Codename: Chicago

/0 Comments/in , /by

Things I hate:
– Googling “hp 1020 vista drivers” and coming across 1,000,000 posts from people who want to let me know they hate Microsoft but have no useful information to share.
– Being told by HP that Microsoft’s new operating system does not support my laser printer (but don’t worry, we’re working on it), and by the way, your scanner is too old to ever be supported – please buy a new one.
– Deciding to use my printer and scanner on my XP machine after all, only to find out the driver downloads are 50MB each.

Things I love:
– Googling “linux hp 1020” and coming across foo2jzs; then being able to print in less than 5 minutes. 8 minutes including downloading foo2jzs; on dial-up (1.4 MB) thanks to SLMODEMD.gcc4.1.tar.gz, but that’s another story.
– CentOS 5 already knowing everything it needs to know about my ancient scanner (HP ScanJet 2200c) and just working.

OK, so Gnome/OpenOffice is not nearly as pretty as Vista/Office 2007 to use, and I have to start my modem using a shell script for now, but at least I can make simple photocopies using the equipment I already own… I can’t wait to plug in my digital camera to see what happens.

ISPConfig and SSL Certificates (CentOS 4.4)

/0 Comments/in /by

Goal:
To use the same SSL certificate for your ISPConfig control panel on port 81, and on your web site running on port 80. (I’m writing this from memory, so if I’ve missed something, let me know.)

1. Do yourself a favor and perform a perfect setup of CentOS 4.4 and ISPConfig. When you’re running the ISPConfig install script, enter the proper information at step 2 for the certificates. This is so that your certificate request will already have the information you really want to send off to the CA.

2. When the installation is complete, you will have already generated a self-signed certificate for the control panel to use on port 81. These files are:
/root/ispconfig/httpd/conf/ssl.key/server.key
/root/ispconfig/httpd/conf/ssl.csr/server.csr
/root/ispconfig/httpd/conf/ssl.crt/server.crt

3. Send the file /root/ispconfig/httpd/conf/ssl.csr/server.csr off to your certificate authority and give them $20 and they will send you back your signed certificate. I use GoDaddy because they are cheap. Normally you can just copy and paste the contents of this file into a form on their web site somewhere.

4. Put your new certificate in place and restart ISPConfig. Put any intermediate certificates (chains) in there too.
mv /root/ispconfig/httpd/conf/ssl.crt/server.crt /root/ispconfig/httpd/conf/ssl.crt/server.crt.selfsigned
cp /path/to/your/new/certificate.crt /root/ispconfig/httpd/conf/ssl.crt/server.crt
cp /path/to/gd_intermediate_bundle.crt /root/ispconfig/httpd/conf/ssl.crt/gd_intermediate_bundle.crt
service ispconfig_server restart

5. You should now be able to log in to your control panel using https://www.yourdomain.com:81 and your browser shouldn’t complain.

6. In the ISPConfig control panel, create your web site www.yourdomain.com, enable the SSL checkbox, go over to the SSL tab and create a certificate. This will generate another self-signed certificate and install it in /var/www/www.yourdomain.com/ssl, and restart apache for you. You should now be able to go to https:www.yourdomain.com and get an SSL error (but continue anyways to make sure apache is working properly.)

7. Now you can copy your server’s private key and matching certificate which are already installed for the control panel into /var/www/www.yourdomain.com/ssl.
cp /var/www/www.yourdomain.com/ssl/www.yourdomain.com.key /var/www/www.yourdomain.com/ssl/www.yourdomain.com.key.gen_by_ispconfig
cp /var/www/www.yourdomain.com/ssl/www.yourdomain.com.crt /var/www/www.yourdomain.com/ssl/www.yourdomain.com.crt.gen_by_ispconfig
cp /root/ispconfig/httpd/conf/ssl.key/server.key /var/www/www.yourdomain.com/ssl/www.yourdomain.com.key
cp /root/ispconfig/httpd/conf/ssl.crt/server.crt /var/www/www.yourdomain.com/ssl/www.yourdomain.com.crt

8. If you require an intermediate certificate, copy the intermediate certificate your CA sent you into your ssl directory:
cp /path/to/gd_intermediate_bundle.crt /var/www/www.yourdomain.com/ssl/gd_intermediate_bundle.crt
and add this line to the apache directives for your web site in the ISPConfig control panel:
SSLCACertificateFile /var/www/www.yourdomain.com/ssl/gd_intermediate_bundle.crt

9. Log in to ISPConfig and restart the Web Server service if it hasn’t already been restarted from step 8.

Creating a Slave DNS Server (BIND9) in 6 easy steps*

/0 Comments/in /by

* aaa.bbb.ccc.ddd is the IP address of ns1.yourdomain.com.
* named on ns1.yourdomain.com is already working, and has NS records for ns1.yourdomain.com and ns2.yourdomain.com.

1. In the global options block in /var/named.conf on ns1.yourdomain.com:
Make sure

notify yes;

is present. This will tell BIND to notify the other name servers listed for each zone when there is a change.

2. In the global options block in /var/named.conf on ns2.yourdomain.com:
Make sure

notify no;

is present. This will tell BIND NOT to notify anybody if there are changes made on this server. (The whole point of this is so that we only have to make changes on ns1, right?)

3. Edit /etc/named.conf on ns2.yourdomain.com:
In the global options block:
// Allow notifies from our master DNS server (ns1.yourdomain.com)
allow-notify { aaa.bbb.ccc.ddd; };// Disable all zone transfer requests (this is just a slave server, so we don't need to send zones to anybody from here.)
allow-transfer { "none"; }; append zones for each domain these servers are authoritative for:
zone "yourdomain.com" {
type slave;
file "/var/named/slaves/yourdomain.com";
masters { aaa.bbb.ccc.ddd; };
};zone "yourotherdomain.com" {
type slave;
file "/var/named/slaves/yourotherdomain.com";
masters { aaa.bbb.ccc.ddd; };
};...and so on...

4. On ns2.yourdomain.com, restart named -> it should ask ns1 for some updates…

5. On ns1.yourdomain.com, restart named -> it should fire off some updates…

6. If it’s working, on ns2.yourdomain.com, you will see in /var/log/messages:
Feb 26 11:37:34 ns2 named[8880]: received notify for zone 'yourdomain.com'
Feb 26 11:37:34 ns2 named[8880]: received notify for zone 'yourotherdomain.com'

Adding a new RAID1 array using mdadm

/0 Comments/in /by

Goals:
Add 2 new physical hard drives: /dev/hdc and /dev/hdd
Create RAID1 mirror /dev/md6
Automatically mount new partition in /raid

1. fdisk one of the newly added hard drives:
fdisk /dev/hdc
n, p, 1, <enter>, <enter>
t, fd
w

2. dump new partition table to the other disk:
sfdisk -d /dev/hdc | sfdisk /dev/hdd

3. create new RAID1 set/device:
mdadm --create /dev/md6 --level=1 --raid-disks=2 /dev/hdc1 /dev/hdd1

4. format the newly created array:
mkfs.ext3 /dev/md6

5. create mount point for new array:
mkdir /raid

6. append new mount point to /etc/fstab:
echo "/dev/md6 /raid ext3 defaults 0 0" >> /etc/fstab

7. mount:
mount -a

8. reboot if you’re paranoid.