/ - rtt - IT Resource

  • Firefox An error occurred during a connection to some-ip-or-domain. SSL peer reports incorrect Message Authentication Code. Error code: SSL_ERROR_BAD_MAC_ALERT Solution


    An error occurred during a connection to some-ip-or-domain. SSL peer reports incorrect Message Authentication Code. Error code: SSL_ERROR_BAD_MAC_ALERT     The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.     Please contact the website owners to inform them of this problem. **Solution** Go to about:config........
  • VMWare ESXi 6.7 SSH/PowerShell CLI Commands


    [root@localhost:~] BootModuleConfig.sh          echo                         host-ind                     nfcd                   ........
  • VMWare Vsphere VCSA Graphical Install Creates json


    yes it does create its own json ============================================ cat /tmp/vcsaUiInstaller/ovftool-20180809-175238948-20180809-175603497.log |grep -i json 2018-08-09T17:56:04.238-07:00 verbose OVFTool[30966] [Originator@6876 sub=Default] Manifest file entry: SHA1(VMware-vCenter-Server-Appliance-6.7.0.12000-8832884_OVF10-file1.json) = 1deb658c724767697587d5909c4051c01813e6a1 -->     <ovf:File ovf:href="VMware-vCenter-Server-........
  • Debian Mint Ubuntu compiling xmr-stak


    sudo apt-get install libcurl4-openssl-dev git build-essential autotools-dev autoconf libcurl3 sudo apt-get install libcurl4-gnutls-dev git clone https://github.com/wolf9466/cpuminer-multi sudo apt-get install cmake  libpthread-* libmicrohttpd-dev libssl-dev libhwloc-dev git clone https://github.com/fireice-uk/xmr-stak-cpu.git make install cd bin chmod +x xmr-stak-cpu ./xmr-stak -O xmr........
  • [warn] VirtualHost 10.2.5.101:443 overlaps with VirtualHost 10.2.5.101:443, the first has precedence, perhaps you need a NameVirtualHost directive


    [root@thetor2017 conf]# service httpd restart Stopping httpd:                                            [  OK  ] Starting httpd: WARNING: MaxClients of 3000 exceeds ServerLimit value of 300 servers,  lowering MaxClients to 300.  To increase........
  • linux mint image convert menu option missing solution


    I already have the caja-image-converter option installed but it shows nothing. Weirdly enough if you install nemo and nautilus converter it does show and work inside caja: The solution is to install *-image-converter sudo apt-get install *-image-converter Reading package lists... Done Building dependency tree       Reading state information... Done Note, selecting 'n........
  • OVF Tool: Error: Task failed on server: This host does not support Intel VT-x. VMWare VCenter install On ESXi ERror


    Intel VT-X is enabled in Virtualbox but it doesn't seem to pass through the needed vmx extension despite the following variables on the host confirming it is enabled: cat /sys/module/kvm_intel/parameters/nested Y cat /sys/module/kvm_intel/parameters/ept Y     OVF Tool: Disk progress: 99% OVF Tool: Transfer Completed OVF Tool: Powering on VM: Embedded-vCenter-Server-Appliance- OVF Tool: Task p........
  • VMWare 6.7 VCSA VSphere ESXi Management SSO Install Guide on Linux using the CLI


    #mount the VCSA DVD mount /dev/sr0 /mnt/cd #alternatively you could mount the iso directly mount -o loop vcsa.iso /your/mount/path #for this purpose we are using the CLI installer on Linux cd /mnt/cd/vcsa-cli-installer/lin64 #no it's not going to be that easy you can't just run vcsa-deploy like that you need to use a template or configured .json file ./vcsa-deploy Usage: vcsa-deploy [-h] [--version] [--supported-deploymen........
  • Cannot create gradle for conversations


    The main issue is it looks like Java is not configured to accept the invalid ssl cert that is coming from the download location. Exception in thread "main" java.lang.RuntimeException: javax.net.ssl.SSLException: java.security.ProviderException: java.security.InvalidKeyException: EC parameters error  export ANDROID_HOME=/home/user/Downloads/tools/ Conversations-master$ ./gradlew Downloading https://services.gradle.org/distributions/grad........
  • Maximum number of connections from user+IP exceeded (mail_max_userip_connections=10) Dovecot Solution


    This happens because Dovecot limits the maximum IMAP connections per IP to just 10.  This may be fine for a single client side IP but if an entire office or multiple users are behind one IP or a single heavy user is active then you will get bizarre errors in your e-mail clients such as "Password Incorrect" or similar in Thunderbird.  It won't be obvious on the client side as to what the problem is and they will probably just think the server is misconfi........
  • curl: (35) Unknown SSL protocol error in connection Solution Centos


    curl: (35) Unknown SSL protocol error in connection The main solution is to update curl and nss.  If you are having an issue with curl through Apache/PHP you will need to restart PHP after. It's important to remember that this error could mean a lot of things but most often it simply means that curl and openssl may be outdated and only allow newer secure ways of connecting to SSL. In general here is how you would fix it in most c........
  • Installing SSL Certificate with Chain Intermediary CA File


    Some of the cheaper or newer SSL suppliers will require this to work properly (otherwise you may be prompted that the cert is invalid when it's not the case but it will certainly scare off your users!). In the Apache vhost conf for the domain here is what you add: SSLCACertificateFile /path/to/your/cafile.pem Here is a full example of an SSL Vhost config in Apache using a CA Certificate file <VirtualHost *........
  • Unable to load dynamic library /usr/lib64/php/modules/php_openssl


     Unable to load dynamic library '/usr/lib64/php/modules/php_openssl' not sure how to fix this........
  • M2Crypto.SSL.Checker.WrongHost: Peer certificate subjectAltName does not match host, expected fedora-archive.ip-connect.vn.ua, got DNS:mirror.ip-connect.vn.ua


    You are using Centos 5 which is deprecated so nothing in yum will work until you follow this post to use the vault: http://realtechtalk.com/Centos_59_Working_Vault_Repo_file-1921-articles yum update Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile  * epel: fedora-archive.ip-connect.vn.ua Traceback........
  • [Wed Sep 20 15:34:44 2017] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Wed Sep 20 15:34:44 2017] [error] Init: Unable to read server certificate from file /www/ssl-certs/server.crt [Wed Sep 20 15:34:44 2017] [error] SSL Library Err


    [Wed Sep 20 15:34:44 2017] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Wed Sep 20 15:34:44 2017] [error] Init: Unable to read server certificate from file /www/ssl-certs/server.crt [Wed Sep 20 15:34:44 2017] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag [Wed Sep 20 15:34:44 2017] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error........
  • /usr/bin/ld: cannot find -lboost_system-mt-s /usr/bin/ld: cannot find -lboost_filesystem-mt-s /usr/bin/ld: cannot find -lboost_program_options-mt-s /usr/bin/ld: cannot find -lboost_thread-mt-s collect2: error: ld returned 1 exit status make: *** [cag


    cagecoin linux compile: sudo apt-get install qt4-qmake libqt4-dev build-essential libboost-dev libboost-system-dev         libboost-filesystem-dev libboost-program-options-dev libboost-thread-dev         libssl-dev libdb++-dev libminiupnpc-dev Solution:  sed -i s/"BOOST_LIB_SUFFIX=-mt-s"/"#BOOST_LIB_SU........
  • ffmpeg Linux Mint download, compile and install howto


    #if you have nvidia make sure you install the nvidia-cuda-toolkit so hardware acceleration can be used wget http://ffmpeg.org/releases/ffmpeg-3.3.2.tar.bz2 tar -jxvf ffmpeg-3.3.2.tar.bz2 cd  ffmpeg-3.3.2/ ./configure --disable-yasm install prefix            /usr/local source path              ........
  • Centos 7 Cudaminer Nvidia setup guide


    I am using a GTX 1060 but replace the download for the driver with the correct/current version for your particular card by visiting: http://www.nvidia.com/Download/index.aspx?lang=en-us   yum install automake curl openssl-devel libcurl-devel gcc gcc-c++ yum -y install kernel-devel-`uname -r` yum -y install unzip #the........
  • Apache SSL very slow response with Firefox Freezes/Loads Very slow when checking self-signed SSL certificate


    I was sure this was a Centos bug with OpenSSL, Apache, MySQL or even PHP.  I tried everything but nothing helped.  One clue is that if you check the Apache logs you will see nothing in the access logs until minutes later (this means Firefox has not even passed your request to the remote Apache/htttpd server). When even accepting the invalid certificate message that would show up minutes later when trying to "View the Certificate" Firefox would freeze.  This bu........
  • [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) - Apache Error Solution


    Does this mean? [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) Basically it means you created your SSL Certificate as a CA the wrong way, usually with this command: openssl req -new -x509 -nodes -days 1530 -out server.crt -keyout server.key   How can you fix it and do it properly? Step 1.) Make a new Private KeyCreate server pass key:........
  • ssh forward multiple ports in the same connection and command even works with NAT!


    You can actually just pass multiple "-L" statements to achieve this. An example is as below: ssl -L 80:192.168.10.5:80 -L 443:192.168.10.5:443 -L 2068:192.168.10.5:2068 -L 8192:192.168.10.5:8192  user@remotehost.com   The above essentially is saying forward ports 80,443,2068,8192 to the remote IP of 192.168.10.5 (even though it is behind NAT).  Essentially SSH will do the NAT part even if the........
  • How to create openssl md5 password hash to use in /etc/shadow using bash


    Very useful in embedded and other non-standard deployments.  The above makes a random salt of 14 random characters from /dev/urandom (you can change the -14 to whatever number of characters you want for your salt). openssl passwd -1 -salt `< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-14};echo;` YourPassword Output: $1$eW-ScuyL$f/iKMJ5mbJ..7bSzvX6EO0    ........
  • Avocent DSR8020 KVM/IP - Network Connect Error - Solution


    This error is commonly due to Java security or TLS settings but there is a second issue with forwarded ports that also causes it.   1. Java Security/TLS Settings issue: This article has the solution to change them all in Linux automatically 2. Port Forwarding Issue if your Avocent DSR is behind NAT/private IP........
  • How to verify SSL SHA-1 Certificate Fingerprnit Signature of your mail/web server to avoid hijacking/man-in-the-middle attacks


    This is especially helpful if you run your own servers.  If you are presented with an error message or warning that the signature has changed or does not match the IP/domain you are connecting to you always want to verify manually. So your e-mail/web client will show you an SHA-1 fingerprint like this: "Could not verify this certificate because the issuer is unkown" or other reasons such as a mismatch in IP/domain. It will also show you........
  • Centos 5 OpenSSL does not support TLS 1.2 Apache Error


    [Thu Jan 26 14:13:31 2017] [notice] caught SIGTERM, shutting down [Thu Jan 26 14:14:00 2017] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Thu Jan 26 14:14:00 2017] [error] Server certificate is expired: 'Server-Cert' [Thu Jan 26 14:14:00 2017] [notice] SSL FIPS mode disabled [Thu Jan 26 14:14:07 2017] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Thu Jan 26 14:14:07 2017] [error] Server certificate is expired: 'Server-Ce........
  • How to Properly Secure SSL/TLS Apache Settings against Heartbleed Poodle (TLS) Poodle (SSLv3) FREAK BEAST CRIME


    Many users still are not aware but simply patching OpenSSL does not secure you against many known and easy to exploit attacks that will render your encryption useless by an attacker. Use the following setings in /etc/httpd/conf.d/ssl.conf   SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH EDH+aRSA !CAMELLIA !SEED !3DES !RC4 !aNULL !eNULL !LOW !MD5 !EXP !PSK !........
  • astrachat connection problems in Android 5.01 Lollipop


    I wanted to use Astrachat because it seems to be the only app that has video, pic and file sharing for Jabber but I cannot even connect despite any other client working fine including Xabber and others.   astrachat "Oops.. We can't connect to the account that you provide above.  Please recheck your account detail". Unfortunately to make it worse there doesn't seem to be any error log or more details about the issue. The jab........
  • sed how to avoid escaping


    sed gets to be a pain and a real mess and is hard to read and understand when you have to escape things like / etc. I did not realize until recently that you don't need to use / as a separator, you can use virtually any non letter or number character. Eg we have used # as the separator to avoid having to escape the forward slashes and in this way the command is plain, easy to understand, edit and saves time/hassle without the need for escaping. sed -i s#http........
  • Centos and obfsproxy install errors


    pip install obfsproxy /usr/lib/python2.6/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.   InsecurePlatformWarning You are using pip version 7.1.0, however version 8.1.1 i........
  • curl: (35) SSL connect error solution


    curl -k https://somesite.org curl: (35) SSL connect error The site used to work until I got a new SSL cert Updating curl with (yum -y install curl) made it work again.  ........
  • Apache SSL Reverse Proxy Very Slow Solution


    This is a simple fix but not a simple problem and it still doesn't make sense to me. But in a nutshell if your target proxy server works fast when accessing directly over SSL then this may be your issue. It seems SSL does not play nicely when the target proxy destination/host has a riduculously long key (such as 8192 bits long).  Now this is normally not a problem, in fact the target server could be accessed with hardly any delay directly despite such a long key.........
  • esniper error on Linux Mint 17.2 Debian/Ubuntu: Cannot connect to URL : SSL connect error: gnutls_handshake() failed: Illegal parameter Retrying... esniper encountered a bug. It looks like your esniper version is not current. You have version 2.28


    Auction 262382440107: Cannot connect to URL : SSL connect error: gnutls_handshake() failed: Illegal parameter Retrying... esniper encountered a bug.  It looks like your esniper version is not current.  You have version 2.28.0, the newest version is 2.31.0. Please go to http://esniper.sf.net/ and update your copy of esniper.........
  • Apache Vhost HowTo Serve Same Content using a different domain and IP


    There are a few ways of doing this and all basically involve using the reverse proxy or "ProxyPass" feature of Apache to accomplish it. 1.) Create a normal vhost and simply symlink the root directory of the site you want to mirror. Eg. originalsite.com and newsite.com /vhosts/originalsite.com/httpdocs You would symlink like this: ln -s /vhosts/originalsite.com/httpdocs vhosts/originalsite.com/........
  • Force SSL for all URLs Apache htaccess modrewrite


    The best way is as below in .htaccess using modrewrite, any request that is not SSL will be redirected to https://domain.com and the exact same URL RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://domain.com/$1 [R=301,L]........
  • Avocent 8020 KVM Java Icedtea Viewer


    It seems every other updated version of Java or Icedtea breaks things and I will save the frustration of Java for another post. *If you get the icedteaweb window but nothing loads or prompts it is probably your security settings that won't even prompt to run it.   See this article to solve that problem. To fix this error you need to edit the java.security file m........
  • CPanel SNI error


    Your server does not support SNI, so all of your SSL websites must use the same SSL certificate. An update to the certificate on an existing SSL website will affect all of your SSL websites, and new SSL websites must use the currently installed certificate.........
  • openvz yum problem Centos 6.5 cannot find file on mirror:


    #solution Edit /etc/yum.repos.d/openvz.repo For the first two entries comment out #mirrorlist and uncomment #baseurl and then it worked openvz yum problem Centos 6.5 cannot find file on mirror: yum update Loaded plugins: fastestmirror Determining fastest mirrors  * openvz-kernel-rhel6: mirrors.ustc.edu.cn  * openvz-utils: mirrors.ustc.edu.cn base      ........
  • Installing zoneminder on Ubuntu/Debian Linux Howto


    sudo apt-get install zoneminder [sudo] password for one: Reading package lists... Done Building dependency tree       Reading state information... Done The following packages were automatically installed and are no longer required:   libuser-perl python-evince kdebase-apps kwrite unixodbc   libgnomeprint2.2-data python-soappy vgabios python-metacity hddtemp   python-mediaprof........
  • Unable to configure RSA server private key SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch


    [Tue Jun 23 02:05:52 2015] [error] Unable to configure RSA server private key [Tue Jun 23 02:05:52 2015] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch The above is an accurate description of what is wrong. In our case the client made a simple mistake of thinking the localhost.crt and localhost.key (default key locations for Apache SSL in Centos) were in the same directory but they we........
  • Error code: ssl_error_rx_record_too_long


    An error occurred during a connection to site.com. SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long)     The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.     Please contact the website owners to inform them of this problem. When the above happens in our experience it is a misconfiguration of........
  • cPanel How to set SSL and Dedicated IP in cPanel


    Account Functions -> Change Site's IP Address Choose the domain and then click "Change" Choose the new IP 1.) Setup SSL Certificate in cPanel Click on "SSL/TLS Manager" under the "Security" section. 2.) Under " Private Keys (KEY)" Click "Generate, view, upload, or delete your private keys." Choose "Key Size: 4096........
  • Directadmin compile error solution cc: Internal error: Killed (program cc1)


    cc: Internal error: Killed (program cc1) Please submit a full bug report. See <http://bugzilla.redhat.com/bugzilla> for instructions. make: *** [ext/fileinfo/libmagic/apprentice.lo] Error 1 make: *** Waiting for unfinished jobs.... Stopping crond:                                  ........
  • Asterisk VOIP Sipura/Linksys PAP2T Calls Not Being Received Solution


    This problem seemed to happen recently but was likely causing issues before where the phone(s) do not ring. Now there are a few reasons why this can happen especially if your adapter has DND mode enabled (disable it). However that wasn't my issue and I only figured it out the other day  when  by fluke if you're on the phone (making a call) then  calls will come in. That's when I figured out the solution: This likely app........
  • yum Centos 386 and 64 bit conflict resolution


    This can happen when you install RPMForge or other repos with the wrong architecture and here's how you fix it (simply uninstalling won't usually fix it): solution yum clean all yum -y install openvpn Loaded plugins: fastestmirror, presto Loading mirror speeds from cached hostfile  * base: mirror.its.sfu.ca  * extras: centos.mirror.nexicom.net  * rpmforge: mirror.cpsc.ucalgary.ca  * up........
  • Directadmin Install Error Cannot find /usr/include/openssl/ssl.h. Did you run the pre-install commands?


    Cannot find /usr/include/openssl/ssl.h. Did you run the pre-install commands? http://help.directadmin.com/item.php?id=354 yum -y install openssl*........
  • Apache SNI is not needed what is the issue?


    I read this article and still don't understand the issue. If I understand correctly the client negotiates after the first SSL connection and then gets the correct hostname and thus correct certificate. http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI To their credit I know I'm not using SNI becuase I get this message in the Apache log :) [warn] Init: You should not use name-based virtual hosts in conjunction with SSL!! B........
  • Apache SSL Change Default SSL Vhost and Listening Port for SSL


    vi /etc/httpd/conf.d/ssl.conf Change the following from "Listen 443" to something like below Listen 2243   Then find the SSL Virtual Host Context and edit like below (to your new listening port) ## ## SSL Virtual Host Context ## <VirtualHost _default_:2243>........
  • postfix/dovecot Sent emails missing sometimes


    On occassion and from a variety of networks and clients, Sent messages don't get saved. I'm wondering if these log messages could be why: May  3 14:16:39 mail.box postfix/smtpd[5195]: connect from 192.168.1.58 May  3 14:16:39 mail.box postfix/smtpd[5195]: SSL_accept error from 192.168.1.58: -1 May  3 14:16:39 mail.box postfix/smtpd[5195]: lost connection after CONNECT from 192.168.1.58 May  3 14:16:39 mail.box postfix/smtpd[5195]:........
  • SSH Can't Login/Hang


    Client Log OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to 192.168.1.253 [192.168.1.253] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: identity file /root/.ssh/identity type -1 debug1: identity file /root/.ssh/id_rsa type 1 debug1: identity file /root/.ssh/id_d........
  • Directadmin Log File Locations


    This is a handy link and list of all the relevant Directadmin log files and related servers.   http://help.directadmin.com/item.php?id=11   DirectAdmin: /var/log/directadmin/error.log /var/log/directadmin/errortaskq.log /var/log/directadmin/system.log /var/log/directadmin/security.log Apache:........
  • Directadmin error/** Found 7 pre-existing rpmdb problem(s), 'yum check' output follows: e2fsprogs-devel-1.41.12-3.el6.i686 has missing requires of e2fsprogs-libs = ('0', '1.41.12', '3.el6') e2fsprogs-devel-1.41.12-3.el6.i686 has missing requires of l


    Solution To The Following: yum -y install zlib-devel yum -y install e2fsprogs* *** Cannot find /usr/include/et/com_err.h.  (yum install libcom_err-devel) *** Installation didn't pass, halting install. Once requirements are met, run the following to continue the install:   cd /usr/local/directadmin/scripts   ./install.sh Common pre-install commands:  http://help.directadmin.com/it........
  • Thunderbird How-To Copy/Backup/Restore Accounts and Settings to Another Computer


    The best way is to use rsync, I've set it up so it doesn't copy unnecessary files, or at least ones I'm sure aren't needed. Here is the rsync command I used (adapt to your specific Thunderbird profile location): rsync -hazv user@remotehost.com:/home/user/.thunderbird/sbrer.default/* /home/user/.thunderbird/4nyb0.default/ --exclude=global* --exclude=Cache --exclude=ImapMail --exclude=Mail This is a great way to get your e-mail accounts going on a new c........
  • CPanel error: "Your SSL certificate failed to install on your site."


    This error in my experience is user error although CPanel doesn't help, this message doesn't give you much to go on. Let's talk more about the process of setting up SSL with CPanel. Your site must have a dedicated/non-shared IP to even have the option of creating an SSL Certificate. You must create a Private Key (do not delete this private key!) You must create a CSR ( Certificate Signing Request) Use CSR to create cert........
  • Error code: sec_error_unknown_issuer Solution Valid SSL Certificate Throwing Error in Firefox


    So you've just purchased your SSL cert, renewed it and installed it or maybe you've had it installed and working fine all the time with all other browsers but you've upgraded to a recent version of Firefox and suddenly get the warning "Error code: sec_error_unknown_issuer" error. This is terrible since if you bought an SSL cert, you are most likely using it for trust purposes for your business and obviously that message will scare away most potential customers.........
  • Directadmin Enable SSL


    It's really silly how DA doesn't enable SSL by default but is otherwise a stable, fast and secure control panel. Here's a copy and paste way of enabling SSL for Directadmin in just a few seconds: *setup SSL openssl req -x509 -newkey rsa:1024 -keyout /usr/local/directadmin/conf/cakey.pem -out /usr/local/directadmin/conf/cacert.pem -days 9999 -nodes That creates the public certificate and private key pair in the location Directadmin expects to fi........
  • How To Install CPanel


    wget -N http://httpupdate.cpanel.net/latest;sh latest That one command above will do it all (and it takes a long time to install/compile).  After that you can access CPanel with your root login information by visiting https://yourdomain-or-ip.com:2087 I personally don't like CPanel (bloated, full of bugs, no shared SSL, difficult to use etc..) but I admit it's easier to install than........
  • Apache High CPU Usage Enable Mod_Status Guide Solution - Find Cause of High CPU Usage Script/Domain


    mod_status is a great way to track down the source of high CPU usage and to find what vhost/script is the cause of it. It gives you a live view of bandwith usage, CPU usage, and memory usage broken down by domain/vhost and script/URI. Enable mod_status vi /etc/httpd/conf/httpd.conf ExtendedStatus On <Location /server-status> SetHandler server-status Order Deny,Allow Deny from all All........
  • monit example tutorial how to enable status checking and manipulation


    You need to enable the httpd daemon with monit to actually view the status and control, it's not only for the web interface since the httpd is the ONLY way of controlling monit and viewing the status. monit monitor all will also reinstate disabled services if they've timed out too much.  Just restarting the service will do nothing to re-monitor a service that monit has stopped monitoring due to too many failures. *Also note that /etc/monit.conf i........
  • Directadmin DA Install Guide


    yum -y install openssl* gcc-c++ gcc flex g++ make;wget http://www.directadmin.com/setup.sh;chmod +x ./setup.sh;./setup.sh #enable SSL /usr/bin/openssl req -x509 -newkey rsa:1024 -keyout /usr/local/directadmin/conf/cakey.pem -out /usr/local/directadmin/conf/cacert.pem -days 9999 -nodes chown diradmin:diradmin /usr/local/directadmin/conf/cakey.pem chmod 400 /usr/local/directadmin/conf/cakey.pem sed -i "s/SSL=0/SSL=1/g" /usr/local/dire........
  • Dovecot Enable SSL/TLS with your certificate


    Dovecot enable SSL (by default it uses an old expired cert if you choose pop3s and imaps as protocols) =================== Create Cert & Key: openssl req -new -x509 -nodes -days 1530 -out server.crt -keyout server.key mkdir /etc/mailssl chmod 700 /etc/mailssl cp server.* /etc/mailssl Edit /etc/dovecot.conf ssl_cert_file = /etc/mailssl/server.crt s........
  • Postfix Enable SSL/TLS with your certificate


    Create Cert & Key: openssl req -new -x509 -nodes -days 1530 -out server.crt -keyout server.key mkdir /etc/mailssl chmod 700 /etc/mailssl cp server.* /etc/mailssl Postfix SSL config Edit /etc/postfix/main.cf: #SSL stuff smtpd_tls_cert_file = /etc/mailssl/server.crt smtpd_tls_key_file = /etc/mailssl/server.key To make smtps w........
  • Installing Webmin & Enabling SSL


    Webmin Setup Centos 5: wget http://downloads.sourceforge.net/project/webadmin/webmin/1.530/webmin-1.530-1.noarch.rpm?r=http%3A%2F%2Fwww.webmin.com%2Fstandard.html&ts=1294339690&use_mirror=surfnet [1] 24229 [2] 24230 [root@host ~]# --2011-01-06 21:48:20--  http://downloads.sourceforge.net/project/webadmin/webmin/1.530/webmin-1.530-1.noarch.rpm?r=http%3A%2F%2Fwww.webmin.com%2Fstandard.html Resolving downloads.sourceforge.net... 216.34.181.........
  • SSH delay problem UseDNS and disabling GSSAPI does not help


    The normal solution doesn't help or apply here:   ssh -v user@192.168.5.41 OpenSSH_4.3p2 Debian-9etch3, OpenSSL 0.9.8c 05 Sep 2006 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to 192.168.5.41 [192.168.5.41] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: identity file /root/.ssh/identity type -1 debug1: i........
  • VMWare Server cannot connect to web interface SSL Handshake on client connection failed: SSL Exception


    VMWare log: /var/log/vmware/hostd.log SSL Handshake on client connection failed: SSL Exception sudo /etc/init.d/vmware-mgmt restart Stopping VMware management services:    VMware Virtual Infrastructure Web Access    VMware Server Host Agent                          &nb........
  • VMWare Server is on SSL port 8333


    I'm mentioning this because I keep forgetting what port the management is on for the web interface (since newer releases of VMWare server took away the superior stand alone client). So remember it is port 8333 and sometimes you need to restart vmware-mgmt service and also enable sslv2 in your Firefox or it won't connect.........
  • yum in Centos 5/Xen halts and exits suddenly


    yum exits in the middle The problem is this VPS seems to be an OpenVZ template from HyperVM.  The only way to make it work was to disable i386 packages since this was an x64 kernel.  That shouldn't be necessary but it was the only way to make yum stop quitting after the first package or two.  I couldn't find any issue by checking the logs either. echo y|yum install vim-minimal telnet expect jwhois net-tools slocate iptables elinks gawk L........
  • PHP CURL SSL won't work or connect


    I spent so much time debugging this, most sites don't tell you a very important option to use with CURL and you will only find out this is the problem by running the PHP script from the command line you get the following output that shows the issue (I don't see any way to get this output from Apache itself). * About to connect() to ip.ip.ip.ip port 25000 *   Trying ip.ip.ip.ip... * connected * Connected to ip.ip.ip.ip (ip.ip.ip.ip) port 25000 * succes........
  • FUSE/Curlftpfs mount ftp account as drive partition in Linux


    This is a great way to use your ftp server space, for example on your web hosting account (although I believe many hosts don't allow storage like this), but if you have a VPS/Dedicated Server etc.., this would be perfect.  Imagine how easy it is to work with an ftp account that you can just mount as a normal partition or directory in Linux, it would be great for backups etc..   Name curlftpfs - mount a ftp host as a local directory Synopsis........
  • cPanel complaint - No Shared SSL! cPanel 11.25.0-R46156 - WHM 11.25.0 - X 3.9


    I've recently used CPanel on the admin side for the first time and have to say I hate it.  Everything from the layout to the functionality screams "hackish".  It just lacks so many common sense features and way of working. I was never 100% impressed with Plesk but the basics were definitely laid out and done in a sensible manner, even though it is made by a Russian company, they definitely thought about how to make a Control Panel. I have no idea why people........
  • Gigabyte GA-H57M-USB3 Complaint Review/Comments


    I'm not impressed with this motherboard, I was impressed with my Gigabyte AM3 board which seems to work flawlessly. Everyone knows that the firmware is flawed, even though I have the F6, it still seems that the system doesn't reset properly or quickly enough. Another HUGE problem is that in most Linux kernels the NIC won't work (if you try 10 times by rebooting it might).  I also notice that you need to power down for it to work. This board does not seem very com........
  • Compile PHP 5.3.2 on Centos 5 and CPanel/WHM because of error - Fatal error: Call to > undefined function imagecreatefromjpeg()


    This function and others may not work with the stock PHP install on Centos/CPanel:  Fatal error:  Call to > undefined function imagecreatefromjpeg() Even with libjpeg-devel installed it won't work because PHP was not compiled with jpeg support, so we have to do the dirty work ourselves :) Here is the command/yum's I did to install missing libraries for PHP that configure will complain about (yes it is a one by one process). yum install bzip2-........
  • Picking an FTPD (vsftpd) Server in Linux Centos/Debian


    I decided on using yum to help me decide even though I normaly use proftpd I decided to see what else I could find. yum search ftp Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile  * rpmforge: ftp-stud.fht-esslingen.de  * base: mirrors.netdna.com  * updates: updates.interworx.info  * addons: yum.singlehop.com  * extras: mirrors.netdna.com rpmforge   ........
  • PHP cannot access /usr/bin/openssl


    PHP cannot access /usr/bin/opensslI have verified the username that runs the process is able to access /usr/bin/openssl and it does exist but the PHP script is saying it doesn't exist: [code:1:1fd0f3abbe] if (!file_exists($OPENSSL)) { //echo "ERROR: OPENSSL $OPENSSL not foundn"; }[/code:1:1fd0f3abbe] I don't get itI can clearly see the contents of /usr/bin by using the PHP system fu........
  • The New Chips on the Block


    The New Chips on the BlockThe New Chips on the Block By Bruce Gain Story location: http://www.wired.com/news/infostructure/0,1377,67795,00.html 02:00 AM Jun. 13, 2005 PT We have embarked upon a new era in x86 PC computing -- so say chip giants AMD and Intel following their launches of dual-core PC processors. So how will dual-core processing change your PC computing experience? Our FAQ should help you decide whether or when you sho........
  • Basic Port Listing


    Basic Port ListingHopefully someone finds this useful or at least interesting. http://www.sans.org/top20/#u9 Name Port Protocol Description Small services <20 tcp/udp small services FTP 21 tcp file transfer SSH 22 tcp login service TELNET 23 tcp login service SMTP 25 tcp mail TIME 37 tcp/udp time synchronization WINS 42 tcp/udp WINS replication DNS 53 udp naming service........
  • pound a Linux Load Balance and Reverse Proxy


    I have played around with Pound a little bit.  It is a reverse proxy and load balancer in one, and it can be used as only a reverse proxy if you like.  It is very simple to configure as either, and Pound even senses if one of the systems is down and stops sending requests to the dead server. It supports SSL (but passes the request to the destination server unencrypted) and even the Apache log format.  Pound is very simple, fast a........
  • Apache/Mod_SSL not serving the right/expected certificate?


    There is actually by default a "Default SSL" vhost that can mess things up for you and can cause surprising and unexpected results. Default Apache SSL Cert in /etc/httpd/conf.d/ssl.conf there is a default SSL Virtual Host which screws things up by offering itself instead of the SSL cert I specify in my own vhosts........
  • Create/Enable SSL Certificates for Apache on Linux/Unix Systems eg. Redhat,Centos,Debian


    Shortcut/Easiest Way To Create A Self-Signed Key: openssl req -new -x509 -nodes -days 1530 -out server.crt -keyout server.key Using the above, you instantly create a self-signed certificate valid for 1530 days and you can simply skip to step #5.) below. If You Need a Real SSL Certificate (eg. Equifax/Openssl) then you need to create a CSR request (you'll need to follow Steps 1.) and 2.) in order to create the CSR.  You then upload the CSR Certi........
  • Tyan S2735-8M Maximum Hard Drive Limit/Not Working/Doesn't work with 1TB 1000GB hard drives


    I never saved any of the logs, but basically no matter what OS (Linux) I used, I could not get my 1000GB hard drive to work (Seagate SATA).  The BIOS recognizes the drive and fdisk -l shows the hard drive as it should. The tricky thing is that different OS's will give you different results, but don't be fooled.  You can't use these larger drives for long.  I was getting all kinds of seek/IO errors and also messages that the port could not be read.........
  • iPhone 3GS Jailbreak Information & Benefits


    Truly, the only way to unleash the capabilities and customization abilities of iPhone are to jailbreak, it's not just for hackers anymore. A few days ago someone by the named of "geohot" released a single click application called "purplera1n", which does the entire operation smoothly and seamlessly. In our case, the first time it went as far as "done, wait for reboot" on our Windows machine and for minutes we waited and saw the pic on the iPhone w........
  • Using a Mac OSX DMG Image in Windows and Converting to Standard ISO Format use dmg2iso


    The dmg format is silly and annoying to work with, why couldn't Apple stick with the .iso standard?  Anyway, there's an excellent Linux and Windows based tool to convert it back to a normal .iso Image called dmg2iso I'll only cover the Linux version although the Windows pre-built binary works the same way. Download dmg2iso here for free (from the author's website) It's just silly and doesn't make sense that Ubuntu doe........
  • Writing/Burning a data CD-R/DVD-R or DVD+RW in Unix/Linux


    There's a lot of outdated information and confusion for system administrator's out there. One annoying task for many an Administrator has been backing up data in Linux.  You don't need any GUI tools such as K3B or GnomeBaker.  Both are excellent tools but for veteran command line users working remotely, using the keyboard is a great and possibly automated way to save yourself pain and hassle. At a later date we'll cover how scripting can automatically backup certain........
  • Latest Articles

  • syntax error, unexpected T_SL in PHP Solution
  • grep regular expression match number range between specific numbers
  • bash how to print out lines of text within a range from the first occurrence
  • bash script how to to check LAN computers for open ports
  • MySQL Using mytop Debug Source of High IO and Slow Performance
  • How To Mathematically Convert and Calculate Binary Value To Decimal Value
  • systemd management using systemctl and journalctl to check systemd logs
  • css how to format code in the code tag
  • css br with extra blank line
  • What is /dev/pts and why do we need it in Linux?
  • Linux What is umask (user mask) for file and directory creation permissions and how to calculate umask and change the defaults
  • Linux Permissions and Groups Real Usecase for Group Access
  • Centos 7 python34 how to install the gi library
  • Centos 7 - Convert Minimal to Graphical GUI GNOME or KDE Desktop
  • AMD Set Fan Speed and Other Powerplay Memory/CPU Timings with a Linux script
  • Ethereum Mining Claymore Nanopool Error
  • genisoimage errors with long filenames and deep directory structures
  • Linux Kernel USB Export Errors
  • How to download gajim 0.16.9 XMPP/Jabber client so you can use OMEMO encryption
  • HP DL385 G7 Linux BIOS Update Flash