Category Archives: Ubuntu

Tomcat7 on Ubuntu 14.04 with Oracle Java running on port 80

Start with installing Oracle Java

sudo add-apt-repository ppa:webupd8team/java
sudo apt-get update
sudo apt-get install oracle-java8-installer

Now install tomcat7

sudo apt-get install tomcat7

To run on ports below 1024, authbind needs to be enabled

sudo nano /etc/default/tomcat7

change #AUTHBIND=no to AUTHBIND=yes

sudo touch /etc/authbind/byport/80
sudo chmod 500 /etc/authbind/byport/80
sudo chown tomcat7 /etc/authbind/byport/80

set JAVA_HOME

sudo nano /etc/default/tomcat7

Add JAVA_HOME=/usr/lib/jvm/java-8-oracle

You should now be able to start tomcat7

Install tt-rss with nginx and Percona on Ubuntu 12.04

Starting with a base install of Ubuntu 12.04 with openssh installed

Install the Percona repo

import the Percona gpg key

sudo gpg --keyserver hkp://keys.gnupg.net --recv-keys 1C4CBDCDCD2EFD2A
sudo gpg -a --export CD2EFD2A | sudo apt-key add -

now edit /etc/apt/sources.list and add these lines

# for percona
deb http://repo.percona.com/apt precise main
deb-src http://repo.percona.com/apt precise main

now install percona

sudo apt-get update
sudo apt-get install percona-server-common-5.5 percona-server-server-5.5 libmysqlclient18 libmysqlclient16

Now install the rest of the pre-reqs

sudo apt-get install nginx php5-mysql php5-xmlrpc php5-curl php5-cli php5-fpm php5-gd php5-mcrypt php-apc git

Stop nginx

sudo service nginx stop

Create the directory for tt-rss

sudo mkdir -p /var/www/tt-rss

Create a suitable config for nginx in sites-available and link it to sites-enabled

server {
        listen [::]:80;
        server_name tt-rss;
        server_name ttrss.domain.com;
        access_log  /var/log/nginx/tt-rss.access.log;
        error_log /var/log/nginx/tt-rss.error.log;
        root   /var/www/tt-rss;
 index index.php;
 client_max_body_size 20M;
 # while setting up I set an allow for the local network and deny all others, this prevents automatic logon to setup pages etc before default passwords have been set
        location / {
               # allow the local net
               allow   192.168.100.0/24;
               # deny everything else
               deny all;
                 }
 # Lock out access to some folders that contains files that should not be world readable (not fully tested)
 location ~* (include/|lock/|utils/|locale/|classes/*) {deny all; }
 location = / { } # Needed for index.* to work
 # location ~* \.(txt|css|js|png|gif|ico|jpg|svg)$ { } # Allow these file endings
        location ~ \.php$ {
                # Filter out arbitrary code execution
 fastcgi_index index.php;
                # location ~ \..*/.*\.php$ {return 404;}
                include fastcgi_params;
                fastcgi_pass  127.0.0.1:9000;
 fastcgi_param SCRIPT_FILENAME /var/www/rss/$fastcgi_script_name;
                }
 location ~* .(?:ico|css|js|gif|inc|txt|gz|xml|png|jpe?g) {
 expires max;
 access_log        off;
 log_not_found     off;
 }
}

Now grab the source and change the owndership

sudo git clone https://github.com/gothfox/Tiny-Tiny-RSS.git /var/www/tt-rss
sudo chown -R www-data:www-data /var/www/tt-rss

Create the database and the user

mysql -u root -p 
CREATE DATABASE tt-rss;
GRANT ALL ON tt-rss.* TO ttrss-user IDENTIFIED BY "Password";
quit

Import the schema

mysql -u root -p tt-rss < /var/www/tt-rss/schema/ttrss_schema_mysql.sql

Now start nginx and browse to the URL to complete the configuration

Once the configuration has been completed, create an executable upstart .conf script in /etc/init to update the feeds

description "tt-rss upstart script"
start on (runlevel [!2345] local-filesystems and net-device-up IFACE!=lo and started mysql)
stop on stopping mysql
respawn
respawn limit 2 1
setuid www-data
setgid www-data
 
exec /var/www/tt-rss/update_daemon2.php

Installing ownCloud 5 on Ubuntu 12.04 with nginx and percona

Starting with a base install of Ubuntu 12.04 server, install the pre-reqs, these include the reqs for LDAP auth and external storage on a SMB server

sudo apt-get install nginx php5-fpm php5 php5-json php5-gd curl php5-curl\
 libcurl3-gnutls libapr1 libaprutil1 libcurl3 libaprutil1-ldap libcap2\
 libltdl-dev libltdl7 libtool m4 php-pear php-xml-parser php5-cli\
 php5-dev shtool ssl-cert php5-ldap smbclient

stop the nginx and php5-fpm services

sudo service nginx stop
sudo service php5-fpm stop

create a directory for owncloud to exist in

sudo mkdir -p /var/www

get the latest source for owncloud from http://owncloud.org/support/install/

wget http://download.owncloud.org/community/owncloud-5.0.0.tar.bz2

untar the source

tar -xvf owncloud

move the source into place

sudo mv owncloud /var/www/

create a data directory for the data

sudo mkdir -p /var/www/owncloud-data

remove the default nginx config from site-enabled

sudo unlink /etc/nginx/sites-enabled/default

create a new file for sites available, something like this

sudo nano /etc/nginx/sites-available/owncloud

link the file to sites-enabled

sudo ln -s /etc/nginx/sites-available/owncloud /etc/nginx/sites-enabled/owncloud

edit php-fpm to use a unix socket instead of a TCP socket

sudo nano /etc/php5/fpm/pool.d/www.conf

comment out

listen = 127.0.0.1:9000

and add

listen = /var/run/php5-fpm.sock

Uncomment the permissions

listen.owner = www-data
listen.group = www-data
listen.mode = 0660

For the SSL certificate, this might be of use

I usually use Percona instead of the Ubuntu build of MySQL

import the Percona gpg key

sudo gpg --keyserver hkp://keys.gnupg.net --recv-keys 1C4CBDCDCD2EFD2A
sudo gpg -a --export CD2EFD2A | sudo apt-key add -

now edit sources.list

sudo nano /etc/apt/sources.list

add these lines

# for percona
deb http://repo.percona.com/apt precise main
deb-src http://repo.percona.com/apt precise main

now install percona

sudo apt-get update
sudo apt-get install percona-server-common-5.5 percona-server-server-5.5 libmysqlclient18 libmysqlclient16

with the database server installed, now create the database

mysql -uroot -p
CREATE USER 'owncloud'@'localhost' IDENTIFIED BY 'password';
CREATE DATABASE IF NOT EXISTS owncloud;
GRANT ALL PRIVILEGES ON owncloud.* TO 'owncloud'@'localhost' IDENTIFIED BY 'password';

add the components for mysql

sudo apt-get install php5-mysql libaprutil1-dbd-mysql

create the config file to use the mysql server

sudo nano /var/www/owncloud/config/autoconfig.php

add the following lines

<?php
$AUTOCONFIG = array(
  "dbtype"        => "mysql",
  "dbname"        => "owncloud",
  "dbuser"        => "owncloud",
  "dbpass"        => "password",
  "dbhost"        => "localhost",
  "dbtableprefix" => "",
  "adminlogin"    => "Administrator",
  "adminpass"     => "Admin-password",
  "directory"     => "/var/www/owncloud-data",
);

reset the directory permissions

sudo chown -R www-data:www-data /var/www/owncloud
sudo chown -R www-data:www-data /var/www/owncloud-data
sudo chmod 777 /var/www/owncloud-data/

You should now be able to start the services

sudo service php5-fpm start
sudo service nginx start

and login to the application using the username and password from autoconfig.php

Install a private root CA certificate for OpenSSL in Ubuntu 12.04

To install the root certificate into the openssl “certificate store” store it needs to be in pem (as opposed to DER) format

Copy the .pem format certificate into /etc/ssl/certs

in the directory /etc/ssl/certs run the below, where myca.pem is the root CA certificate in pem format.

ln -s myca.pem `openssl x509 -hash -noout -in myca.pem`.0

not that it is a ` not a ‘

any applications that use the openssl “certificate store” should now accept the root cert

Convert pfx to pem

Rather than use the certificate creation tools on Linux for web servers, I find it quicker and less error prone to create the certificate on Windows and then convert to pem format on the Linux server, this is particularly useful for internal certificates…

So, create the certificate on Windows and export it as a pfx file noting the password that you used

copy the pfx file onto the Linux box

create the pem

openssl pkcs12 -in certificate.pfx -clcerts -nokeys -out certificate.pem

create the key file

openssl pkcs12 -in certificate.pfx -nocerts -nodes -out certificatekeypass.key

to enable the key file to be used without entering a password (useful for a webserver…), remove the password

openssl rsa -in certificatekeypass.key -out certificatekey.key

you can now use the certificate.pem and certificatekey.pem in the web server configuration

To use crt files instead of pem files

export the certificate

openssl pkcs12 -in certificate.pfx -clcerts -nokeys -out certificate.crt

create the key file

openssl pkcs12 -in certificate.pfx -nocerts -nodes -out certificatekeypass.key

to enable the key file to be used without entering a password (useful for a webserver…), remove the password

openssl rsa -in certificatekeypass.key -out certificatekey.key

Building HAProxy from GIT on Ubuntu 12.04

Starting with a base install of Ubuntu 12 with openssh installed

As HAProxy will be built from source, there are some pre-reqs

sudo apt-get install build-essential libssl-dev libpopt-dev git libpcre3-dev

now get the haproxy source and build it

git clone http://git.1wt.eu/git/haproxy.git/ haproxy
cd haproxy
make TARGET=linux2628 CPU=native USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1
sudo make install

link it from /usr/local/sbin to /usr/sbin

sudo ln -s /usr/local/sbin/haproxy /usr/sbin/haproxy

Create the directory to use

sudo mkdir /usr/share/haproxy

now configure HAProxy to start automatically, create the init file as per attached file init.d.haproxy.txt

sudo nano /etc/init.d/haproxy

make it executable

sudo chmod +x /etc/init.d/haproxy

now set the runlevels

sudo update-rc.d haproxy defaults

Now create the file that enables it

sudo nano /etc/default/haproxy
# Set ENABLED to 1 if you want the init script to start haproxy.
ENABLED=1
# Add extra flags here.
#EXTRAOPTS="-de -m 16"

add a haproxy user

sudo adduser --system haproxy

copy the rest of the files into place

sudo mkdir /etc/haproxy
sudo mkdir /etc/haproxy/errors
sudo cp ~/haproxy/examples/errorfiles/* /etc/haproxy/errors

The build can be updated with

cd ~/haproxy
git pull
make clean
make TARGET=linux2628 CPU=native USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1
sudo make install

Then restarting haproxy to use the updated version

sudo service haproxy restart