Linux OpenSSL generate self-signed SSL certificate and Apache web server configuration

February 21, 2024 ~ tadmin

In a previous post, we covered the creation of a CSR and key for obtaining an SSL certificate. Today, we’ll focus on generating a self-signed SSL certificate, a useful step in development and testing environments. Follow along to secure your website with HTTPS.

Generating the SSL Certificate

To create a self-signed SSL certificate, execute the following command:

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout www.shkodenko.com.key -out www.shkodenko.com.crt

This command generates a self-signed certificate valid for 365 days.

Configuring Apache

Next step, let’s configure Apache to use the SSL certificate. Add the following configuration to your virtual host file:

<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName shkodenko.com
ServerAlias www.shkodenko.com
DocumentRoot /home/shkodenko/public_html
ServerAdmin webmaster@shkodenko.com

SSLEngine on
SSLCertificateFile /etc/ssl/certs/www.shkodenko.com.crt
SSLCertificateKeyFile /etc/ssl/private/www.shkodenko.com.key

CustomLog /var/log/apache2/shkodenko.com-ssl_log combined

<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>

<Directory /home/shkodenko/public_html>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
</IfModule>

This configuration sets up SSL for your domain, specifying the SSL certificate and key files.

Checking Syntax and Restarting Apache

Before restarting Apache, it’s crucial to check the configuration syntax:

apachectl -t

If the syntax is correct, restart Apache to apply the changes:

systemctl restart apache2

service apache2 restart

Ensure your website now loads with HTTPS. You’ve successfully generated a self-signed SSL certificate and configured Apache to use it!

Linux chkconfig and service: managing autostart and service state

February 20, 2024 ~ tadmin

In Red Hat-like Linux systems such as Red Hat Enterprise Linux, CentOS, Fedora (up to version 15), and similar distributions, service management often involves the use of the /sbin/chkconfig command.

To view the status of the NFS (Network File System) service, you can use the following command:

/sbin/chkconfig --list nfs

This command displays a list indicating whether the NFS service is enabled or disabled for each runlevel (0 through 6).

To enable the NFS service, execute:

/sbin/chkconfig nfs on

To verify the status of the NFS service, rerun the previous command:

/sbin/chkconfig --list nfs

Now, you can see that the NFS service is enabled for the appropriate runlevels.

To disable the NFS service from starting automatically, use:

/sbin/chkconfig nfs off

Check the status once more to confirm the changes:

/sbin/chkconfig --list nfs

To view the autoload status of all services on the system, use:

/sbin/chkconfig --list | more

For a comprehensive list of available command options, you can refer to the help documentation:

/sbin/chkconfig --help

Additionally, you can manage the NFS service directly using the `/sbin/service` command with various options:

/sbin/service nfs [start|stop|status|restart|reload|force-reload|condrestart|try-restart|condstop]

Some commonly used options include:

start: Start the service.
status: Check the current state of the service.
restart: Restart the service.
reload: Apply new configurations without restarting.

Linux useradd passwd: create accounts with access to a specific folder

February 9, 2024 ~ tadmin

How to Create an Additional FTP Account with Access to a Specific Subfolder

Sometimes, managing access to specific directories on your server is essential for security and organization purposes. One common scenario is creating an additional FTP account with access limited to a particular subfolder. In this guide, we’ll walk through the steps to achieve this on a Linux-based system.

Step 1: Creating the User Account

First, let’s create a new user account using the `useradd` command. Replace `ftp_taras_web` with your desired username and `/home/taras/public_html` with the path to the subfolder you want to grant access to.

sudo useradd -d /home/taras/public_html -g taras -o -s /bin/false -u 10001 ftp_taras_web

Here’s a breakdown of the parameters used in the command:

-d, -home HOME_DIR: Specifies the home directory for the new user.
-g, -gid GROUP: Sets the initial login group for the user.
-o, -non-unique: Allows the creation of a user account with a duplicate UID.
-s, -shell SHELL: Specifies the login shell for the user.
-u, -uid UID: Sets the numerical value of the user’s ID.

Step 2: Setting the Password

Next, set a password for the newly created FTP account using the `passwd` command:

sudo passwd ftp_taras_web

Step 3: Generating a Complex Password

For enhanced security, consider using a password generator to create a strong and complex password for the FTP account.

Step 4: Verifying User Data

You can verify the user’s information using the `id` and `finger` commands:

id ftp_taras_web

uid=1001(taras) gid=1001(taras) groups=1001(taras)

finger ftp_taras_web

Login: taras Name:
Directory: /home/taras Shell: /bin/bash
Last login Wed Dec 26 13:48 (EET) on pts/4 from 192.168.2.1
No mail.
No Plan.

This will display details such as the user ID, group ID, home directory, and login shell.
By following these steps, you can efficiently manage access permissions for specific directories on your server, ensuring a secure and organized environment.

Trimming the Last Character from a String in Bash

February 5, 2024 ~ tadmin

Trimming the Last Character from a String in Bash.

In the world of shell scripting, manipulating string variables is a common task. One interesting challenge you might encounter is removing the last character from a string. This task might seem simple at first glance, but it showcases the flexibility and power of Bash scripting.

Let’s dive into a practical example to illustrate how this can be achieved efficiently.

Scenario

Imagine you have a string stored in a variable, and you need to remove the last character of this string for your script’s logic to work correctly. For instance, you might be processing a list of filenames, paths, or user inputs where the trailing character needs to be omitted.

Solution

Bash provides several ways to manipulate strings. One of the simplest and most elegant methods to remove the last character from a string is using parameter expansion. Here’s a quick script to demonstrate this approach:

#!/bin/bash

# Original string
str1="foo bar"
echo "String1: ${str1}"

# Removing the last character
str2="${str1%?}"
echo "String2: ${str2}"

In this script:

We define a string variable `str1` with the value “foo bar”.
We then use `${str1%?}` to create a new variable `str2` that contains all characters of `str1` except for the last one. The `%?` syntax is a form of parameter expansion that removes a matching suffix pattern. In this case, `?` matches a single character at the end of the string.

How It Works

The `${variable%pattern}` syntax in Bash is a form of parameter expansion that removes the shortest match of `pattern` from the end of `variable`. The `?` in our pattern is a wildcard that matches any single character. Thus, `${str1%?}` effectively removes the last character from `str1`.

Alternative Approaches

Although the method shown above is succinct and effective for our purpose, Bash offers other string manipulation capabilities that could be used for similar tasks. For example:

Substring Extraction: `echo “${str1:0:${#str1}-1}”`
sed: If you prefer using external tools, `sed` can also achieve this: `echo “$str1” | sed ‘s/.$//’`

Each method has its use cases, depending on the complexity of the operation you’re performing and your personal preference.

Conclusion

Removing the last character from a string in Bash is straightforward with parameter expansion. This technique is just one example of the powerful string manipulation capabilities available in Bash. Experimenting with these features can help you write more efficient and effective scripts.

Mastering Program Search in Linux: A Guide to Using whereis, find, and locate Commands

January 29, 2024 ~ tadmin

To locate a specific program in your system, the `whereis` command is often the most efficient choice. For instance, if you’re searching for the ‘ls’ program, simply enter:

whereis ls

This command will display results such as:

ls: /bin/ls /usr/share/man/man1p/ls.1p.gz /usr/share/man/man1/ls.1p.gz

Alternatively, you have other commands at your disposal, although they might be slower. One such option is the `find` command, which can be used as follows:

find / -type f -name "ls"

Another useful command is `locate`, which searches for any file names containing ‘ls’ in their path. The syntax is straightforward:

locate ls

However, `locate` tends to return a lengthy list of results, which can be challenging to navigate without filtering the output with tools like `grep` or using pagination commands such as `more` or `less`. This extra step is necessary for easier readability of the output.

Enhancing Laravel Controllers to Output Custom JSON Structures

January 18, 2024January 17, 2024 ~ tadmin

Introduction

In the world of web development, especially when working with APIs, customizing the output of your controllers can significantly improve the readability and usability of your data. In this post, we’ll explore how to modify a Laravel controller to output a specific JSON format. This technique is particularly useful when dealing with front-end applications that require data in a certain structure.

The Challenge

Imagine you have an array in your controller that needs to be outputted as a JSON array of objects, but your current setup only returns a simple associative array. Let’s take the following requirement as an example:

Newly required JSON Format:

[
{ "id": 1, "name": "Low" },
{ "id": 2, "name": "Averate" },
{ "id": 3, "name": "High" }
]

Existing Controller Code:

<?php

namespace App\Http\Controllers\API\Task;


use App\Http\Controllers\API\BaseController;
use Illuminate\Http\Response;


class TaskPriorityController extends BaseController
{
    public static array $taskPriority = [
        1 => 'Low',
        2 => 'Average',
        3 => 'High',
    ];

    public function index()
    {
        return response()->json(self::$taskPriority);
    }
}

The Solution

To achieve the desired JSON output, we need to transform the associative array into an indexed array of objects. Here’s how we can do it:

Updated Controller Code:

<?php

namespace App\Http\Controllers\API\Task;


use App\Http\Controllers\API\BaseController;
use Illuminate\Http\Response;


class TaskPriorityController extends BaseController
{
    public static array $taskPriority = [
        1 => 'Low',
        2 => 'Average',
        3 => 'High',
    ];

    public function index()
    {
        $formattedTaskPriorities = array_map(function ($key, $value) {
            return ['id' => $key, 'name' => $value];
        }, array_keys(self::$taskPriority), self::$taskPriority);

        return response()->json(array_values($formattedTaskPriorities));
    }
}

In this solution, we used PHP’s `array_map` function. This function applies a callback to each element of the array, allowing us to transform each key-value pair into an object-like array. We then use `array_keys` to pass the keys of the original array (which are our desired IDs) to the callback function. Finally, `array_values` ensures that the JSON output is an indexed array, as required.

Conclusion

Customizing the JSON response of a Laravel controller is a common requirement in modern web development. By understanding and leveraging PHP’s array functions, you can easily format your data to meet the needs of your application’s front end. This small change can have a significant impact on the maintainability and readability of your code, as well as the performance of your application.

Additional Tips

Always test your endpoints after making changes to ensure the output is correctly formatted.
Consider the scalability of your solution; for larger data sets, you might need to implement more efficient data handling techniques.

How to Implement Automatic Logout in Linux Bash Session After 5 Minutes of Inactivity

January 17, 2024 ~ tadmin

If you’re looking to enhance the security of your Linux system, setting up an automatic logout for the bash session after a period of inactivity is a great step. Here’s how to implement a 5-minute timeout policy:

Set the Timeout Policy: Open the `~/.bash_profile` or `/etc/profile` file in your preferred text editor. Add the following lines to set a 5-minute (300 seconds) timeout:
```
# Set a 5 min timeout policy for bash shell
TMOUT=300
readonly TMOUT
export TMOUT
```
This code sets the `TMOUT` variable to 300 seconds. The `readonly` command ensures that the timeout duration cannot be modified during the session, and `export` makes it available to all shell sessions.
Disabling the Timeout: If you need to disable the automatic logout feature, you can do so by running one of the following commands:
1. To temporarily disable the timeout for your current session:
```
# Disable timeout for the current session
export TMOUT=0
```
2. Or, to remove the `TMOUT` setting completely from your session:
```
# Unset the TMOUT variable
unset TMOUT
```
Important Considerations: It’s crucial to note that the `readonly` attribute can only be reset by the root (administrator) user. This can be done either in the global bash configuration file (`/etc/profile`) or in a user’s custom bash configuration file (`~/.bash_profile`).

By following these steps, you can effectively manage the automatic logout feature for your Linux bash sessions, enhancing the security and efficiency of your system.

Efficiently Adding Multiple Lines to Files in Linux

January 16, 2024January 16, 2024 ~ tadmin

In the world of Linux, managing files is a daily task for many users, especially those in the field of web development. Today, we’ll explore efficient methods to add multiple lines to a file, catering to different scenarios, including when elevated privileges are required.

When Elevated Privileges are Needed

Often, you might need to write to files that require higher privileges. This is common when editing system files or files owned by other users. Here are two effective methods to accomplish this:

Possibility 1: Using `echo` and `sudo tee`

The `tee` command is incredibly useful when working with protected files. It reads from the standard input and writes both to the standard output and files. This command becomes powerful when combined with `sudo`, allowing you to write to files that require superuser privileges.

Here’s a simple way to append a single line:

echo "line 1" | sudo tee -a greetings.txt > /dev/null

In this command, `echo` sends “line 1” to `tee`, which appends it to `greetings.txt`. The `-a` flag is crucial, as it ensures the line is appended rather than overwriting the file. The redirection to `/dev/null` is used to suppress the output on the terminal.

Possibility 2: Using `sudo tee` with a Here Document

For adding multiple lines, a Here Document is an elegant solution. It allows you to write multi-line strings using a command-line interface.

sudo tee -a greetings.txt > /dev/null <<EOT
line 1
line 2
EOT

This method uses a Here Document (`<

Another Approach: Using `tee` without sudo

In cases where you don’t need elevated privileges, such as modifying user-owned files, `tee` remains a useful tool.

Modifying SSH Configuration Example

Consider the scenario where you want to append multiple lines to your SSH configuration file (`~/.ssh/config`). The process is similar, but without `sudo`:

tee -a ~/.ssh/config << EOT
Host localhost
  ForwardAgent yes
EOT

Here, the `tee -a` command appends the specified configuration directly to your SSH config file. As before, the Here Document simplifies the addition of multiple lines.

Conclusion

Understanding the nuances of file manipulation in Linux is crucial for efficient system management. The `tee` command, combined with Here Documents and appropriate use of privileges, offers a versatile solution for various scenarios. Whether you’re a seasoned system administrator or a curious developer, these techniques are valuable additions to your Linux toolkit.

Resolving Laravel .env File Issues: Handling Special Characters in Database Passwords

January 10, 2024January 9, 2024 ~ tadmin

Dealing with configuration files in web development can sometimes be tricky, especially when special characters are involved. A common issue faced by Laravel developers is handling the `.env` file, particularly when database passwords include special characters like the hash symbol (`#`). In Laravel, the `#` is interpreted as the beginning of a comment, which can lead to unexpected behavior and errors in your application.

In this post, we’ll dive into how to properly handle special characters in your Laravel `.env` file. When your database password contains a `#` or any other special character that might be misinterpreted by Laravel, the key is to encapsulate the password within double quotes. For example:

DB_PASSWORD="yourpassword#123"

Enclosing the password in double quotes ensures that Laravel accurately reads the entire string, including any special characters. This simple yet crucial step can save you from unexpected issues and keep your application running smoothly.

Additionally, it’s important to remember to refresh your configuration cache after making changes to the `.env` file. This can be done using the following artisan command:

php artisan config:clear

Clearing the configuration cache ensures that Laravel recognizes the changes made in the `.env` file, allowing your application to function as expected.

By understanding and implementing this approach, Laravel developers can avoid common pitfalls associated with configuration management and maintain a seamless development workflow.

Managing Multiple PostgreSQL Versions on Ubuntu Linux: A Guide to Using pg_dump with Different Server Versions

January 9, 2024 ~ tadmin

Are you struggling with a version mismatch between your PostgreSQL server and the `pg_dump` utility on Ubuntu? You’re not alone. Many developers face this common issue, particularly when working with multiple projects that require different PostgreSQL versions. In this post, we’ll guide you through the steps to install and manage multiple versions of `pg_dump` on Ubuntu 22.04, ensuring compatibility and efficiency in your workflow.

Understanding the Issue

The error message `pg_dump: error: server version: XX; pg_dump version: YY` indicates a version mismatch. This often happens when your local system’s `pg_dump` utility version does not match the version of the PostgreSQL server you’re trying to interact with.

The Solution: Installing Multiple Versions of PostgreSQL

Thankfully, Ubuntu allows the installation of multiple PostgreSQL versions simultaneously. Here’s how you can do it:

Add the PostgreSQL Repository:
Begin by adding the PostgreSQL Global Development Group (PGDG) repository to your system. This repository provides the latest PostgreSQL versions.
```
   sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt/ $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'
```
Import Repository Signing Key & Update Packages:
Ensure the authenticity of the repository by importing its signing key. Then, update your package lists.
```
   wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
   sudo apt-get update
```
Install the Desired PostgreSQL Version:
Install PostgreSQL 15.5 (or your required version) without affecting existing installations.
```
   sudo apt-get install postgresql-15
```

Setting Up Alternatives for pg_dump

With multiple PostgreSQL versions installed, use the `update-alternatives` system to manage different `pg_dump` versions.

Configure Alternatives:
Set up `pg_dump` alternatives for each PostgreSQL version installed on your system.

   sudo update-alternatives --install /usr/bin/pg_dump pg_dump /usr/lib/postgresql/14/bin/pg_dump 100
   sudo update-alternatives --install /usr/bin/pg_dump pg_dump /usr/lib/postgresql/15/bin/pg_dump 150

Switch Between Versions:
Easily switch between `pg_dump` versions as per your project requirements.
```
sudo update-alternatives --config pg_dump
```

Verifying the Setup

After configuration, ensure that you’re using the correct `pg_dump` version by checking its version. This step confirms that you have successfully set up multiple PostgreSQL versions on your system.

pg_dump --version

Conclusion

Managing different PostgreSQL versions doesn’t have to be a hassle. By following these steps, you can maintain an efficient and flexible development environment, compatible with various PostgreSQL server versions. This setup is particularly useful for developers working on multiple projects with different database requirements.