Posts Tagged ‘multiple times’

The beheading of Saint John the Baptist feats in Eastern Orthodox Church – A short history of saint John Forerunners Holy Relics

Saturday, September 14th, 2019

Beheading_of_St_John_the_Baptist_Icon_IX-century

Saint John the Baptist (The Forerunner of Christ) is all known for being the baptizer of the Lord Jesus Christ in Jordan's river in Israel.

However as nowadays most people are away from the Church and from traditions, that many generations of our ancestors used to follow, little know the details of his beheading and the meaning of why he is venerated so much by so many generations in the last 2000 years.

Thus In this small article, I'll try to shed some light on the Saint John Beheading feast known in Church Slavonic world as Oseknovenie (Осекновение) = beheading and is considered a day of sorrow for the Church for the reason the biggest Old Testamental prophet, a hermit and a man of Gigantic spiritual significance Saint John the Baptist has been beheaded unfairly for having no fault at all but this happened so his righteousness raise up even more and be clear for the generations to come.

The feast of Saint John the Baptist is celebrated on 29 of August in Eastern Orthodox Church, where old Calendar Churches celebrate the feast (13 days) later on 11 of September – I'll not get into details about calendars as this is a long discussion for a separate article.

It should be said in the Church saint John the Baptist is considered the highest saint among all“the first among martyrs in grace”, venerated next in glory to Virgin Mary.

The Martyrdom of Saint John happened in the 32 years after the Nativity (The Birth) of Christ as this is said in the Gospel of Mathew 14:1-12 and Gospel of Mark (6:14-29) in New Testament.

Saint-John-The-Baptist-Orthodox-Bulgarian-icon

Many of the small details, we know about saint John and his earthly living are not given in the Gospel however, but are instead given in the Chuch Tradition (that is kept in the main books and the Living of the Saints, as well as all the books written by the officially canonized saints over the years that used for Eastern Orthodox Church services Singing for many centuries).

From there we know the beheading of Saint John happened short time before the Crucifixion of Christ. After the death of Herode the Great, Romans divided the territory of Province of Palestine in 4 parts and on top of each placed his governor.

Herodos Antipa received by Emperor Augustus Galilea as a territory of Governance. He had a law binded marriage, who was a daughter of king Arepha. Herod left her and cohabited (unlawfully) with Herodias who was his mistress and brother's wife.

As Herodos was a governer and recpetively example for all his subordinate in his Kingdom and was living unlawfully with that woman saint John who knew him personally rebuked him multiple times publicly advising him to leave that woman and live with his lawfully marriaged one as it was written in God's law – that such people are worthy for death just like moreover this was the unwritten law followed by all kind of peoples of his time from noble to smallest and poorest.

Herodoes did not listened and wanted to get rid of saint Johns somehow but he was scared to accuse him for some kind of kingdom lawlessness as the knew saint John was a true prophet of God and feared the people who recognized him as a true prophet  as well as feared he might be put off throne for his evil deed if he finds an excuse to kill the prophet of God.

As the critics on Herodoes living with a concubine while being in marriage, eventually not finding any other way to shut Saint John's mouth, king Herodoes put saint John in Prison with the excuse Saint John was a rebel and preaching things against established authority (About this event is said in Bible Gospel of Luke 3, 19-20).

For his birthday Herodoes prepared enormous banquet in which in front of the many invited guests danced (Salome / Salomia) – the daughter of Herod II and Herodias and her dancing was so much pleasing for the already drunk Herod and in his drunkenness he promised to give her anything she desired up to half of his kingdom.
Salome was still young woman and as it was the tradition then not knowing what would be the best to ask for, she asked her Mother and the Mother being in unlawful relations with Herod in her hatred for the rebuking prophet saint John asked, the head of Saint John the Baptist on a platter.

The-Beheading-of-Saint-John-The-Baptist-Salomnia-dance-in-front-of-Herodos-Sv.-Ioan-Krastitel

The dance of Salome with Saint John's head on a Platter Orthodox icon

Even though Herod was appaled by this strange request, he had to reluctanly agree to keep his word as he was a ruler of a great power and for that time, not keeping a word publicly given would make him though weak, a fraudulant and eventually this will be reason for a rumors for his unseriousness to circulate the kingdom, thus unwillingly he agreed sent soldier to the prison to behead Saint John and the Head of the saint was brought to the perverted Solome and the harlot mother of hers Herodias.

Due to Church tradition when the Head of the 'Biggest in Spiritual Power' of Man born after Christ, as the Gospel speaks was brought to the lecherous feast, the Head even in the platter continued to rebuke, the unwalfullness of Herod.
 

The Jewish famous Historian Flavius Josiphus in his historical book Antiques of the Jews wrote, the reason for beheading of Saint John was:

"lest the great influence John had over the people might put it into his [John’s] power and inclination to raise a rebellion, (for they seemed ready to do any thing he should advise), [so Herod] thought it best [to put] him to death."

Flavius also states that many of the Jews believed that the military disaster that fell upon Herod as his throne fall a by the hands of Aretas his (father-in-law) was God's immediate punishment for unrighteous behaviour.
There is no exact date when behading of Saint John occured but the historians place it somewhere in year 28 or 29 A. D. (Anno Dommini).

Execution_of_John_the_Baptist_orthodox-icon


The body of saint John was buried immediately (separately from the body) as Herodias for her hatred for the prophet ordered the body to be buried separately from the head, it was buried in the small Palestinian Village (Sebaste), while Herodias took his holy head and buried it in a dung heep. 
Later Joanna (canonized later by saint known as Saint Joanna) – a wife of Herods steward, secretly went to place took the head and buried in the Mount of Olives, where it remained hidden for many centuries.

But the wrath of God is never late soon after Salome was passing a frozen river and while walking on it the ice collapsed and her body up to the head fall hanging in the water, while her head was sitting still over the water.
Just as she used to kick her feet on the ground, she was now, like dancing, making helpless movements in icy water.
 

So Salome hung until the sharp ice cut through her neck. Her head, cut off with a sharp ice, then her head was brought to Herod and Herodias, as John the Baptist's head had once been brought to them, and her body had never been found. The king of Arif of Arabia, in revenge for the dishonor of his daughter – the wife of Herod the four-owner – moved his troops against the wicked king and defeated him. The Roman emperor Guy Julius Caesar Caligula (37-41) in anger sent Herod, together with Herodias, into captivity to Gaul, and then to  . There they were consumed by the sprawling earth.


By a divine revelation the head of Saint John has been found in the 4th century (Celebrated in the Church with a special feast known as The First Finding of Saint John's the Baptist head by a governing official of Eastern Roman empire district who eventually choose to become a monk (monk Inokentij / Innocent). The head of saint John has been found by both divine revelation and the testimony of an Old Jew who confirmed the Jewish oral tradition for the burial of John the Baptist head on that exact place .
Innocent decided to build a Church and a monastic Cell in glory of Saint John the Baptist as the place was holy and sanctified by the graceous head of St. John.
Fearful that holy relics of such a high importance, might be soon stolen and sold, mocked over by unbelievers or destroyed, he immediately hide (burid) the St. John on the very same place, where he found it in the same vessel it was orginally.
Unfortunately on monk Innocent dead the Church fell into ruin was abandoned due to its desert location and eventually as it always happened in that times with old buildings, people used its construction stones for fortifying their own near village houses.

The Second Finding of the Head of Saint John the Baptist, happened some years later in 452 A.D. , during the days of Constantine the Great by two Christian monks who went for a Jerusalem for pilgrimage.who had God given revelation (Saint John himself appeared in a kind of a Vision to the two) and hsa indicated for the same hidden location where Innocent found it (laying under the Church ruins altar).
After digging on the place, the holy relic was found placed in a sack and brought with them to heir home land. On the way back they've met a potter not telling him what was inside the bag and asked him the bag to carry being lazy to do. Saint John the Baptist appeared the potter and told him to take his head and bring it away from this careless lazy monks immediately. The potter took Saint John's head home, and kept it there praying fervently to saint John the Baptist daily, soon before his death he put the head in a container and gave it to his sister.
The 1st and 2nd finding of saint Johns head is established as a feast celebrated yearly in Eastern Orthodox Church on 24 of February.

beheading-of-saint-John-icon

The feast of Beheading of Saint John in the Church is always observed in the Eastern Orthodox Churches Bulgarian, Russian, Serbian, Greek, Romanian, Georgian etc. with a strict fasting as a sign for the great sorrow we Christians have for the beheading of the Greatest of Prophets and Highest in sight of God born of man.

In some cultures, the pious will not eat food from a flat plate, use a knife, or eat round or red food (such as tomatoes, watermelon, red peppers etc.) on this day.

A short time after a Hieromonk Eustathius (considered by Church historians) to be part of the Arian heretical division happen to have th chance to possess the holy head and he used it frequently to attract followers to the Heretical teachings of Arius (a Lybian heretic presbyter who was condemned in 325 A.D. on the First Council of Nicea convened by Saint Emperor Constantine The Great. Being in a hardships Eustathius buried the head in a cave near Emesa (circa 810 – 820) and soon after a monastery was built on that place by God's providence.

In the year 452, St. John the Baptist appeared to Archimandrite Marcellus of this monastery and indicated where his head was hidden in a water jar buried in the earth. The relic was brought into the city of Emesa and was later transferred to Constantinople.

Saint_John_Head_Holy-relics-Caput-Sti-Joannis-Baptistae-Praecurssoris-Domini-1

The current pressumable relics of head of Saint John the Baptist kept in San Silvestro in Capite Rome

The head of John Baptist disappeared once again after it was transferred from Comana of Cappadocia during a period of Muslim raids (about 820) and was again hidden in the ground during a period of iconoclastic persecusion.
After the veneration of icons was restored in year 850, A vision was revelead by God to patriarch Ignatius of Constantinople (ruling on patriarchial throne in 847 – 857) saw a vision revealing the place where the head of saint John was hidden around y. 850. The patriarch as the order was then communicated about his vision to emperor Michael III, who sent a delegation to Comana, where the head was found. Soon after the head was transferred to city of Nyc and here on 25 of May it was placed in a church in emperor court in Constantinople. The Church feast of the Third Finding of Saint John Baptist head is established for celebration in the Eastern Orthodox Church on 25 of May.

Third-finding-of-Saint-John-the-Baptist-head-holy-relics-orthodox-icon

Currently many small particles of Saint John Head are available for generation among many Eastern Orthodox and Roman Catholic Churches.

The-Face-of-saint-John-the-Baptist-in-Cathedral-of-Our_Lady-in-Amiens-Cathedral

The head  is claimed to be in San Silvestro (Saint Silvester) in Capite in Rome or in Amiens Cathedral, said to have been brought from Constantinople by Wallon de Sarton as he was returning from the Fourth Crusade.
There are also some sources claiming that the real head of John the Baptist is buried in Turkish Antioch or Southern France.

Amiens_-_Cathedrale_Notre-Dame_France

Amiens Cathedrale Notre Dame France – one of most magnificent Gothic edifice in Europe.

During the French Revolution the kept Head in Amiens has been secretly hidden by the Amiens city Mayor in his own home to protect this sacred relic from the destruction (as many holy relics saints disappeared or have been destroyed) by the rebellious enraged crowds fighting for the rights of "Liberty, Equality, Fraternity" being the goals of the Masonic bortherhoods and many secret societies in France in that time.

Also a reliquary at the Residenz in Munich, Germany, is labeled as containing the skull of John the Baptist by Catholics. In history some sources claim the St. John used to be owned by Knight Templars
А piece of Saint John Baptist skull is held at the Eastern Orthodox Romanian skete Prodromos on Mount Athos.

Further on according to Church tradition saint Luke the Evangelist went to the city of Sebaste bringing with him the right hand of Saint John the Forerunner which was conducting numerous of miracles.

Some of the Relics of John the Baptist are said to be in the possession of the Coptic Orthodox Monastery of Saint Macarius the Great in Scetes, Egypt.
It is said John the Baptist's arm and a piece of his skull can be found at the Topkapı Palace in Istanbul, Turkey.

the_Holy-head-of-saint-John-the-Baptist-relics

It is said John the Baptist's arm and a piece of his skull can be found at the Topkapı Palace in Istanbul, Turkey.
At the time of Mehmed the Conqueror, the skull was held in Topkapı, while after his death, his stepmother Mara Branković, a Serbian princess, brought it to Serbia. It was then kept a while at the Dionisios monastery at Mount Athos, then the skull fragment was sent to a nearby island in order to prevent the outbreak of a plague; however, the Ottoman fleet seized it and delivered it to Hasan Pasha of Algeria, who held it in his home until his death. It was then returned to Topkapı. The skull is kept on a golden plate decorated with gold bands with gems and Old Serbian inscriptions. The plate itself is stored in a 16th-century rock crystal box.

The-Face-of-saint-John-the-Baptist-in-Cathedral-of-Our_Lady-in-Amiens-Holy-Relics

The face of St. John the Baptist, in the Cathedral of Our Lady in Amiens.

St. John's arm was brought from Antioch to Constantinople at the time of Constantine VII. It was kept in the Emperor's chapel in the 12th century, then in the Church of the Virgin of the Pharos, then in the Church of Peribleptos in the first half of the 15th century. Spanish envoy Clavijo reported that he saw two different arms in two different monasteries while on a visit to Constantinople in 1404. With the Fall of Constantinople, the Ottomans seized possession of it. In 1484, Bayezid II sent it the knights of Rhodes, while they held his brother Cem captive in return. In 1585, Murad III had the arms brought from Lefkosia castle to Constantinople (henceforth known as Istanbul). The arm is kept in a gold-embellished silver reliquary. There are several inscriptions on the arm: "The beloved of God" on the forefinger, "This is the hand of the Baptist" on the wrist, and "belongs to (monk) Dolin Monahu" on the band above the elbow.

In July 2010, a small reliquary was discovered under the ruins of a 5th-century monastery on St. Ivan Island, Bulgaria. Local archaeologists opened the reliquary in August and found bone fragments of a skull, a hand and a tooth, which they believe belong to st. John the Baptist, based on their interpretation of a Greek inscription on the reliquary.The remains have been carbon-dated to the 1st century. Currently The found relics are being placed for veneration in the sea resort town  of Sozopol, Bulgaria in the Church of saint saint Cyril and Methodius.

The_Holy_Relics-of-Saint-John-The-Baptist-kept-in-Saint-Cyril-Church-Sozopol

Saint John the Baptist Holy Relics in Sozopol Bulgaria

 

Sozopol-Lithia-Lity-with-the-holy-relics-of-saint-John-the-Baptist
 A Lity (Orthodox Vespers) in front of Saint Cyril and Methodius Church in Sozopol resort Bulgaria

There is much to be said in Saint Johns beheading and many great Theology books have been written on the topic however I hope the goal of this article to give a very brief overview for the ordinary people to know our human history over the last 2000 which is highly entangled with Christian faith  succeeded to give a very brief overview on the history of the beheading of saint John the Baptist and the deep history across his holy relics veneration over the centuries.

As a closure for the Article I find worthly to share the sung troparion in the Church services glorifying of saint John the Forerunner in Old Bulgarian / Church Slavonic, Greek and English

TROPARION IN CHURCH SLAVONIC

Па́мять пра́веднаго с похвала́ми, тебе́ же довле́ет свиде́тельство Госпо́дне, Предте́че: показа́л бо ся еси́ вои́стинну и проро́ков честне́йший, я́ко и в струя́х крести́ти сподо́бился еси́ Пропове́даннаго. Те́мже за и́стину пострада́в, ра́дуяся, благовести́л еси́ и су́щим во а́де Бо́га, я́вльшагося пло́тию, взе́млющаго грех ми́ра и подаю́щаго нам ве́лию ми́лость.

TROPARION IN GREEK

Μνήμη Δικαίου μέτ' ἐγκωμίων, σοὶ δὲ ἀρκέσει ἡ μαρτυρία τοῦ Κυρίου Πρόδρομε· ἀνεδείχθης γὰρ ὄντως καὶ Προφητῶν σεβασμιώτερος, ὅτι καὶ ἐν ῥείθροις βαπτίσαι κατηξιώθης τὸν κηρυττόμενον. Ὅθεν τῆς ἀληθείας ὑπεραθλήσας, χαίρων εὐηγγελίσω καὶ τοῖς ἐν ᾍδῃ, Θεὸν φανερωθέντα ἐν σαρκί, τὸν αἴροντα τὴν ἁμαρτίαν τοῦ κόσμου, καὶ παρέχοντα ἡμῖν τὸ μέγα ἔλεος.

TROPARION (TONE 4)
O Prophet and Forerunner of the coming of Christ, in spite of our eagerness to render you due honor, we fall short when singing your praise. Your glorious birth saved your mother from the shame of barrenness, returned to your father the power of speech, and proclaimed to the world the Incarnation of the Son of God.

KONTAKION (TONE 3)
The woman who had been barren becomes fertile and gives birth today to the Forerunner of Christ. He is the greatest and last of the prophets, for standing in the waters of the Jordon River, he placed his hands on Christ whom all the prophets had announced, and in so doing he became a prophet himself, a preacher and a forerunner of the Word of God.

ClamTK Linux Desktop Anti-Virus program – Checking Windows mapped drives with ClamTK

Thursday, June 20th, 2013

Linux desktop graphical program to scan for-viruses ClamTK clamav frontend application

In general Linux has fame for being Virus Free Operating System. During the 13 last years as dedicated GNU / Linux user, I've seen Linux servers with binaries infected with Viruses, however the hosts, were severely messed hosts because noone updated them on time and script kiddy crackers has "hacked" multiple times. In lifetime one of my old testing computers got infected with Virus because of my mistake of running "suspicious" pre-compiled "cracker" software binaries with no MD5 verification and "questionable" websites…
I share this story because, I want to beat-up the Myth that Linux cannot have Viruses. It CAN but not very likely to happen 🙂

As a Desktop user over the last 10 years, even though I installed plenty of packages from third party sources and never happened to infect my computer with Virus – or at least if I infected I never knew it. A lot of popular MS-Windows Anti-Virus programs, has already ports for Linux. Just to mention few non-free Linux AV software providing install binaries;

  • Avast

  • BitDefender

  • AVG

  • Dr. Web

Though risk of Viruses on Linux is so tiny, it is useful to have ANTI-Virus Software to check files received from Skype, E-mails and onse downloaded with Browser. I always prefer so until now I used Clamav Antivirus to keep an eye periodically on my Desktop Linux host and servers running mail servers (those who run Mail Servers know how useful is Clamav in stopping tons of E-mail attached Malware Viruses and Trojans).

I use mostly Debian Linux, so on every new server or Desktop one of first things I did was to install it, i.e.:

# apt-get --yes install clamav
...

Before I knew Clamav AV for Windows has GUI, anyways till recently I didn't know if there is some kind of free software AV Graphical frontend for Linux. I just found out about ClamTK

Linux Free Antivirus ClamTk clamav Virus Scanner graphical frontend

ClamTK is available in most Linux distributions from default package repositories

On Debian and Ubuntu to install it run common:

debian:~# apt-get --yes clamtk
...

On Fedora and CentOS Linux to install:

[root@fedora ~]# yum -y install clamtk
...

Its best to run it as root superuser (or via sudo) to make ClamTK able read all files or mounts on system:

hipo@debian:~$ sudo clamtk

ClamTK is very simple to use and there are only few configuration options;
clamtk desktop linux free antivirus startup preferences

clamtk scan for viruses linux gui proxy

linux Anti-Virus Desktop graphics  easy to use AntiVirus ClamTK preferences screenshot

ClamTK is very useful when used with mounted Samba Shared (Mapped) Windows drives to scan for Viruses and malware, i.e, after mounting share using cmd like:

# smbmount //192.168.2.28/projects /mnt/projects -o user=USERNAME

Clean disk space, fix broken shortcuts and delete old restore points on Windows 98,XP, 2000 with Free Spacer

Thursday, February 28th, 2013

 

freespacer perfect clean disk space on Windows 98 XP 2000 russian software

If you end up with a low disk space, or a lot of broken shorcuts without knowing how this exaclty happened  on  Windows XP and you need to free some disk space on OS without manually bothering to delete Windows Temporary files. Check out a tiny Russian Program called Free Spacer. The program is a good substitute for the inefficient windows default app Disk Cleaner. Free Spacer is FreeWare and it can be just used "as it is" but unfortunately access to source code is unavailable as well as use for commercial purposes is prohibited.

I've used Free Spacer multiple times on messed up PCs and always it does good, it is an excellent piece of software. Any Windows-Admin knows  Cleaning some disk space from unnecessary junk files, makes PC work faster. Free Spacer is very useful to run on Virus infested PCs, together with SpyBot , Malware Bytes and some AV soft like Avira.

As software is Russian, unfortunately menu buttons are in Russian too. Even non-russians can easily orientate as the most important buttons are first two from up to bottom and the last which is exit. The first button on from top onwards starts searching for garbage and obsolete and temporary files you can afterwards delete with the second button Удалить – meaning Delete in Russian). A note to make here is on newer Windows than XP Pro or XP Home FreeSpacer does not work well; even though it installs and runs on x86 Windows Vista and Win 7 it hangs up during scan.

For latest version of FreeSpacer check Free Spacer's Official version here, only available in Russian. As of time of writting this post FreeSpacer's latest version is 1.67, I've created mirror of FreeSpcer 1.67 here.

Here is description of what FreeSpacer "features" translated to English:

  • Powerful cleaner drive of unnecessary files.
  • Cleans efficient found "garbage." files
  • A large number of masks for the detection of unnecessary files / folders.
  • Cleanup folders with temporary files, not only Windows / Internet, but about 30 popular programs.
  • Search for invalid shortcuts.
  • Search system restore points.
  • Search for missing files and folders.
  • Support Exclude files and folders.
     

How to: Open Office view / edit .doc , .odt document in Full Screen mode

Tuesday, January 8th, 2013

Most programs, like Firefox, Opera, Chrome, Adobe Acrobat Reader, Evince etc. etc. have as a default set F11 to bring the program to full screen.  It seems logical that the Linux substitute for Microsoft Office – Open Office should also go full screen while the user press F11, but weirdly it doesn't.

Pressing F11 in Open Office on my current Debian Squeeze (6.0.5) Stable Linux with OpenOffice.org 3 brings to screen Styles and Formatting customization dialog.

openoffice.org 3 debian linux F11 key press Styles and Formatting dialog screenshot

I'm not sure why openoffice is behaving like this, but one of my guess is cause OpenOffice was multiple times upgraded whenever I upgraded my Debian to latest stable with apt-get update && apt-get upgrade thus most likely still some keyboard bindings from older OO versions are affecting it. There are two ways to make OpenOffice display in Full-Screen.

1. Using OO menus

Use View -> Full Screen (F11)

As I said it is possible, the F11 key assignment is still reacting to old config assignment as in dialog for full screen the Shortcut key said to bring OO full-screen is F11.

2. Making OpenOffice FullScreen through keyboard

Keyboard config to bring OpenOffice to Full-Screen mode is a simultaneous key-press of:

CTRL + SHIFT + J

Pressing Ctrl + Shift + J again brings OO to its standard window.

Openoffice / Libreoffice run in full screen screenshot pic Debian squeeze Linux

Though I'm not sure I assume in newer OpenOffice versions now distributed under the LibreOffice name (cause of some Patents and Licensing issues), CTRL + SHIFT + J should bring up LibreOffice in Full-Screen too. I don't have at hand installed version of LibreOffice, so if someone can confirm for sure of Ctrl + Shift + J makes LibreOffice go FullScreen? Please drop comment.

Cheers 😉
 

How to enable AUTO fsck (ext3, ext4, reiserfs, LVM filesystems) checking on Linux boot through /etc/fstab

Tuesday, July 12th, 2011

How to auto FSCK manual fsck screenshot

Are you an administrator of servers and it happens a server is DOWN.
You request the Data Center to reboot, however suddenly the server fails to boot properly and you have to request for IPKVM or some web java interface to directly access the server physical terminal …

This is a very normal admin scenario and many people who have worked in the field of remote system administrators (like me), should have experienced that bad times multiple times.

Sadly enough only a insignifant number of administrators try to do their best to reduce this down times to resolve client stuff downtime but prefer spending time playing the ztype! game or watching some porn website 😉

Anyways there are plenty of things like Server Auto Reboot on Crash with software Watchdog etc., that we as sysadmins can do to reduce server downtimes and most of the manual human interactions on server boot time.

In that manner of thougts a very common thing when setting up a new Linux server that many server admins forget or don’t know is to enable all the server partition filesystems to be auto fscked during server boot time.

By not enabling the auto filesystem check options in Linux the server filesystems did not automatically scan and fix hard drive partitions for fs innode inconsistencies.
Even though the filesystems are tuned to automatically get checked on every 38 system reboots, still if some kind of filesystem errors are found that require a manual confirmation the boot process is interrupted and the admin ends up with a server which is not reachable remotely via ssh !

For the remote system administrator, this times are a terrible times of waitings, prayers and hopes that the server hardware is fine 😉 as well as being on hold to get a KVM to get into the server manually and enter the necessery input to fsck prompt.

Many of this bad times can be completely avoided with a very simple fix through /etc/fstab by enabling all server partitions containing any filesystem to be automatically checked and fixed in case if inconsistencies or errors are found by fsck.ext3, fsck.ext4, fsck.reiserfs etc. commands.

A very typical default /etc/fstab file you will find on many servers should look something like:

/dev/sda8 / ext3 errors=remount-ro 0 1
tmpfs /dev/shm tmpfs defaults 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0
sysfs /sys sysfs defaults 0 0
proc /proc proc defaults 0 0
/dev/sda1 /home ext3 defaults 0 0

Notice the line:
/dev/sda1 /home ext3 defaults 0 0

The first column in the example contains the device name, the second one its mount point, third its filesystem type, fourth the mount options, fifth (a number) dump options, and sixth (another number) filesystem check options. Let’s take a closer look at this stuff.

The ones which are interesting to enable auto fsck checking and error resolving is provided usually by the last sixth variable (filesystem check option) which in the above example equals 0 .

When the filesystem check option equals 0 this means the auto fsck and repair for the respective filesystem is disabled.
Some time in the past the dump backup option (5th option in the example) was also used but as far as I can understand today it’s not that important in modern GNU/Linux distributions.

Now having the above sample crontab in order to enable the fsck file checking on Linux boot for /dev/sda1 , we will need to modify the above line’s filesystem check option be 2, e.g. the line would afterwards look like:

/dev/sda1 /home ext3 defaults 0 2

Setting the 2 as an option for filesystem check is necessery for every filesystem which is not mounted as a root filesystem /

In above example /etc/fstab you already see that auto filesystem fsck is enabled for root partition:

/dev/sda8 / ext3 errors=remount-ro 0 1
(notice the 1 in the end of the line)

Finally a modified version of the default sample /etc/fstab which will check the extra /dev/sda1 /home partition would look like so:

/dev/sda8 / ext3 errors=remount-ro 0 1
tmpfs /dev/shm tmpfs defaults 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0
sysfs /sys sysfs defaults 0 0
proc /proc proc defaults 0 0
/dev/sda1 /home ext3 defaults 0 2

Making sure all Linux server partitions has the auto filesystem check option enabled is something absoultely necessery!
Enabling the auto fsck on servers always makes me sleep calmer 😉
Hope it helps your too. 🙂

Howto install GeoTrust RapidSSL certificate on Debian Lenny / Squeeze / Wheezy Linux

Thursday, March 25th, 2010

I faced the task of generating official Validated SSL Certificates by in mydaily duties as a System Administrator at cadiaholding.com . Though generating self-signedSSL certificate is comparatively easy task. It was a pain in the ass setting Apache version 2.2.9-10+lenny6to correctly serve pages through https:// protocol over openssl version 0.9.8g-15+lenny6.I’ll try to go through the whole process of Generating the certificate in order to help some other Debianusers out there to face less setbacks in such a simple task as installing a Trusted SSL Certificate issued(bought) by RapidSSL. Even though this article will mostly deal with SSL certificate issued by RapidSSL,it should be not a problem to apply this methodogy with Verisign or some of the other Geotrust issuedSecure Socket Layer certificates.

In generating the Validated certficate I used enom which is a domain name,ssl certificates, email and hosting company whole-saler.
Fron emon’s website after logging in and using the web interface, there are two major things required to fill inin order to issue your Trusted SSL certificate.

1. Fill in in a form a CSR file, this is usually generated on the Linux server using the openssl.
To issue the CSR file required by Enom use the following commands:

a. First we generate an DES3 RSA encrypted key which we will use next to generate the opeensl CSR file required by ENOM.
debian:~# /usr/bin/openssl genrsa -des3 -out www.domain.com.key 2048
Enter pass phrase for www.domain.com.key:

You’ll be required to fill in a pass-phrase that will be later be required to fill in before Apache servers starts or restarts,so make sure you fill something you either remember or you keep the password stored in a file.
You have to change also the www.domain.com.key in accordance with your domain name.
Now as we already have a proper generated DES3 RSA key afterwards it’s necessery to generate the CSR file with the openssl command line frontend.
So here is how:

debian:~# /usr/bin/openssl req -new -key /home/hipo/www.domain.com.key -out /home/hipo/www.domain.com.csr

Again in the above example change all the paths and file names as you wish.
It’s necessery that the end user fill in a number of questions related to the Certificate Signing Request.
Herein I’ll list what kind of prompts will emerge after executing the above command:

Enter pass phrase for /home/hipo/www.domain.com.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Note that you’ll hav eto fill in the pass phrase previously entered during the generation of the www.domain.com.key file.
In case if you’d like to read more thoroughly on the subject of howto create a Certificate Signing Request or (CSR) as we called it on multiple times, you can read About Certificate Signing Request (CSR) Generation Instructions – Apache SSL more in depth here

2. Hopefully following the above instructions you’ll now have a file named www.domain.csrJust open the www.domain.scr and copy paste it’s content to the ENOM website CSR * webform.

3. Further on select your Webserver type on Enom’s website:In our case we have to select Apache + ApacheSSL

4. What follows next is filling in your company contact information This is also required for proper certificate generation, you have to think twice before you fill in this data, take a note this can’t be changed later on without issuing a brand SSL new certificate.

Apart from the 3 major above requirements to fill in Enom there are some few more radio buttons to use to make some selections according to your personal preferences, however I won’t take time to dig in that and I’ll leave this to you.
After all the above is fulfilled you’ll have to submit your certificate details and choose an email address to which you will receive in a minute a RapidSSL Certificate Request Confirmation

Following a link from the email, will show you some basic information about the certificate about to be generated. That’s your final chance to cancel the issued Trusted Certificated.
If you’re absolutely sure the information about to enter the certificate is correct then you’ll have to follow a link and approve the certificate.

You’ll be informed that you’ll receive your certificate either through Certifier website (e.g. Enom’s website) or via another email.
I thought it’s more probable I receive it via email but anyways I was wrong. More thank 4 hours has passed since the certificate was issued and is available via Enom’s interface but I haven’t received nothing on my mail.
Therefore my friendly advice is to check about your brand new shiny Trusted Certificate on Emom’s website. I had mine ready in about 10 minutes after the CSR was issued.

Assuming that you’ve succesfully obtained the SSL Trusted certificate from RapidSSL what follows is setting up the certificate.
Initially I tried using documentation from RapidSSL website called Installing your SSL Certificate / Web Server Certificate / Secure Server Certificate from RapidSSL.com
I tried to configure one of my Virtualhost as shown in their example inserting in my /etc/apache/sites-available/www.domain.com file, few directives within the VirtualHost something like the shown below

SSLEngine on
# domain.com.crt cointains the Trusted SSL certificate generated and obtained by you from RapidSSL
SSLCertificateFile /etc/apache2/ssl/www.domain.com.crt
# www.domain.com.key contains the file used to generate the CSR file as described earlier in this post
SSLCertificateKeyFile /etc/apache2/ssl/www.domain.com.key

It is also possible insetad of using the SSLCertificateFile and SSLCertificateKeyFile directvies directives in Apache config to use:

 

Another alternative is to use

SSLCertificateFile /etc/ssl/certs/your-domain-name.crt
SSLCertificateKeyFile /etc/ssl/certs/your-domain-name.key
SSLCACertificateFile /etc/ssl/certs/gd_bundle.crt

The key file is the one generated earlier on the server and handed to the SSL regisrar, the files:

your-domain-name.crt and gd_bundle.crt files are provided by RapidSSL or from whatever SSL registrater the SSL was purchased.

After trying the above configuration and restarting apache with:

/etc/init.d/apache2 restart

Apache failed to start, it might be helpful to somebody out there the error I had in my apache error.log:
The error.log red the following:

[warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)

After some 30 minutes or an hour of Googling on the error I came to the conclusion that the error is caused, becauseApache is supposed to work with .PEM files instead of the classical .CRT and .KEY files asnormally approached in most of the other Unix operating systems.

It took me a bit more of reading on the internet to find out that actually the .pem files so widely adopted in Debian simply contain both the www.domain.com.key file and the www.domain.com.crt key simply pasted one after another, this I also observed from the default Apache self-signed certificate that I believe comes with debian /etc/apache2/ssl/apache.pem .
So I copied both the content of my www.domain.com.key and www.domain.com.crt and store it in one file:
/etc/apache2/ssl/www.domain.com.pem

Also the following configuration:
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/www.domain.com.pem

had to go in your
/etc/apache2/sites-enabled/www.domain.com

Last thing that’s left is to restart your Apache;

/etc/init.d/apache2 restart

Apache will prompt you for your certificate password entered by you during the www.domain.com.key generation. Type your password and with a bit of luck and hopefully with God’s help you’ll be having a Trusted Certificate on your webserver.

Last step is to check if the certificate is okay accessing your domain https://www.domain.com.

Well this is the end of the article, hope you enjoy.If you do please leave your comments, any corrections are also welcomed 🙂