• GlusterFS HowTo Tutorial For Distributed Storage in Docker, Kubernetes, LXC, KVM, Proxmox


    This can be used on almost anything, since Gluster is a userspace tool, based on FUSE. This means that all Gluster appears as to any application is just a directory. Applications don't need specific support for Gluster, so long as you can tell the application to use a certain directory for storage. One application can be for redundant and scaled storage, including for within Docker and Kubernetes, LXC, Proxmox, OpenStack, etc or just your image/web/video files or even da........
  • How To Create OpenVPN Server for Secure Remote Corporate Access in Linux Debian/Mint/Ubuntu with client public key authentication


    This guide assumes that you are trying to connect to a corporate network. First of all you need to define what IPrange the OpenVPN server will be running on. Network Option 1.) There are a few options, such as the OpenVPN sitting exclusively on the internal network, with the port and protocol that the server is used on being forwarded to this via the router and/or firewall. Network Option 2.) The OpenVPN server could sit on both th........
  • HongKong VPS Server, Cloud, Dedicated Server, Co-Location, Datacenter The Best Guide on Hong Kong, China Internet IT/Computing


    This article is the best guide on the internet for all things Hong Kong internet and how it applies to your business, based on decades of experience and research, to help you make informed choices, for your company's strategic data and computing initiatives. Hong Kong has long held the staus as a world financial hub, but in our opinion, it is lesser known for its dominance as an IT and Internet Hub and has the largest internet exchange in Asia by maximum throughput. We will al........
  • How to install Kubernetes with microk8s and deploy apps on Debian/Mint/Ubuntu Linux


    Kubernetes Easy Beginners Architecture Guide Kubernetes is known as container orchestration and we should start at explaining the container part of it. A Container is what runs the actual application and based on an Image, and are more comparable to something like an LXC Container, Virtuozzo/OpenVZ using the Linux Kernel Namespaces feature. Containers run these images as independent, isolated operating environments under the OS's exist........
  • How To Get Started on Ubuntu with gpt-2 OpenAI Text Prediction


    apt install software-properties-common add-apt-repository ppa:deadsnakes/ppa apt update apt install python3-pip apt install python3.7 curl gnupg python3.7-dev git ln -s /usr/bin/python3.7 /usr/bin/python3 pip3 install numpy keras_preprocessing curl https://bazel.build/bazel-release.pub.gpg | sudo apt-key add - echo "deb [arch=amd64] http://storage.googleapis.com/bazel-apt stable jdk1.8" | sudo tee /etc/apt/sources.list.d/bazel........
  • How To Install OpenProject on Centos 7 Step-by-Step Guide


    There are a few caveats that may not be obvious to everyone so I am going to cover them here but keep this in mind before starting. Before starting install epel or you will be missing tesseract: yum -y install epel-release #1) When you specify your SSL certificate with a full path, it really needs to exist where you tell it to (including the default location of /etc/ssl/certs and /etc/ssl/c........
  • Cisco Unified Communications Manager 12 Install Errors on Proxmox/KVM


    The strange thing is that usually the first install or two will work on any new machine but then it suddenly won't. I had this experience on QEMU 2.13 on a different machine. There is something finicky or buggy about the CUCM installer even when choosing the same virtual hardware specs. qemu-kvm command: /usr/libexec/qemu-kvm -version QEMU PC emulator version 0.12.1 (qemu-kvm-0.12.1.2-2.506.el6_10.1), Copyright (c) 2003-2008 Fabrice Bellard ........
  • How To Use Letsencrypt SSL/TLS Encryption to Create Certificates without installing on the target machine


    For some reason, perhaps you don't want to run a daemon or let Letsencrypt have access to your production server. There is a way to use it like a normal CSR/CA setup in manual mode. ./letsencrypt-auto certonly --manual -d realtechtalk.com - www.realtechtalk.com   Eventually you will get prompted to create a certain path and file with certain data: Create a file containing just this data: Casdfasfadsfsad........
  • letsencrypt certbot error "Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80."


    ./certbot-auto --apache certonly Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator apache, Installer apache No names were found in your configuration files. Please enter in your domain name(s) (comma and/or space separated) (Enter 'c' to cancel): yourdomain.com Obtaining a new certificate Performing the following challenges: http-01 challenge for yourdomain.com Cleaning........
  • VMWare ESXi 6.7 SSH/PowerShell CLI Commands


    [root@localhost:~] BootModuleConfig.sh echo host-ind nfcd........
  • [warn] VirtualHost 10.2.5.101:443 overlaps with VirtualHost 10.2.5.101:443, the first has precedence, perhaps you need a NameVirtualHost directive


    [root@thetor2017 conf]# service httpd restart Stopping httpd: [ OK ] Starting httpd: WARNING: MaxClients of 3000 exceeds ServerLimit value of 300 servers, lowering MaxClients to 300. To increase........
  • OVF Tool: Error: Task failed on server: This host does not support Intel VT-x. VMWare VCenter install On ESXi ERror


    Intel VT-X is enabled in Virtualbox but it doesn't seem to pass through the needed vmx extension despite the following variables on the host confirming it is enabled: cat /sys/module/kvm_intel/parameters/nested Y cat /sys/module/kvm_intel/parameters/ept Y OVF Tool: Disk progress: 99% OVF Tool: Transfer Completed OVF Tool: Powering on VM: Embedded-vCenter-Server-Appliance- OVF Tool: Task p........
  • VMWare 6.7 VCSA VSphere ESXi Management SSO Install Guide on Linux using the CLI


    #mount the VCSA DVD mount /dev/sr0 /mnt/cd #alternatively you could mount the iso directly mount -o loop vcsa.iso /your/mount/path #for this purpose we are using the CLI installer on Linux cd /mnt/cd/vcsa-cli-installer/lin64 #no it's not going to be that easy you can't just run vcsa-deploy like that you need to use a template or configured .json file ./vcsa-deploy Usage: vcsa-deploy [-h] [--version] [--supported-deploymen........
  • Cannot create gradle for conversations


    The main issue is it looks like Java is not configured to accept the invalid ssl cert that is coming from the download location. Exception in thread "main" java.lang.RuntimeException: javax.net.ssl.SSLException: java.security.ProviderException: java.security.InvalidKeyException: EC parameters error export ANDROID_HOME=/home/user/Downloads/tools/ Conversations-master$ ./gradlew Downloading https://services.gradle.org/distributions/grad........
  • Installing SSL Certificate with Chain Intermediary CA File


    Some of the cheaper or newer SSL suppliers will require this to work properly (otherwise you may be prompted that the cert is invalid when it's not the case but it will certainly scare off your users!). In the Apache vhost conf for the domain here is what you add: SSLCACertificateFile /path/to/your/cafile.pem Here is a full example of an SSL Vhost config in Apache using a CA Certificate file ........
  • M2Crypto.SSL.Checker.WrongHost: Peer certificate subjectAltName does not match host, expected fedora-archive.ip-connect.vn.ua, got DNS:mirror.ip-connect.vn.ua


    You are using Centos 5 which is deprecated so nothing in yum will work until you follow this post to use the vault: http://realtechtalk.com/Centos_59_Working_Vault_Repo_file-1921-articles yum update Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * epel: fedora-archive.ip-connect.vn.ua Traceback........
  • [Wed Sep 20 15:34:44 2017] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Wed Sep 20 15:34:44 2017] [error] Init: Unable to read server certificate from file /www/ssl-certs/server.crt [Wed Sep 20 15:34:44 2017] [error] SSL Library Err


    [Wed Sep 20 15:34:44 2017] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Wed Sep 20 15:34:44 2017] [error] Init: Unable to read server certificate from file /www/ssl-certs/server.crt [Wed Sep 20 15:34:44 2017] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag [Wed Sep 20 15:34:44 2017] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error........
  • Apache SSL very slow response with Firefox Freezes/Loads Very slow when checking self-signed SSL certificate


    I was sure this was a Centos bug with OpenSSL, Apache, MySQL or even PHP. I tried everything but nothing helped. One clue is that if you check the Apache logs you will see nothing in the access logs until minutes later (this means Firefox has not even passed your request to the remote Apache/htttpd server). When even accepting the invalid certificate message that would show up minutes later when trying to "View the Certificate" Firefox would freeze. This bu........
  • [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) - Apache Error Solution


    Does this mean? [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) Basically it means you created your SSL Certificate as a CA the wrong way, usually with this command: openssl req -new -x509 -nodes -days 1530 -out server.crt -keyout server.key How can you fix it and do it properly? Step 1.) Make a new Private KeyCreate server pass key:........
  • How to verify SSL SHA-1 Certificate Fingerprnit Signature of your mail/web server to avoid hijacking/man-in-the-middle attacks


    This is especially helpful if you run your own servers. If you are presented with an error message or warning that the signature has changed or does not match the IP/domain you are connecting to you always want to verify manually. So your e-mail/web client will show you an SHA-1 fingerprint like this: "Could not verify this certificate because the issuer is unkown" or other reasons such as a mismatch in IP/domain. It will also show you........
  • Centos 5 OpenSSL does not support TLS 1.2 Apache Error


    [Thu Jan 26 14:13:31 2017] [notice] caught SIGTERM, shutting down [Thu Jan 26 14:14:00 2017] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Thu Jan 26 14:14:00 2017] [error] Server certificate is expired: 'Server-Cert' [Thu Jan 26 14:14:00 2017] [notice] SSL FIPS mode disabled [Thu Jan 26 14:14:07 2017] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Thu Jan 26 14:14:07 2017] [error] Server certificate is expired: 'Server-Ce........
  • How to Properly Secure SSL/TLS Apache Settings against Heartbleed Poodle (TLS) Poodle (SSLv3) FREAK BEAST CRIME


    Many users still are not aware but simply patching OpenSSL does not secure you against many known and easy to exploit attacks that will render your encryption useless by an attacker. Use the following setings in /etc/httpd/conf.d/ssl.conf SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH EDH+aRSA !CAMELLIA !SEED !3DES !RC4 !aNULL !eNULL !LOW !MD5 !EXP !PSK !........
  • curl: (35) SSL connect error solution


    curl -k https://somesite.org curl: (35) SSL connect error The site used to work until I got a new SSL cert Updating curl with (yum -y install curl) made it work again. ........
  • Avocent 8020 KVM Java Icedtea Viewer


    This command in Debian/Ubuntu/Mint will get everything need installed for most Java based KVM viewers: sudo apt install icedtea-netx The following additional packages will be installed: ca-certificates-java icedtea-netx-common openjdk-8-jre openjdk-8-jre-headless It seems every other updated version of Java or Icedtea breaks things and I will save the frustration of Java for another post.........
  • CPanel SNI error


    Your server does not support SNI, so all of your SSL websites must use the same SSL certificate. An update to the certificate on an existing SSL website will affect all of your SSL websites, and new SSL websites must use the currently installed certificate.........
  • Unable to configure RSA server private key SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch


    [Tue Jun 23 02:05:52 2015] [error] Unable to configure RSA server private key [Tue Jun 23 02:05:52 2015] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch The above is an accurate description of what is wrong. In our case the client made a simple mistake of thinking the localhost.crt and localhost.key (default key locations for Apache SSL in Centos) were in the same directory but they we........
  • Error: Cannot retrieve metalink for repository: epel. Please verify its path and try again


    Error: Cannot retrieve metalink for repository: epel. Please verify its path and try again You have to upgrade the ca-certs for epel but need to disable it before that can happen. yum upgrade ca-certificates --disablerepo=epel........
  • cPanel How to set SSL and Dedicated IP in cPanel


    Account Functions -> Change Site's IP Address Choose the domain and then click "Change" Choose the new IP 1.) Setup SSL Certificate in cPanel Click on "SSL/TLS Manager" under the "Security" section. 2.) Under " Private Keys (KEY)" Click "Generate, view, upload, or delete your private keys." Choose "Key Size: 4096........
  • Apache SNI is not needed what is the issue?


    Iread this article and still don't understand the issue. If I understand correctly the client negotiates after the first SSLconnection and then gets the correct hostname and thus correct certificate. http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI To their credit I know I'm not using SNIbecuase Iget this message in the Apache log :) [warn] Init: You should not use name-based virtual hosts in conjunction with SSL!! B........
  • "Cannot load certificate file keys/server.crt: error:0906D06C:PEM" OpenVPN Solution


    Cannot load certificate file keys/server.crt: error:0906D06C:PEM The .crt is blank empty because when generating it I kept hitting enter for the defaults and this caused the crt not to be signed. Certificate is to be certified until Dec 18 00:35:49 2022 GMT (3650 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y So if you get messages like these, a........
  • CPanel error: "Your SSL certificate failed to install on your site."


    This error in my experience is user error although CPanel doesn't help, this message doesn't give you much to go on. Let's talk more about the process of setting up SSL with CPanel. Your site must have a dedicated/non-shared IP to even have the option of creating an SSL Certificate. You must create a Private Key (do not delete this private key!) You must create a CSR (Certificate Signing Request) Use CSR to create cert........
  • Error code: sec_error_unknown_issuer Solution Valid SSL Certificate Throwing Error in Firefox


    So you've just purchased your SSL cert, renewed it and installed it or maybe you've had it installed and working fine all the time with all other browsers but you've upgraded to a recent version of Firefox and suddenly get the warning "Error code: sec_error_unknown_issuer" error. This is terrible since if you bought an SSL cert, you are most likely using it for trust purposes for your business and obviously that message will scare away most potential customers.........
  • Directadmin Enable SSL


    It's really silly how DA doesn't enable SSL by default but is otherwise a stable, fast and secure control panel. Here's a copy and paste way of enabling SSL for Directadmin in just a few seconds: *setup SSL openssl req -x509 -newkey rsa:1024 -keyout /usr/local/directadmin/conf/cakey.pem -out /usr/local/directadmin/conf/cacert.pem -days 9999 -nodes That creates the public certificate and private key pair in the location Directadmin expects to fi........
  • The Importance of a High Quality Power Supply/Power Supplies To Prevent Overheating/System Crash/Hardware Damage


    For years I've always built cheap systems believing that there is little difference in more expensive components when it comes to reliability and quality, I generally believe this still except for Power Supplies. I've always bought cheap cases with nice sounding 350-550W stock/cheap/crap power supplies and haven't had any issues for the most part until recently. One such case is an NGEAR case with a 550W Optimax power supply, I always read that these supplies don't produce the........
  • PayPal Solution - Error Detected Error Message We were unable to decrypt the certificate id. We were unable to decrypt the certificate id.


    Error Detected........
  • Directadmin DA Install Guide


    yum -y install openssl* gcc-c++ gcc flex g++ make;wget http://www.directadmin.com/setup.sh;chmod +x ./setup.sh;./setup.sh #enable SSL /usr/bin/openssl req -x509 -newkey rsa:1024 -keyout /usr/local/directadmin/conf/cakey.pem -out /usr/local/directadmin/conf/cacert.pem -days 9999 -nodes chown diradmin:diradmin /usr/local/directadmin/conf/cakey.pem chmod 400 /usr/local/directadmin/conf/cakey.pem sed -i "s/SSL=0/SSL=1/g" /usr/local/dire........
  • Dovecot Enable SSL/TLS with your certificate


    Dovecot enable SSL (by default it uses an old expired cert if you choose pop3s and imaps as protocols) =================== Create Cert & Key: openssl req -new -x509 -nodes -days 1530 -out server.crt -keyout server.key mkdir /etc/mailssl chmod 700 /etc/mailssl cp server.* /etc/mailssl Edit /etc/dovecot.conf ssl_cert_file = /etc/mailssl/server.crt s........
  • Postfix Enable SSL/TLS with your certificate


    Create Cert & Key: openssl req -new -x509 -nodes -days 1530 -out server.crt -keyout server.key mkdir /etc/mailssl chmod 700 /etc/mailssl cp server.* /etc/mailssl Postfix SSL config Edit /etc/postfix/main.cf: #SSL stuff smtpd_tls_cert_file = /etc/mailssl/server.crt smtpd_tls_key_file = /etc/mailssl/server.key To make smtps w........
  • Installing Webmin & Enabling SSL


    Webmin Setup Centos 5: wget http://downloads.sourceforge.net/project/webadmin/webmin/1.530/webmin-1.530-1.noarch.rpm?r=http%3A%2F%2Fwww.webmin.com%2Fstandard.html&ts=1294339690&use_mirror=surfnet [1] 24229 [2] 24230 [root@host ~]# --2011-01-06 21:48:20-- http://downloads.sourceforge.net/project/webadmin/webmin/1.530/webmin-1.530-1.noarch.rpm?r=http%3A%2F%2Fwww.webmin.com%2Fstandard.html Resolving downloads.sourceforge.net... 216.34.181.........
  • PHP CURL SSL won't work or connect


    I spent so much time debugging this, most sites don't tell you a very important option to use with CURL and you will only find out this is the problem by running the PHP script from the command line you get the following output that shows the issue (I don't see any way to get this output from Apache itself). * About to connect() to ip.ip.ip.ip port 25000 * Trying ip.ip.ip.ip... * connected * Connected to ip.ip.ip.ip (ip.ip.ip.ip) port 25000 * succes........
  • FUSE/Curlftpfs mount ftp account as drive partition in Linux


    This is a great way to use your ftp server space, for example on your web hosting account (althoughI believe many hosts don't allow storage like this), but if you have a VPS/Dedicated Server etc.., this would be perfect. Imagine how easy it is to work with an ftp account that you can just mount as a normal partition or directory in Linux, it would be great for backups etc.. Name curlftpfs - mount a ftp host as a local directory Synopsis........
  • cPanel complaint - No Shared SSL! cPanel 11.25.0-R46156 - WHM 11.25.0 - X 3.9


    I've recently used CPanel on the admin side for the first time and have to say I hate it. Everything from the layout to the functionality screams "hackish". It just lacks so many common sense features and way of working. I was never 100% impressed with Plesk but the basics were definitely laid out and done in a sensible manner, even though it is made by a Russian company, they definitely thought about how to make a Control Panel. I have no idea why people........
  • Picking an FTPD (vsftpd) Server in Linux Centos/Debian


    I decided on using yum to help me decide even though I normaly use proftpd I decided to see what else I could find. yum search ftp Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * rpmforge: ftp-stud.fht-esslingen.de * base: mirrors.netdna.com * updates: updates.interworx.info * addons: yum.singlehop.com * extras: mirrors.netdna.com rpmforge........
  • My list of handy security links - Ongoing


    My list of handy security links - Ongoing[b:6f8d25be68][size=18:6f8d25be68]News[/size:6f8d25be68][/b:6f8d25be68] Security Focus http://www.securityfocus.net - Nice Security News Site CERT http://www.cert.org/ Common Criteria (see if your OS/software is EAL4 certified) EAL(Evaluation Assurance Levels is the industry standard for evaluation of security in software) http://www.commoncriteria.com [size=18:6f8d25be68][b:6f8d25be68]Tools[........
  • Other Security Web Sites


    Other Security Web SitesSeveral websites actively track security issues. This list provides you with the major providers of security information on the Web. Many of these organizations also provide newsletters and mailings to announce changes or security threats: Center for Education and Research in Information Assurance and Security (CERIAS) CERIAS is an industry-sponsored center at Purdue University that is focused on technology and relate........
  • Apache/Mod_SSL not serving the right/expected certificate?


    There is actually by default a "Default SSL" vhost that can mess things up for you and can cause surprising and unexpected results. Default Apache SSL Cert in /etc/httpd/conf.d/ssl.conf there is a default SSL Virtual Host which screws things up by offering itself instead of the SSL cert I specify in my own vhosts........
  • Create/Enable SSL Certificates for Apache on Linux/Unix Systems eg. Redhat,Centos,Debian


    Shortcut/Easiest Way To Create A Self-Signed Key: openssl req -new -x509 -nodes -days 1530 -out server.crt -keyout server.key Using the above, you instantly create a self-signed certificate valid for 1530 days and you can simply skip to step #5.) below. If You Need a Real SSLCertificate (eg. Equifax/Openssl) then you need to create a CSR request (you'll need to follow Steps 1.) and 2.) in order to create the CSR. You then upload the CSR Certi........
  • Latest Articles

  • RTL8821AU Setup Configure Wifi Realtek 8821 in Linux Debian Mint Ubuntu Howto
  • How To Tell Which Repository a Package Comes From Debian Mint Ubuntu
  • How To Reload All Kernel Modules And List Required Moduels for Each Device - Linux Mint Debian Ubuntu Troubleshooting
  • Debian Ubuntu Mint How To Change Default Display Manager
  • Ubuntu Mint Debian Howto Execute Command / Script / Program Upon Wakeup From Sleep
  • Linux Debian Mint Ubuntu How To Add Non-Free Repositories and Contrib
  • Debian Ubuntu Mint DHCP dhclient quits and how to make it persistent if first attempt to get DHCP lease fails
  • ssh Too many authentication failures not prompting for password
  • LightDM Mint Ubuntu Debian won't start errors Nvidia Graphics
  • WARNING: Unable to determine the path to install the libglvnd EGL vendor library config files. Check that you have pkg-config and the libglvnd development libraries installed, or specify a path with --glvnd-egl-config-path. Linux Ubuntu Mint Debian E
  • How To Upgrade Linux Mint 18.2 to 18.3 to 19.x and 20.x
  • MP3s Won't Play / ID3 Version 2.4 Issues in Cars and Other MP3 Players/CDs/DVDs Solution
  • LXC Containers LXD How to Install and Configure Tutorial Ubuntu Debian Mint
  • GlusterFS HowTo Tutorial For Distributed Storage in Docker, Kubernetes, LXC, KVM, Proxmox
  • Ubuntu Mint audio output not working pulseaudio "pulseaudio[13710]: [pulseaudio] sink-input.c: Failed to create sink input: too many inputs per sink."
  • How To Shrink Dynamically Allocated VM QEMU KVM VMware Disk Image File
  • How To Enable Linux Swapfile Instead of Partition Ubuntu Mint Debian Centos
  • 404 Not Found [IP: 151.101.194.132 80] apt update Debian 11 Bullseye Solution The repository 'http://security.debian.org bullseye/updates Release' does not have a Release file.
  • WARNING: Can't download daily.cvd from db.local.clamav.net freshclam clamav error solution
  • (firefox:9562): LIBDBUSMENU-GLIB-WARNING **: Unable to get session bus: Failed to execute child process "dbus-launch" (No such file or directory) Solution