Convert .p12 bundle to server certificate and key files

by Featured

0

Seperate Private Key and Certificate file

#Generate certificates bundle file

openssl pkcs12 -nokeys -in server-cert-key-bundle.p12 -out server-ca-cert-bundle.pem

#Generate server key file.

openssl pkcs12 -nocerts -nodes -in server-cert-key-bundle.p12 -out server.key

Convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM

openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes

Create a .pfx/.p12 certificate file using OpenSSL

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt

Src: https://www.sslshopper.com/article-most-common-openssl-commands.html

Share

Mounting OCI bucket on CentOS 7 Linux

by

0

Install s3fs-fuse

In order to use this you have to enable EPEL Repository-

sudo yum install epel-release
sudo yum install s3fs-fuse
[opc@linux8 ~]$ sudo yum install s3fs-fuse
Last metadata expiration check: 0:00:41 ago on Sun 15 May 2022 05:40:13 PM CST.
Dependencies resolved.
=================================================================================================================================
Package Architecture Version Repository Size
=================================================================================================================================
Installing:
s3fs-fuse x86_64 1.91-1.el8 ol8_developer_EPEL 273 k
Installing dependencies:
fuse x86_64 2.9.7-12.0.4.el8 ol8_baseos_latest 84 k
fuse-common x86_64 3.2.1-12.0.4.el8 ol8_baseos_latest 22 k

Transaction Summary
=================================================================================================================================
Install 3 Packages

Total download size: 379 k
Installed size: 856 k
Is this ok [y/N]: y
......
Installed:
fuse-2.9.7-12.0.4.el8.x86_64 fuse-common-3.2.1-12.0.4.el8.x86_64 s3fs-fuse-1.91-1.el8.x86_64

Complete!

Continue reading “Mounting OCI bucket on CentOS 7 Linux” »

Share

Nginx Reverse Proxy with Sub Directory Mapping

by

0

Setup Note:

My web application has a sub-directory, 192.168.1.8:8088/messages, that I want to expose to the outside world as messages.mysite.com. I’ve gotten half way there but I seem to be stuck. My requirements are as follows

  • Redirect the site from HTTP to HTTPS.
  • As I cannot edit the links the web application generates, I need to be able to accept requests from the client such as messages.mysite.com/messages?id=23023.
  • Do not allow reverse proxy access to the root web application, 192.168.1.8:8088 or to any sub-directory other than 192.168.1.8:8088/messages and its children.

Continue reading “Nginx Reverse Proxy with Sub Directory Mapping” »

Share

Rsync upload local files without replacing remote files

by

0

Disclaimer:
This is basically one way sync- use at your own risk and dry run before any production deployment.

Suppose you have a list of files on a remote host, some of which already exist locally. What you want is to transfer only those files that are not found locally. If you blindly run scp with wildcard, it would fetch all remote files (existing as well as non-existing files), and overwrite existing local files. You want to avoid this.

In another similar situation, you may want to upload local files to a remote site, but without replacing any remote files. 

Using rsync:

If the local and remote hosts have rsync installed, using rsync will be the easiest way to copy only new files over, since rsync is designed for incremental/differential backups. Continue reading “Rsync upload local files without replacing remote files” »

Share

OpenVPN installer on CentOS 7

by

1

Server Requirement: Centos 7 x86_64

Installation

$ cd /tmp/ && yum install git -y && git clone https://github.com/puarudz/OpenVPN-AS-Unlimited && cd OpenVPN-AS-Unlimited/ && sed -i -e 's/\r$//' centos7.sh && chmod 755 centos7.sh && ./centos7.sh

Once installed go to-

https://ip:943/admin
login: openvpn
pass: <your_password_during_installation>

After first login, “Agree” to the terms.

Now go to Authentiction > General > Turn on PAM Continue reading “OpenVPN installer on CentOS 7” »

Share

Postfix to allow Mail Relay from a Trusted IP

by

0

Make sure smtpd_recipient_restrictions has permit_mynetworks, something like this:

smtpd_recipient_restrictions = permit_mynetworks,<more>

This is the default, but if you have -o smtpd_recipient_restrictions=something on an smtpd line in master.cf then it will override main.cf setting.

A sample configuration that worked for me is as below-

smtp inet n - n - - smtpd
-o smtpd_sasl_auth_enable=yes
-o smtpd_reject_unlisted_sender=yes
-o smtpd_recipient_restrictions=permit_sasl_authenticated,permit_mynetworks,reject
# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-o broken_sasl_auth_clients=yes
Share

Install phpSysInfo on Debian/Ubuntu

by

0

Log into the Debian/Ubuntu device

Run the following commands in a terminal:# update repositories and install any available software updates

sudo apt update
sudo apt upgrade
# install Apache HTTPD
sudo apt install apache2
# install PHP components
sudo apt install php7.3 php7.3-xml
# download phpSysInfo
wget https://github.com/phpsysinfo/phpsysinfo/archive/v3.3.2.zip
# extract v3.3.2.zip
sudo unzip v3.3.2.zip -d /var/www/html
# rename the extracted folder
sudo mv /var/www/html/phpsysinfo-3.3.2 /var/www/html/phpsysinfo
# make a copy of phpsysinfo.ini
sudo cp /var/www/html/phpsysinfo/phpsysinfo.ini.new /var/www/html/phpsysinfo/phpsysinfo.ini
# set the owner of the new phpsysinfo directory to www-data
sudo chown -R www-data:www-data /var/www/html/phpsysinfo
sudo systemctl restart apache2

Open a web browser and navigate to http://DNSorIP/phpsysinfo

Share

Oracle Linux 8: How To Access the GRUB

by

0

Reboot or start the instance.

After the console screen is blank, there is only one or two seconds to press <escape key>. Press it several times as quickly as possible.

If escape was pressed successfully, the Boot menu will be displayed, if not try again.

Note that it is possible that instead of the Boot menu, a BIOS is displayed:

In that case, navigate to “Continue”, press Enter followed by Escape.

Share

How to unlock openvpn users

by

0

Go to /usr/local/openvpn_as/scripts/ directory with root privileges.

Reset all lockout policy lockouts now:

./sacli --key "vpn.server.lockout_policy.reset_time" --value "1" ConfigPut
./sacli start
sleep 2
./sacli --key "vpn.server.lockout_policy.reset_time" ConfigDel
./sacli start
Share

Install ZFS on Ubuntu

by

0

Installing ZFS Filesystem on Ubuntu

We will be using the command line Terminal application for the installation of the ZFS filesystem. To launch the command line Terminal, use the Ctrl+Alt+T keyboard shortcut. Now to install the ZFS filesystem on Ubuntu, issue the following command in Terminal:

$ sudo apt install zfsutils-linux

When prompted for the password, provide the sudo password.

After running the above command, the system might ask for confirmation that if you want to continue the installation or not. Press y to continue; after that, the package will be installed on your system. To verify ZFS file system installation, issue the following command in Terminal:

$ which zfs

You will see the output similar to the following:

Creating the ZFS storage pool

After the installation is completed, we will now create a storage pool for our drives. Here are the steps to do so:

1. First, find out the names of the drives for the pool. Use the following command in Terminal to do so: Continue reading “Install ZFS on Ubuntu” »

Share