Web services: Difference between revisions

Jump to navigation Jump to search
change <source> tag to <syntaxhighlight>
No edit summary
change <source> tag to <syntaxhighlight>
Line 49: Line 49:


1. Create a secure key for CSR
1. Create a secure key for CSR
<source lang="bash" highlight="1">
<syntaxhighlight lang="bash" highlight="1">
$ openssl genrsa -des3 -out server.key 2048
$ openssl genrsa -des3 -out server.key 2048
Generating RSA private key, 2048 bit long modulus
Generating RSA private key, 2048 bit long modulus
Line 57: Line 57:
Enter pass phrase for server.key:
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
</source>
</syntaxhighlight>


2. Create an insecure key for CSR sourcing from the secure one
2. Create an insecure key for CSR sourcing from the secure one
<source lang="bash" highlight="1">
<syntaxhighlight lang="bash" highlight="1">
$ openssl rsa -in server.key -out server.key.insecure
$ openssl rsa -in server.key -out server.key.insecure
Enter pass phrase for server.key:
Enter pass phrase for server.key:
writing RSA key
writing RSA key
</source>
</syntaxhighlight>


3. Rename the keys
3. Rename the keys
Line 90: Line 90:
Download the executable and make it executable.
Download the executable and make it executable.


<source lang="bash" highlight="1,13">
<syntaxhighlight lang="bash" highlight="1,13">
$ sudo wget https://dl.eff.org/certbot-auto
$ sudo wget https://dl.eff.org/certbot-auto
--2016-06-27 18:36:18--  https://dl.eff.org/certbot-auto
--2016-06-27 18:36:18--  https://dl.eff.org/certbot-auto
Line 104: Line 104:


$ sudo chmod a+x certbot-auto
$ sudo chmod a+x certbot-auto
</source>
</syntaxhighlight>


I prefer to have this type of executable in <span class="path">/usr/local/bin/</span> folder.  It will make it available for other users as well as make it easy add as a cronjob. The ownership is already correct if you used <code>sudo</code>.
I prefer to have this type of executable in <span class="path">/usr/local/bin/</span> folder.  It will make it available for other users as well as make it easy add as a cronjob. The ownership is already correct if you used <code>sudo</code>.
Line 116: Line 116:
After the initial installation, if you need to add more domains you can do it directly from the CLI.
After the initial installation, if you need to add more domains you can do it directly from the CLI.


<source lang="bash">
<syntaxhighlight lang="bash">
$ sudo certbot-auto run --apache -d mydomain.net
$ sudo certbot-auto run --apache -d mydomain.net
</source>
</syntaxhighlight>


=== Configuring to auto-renew certificate ===
=== Configuring to auto-renew certificate ===
Line 130: Line 130:
Use crontab to update the cron jobs, and add the above line.
Use crontab to update the cron jobs, and add the above line.


<source lang="bash">
<syntaxhighlight lang="bash">
$ sudo crontab -e
$ sudo crontab -e
</source>
</syntaxhighlight>


=== Adding multiple domain names for a certificate ===
=== Adding multiple domain names for a certificate ===
Line 138: Line 138:
You can use one certificate for multiple domains. The certificate is generated, but you need to install it yourself.
You can use one certificate for multiple domains. The certificate is generated, but you need to install it yourself.


<source lang="bash" highlight="1">
<syntaxhighlight lang="bash" highlight="1">
$ certbot-auto certonly --webroot -w /srv/www/mysite.com/ -d www.mysite.com -d mysite.com -w /srv/www/blog.mysite.com/ -d blog.mysite.com
$ certbot-auto certonly --webroot -w /srv/www/mysite.com/ -d www.mysite.com -d mysite.com -w /srv/www/blog.mysite.com/ -d blog.mysite.com


Line 152: Line 152:
   Donating to ISRG / Let's Encrypt:  https://letsencrypt.org/donate
   Donating to ISRG / Let's Encrypt:  https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le
   Donating to EFF:                    https://eff.org/donate-le
</source>
</syntaxhighlight>


= Miscellaneous =
= Miscellaneous =
Line 164: Line 164:
If you try to '''create a blank file''',
If you try to '''create a blank file''',


<source lang="bash">
<syntaxhighlight lang="bash">
$ touch forcefsck
$ touch forcefsck
touch: cannot touch 'forcefsck': No space left on device
touch: cannot touch 'forcefsck': No space left on device
</source>
</syntaxhighlight>


you get a report back saying there is no space left on device.  However, when you '''check the disk space''':
you get a report back saying there is no space left on device.  However, when you '''check the disk space''':


<source lang="bash">
<syntaxhighlight lang="bash">
$ df -h
$ df -h
Filesystem      Size  Used Avail Use% Mounted on
Filesystem      Size  Used Avail Use% Mounted on
Line 179: Line 179:
none            5.0M    0  5.0M  0% /run/lock
none            5.0M    0  5.0M  0% /run/lock
none            7.9G  140K  7.9G  1% /run/shm
none            7.9G  140K  7.9G  1% /run/shm
</source>
</syntaxhighlight>


There is still 58% of disk space left, so something else is wrong. After googling about this, it turns out that my inode was running out. To '''check the number of inodes''':
There is still 58% of disk space left, so something else is wrong. After googling about this, it turns out that my inode was running out. To '''check the number of inodes''':


<source lang="bash">
<syntaxhighlight lang="bash">
$ df -i
$ df -i
Filesystem      Inodes  IUsed  IFree IUse% Mounted on
Filesystem      Inodes  IUsed  IFree IUse% Mounted on
Line 191: Line 191:
none          2052885      2 2052883    1% /run/lock
none          2052885      2 2052883    1% /run/lock
none          2052885      47 2052838    1% /run/shm
none          2052885      47 2052838    1% /run/shm
</source>
</syntaxhighlight>


''inode'' stands for index node, which is an index for a file/folder/device/etc. in the Unix file system scheme.
''inode'' stands for index node, which is an index for a file/folder/device/etc. in the Unix file system scheme.
Line 197: Line 197:
To '''find out which folder is causing this massive hemorrhage of inodes''':
To '''find out which folder is causing this massive hemorrhage of inodes''':


<source lang="bash">
<syntaxhighlight lang="bash">
$ sudo -s
$ sudo -s


Line 223: Line 223:
1402
1402
(...)
(...)
</source>
</syntaxhighlight>


It looks like there is a lot of inodes in /var for some reason, now we need to narrow down to a specific directory:
It looks like there is a lot of inodes in /var for some reason, now we need to narrow down to a specific directory:


<source lang="bash">
<syntaxhighlight lang="bash">
$ for i in ./* ; do echo $i; find $i -type f | wc -l; done
$ for i in ./* ; do echo $i; find $i -type f | wc -l; done
(...)
(...)
Line 251: Line 251:
1
1
(...)
(...)
</source>
</syntaxhighlight>


You can check the number of files in any directory by issuing '''ls -l | wc -l''' but I couldn't even do this because there were millions of files that have accumulated over a year. These files had accumulated because PHP isn't doing the garbage collection. Your session.gc_probability may be set to 0. Change it to 1.
You can check the number of files in any directory by issuing '''ls -l | wc -l''' but I couldn't even do this because there were millions of files that have accumulated over a year. These files had accumulated because PHP isn't doing the garbage collection. Your session.gc_probability may be set to 0. Change it to 1.


<source lang="bash">
<syntaxhighlight lang="bash">
$ /usr/lib/php5/maxlifetime
$ /usr/lib/php5/maxlifetime
24
24
</source>
</syntaxhighlight>


It's 24 minutes. Now, here is the command to delete all of the older files.
It's 24 minutes. Now, here is the command to delete all of the older files.


<source lang="bash">
<syntaxhighlight lang="bash">
$ find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 -exec rm {} \;
$ find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 -exec rm {} \;
</source>
</syntaxhighlight>


This isn't necessary if you have the garbage collection enabled from the PHP configuration, but here is a cron job to run every hour as a root if this isn't caused by PHP.
This isn't necessary if you have the garbage collection enabled from the PHP configuration, but here is a cron job to run every hour as a root if this isn't caused by PHP.


<source lang="bash">
<syntaxhighlight lang="bash">
$ crontab -e
$ crontab -e
0      /usr/bin/find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 -exec /bin/rm {} \;
0      /usr/bin/find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 -exec /bin/rm {} \;
</source>
</syntaxhighlight>


===References===
===References===


http://pim.famnit.upr.si/blog/index.php?/archives/172-Running-out-of-inodes,-no-space-left-on-device,-php-not-cleaning-sessions.html (accessed on July 30, 2012)
http://pim.famnit.upr.si/blog/index.php?/archives/172-Running-out-of-inodes,-no-space-left-on-device,-php-not-cleaning-sessions.html (accessed on July 30, 2012)

Navigation menu