Web services: Difference between revisions

1. Create a secure key for CSR

$ openssl genrsa -des3 -out server.key 2048

Generating RSA private key, 2048 bit long modulus

Enter pass phrase for server.key:

Verifying - Enter pass phrase for server.key:

2. Create an insecure key for CSR sourcing from the secure one

$ openssl rsa -in server.key -out server.key.insecure

Enter pass phrase for server.key:

writing RSA key

3. Rename the keys

Download the executable and make it executable.

$ sudo wget https://dl.eff.org/certbot-auto

--2016-06-27 18:36:18--  https://dl.eff.org/certbot-auto

$ sudo chmod a+x certbot-auto

I prefer to have this type of executable in <span class="path">/usr/local/bin/</span> folder.  It will make it available for other users as well as make it easy add as a cronjob. The ownership is already correct if you used <code>sudo</code>.

After the initial installation, if you need to add more domains you can do it directly from the CLI.

$ sudo certbot-auto run --apache -d mydomain.net

=== Configuring to auto-renew certificate ===

Use crontab to update the cron jobs, and add the above line.

$ sudo crontab -e

=== Adding multiple domain names for a certificate ===

You can use one certificate for multiple domains. The certificate is generated, but you need to install it yourself.

$ certbot-auto certonly --webroot -w /srv/www/mysite.com/ -d www.mysite.com -d mysite.com -w /srv/www/blog.mysite.com/ -d blog.mysite.com

   Donating to ISRG / Let's Encrypt:  https://letsencrypt.org/donate

   Donating to EFF:                    https://eff.org/donate-le

= Miscellaneous =

If you try to '''create a blank file''',

$ touch forcefsck

touch: cannot touch 'forcefsck': No space left on device

you get a report back saying there is no space left on device.  However, when you '''check the disk space''':

$ df -h

Filesystem      Size  Used Avail Use% Mounted on

none            5.0M    0  5.0M  0% /run/lock

none            7.9G  140K  7.9G  1% /run/shm

There is still 58% of disk space left, so something else is wrong. After googling about this, it turns out that my inode was running out. To '''check the number of inodes''':

$ df -i

Filesystem      Inodes  IUsed  IFree IUse% Mounted on

none          2052885      2 2052883    1% /run/lock

none          2052885      47 2052838    1% /run/shm

''inode'' stands for index node, which is an index for a file/folder/device/etc. in the Unix file system scheme.

To '''find out which folder is causing this massive hemorrhage of inodes''':

$ sudo -s

1402

(...)

It looks like there is a lot of inodes in /var for some reason, now we need to narrow down to a specific directory:

$ for i in ./* ; do echo $i; find $i -type f | wc -l; done

(...)

1

(...)

You can check the number of files in any directory by issuing '''ls -l | wc -l''' but I couldn't even do this because there were millions of files that have accumulated over a year. These files had accumulated because PHP isn't doing the garbage collection. Your session.gc_probability may be set to 0. Change it to 1.

$ /usr/lib/php5/maxlifetime

24

It's 24 minutes. Now, here is the command to delete all of the older files.

$ find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 -exec rm {} \;

This isn't necessary if you have the garbage collection enabled from the PHP configuration, but here is a cron job to run every hour as a root if this isn't caused by PHP.

$ crontab -e

0      /usr/bin/find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 -exec /bin/rm {} \;

===References===

http://pim.famnit.upr.si/blog/index.php?/archives/172-Running-out-of-inodes,-no-space-left-on-device,-php-not-cleaning-sessions.html (accessed on July 30, 2012)