Posts Tagged ‘Hopefully’

The Gospel of the Second Resurrection (John 20:19–26) Bright Monday Gospel reading interpretation

Sunday, April 12th, 2026

Resurrection-of-Christ-Bulgarian-Eastern_Orthodox-Christian-Miracle-making-icon
Christ is Risen ! Truly he is Risen ! 

Another year to celebrate Resurrection day, I great all my readers with the Holy and Glorious day of The Resurrection of Christ !
Happy Resurrection day, Happy Easter to All faithful Christians and all Technology Freaks out there who look for the Universal truth and meaning of life !

Happy Resurrection to those who are searching it and those who find it, as I tend to find more and more that more technological literate people came to become Christian and find the Light and truthfulness of Holy Orthodox Christian Faith !
 

In Orthodox Christianity, the Second Resurrection Service often called Agape Vespers is a deeply symbolic and joyful service celebrated on the afternoon or evening of Pascha, the feast of Christ’s Resurrection, an event that changed history forever and made the Time to be counted on Age before Christ and Age after him Anno Domini ( A.D. ) Christ's victory over death and importance of the Resurrection has become a turning stone for whole world and has one time forever changed the history to Bring the Light of Heaven on earth again after the fall of man in Eden's garden. 
In Orthodox Christian tradition the feast of Resurrection is being celebrated Staring from the Day of Pascha (The Resurrection of Christ) towards his Ascension on the Day of Ascension on the 40th Day. Many might not today, that the first 7 days Week of Pascha is actually a whole period of celebration like a day who marks The Resurrection and the whole week in Orthodox tradition is considered as one single day. The first 3 days when the Lord Jesus Christ raised to the death after being in Hell with his soul to Save and Save all the waiting souls of prophets and old testamental times of old righteous people and those who repented (on Holy Saturday) the Next day after Crucifix (on Holy Friday) are the Most glorious and important days of the whole 40 days period of the Resurrection till time the Lord Ascended to Heaven with his Glorious Resurrectied Body

The Paschal Church service of the Resurrection of Christ which is celebrated with serving Saint Basyl's Holy Liturgy in Orthodox Christian tradition always starts exactly at Midnight. In many traditions nowdays like also in Bulgarian tradition, the Holy Fire is brought by Plane to the Synodal Palace of the Church from hence it is distributed across local Pariches Churches to bring the Light of the Miracle of Jerusalem of Holy Fire that happen once and only for Eastern Orthodox Christians, when a Light of Heaven comes to light up the Candle of Jerusalem's Eastern Orthodox Christian patriarch as a eternal confirmation of the Truthfulness of the Resurrection of Christ (a God's sign for Unbelievers to think and study the Orthtoxy). The miracle of Holy Fire happened even this year in Jerusalem in the Holy Sepulcher Church (built on top of the Place of Resurrection of Christ). Thanks God even though humanity sinfulness (and the escalating wars) which by Miracle and God's grace and great Mercy has been temporary suspended for the World to mark the Feast of the Feast of The Resurrection. It is a clear miracle that this temporary peace in Ukraine and Russia as well as Israel and Iran happened exactly on the days of the Eastern Orthodox Christian resurrection, which is this year as most years one week later than the Roman Catholic pascha (as we at the Orthodox Church still do venerate righteously the rule of The first Church Council of Nicea.).

The reason to follow Easter differently for Eastern Orthodox Chrsitians from Western Roman Catholic Christians is often misunderstood and puts great confusion to explain especially to modern people from East and West faith that work together in corporations, thus I'll put a short explanation on why we Eastern Orthodox Christians celebrate Pascha often differently than Roman Catholics?:
There are 3 main reasons that sted from the Ecumenical council of Nicea:
 

  1. Separation from Jewish Timing: The Council mandated that Christians should no longer rely on Jewish calculations for the 14th of Nisan. The Emperor Constantine, in a letter following the council, argued that it was "unworthy" for Christians to follow the custom of those who had rejected Christ.
  2. Solar-Lunar Formula: To remain independent, the Council adopted the "Alexandrian method": Pascha must fall on the first Sunday after the first full moon occurring on or after the vernal equinox.
  3. Biblical Sequence: While the council's surviving canons do not explicitly state "after Passover," the Orthodox Church maintains that the Nicene intent was to preserve the Biblical sequence of events. Since the Resurrection happened after the Jewish Passover in the Gospels, the Orthodox calculation ensures Pascha never precedes or coincides with the start of the Jewish festival. 

On the next day after we celebrate the Feast of Resurrection (Velikden as called in Eastern tradition) is Bright Monday. The day is very special as the Night Vigil and Morning Service with Holy Liturgy ends up very late around 3, 3-30 A.M. And the service is created by Holy Fathers of the Church inspired by God as a way to experience for second time (on the same day)the Joy of the Resurrection, so the spiritual joy be even more multiplied and well undestood b the Church members.

The Bright Monday or Easter Monday in Eastern Orthodox Christian tradition is marked by what is often called the “Second Resurrection”service. 

The service is a continuation of the joy of Pascha, emphasizing the universal proclamation of Christ’s victory over death.

At the heart of this celebration is the Gospel reading from John 20:19–26, which recounts Christ’s first appearances to His disciples after the Resurrection. What is unique for the service is this is the only day in year when the One and Holy Universal Eastern Orthodox Church shows its universality and union and acceptance of all languages as a mean to proclaim the Good new of Salvation way the Holy Gospel introduced for everyone who believed in the name of the Jesus Christ as a Son of God and Savior of the World by Having introduced the reading of a Gospel reading in different nation languages 

Here is a selection of the Text reading as translated in different languages, might be helpful if you belong to one of those Churches abroad, to read the text on "Second Resurrection", bright monday Service:
 

English (King James Version)
John 20:19–26

Then the same day at evening, being the first day of the week, when the doors were shut where the disciples were assembled for fear of the Jews, came Jesus and stood in the midst, and saith unto them, Peace be unto you.
And when he had so said, he shewed unto them his hands and his side. Then were the disciples glad, when they saw the Lord.
Then said Jesus to them again, Peace be unto you: as my Father hath sent me, even so send I you.
And when he had said this, he breathed on them, and saith unto them, Receive ye the Holy Ghost:
Whose soever sins ye remit, they are remitted unto them; and whose soever sins ye retain, they are retained.
But Thomas, one of the twelve, called Didymus, was not with them when Jesus came.
The other disciples therefore said unto him, We have seen the Lord. But he said unto them, Except I shall see in his hands the print of the nails, and put my finger into the print of the nails, and thrust my hand into his side, I will not believe.
And after eight days again his disciples were within, and Thomas with them: then came Jesus, the doors being shut, and stood in the midst, and said, Peace be unto you.

Bulgarian (Synodal translation) 
Йоан 20:19–26

Вечерта в същия ден, първия на седмицата, когато вратите, дето бяха събрани учениците, бяха заключени от страх от юдеите, дойде Иисус, застана посред и им каза: Мир вам!

И като рече това, показа им ръцете и ребрата Си. Учениците се зарадваха, като видяха Господа.
Иисус пак им рече: Мир вам! Както Ме прати Отец, така и Аз ви пращам.
Като каза това, духна и им рече: Приемете Духа Светаго.
На които простите греховете, ще им се простят; на които задържите, ще се задържат.
А Тома, един от дванайсетте, наречен Близнак, не беше с тях, когато дойде Иисус.
Другите ученици му казваха: Видяхме Господа. А той им рече: Ако не видя на ръцете Му белега от гвоздеите и не туря пръста си в раните от гвоздеите и не туря ръката си в ребрата Му, няма да повярвам.
След осем дни учениците Му пак бяха вътре и Тома с тях. Дойде Иисус, когато вратите бяха заключени, застана посред и рече: Мир вам!

 Russian (Synodal) 
От Иоанна 20:19–26

В тот же первый день недели вечером, когда двери дома, где собирались ученики Его, были заперты из опасения от Иудеев, пришел Иисус, и стал посреди, и говорит им: мир вам!
Сказав это, Он показал им руки и ребра Свои. Ученики обрадовались, увидев Господа.
Иисус же сказал им вторично: мир вам! как послал Меня Отец, так и Я посылаю вас.
Сказав это, дунул, и говорит им: примите Духа Святаго.
Кому простите грехи, тому простятся; на ком оставите, на том останутся.
Фома же, один из двенадцати, называемый Близнец, не был тут с ними, когда приходил Иисус.
Другие ученики сказали ему: мы видели Господа. Но он сказал им: если не увижу на руках Его ран от гвоздей и не вложу перста моего в раны от гвоздей и не вложу руки моей в ребра Его, не поверю.
После восьми дней опять были в доме ученики Его, и Фома с ними. Пришел Иисус, когда двери были заперты, стал посреди их и сказал: мир вам!

Ἐκ τοῦ κατὰ Ἰωάννην ἁγίου Εὐαγγελίου τὸ ἀνάγνωσμα.
Greek (Κοινή / Patriarchal Text – Orthodox usage) 

Οὔσης οὖν ὀψίας τῇ ἡμέρᾳ ἐκείνῃ τῇ μιᾷ σαββάτων, καὶ τῶν θυρῶν κεκλεισμένων ὅπου ἦσαν οἱ μαθηταὶ συνηγμένοι διὰ τὸν φόβον τῶν Ἰουδαίων, ἦλθεν ὁ Ἰησοῦς καὶ ἔστη εἰς τὸ μέσον καὶ λέγει αὐτοῖς· Εἰρήνη ὑμῖν.
καὶ τοῦτο εἰπὼν ἔδειξεν αὐτοῖς τὰς χεῖρας καὶ τὴν πλευρὰν αὐτοῦ. ἐχάρησαν οὖν οἱ μαθηταὶ ἰδόντες τὸν Κύριον.
εἶπεν οὖν αὐτοῖς πάλιν ὁ Ἰησοῦς· Εἰρήνη ὑμῖν· καθὼς ἀπέσταλκέ με ὁ Πατήρ, κἀγὼ πέμπω ὑμᾶς.
καὶ τοῦτο εἰπὼν ἐνεφύσησε καὶ λέγει αὐτοῖς· Λάβετε Πνεῦμα Ἅγιον·
ἄν τινων ἀφῆτε τὰς ἁμαρτίας, ἀφίενται αὐτοῖς· ἄν τινων κρατῆτε, κεκράτηνται.
Θωμᾶς δὲ εἷς ἐκ τῶν δώδεκα, ὁ λεγόμενος Δίδυμος, οὐκ ἦν μετ’ αὐτῶν ὅτε ἦλθεν ὁ Ἰησοῦς.
ἔλεγον οὖν αὐτῷ οἱ ἄλλοι μαθηταί· Ἑωράκαμεν τὸν Κύριον. ὁ δὲ εἶπεν αὐτοῖς· Ἐὰν μὴ ἴδω ἐν ταῖς χερσὶν αὐτοῦ τὸν τύπον τῶν ἥλων καὶ βάλω τὸν δάκτυλόν μου εἰς τὸν τύπον τῶν ἥλων καὶ βάλω τὴν χεῖρά μου εἰς τὴν πλευρὰν αὐτοῦ, οὐ μὴ πιστεύσω.
καὶ μεθ’ ἡμέρας ὀκτὼ πάλιν ἦσαν ἔσω οἱ μαθηταὶ αὐτοῦ καὶ Θωμᾶς μετ’ αὐτῶν. ἔρχεται ὁ Ἰησοῦς τῶν θυρῶν κεκλεισμένων καὶ ἔστη εἰς τὸ μέσον καὶ εἶπεν· Εἰρήνη ὑμῖν.

 Serbian (Епископски / Orthodox usage)
Јован 20:19–26

А у вече тог првог дана седмице, кад су врата где беху ученици сабрани била затворена од страха од Јудејаца, дође Исус и стаде међу њих и рече им: Мир вам!
И ово рекавши, показа им руке и ребра Своја. Тада се обрадоваше ученици видевши Господа.
Тада им Исус опет рече: Мир вам! Као што је Отац послао Мене, и Ја шаљем вас.
И ово рекавши, дуну и рече им: Примите Духа Светога.
Којима опростите грехе, опраштају им се; којима задржите, задржани су.
А Тома, један од дванаесторице, звани Близанац, не беше с њима кад дође Исус.
Тада му други ученици говораху: Видели смо Господа. А он им рече: Ако не видим на рукама Његовим ране од клинова и не ставим прст свој у ране од клинова и не ставим руку своју у ребра Његова, нећу веровати.

И после осам дана опет беху унутра ученици Његови и Тома с њима. Дође Исус кад врата беху затворена, стаде међу њих и рече: Мир вам!

 Romanian (Biblia sinodală – Orthodox)
Ioan 20:19–26

Și fiind seară, în ziua aceea, cea dintâi a săptămânii, și ușile fiind încuiate unde erau ucenicii adunați de frica iudeilor, a venit Iisus și a stat în mijloc și le-a zis: Pace vouă!
Și zicând aceasta, le-a arătat mâinile și coasta Sa. Deci s-au bucurat ucenicii, văzând pe Domnul.
Și le-a zis iarăși Iisus: Pace vouă! Precum M-a trimis pe Mine Tatăl, vă trimit și Eu pe voi.
Și zicând aceasta, a suflat asupra lor și le-a zis: Luați Duh Sfânt.
Cărora veți ierta păcatele, le vor fi iertate; și cărora le veți ține, vor fi ținute.
Iar Toma, unul din cei doisprezece, numit Geamănul, nu era cu ei când a venit Iisus.
Deci ceilalți ucenici îi ziceau: Am văzut pe Domnul. Dar el le-a zis: Dacă nu voi vedea în mâinile Lui semnul cuielor și nu voi pune degetul meu în semnul cuielor și nu voi pune mâna mea în coasta Lui, nu voi crede.
Și după opt zile, ucenicii Lui erau iarăși înăuntru, și Toma împreună cu ei. A venit Iisus, ușile fiind încuiate, și a stat în mijloc și a zis: Pace vouă!
 

German (Luther tradition / Orthodox-used standard translation style)
Johannes 20,19–26

Und am Abend desselben ersten Tages der Woche, als die Türen verschlossen waren, wo die Jünger versammelt waren aus Furcht vor den Juden, kam Jesus und trat mitten unter sie und spricht zu ihnen: Friede sei mit euch!

Und als er das gesagt hatte, zeigte er ihnen die Hände und seine Seite. Da wurden die Jünger froh, dass sie den Herrn sahen.

Da sprach Jesus abermals zu ihnen: Friede sei mit euch! Gleichwie mich der Vater gesandt hat, so sende ich euch.

Und als er das gesagt hatte, hauchte er sie an und spricht zu ihnen: Empfangt den Heiligen Geist!

Welchen ihr die Sünden erlasst, denen sind sie erlassen; und welchen ihr sie behaltet, denen sind sie behalten.

Thomas aber, einer der Zwölf, der Zwilling genannt wird, war nicht bei ihnen, als Jesus kam.

Da sagten ihm die anderen Jünger: Wir haben den Herrn gesehen. Er aber sprach zu ihnen: Wenn ich nicht in seinen Händen die Nägelmale sehe und meinen Finger in die Nägelmale lege und meine Hand in seine Seite lege, so will ich nicht glauben.

Und nach acht Tagen waren seine Jünger abermals drinnen, und Thomas war bei ihnen. Kommt Jesus, als die Türen verschlossen waren, und tritt mitten unter sie und spricht: Friede sei mit euch!

Arabic (بطريركي / Orthodox liturgical usage)
إنجيل يوحنا 20:19–2

ولما كانت عشية ذلك اليوم، وهو أول الأسبوع، وكانت الأبواب مغلقة حيث كان التلاميذ مجتمعين خوفًا من اليهود، جاء يسوع ووقف في الوسط وقال لهم: سلام لكم.

ولما قال هذا أراهم يديه وجنبه، ففرح التلاميذ إذ رأوا الرب.

فقال لهم يسوع ثانية: سلام لكم. كما أرسلني الآب أرسلكم أنا أيضًا.

ولما قال هذا نفخ فيهم وقال لهم: اقبلوا الروح القدس.

من غفرتم خطاياه تُغفر له، ومن أمسكتم خطاياه أُمسكت.

أما توما، أحد الاثني عشر، الذي يُدعى التوأم، فلم يكن معهم حين جاء يسوع.

فقال له التلاميذ الآخرون: قد رأينا الرب. فقال لهم: إن لم أبصر في يديه أثر المسامير وأضع إصبعي في أثر المسامير وأضع يدي في جنبه لا أؤمن.

وبعد ثمانية أيام كان تلاميذه أيضًا داخلًا، وكان توما معهم. جاء يسوع والأبواب مغلقة، ووقف في الوسط وقال: سلام لكم!

Georgian (საქართველოს მართლმადიდებელი ეკლესია)
იოანე 20:19–26

და იყო მწუხრი იმ დღესა, კვირის პირველ დღეს, და კარნი დახშულნი იყვნენ, სადაც მოწაფენი იყვნენ შეკრებილნი იუდეველთა შიშისგან, მოვიდა იესო და დადგა მათ შორის და ჰრქუა მათ: მშვიდობა თქუენდა.
და ეს რომ თქვა, უჩვენა მათ ხელნი და გვერდი თვისი. და გაიხარეს მოწაფეებმა, იხილეს რა უფალი.
მაშინ კვლავ უთხრა მათ იესომ: მშვიდობა თქუენდა; როგორც მამამ მომავლინა მე, მეც თქვენ მოგავლინებთ.
და ეს რომ თქვა, შეუბერა მათ და უთხრა: მიიღეთ სული წმინდა.
ვისაც მიუტევებთ ცოდვებს, მიეტევებათ მათ; და ვისაც დაუკავებთ, დაუკავდებათ.
ხოლო თომა, ერთი თორმეტთაგანი, რომელსაც ეწოდებოდა ტყუპი, არ იყო მათთან, როცა მოვიდა იესო.
უთხრეს მას სხვა მოწაფეებმა: ვიხილეთ უფალი. ხოლო მან უთხრა მათ: თუ არ ვიხილავ მის ხელებზე ფრჩხილების ნიშანს და არ შევიტან ჩემს თითს ფრჩხილების ნიშანში და არ შევიტან ჩემს ხელს მის გვერდში, არ ვირწმუნებ.
და რვა დღის შემდეგ კვლავ იყვნენ შინ მისი მოწაფენი და თომაც მათთან. მოვიდა იესო, კარნი დახშულნი იყვნენ, დადგა მათ შორის და უთხრა: მშვიდობა თქუენდა.
 

Albanian (Orthodox Albanian Bible usage)
Gjoni 20:19–26

Dhe kur u bë mbrëmje në atë ditë, ditën e parë të javës, dhe dyert ishin të mbyllura ku ishin mbledhur dishepujt nga frika e judenjve, erdhi Jezusi dhe qëndroi në mes dhe u tha atyre: Paqe juve!
Dhe pasi tha këtë, u tregoi duart dhe brinjën e Tij. Atëherë dishepujt u gëzuan kur panë Zotin.
Dhe Jezusi u tha përsëri: Paqe juve! Sikurse më dërgoi Ati, ashtu ju dërgoj edhe unë juve.
Dhe pasi tha këtë, fryu mbi ta dhe u tha: Merrni Frymën e Shenjtë.
Kujt t’ia falni mëkatet, do t’u falen; kujt t’ia mbani, do t’u mbeten.
Por Thomai, një nga të dymbëdhjetët, i quajtur Binjaku, nuk ishte me ta kur erdhi Jezusi.
Dishepujt e tjerë i thoshin: E pamë Zotin. Por ai u tha: Nëse nuk shoh në duart e Tij shenjat e gozhdëve dhe nuk vë gishtin tim në shenjat e gozhdëve dhe nuk vë dorën time në brinjën e Tij, nuk do të besoj.
Dhe pas tetë ditësh, dishepujt e Tij ishin përsëri brenda dhe Thomai me ta. Erdhi Jezusi, kur dyert ishin të mbyllura, dhe qëndroi në mes dhe tha: Paqe juve!

Czech (Český ekumenický / Orthodox-used translation style)
Jan 20,19–26

Když byl večer onoho dne, prvního dne v týdnu, a dveře, kde byli učedníci shromážděni ze strachu před Židy, byly zavřeny, přišel Ježíš, postavil se doprostřed a řekl jim: Pokoj vám!

A když to řekl, ukázal jim ruce a svůj bok. Učedníci se zaradovali, když viděli Pána.
Ježíš jim znovu řekl: Pokoj vám! Jako Otec poslal mne, tak já posílám vás.
A když to řekl, dechl na ně a řekl jim: Přijměte Ducha Svatého.
Komu odpustíte hříchy, budou mu odpuštěny; komu je zadržíte, budou zadrženy.
Tomáš, jeden z dvanácti, zvaný Didymos, nebyl s nimi, když přišel Ježíš.
Ostatní učedníci mu říkali: Viděli jsme Pána. Ale on jim řekl: Jestliže neuvidím na jeho rukou jizvy po hřebech a nevložím svůj prst do jizev po hřebech a nevložím svou ruku do jeho boku, neuvěřím.
A po osmi dnech byli jeho učedníci opět uvnitř a Tomáš s nimi. Přišel Ježíš, když byly dveře zavřeny, postavil se doprostřed a řekl: Pokoj vám!

Slovak (Orthodox-used / liturgical style)
Ján 20,19–26

Keď bol večer toho prvého dňa v týždni a dvere, kde boli učeníci zhromaždení zo strachu pred Židmi, boli zavreté, prišiel Ježiš, postavil sa doprostred a povedal im: Pokoj vám!
A keď to povedal, ukázal im ruky a svoj bok. Učeníci sa zaradovali, keď videli Pána.
Ježiš im znova povedal: Pokoj vám! Ako mňa poslal Otec, aj ja posielam vás.
A keď to povedal, dýchol na nich a povedal im: Prijmite Ducha Svätého.
Komu odpustíte hriechy, budú mu odpustené; komu ich zadržíte, budú zadržané.
Tomáš, jeden z dvanástich, zvaný Didymus, nebol s nimi, keď prišiel Ježiš.
Ostatní učeníci mu hovorili: Videli sme Pána. Ale on im povedal: Ak neuvidím na jeho rukách stopy po klincoch a nevložím svoj prst do stôp po klincoch a nevložím svoju ruku do jeho boku, neuverím.
A po ôsmich dňoch boli jeho učeníci znova vnútri a Tomáš s nimi. Prišiel Ježiš, keď boli dvere zatvorené, postavil sa doprostred a povedal: Pokoj vám!

The Meaning of the Passage

This Gospel takes place on the evening of the Resurrection:

“Peace be with you.” (John 20:19)

The disciples are gathered in fear, behind closed doors. Yet Christ appears among them not as a ghost, but in His glorified body. His greeting, “Peace be with you,” is not merely comforting, it is transformative. It signals reconciliation between God and humanity.

Christ then shows His wounds, proving that the Crucified One is truly the Risen One.

The Gift of the Holy Spirit

One of the most profound moments in this passage is when Christ breathes on the disciples:

“Receive the Holy Spirit.” (John 20:22)

This act recalls the creation of Adam, when God breathed life into humanity. Here, the Risen Christ inaugurates a new creation—restoring and renewing mankind.

He also grants the apostles authority:

“If you forgive the sins of any, they are forgiven…” (John 20:23)

This becomes the foundation of the Church’s sacramental life.

The Absence of Thomas

Thomas is not present during this first appearance. His absence becomes spiritually significant, he represents all who struggle with doubt.

When told of the Resurrection, Thomas responds:

“Unless I see… I will not believe.” (John 20:25)

This honest doubt sets the stage for the next encounter (read the following Sunday), where faith is deepened through experience.

Why It Is Called the “Second Resurrection Gospel” ?

This Gospel reading done in multiple languages during Easter Monday services, is very adequate in international Church communities such as Orthodox Church pariches in Western Europe and America where, there are church members from virtually every nationality. 
Those reading is conduceted in Church Pariches by people whos native language is the language of reading or by anyone in the Church community that can speak or read the language. Thus the Church assemblyy shows clearly to the World:

1. The universality of the Resurrection for All Mankind and a reference to the Primal Language of Edem which in New Testamental times after Christ is the Language of Love and virtues as given by Christ.
2. The spreading of the Gospel to all nations (for which the apostles and every Christian has been called by the Saviour
The unity of the Church across cultures and tongues
3. The unity of the Church across cultures and tongues and the one saving truth that if practiced as prescribed will lead humanity and each individual to Christs faith and salvation.

Closing words
 

Hopefully this article was interseting for tech guys and some diversity from the boredom of tech stuff. I hope it shed some light love, faith, hope and peace and understanding for anyone who searches for the Truth.

I will close it with the Great and glorious and spiritually rich Paschal Sermon of Saint John Crysostom, that is being red on the Easter Service (at some Churches it is practice to read this sermon over the first three days Church services of Pasche).

The Catechetical Sermon of St. John Chrysostom reading Matins of Pascha.

The_Descent-of-Jesus-Christ-in-Hades-to-save-all-in-Hell-saint-Ekaterina-monastery-from-years-around-1500s

The descent to Hades of Christ – Saint Ekaterina Monastery ancient of Resurrection

If any man be devout and love God, let him enjoy this fair and radiant triumphal feast.
If any man be a wise servant, let him rejoicing enter into the joy of his Lord.
If any have labored long in fasting, let him now receive his recompense.
If any have wrought from the first hour, let him today receive his just reward.
If any have come at the third hour, let him with thankfulness keep the feast.
If any have arrived at the sixth hour, let him have no misgivings; because he shall in nowise be deprived thereof.
If any have delayed until the ninth hour, let him draw near, fearing nothing.
If any have tarried even until the eleventh hour, let him, also, be not alarmed at his tardiness; for the Lord, who is jealous of his honor, will accept the last even as the first; He gives rest unto him who comes at the eleventh hour, even as unto him who has wrought from the first hour.

And He shows mercy upon the last, and cares for the first; and to the one He gives, and upon the other He bestows gifts.
And He both accepts the deeds, and welcomes the intention, and honors the acts and praises the offering.
Wherefore, enter you all into the joy of your Lord; and receive your reward, both the first, and likewise the second.
You rich and poor together, hold high festival. You sober and you heedless, honor the day.
Rejoice today, both you who have fasted and you who have disregarded the fast.
The table is full-laden; feast ye all sumptuously.
The calf is fatted; let no one go hungry away.

Enjoy ye all the feast of faith: Receive ye all the riches of loving-kindness.
Let no one bewail his poverty, for the universal kingdom has been revealed.
Let no one weep for his iniquities, for pardon has shown forth from the grave.
Let no one fear death, for the Savior’s death has set us free.
He that was held prisoner of it has annihilated it. By descending into Hell, He made Hell captive.
He embittered it when it tasted of His flesh.
And Isaiah, foretelling this, did cry: Hell, said he, was embittered, when it encountered Thee in the lower regions.
It was embittered, for it was abolished. It was embittered, for it was mocked.
It was embittered, for it was slain. It was embittered, for it was overthrown.
It was embittered, for it was fettered in chains.
It took a body, and met God face to face.
It took earth, and encountered Heaven.
It took that which was seen, and fell upon the unseen.

O Death, where is your sting? O Hell, where is your victory?
Christ is risen, and you are overthrown.
Christ is risen, and the demons are fallen.
Christ is risen, and the angels rejoice.
Christ is risen, and life reigns.
Christ is risen, and not one dead remains in the grave.
For Christ, being risen from the dead, is become the first fruits of those who have fallen asleep.
To Him be glory and dominion unto ages of ages.
Amen.

Tags: , , , , , , , , , , , , , , , , , , ,
Posted in Christianity, Everyday Life | No Comments »

How to Install and Use Grafana Loki on Linux for mupltiple server Log Metrics Monitoring

Tuesday, March 31st, 2026

how-to-install-and-use-grafana-loki-on-linux-for-log-metrics-monitoring-for-multiple-server-observability-logo
Grafana Loki has become a popular choice for log management on Linux systems, nowadays, because free software like under AGPLv3 licence, it’s lightweight, cost-efficient, and integrates seamlessly with modern observability stacks. Unlike traditional log systems, Loki focuses on indexing metadata (labels) instead of full log content, which makes it especially attractive for Linux environments where logs can grow quickly.

Grafana Loki can be used to create fully featured logging stack. It has a small index and highly compressed chunks which simplifies the operation and significantly lowers the Storage expense of it.
Unlike other logging systems, Loki is built around the idea of only indexing metadata about your logs labels (just like Prometheus labels).
Log data itself is then compressed and stored in chunks in object stores such as Amazon Simple Storage Service (S3) or Google Cloud Storage (GCS), or even locally on the filesystem.

In this article will give you some real-world, practical usage of Loki on Linux, from its setup from zero to day-to-day use workflows.

Reasons why to use Loki on Linux ?

Linux systems generate logs mainly in /var/log but often used extra installed Apps tend to log in different locations for easier log distinguishment, e.g.
logs location might lack a good structure (be everywhere) :

Some common example locations, where logs are stored

  • /var/log/syslog
  • /var/log/auth.log
  • Application logs (/opt/app/logs/*.log)
  • Container logs, are kept within respective container ( Docker /  PodMan Kubernetes )

Sonner or later if you have to manage a large infrastructure of servers you end up, it is pretty easy to end up in a log mess.

This is exaclty where Loki helps you solve:

  • Centralize logs from multiple machines (within Grafana)
  • Search logs efficiently using log craeted labels
  • Correlate logs with metrics in Grafana

Loki Architecture Overview


loki-use-stack-chain-diagram-from-cloud-to-grafana

A typical Loki setup on Linux has 3 components:

  1. Loki server -> stores and queries logs
  2. Promtail -> collects logs from the around the system
  3. Grafana -> Use it to visualizes and queries logs

Promtail acts like a lightweight agent that tails log files and sends them to Loki.

I. Installing Loki on Linux

1. Download Loki

$ cd /usr/local/src
$ wget https://github.com/grafana/loki/releases/latest/download/loki-linux-amd64
$ chmod +x loki-linux-amd64
# mv loki-linux-amd64 /usr/local/bin/loki

2. Create a simple config like

auth_enabled: false

server:
  http_listen_port: 3100

ingester:
  lifecycler:
    address: 127.0.0.1
  chunk_idle_period: 5m

schema_config:
  configs:
    – from: 2020-10-24
      store: boltdb-shipper
      object_store: filesystem
      schema: v11
      index:
        prefix: index_
        period: 24h

storage_config:
  filesystem:
    directory: /var/lib/loki/chunks

3. Run Loki

# loki -config.file=loki.yaml


Hopefully if all is okay with loki.yaml config the service will start.

a. Installing Promtail (Log Collection)

Example  config (to modify to your preferences):

scrape_configs:
  – job_name: linux-logs
    static_configs:
      – targets:
          – localhost
        labels:
          job: syslog
          host: my-linux-server
          __path__: /var/log/*.log

This collects all logs in /var/log/ and labels them.

b. Run Promtail

# promtail -config.file=promtail.yaml

! Note that loki and promtail it is run as root (to have permissions to files which will be processed). This is not the best practice, so for security reasons,
if you have the necessery storage move out the files to a central log aggregator directory with a script set a unprevileged non-root user for it and run the services with those user.

c. Run loki / promtail as non-root user:

Once tested it runs, it is good idea to run two tools with non-root user, i.e.:
Run promtail as a dedicated user (e.g., promtail).

Add that user to groups like:

adm (for /var/log)

systemd-journal (for journal logs)
Adjust file permissions if needed

# useradd –system –no-create-home promtail
# usermod -aG adm promtail

$ loki -config.file=loki.yaml
$ promtail -config.file=promtail.yaml

II. Practical Use Cases of Loki on Linux

1. System Troubleshooting

One good use of Loki is to Search for errors in syslog:

{job="syslog"} |= "error"

By this you can Quickly diagnose:

  • Boot issues
  • Service failures
  • Kernel errors

2. SSH Login Monitoring

Track login attempts from /var/log/auth.log for many VM hosts:

{job="syslog"} |= "sshd"

You can detect:

  • Failed login attempts
  • Brute-force attacks
  • Unauthorized access

3. Application Debugging (look for exceptions)

If your app logs to /var/log/app.log and you App running it, to get a view on java thrown exceptions:

{job="app"} |= "exception"

This use case can Help developers to:

  • Trace bugs
  • Monitor runtime issues
  • Correlate logs with deployments

4. Multi-Server Log Aggregation

Once you run Promtail on multiple Linux servers:

labels:
  host: server1

Then you can do query to extract collected data for each one if it:

{job="syslog", host=~"server1|server2"}

This makes multiple machines behave like one unified log source.

5. Log-Based Metrics

You can extract metrics from logs:

count_over_time({job="syslog"} |= "error" [5m])

Use this for:

  • Alerting
  • Error rate tracking
  • Incident detection

III. Using Grafana for Visualization

In Grafana, you can:

  • View logs in real time
  • Build dashboards
  • Create alerts based on log patterns

Example use would be:

Create Grafana Panel showing error rate per host and Alert when errors exceed a threshold.

loki-log-drill-down-sample-in-grafana

Good Practices on Loki use

1. Always Use Meaningful Labels

Example for Good label should contain as many descriptory parameters as possible:

labels:
  app: nginx
  env: prod
  virtualization: vmware
  type: Middleware
  service:: proxy
  Customer: customerA

Bad obscure label:

labels:
  request_id: 123456  


2. Avoid Too many Unique labels

Keep in mind Too many unique labels leads to poor performance !.

3. Rotate Logs Properly and optimize with Secure Loki Endpoint

Loki won't manage your internal logs, as it can well complement ( but not replaces ), on Server / VM traditional tools like journalctl / grep / logrotate. but just give you a better overview of what is inside of service spit logs based on easy to give criterias from Grafana.
You will still need usually at best scenario to  setup of a Central Logging Server (to store all Infrastucture logs).
Consider also that sending data from your logs with Loki, like with a zabbix client it is always a idea to have reverse proxy like NGINX or Haproxy to reduce Network bandwith and for better management centralization of the infra.

4. Secure Loki Endpoint

  • Use reverse proxy (NGINX)
  • Enable authentication in production

Closure Summary

On Linux, Grafana Loki can help when:

  • You have multiple servers
  • Logs are growing fast
  • You need centralized  and relatively easy observability

Loki has its downtimes too as processing the logs to really extract data hits a high CPU use. Running it on a multiple machines is useful,
especially if your machines has high unutilized CPU IDLE time and you want to make the log data collection per server based being so to say partially duplicated and indepdendent from centralized logging. .
For high scale infrastructure, however sysadmins prefer to use an ELK OpenSearch Stack or log databases such as:
VictoriaLogs. With having infrastrcture of 100 servers or so perhaps setting up with some Ansible automation Loki makes sense.
Loki is not meant to replace databases or full-text search engines, but great often for simple  log aggregation and analysis and of the simplistic tools available today.

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in Cloud services, Linux, Monitoring, System Administration | No Comments »

How to disable appArmor automatically installed and loaded after Linux Debian 10 to 11 Upgrade. Disable Apparmour on Deb based Linux

Friday, January 28th, 2022

check-apparmor-status-linux-howto-disable-Apparmor_on-debian-ubuntu-mint-and-other-deb-based-linux-distributions

I've upgraded recently all my machines from Debian Buster Linux 10 to Debian 11 Bullseye (if you wonder what Bullseye is) this is one of the heroes of Disneys Toy Stories which are used for a naming of General Debian Distributions.
After the upgrade most of the things worked expected, expect from some stuff like MariaDB (MySQL) and other weirdly behaving services. After some time of investigation being unable to find out what was causing the random issues observed on the machines. I finally got the strange daemon improper functioning and crashing was caused by AppArmor.

AppArmor ("Application Armor") is a Linux kernel security module that allows the system administrator to restrict programs' capabilities with per-program profiles. Profiles can allow capabilities like network access, raw socket access, and the permission to read, write, or execute files on matching paths. AppArmor supplements the traditional Unix discretionary access control (DAC) model by providing mandatory access control (MAC). It has been partially included in the mainline Linux kernel since version 2.6.36 and its development has been supported by Canonical since 2009.

The general idea of apparmor is wonderful as it could really strengthen system security, however it should be setup on install time and not setup on update time. For one more time I got convinced myself that upgrading from version to version to keep up to date with security is a hard task and often the results are too much unexpected and a better way to upgrade from General version to version any modern Linux / Unix distribution (and their forked mobile equivalents Android etc.) is to just make a copy of the most important configuration, setup the services on a freshly new installed machine be it virtual or a physical Server and rebuild the whole system from scratch, test and then run the system in production, substituting the old server general version with the new machine. 

The rest is leading to so much odd issues like this time with AppArmors causing distractions on the servers hosted applications.

But enough rent if you're unlucky and unwise enough to try to Upgrade Debian / Ubuntu 20, 21 / Mint 18, 19 etc. or whatever Deb distro from older general release to a newer One. Perhaps the best first thing to do onwards is stop and remove AppArmor (those who are hardcore enthusiasts could try to enable the failing services due to apparmor), by disabling the respective apparmor hardening profile but i did not have time to waste on stupid stuff and experiment so I preferred to completely stop it. 

To identify the upgrade oddities has to deal with apparmors service enabled security protections you should be able to find respective records inside /var/log/messages as well as in /var/log/audit/audit.log

 

# dmesg

[   64.210463] audit: type=1400 audit(1548120161.662:21): apparmor="DENIED" operation="sendmsg" info="Failed name lookup – disconnected path" error=-13 profile="/usr/sbin/mysqld" name="run/systemd/notify" pid=2527 comm="mysqld" requested_mask="w" denied_mask="w" fsuid=113 ouid=0
[  144.364055] audit: type=1400 audit(1548120241.595:22): apparmor="DENIED" operation="sendmsg" info="Failed name lookup – disconnected path" error=-13 profile="/usr/sbin/mysqld" name="run/systemd/notify" pid=2527 comm="mysqld" requested_mask="w" denied_mask="w" fsuid=113 ouid=0
[  144.465883] audit: type=1400 audit(1548120241.699:23): apparmor="DENIED" operation="sendmsg" info="Failed name lookup – disconnected path" error=-13 profile="/usr/sbin/mysqld" name="run/systemd/notify" pid=2527 comm="mysqld" requested_mask="w" denied_mask="w" fsuid=113 ouid=0
[  144.566363] audit: type=1400 audit(1548120241.799:24): apparmor="DENIED" operation="sendmsg" info="Failed name lookup – disconnected path" error=-13 profile="/usr/sbin/mysqld" name="run/systemd/notify" pid=2527 comm="mysqld" requested_mask="w" denied_mask="w" fsuid=113 ouid=0
[  144.666722] audit: type=1400 audit(1548120241.899:25): apparmor="DENIED" operation="sendmsg" info="Failed name lookup – disconnected path" error=-13 profile="/usr/sbin/mysqld" name="run/systemd/notify" pid=2527 comm="mysqld" requested_mask="w" denied_mask="w" fsuid=113 ouid=0
[  144.767069] audit: type=1400 audit(1548120241.999:26): apparmor="DENIED" operation="sendmsg" info="Failed name lookup – disconnected path" error=-13 profile="/usr/sbin/mysqld" name="run/systemd/notify" pid=2527 comm="mysqld" requested_mask="w" denied_mask="w" fsuid=113 ouid=0
[  144.867432] audit: type=1400 audit(1548120242.099:27): apparmor="DENIED" operation="sendmsg" info="Failed name lookup – disconnected path" error=-13 profile="/usr/sbin/mysqld" name="run/systemd/notify" pid=2527 comm="mysqld" requested_mask="w" denied_mask="w" fsuid=113 ouid=0


1. How to check if AppArmor is running on the system

If you have a system with enabled apparmor you should get some output like:

root@haproxy2:~# apparmor_status 
apparmor module is loaded.
5 profiles are loaded.
5 profiles are in enforce mode.
   /usr/sbin/ntpd
   lsb_release
   nvidia_modprobe
   nvidia_modprobe//kmod
   tcpdump
0 profiles are in complain mode.
1 processes have profiles defined.
1 processes are in enforce mode.
   /usr/sbin/ntpd (387) 
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.


Also if you check the service you will find out that Debian's Major Release upgrade from 10 Buster to 11 BullsEye with.

apt update -y && apt upgrade -y && apt dist-update -y

automatically installed apparmor and started the service, e.g.:

# systemctl status apparmor
● apparmor.service – Load AppArmor profiles
     Loaded: loaded (/lib/systemd/system/apparmor.service; enabled; vendor pres>
     Active: active (exited) since Sat 2022-01-22 23:04:58 EET; 5 days ago
       Docs: man:apparmor(7)
             https://gitlab.com/apparmor/apparmor/wikis/home/
    Process: 205 ExecStart=/lib/apparmor/apparmor.systemd reload (code=exited, >
   Main PID: 205 (code=exited, status=0/SUCCESS)
        CPU: 43ms

яну 22 23:04:58 haproxy2 apparmor.systemd[205]: Restarting AppArmor
яну 22 23:04:58 haproxy2 apparmor.systemd[205]: Reloading AppArmor profiles
яну 22 23:04:58 haproxy2 systemd[1]: Starting Load AppArmor profiles…
яну 22 23:04:58 haproxy2 systemd[1]: Finished Load AppArmor profiles.

 

# dpkg -l |grep -i apparmor
ii  apparmor                          2.13.6-10                      amd64        user-space parser utility for AppArmor
ii  libapparmor1:amd64                2.13.6-10                      amd64        changehat AppArmor library
ii  libapparmor-perl:amd64               2.13.6-10


In case AppArmor is disabled, you will get something like:

root@pcfrxenweb:~# aa-status 
apparmor module is loaded.
0 profiles are loaded.
0 profiles are in enforce mode.
0 profiles are in complain mode.
0 processes have profiles defined.
0 processes are in enforce mode.
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.


2. How to disable AppArmor for particular running services processes

In my case after the upgrade of a system running a MySQL Server suddenly out of nothing after reboot the Database couldn't load up properly and if I try to restart it with the usual

root@pcfrxen: /# systemctl restart mariadb

I started getting errors like:

DBI connect failed : Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)

To get an idea of what kind of profile definitions, could be enabled disabled on apparmor enabled system do:
 

root@pcfrxen:/var/log# ls -1 /etc/apparmor.d/
abstractions/
force-complain/
local/
lxc/
lxc-containers
samba/
system_tor
tunables/
usr.bin.freshclam
usr.bin.lxc-start
usr.bin.man
usr.bin.tcpdump
usr.lib.telepathy
usr.sbin.clamd
usr.sbin.cups-browsed
usr.sbin.cupsd
usr.sbin.ejabberdctl
usr.sbin.mariadbd
usr.sbin.mysqld
usr.sbin.named
usr.sbin.ntpd
usr.sbin.privoxy
usr.sbin.squid

Lets say you want to disable any protection AppArmor profile for MySQL you can do it with:

root@pcfrxen:/ #  ln -s /etc/apparmor.d/usr.sbin.mysqld /etc/apparmor.d/disable/
root@pcfrxen:/ # apparmor_parser -R /etc/apparmor.d/usr.sbin.mysqld 


To make the system know you have disabled a profile you should restart apparmor service:
 

root@pcfrxen:/ # systemctl restart apparmor.service


3. Disable completely AppArmor to save your time weird system behavior and hang bangs

In my opinion the best thing to do anyways, especially if you don't run Containerized applications, that runs only one single application / service at at time is to completely disable apparmor, otherwise you would have to manually check each of the running applications before the upgrade and make sure that apparmor did not bring havoc to some of it.
Hence my way was to simple get rid of apparmor by disable and remove the related package completely out of the system to do so:

root@pcfrxen:/ # systemctl stop apparmor
root@pcfrxen:/ # systemctl disable apparmor
root@pcfrxen:/ # apt-get remove -y apparmor

Once  disabled to make the system completely load out anything loaded related to apparmor loaded into system memory, you should do machine reboot.

root@pcfrxen:/ # shutdown -r now

Hopefully if you run into same issue after removal of apparmor most of the things should be working fine after the upgrade. Anyways I had to go through each and every app everywhere and make sure it is working as expected. The major release upgrade has also automatically enabled me some of the already disable services, thus if you have upgraded like me I would advice you do a close check on every enabled / running service everywhere:

root@pcfrxen:/# systemctl list-unit-files|grep -i enabled

Beware of AppArmor  !!! 🙂

Tags: , , , , , , , , ,
Posted in Linux, Security, System Administration | No Comments »

Upgrade Debian Linux 9 to 10 Stretch to Buster and Disable graphical service load boot on Debian 10 Linux / Debian Buster is out

Tuesday, July 9th, 2019

howto-upgrade-debian-linux-debian-stretch-to-buster-debian-10-buster

I've just took a time to upgrade my Debian 9 Stretch Linux to Debian Buster on my old school Laptop (that turned 11 years old) Lenovo Thinkpad R61 . The upgrade went more or less without severe issues except few things.

The overall procedure followed is described n a few websites out there already and comes up to;

 

0. Set the proper repository location in /etc/apt/sources.list


Before update the sources.list used are:
 

deb [arch=amd64,i386] http://ftp.bg.debian.org/debian/ buster main contrib non-free
deb-src [arch=amd64,i386] http://ftp.bg.debian.org/debian/ buster main contrib non-free

 

deb [arch=amd64,i386] http://security.debian.org/ buster/updates main contrib non-free
deb-src [arch=amd64,i386] http://security.debian.org/ buster/updates main contrib non-free

deb [arch=amd64,i386] http://ftp.bg.debian.org/debian/ buster-updates main contrib non-free
deb-src [arch=amd64,i386] http://ftp.bg.debian.org/debian/ buster-updates main contrib non-free

deb http://ftp.debian.org/debian buster-backports main


For people that had stretch defined in /etc/apt/sources.list you should change them to buster or stable, easiest and quickest way to omit editting with vim / nano etc. is run as root or via sudo:
 

sed -i 's/stretch/buster/g' /etc/apt/sources.list
sed -i 's/stretch/buster/g' /etc/apt/sources.list.d/*.list

The minimum of config in sources.list after the modification should be
 

deb http://deb.debian.org/debian buster main
deb http://deb.debian.org/debian buster-updates main
deb http://security.debian.org/debian-security buster/updates main

Or if you want to always be with latest stable packages (which is my practice for notebooks):

deb http://deb.debian.org/debian stable main
deb http://deb.debian.org/debian stable-updates main
deb http://security.debian.org/debian-security stable/updates main

 

1. Getting list of hold packages if such exist and unholding them, e.g.

 

apt-mark showhold


Same could also be done via dpkg

dpkg –get-selections | grep hold


To unhold a package if such is found:

echo "package_name install"|sudo dpkg –set-selections

For those who don't know what hold package is this is usually package you want to keep at certain version all the time even though after running apt-get upgrade to get the latest package versions.
 

2. Use df -h and assure you have at least 5 – 10 GB free space on root directory / before proceed

df -h /

3. Update packages list to set new set repos as default

apt update

 

4. apt upgrade
 

apt upgrade

Here some 10 – 15 times you have to confirm what you want to do with configuration that has changed if you're unsure about the config (and it is not critical service) you're aware as such as Apache / MySQL / SMTP etc. it is best to install the latest maintainer version.

Hopefully here you will not get fatal errors that will interrupt it.

P.S. It is best to run apt-update either in VTTY (Virtual console session) with screen or tmux or via a physical tty (if this is not a remote server) as during the updates your GUI access to the gnome-terminal or konsole / xterm whatever console used might get cut. Thus it is best to do it with command:
 

screen apt upgrade

 

5. Run dist-upgrade to finalize the upgrade from Stertch to Buster

 

Once all is completed of the new installed packages, you will need to finally do, once again it is best to run via screen, if you don't have installed screen install it:

 

if [ $(which screen) ]; then echo 'Installed'; else apt-get install –yes screen ; fi

screen apt dist-upgrade


Here once again you should set whether old configuration to some e services has to stay or the new Debian maintainer package shipped one will overwrite the old and locally modified (due to some reason), here do wisely whatever you will otherwise some configured services might not boot as expected on next boot.

 

6. What if you get packages failed on update


If you get a certain package failed to configure after installed due to some reason, if it is a systemd service use:

 

journalctl -xe |head -n 50


or fully observer output of journalctl -xe and decide on yourself.

In most cases

dpkg-reconfigure failed-package-name


should do the trick or at least give you more hints on how to solve it.

 

Also if a package seems to be in inconsistent or broken state after upgrade  and simple dpkg-reconfigure doesn't help, a good command
that can help you is

 

dpkg-reconfigure -f package_name

 

or you can try to workaround a failed package setup with:
 

dpkg –configure -a

 
If dpkg-reconfigure doesn't help either as I experienced in prior of Debian from Debian 6 -> 7 an Debian 7 ->8 updates on some Computers, then a very useful thing to try is:
 

apt-get update –fix-missing 

apt-get install -f


At certain cases the only work around to be able to complete the package upgrade is to to remove the package with apt remove but due to config errors even that is not possible to work around this as final resort run:
 

dpkg –remove –force-remove-reinstreq

 

7. Clean up ununeeded packages

 

Some packages are left over due to package dependencies from Stretch and not needed in buster anymore to remove them.
 

apt autoremove

 

8. Reboot system once all upgrade is over

 

/sbin/reboot

 

9. Verify your just upgraded Debian is in a good state

 

root@noah:~# uname -a;
Linux noah 4.19.0-5-rt-amd64 #1 SMP PREEMPT RT Debian 4.19.37-5 (2019-06-19) x86_64 GNU/Linux

 

root@noah:~# cat /etc/issue.net
Debian GNU/Linux 10
 

 

root@noah:~# lsb_release -a
No LSB modules are available.
Distributor ID:    Debian
Description:    Debian GNU/Linux 10 (buster)
Release:    10
Codename:    buster

 

root@noah:~# hostnamectl
   Static hostname: noah
         Icon name: computer-laptop
           Chassis: laptop
        Machine ID: 4759d9c2f20265938692146351a07929
           Boot ID: 256eb64ffa5e413b8f959f7ef43d919f
  Operating System: Debian GNU/Linux 10 (buster)
            Kernel: Linux 4.19.0-5-rt-amd64
      Architecture: x86-64

 

10. Remove annoying picture short animation with debian logo looping

 

plymouth-debian-graphical-boot-services

By default Debian 10 boots up with annoying screen hiding all the status of loaded services state .e.g. you cannot see the services that shows in [ FAILED ] state and  which do show as [ OK ] to revert back the old behavior I'm used to for historical reasons and as it shows a lot of good Boot time debugging info, in previous Debian distributions this was possible  by setting the right configuration options in /etc/default/grub

which so far in my config was like so

GRUB_CMDLINE_LINUX_DEFAULT="quiet splash scsi_mod.use_blk_mq=y dm_mod.use_blk_mq=y zswap.enabled=1 text"


Note that zswap.enabled=1 passed option is because my notebook is pretty old machine from 2008 with 4GB of memory and zswap does accelerate performance when working with swap – especially helpful on Older PCs for more you can read more about zswap on ArchLinux wiki
After modifying this configuration to load the new config into grub the cmd is:
 

/usr/sbin/update-grub

 
As this was not working and tried number of reboots finally I found that annoying animated gif like picture shown up is caused by plymouth below is excerpts from Plymouth's manual page:


       "The plymouth sends commands to a running plymouthd. This is used during the boot process to control the display of the graphical boot splash."

Plymouth has a set of themes one can set:

 

# plymouth-set-default-theme -l
futureprototype
details
futureprototype
joy
lines
moonlight
softwaves
spacefun
text
tribar

 

I tried to change that theme to make the boot process as text boot as I'm used to historically with cmd:
 

update-alternatives –config text.plymouth

 
As after reboot I hoped the PC will start booting in text but this does not happened so the final fix to turn back to textmode service boot was to completely remove plymouth
 

apt-get remove –yes plymouth

Tags: , , , , , , , , , , , , , , , , , , , ,
Posted in Linux, Linux and FreeBSD Desktop, Linux on Laptops, Linux Package Management, Various | No Comments »

Orthodox Christian Church songs performance of Psalms 1, 2, 3

Wednesday, October 31st, 2012

I have idea to collect if possible all performance of Psalms in the Orthodox Church. I'm not sure if I would be able to find all of them in the internet. So far I could find the first 3 performed by Church choires and monasteries. Hopefully if God bless so I will be able to make a list of all Psalms as Sung by our brothers and sisters in Christ.


 

† Bigorski monastery † – Blessed is the man (Psalm 1) 2007


 

Romanian Orthodox Chant – Psalm 1,2,3 at Putna Monastery


 

PSALM 3 – ORTHODOX CHRISTIAN SONG (Sung by an Orthodox Christian


 

Fr. Yousef Asaad – Psalm 3 (Coptic Orthodox Church chant)

 

Enjoy the first 3 ones! 🙂

Tags: , , , , , , , , , ,
Posted in Christianity | No Comments »

Howto install GeoTrust RapidSSL certificate on Debian Lenny / Squeeze / Wheezy Linux

Thursday, March 25th, 2010

I faced the task of generating official Validated SSL Certificates by in mydaily duties as a System Administrator at cadiaholding.com . Though generating self-signedSSL certificate is comparatively easy task. It was a pain in the ass setting Apache version 2.2.9-10+lenny6to correctly serve pages through https:// protocol over openssl version 0.9.8g-15+lenny6.I’ll try to go through the whole process of Generating the certificate in order to help some other Debianusers out there to face less setbacks in such a simple task as installing a Trusted SSL Certificate issued(bought) by RapidSSL. Even though this article will mostly deal with SSL certificate issued by RapidSSL,it should be not a problem to apply this methodogy with Verisign or some of the other Geotrust issuedSecure Socket Layer certificates.

In generating the Validated certficate I used enom which is a domain name,ssl certificates, email and hosting company whole-saler.
Fron emon’s website after logging in and using the web interface, there are two major things required to fill inin order to issue your Trusted SSL certificate.

1. Fill in in a form a CSR file, this is usually generated on the Linux server using the openssl.
To issue the CSR file required by Enom use the following commands:

a. First we generate an DES3 RSA encrypted key which we will use next to generate the opeensl CSR file required by ENOM.
debian:~# /usr/bin/openssl genrsa -des3 -out www.domain.com.key 2048
Enter pass phrase for www.domain.com.key:

You’ll be required to fill in a pass-phrase that will be later be required to fill in before Apache servers starts or restarts,so make sure you fill something you either remember or you keep the password stored in a file.
You have to change also the www.domain.com.key in accordance with your domain name.
Now as we already have a proper generated DES3 RSA key afterwards it’s necessery to generate the CSR file with the openssl command line frontend.
So here is how:

debian:~# /usr/bin/openssl req -new -key /home/hipo/www.domain.com.key -out /home/hipo/www.domain.com.csr

Again in the above example change all the paths and file names as you wish.
It’s necessery that the end user fill in a number of questions related to the Certificate Signing Request.
Herein I’ll list what kind of prompts will emerge after executing the above command:

Enter pass phrase for /home/hipo/www.domain.com.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Note that you’ll hav eto fill in the pass phrase previously entered during the generation of the www.domain.com.key file.
In case if you’d like to read more thoroughly on the subject of howto create a Certificate Signing Request or (CSR) as we called it on multiple times, you can read About Certificate Signing Request (CSR) Generation Instructions – Apache SSL more in depth here

2. Hopefully following the above instructions you’ll now have a file named www.domain.csrJust open the www.domain.scr and copy paste it’s content to the ENOM website CSR * webform.

3. Further on select your Webserver type on Enom’s website:In our case we have to select Apache + ApacheSSL

4. What follows next is filling in your company contact information This is also required for proper certificate generation, you have to think twice before you fill in this data, take a note this can’t be changed later on without issuing a brand SSL new certificate.

Apart from the 3 major above requirements to fill in Enom there are some few more radio buttons to use to make some selections according to your personal preferences, however I won’t take time to dig in that and I’ll leave this to you.
After all the above is fulfilled you’ll have to submit your certificate details and choose an email address to which you will receive in a minute a RapidSSL Certificate Request Confirmation

Following a link from the email, will show you some basic information about the certificate about to be generated. That’s your final chance to cancel the issued Trusted Certificated.
If you’re absolutely sure the information about to enter the certificate is correct then you’ll have to follow a link and approve the certificate.

You’ll be informed that you’ll receive your certificate either through Certifier website (e.g. Enom’s website) or via another email.
I thought it’s more probable I receive it via email but anyways I was wrong. More thank 4 hours has passed since the certificate was issued and is available via Enom’s interface but I haven’t received nothing on my mail.
Therefore my friendly advice is to check about your brand new shiny Trusted Certificate on Emom’s website. I had mine ready in about 10 minutes after the CSR was issued.

Assuming that you’ve succesfully obtained the SSL Trusted certificate from RapidSSL what follows is setting up the certificate.
Initially I tried using documentation from RapidSSL website called Installing your SSL Certificate / Web Server Certificate / Secure Server Certificate from RapidSSL.com
I tried to configure one of my Virtualhost as shown in their example inserting in my /etc/apache/sites-available/www.domain.com file, few directives within the VirtualHost something like the shown below

SSLEngine on
# domain.com.crt cointains the Trusted SSL certificate generated and obtained by you from RapidSSL
SSLCertificateFile /etc/apache2/ssl/www.domain.com.crt
# www.domain.com.key contains the file used to generate the CSR file as described earlier in this post
SSLCertificateKeyFile /etc/apache2/ssl/www.domain.com.key

It is also possible insetad of using the SSLCertificateFile and SSLCertificateKeyFile directvies directives in Apache config to use:

 

Another alternative is to use

SSLCertificateFile /etc/ssl/certs/your-domain-name.crt
SSLCertificateKeyFile /etc/ssl/certs/your-domain-name.key
SSLCACertificateFile /etc/ssl/certs/gd_bundle.crt

The key file is the one generated earlier on the server and handed to the SSL regisrar, the files:

your-domain-name.crt and gd_bundle.crt files are provided by RapidSSL or from whatever SSL registrater the SSL was purchased.

After trying the above configuration and restarting apache with:

/etc/init.d/apache2 restart

Apache failed to start, it might be helpful to somebody out there the error I had in my apache error.log:
The error.log red the following:

[warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)

After some 30 minutes or an hour of Googling on the error I came to the conclusion that the error is caused, becauseApache is supposed to work with .PEM files instead of the classical .CRT and .KEY files asnormally approached in most of the other Unix operating systems.

It took me a bit more of reading on the internet to find out that actually the .pem files so widely adopted in Debian simply contain both the www.domain.com.key file and the www.domain.com.crt key simply pasted one after another, this I also observed from the default Apache self-signed certificate that I believe comes with debian /etc/apache2/ssl/apache.pem .
So I copied both the content of my www.domain.com.key and www.domain.com.crt and store it in one file:
/etc/apache2/ssl/www.domain.com.pem

Also the following configuration:
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/www.domain.com.pem
had to go in your
/etc/apache2/sites-enabled/www.domain.com

Last thing that’s left is to restart your Apache;

/etc/init.d/apache2 restart

Apache will prompt you for your certificate password entered by you during the www.domain.com.key generation. Type your password and with a bit of luck and hopefully with God’s help you’ll be having a Trusted Certificate on your webserver.

Last step is to check if the certificate is okay accessing your domain https://www.domain.com.

Well this is the end of the article, hope you enjoy.If you do please leave your comments, any corrections are also welcomed 🙂

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in Computer Security, System Administration, Web and CMS | 30 Comments »