you want to build a WordPress …… (site)?

Welcome.

Here’s a build-out on CentOS 7.2.

Install just the core, then add packages as needed – as you see below:

[root@wordpress-server ~]# yum update -y
[root@wordpress-server ~]# yum install bash-completion -y
[root@wordpress-server ~]# systemctl reboot

[root@wordpress-server ~]# yum install httpd php php-gd mariadb mariadb-server php-mysql rsync wget -y
[root@wordpress-server ~]# systemctl start httpd mariadb
[root@wordpress-server ~]# systemctl enable httpd mariadb

[root@wordpress-server ~]# firewall-cmd –add-service=http
[root@wordpress-server ~]# firewall-cmd –add-service=http –permanent

Set passwords for MySql / MariaDB:

[root@wordpress-server ~]# mysql_secure_installation

Set root password? [Y/n] Y
New password:
Re-enter new password:
Password updated successfully!

Remove anonymous users? [Y/n] Y
… Success!

Disallow root login remotely? [Y/n] n
… skipping.

Remove test database and access to it? [Y/n] Y
– Dropping test database…
… Success!
– Removing privileges on test database…
… Success!

Reload privilege tables now? [Y/n] Y
… Success!

[root@wordpress-server ~]# mysql -u root -p
Enter password:

MariaDB [(none)]> create database wp_site_1;
Query OK, 1 row affected (0.01 sec)

MariaDB [(none)]> create user wordpressadmin@localhost identified by ‘pass_from_above’;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> grant all privileges on wp_site_1.* to wordpressadmin@localhost identified by ‘pass_from_above’;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> exit
Bye

[root@wordpress-server ~]# groupadd wp

[root@wordpress-server ~]# wget http://wordpress.org/latest.tar.gz

[root@wordpress-server html]# tar zxvf latest.tar.gz

in /var/www/html:
root@wordpress-server html]# mkdir site_1

Copy software to the new directory:
[root@wordpress-server ~]# rsync -aP /root/wordpress/ /var/www/html/site_1/

Fix ownership:
[root@wordpress-server html]# chown -R apache.wp *
drwxr-xr-x. 5 apache wp 4096 Feb 2 12:12 site_1

[root@wordpress-server site_1]# cp wp-config-sample.php wp-config.php

Edit wp-config.php file, then copy to the other site_ directories:
define('DB_NAME', 'wp_site_1');
define('DB_USER', 'wordpressadmin');
define('DB_PASSWORD', 'password_from_mysql_secure_installation');

Again:
[root@wordpress-server html]# chown -R apache.wp *

Edit PHP.INI:
[root@wp-srv-001 html]# vi /etc/php.ini
change the line to this: upload_max_filesize = 25M

Add the following as the last line in /etc/httpd/conf/httpd.conf:
IncludeOptional sites-enabled/*.conf

in /etc/httpd, make these directories:
[root@wordpress-server httpd]# mkdir sites-available
[root@wordpress-server httpd]# mkdir sites-enabled

in sites-available, make config files for each domain:
[root@wordpress-server sites-available]# ll
total 12
-rw-r--r--. 1 root root 203 Feb 4 23:37 yourdomain.conf

The file should have:

DocumentRoot /var/www/html/site_1
ServerName www.yourdomain.com
ServerAlias yourdomain.com
ErrorLog logs/yourdomain_error.log

 

Create the following symlinks to the .conf files:
ln -s /etc/httpd/sites-available/yourdomain.conf /etc/httpd/sites-enabled/yourdomain.conf

RESTART APACHE!

[root@wordpress-server httpd]# apachectl restart

Go to your domains!

HOWTO: Back-up your MariaDB and then restore later?

This is with CentOS 7.2.

Dump the Database you want to backup:
mysqldump mariadb_name -u root > /backup/dir/db_name.$(date +%m%d).sql

Make a tarball with the newly created database dump & the /var/www/html/ directory:
tar czf /backup/dir/wp_site_1_backup_$(date +%m%d).tgz /backup/dir/db_name.$(date +%m%d).sql /var/www/html/site_1

Remove the database dump that was just tar’d up:
<code?rm -f /backup/dir/wp_site_1.$(date +%m%d).sql

In use:

[root@websites ~]# mysqldump mariadb_name -u root > ~/backups/mariadb_name/mariadb_name.$(date +%m%d).sql

[root@websites ~]# tar czf ~/backups/mariadb_name/mariadb_name_full_$(date +%m%d).tgz ~/backups/mariadb_name/mariadb_name.$(date +%m%d).sql /var/www/html/mariadb_name

[root@websites ~]# rm -f ~/backups/mariadb_name/mariadb_name.$(date +%m%d).sql

[root@websites ~]# ll ~/backups/mariadb_name
total 9164
-rw-r–r–. 1 root root 9383639 Feb 7 17:30 mariadb_name_full_0207.tgz

[root@websites ~]# tar tzvf mariadb_name_full_0207.tgz | head -n 3
-rw-r–r– root/root 1211612 2016-02-07 17:30 root/backups/mariadb_name/mariadb_name.0207.sql
drwxr-xr-x apache/wp 0 2016-02-07 13:31 var/www/html/mariadb_name/
drwxr-xr-x apache/wp 0 2016-02-02 12:11 var/www/html/mariadb_name/wp-admin/

To script it, in root’s home directory (or whichever user), create:
.my.cnf ; chmod 600 .my.cnf

In the file, have the following:
[mysqldump]
password=

Need to restore?

[root@websites ~]# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 65
Server version: 5.5.44-MariaDB MariaDB Server

Copyright (c) 2000, 2015, Oracle, MariaDB Corporation Ab and others.

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.

MariaDB [(none)]> create database databasename;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> \q
Bye
[root@websites ~]# mysql -u root -p -h localhost mariadb_name < backup_file.sql
Enter password:

AT&T’s Samsung Galaxy S III – Hey, where’d my battery go?

I went a day+ without charging my iPhone 4 and I get almost a day with my Galaxy S III – I almost returned it.

Come to find out, I was taking advantage of a lot of cool, battery intensive functionality of the S III, and feeling it when it came to battery life.

Here’s what I’ve done to maximize the battery life on my S III:
– Limit the accounts that get sync’d (just my gmail & business mail – no linkedin, yahoo etc)
– Use Advanced Task Killer – added my favorite apps (Talk, Google Voice, Twitter) to the Ignore List & set the Auto Kill Level to Aggressive & every 30 minutes.
– Use the Power Savings setting
– Turned off Haptic
– Bluetooth / WiFi only ‘on’ if necessary
– Use less intensive security settings:
— No facial recognition
— No swipe to unlock
— Use PIN
— Power button does not lock
— Lock 2 minutes after sleep (this saves you from sleeping & realizing that you have to look at something, which causes you to have to unlock again)

I’m really diggin’ the phone now — looks to be a keeper.

cd ../../../ … ugh.

I picked a shortcut, called: aa

Then, in ~/.bashrc (my .bashrc), I created a function:

function aa
{
cd $(for ((i=0 ; i<$1 ;i++)); do printf "../" ; done)
pwd
}

This will allow you to ‘cd’ back X number of directories by issuing: aa X (where X is a number of directories you wanna go backwards).

So … say I’m in /var/www/html/ and I want to go back 2 levels to /var
I could:

$ cd ../../
or:
$ cd /var
or now:
$ aa 2

Example:

[admin@linux1 html]$ pwd
/var/www/html

[admin@linux1 html]$ aa 2
/var

So handy.

Copy / Paste issues with Synergy?

Regardless of it’s cross OSes, or Windows to Windows … you may run into issues copying & pasting in either Server -> Client … or Client -> Server direction.

If you opened up the Server Log window, you may have noticed disconnects … but you don’t lose synergy connectivity (the lightning bolt stays attached).

If you’re running a server on Linux or Mac, then you can skip the next step – which talks about Windows config.

Grab WinSSHD from Bitvise (www.bitvise.com/winsshd) & install it on the server. Ensure you allow port forwarding.

Once it’s running, on the CLIENT Side, use SecureCRT (or puTTy) & configure port forwarding to the newly installed Windows SSH Server.

Port forwarding with SecureCRT:

Once configured – on the CLIENT, login & fire up Synergy.

Enter ‘localhost’ for the hostname:

The established SSH connection will be the transport for port 24800 from the Client to the Server.

If using Mac or Linux, use command-line SSH to setup the port forwarding. Again, the Server must be configured to allow port forwarding:
# ssh -L 24800:localhost:24800 user@ssh_server

If setup properly, you’ll get your lightning bolt & all will be well. Since using this setup, I have not had a single issue copying/pasting between my two windows machines.

EDIT:

This started failing about 8 hours later & hasn’t worked since — even going back to older releases & up to the latest Betas.

It’s GOTTA be the x64 OS —

Automounter – how I didn’t miss you

I really haven’t touched automount on Linux since my RHCE exam, but decided to refresh some of my outdated abilities & set up automounting home directories.

I used 2 VMs with CentOS 5.6 with the latest updates.

CentOS1:
CentOS1 needed NFS enabled & running, along with portmap and autofs.

Additionally, since we aren’t using NIS, each user account has to be present on both machines, and have the same UID & GIDs. If not, you’ll get into permission hell like this later on:

# su - test2
su: warning: cannot change directory to /home/test2: Permission denied
-bash: /home/test2/.bash_profile: Permission denied

Now — NFS needed some config, where I exported a “home” directory (which was the system’s home directory):

# cat /etc/exports
/home *(rw,sync)

Then, I ran exportfs -a to update the exported directory & tested that it was available locally by doing:
#showmount -e localhost …. which got me:

Export list for localhost:
/home *

Once it was available, I had to add in IPTables rules to allow the other VM the ability to mount from it. But before I could do that, I needed to know the ports required.
I ran rpcinfo -p localhost & filtered out the tcp/udp ports for autofs, nfs & portmap (edited for content):

# rpcinfo -p localhost

program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100003 2 udp 2049 nfs
100003 2 tcp 2049 nfs
100005 1 udp 976 mountd
100005 1 tcp 979 mountd

Then, I added in the IPTables rules & restarted iptables:


-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 111 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 111 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 2049 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 2049 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 976 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 979 -j ACCEPT

CentOS2:
Now that the ports are open, I needed to be sure that everything truly was open.
From CentOS2, I ran:
#rpcinfo -p centos1 … which got me (edited for content):

program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100003 2 udp 2049 nfs
100003 2 tcp 2049 nfs
100005 1 udp 976 mountd
100005 1 tcp 979 mountd

BOOM, I was on my way to configuring automount on CentOS2 now.

On CentOS2, I needed nfs, portmap and autofs enabled & running as well.

** NOTE** If you want the mount to be /home – you’ll need to move the original /home to a new name & create a new /home directory.

Edit /etc/auto.master & include the following:
/home /etc/auto.home --timeout 600

Edit /etc/auto.home & include the following:
* -fstype=nfs,soft,intr,rsize=8192,wsize=8192,nosuid,tcp
centos1:/home/&

Restart autofs & su – to a user that exists, with a home directory in /home – and you’ll have a shared home directory via automount & NFS.

If you want to be sure — run df -h & check out the mount points.

VIRUSES!

Virus alert? Pop-ups? C: says nothing’s there? Desktop icons gone? Start Menu is empty?

Yeah, you got something nasty.

Boot into safe mode, fire up a cmd.exe/DOS box & let’s ‘attrib’ your files back to normal:

cd
attrib -s -h c:*.* /S /D

Once that finishes, grab Malwarebytes & the latest definitions.

Install the app, run the updates & do a full scan.

Can’t run task manager?

Regedit:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem
.... delete the key for "DisableTaskMgr"

Security Center says Automatic Updates is off?

Start -> Run -> regsvr32 wuaueng.dll

More to come, as I try to keep this going.

`sudo -l` returns – nothing?

FYI – All aliases, commands, users etc. have been changed.

I added a new Host_Alias (DB_SRVRS) for a server group that I’ve rolled out.

I tacked it onto the end of a really long User_Alias [_] Host_Alias [_] Cmnd_Alias entry at the end of the sudoers file (yeah, I used visudo).
Here’s what came next:

[otech@server1 ~]$ sudo -l
[sudo] password for otech:
User otech may run the following commands on this host:
[otech@server1 ~]$

Nuthin’. What? I’ve configured the file to give me some [fake] privs.

Solution:
There was too much on the long User_Alias [_] Host_Alias [_] Cmnd_Alias line.

Again, I’m making the command aliases’ up, but it looked something like:
ENG ENG_SRVRS = PIDS, PROCS, SERVICE : IT_SRVRS = PIDS, PROCS, SERVICE : QA_SRVRS = PIDS, PROCS, SERVICE : DB_SRVRS = TC, PGCTL, MYSQL

Once I dropped DB_SRVRS to a new line, it all worked.
Final:
ENG ENG_SRVRS = PIDS, PROCS, SERVICE : IT_SRVRS = PIDS, PROCS, SERVICE : QA_SRVRS = PIDS, PROCS, SERVICE
ENG DB_SRVRS = TC, PGCTL, MYSQL

Now, I get:
[otech@server1 ~]$ sudo -l
[sudo] password for otech:
User otech may run the following commands on this host:
(tomcat) /usr/tommycat/bin/startup.sh, /usr/tommycat/bin/shutdown.sh
(pgusr) /usr/postgrass/bin/postgrassql restart
(mysqlusr) /usr/mahsql/bin/mahsqld restart
[otech@server1 ~]$

Apple Remote Desktop – Failing

FYI:  I’ve done this before – but this time, there was a problem.

So, I ran into a weird issue when trying to connect to a Mac via my ARD console.  I had the correct local user/pass – but it was failing – the now infamous box below.

I checked sharing in sys-prefs and my admin user was there & all appropriate perms were there as well.
I’ve been using this Apple discussion article for all the Remote Desktop configurations I’ve done (and that’s quite a few); in particular, I use this command:

/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/ kickstart -activate -configure -access -on -users otech -privs -all -restart -agent -menu

After examining the Remote Management section again, I notice something.  “All users” is selected & my user, otech, is listed in the “Only these users:” section.

Moving the selection to “Only these users:” fixed the issue immediately & is reproducible each time.

Pioneer Blu-Ray drives & Energy Savings

I added a Pioneer Blu-Ray burner to my MacPro and after an hour or so, it to disappeared from Finder & SATA Bus scans began failing from Profiler.

Energy Saver’s “Put the hard disk(s) to sleep when possible” – directly impacts optical drives too.

Uncheck that option (like above) & your Pioneer drive will function normally & you won’t have any SATA bus issues.

There don’t appear to be any firmware updates to this drive, so I guess I’ll have to keep it that way.

Where I write things down, so I don't have to Google it later