Time server via Open BSD NTPD

1. Add backports to your soruce.list (eq. debian squeeze)

deb http://backports.debian.org/debian-backports squeeze-bacports main

2. Install ppenntpd package (firstly update apt repository by „apt-get update” command)

# apt-get install openntpd

3. Set your preferd NTP Servers in file /etc/openntpd/ntpd.conf

server 0.pl.pool.ntp.org
server 1.pl.pool.ntp.org
server 2.pl.pool.ntp.org
server 3.pl.pool.ntp.org

Active NTP Servers you can find on http://www.pool.ntp.org/pl/

Open tar.gz archive

tar -xvzf moje.tar.gz

Setting time in Debina with NTP

NTP mean Network Time Protocol which is used to keeping update your server’s time. Follow the guide.

1. Install appropriate package

apt-get install ntpdate
apt-get install hwclock

2. Update system time with NTP

We will use ntp.task.gda.pl as NTP provider

ntpdate -u ntp.task.gda.pl

3. Update hardware clock from system time

hwclock --systohc

Source: stary.dug.net.pl, ladogorski.com

Generate self-signed certificate with openssl

1. Generate private key

openssl genrsa -out server.key 2048

2. Generate the certificate

openssl req -new -key server.key -x509 -days 3650 -out server.crt

Generate self signed certificate for Jboss/Tomcat with openssl

There are two way to generate self-signed certificate for JBoss/Tomcat. You can do it with keytool from java package or with opensll linux tool. In this quide i show you how to do it with openssl. Follow the guide.

1. Generate a Private key

openssl genrsa -des3 -out server.key 2048

You will be asked for password

2. Generate CSR (Certificate Signing Request)

openssl req -new -key server.key -out server.csr

You will be asked about details for certificate request

3. Remove passphrase from key

cp server.key server.key.org
openssl rsa -in server.key.org -out server.key

4. Generating a Self-Signed certificate

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

5. Conver private key (server.key) and self-signed certificate (server.crt) from PEM to DER format

openssl pkcs8 -topk8 -nocrypt -in server.key -inform PEM -out server.key.der -outform DER
openssl x509 -in server.crt -inform PEM -out server.crt.der -outform DER

6. Import private key and self-signed certificate in DER format to keystore

Keytool does let you import an existing private key with you already have certificate.
Download code from here (ImportKey.java).

Edit ImportKey.java and and change defaults valuse like …

// change this if you want another password by default
String keypass = "MyPassword";

// change this if you want another alias by default
String defaultalias = "server";

// change this if you want another keystorefile by default
 String keystorename = System.getProperty("keystore");

 if (keystorename == null)
         keystorename = System.getProperty("user.home")+
         System.getProperty("file.separator")+
         ".keystore"; // especially this

Compile java source cose

javac ImportKey.java

Run ImportKey

java ImportKey server.key.der server.crt.der

Now we have proper keystore with name .keystore

7.  Installing  keystore on Jboss/Tomcar

Copy keystore to folder JBOSS_HOME/server/<your_profile>/conf/

Edit ‘JBOSS_HOME/server/<your_profile>/deploy/jboss-web.deployer/server.xml’. Uncomment following code and add keystoreFile and keystrePass tags.

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="250" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS"
	       keystoreFile="${jboss.server.home.dir}/conf/.keystore" keystorePass="MyPassword" />

Now we can run our jboss/tomcat server with HTTPS

Sources:
http://www.akadia.com/services/ssh_test_certificate.html
http://wls4mscratch.wordpress.com/2010/06/19/generate-a-jks-keystore-using-key-and-crt-files/
http://shib.kuleuven.be/docs/ssl_commands.shtml
http://www.agentbob.info/agentbob/79-AB.html

Configure service started at boot-time in Debian

You can use rcconf to confugure service started at boot-time in Debian

How to install jboss 6 on Debian 6 squeeze

How to install postgres on Debian 6 Squezze

Sometimes is better to use external guide. Linode Library team done really good job. Link is here Use PostgreSQL Relational Databases on on Debian 6 (Squeeze), pdf.

After, if you want that postgres should be available for all host (generally it is not proffered, but  in some case you need to do it) form internet you need to do:

1. Edit ‘/etc/postgresql/8.4/main/postgresql.conf’ and unmark following code

listen_addresses = 'localhost'

then change ‘localhost’ to ‘*’, as result you should have

listen_addresses = '*'

2. Edit ‘/etc/postgresql/8.4/main/pg_hba.conf’ and add following code

host    all    all          0.0.0.0/0    md5

3. Restart postgresql

Remember about restarting postgresql for apply you configuration

/etc/init.d/postgresql restart

How to install subversion on Debian Squeeze

One week ago I spend  a few hours to install subversion on Debian Squeeze. It is short guide that contain what it necessary to do.  Follow the guide.

1. Install Apache and PHP

apt-get install apache2
apt-get install libapache2-mod-php5

2. Install subversion

apt-get install subversion
apt-get install libapache2-svn

3. Configure SVN repository with name ‘repos

mkdir /var/svn
svnadmin create --fs-type fsfs /var/svn/repos

4. Assign repository folder to apache user

chown -R www-data:www-data /var/svn/*
chmod -R 770 /var/svn/*

5. Edit ‘/etc/apache2/mods-available/dav_svn.conf’ and input this code

<Location /svn>
DAV svn
SVNParentPath /var/svn
AuthType Basic
AuthName "Subversion Repository"
AuthUserFile /etc/apache2/svn.passwd
Require valid-user
SSLRequireSSL
</Location>

6. Activate SSL and the DAV modules on Apache

a2enmod ssl
a2enmod dav
a2enmod dav_svn

7. Create users account for SVN

htpasswd -c /etc/apache2/svn.passwd user1
htpasswd /etc/apache2/svn.passwd user2

Pleas note that -c switch you use first time only, because passwd file don’t exist.

8. Generate self-signed certificate for HTTPS connection

openssl req -new -x509 -days 365 -nodes -out /etc/apache2/ssl/svn.pem -keyout /etc/apache2/ssl/svn.key

9. Change the permission on the certificate

chmod 600 /etc/apache2/ssl/svn.pem
chmod 600 /etc/apache2/ssl/svn.key

10. Edit ‘/etc/apache2/sites-available/default-ssl’ and input/modifi this code

<VirtualHost *:443>
ServerAdmin admin@server.name
ServerName your.server.name
DocumentRoot /var/www
<Directory /var/www>
Options -Indexes FollowSymLinks
AllowOverride None
Order deny,allow
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error_ssl.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/svn.pem
SSLCertificateKeyFile /etc/apache2/ssl/svn.key
</VirtualHost>

11.Enable your site

a2ensite default-ssl
apache2ctl restart

12. Test your svn repository

You can test your repository through this url https://<your_domain_or_ip>/svn/repos, than you should be asked to type your svn user login and password

13. Install Websvn (optiona web manager of repository content)

apt-get install enscript
apt-get install websvn

After, the configuration dialog appears
select apache2 (unselect all other options)
type in the location of the parent folder of your repositories

To force connection through SSL for WenSVN /etc/websvn/apache.conf and following code between <Directory> …. </Directory> tags.

AuthType Basic
AuthName "Subversion Repository"
AuthUserFile /etc/apache2.svn.passwd

Require valid-user

14. Disable to show the complete server token for Apache

In /etc/apache2/conf.d/security change ServerTokens parameter from OS to Prod. Should be like this.

ServerTokens Prod

 

Sources: blog.mattsch.com, www.reviewingit.com, www.howtoforge.com

How to configure keyboard layout in Debian

For configuration kayboard layoun in Debian you need to run command:

dpkg-reconfigure console-setup

or

dpkg-reconfigure keyboard-configuration

Source: 1,2