Latest Entries »

Configuring SSL and HTTPS for your website (Amazon EC2)

Filed under: Amazon EC23 Comments
April 15, 2012

A lot of effort had gone into making our website into a HTTPS enabled website.

First of all I had bought an SSL certificate from PositiveSSL. I got it for $9 from namecheap.com. It’s worth it. The process as a whole is not very tough. It all depends on the amount of system administration experience that you have.

Coming to the configuration. Am going to assume that you are going to set it up on your Amazon EC2 instance. Anyway that doesn’t make a big difference as the same applies to the web server that you would be configuring.

Set up Apache on your instance.

1. Install apache and mod-ssl

yum install httpd mod_ssl

2. Enable the ports 22 and 443 on your Amazon EC2 instance. Open up the ports for access for 0.0.0.0/0 under security credentials.

Follow the instructions in this post to get your SSL certificate from an SSL provider.

http://wp.me/p1yWAu-3C.

3. Installing the certificate on to your Apache Web server.

3.1 : Copy your certificate file

You will receive an email from your SSL provider (yourdomainname.crt). Open you certificate in some text editor and  your certificate will look something like:

—–BEGIN CERTIFICATE—–
MIAGCSqGSIb3DQEHAqCAMIACAQExADALBgkqhkiG9w0BBwGggDCCAAhAF
UbM77e50M63v1Z2A/5O5MA0GCSqGSIb3DQEOBAUAMF8xCzAJBgNlVTMSAw
(…….)
E+cFEpf0WForA+eRP6XraWw8rTN8102zGrcJgg4P6XVS4l39+l5aCEGGbauLP5W6
K99c42ku3QrlX2+KeDi+xBG2cEIsdSiXeQS/16S36ITclu4AADEAAAAAAAAA
—–END CERTIFICATE—–

Copy your Certificate into the directory that you will be using to hold your certificates. In this example we will use /etc/ssl/crt/. Both the public and private key files will already be in this directory. The private key used in the example will be labeled private.key and the public key will be yourdomainname.crt.

Make sure that it’s readable only by root.

3.2 : Install the Intermediate Certificate

You will need to install the chain certificate (intermediates) in order for browsers to trust your certificate. As well as your SSL certificate (yourdomainname.crt) .If you are using  Apache you’ll need the following files AddTrustUTNServerCA.crt and PositiveSSLCA.crt certificates and then your key file as well.

You need a bundle file.Create a file say bundle.txt. To do this you will need to open the certificates with a text editor and add both of the certificate texts to that file, first the PositiveSSLCA.crt then the AddTrustUTNServerCA.crt and save this file as bundle.txt

Copy the bundle.txt file to the directory that consists of  httpd.conf (/etc/httpd/conf/) (this contains all of the CA certificates in the chain).

4. Configure virtual hosts in httpd.conf

NameVirtualHost 23.21.221.101:443
<VirtualHost x.x.x.x:443>
ServerAdmin webmaster@dummy-host.example.com
DocumentRoot /var/www/html
ServerName http://www.myexample.com
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM

# ErrorLog logs/errorlogs
# CustomLog logs/custom
SSLCertificateFile /etc/ssl/certs/lets/certificate.crt
SSLCertificateKeyFile /home/ec2-user/private.key
# SSLCertificateChainFile /home/ec2-user/PositiveSSLCA2.crt
SSLCACertificateFile /etc/httpd/conf/bundle.txt
SetEnvIf User-Agent “.*MSIE.*” nokeepalive ssl-unclean-shutdown
# CustomLog /usr/local/apache/logs/ssl_request_log \
# “%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \”%r\” %b”
</VirtualHost>

5.  Since I have given the name of the files make sure you configure it according to the above configuration file. For readers convenience i’ll list out what each configuration means.

  • SSLCertificateFile  is the certificate you received through email from SSL provider
  • SSLCertificateKeyFile is the private key
  • SSLCACertificateFile is the bundle you created

6. Save your httpd.conf file and restart Apache.

7. Pray to God that it must work. I had to figure out so many things. I’ll post them once i recollect these things. It’s been a while since I did this.

8. Make sure mod_ssl is installed. Reflect the changes in /etc/httpd/conf.d/ssl.conf file as well. I mean the path of the configuration of the above parameters.(SSLCertificateFile ,SSLCertificateKeyFile ,SSLCACertificateFile )

A few tips: (Common issues)

1. Make sure hostname configuration is fine

2. Check for iptable rules that may be blocking access

3. Check Amazon security credentials for any denial of access

4. Update your instance. (yum update)

5. Check for resolv.conf, /etc/hosts configuration, /proc/sys/kernel/hostname parameter.

6. check nmap localhost, check if ports 443 and 80 are open.


Comment

Getting a new certificate from SSL provider

Filed under: Amazon EC22 Comments

First of all you need to generate an CSR ( Certificate Signing Request) and a private key for  your own Apache Web Server.

The steps to get you SSL certificate are as follows.

openssl req -nodes -newkey rsa:2048 -keyout myserver.key -out server.csr

It’ll ask for the following fields make sure you give the details correctly especially the hostname must be of the format myexample.com

Country Name (2 letter code) [AU]: US
State or Province Name (full name) [Some-State]: Washington
Locality Name (eg, city) []: Seattle
Organization Name (eg, company) [Internet Widgits Pty Ltd]: Herp and Co
Organizational Unit Name (eg, section) []: Herping
Common Name (eg, YOUR name) []: mydomain.com
Email Address []:
A challenge password[]:
An optional company name[]:

This will create a .csr file and a .key file. In this example myserver.key is your private key and server.csr is the Certificate Signing Request file.

Now go to the site where you want to get the SSL certificate from. I chose PositiveSSL. Got one for $9.

Now open the server.csr file and copy its contents. Make sure you copy the entire contents. (including the dashes).

Paste it when you are prompted. Ask the web admin to approve the certificate request when its prompted. You’ll receive the mail and you’ll be getting the certificate, the root certificate and intermediate server certificate as well.

In my next post I’ll talk about installing SSL certificate on to your web server.

Comment

Open source DropBox in Amazon EC2

Filed under: Projects2 Comments
March 30, 2012

I hope that most of you would be aware of DropBox, just in case you don’t have an idea about what dropbox does the following post would help you understand dropbox and its functionalities.

DropBox is basically a online backup system in which the users have an account associated with them. A folder named dropbox is created in the user’s documents folder(In windows 7). The files and folders that are copied to this folder is synced to a back end cloud storage system. (We do not care on how dropbox manages its user’s and stuff :D). First of all the major advantage of dropbox is that it syncs data on to the cloud when the user’s bandwidth is idle or under minimal usage. This post will tell you on how you can exploit Amazon EC2 cloud to have your own storage system that can be used to back up data. Using this method you would be able to access your data from any place (provided you have an internet connection :D). That is your data becomes portable. Now lets get to the task.

First of all i recommend using either CentOS or Ubuntu (10.10). It’s totally up to you regarding which distribution you use for this task.  First of all I use root to access my files and I don’t follow certain ethics as no one else is gonna use my laptop.

And before I forget credits to fak3r for coming up with such a great idea. I had tried this one and it was like very useful and that’s why I thought of writing it on my own blog with some extensions to it.

First install packages rsync(must be included with the linux box), openssh-server and lsync.

Lsync is expanded as live syncing daemon. I have no expertise on this particular package AFAIK its a package that monitors the XML structure of the file system and it has the ability to run a particular command or another system call. The lsyncd makes use of the inotify feature of the linux kernel that is used to watch folders and report events.

Rsync is a package that is used to transfer files between folders or systems (local or remote). The algorithm is designed to check for changes that have occurred to the file and transfers the changed parts of the files and folders. Rsync can be used to sync data both locally and in remote systems and hence widely used in backing up systems and servers on a large scale.

Assuming you use Ubuntu

apt-get install lsync openssh-server

I assume lsync is available with apt-get else you need to download the source code from code.google.com and compile it.

wget http://lsyncd.googlecode.com/files/lsyncd-1.26.tar.gz

tar -zxf lsyncd-1.26.tar.gz

cd lsyncd-1.26

./configure

make

make install

You must be having an example lsyncd.conf.xml in the folder from which you extracted. Just copy it to /etc/lsyncd.conf.xml

Next you need to make alternations to the configuration file in your system. Open the configuration file lsyncd.conf.xml. Go the portion that tells you about the source and target. Now you job is to set the source to the folder you wish to backup on the Amazon Cloud. Say /home/ananth/syncdata . So your configuration file must have this line. (I mean modify).

<source path=”/home/ananth/syncdata” />

Next is the target path. Here you need to provide the IP address of the system with which you want to sync to. Here give the IP Address of the Amazon EC2 instance. I’ll talk about Amazon EC2 instances and IP Addresses in my next post and I’ll make sure I’ll the post the link here.

So your target should essentially look like this

        <target path=”10.15.16.17:/home/ec2-user/syncbackup”/ >

Now in your terminal run

lsyncd –config /etc/lsyncd.conf.xml –debug.

If you get any errors then there is some problem with the setup. Since your are syncing data to a machine on the internet it should be fine. Make sure your read the /var/log/messages for any clue if the setup goes wrong. You must be able to figure out the errors.

Everything that I have done is in your system, the remote host configuration is up next.

Now hoping that you have an Amazon account I proceed with this post. Set up an Amazon EC2 instance. Attach it to an elastic IP address. Just make sure that your security considerations are fine. Make sure that port 22 is open and am sure it must be.

I’ll make sure that I update.


Comment

Game programming : An introduction

Filed under: Misc1 Comment
March 21, 2012

Just came across this wonderful post in codeproject. If you are interested in game programming the python sample code gives you an example on how you can use mathematics and its allied fields for programming.

http://inventwithpython.com/blog/2012/03/18/how-much-math-do-i-need-to-know-to-program-not-that-much-actually/

Comment

Running your Web Server on Amazon EC2

Filed under: Eucalyptus/CloudLeave a comment
February 5, 2012

Am not gonna get into the detailed aspects, just a brief introduction. First you need an Amazon Account. Register for Amazon AWS. You need an instance to to have your Web Server running. You may bundle an AMI and upload it , I prefer the ready made Amazon AMI’s. You can choose between Amazon Linux (or) your favorite distribution. I used the default one provided by Amazon.

1. Install Apache

yum install httpd

2. Set up MYSQL, PHP and other developer packages.

yum install mysql-server mysql php php-devel php*

3. Now allow access for SSH, FTP (you need FTP for loading files to your website), HTTP (22,(21,20),(80,8080)) under Security Groups, you need to write Custom TCP rules for them. It’s very easy you must be able to figure it out, once your familiar with AWS Console.

4. Now create an elastic IP to access your instance on the World Wide Web.

5. Map the IP to your instance.

6. Configure your HTTP and restart your Apache service once your done with it.

7. Make sure you turn on mysql httpd ftp permanently.

chkconfig httpd on

Repeat the same for the other daemons as well.

8. Configure your DNS to map it to your domain. Edit /etc/hosts

10.x.x.x mysamplewebsite.com mysample     (Just an alias)

(The above is just an example provides the syntax of the /etc/hosts file ).

11. Configure your domain to point to this IP.

Your Website is now hosted on the cloud. Yaay !!

You can contact me for any further clarifications or details.

HTH

 

 

 

 

Comment

Changing Home directory of a user in Linux

Filed under: System Admin stuffLeave a comment

I found it really hard to change the home directory of an FTP user, later discovered that useradd is embedded with the feature of changing the default home directory to something else. Anwyays I learnt it the hard way. It’s pretty easy and so dumb of me that I didn’t find it at the first attempt.

Here you go,

useradd [username] -p [password] -d [directory]

example:

useradd testuser -p test123 -d /opt

Here /opt is the home directory of the user testuser. By default the home directory is set to /home/testuser.

Comment

Using Putty to login to EC2 Instances

Filed under: Eucalyptus/CloudLeave a comment

I found it really hard to login to Ubuntu every single time I wanted to configure my EC2 instance. Putty provided me with easy access to my instances using Windows 7.

1. Get PuttyGen and Putty fromthis website

http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

I used the 32 bit version.

2. Open Putty Key Generator and select the private key you downloaded for accessing your EC2 instance. Transfer it from Ubuntu.

3. After loading select “Save Private Key”. Give some name (*.ppk)

4. Now open Putty , in the Host type the IP address of the instance . ( I used Elastic IP’s to access my EC2 instances, hence I have my own IP from Amazon ). It’s easy just create an Elastic IP and associate it with the instance.

5.  Under Connection select SSH -> Auth. Select the private key you created in step 3.

6. Now you must be able to login to your instance from Putty.

HTH

Comment

PHP Snippet to display SHA1 hash of all files in a directory

Filed under: UncategorizedLeave a comment
February 3, 2012

<?php

$path = “D:/Refserver 1”;
$dir_handle = @opendir($path) or die(“Unable to open $path”);

echo “<table border=1>”;
echo “<th>File Name</th>”;
echo “<th>SHA1 Hash</th><tr>”;
foreach(glob(‘D:/Refserver 1/*.*’) as $arr)
{
if(is_dir($arr))
{
continue;
}
echo “<td> ” .$arr . “<td>”. sha1_file($arr) . “</td></tr>”;
}
?>

 

 

Comment

32 bit and 64 bit operating system explained

Filed under: MiscLeave a comment
January 12, 2012

One of my friends asked me what x86 and x86_64 meant! That was the inspiration, so i decided to write a blog post explaining what actually happens inside the CPU.

Processors can be broadly classified as 32 bit processors and 64 bit processors, the processors that are in the market come under the 64 bit category.

Examples:

32 bit  processors : Pentium 4

64 bit processors: Core 2 Duo

Basically the difference lies in the processing, addressing and the data bus transfer. A 64 bit processor will be able to transport more data than a 32 bit processor. A 32 bit processor can process up to 32 bits in a clock cycle whereas the 64 bit can process up to 64 bits per clock cycle. Processing includes transmission as well. A 32 bit processor can process data and memory addresses that are represented by 32 bits. 64 bit refers to processor with registers that can store 64 bit numbers.

Difference in RAM addressing :

64 bit systems allow systems to address up to 2 ^ 10 GB of data. In a 32 bit system we can address only 4GB of memory, this includes the physical memory as well as the graphic cards in modern systems.

When making the transition from 32-bit to 64-bit  PCs, users won’t actually see a change  in browsing and word processing programs. Benefits of 64-bit processors would be seen with more demanding applications such as video encoding, scientific research, searching massive databases; tasks where being able to load massive amounts of data into the system’s memory is required.

So what makes 64 bit better :

  • Pointers in a 64 bit system take 8 bytes instead of 4 bytes (32 bit). The effect on RAM usage is not much , but in the worst case scenario, a huge part of the CPU cache may be wasted in this process .
  •  There are many more general-purpose CPU registers in 64-bit mode. Registers are the fastest memory in your entire system. There are only 8 in 32-bit mode and 16 general purpose registers in 64-bit mode. In practice applications run 30 % faster.
  • A 32 bit application may run on a 64 bit processor but the vice versa doesn’t hold good. So 64 bit applications are faster.

Problems with a 64 bit OS :

I have come across a lot of driver related issues in  64 bit machines though they have been addressed by recent patches and fixes.

HTH

Comment

De-duplication articles

Filed under: De-duplication1 Comment
January 11, 2012

Was going through the de-duplication techniques , what companies do what are the pros and cons of de-duplication. This is one article that says it all. Wonderful post.

Courtesy : http://nsrd.info/blog/2011/08/07/7-common-problems-with-deduplication/

Comment