LouWii's Blog

< Web developer & geek stuff />

Page 2 of 69

Full blog posts written by me, without all this Twitter stuff.

Check an SSL certificate against the server private key and CSR

When working with SSL certificates, it can be handy to check that the certificate you got (.crt file) properly corresponds to the private key (.key file) and the certificate request (.csr file).

Just use those commands :

They will output a string composed of numbers. All 3 of them need to be the same in order for your certificate to work properly on your server.

It’s as simple as that.

 

Updating my Nexus 5 from stock ROM to Lineage OS

It doesn’t seem like much, but it definitely requires some preparation and knowledge. I won’t detail all the steps in here, there are many tutorials on the internet. But it’s just a little recap with useful links and info.

I’ve mainly followed this guide (but it’s in french).

Backup your files

Many ways to do that. There are apps like Helium or Titanium Backup.

Google can save your data too.

You can also use the adb command to create backups from your computer (tutorial in french, easy to follow, it’s just command lines).

Connect your phone to USB and check all folders, especially the Pictures folder as everything will be wiped.

Unlock your phone

This will wipe the data of your phone. No other solution here, just do it. Tutorials are easy to find on the internet. I used this one.

I would recommend to reboot the device completely. It might have avoid my bootloop issue (see next part).

Install custom recovery

TWRP is the most famous one, so I chose this one. Go to the official page to download the img file (this is specific for the Nexus 5, the list of other devices is there). Instructions for the Nexus 5 are available on the site too.

I had an issue with the install, not sure if it’s because of the version (3.1.0 at that time) or my install file which was corrupted. But I ended up with a bootloop, but with fastboot still available.

After some research, it’s actually easy to fix that up. I found that thread in XDA forums, where a member says he followed that other guide to put his device back on the road (just replace stuff with Nexus 5 files and you’re all good).

Phew… I must say I was a bit stressed after seeing my Nexus 5 in a bootloop !

Boot to TWRP

Boot to fastboot (hold volume down + power buttons). Choose recovery with the volume button and press power to choose recovery.

Wipe those partitions:

  • Dalvik / ART Cache
  • System
  • Data
  • Cache

Install Lineage

Download the ROM file from the official Lineage OS site.

When in TWRP, the USB storage of your device should be available from your computer. You can copy the Lineage OS zip file to your phone.

I also put the md5 check file so TWRP can check the integrity of the file before installing it. If your rom filename is lineage-14.1-20170328-nightly-hammerhead-signed.zip, create a text file named lineage-14.1-20170328-nightly-hammerhead-signed.zip.md5,  open it with a text editor and put the MD5 hash inside it. Be sure to copy it alongside the Lineage OS rom file on your phone.

Install it using the Install option in TWRP. Once done, wipe the cache as recommended by TWRP. Tap TWRP icon on the top left to go back to TWRP menu.

Install Google Apps via Open GApps

Go to http://opengapps.org/ to download the Google Apps package. The Nexus 5 is using an ARM processor. Note that I tried to install the Stock package, but it failed because of the size of the System partition being too small. I had to go down to the Micro package to be able to install the apps.

Same thing as above, put the zip file on your device, along with the md5 file (you can download that file directly from the open GApps site). Install it using TWRP, wipe the cache, and you’re done.

Reboot and enjoy

Reboot the phone and let LineageOS boot. It will take some time to boot at first.

Restore the files using whatever method you chose. I personally just restored things from my Google account. I don’t mind loosing some data as I didn’t have anything important.

Secure phpMyAdmin install with Fail2ban

First, let’s change the address to access phpMyAdmin. By Default, it’s ser.ver.ip/phpmyadmin.

I’ve copied the original phpmyadmin apache config file so I can customize it as I want, and still have the original one in case mine is broken. sudo cp /etc/phpmyadmin/apache.conf /etc/phpmyadmin/apache-custom.conf

At the top of the custom file, change the 3 line Alias /phpmyadmin /usr/share/phpmyadmin to something else, like Alias /phpthisismine /usr/share/phpmyadmin

Now, I don’t know how your apache is setup to take into account the phpmyadmin configuration file. On my server, it wasn’t added automatically, so I’ve added it myself in /etc/apache2/apache2.conf. At the bottom, just add Include /etc/phpmyadmin/apache-custom.conf.

Now, in order to deal with those stupid bots, if they ever find the URL, it would be nice to have fail2ban take care of those f*ckers. The problem is, phpMyAdmin doesn’t log any failed login attempt (bummer !).

Well actually, this is what I found:

phpMyAdmin uses php’s apache_note function to make this work. AFAIK this function is only available in mod_php mode. This will not work with mod_fcgi & co.

And I’m using php-fpm so I need to modify phpMyAdmin to log failed attempts. Let’s edit /usr/share/phpmyadmin/libraries/plugins/auth/AuthenticationCookie.class.php (I know, that’s bad, but what can I do ?).

Find the authFails() function and inside, right after the last header() call, add error_log(‘phpmyadmin: authentification failed’);

 

Hell yeah.

Now let’s setup fail2ban. Create a file /etc/fail2ban/filter.d/apache-phpmyadmin.conf and place that inside

Now edit your local fail2ban configuration file. Mine is /etc/fail2ban/jail.local and add

Reload fail2ban sudo service fail2ban reload and you’re all set !

Sources (source 1, source 2, source 3).

Configuring an email server on Ubuntu 16.04

DigitalOcean has made a great guide to configure an email server that only sends email. If your email inbox are stored somewhere else, your server don’t need to receive and store any email. Configuring it to only send email is making it easier to maintain and less subject to hack/viruses.

Before reading the guide, I’ve created 2 subdomains that points to my server and I will use them in the tutorial.

Well in fact I created one twice, with an A type and AAA type to be sure both ipv4 and ipv6 are working. The A type must point to your server IPv4, the AAA type to your server IPv6. Let’s call it serv.site.com.

Once that’s done, I had to configure my reverse server IP. I found that in my server IP settings. For both IPv4 and IPv6, I’ve set the reverse to my previously created subdomain, serv.site.com. That will make Google and probably other email services happy. More on that on Google Documentation.

Next step, go and follow the tutorial. When entering the domain, I entered the subdomain I created, serv.site.com, not just site.com.

Go read the guide there

 

PHP7 FPM configuration with Apache 2.4

After struggling a bit to find a working configuration for my PHP server setup based on PHP 7 FPM and Apache 2.4, here’s my working config.

Activate Apache actions mod: sudo a2enmod actions

Edit /etc/apache2/mods-available/fastcgi.conf

Basically, that’s telling apache to use PHP executable when someone is requesting a .php file.

Be sure php7.0-fpm service is running sudo service php7.0-fpm status. If not, start it sudo service php7.0-fpm start.

Here’s an example of a virtual host config file

 

« Older posts Newer posts »

© 2018 LouWii's Blog

Theme by Anders NorenUp ↑