Category Archives: network

Sysadmin: Letsencrypt renewal htaccess redirect bypass

With increasing role of HTTPS websites (Google pushing everybody to run only HTTPS websites considering regular HTTP as insecure) the service provided by Let’s encrypt becomes critically important. But there is a catch – once you get the certificate and redirect your site to HTTPS using .htaccess you will get a problem renewing certificate because 301 redirect breaks the challenge verification and the command

gives an error about authorization problem.
Read more »

Please follow and like us:

Sysadmin: Virtualmin and Letsencrypt integration


If you are using webmin excellent system for managing virtual host configuration it would make perfect sense to integrate with it the popular certificate authority Letsencrypt that issues completely free SSL certificates.
There are few initial steps that has to be made nside Webmin in order to make it utilize Letsencrypt SSL certificate issuing process for configured virtual hosts. I have successufully configured and used Webmin version 1.831 and certbot-auto 0.12. YMMV.
Read more »

Please follow and like us:

Sysadmin: How to configure PXE server on VMware workstation

Vmware Workstation is the perfect candidate for configuring local PXE server for testing and development – it contains independent DHCP server that is an equivalent to ISC DHCP v2. All you need is to have your own VM that will be serving as TFTP server for network boot images, there are plenty of instruction on how to do that on Linux (.
I decided to configure my Vmware workstation for windows (windows 7 in that case) DHCP as PXE server using vmNAT network adapter, since I already have Linux VM in vmNAT network which I can configure for TFTP server.
The config file is %SYSTEMDRIVE%\Users\All Users\vmnetdhcp.conf, in order to enable PXE you will need to add 4 lines.

  1. 2 Lines at the top right after comments
  2. And another 2 lines inside the subnet block that is related to your VmNAT adapter network

    You will need to assign static IP to your Linux TFTP server so that network booted VMs will be able to access it.
  3. Now you can go to Administrative tools->Services and restart Vmware DHCP server – if everything correct then it will restart without complains.
  4. In order to configure your TFTP server use this, or this instruction
Please follow and like us:

Sysadmin: How to install Letsencrypt on CentOS


Since Letsencrypt started their services life became much easier (or less). You can get free valid and secure SSL certificates that are recognized by majority of browsers, but for that you need to do some initial configuration and keep in mind that if you don’t renew all these nice certificates will turn into pumpkin after 2 month.
Here is the one liner command to install certbot-auto in CentOS 6 (requires additional Python 2.7 from EPEL repo)

Almost, the same for the CentOS 7 just without Python.

Here is how quickly request/retrieve certificate for your website on domain.com that is hosted under /home/domain/public_html from command line (presuming that the site is answering on this server already e.g. DNS and web server configured properly)

If the request was successful your new certificates could be accessible from /etc/letsencrypt/live/domain.com, where
privkey.pem – is the certificate key, cert.pem – bare certificate fullchain.pem – certificate along with the whole CA chain.
Don’t forget that these are valid for 2 month only. You’ll need to run

after that to get valid certificates.

Please follow and like us:

Centos: How to fine tune your Apache SSL server


The fine tuning of the SSL server side configuration is slow and tedious but necessary procedure. It’s always good to have your SSL site to conform the most latest security standards. It boosts ego and makes customer happy too. It turns out that all you need for that is already at your disposal the point is to properly configure it.
Read more »

Please follow and like us:

Sysadmin: Brute force detection – custom rule for SMTP and SSH

I wrote before about excellent tool BFD that allows to block brute force password guessing attempts on different network services.
I prefer it to Fail2ban because of portability (bash script) system resource consumption (bash script!) and extendĐ°bility (true “unix way” modularity).
I also wrote before a brief instruction on how to extend BFD with your own rule to fight with apache/Wordpress DOS attack.
In this post I will show you how to write custom rules to block SMTP password guessing brute force attempts and SSSHD

Read more »

Please follow and like us:

OSX: PPTP VPN networking problem solved with custom MTU

osx0
I had an interesting complain the other day – customer experienced connectivity problems trying to access some web sites while on PPTP VPN connection. The VPN server was running on Linux and also under our control so troubleshooting the situation was pretty easy. All MS Windows based clients didn’t have this problem, only OSX based clients.
Read more »

Please follow and like us:

Sysadmin: How to make use of apache web server mod_expires to improve performance

apache_banner
Most of modern Linux distributions contain Apache 2.x web server with the set of standard modules. One of these modules is mod_expires that allows to configure content expiration in local browser cache or caching proxies. Proper configuration for it can significantly improve overall server performance and reduce bandwidth consumption.
Read more »

Please follow and like us:

Centos: how to install cpanel

cpanel “Extremely friendly…widely used …de-facto industry standard” cPanel all this and more. And I dislike it as much as it popular (I’ll talk about it later).
What surprised me that cpanel.net web site does not contain the link to the installation instruction on it’s front page which should be only logical.
Read more »

Please follow and like us:

Centos: How to configure DKIM for sendmail on multiple domains

dkim I wanted to configure DKIM for sendmail on multiple domains for one of the dedicated servers and found out that there are no usable instructions for CentOS and few that are available are inconclusive (I will provide the list of information sources at the end of this post). Here is my tested working setup:
Read more »

Please follow and like us: