Posts Tagged ‘debian’

How to use letsencrypt to enable https on debian jessie

April 2, 2016

Today I want to document how I enabled https on a website on a server run by debian jessie using the letsencrypt project.

The first step is, obviously, to install the letsencrypt package. Obviously enough a search for the package (i.e. apt-cache search letsencrypt) shows that this package is not available in the debian jessie distribution. But thanks to the official Debian Backports project, we can get package anyway.  Just follow the instructions on the website and then a simple command (apt-get -t jessie-backports install letsencrypt) installs our beloved letsencrypt package.

If you are using apache like me, you should also install the apache plugin for letsencrypt (apt-get -t jessie-backports install python-letsencrypt-apache) and the libaugeas0 (apt-get install libaugeas0) library.

After this, changing your http website to https is easily done via: letsencrypt –apache -d subdomain.example.net . This command asks you some questions and after that, voila, everything is done. No need for any additional configuration.

More information how to use the letsencrypt client or how to install it on other systems can be found in this PDF documentation.

Beware: I don’t know if the renewal of the certificates is now done automatically. If they expire and I have to renew them, I will update this article how to do this.

P.S.: If you are using owncloud and you are battling with trying to tell your linux owncloud-client to use now https instead of http: Don’t wrestle with the graphical interface, it won’t allow you this. Just edit the owncloud config file /home/<YOURUSER>/.local/share/data/ownCloud/owncloud.cfg  by changing the url from http to https.

P.P.S.: You can use the online SSL Server Test Service to validate your https Website and get information about how it is configured and if it is vulnerable.

Advertisements

The end of the Iceweasel Age?

March 8, 2016

One of my most visited blogposts is the one explaining why there exists something called iceweasel the browser and summarizing the reasons why debian renamed firefox. Now there has been some new activities which I don’t want to hide from you.

For roughly the past decade, Debian has shipped the Mozilla desktop applications (Firefox, Thunderbird, and Seamonkey) in a rebranded form that replaces the original, trademarked names and logos with alternatives (Iceweasel, Icedove, and Iceape). Originally, this effort was undertaken to work around incompatibilities between the Debian Free Software Guidelines (DFSG), the Mozilla trademark-usage policy, and the licenses of the Mozilla logos. But times—and policy wordings—change, and Debian now seems poised to resume calling its packages by the original, upstream Mozilla names.
(Source: lwn.net)

So it seems that the iceweasel package some of you know and love may be gone in the future.

Lenovo T460 and Debian Gnu/Linux

March 2, 2016

Today I got my new notebook. A Lenovo T460 Thinkpad. In this blogpost I want do document my problems or absence of problems with installing and using Debian Gnu/Linux. I paid around 930 Euro via the u:book program (where you can get notebooks cheaper if you are a student/pupil or working at a university). The version I bought included 8GB Ram and 256 GB SSD.

tldr: I’m writing this under Debian Testing (stretch) with wireless activated and working audio. Also the screen is working with the expected 1920×1080

More detailed information about the hardware (lspci). You can also look at the the output of lspci -v

00:00.0 Host bridge: Intel Corporation Sky Lake Host Bridge/DRAM Registers (rev 08)
00:02.0 VGA compatible controller: Intel Corporation Sky Lake Integrated Graphics (rev 07)
00:14.0 USB controller: Intel Corporation Device 9d2f (rev 21)
00:14.2 Signal processing controller: Intel Corporation Device 9d31 (rev 21)
00:16.0 Communication controller: Intel Corporation Device 9d3a (rev 21)
00:17.0 SATA controller: Intel Corporation Device 9d03 (rev 21)
00:1c.0 PCI bridge: Intel Corporation Device 9d10 (rev f1)
00:1c.2 PCI bridge: Intel Corporation Device 9d12 (rev f1)
00:1f.0 ISA bridge: Intel Corporation Device 9d48 (rev 21)
00:1f.2 Memory controller: Intel Corporation Device 9d21 (rev 21)
00:1f.3 Audio device: Intel Corporation Device 9d70 (rev 21)
00:1f.4 SMBus: Intel Corporation Device 9d23 (rev 21)
00:1f.6 Ethernet controller: Intel Corporation Ethernet Connection I219-V (rev 21)
02:00.0 Unassigned class [ff00]: Realtek Semiconductor Co., Ltd. Device 522a (rev 01)
04:00.0 Network controller: Intel Corporation Wireless 8260 (rev 3a)

Installation

First I tried to use the Debian testing netinstall image. But at that time (2.3.2016) the installer was broken because of some dependency problem between systemd and the ifupdown package. (I suppose this bug ticket is concerned with the problem.) My motivation to use the testing version was to have the better hardware support which was important for me because of the novelty of the T460. My fears now where that the Debian Stable Version (at this time: Jessie) would not be able to install itself on the notebook. But interestingly enough: It did work. The sound, wireless, touchpad and screen had some problems. But this was no problem, because after the first reboot I edited the /etc/apt/sources.list and replaced the jessie keyword with testing. After that used apt-get upgrade and apt-get dist-upgrade upgraded me to the testing version.

(more…)

How to add a new systemd unit on debian 8

February 7, 2016

I’m running the tiny tiny rrss webapp on my server. Last time I installed it, I used screen to daemonize the update_daemon2.php script to update the rss feeds. This time I wanted to do it right with a new systemd daemon (like suggested on the tiny tiny rss website). Sadly enough I didn’t find any debian related information how to add a new systemd unit. At last I found a community forum entry which describes this.

Beware: Maybe this is not the right way to do it ™. If you have a better idea how to manage this, please tell me!

  • Create a systemd unit file (e.g. ttrss.service) in the directory /lib/systemd/system
  • The file contains something likes this:

[Unit]
Description=ttrss_backend
After=network.target mysql.service postgresql.service

[Service]
User=www-data
ExecStart=/var/www/stefan/ttrss/public_html/update_daemon2.php

[Install]
WantedBy=multi-user.target

  • Create a symlink like that ln -s /lib/systemd/system/ttrss.service /etc/systemd/system/multi-user.target.wants/ttrss.service
  • Reload the systemd daemon systemctl –system daemon-reload
  • Start the systemd unit systemctl start ttrss.service

With the command systemctl status ttrss.service  you can monitor the activities of the service. It outputs something like this

ttrss.service – ttrss_backend
Loaded: loaded (/lib/systemd/system/ttrss.service; enabled)
Active: active (running) since Sun 2016-02-07 13:39:18 CET; 19min ago
Main PID: 948 (php)
CGroup: /system.slice/ttrss.service
└─948 php /var/www/XXXX/update_daemon2.php

Feb 07 13:57:45 v22016013319431489 update_daemon2.php[948]: [12:57:44/1371] cache/export: removed 0 files.
Feb 07 13:57:45 v22016013319431489 update_daemon2.php[948]: [12:57:44/1371] cache/upload: removed 0 files.
Feb 07 13:57:45 v22016013319431489 update_daemon2.php[948]: [12:57:44/1371] Removed 0 old lock files.
Feb 07 13:57:45 v22016013319431489 update_daemon2.php[948]: [12:57:44/1371] Removing old error log entries…
Feb 07 13:57:45 v22016013319431489 update_daemon2.php[948]: [12:57:45/1371] Feedbrowser updated, 78 feeds processed.
Feb 07 13:57:45 v22016013319431489 update_daemon2.php[948]: [12:57:45/1371] Purged 3 orphaned posts.
Feb 07 13:57:45 v22016013319431489 update_daemon2.php[948]: [12:57:45/1371] Removed 0 (feeds) 0 (cats) orphaned counter cache entries.
Feb 07 13:57:46 v22016013319431489 update_daemon2.php[948]: [12:57:46/948] [reap_children] child 1368 reaped.
Feb 07 13:57:46 v22016013319431489 update_daemon2.php[948]: [12:57:46/948] [SIGCHLD] jobs left: 0
Feb 07 13:58:27 v22016013319431489 update_daemon2.php[948]: [12:58:27/948] [MASTER] active jobs: 0, next spawn at 60 sec.

But again: If you know a better way how to do this with debian, please tell me!

Tweet new blog postings from wordpress

June 20, 2011

If you have a wordpress installation in you own webspace, you may want to automatically publish your blog posting on twitter. You can do this with the Twitter Tools for WordPress.

Twitter Tools is a plugin that creates a complete integration between your WordPress blog and your Twitter account.

Notes about the installation and the configuration can be found on the plugin homepage.

Something which is not mentioned: You have to have the php curl library installed to use the plugin. The library was easily installed on my debian root server.

aptitude install php5-curl

iotop: simple top-like I/O monitor

June 26, 2009

iotop is a console application for monitoring the I/O usage of processes on your system. It is especially handy for answering the question “Grrr, sloooowness, why is my disk churning so much?”
..
iotop is available in Debian since Lenny and in Ubuntu (universe) since Intrepid.

Source: DebianTimes

Debian GNU/Linux Lenny (5.0) released

February 15, 2009

The Debian Project is pleased to announce the official release of Debian GNU/Linux version 5.0 (codenamed Lenny) after 22 months of constant development. Debian GNU/Linux is a free operating system which supports a total of twelve processor architectures and includes the KDE, GNOME, Xfce, and LXDE desktop environments. It also features compatibility with the FHS v2.3 and software developed for version 3.2 of the LSB.

You can read more on their release information page. You can download the DVDs and CDs via http and bittorrent.

I’m very happy to see the new release because I’m a vivid fan and user of Debian GNU/Linux. It’s my default distribution on my desktop and server machine. (Even when I recommend Ubuntu for unexperienced users).

You can help the project with donations or support them directly with their work.

KDE 4.2 on lenny

December 23, 2008

Good news for those wanting to test KDE 4.2. Finally, we have decided to do a little experiment and provide snapshot packages of current KDE trunk (future KDE 4.2).

http://kde42.debian.net/ provides a repository for this KDE 4.2 snapshot packages.

These snapshot packages are unsupported. If you have a problem with your system after (partially) installing the packages, you will most likely have to solve the problem by yourself.

More information and the repository URL can be found ony http://kde42.debian.net/.

I installed the packages, which was a little hairy, but not too complicated. Im rather happy with the outcome. Nice bleeding edge desktop effects, new features, … Downside: some plasma crashes (not that bad, it starts itselfs after some seconds).

So if you are an experienced debian user and you like to try the upcoming KDE 4.2. Try it.

I also blogged about a KDE 4.2 visual guide.

Update 14th February 2009: The kde 4.2 debian packages are now available in experimental. The additional repository isn’t necessary anymore.

What you can do for “Lenny”

October 11, 2008

You probably noticed by now, that Debian GNU/Linux 5.0 aka “Lenny” hasn’t been released in September. Well, that’s a shame, but very easy to explain: Too many release critical bugs

You can read this in an open letter from Alexander Reichle-Schmehl from the Debian project.

The big question is: What can you do, to help release “Lenny” at least in this quarter? That’s pretty easy: Fix rc-bugs, take care, that the fixed packages are migrated to “Lenny”, do upgrade tests, document problems in the release-notes. Pretty simple, isn’t it?

And he is not only talking about the help from developers. He also asks for help from users

  • If you are running stable (aka “Etch”), you could consider upgrading to “Lenny” and see, if everything works fine.
  • You can take a look at the bugs reported against the release notes and see if you can help there, e.g. by writing a paragraph describing a problem.
  • You can try to help, by trying to reproduce them [release critical bugs] and reporting that to the bug report. There are even some easy bugs, where the maintainer hasn’t found the time, yet to fix it. Bug 497290[5] for example didn’t need deep technical skills. It just needed someone with some time to collect the needed data for the copyright file.
  • If you speak a language other than English, you might consider joining the translation efforts. While it is to late to translate the debian-installer or the installation guide to a new language for “Lenny” (perhaps for the next release then?), you could start translating the release notes to a not yet supported language.

Detaisl about how to do one or more of this jobs can be found in the letter on lwn.net or in the blog entry of Alexander.

Source: Lwn.net

Videos from DebConf08

August 28, 2008

Debian Conference is the annual Debian developers meeting, an event filled with coding parties, discussions and workshops – all of them highly technical in nature. It will be held in Mar del Plata, Argentina, from August 10th to August 16th, 2008.

Previous Debian Conferences have featured speakers from around the world. They have also been extremely beneficial for developing key Debian software components, including the new Debian Installer, and for improving Debian’s internationalization.

Videos about this event can be found through an RSS feed providing you with ogg video files.