Let’s Encrypt service with Pound server

In order to install Certbot on your server, follow the next steps: (make sure you have “git” installed on your system)

$sudo apt-get install git (if not previously installed)
$cd /opt
$sudo git clone https://github.com/certbot/certbot

Running the above commands will download the Certbot latest release from their git repo in the /opt folder. Then we need to stop any service that might be using port 80 on our server, since the installation type we will be performing on this tutorial is the “standalone” type described on the Cerbot documentation, there are other ways to install the certificates, it is up to your preference.
Since this tutorial is about Pound, we are assuming the daemon is already installed so we need to stop it:

$sudo service pound stop

once the service is stopped, run:

$cd /opt/certbot
$sudo ./letsencrypt-auto --text --email YOUR@EMAIL -d YOUR_DOMAIN --agree-tos --standalone certonly

by default, running the command above will generate the necessary key files (*.pem) in the following folder:

/etc/letsencrypt/live/YOUR_DOMAIN/

now, we need to create a private key file that Pound can understand, to do so run the following:

$sudo cat /etc/letsencrypt/live/YOUR_DOMAIN/privkey.pem /etc/letsencrypt/live/YOUR_DOMAIN/fullchain.pem > /etc/ssl/YOUR_DOMAIN.pem

doing so, will concatenate the privkey.pem file and the fullchain.pem file generated by Cerbot into a single file that will be stored into your ssl certificates folder, this is very important! Continue reading “Let’s Encrypt service with Pound server” »

Share

Webmin installation on Centos

Installing the RPM

If you are using the RPM version of Webmin, first download the file from the downloads page, or run the command :

wget http://prdownloads.sourceforge.net/webadmin/webmin-1.870-1.noarch.rpm

then install optional dependencies with :

yum -y install perl perl-Net-SSLeay openssl perl-IO-Tty perl-Encode-Detect

and then run the command :

rpm -U webmin-1.870-1.noarch.rpm

Continue reading “Webmin installation on Centos” »

Share

CentOS 5 Repository fix using vault.centos.org

It’s a bit silly process, googled hours but found not solid way to update my old 32bit centos 5 linux box. So came up with a solution of my own. It might work for you, but no guarantee!

Step-1
Remove all .repo inside /etc/yum.conf.d/ directory

Step-2
Create a new repo file inside /etc/yum.conf.d/ 

nano /etc/yum.conf.d/CentOS-Vault.repo 

Update with the following section: Continue reading “CentOS 5 Repository fix using vault.centos.org” »

Share

Add Google Calendar to Thunderbird Mail Client

There are two plugins that must be installed:

Install both of these plugins, from within Thunderbird (Menu button | Plugins | See all and then search for Lightning and then Provider for Google. Click Add to Thunderbird and then, when prompted, restart the app).

Once these have been installed, and Thunderbird restarted, you’re ready to configure.

Adding a Google Calendar
Open up the Lightning calendar tab (click on the Lightning icon in the top right corner of the Thunderbird window). Right-click a blank spot in the Calendar pane (left side of the window) and click New Calendar. In the resulting window (Figure A), click On the Network and then click Next.

Created with GIMP

Figure A

Creating a new calendar in Lightning.
In the Locate your calendar window (Figure B), select Google Calendar, and click Next. Continue reading “Add Google Calendar to Thunderbird Mail Client” »

Share

Convert .ova and import it on Proxmox KVM virtualization

Let’s start uploading the exported ova file to the proxmox server. Extract the OVA file:

tar -xvf *.ova

This should output a couple of files from the OVA container, it should include an OVF file, which is the VM Defenition file, and a VMDK file, which is the actual hard disk image. Again, this may take a while.

Convert the vmdk to a Proxmox compatible qcow2 file:

qemu-img convert -f vmdk myvirtual-disk1.vmdk  -O qcow2 qcowdisk.qcow2

We now need to get the image into a VM with some hardware so that we can begin to use it. This is where things get tricky – the OVF file is not compatible with Proxmox and needs to be manually understood. The principle here is we are going to use the Proxmox web GUI to create a VM and replace the empty disk image which is created with our recently converted qcow2 image.

You can use vi to open the OVF file and understand some of the basic settings which are required for the VM. Open the OVF file and look for the following XML tags:

  • OperatingSystemSection
  • VirtualHardwareSection
  • Network
  • StorageControllers

Continue reading “Convert .ova and import it on Proxmox KVM virtualization” »

Share

Fix on connecting to NFS server from Proxmox Centos 7 Container

I hope you already know how to allow NFS from proxmox host server. if not, you may read my earlier post:

NFS fix on LXC Host Server

I was actually receiving a error like below:

# mount -t nfsd nfsd /proc/fs/nfsd
mount: nfsd is write-protected, mounting read-only
mount: cannot mount nfsd read-only

My proxmox edition was 5.0-30 and my CentOS was 7.

However, this is a bit different rather looking the other one as mentioned above. I was experiencing connecting my Centos 7 LXC container to a NFS server in the network. The regular tweak didn’t work. So, had to spend a while googling the solution. Found the correct one on a forum thread. But eventually it worked. For this you need to edit the file

nano /etc/pve/lxc/<your container ID>.conf

Add the below line in the conf file:

lxc.aa_profile: unconfined

Reboot the container. And now try to connect the NFS server. It should work.

 

Share

BIND ACL to restrict zone trasfer with IP address

You need to define ACL in /etc/named.conf or /etc/bind/named.conf.local file. Let us say IP 1.2.3.4 and 1.2.3.5 are allowed to transfer your zones.

# vi named.conf or vi /etc/bind/named.conf.local

Here is sample entry for domain domain.org.bd (ns1 configuration):

acl trusted-servers {
1.2.3.4; //ns1
1.2.3.5; //ns2
};

zone "domain.org.bd" {
 type master;
 file "/var/lib/bind/domain.org.bd.hosts";
 also-notify {
1.2.3.5; 
 };
 notify yes;
 allow-transfer { trusted-servers; };
 };

Continue reading “BIND ACL to restrict zone trasfer with IP address” »

Share

LEMP on Centos 6

In this guide, we’ll walk you through installing all of these components (except for Linux, which is already installed as your OS when you create the server).

Install the Extra Packages for Enterprise Linux Repository (or EPEL for short):sudo yum install epel-release
Run a yum update to sync your packages with the new EPEL repository:

sudo yum update

Install MySQL:

sudo yum install mysql-server

Activate MySQL:

sudo service mysqld start

Configure your MySQL installation:

sudo /usr/bin/mysql_secure_installation

Make it so that MySQL will start automatically on server reboot: Continue reading “LEMP on Centos 6” »

Share

Enable VNC viewer for Proxmox 2.x/3.x with tightvnc

Configure Proxmox host for TLS connections: This configures the host to accept VNC connections.

aptitude install openbsd-inetd

Run this to get your KVM id’s :

qm list
root@homenet-home10 /etc # qm list
VMID NAME STATUS MEM(MB) BOOTDISK(GB) PID 
101 freenas stopped 1024 32.00 0 
102 debpbx running 512 0.00 573304 
105 winxp stopped 512 15.01 0 
7012 ltsp-ldap-openfire-KVM running 512 9.00 495870 
7016 fbc16-kvm running 512 8.00 462697 
7159 win7 stopped 2048 0.00 0 
27014 ltsp-term-KVM stopped 512 0.00 0

edit /etc/inetd.conf , put a port for each kvm you want to access using kvm

#port kvm
59055 stream tcp nowait root /usr/sbin/qm qm vncproxy 105
59058 stream tcp nowait root /usr/sbin/qm qm vncproxy 7159

restart openbsd-inetd Continue reading “Enable VNC viewer for Proxmox 2.x/3.x with tightvnc” »

Share