community Archives - ☩ Walking in Light with Christ - Faith, Computing, Diary ☩ Walking in Light with Christ

Posts Tagged ‘community’

Install certbot on Debian, Ubuntu, CentOS, Fedora Linux 10 / Generate and use Apache / Nginx SSL Letsencrypt certificates

Monday, December 21st, 2020

Internet Security Research Group (ISRG). ISRG group gave initiative with the goal to "encrypt the internet", i.e. offer free alternative to the overpriced domani registrer sold certificates with the goal to make more people offer SSL / TSL Free secured connection line on their websites.
ISRG group supported Letsencrypt non-profit certificate authority actrively by Internet industry standard giants such as Mozilla, Cisco, EFF (Electronic Frontier Foundation), Facebook, Google Chrome, Amazon AWS, OVH Cloud, Redhat, VMWare, Github and many many of the leading companies in IT.

Letsencrpyt is aimed at automating the process designed to overcome manual creation, validation, signing, installation, and renewal of certificates for secure websites. I.e. you don't have to manually write on console complicated openssl command lines with passing on Certificate CSR / KEY / PEM files etc and generate Self-Signed Untrusted Authority Certificates (noted in my previous article How to generate Self-Signed SSL Certificates with openssl or use similar process to pay money generate secret key and submit the key to third party authority through a their website webadmin interface in order to Generate SSL brought by Godaddy or Other Certificate Authority.

But of course as you can guess there are downsides as you submit your private key automatically via letsencrypt set of SSL certificate automation domain scripts to a third party Certificate Authority which is at Letsencrypt.org. A security intrusion in their private key store servers might mean a catastrophy for your data as malicious stealer might be able to decrypt your data with some additional effort and see in plain text what is talking to your Apache / Nginx or Mail Server nevertheless the cert. Hence for a high standards such as PCI environments Letsencrypt as well as for the paranoid security freak admins, who don't trust the mainstream letsencrypt is definitely not a choice. Anyways for most small and midsized businesses who doesn't hold too much of a top secret data and want a moderate level of security Letsencrypt is a great opportunity to try. But enough talk, lets get down to business.

How to install and use certbot on Debian GNU / Linux 10 Buster?
Certbot is not available from the Debian software repositories by default, but it’s possible to configure the buster-backports repository in your /etc/apt/sources.list file to allow you to install a backport of the Certbot software with APT tool.

1. Install certbot on Debian / Ubuntu Linux

root@webserver:/etc/apt# tail -n 1 /etc/apt/sources.list
deb http://ftp.debian.org/debian buster-backports main

If not there append the repositories to file:

Install certbot-nginx certbot-apache deb packages

root@webserver:/ # echo 'deb http://ftp.debian.org/debian buster-backports main' >> /etc/apt/sources.list

Install certbot-nginx certbot-apache deb packages

root@webserver:/ # apt update
root@webserver:/ # apt install certbot python-certbot-nginx python3-certbot-apache python-certbot-nginx-doc

This will install the /usr/bin/certbot python executable script which is used to register / renew / revoke / delete your domains certificates.

2. Install letsencrypt certbot client on CentOS / RHEL / Fedora and other Linux Distributions

For RPM based distributions and other Linux distributions you will have to install snap package (if not already installed) and use snap command :

[root@centos ~ :] # yum install snapd
systemctl enable –now snapd.socket

To enable classic snap support, enter the following to create a symbolic link between

[root@centos ~ :] # ln -s /var/lib/snapd/snap /snap

snap command lets you install, configure, refresh and remove snaps. Snaps are packages that work across many different Linux distributions, enabling secure delivery and operation of the latest apps and utilities.

[root@centos ~ :] # snap install core; sudo snap refresh core

Logout from console or Xsession to make the snap update its $PATH definitions.

Then use snap universal distro certbot classic package

[root@centos ~ :] # snap install –classic certbot
[root@centos ~ :] # ln -s /snap/bin/certbot /usr/bin/certbot

If you're having an XOrg server access on the RHEL / CentOS via Xming or other type of Xemulator you might check out also the snap-store as it contains a multitude of packages installable which are not usually available in RPM distros.

[root@centos ~ :] # snap install snap-store

how-to-install-snap-applications-on-centos-rhel-linux-snap-store

snap-store is a powerful and via it you can install many non easily installable stuff on Linux such as eclipse famous development IDE, notepad++ , Discord, the so favourite for the Quality Assurance guy Protocol tester Postman etc.

Installing certbot to any distribution via acme.sh script

Another often preferred solution to Universally deploy and upgrade an existing LetsEncrypt program to any Linux distribution (e.g. RHEL / CentOS / Fedora etc.) is the acme.sh script. To install acme you have to clone the repository and run the script with –install

P.S. If you don't have git installed yet do

root@webserver:/ # apt-get install –yes git
…

and then the usual git clone to fetch it at your side

# cd /root
# git clone https://github.com/acmesh-official/acme.sh
Cloning into 'acme.sh'…
remote: Enumerating objects: 71, done.
remote: Counting objects: 100% (71/71), done.
remote: Compressing objects: 100% (53/53), done.
remote: Total 12475 (delta 39), reused 38 (delta 18), pack-reused 12404
Receiving objects: 100% (12475/12475), 4.79 MiB | 6.66 MiB/s, done.
Resolving deltas: 100% (7444/7444), done.
# sh acme.sh –install

To later upgrade acme.sh to latest you can do

# sh acme.sh –upgrade

In order to renew a concrete existing letsencrypt certificiate

# sh acme.sh –renew domainname.com

To renew all certificates using acme.sh script

# ./acme.sh –renew-all

3. Generate Apache or NGINX Free SSL / TLS Certificate with certbot tool

Now lets generate a certificate for a domain running on Apache Webserver with a Website WebRoot directory /home/phpdev/public/www

root@webserver:/ # certbot –apache –webroot -w /home/phpdev/public/www/ -d your-domain-name.com -d your-domain-name.com

root@webserver:/ # certbot certonly –webroot -w /home/phpdev/public/www/ -d your-domain-name.com -d other-domain-name.com

As you see all the domains for which you will need to generate are passed on with -d option.

Once certificates are properly generated you can test it in a browser and once you're sure they work as expected usually you can sleep safe for the next 3 months ( 90 days) which is the default for TSL / SSL Letsencrypt certificates the reason behind of course is security.

4. Enable freshly generated letsencrypt SSL certificate in Nginx VirtualHost config

Go to your nginx VirtualHost configuration (i.e. /etc/nginx/sites-enabled/phpmyadmin.adzone.pro ) and inside chunk of config add after location { … } – 443 TCP Port SSL listener (as in shown in bolded configuration)

server {
…
….
location ~ \.php$ {
include /etc/nginx/fastcgi_params;
## fastcgi_pass 127.0.0.1:9000;
fastcgi_pass unix:/run/php/php7.3-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/share/phpmyadmin$fastcgi_script_name;
}

listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/phpmyadmin.adzone.pro/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/phpmyadmin.adzone.pro/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

5. Enable new generated letsencrypt SSL certificate in Apache VirtualHost

In /etc/apache2/{sites-available,sites-enabled}/your-domain.com-ssl.conf you should have as a minimum a configuration setup like below:

NameVirtualHost *:443 <VirtualHost 123.123.123.12:443>
ServerAdmin hipo@domain.com
ServerName www.pc-freak.net
ServerAlias www.your-domain.com wwww.your-domain.com your-domain.com

HostnameLookups off
DocumentRoot /var/www
DirectoryIndex index.html index.htm index.php index.html.var

CheckSpelling on
SSLEngine on

<Directory />
Options FollowSymLinks
AllowOverride All
##Order allow,deny
##allow from all
Require all granted
</Directory>
<Directory /var/www>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
## Order allow,deny
## allow from all
Require all granted
</Directory>

Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/your-domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/your-domain.com/privkey.pem
</VirtualHost>

6. Simulate a certificate regenerate with –dry-run

Soon before the 90 days period expiry approaches, it is a good idea to test how all installed Nginx webserver certficiates will be renewed and whether any issues are expected this can be done with the –dry-run option.

root@webserver:/ # certbot renew –dry-run
…

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)

Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/adzone.pro/fullchain.pem (success)
/etc/letsencrypt/live/cdn.natsr.pro/fullchain.pem (success)
/etc/letsencrypt/live/mail.adzone.pro/fullchain.pem (success)
/etc/letsencrypt/live/natsr.pro-0001/fullchain.pem (success)
/etc/letsencrypt/live/natsr.pro/fullchain.pem (success)
/etc/letsencrypt/live/phpmyadmin.adzone.pro/fullchain.pem (success)
/etc/letsencrypt/live/www.adzone.pro/fullchain.pem (success)
/etc/letsencrypt/live/www.natsr.pro/fullchain.pem (success)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
…

7. Renew a certificate from a multiple installed certificate list

In some time when you need to renew letsencrypt domain certificates you can list them and choose manually which one you want to renew.

root@webserver:/ # certbot –force-renewal
Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate and install certificates?
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
1: Apache Web Server plugin (apache)
2: Nginx Web Server plugin (nginx)
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Plugins selected: Authenticator nginx, Installer nginx

Which names would you like to activate HTTPS for?
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
1: adzone.pro
2: mail.adzone.pro
3: phpmyadmin.adzone.pro
4: www.adzone.pro
5: natsr.pro
6: cdn.natsr.pro
7: www.natsr.pro
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 3
Renewing an existing certificate
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/phpmyadmin.adzone.pro

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
1: No redirect – Make no further changes to the webserver configuration.
2: Redirect – Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Redirecting all traffic on port 80 to ssl in /etc/nginx/sites-enabled/phpmyadmin.adzone.pro

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Your existing certificate has been successfully renewed, and the new certificate
has been installed.

The new certificate covers the following domains: https://phpmyadmin.adzone.pro

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=phpmyadmin.adzone.pro
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

IMPORTANT NOTES:
– Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/phpmyadmin.adzone.pro/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/phpmyadmin.adzone.pro/privkey.pem
Your cert will expire on 2021-03-21. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
– If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

8. Renew all present SSL certificates

root@webserver:/ # certbot renew
…

Processing /etc/letsencrypt/renewal/www.natsr.pro.conf
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Cert not yet due for renewal

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

The following certs are not due for renewal yet:
/etc/letsencrypt/live/adzone.pro/fullchain.pem expires on 2021-03-01 (skipped)
/etc/letsencrypt/live/cdn.natsr.pro/fullchain.pem expires on 2021-02-28 (skipped)
/etc/letsencrypt/live/mail.adzone.pro/fullchain.pem expires on 2021-02-28 (skipped)
/etc/letsencrypt/live/natsr.pro-0001/fullchain.pem expires on 2021-03-01 (skipped)
/etc/letsencrypt/live/natsr.pro/fullchain.pem expires on 2021-02-25 (skipped)
/etc/letsencrypt/live/phpmyadmin.adzone.pro/fullchain.pem expires on 2021-03-21 (skipped)
/etc/letsencrypt/live/www.adzone.pro/fullchain.pem expires on 2021-02-28 (skipped)
/etc/letsencrypt/live/www.natsr.pro/fullchain.pem expires on 2021-03-01 (skipped)
No renewals were attempted.
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

9. Renew all existing server certificates from a cron job

The certbot package will install a script under /etc/cron.d/certbot to be run that will attempt every 12 hours however from my experience
often this script is not going to work, the script looks similar to below:

# Upgrade all existing SSL certbot machine certificates

0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew

Another approach to renew all installed certificates if you want to have a specific options and keep log of what happened is using a tiny shell script like this:

10. Auto renew installed SSL / TSL Certbot certificates with a bash loop over all present certificates

#!/bin/sh
# update SSL certificates
# prints from 1 to 104 (according to each certbot generated certificate and triggers rewew and logs what happened to log file
# an ugly hack for certbot certificate renew
for i in $(seq 1 104); do echo "Updating $i SSL Cert" | tee -a /root/certificate-update.log; yes "$i" | certbot –force-renewal | tee -a /root/certificate-update.log 2>&1; sleep 5; done

Note: The seq 1 104 is the range depends on the count of installed SSL certificates you have installed on the machine, that can be seen and set the proper value according to your case when you run one time certbot –force-renewal.

Tags: access, Apache Nginx, apt-get, automated, community, configure, cron job, debian linux, effort, howto, Install, org, packages, Plugins, Renewing, Resolving, Select, side, tool, www
Posted in Linux, Nginx, Various, Web and CMS | No Comments »

Best 8 Free Software Alternatives for Building an Own hosted custom Social Networks communities

Thursday, August 16th, 2018

Nowdays communiacation between people in different generation is worsening exponentially and as a consequence of the digitalization the real (physical) contact between people is exponentially dropping and this is a fact everyone could realize.

Even in people and more Eastern or sunny countries where traditionally the direct contact has always been of a crucial importance is declining seriously, the social networks such as Facebok, Vkontakte (The Russian space Equivallent of Facebook) – if you have VK and want to add me there My profile there is here , Viber calls, WhatsApp, Instagram, SnapChat and all these are leading people into micro prisons narrowing their worldview up to the box (jail) each of this companies has created for people, just because you don't own the data you communicate over this channels and your data is being used for a severy complicated computerized researches on how you tend to think, how you tend to communicate, what are your triggering keywords and your general mental (mind) structures and cues. Privacy of all of these is also very low as many of this digital medias are designed with the malicious features to serve as a spy networks for end people. Not to mention often data collected about you is being sold to a third party agencies which collect all the time data about product preferences, buying behavior, life style etc.

People who refuse to become part of this electronic prisons built by Megalomaniacs (or Evil Geniuses as Richard Stallman uses to call them), just to name a few Mr. Zack Zuckerberg, Bill Gates or Steve Jobs (let him Rest in Peace), Elon Musk are being pushed into the Outside Zone., The more conservative and less exposed to technology older people or youngsters who value more their freedom and privacy, are slowly starting to being separated from the Digitalization and being looked upon like a little crazies who are psychologically sick.
In my opinion two major "camps", are being built, one of the people who doesn't have the skill or money to keep in track with latest technology advancements, these are usually people with lower education different thinking people, people with strong religious convictions, or burn out people who are overloaded by technology's chaotic ways as well as personalities trying to live as less dependent from society and social systems and are mindfully rejecting or limiting the technology use as much as they can.

The boom of Smart Mobile Phones (and the aggressive campaigns of Mobile operators for everyone to own some kind of Smart Phones be it Android, IPhone, BlackBerry etc.) and the imposed on society Digitalization of society by MultiCorporation companies is in my opinion, no doubt a planned process with a clear goals that people's reality is being more and more controlled and spied on not to mention that it is fully possible to Program People to certain degrees by using computer technology, interfaces, Alarms.

Maybe not much of Citizens has thought over it or realize it but psychologists and peoples in roles within Medias long time are aware of the high role that Social Programming (Social Engineering) historically TV Channels, Radios and Nowadays Internet News / Medias play on disinforming the masses and let them believe an invented stories about wars, problems, famines that doesn't exist to keep them stuck in Fear through Fear Mongering (manipulation techniques). Moreover it is interesting fact that Programming of Human Mind through a slow repeatable processes has been a fact to certain degree and thus with Computers and Mobiles all of us are being programmed subconsciously to things we're not consciously aware (for more on that topic please see my previous article on Color Programming) as well as What is Predictive Programming of Mind (Society) and how it affect us ?

Not to mention the prooven fact that there are psychological mechanisms for making the mind to be addicted to things seen or experienced which are being adopted by Mostly all of large medias on the Internet.

The simplification of access to the Global Net (The Internet) and the unification of (I would say anti-social) web platforms such as Facebook, where mostly all with mid or upper education of people have registrations and are letting you without choice but either to live a lonely life of more or less rejection or join the "company". Those like me who nowadays are abstaining from Facebook and most of modern communication are being cut from the Digitalization slowly.

Through the last 10 – 15 years there has been a serious attempt from Free Software and Hackers to change the game into a more positive and more open frames of communication and give freedom to people with attempts for decentralization of social networks. Unfortunately it seems we're loosing the Game of Freedom at least in the normal nowadays Highly Filtered and more and more government agencies influenced (not to say controlled) Internet, here I'm excluding from the equation the recent attempts of Alternative thinking hackers (and unfortunately) criminals to build alternative internet spaces such as DarkNet / DeepWeb

As I like to experiment with Free Software in general to explore its business applicability, here is my short results on my experience and yearly research on what is there as a free software that gives you options to build a self hosted social network.

1. GNU Social (known historically as StatusNet)

GNU Social is a kinda of Personal Twitter service top recommended project the project started and seemed to be very promising and I myself some long ago Started an own version of it (s.www.pc-freak.net) to blog about my daily life obstacles and interesting info I've learned here.

However with time the project StatusNet become GNU Social and my attempts to upgrade it following provided instructions with the GNU Social files were a failure, so I kept the old version of statusnet and abondoned it just to adopt BuddyPress as a way to keep track of my Personal Interests in organized self owned Twitter like service.

2. BuddyPress

– BuddyPress (The distributed Multi user Self Owned Social Network based on WordPress)

–
"Fun & flexible software for online communities, teams, and groups."
This is the official description of the project my own efforts to establish it cost me at least 3 days up to a week just to establish something workable and a couple of more weeks to tailor it to my likings. I was planning to involve other people and build an online social community.
Most of available plugins for BuddyPress for extra-functionality are either old unmaintained or cost you good amount of moneys. I tried allowing Public Members registrations but soon the Network started filling with nasty spammer registrations. The available free plugins for Anti-Spam protection were real pain in the ass so finally I decided to keep the Network closed just to myself.
And create the user registrations manually after a primary email request contact from anyone who wants to own an account. As you could guess, as of time of writting this post, noone is contacting.
Considering SEO side of the network, even though I have around hundred posts with Videos, Music, Books, information and various Life Stuff of importance somehow Google, Yandex and Bing are indexing the pages (only about 350 pages are properly indexed). I tried to research why is that in Google Search console and Recrawl the site a couple of times, none of that didn't give me a very meaningful answers why BuddyPress Social network posted pages by my user are not ending up indexed properly in Search Engines and I don't have the full time to further investigate why is that, so anyone who is more advanced to Search Engine optimization (or better said have the time desite to help) me with this project is mostly welcome to contact me and we can collaborate and perhaps grow that network.

My own hosted version of BuddyPress custom install with aim to Share my attained knowledge is here.

3. Elgg Social Network

A highly customizable web framework and CMS for building social apps with PHP and MySQL. – however my personal experience with Elgg few years ago just shows, elgg is far from ready for a productive use, and anyone who want to start an Online Social Network has to seriously work with at least of small team of developers and system administrators and testers to make the thing good enough for daily use for the masses. There are some Elgg based social networks out there performing, however the project needs much more work until it is ready for an easy and mass use and anyone who is willing to build a custom social network needs to seriously invest a good amount of money for it to be tailored and maintained properly and the multitued of its bugs to be fixed.

4. Pligg

Is a a Free software social network designed from scratch with the help of many contributors to help you build up your website. This open source social network software can be used used and helps to lively setup communities, similar to Facebooks. Anyways for anyone who is willing to invest time and nerves, let him try and understand the project is still far from completeness.

Historically I tried to install Pligg as I was investigating on best options to build a free software based social network in 2015 but though I was aable to bring a workable version the spam problem still persisted and I brought down Pligg install in a couple of days because of its lack of enough functionality plugins and rapid development, as overall my personal experience was that Elgg was a much more grown product ready for use …

5. Oxwall

"Oxwall® is an open source mobile-friendly community website platform that is suitable for brand communities, interest-based social networks, and other online community projects."
Oxwall has been actively developed since 2010 after the team behind it developed plenty of community site projects.
Today Oxwall is a strong project with 3rd party development community.

It uses PHP and MySQL environment for social network development. It comes with a varied range of plugins that helps you personalize with add-ons to add functionality to the website. Its CMS is compatible with both small and large scale networking sites and even with executive websites.
I never personally tried Oxwall.

The development process is done by a small but dedicated team of 22 peoples which makes the project quite promising, but as the other options availabe for building an self hosted social network community, the project has still a long way to go …

I have never tried to install and use it myself but the site offered demo (you can see it here) seems promising and seems to make Oxwall an adequate competitor to ELGG.

6. AstroSpaces

Claiming to be the world's first open source social networking solution. Coded from scratch, it is highly efficient and very easy to use. As you can imagine its neither the first nor among the ones to easily build you workable solution, but for those who have intention to build something similar to facebook to the masses with the right Finances and Crowd Up raising or Business Angels eventually it can turn into something usuable with a lot of work and the right people

These free software (open source) based social networks are into a workable state, but because the enormous size of such projects and the fact that these projects are being done on a primary voluntееrs with almost little or none financial investitions the projects are moving slowly, have a lot of bugs, have a higher complexity to install and use by an ordinary uneducated people with little to less experience in the fields such as programming or system administration.

6. Mixxt is a social network design company, developing social extranets and intranets. It enables collaboration, communication, and Knowledge management through a single tool. It has a dedicated platform for fast development and enhancement. Develop your site with the help of custom designs, forums, wikis, and photos.

7. XOOPS

(XOOPS) is claiming or aiming to be "a classic tool for evolving from small to big community sites, intra-company web portals, and more. XOOPS has a modular format that can be extended as per needs. The web content management system helps in it. You may start with a blog and further augment it into a social networking website and with more functionality.
The module that is used to build a website with XOOPS is Yogurt. Environments used are MySQL, Linux, PHP, and Apache. But mainly MySQL and PHP are used. YouTube, friend list, pictures, communities, mp3 tracks, wall to post your messages are some of the features of XOOPS.".
Obviously even a little experiments with it shows, that the project has still a long way to go until it is usable enough without much tailoring for production use.

To sum it up, all of the 7 top free software social network projects gives a lot of options for free (if you have a network of dedicated developers with passion who are ready to commit work for free), mostly all of them offered a custom tailored packages with Themes and plugins sold for few hundred of dollars, for those who don't want to make things from scratch. But nomatter that developing a full featured ready to use solution, that is less buggy is amount of at least moderate to big investments.

If you happen to be a person who have an bright idea for the next competitor of Facebook at some time in future, you need to invest a lot and have to build an excellent company team and put the right amount of money / management effort to make the project succeed. However for a small and unpretencious social communities of up to few hundred of users (1000 to 100 000) users or so with the right scaling each of above projects could play well.

If you're interested just like me to build an alternative less-restricted more human rights respecting social network as an alternative to the already overcrowded commercial ones out there please get in contact with me, and perhaps we together can make a change for better!

Tags: about, access, Account, Administration, after, aim, ALL, alternative, alternatives, amount, community, contact, development, free software, full time, personal experience, project, topic, use, websites
Posted in Business Management, Educational, Everyday Life, Free Software Social Networks, System Administration | 2 Comments »

Install Cacti on Debian, CentOS, SuSE and Gentoo Linux – Tracking graphically server performance

Thursday, July 10th, 2014

There are plenty of ways to track graphically server performance in Web (Nagios, Munin, Zabbix, OpenNMS) etc.
Though Munin and Nagios is a great choice for people who prefer simplicity in installation and maintanenance. If you're looking for customizable reports and time windows history on how server (network, cpu, memory, hdd or services) behaved you will probably need to consider using Cacti.

Cacti is a complete network graphing solution designed to harness the power of RRDTool's data storage and graphing functionality. Cacti provides a fast poller, advanced graph templating, multiple data acquisition methods, and user management features out of the box. All of this is wrapped in an intuitive, easy to use interface that makes sense for LAN-sized installations up to complex networks with hundreds of devices.

Cacti is very much like Munin except Cacti gives you the possibility to select and show statistics for periods in time, making it very convenient to check how server/servers services performed historically in time.

Cacti is a bunch of PHP scripts that gives a nice frontend to the famous RRDTool, it stores all gathered service statistics information in a MySQL database. Web frontend queries the SQL to craete graphs and populate them with data . Cacti has SNMP protocol support for those used to creating traffic graphs with MRTG.
Its easily extendable, there is a "tree view", which allows you to put graphs onto a hierarchical tree for organizational purposes, there is a user based management tool built in so you can add users and give them rights to certain areas of cacti. You can create users that can change graph parameters, while others can only view graphs. Each user also maintains their own settings when it comes to viewing graphs.

Cacti has prebuilt packages for major Linux distributions as well as FreeBSD ports.
Native packages are available via distros repositories for:

Fedora, Debian, SuSE and Gentoo Linux

To work properly Cacti depends on following external packages to be installed:

Apache HTTPD
MySQL
PHP
RRDTool
Net-Snmp
PHP-MySQL module
PHP-Snmp module

1. Install Cacti on Debian 7 or Ubuntu Linux

On Debian based distributions Installation of Cacti is super easy. If you're a debian admin it will save you time:

Cacti package is very well crafted on Debian to have it installed all you have to do is apt-get it:

apt-get install --yes cacti snmpd

You will be prompted a couple of screens requiring you to fill in your MySQL root password (necessery for connection and import of cacti.sql database and tables skele and creation of new user with which cacti will query the db-server.)

mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.bak

vi /etc/snmp/snmpd.conf

# this will make snmpd listen on all interfaces
agentAddress udp:161

# a read only community 'myCommunity' and the source network is defined
rocommunity myCommunity 192.168.10.5
rocommunity myCommunity 127.0.0.1

sysLocation Earth
sysContact email@your-domain.com

You will be next prompted to fill in user and password for cacti user, type whatever you like it to be and save the password somewhere for later use.

After installing it Cacti cron will automatically be added to collect cacti statistics on every 5 minutes, e.g.:

cat /etc/cron.d/cacti

MAILTO=root
*/5 * * * * www-data php /usr/share/cacti/site/poller.php >/dev/null 2>/var/log/cacti/poller-error.log

Cacti Cron job script has to run multiple times until Cacti Graphics gets generated so wait for it 5, 10 minutes or run it manually with www-data user credentials

poller.php is making queries to MySQl and connecting to SNMP service on localhost querying information for configured monitoring from Console

rrd data is stored in /var/lib/cacti/rra

You will have to also create manually following files which will be used by cactito store rrd data.

In case of issues with cacti check that permissionsof filesinthere are correct

To do su run:
su www-data -s /bin/sh

touch /var/lib/cacti/rra/localhost_mem_buffers_3.rrd /var/lib/cacti/rra/localhost_load_1min_5.rrd /var/lib/cacti/rra/localhost_users_6.rrd /var/lib/cacti/rra/localhost_proc_7.rrd

2. Install Cacti on Fedora / CentOS Linux

Installation on Fedora is a little pain in the ass as there is plenty of things to do manually to have cacti working
a) Install pre-required RPM packages

yum -y install mysql-server mysql php-mysql php-pear php-common php-gd php-devel php php-mbstring php-cli php-snmp php-pear-Net-SMTP php-mysql httpd net-snmp-utils php-snmp net-snmp-libs

Note! that if you already have a server with Apache + PHP configured many of above packages will report to be installed.

Whether mysql-server was not existing previously, change your MySQL password to a new-one

mysqladmin -u root password NEWPASSWORD

Create database for Cacti to store collected data:

mysql -u root -p -e 'create database cacti'

Connect to mysql server and create cacti user:

mysql> GRANT ALL ON cacti.* TO cacti@localhost IDENTIFIED BY 'very-secret-password'; mysql> FLUSH privileges;

Create SNMP configuration for Cacti and start SNMP

vi /etc/snmp/snmpd.conf

and paste into it:

com2sec local     localhost           public
group MyRWGroup v1         local
group MyRWGroup v2c        local
group MyRWGroup usm        local
view all    included .1                               80
access MyRWGroup ""      any       noauth    exact all    all    none
syslocation Unknown (edit /etc/snmp/snmpd.conf)
syscontact Root (configure /etc/snmp/snmp.local.conf)
pass .1.3.6.1.4.1.4413.4.1 /usr/bin/ucd5820stat

Start SNMPD and make it start automatically on Fedora boot

# /etc/init.d/snmpd start # chkconfig snmpd on

Test whether SNMP server is properly working and returning info:

snmpwalk -v 1 -c public localhost IP-MIB::ipAdEntIfIndex

You should get output like:

IP-MIB::ipAdEntIfIndex.192.168.10.5 = INTEGER: 2
IP-MIB::ipAdEntIfIndex.217.xx.xx.xxx = INTEGER: 3
IP-MIB::ipAdEntIfIndex.127.0.0.1 = INTEGER: 1

Install Cacti package:

yum -y install cacti

Import Cacti initial SQL data:

– Check in RPM package where is default cacti.sql

rpm -ql cacti | grep cacti.sql

/usr/share/doc/cacti-0.8.7i/cacti.sql

mysql -u cacti -p very-secret-password < /usr/share/doc/cacti-0.8.7i/cacti.sql

Configure Cacti:

vi /etc/cacti/db.php

/* make sure these values refect your actual database/host/user/password */
$database_type = "mysql";
$database_default = "cacti";
$database_hostname = "localhost";
$database_username = "cacti";
$database_password = "very-secret-password";
$database_port = "3306";

A small note to make here is Cacti can be configured to also work with MariaDB backend but, I haven't tried it so far …

Set Cacti cronjob to periodically update cacti stats

vi /etc/cron.d/cacti

*/5 * * * * cacti /usr/bin/php /usr/share/cacti/poller.php > /dev/null 2>&1

Make Cacti accessible from Web – add cacti alias in Apache

vi /etc/httpd/conf.d/cacti.conf

#
# Cacti: An rrd based graphing tool
#
Alias /cacti    /usr/share/cacti

<Directory /usr/share/cacti/>
        Order Deny,Allow
        Deny from all
        Allow from 10.0.0.0/8
</Directory>

Restart Apache to load new config

/etc/init.d/httpd restart

3. Install Cacti on Gentoo Linux

Modify your /etc/make.conf so USE="" options looks like this:

USE="symlink mmx sse sse2 bash-completion vhosts xml sockets snmp"

Install Cacti, PHP and Apache and webapp-config with emerge (Gentoo package manager)

emerge apache php cacti webapp-config

Hopefully all should get installed properly, if you get an error like "Could not read settings from webapp-config" run:

cd /etc/ etc-update

Create a vhost if you don’t already have one and then run the following. Then install cacti to the vhost using webapp-config. Remember to change the -h option to reflect the name of your vhost and that you may need to set a different cacti version number if cacti has been updated since I posted this article.

webapp-config -I -h yourdomain.com -d cacti cacti 0.8.7e-r1 mysqladmin -p --user=root create cacti mysql -p --user=root cacti < /var/www/yourdomain.com/htdocs/cacti/cacti.sql mysql -p --user=root mysql GRANT ALL ON cacti.* TO cactiuser@localhost IDENTIFIED BY 'somepassword'; flush privileges;

Add a cron entry to your tab to get Cacti to update. Add the following entry to your crontab updating the path as needed

crontab -u root -e

And paste

*/5 * * * * apache /usr/bin/php /var/www/yourdomain.com/htdocs/cacti/poller.php > /dev/null 2>&1

Now open in a browser:

http://yourdomain.com/cacti

After logging, Click Graphs tab (located on left top) corner and after a while your should see the graphs start to be drawn.

3. Install Cacti on OpenSuSE

Install Cacti from Yast suse package manager. A very good complete instructions on OpenSuSE installation is here

4. Configuring Cacti to draw statistics for host

So far so good now Cacti is installed but to make it generate its configuration its necessery to do some configuration tampering.
Cacti's configuration is pretty obscure and it needs time and a couple of tries until you have learned how to configure statistics generation.
Cacti's web interface is divided by two major parts Console (From which all kind of configuration is done) and Graphs (From here all confugured graphs can be expected, and information for time periods setted services, memory, CPU, hard drive, etc. can be obtained).

To Complete Cacti installation and configuration using a web-browser

Access URL:

http://your-domain.com/cacti/

cacti-user-login-monitoring-your-server-interactively-in-web-initial-login-screen

By default Cacti is configured to have user admin with password admin. Login to Cacti and you will be prompted to change default password – set it to whatever you like.

cacti_firstscreen_screenshot_linux_debian

Configure Cacti to do SNMP data collection

Cacti will use SNMP protocol to obtain server traffic statistics and visualize them.

Click on:

Devices -> Add

Fill in only fields (and let the rest as it is):

Description: Pc-freak.net
hostname: 127.0.0.1
Select for SNMP Version (drop down menu): SNMP Version 2

and then click on

Create button (located right down)

cacti-snmp-linux-good-config-options-screenshot
Here I've used localhost (127.0.0.1) as a hostname, because localhost server is to be monitored for remote monitoring of cacti set the REMOTE IP or hostname instead.

In field Associated Data queries add Data query for:

SNMP – Get Mounted Partitions
SNMP – Get Process Information
SNMP – Interface statistisc

P.S. Use the Add button for all this ..

Create SNMP graphs collection for first time

Click on Create Graphs for this Host see – top right side.

create-graphs-for-this-host-linux-cacti-screenshot

create-graphs-for-this-host-cacti-debian-redhat-rhel-centos-linux

Select on SNMP – Interface Statistics

Choose a graph type (for exmp. In/Out bytes with total bandwidth)

To Finalize click Create button

Create Graphs for this host

Creating Graph Trees

Use Console -> Graph Trees -> Add -> Sample Tree

Choose:

Setting type: Manual Ordering (No Sorting)

Tree Item Type: Graph

Graph: Server Name – Traffic eth0

Then press Create (button)

To verify the graphs are drawed corretly in a while go to:

Graphs -> Sample Tree (or whatever you named the tree during creation)

Interface Graphs and 64-bit Counters

By default, Cacti uses 32-bit counters in SNMP queries. 32-bit counters are sufficient for most bandwidth graphs, but they do not work correctly for graphs greater than 100 Mbps. If it is known that the bandwidth will exceed more than 100 Mbps, it is always advisable to use 64-bit counters. Using 64-bit counters is not hard at all.

Note! It takes usually around 15 minutes for Cacti to populate new graphs. There is no option to run cacti on cron manually but you have to wait

After some time of Cacti running, you will end up with nice graphics like this:

cacti-example-output-statistics-debian-centos-linux

If you get some issues and even after 15 / 20 minutes you still don't have the graphics drawed to debug the issues check for errors in:

/var/log/apache2/error.log – If there are missing rra files this should be logged here
/var/log/cacti/cacti.log
/var/log/cacti/poller-error.log – If the reason for not drawing the graphics is permissions errors will be here
/var/log/rrd.log – should contain rrd related errors

Important thing to mention is Cacti is requiring php exec() option to be functional. On hosts which has disabled exec(); function for security reasons cacti will fail to produce graphs.

References and thanks to:

http://xmodulo.com/2013/11/monitor-linux-servers-snmp-cacti.html http://openmaniak.com/cacti_tutorial.php http://www.cacti.net/ http://www.debianhelp.co.uk/cacti.htm

Tags: apache php, CentOS, com, community, crontab, Install Cacti, login, multiple times, php, Select, server performance, SNMP, var, www
Posted in Monitoring, Networking, System Administration, Web and CMS | No Comments »

Automatic restart Tomcat on Windows script via TaskScheduler daily – A command line to add / remove new Windows “Cron” like job

Thursday, January 22nd, 2015

automatic-restart-Tomcat-on-Windows-via-TaskShcheduler-daily-weekly-monthly-a-command-line-to-add-remove-new-windows-cron-job
I'm responsbile for a project environment made up of 3 components which is occasionally dying. Here is a short raw overview of environment

Apache Reverse Proxy (entry door to app server)
Tomcat Server with an Application enabling web access
A Java Standalone application using SQLite database

The Tomcat and Java Standalone application is running on top of Windows 2008 RC2 Standard, the overall environment is becoming inacessible periodically and in order to solve that the customer decided to implement a daily Windows server reboot in my opinion this is very bad approach as it is much better to just set an auto reboot of each of components using few tiny batch scripts and Windows Taskmgr, however as the customer is king and decided to implement the reboot its their own thing.
However even fter the daily server reboot was set once a week or so the application was becoming inaccessible and a Tomcat server restart was necessery as a fix.

Finally as a work-around to the issue, I've proposed the logical thing to automatically restart Tomcat once a day early in morning, here is how Tomcat auto Restart was implemented on the Win server:

1. Check out the name of running Tomcat service

First thing is to use the sc command to find out the Tomcat application name:

how-to-show-tomcat-service-name-command-windows-screenshot

C:UsersGeorgi>sc query state= all| findstr "Tomcat"
SERVICE_NAME: Tomcat7_r2c
DISPLAY_NAME: Apache Tomcat Tomcat7_r2c
C:UsersGeorgi>

2. Create bat script to stop and start Tomcat service

Press keyboard Win-button + R, start notepad type inside:

@echo off
sc stop Tomcat7_r2c && sc start Tomcat7_r2c

( MyApp-Tomact-Restart-bat-file-ms-windows-screenshot

Don't be confused from screenshot that I have Tomcat7_MyApp instead of Tomcat7_r2c, but I made screenshot in hurry for another app.
Save the file, somewhere (preferrably) in application folder/bin/ it is best to save it once with bat extension MyApp-Tomcat_Restart.bat and once as MyApp-Tomcat_Restart.xml (XML format file is later needed for import to Task Scheduler which understands .XMLs). The .bat file is good to have because it is useful to somtimes restart Tomcat manually by running it (in case of some sudden Tomcat Appserver occurs even though the auto-restart script).

3. Create new Task using command line (cmd.exe)

Task can be created also from command line using following syntax:

schtasks /Create [/S [/U [/P [ ]]]]
/XML <xmlfile> /TN <taskname>

Simple way to create a new Windows task is shown in below command, it will set my Tomcat Restart script to run everyday in 05:00 early morning when no employees are using the system:

schTasks /Create /SC DAILY /TN "My Task" /TR "C:UsersGeorgiDesktopmyApp-Tomcat_Restart.bat" /ST 05:00
SUCCESS: The scheduled task "Tomcat Restart Task" has successfully been created.

import-new-windows-task-scheduler-task-from-command-line-windows-add-new-cronjob-command-screenshot

4. Create / Import new Windows "Cron" job

Alternative way is to use Task Scheduler GUI frontend and create new (Basic Task) or import just created script

To run Windows Task Scheduler from comamnd line :

Taskschd.msc

taskschd_windows-run-from-command-line-screenshot

To import already existing .XML formatted file for Task scheduler, right click on the Task Scheduler (Local) and select Import task

task-scheduler-local-task-import-microsoft-2008-r2-windows-screenshot

Import the myApp-Tomcat_Restart.XML previously created file

Adjust settings to suit your needs, but what change atleast:

the path to the myApp-Tomcat_Restart.bat file in Actions tab
the Local User account with which script will be running (administrator) in General tab

Task-Scheduler-windows-general-local-user-account-with-which-task-will-be-running

After making all changes you will be prompted for server Administrator account password

5. check existing Win Cron job from command line

To see the configured (Scheduled Tasks) in command line mode with a command:

Schtasks.exe

schtasks-windows-equivalent-command-to-linux-unix-crontab-screenshot

The command is Windows equivalent to UNIX / Linux's crontab, e.g.:

crontab -u root -l

6. Delete existing Windows Task Job from Command line

If you happen to need to delete just created task or any other task from command line (Assuming that you know the previously created task name), use cmd:

C:>schtasks /Delete /TN "Tomcat Restart Task"
WARNING: Are you sure you want to remove the task "Tomcat Restart Task" (Y/N)? y

SUCCESS: The scheduled task "Tomcat Restart Task" was successfully deleted.

Task completed, Tomcat will auto-restart on Windows host at your scheduled time. Feedback is mostly welcome 🙂
Enjoy

Tags: Apache Tomcat Tomcat7_r2c, auto reboot, command, community, Create Import, customer, Delete, door, environment, job, line, opinion, scripts, state, syntax, thing, Tomcat Restart Task, Windows Taskmgr
Posted in Everyday Life, System Administration, Various, Web and CMS, Windows | 2 Comments »

Is Free software communistic in essence. My 5 cents rant on Free Software’s ideology

Wednesday, October 9th, 2013

linux-because-microsoft-is-for-capitalists-running-dos

I've seen people online blaming Stallman and Free Software Movement for being communistic. I've thought over it for a while so decided to give my 5 cents rant on that. Obviously there is still people in America who doesn't make difference between capitalism, communism and socialism. Yes it is true, GNU / Linux and Free Software are socialistic in essence and obviously Stallman's ideas are close to Socialists ideas, but for sure in his essence its not against capitalism and even less against democracy. So why there are still people recognizing free software as communistic? I think it is due to their mis-understanding that Free Software doesn't stand for making people equal but it is for giving chance to everyone who has interest to learn and doesn't have the financial possibility to do it. By its existince free software gives the poor Afrika's population legal way to install and use software free of charge. The idea of free software is purely scientific, there are plenty of researchers who denied patenting their invention because they wanted to share their findings with the world like Willhelm Roentgen's finding of X-rays. FS is for giving to society it is for software for people who should not be necessary divided by social status or bank account. Free Software puts out bariers since its fosters a spirit of community so much lost in our very divided century, it makes people involved in FS opened to itself and being friends no matter of social status. It is to make people free to choose and do whatever they like with each software it is about transperancy and equal start to programmers and computer enthusiasts. I'll be curious to hear people's opinion?

Tags: community, doesn, essence, free software, free software movement, FS, make, rant, software, stallman, status
Posted in Entertainment, Various | No Comments »

How to configure pine (alpine) console client to work with vpopmail pop3 and imap protocol

Monday, June 13th, 2011

I needed to check my mail via ssh connection, as my installed squirrelmail is curently broken and I’m away from my own personal computer.

I did some online research on how this can be achieved and thanksfully I finallyfound a way to check my pop3 and imap mailbox with a console client called alpine , better known in unix community under the name pine .

I installed pine on my Debian with apt:

debian:~# apt-get install alpine

Here is my pine configuration file .pinerc used to fetch my mail with pine:

a .pinerc conf file to check my pop3 mail

To use that file I placed it in my home directory ~/ , e.g.:

debian:~# wget https://www.pc-freak.net/files/.pinerc ...

To attune the pop3 server configuration in the sample .pinerc above one needs to change the value of:

inbox-path=
For example to configure pine to fetch mail from the pop3 server mail.www.pc-freak.net and store it locally in my home directory within a file called INBOX
I have configured the inbox-path .pinerc variable to look like so:

inbox-path={mail.www.pc-freak.net/pop3/user=hipo@www.pc-freak.net}INBOX

In above configuration’s inbox-path variable configuration the /pop3/ specifies I want to fetch my mail via the pop3 protocol , if one wants to use imap this has to be substituted with /imap/

The value user=hipo@www.pc-freak.net specifies my vpopmail created user which in my case is obviously hipo@www.pc-freak.net

The other variables which are good to be changed in .pinerc config are:

personal-name=

This variable has to be set to the name of the Email Sender which will be set, if pine is used to send email.

I also changed the user-domain variable as it’s used to set the domain name from which the pine client will send the emails from:

As my domain is www.pc-freak.net I’ve set the domain name variable to be:

user-domain=www.pc-freak.net

Now after launching pine it prompted me for my email password, putting in the pass did fetch all my new unread mails via pop3 protocol.

The only annoying thing was that each time I quit pine and start it up again, I’m now asked to enter the email password.

This behaviour is really shitty, but thanksfully one can easily workaround that by letting pine be constantly running detached in gni screen session.

Tags: alpine, Auto, case, client, community, Computer, conf, config, configuration file, configure, connection, domain pc, Draft, email, email password, email sender, example, file, finallyfound, freak, hipo, home directory, imap, inbox, mail, mailbox, name, online, own personal computer, password, personal name, pine configuration, pinerc, pop, pop3 mail, pop3 protocol, pop3 server, Protocol, screen, server configuration, server mail, session, squirrelmail, ssh, time, unix, unix community, value, variables, vpopmail, way, wget
Posted in Linux, Various | No Comments »

☩ Walking in Light with Christ – Faith, Computing, Diary

Posts Tagged ‘community’

Automatic restart Tomcat on Windows script via TaskScheduler daily – A command line to add / remove new Windows “Cron” like job

Is Free software communistic in essence. My 5 cents rant on Free Software’s ideology

Daily Bible quote

GET ARTICLE UPDATES

Useful blog? Help it:

Links to Other Places

Recent Posts

Ads

Categories

About Myself

Recent Comments

Top Post Views

blogtopsites