R.I.P. Terri Garr
RIP Terri Garr
Born: 1944, Lakewood, OH
Died: October 29, 2024 (age 79 years), Los Angeles, CA
How To Prevent ZenDesk Browser Page From Refreshing Constantly in Safari on MacOS
First, enable Developer mode via the Safari menu -> Settings… -> Advanced Tab
Then, disable Cross-Origin Restrictions on the Developer Tab
Finally, be sure to refresh the page you are having issues with.
As always, YMMV!
How To Disable All Automatic WordPress Updates
To disable all automatic WordPress updates, just edit your WordPress/wp-config.php
file and locate the line that says:
/* That's all, stop editing! Happy blogging. */
Add the following line ABOVE that line, then save and exit:
1 |
define( 'WP_AUTO_UPDATE_CORE', false ); |
How To Stop WordPress From Using FTP For Updates Or Asking for FTP Credentials
Edit your WordPress/wp-config.php
file and locate the line that says:
/* That's all, stop editing! Happy blogging. */
Add the following three lines ABOVE that line, then save and exit:
1 2 3 |
define('FS_METHOD', 'direct'); define('FS_CHMOD_DIR',0775); define('FS_CHMOD_FILE',0664); |
Be sure to refresh your browser to get the new settings!
BONUS
To force the use of FTP, change FS_METHOD
from direct
to ftpext
:
1 |
define('FS_METHOD', 'ftpext'); |
From the docs: https://codex.wordpress.org/it:Modificare_wp-config.php
FS_METHOD forces the filesystem method. It should only be “direct”, “ssh2”, “ftpext”, or “ftpsockets”. Generally, You should only change this if you are experiencing update problems, If you change it, and it doesnt help change it back/remove it, Under most circumstances, setting it to ‘ftpsockets’ will work if the automatically chosen method does not.
(Primary Preference) “direct” forces it to use Direct File I/O requests from within PHP, this is fraught with opening up security issues on poorly configured hosts, This is chosen automatically when appropriate.
(Secondary Preference) “ssh2” is to force the usage of the SSH PHP Extension if installed
(3rd Preference) “ftpext” is to force the usage of the FTP PHP Extension for FTP Access, and finally
(4th Preference) “ftpsockets” utilises the PHP Sockets Class for FTP Access.
How To Clear All iptables Rules
1 2 3 4 5 6 7 |
iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT iptables -t nat -F iptables -t mangle -F iptables -F iptables -X |
How To Diff Two Files In Vim
shell> vimdiff file1 file2
~OR~
shell> vim file1 file2
Create a vertical split window: Control-w v
Enable visual diff on the left side: :diffthis
Move the cursor to the right side buffer: Control-w Right-arrow
Enable visual diff on the left side: :diffthis
You should now see the differences highlighted on both sides.
How To Display All Virtual Hosts Defined for Apache 2
1 |
httpd -t -D DUMP_VHOSTS |
How To Fix perl: symbol lookup error: undefined symbol: Perl_xs_handshake
This was caused by having the PERL5LIB environment variable set.
1 2 3 4 5 6 7 8 9 10 11 12 |
root@server1:/root # /etc/webmin/restart-by-force-kill Force stopping Webmin server in /usr/libexec/webmin /etc/webmin/.stop-init: line 10: kill: (10111) - No such process Starting Webmin server in /usr/libexec/webmin /usr/bin/perl: symbol lookup error: /root/perl5/lib/perl5/x86_64-linux-thread-multi/auto/Net/SSLeay/SSLeay.so: undefined symbol: Perl_ss_handshake root@ server1:/root # unset PERL5LIB root@ server1:/root # /etc/webmin/restart-by-force-kill Force stopping Webmin server in /usr/libexec/webmin /etc/webmin/.stop-init: line 10: kill: (10111) - No such process Starting Webmin server in /usr/libexec/webmin |
How To Secure Self-Hosted Bamboo and Crucible with Let’s Encrypt SSL Certificates
Summary
In this blog we explore how to use certificates from Let’s Encrypt to secure self-hosted Bamboo and Crucible.
Process To Follow
- Install Certbot
- Ensure that external DNS resolves to the correct IP address
ping example.yourdomain.com
- Ensure that Port 80 is open from the outside to that IP address so that Let’s Encrypt can validate the domain
- Ensure nothing is listening on Port 80
netstat -pan | grep 80 | grep LISTEN | wc -l
- Generate the new certificate via Let’s Encrypt
- Create the new Java keystore for use with Bamboo and Crucible
- Copy the new keystore into place and set ownership and permissions
- Restart the services
- Test
Install Certbot
You must first install Python >= 3
I like using pip to install certbot, but urge you to use any method that is the easiest and most familiar:
https://certbot.eff.org/instructions?ws=other&os=pip
Run certbot help
to confirm that it has been installed properly
Generate the Let’s Encrypt Certificate
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 |
shell> sudo -i shell# touch ~/ssl shell# chmod 755 ~/ssl shell# cat >> ~/ssl <<EOF #!/bin/sh certbot certonly \ --standalone \ --renew-by-default \ --agree-tos \ -v \ --debug \ --email admin@yourdomain.com \ -d example.yourdomain.com EOF OPEN Port 80 on your firewall now. shell# ~/ssl CLOSE Port 80 on your firewall now. shell# ls -l /etc/letsencrypt/live/example.yourdomain.com/ total 4 lrwxrwxrwx 1 root root 45 Sep 13 12:38 cert.pem -> ../../archive/example.yourdomain.com/cert2.pem lrwxrwxrwx 1 root root 46 Sep 13 12:38 chain.pem -> ../../archive/example.yourdomain.com/chain2.pem lrwxrwxrwx 1 root root 50 Sep 13 12:38 fullchain.pem -> ../../archive/example.yourdomain.com/fullchain2.pem lrwxrwxrwx 1 root root 48 Sep 13 12:38 privkey.pem -> ../../archive/example.yourdomain.com/privkey2.pem |
Create The New Java Keystore
This step will result in two new files being created: example.p12 and example.jks
IMPORTANT:
- the name/alias MUST be “tomcat” (no quotes)
- the password MUST be “changeit” (no quotes), unless you modify the config xml settings which is beyond the scope of this blog post.
- when you list out the new example.jks keystore using keytool, ensure that it says PrivateKeyEntry next to the alias tomcat.
- ignore the warning at the end because Apache Tomcat requires the JKS keystore format, not the PKCS12 format – do NOT convert!
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
shell> sudo -i shell# openssl pkcs12 -export -in /etc/letsencrypt/live/example.yourdomain.com/cert.pem -inkey /etc/letsencrypt/live/example.yourdomain.com/privkey.pem -name tomcat -out example.p12 -password pass:changeit shell# keytool -importkeystore -deststorepass changeit -destkeystore example.jks -srckeystore example.p12 -srcstoretype PKCS12 -srcstorepass changeit shell# keytool -list -keystore example.jks Enter keystore password: changeit Keystore type: jks Keystore provider: SUN Your keystore contains 1 entry tomcat, Sep 13, 2023, PrivateKeyEntry, Certificate fingerprint (SHA-256): 02:F7:E8:07:F1:03:EA:97:3F:30:56:73:5F:06:0E:44:9E:FD:16:85:D1:73:E0:3A:46:52:15:47:FF:28:F9:1F Warning: The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore bamboo.jks -destkeystore bamboo.jks -deststoretype pkcs12". |
Copy The Java Keystore Into Place
This step will copy the new keystore (bamboo.jks)into place for both bamboo and Crucible as ~/.keystore for each user. Ownership and permissions must also be set.
1 2 3 4 5 6 7 8 9 10 11 |
shell> sudo -i BAMBOO STEPS shell# cp example.jks ~bamboo/.keystore shell# chown bamboo ~bamboo/.keystore shell# chmod 664 ~bamboo/.keystore CRUCIBLE STEPS shell# cp example.jks ~crucible/.keystore shell# chown crucible ~crucible/.keystore shell# chmod 664 ~crucible/.keystore |
Restart Bamboo and Crucible
This step will restart the processes, so they read in the new certificate.
1 2 3 4 5 6 7 8 9 10 11 |
shell> sudo -i BAMBOO STEPS shell# su - bamboo -c ./current/bin/stop-bamboo.sh shell# su - bamboo -c ./current/bin/start-bamboo.sh shell# tail -f ~bamboo/current/logs/catalina.out CRUCIBLE STEPS shell# su - crucible -c ./current/bin/stop.sh shell# su - crucible -c ./current/bin/start.sh shell# tail -f ~crucible/instances/default/var/log/fisheye.out |
Test Bamboo and Crucible
Use the openssl command to test the new certs:
1 2 3 4 5 6 7 |
BAMBOO STEPS shell> openssl s_client -state -debug -showcerts -verify 0 -connect bamboo.continuent.com:8443 ^C CRUCIBLE STEPS shell> openssl s_client -state -debug -showcerts -verify 0 -connect bamboo.continuent.com:6443 ^C |