What more could you want?
Admin
Add your www with mod_rewrite
Jul 28th
It’s been said a million times, why do we need the www in the URL? The answer is simple: we want our sites to look professional. Here’s how to automatically prepend the www when some crazy hippie forgets it.
In the LoadModules section of the config, make sure mod_rewrite is enabled. On Red Hat or CentOS (or most others) it is by default:
In your LoadModules section, make sure that mod_rewrite is enabled. On Red Hat and CentOS, it is by default:
# grep mod_rewrite /etc/httpd/conf/httpd.conf
LoadModule rewrite_module modules/mod_rewrite.so
In your VirtualHost container (or, to get fancy, in a .htaccess file), add the following lines:
RewriteEngine on
RewriteCond %{REQUEST_URI} ^/[^\.]+[^/]$
RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1/ [R=301,L]
Voíla. Bounce Apache, and visit. Make sure you’re cool enough not to type “www.”
/cs
Lazy Umounting
Jun 11th
I came across a mounted sdb1 partition, but the physical device didn’t exist. This was on a Red Hat EL 5 box.
No files in the mount point, obviously, no users logged in but me, and I wasn’t standing in the directory. Even lsof couldn’t show me anything about that directory, and I almost cried when fuser -km reported nothing killed.
Umount gave this error:
# umount /dev/sdb1 umount: /dev/sdb1: device is busy umount: /dev/sdb1: device is busy
In the man page, I found the -l option for umount. The Lazy unmount. It says this:
Detach the filesystem from the filesystem hierarchy now, and cleanup all references to the filesystem as soon as it is not busy anymore.
Sounds good to me, and it worked, too. Just watch out for data loss.
/cs
Webmin Java-based File Manager and Mac, Safari
Jun 4th
So, Mac uses their own Java, and Webmin doesn’t like it.
I’ve found that opening Applications ->Utilities -> Java Preferences.app and clearing the cache helps. Click the Network tab, and click “Delete Files…” Optionally, uncheck “Keep temporary files for fast access” to make the fix permanent.
Hope this helps!
/cs
Plesk 9 and PCI compliance
Apr 14th
The basics are easy, as one can attest with a Google search: Apache, Mail, etc.
But, I’ve found that the Plesk CP for Plesk 9 doesn’t run on Apache, it runs on Lighttpd. To disable weak ciphers on a Plesk/Red Hat box, edit /etc/sw-cp-server/applications.d/plesk.conf and add this line:
ssl.cipher-list = “TLSv1+HIGH !SSLv2 RC4+MEDIUM !aNULL !eNULL !3DES @STRENGTH”
I don’t know if you can add it just anywhere, but you ought to be able to. Personally, I put it between the “include_shell” and “index-file.names” lines in the conf, line 11. After all that, issue “service psa restart” and you’re good to go.
You can test the setup using this command:
# openssl s_client -connect localhost:8443 -ssl2
Run that from the box itself, either as root or as a regular user. It gave me a “Connection reset by peer” error on SSLv2 connection. This is expected, and means that SSLv2 has been successfully disabled. Go run that scan again.
Also, keep in mind the recent “Plesk broke openssl” (or vice-versa) fiasco.
/cs
OpenSolaris as Synergy Host
Oct 22nd
UPDATE 081205: Adding “AllowTcpForwarding” to the sshd_config and restarting SSH should enable port forwarding, as it is disabled by default.
–
I have installed OpenSolaris on my Gateway MT3705 notebook. I know. I must be a glutton for punishment.
I have a Dell desktop that I also use, and like to have my laptop be the “control center”. I accomplish this by using Synergy through an SSH tunnel. Today was the first time I tried to use OpenSolaris as the host for my Synergy setup. And it failed miserably.
After some googling, I found out that the SSH package in OpenSolaris is broken. It doesn’t allow for correct SSH tunneling. Here are some links for reference.
I run Debian on my desktop machine at present. I’ve run SSH tunnels between my laptop and desktop while both were running Debian. No problem. I’ve set up an alias in my .bashrc on each of my boxes so that I don’t have to type the whole command each time:
alias synsetup=’ssh -f -N -L 24800:host:24800 host && synergyc localhost’
Obviously, this assumes that the host and client are already correctly configured. I’ve discussed this previously.
So, I compiled and configured synergy in OpenSolaris, and tried to run the synergys command: No problem. It runs fine, and works great on it’s own, outside of an SSH tunnel. I can connect from the client without issue:
$ ps -ef | grep synergys
chuck 1159 1 0 19:44:13 ? 0:00 synergys$ netstat -an | grep 24800
*.24800 *.* 0 0 49152 0 LISTEN
10.6.101.176.24800 10.6.101.174.38334 9088 0 49232 0 ESTABLISHED
But, running Synergy all alone transmits information between the two host over the network in plain text. So, it’s best to run Synergy through an SSH tunnel.
Here’s a smattering of what I get when I follow the instructions from Synergy’s site on setting up the client through an SSH tunnel:
$ synergyc -f localhost
INFO: synergyc.cpp,716: Synergy client 1.3.1 on Linux 2.6.26-1-686 #1 SMP Thu Oct 9 15:18:09 UTC 2008 i686
DEBUG: CXWindowsScreen.cpp,841: XOpenDisplay(“:0.0″)
DEBUG: CXWindowsScreenSaver.cpp,339: xscreensaver window: 0×00000000
DEBUG: CXWindowsScreen.cpp,111: screen shape: 0,0 2560×1024 (xinerama)
DEBUG: CXWindowsScreen.cpp,112: window is 0×03400004
DEBUG: CScreen.cpp,38: opened display
NOTE: synergyc.cpp,330: started client
channel 2: open failed: administratively prohibited: open failed
NOTE: synergyc.cpp,276: disconnected from server
. . . (until Ctrl-C)
^CDEBUG: CScreen.cpp,49: closed display
NOTE: synergyc.cpp,408: stopped client
So, I googled the error message. The first link shed some light. I dug farther, and found the links I posted above.
So, tunneling is broke on OpenSolaris, but works fine on Debian. Why not reverse it? I set up this alias on my OpenSolaris laptop, to start the Synergy server. It creates a reverse tunnel to the desktop machine, which runs Debian:
synserver_setup=’/usr/local/bin/synergys && ssh -f -N -R 24800:localhost:24800 chuck@client’
The only thing that’s different is the direction from which the tunnel is created. To tunnel from the client to the server from the client, the ‘-L’ flag is used to create the local tunnel. To tunnel from the client to the server from the server, the ‘-R’ flag is used to create the remote tunnel. All set.
/cs