httpd with multiple ssl and password for every key automatically

Well to use this we must use the¬†SSLPassPhraseDialog functionality of httpd – apache . Basically into ssl.conf we put this line or modify the existing one into SSLPassPhraseDialog exec:/path/script Where script is read/execute only by root. And the script is   #!/bin/perl $server = $ARGV[0]; #print $server; if ($server eq ‘www.example.com:443’ || $server eq ‘www.example2.com:443’ ) { print ‘password one’; } elsif ($server eq ‘example3.com’) { print ‘Password two’; }...
read more

Adding trusted root certificates to the server

Linux (Ubuntu, Debian) Function Method Add Copy your CA to dir /usr/local/share/ca-certificates/ Use command: sudo cp foo.crt /usr/local/share/ca-certificates/foo.crt Update the CA store: sudo update-ca-certificates Remove Remove your CA. Update the CA store: sudo update-ca-certificates –fresh   Linux (CentOs 6) Function Method Add Install the ca-certificates package: yum install ca-certificates Enable the dynamic CA configuration feature: update-ca-trust force-enable Add it as a new file to /etc/pki/ca-trust/source/anchors/: cp foo.crt /etc/pki/ca-trust/source/anchors/ Use command: update-ca-trust extract   Linux (Centos 5) Add Append your trusted certificate to file /etc/pki/tls/certs/ca-bundle.crt cat foo.crt...
read more

change root password for mysql 5.7 fresh installed

In order to find out actual password you need to grep log file grep password /var/log/mysqld.log This will provide you with root password . After login on your mysql server with mysql -u root -p Then you must change root password with ALTER USER ‘root’@’localhost’ IDENTIFIED BY ‘newpassword’;  
read more

apache 2.2 run php as username with fcgid

One of my problem is to secure a little websites at least to run as their user and not as apache . In this way if one wordpress is hacked not all website to be modify by that script . On internet you will find something like this <IfModule mod_fcgid.c> MaxRequestLen 15728640 FcgidConnectTimeout 20 SuexecUserGroup username groupname <Directory /var/www/vhosts/site.com> Options +ExecCGI AllowOverride All AddHandler fcgid-script .php FCGIWrapper /var/www/wraper/site.com/php-fcgi-starter .php Order allow,deny Allow from all </Directory> </IfModule> All is fine in some situation works . However I notice that if you have the php 5.6 installed this won’t work . I try all loglevel debug and other stuff but it simply didn’t start that wraper with that user in process list. After some more dig I found out that¬†/etc/httpd/conf.d/php.conf is different then on other php version and in this 5.6 that file have a SetHandler . So the solution is to overwrite again that SetHandler So in your vhost before add this IfModule you need to add also <FilesMatch \.php$> SetHandler None </FilesMatch>...
read more

How to fix upstream timed out (110: Connection timed out) error in Nginx

In order to fix that you need to add proxy_read_timeout 300;  
read more

« Previous Entries