Tag Archives: linux

Webmin bug copying SSL certificates to Virtualmin panel

When you generate a SSL certificate for an nginx site through the Virtualmin interface for a virtual (sub-)server, the button “Copy to Webmin” incorrectly triggers the “Copy to Usermin” feature.

On the other hand, the Webmin interface to generate the SSL certificate also fails, because it does not allow for generation for nginx hosts (only Apache hosts).

Trick:

  1. Generate the SSL certificate using Let’s Encrypt in Virtualmin for the virtual (sub-)server.
  2. Run the following command as root to copy the certificate to Webmin:
    1
    virtualmin install-service-cert --domain yourdomain.com --service webmin
Categories 

Add Lets Encrypt for Webmin/Virtualmin Panel itself

Are you getting a “challenge did not pass” error? Can’t find a matching hostname for your Webmin panel to generate Let’s Encrypt certificates to?

The trick is that Lets Encrypt only works with Apache. Most Webmin/Virtualmin panels are running on miniserv Perl scripts on port 10000. We must follow the following steps:

1. Create a virtual server (or sub server) for the matching domain in Virtualmin.
2. Go to Webmin > Webmin Configuration > SSL Encryption > Let’s Encrypt
3. Request Certificate for “Apache virtual host matching hostname”. Set renewal for 12 months!

Reload problems for Raspberry Pi as a Digital Signage solution

There are quite a few tutorials out there to turn Raspberry Pi into Digital Signage or Kiosk solutions. I’ve used elalemanyo GitHub gist to run Chromium browser for my Digital Signage needs. It provides lots of options and combines various sources of information. There are options for other browsers on that page.

The gist does not address a way to automatically reload/recover from page/chrome/connection errors. You can use the following two extensions to recover from these problems:

1. Oh No You Didn’t extension will automatically reload tabs that have crashed (Aw Snap! He’s Dead Jim etc.). Handy for Kiosk mode where access is limited. This helps recover from memory related problems (quite often the Raspberry Pi’s are limited by memory or CPU).

2. Autorefresh on Error will auto-refresh a page after 60 seconds if page did not load. This is handy for any webpage that changes often and needs to be refreshed. And for places where the WiFi coverage may not be ideal, especially on boot.

Install latest Chromium on Raspberry Pi B+

Update on December 26, 2016: Latest Raspbian can install Chromium Browser by just doing: apt-get install chromium-browser. No need to download debs or run gdebi. Making this post obsolete.

Installing the latest Chromium browser on Raspberry Pi B models is a hassle. Although the following tricks work on the other Raspberry Pi models. I wanted to target Raspberry Pi B+ with this tutorial since it requires some special steps.

  1. Download the latest .deb package files:
  2. Ensure you have gdebi:
    1
    sudo apt-get install gdebi-core
  3. Install the packages one by one (install libgcrypt11 first!!!):
    1
    2
    3
    sudo gdebi libgcrypt11
    sudo gdebi chromium-codecs-ffmpeg-extra
    sudo gdebi chromium-browser
  4. Run:
    1
    chromium-browser

EXT4 repair on Mac OSX

My NAS WD drive recently became corrupt. It had trouble saving large files and running them. My router constantly complained about not being able to properly run Samba/swap on it.

Not having a Linux OS handy, I had a tall task to repair an EXT4 filesystem on Mac OSX 10.10.

I first tried the open source solutions: fuse-ext2, osxfuse, and ext2fuse (read-only). While these tools work great in allowing access to ext4. They do not include any disk repair tools. e2fsprogs from Homebrew also does not include the fsck utilities.

I also tried using the commercial ExtFS by Paragon. It integrates directly with Disk Utility and is able to verify/check the disk for errors. While it reported the errors properly, it had trouble repairing the filesystem and reported my ext4 partition as ext3. It failed to repair reporting: “Error: Disk Utility can’t repair this disk. Back up as many of your files as possible, reformat the disk, and restore your backed-up files.” Also, ExtFS was very buggy as in it consistently froze the System Preferences and Finder (while ejecting and mounting).

Finally, I installed VirtualBox with an Ubuntu VM and added the USB drive from settings. I had to umount the drive from inside Ubuntu and running fsck -y was a breeze. Now ExtFS by Paragon also reports that the Disk is good.

VirtualBox Images CentOS keyboard settings problem

I was using readymade CentOS images for VirtualBox from VirtualBoxes CentOS images. I noticed that some of the images come with weird keyboard settings, such that you can’t use the pipe (passing information from command to command), dash (for command parameters), @ (email sign), etc keys. In other words, when you try to type these keys, other keys would appears and vice versa. All of these keys are crucial to running any commands on the CentOS server.

The problem is that the VirtualBox image stores the keyboard setting that was used when it was created. Since this server image was built in Italy, and I am located in the US, there were obviously key differences.

The obvious solution is to change it to your preferred keyboard layout. There are 2 ways of doing it:

  1. Easier way: Install system-config-keyboard through yum. The caveat is this will install 75+ other bloat packages that you probably don’t need. However the command system-config-keyboard would configure your keyboard for you.
    yum install system-config-keyboard
  2. Advanced way: Use
    loadkeys

    command to change the keys temporarily and then make a change to

    /etc/sysconfig/keyboard

    to make a permanent change (after restart).

    loadkeys us # or your own locale
    vim /etc/sysconfig/keyboard # replace KEYTABLE value to your locale

rsyncd tips for TomatoUSB/DD-WRT

I wanted to integrate a NAS with rsyncd on a TomatoUSB router (equipped with ipkg and USB hard drive connect). I also wanted this NAS to be available from the outside, so I found that the instructions online were incomplete. If you’re having problems with it, please follow these two tips:

  1. rsync cannot connect to rsyncd from within the network. This is the default setup that everyone wants, so it should just work. The problem is that the command that everyone tells us to use with rsyncd profiles (rsyncd.conf: [profilename]) is wrong, even on dd-wrt tutorial. It is missing an extra semicolon, so the command should be:
    rsync file.ext user@server::profilename/optional/path

    (Notice how profiles need 2 semicolons)

  2. rsyncd is not accessible from outside the network. I haven’t seen instructions for these. To do this, one must do 2 things:
    • Add a rule to Port Forwarding section of the UI: forward TCP port 873 (default rsyncd port) to 192.168.1.1 (the router IP/gateway).
    • run the following command that adds a rule to the iptables firewall, inside Scripts > Firewall, or run it in the command line for a quick test (but it will disappear once you restart router):
      iptables -A INPUT -j ACCEPT -p tcp --dport 873
    • For OpenWRT routers, one would either use uci or add the above rule to /etc/storage/post_iptables_script.sh and do mtd_storage.sh save.

Command line python script to get context lines on a search string

grep -B and -B flags don’t work when grep is used on the command line with readline support. So I created this little script that does work on the command line. use -h flag to learn. Here’s how I’ve used it:

ls -al | ./printcontext.py -b 1 -a 1 -d test.txt

This finds the test.txt file and prints the 2 files around it.


#!/usr/bin/python
# print context when using a python script with readline support (command line piping)
# by inderpreetsingh.com

import sys, re
from optparse import OptionParser

def main():
    usage = "usage: %prog [options] needle"
    parser = OptionParser(usage)
    parser.add_option("-b", "--before", type="int", dest="before", default=0,
            help='Before context lines (a la grep)')
    parser.add_option("-a", "--after", type="int", dest="after", default=0,
            help='After context lines')
    parser.add_option("-d", "--debug", action="store_true", dest="debug", default=False,
            help='Debug information.')

    #Not implemented
    #parser.add_option("-o", "--output", type="string", dest="output")
    
    (options, args) = parser.parse_args()
    
    if len(args) != 1:
        parser.error("Specify what you want to search")
    
    needle = args[0]
    if options.debug:
        print "\nNeedle: %s\nBefore context lines: %s\nAfter context lines: %s\n" % (needle, options.before, options.after)
    

    lines = sys.stdin.readlines()
    lines = [x.strip() for x in lines]
    
    lastline = ''
    i = 0
    for line in lines:
        if needle in line:
#        if re.search(needle, line):
            first = max(0, i - options.before)
            last = min(len(lines), i + options.after + 1)
            
            if options.debug:
                print "Found '%s' on line %d, printing line %d to %d" % (needle, i, first, last)
                
            for println in lines[first:last]:
                print println
            print ""
        lastline = line
        i += 1

if __name__ == "__main__":
    main()

SSH private/public key auth not working

Problem: I can’t set up an automated login (passwordless with ssh agent) to one of my servers.

Tip: Best way to debug SSH problems is by using ssh -vvvv server. The extra verbosity flags will tell you exactly what is going on at each interaction.

Details:
I was receiving the following code:
debug1: Trying private key: /Users/inderpreetsingh/.ssh/id_rsa
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type
debug3: Not a RSA1 key file /Users/inderpreetsingh/.ssh/id_rsa.
debug1: read PEM private key done: type RSA
Identity added: /Users/inderpreetsingh/.ssh/id_rsa (/Users/inderpreetsingh/.ssh/id_rsa)
debug1: read PEM private key done: type RSA
debug3: sign_and_send_pubkey
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password,hostbased

debug1: Trying private key: /Users/inderpreetsingh/.ssh/id_dsa
debug3: no such identity: /Users/inderpreetsingh/.ssh/id_dsa
debug2: we did not send a packet, disable method

debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
inderpreetsingh@server's password:

Analysis: The errors are misleading. They seem to indicate that the identity file on our own machine is the culprit. But the problem was the .ssh directory and the authorized_keys file permissions. They may be too lax or too restrictive.

Fix: From your home directory, fire the following permissions:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

And for good measure, make sure you alone own the files:

chown username:username ~/.ssh
chown username:username ~/.ssh/authorized_keys

And passwordless SSH here I come.

Django on CentOS Python 2.6 VirtualEnv Using GeekyMedia RPMs

Django on centos geekymedia

for setuptools (easy_install):

wget http://pypi.python.org/packages/2.6/s/setuptools/setuptools-0.6c11-py2.6.egg#md5=bfa92100bd772d5a213eedd356d64086
easy_install *setuptools*

use it to install pip:
easy_install pip

download MySQLdb and install by:
python26 setup.py build
python26 setup.py install

download virtualenv
mkdir ~/.virtualenvs

add to .bashrc
VIRTUALENVWRAPPER_PYTHON=/usr/bin/python26
source /usr/bin/virtualenvwrapper.sh

initialize virtualenv
mkdir dev
virtualenv dev

Start virtualenv for current session
source dev/bin/activate

now install packages, they will go inside virtualenv (since we are activated)
pip install django
pip install south
pip install pil

Create django project and app
cd dev/
django-admin.py startproject myproj
cd myproj
python manage.py startapp polls