Web services: Difference between revisions
add php area and downgrading php 7 to php 5.6 |
→SSL/TLS: add Let's Encrypt free SSL certificate |
||
Line 75: | Line 75: | ||
$ openssl req -new -key server.key -out server.csr | $ openssl req -new -key server.key -out server.csr | ||
</syntaxhighlight> | </syntaxhighlight> | ||
=== Let's Encrypt free SSL certificate === | |||
* ''Last tested on Ubuntu 14.04.2 LTS (trusty) | easy | less than ten minutes | 27 June 2016'' | |||
You can find all about '''Let's Encrypt''' initiative at their [https://letsencrypt.org/ website]. | |||
The most current instruction can be found at [https://www.eff.org/ EFF]'s [https://certbot.eff.org/ certbot] site. | |||
This one is for Ubuntu 14.04 (trusty) and pursues the easier-to-use option. I'm assuming that you have a sudo access, although that isn't an absolute requirement. | |||
==== Installation ==== | |||
Download the executable and make it executable. | |||
<source lang="bash" highlight="1,13"> | |||
$ sudo wget https://dl.eff.org/certbot-auto | |||
--2016-06-27 18:36:18-- https://dl.eff.org/certbot-auto | |||
Resolving dl.eff.org (dl.eff.org)... 173.239.79.196 | |||
Connecting to dl.eff.org (dl.eff.org)|173.239.79.196|:443... connected. | |||
HTTP request sent, awaiting response... 200 OK | |||
Length: 44115 (43K) [text/plain] | |||
Saving to: ‘certbot-auto’ | |||
100%[======================================================================================================================================================>] 44,115 --.-K/s in 0.001s | |||
2016-06-27 18:36:18 (67.8 MB/s) - ‘certbot-auto’ saved [44115/44115] | |||
$ sudo chmod a+x certbot-auto | |||
</source> | |||
I prefer to have this type of executable in <span class="path">/usr/local/bin/</span> folder. It will make it available for other users as well as make it easy add as a cronjob. The ownership is already correct if you used <code>sudo</code>. | |||
Typing <code>sudo certbot-auto --apache</code> in CLI will get you to an interactive menu that will list out all of your domains on Apache2 and will easily generate certificates and even add those Apache directives in the respective virtual domain configuration files (not 100%, but works most of the time). | |||
<code>certbot-auto</code> creates a folder in <span class="path">/etc/letsencrypt/</span> as a default. | |||
==== Adding more domains ==== | |||
After the initial installation, if you need to add more domains you can do it directly from the CLI. | |||
<source lang="bash"> | |||
$ sudo certbot-auto run --apache -d mydomain.net | |||
</source> | |||
==== Configuring to auto-renew certificate ==== | |||
<code>certbot-auto</code> can also auto-renew certificates by adding a command as a cronjob. | |||
<div class="cli"> | |||
0 1,13 * * * /usr/local/bin/certbot-auto renew --quiet --no-self-upgrade | |||
</div> | |||
Use crontab to update the cron jobs, and add the above line. | |||
<source lang="bash"> | |||
$ sudo crontab -e | |||
</source> | |||
[[Category:System administration]] | [[Category:System administration]] |
Revision as of 18:32, 27 June 2016
PHP
Downgrading PHP 7 to PHP 5.6
- Last tested on Ubuntu 14.04.4 LTS (trusty) | easy | less than ten minutes
This should be also applicable for Ubuntu 16.04 (xenial) since it has PHP 7.0 as the default. I had temporarily upgraded to PHP 7.0 to check compatibility of one of our applications and Crypt_RSA package turned out to be the sore spot. So we had to revert back.
This may only apply for Ubuntu 14.04.4 or other versions less than 16.04. This is to add Ondřej Surý's PPA repository for PHP. Of course, if you have 14.04 and already have PHP 7.0, you probably have done this. If you don't have add-apt-repository, then please add it by adding a package called python-software-properties.
$ sudo apt-get install python-software-properties
Add repository for PHP
$ sudo add-apt-repository -y ppa:ondrej/php
Update package lists:
$ sudo apt-get update
Install PHP 5.6. You may also add other extensions you may need for your app (e.g. php5.6-mbstring, php5.6-xml, etc.)
$ sudo apt-get install php5.6
Switch the default PHP to PHP 5.6.
$ sudo update-alternatives --config php
Reference: Downgrade PHP 7 to PHP 5.6
SSL/TLS
Generate a CSR
- Last tested on Ubuntu 14.04.2 LTS (trusty) | easy | less than five minutes
This will generate a 2048-bit key (secure & insecure) and CSR for usage on a website. CSR is short for Certificate Signing Request and is usually requested by CA (Certificate Authority) when trying to obtain a SSL/TLS certificate.
1. Create a secure key for CSR
$ openssl genrsa -des3 -out server.key 2048
Generating RSA private key, 2048 bit long modulus
.....................+++
....................+++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
2. Create an insecure key for CSR sourcing from the secure one
$ openssl rsa -in server.key -out server.key.insecure
Enter pass phrase for server.key:
writing RSA key
3. Rename the keys
$ mv server.key server.key.secure
$ mv server.key.insecure server.key
4. Create the CSR
$ openssl req -new -key server.key -out server.csr
Let's Encrypt free SSL certificate
- Last tested on Ubuntu 14.04.2 LTS (trusty) | easy | less than ten minutes | 27 June 2016
You can find all about Let's Encrypt initiative at their website. The most current instruction can be found at EFF's certbot site.
This one is for Ubuntu 14.04 (trusty) and pursues the easier-to-use option. I'm assuming that you have a sudo access, although that isn't an absolute requirement.
Installation
Download the executable and make it executable.
$ sudo wget https://dl.eff.org/certbot-auto
--2016-06-27 18:36:18-- https://dl.eff.org/certbot-auto
Resolving dl.eff.org (dl.eff.org)... 173.239.79.196
Connecting to dl.eff.org (dl.eff.org)|173.239.79.196|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 44115 (43K) [text/plain]
Saving to: ‘certbot-auto’
100%[======================================================================================================================================================>] 44,115 --.-K/s in 0.001s
2016-06-27 18:36:18 (67.8 MB/s) - ‘certbot-auto’ saved [44115/44115]
$ sudo chmod a+x certbot-auto
I prefer to have this type of executable in /usr/local/bin/ folder. It will make it available for other users as well as make it easy add as a cronjob. The ownership is already correct if you used sudo
.
Typing sudo certbot-auto --apache
in CLI will get you to an interactive menu that will list out all of your domains on Apache2 and will easily generate certificates and even add those Apache directives in the respective virtual domain configuration files (not 100%, but works most of the time).
certbot-auto
creates a folder in /etc/letsencrypt/ as a default.
Adding more domains
After the initial installation, if you need to add more domains you can do it directly from the CLI.
$ sudo certbot-auto run --apache -d mydomain.net
Configuring to auto-renew certificate
certbot-auto
can also auto-renew certificates by adding a command as a cronjob.
0 1,13 * * * /usr/local/bin/certbot-auto renew --quiet --no-self-upgrade
Use crontab to update the cron jobs, and add the above line.
$ sudo crontab -e