R.I.P. Terri Garr
RIP Terri Garr
Born: 1944, Lakewood, OH
Died: October 29, 2024 (age 79 years), Los Angeles, CA
RIP Terri Garr
Born: 1944, Lakewood, OH
Died: October 29, 2024 (age 79 years), Los Angeles, CA
First, enable Developer mode via the Safari menu -> Settings… -> Advanced Tab
Then, disable Cross-Origin Restrictions on the Developer Tab
Finally, be sure to refresh the page you are having issues with.
As always, YMMV!
To disable all automatic WordPress updates, just edit your WordPress/wp-config.php
file and locate the line that says:
/* That's all, stop editing! Happy blogging. */
Add the following line ABOVE that line, then save and exit:
1 |
define( 'WP_AUTO_UPDATE_CORE', false ); |
Edit your WordPress/wp-config.php
file and locate the line that says:
/* That's all, stop editing! Happy blogging. */
Add the following three lines ABOVE that line, then save and exit:
1 2 3 |
define('FS_METHOD', 'direct'); define('FS_CHMOD_DIR',0775); define('FS_CHMOD_FILE',0664); |
Be sure to refresh your browser to get the new settings!
BONUS
To force the use of FTP, change FS_METHOD
from direct
to ftpext
:
1 |
define('FS_METHOD', 'ftpext'); |
From the docs: https://codex.wordpress.org/it:Modificare_wp-config.php
FS_METHOD forces the filesystem method. It should only be “direct”, “ssh2”, “ftpext”, or “ftpsockets”. Generally, You should only change this if you are experiencing update problems, If you change it, and it doesnt help change it back/remove it, Under most circumstances, setting it to ‘ftpsockets’ will work if the automatically chosen method does not.
(Primary Preference) “direct” forces it to use Direct File I/O requests from within PHP, this is fraught with opening up security issues on poorly configured hosts, This is chosen automatically when appropriate.
(Secondary Preference) “ssh2” is to force the usage of the SSH PHP Extension if installed
(3rd Preference) “ftpext” is to force the usage of the FTP PHP Extension for FTP Access, and finally
(4th Preference) “ftpsockets” utilises the PHP Sockets Class for FTP Access.
1 2 3 4 5 6 7 |
iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT iptables -t nat -F iptables -t mangle -F iptables -F iptables -X |
shell> vimdiff file1 file2
~OR~
shell> vim file1 file2
Create a vertical split window: Control-w v
Enable visual diff on the left side: :diffthis
Move the cursor to the right side buffer: Control-w Right-arrow
Enable visual diff on the left side: :diffthis
You should now see the differences highlighted on both sides.
1 |
httpd -t -D DUMP_VHOSTS |
This was caused by having the PERL5LIB environment variable set.
1 2 3 4 5 6 7 8 9 10 11 12 |
root@server1:/root # /etc/webmin/restart-by-force-kill Force stopping Webmin server in /usr/libexec/webmin /etc/webmin/.stop-init: line 10: kill: (10111) - No such process Starting Webmin server in /usr/libexec/webmin /usr/bin/perl: symbol lookup error: /root/perl5/lib/perl5/x86_64-linux-thread-multi/auto/Net/SSLeay/SSLeay.so: undefined symbol: Perl_ss_handshake root@ server1:/root # unset PERL5LIB root@ server1:/root # /etc/webmin/restart-by-force-kill Force stopping Webmin server in /usr/libexec/webmin /etc/webmin/.stop-init: line 10: kill: (10111) - No such process Starting Webmin server in /usr/libexec/webmin |
In this blog we explore how to use certificates from Let’s Encrypt to secure self-hosted Bamboo and Crucible.
ping example.yourdomain.com
netstat -pan | grep 80 | grep LISTEN | wc -l
You must first install Python >= 3
I like using pip to install certbot, but urge you to use any method that is the easiest and most familiar:
https://certbot.eff.org/instructions?ws=other&os=pip
Run certbot help
to confirm that it has been installed properly
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 |
shell> sudo -i shell# touch ~/ssl shell# chmod 755 ~/ssl shell# cat >> ~/ssl <<EOF #!/bin/sh certbot certonly \ --standalone \ --renew-by-default \ --agree-tos \ -v \ --debug \ --email admin@yourdomain.com \ -d example.yourdomain.com EOF OPEN Port 80 on your firewall now. shell# ~/ssl CLOSE Port 80 on your firewall now. shell# ls -l /etc/letsencrypt/live/example.yourdomain.com/ total 4 lrwxrwxrwx 1 root root 45 Sep 13 12:38 cert.pem -> ../../archive/example.yourdomain.com/cert2.pem lrwxrwxrwx 1 root root 46 Sep 13 12:38 chain.pem -> ../../archive/example.yourdomain.com/chain2.pem lrwxrwxrwx 1 root root 50 Sep 13 12:38 fullchain.pem -> ../../archive/example.yourdomain.com/fullchain2.pem lrwxrwxrwx 1 root root 48 Sep 13 12:38 privkey.pem -> ../../archive/example.yourdomain.com/privkey2.pem |
This step will result in two new files being created: example.p12 and example.jks
IMPORTANT:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
shell> sudo -i shell# openssl pkcs12 -export -in /etc/letsencrypt/live/example.yourdomain.com/cert.pem -inkey /etc/letsencrypt/live/example.yourdomain.com/privkey.pem -name tomcat -out example.p12 -password pass:changeit shell# keytool -importkeystore -deststorepass changeit -destkeystore example.jks -srckeystore example.p12 -srcstoretype PKCS12 -srcstorepass changeit shell# keytool -list -keystore example.jks Enter keystore password: changeit Keystore type: jks Keystore provider: SUN Your keystore contains 1 entry tomcat, Sep 13, 2023, PrivateKeyEntry, Certificate fingerprint (SHA-256): 02:F7:E8:07:F1:03:EA:97:3F:30:56:73:5F:06:0E:44:9E:FD:16:85:D1:73:E0:3A:46:52:15:47:FF:28:F9:1F Warning: The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore bamboo.jks -destkeystore bamboo.jks -deststoretype pkcs12". |
This step will copy the new keystore (bamboo.jks)into place for both bamboo and Crucible as ~/.keystore for each user. Ownership and permissions must also be set.
1 2 3 4 5 6 7 8 9 10 11 |
shell> sudo -i BAMBOO STEPS shell# cp example.jks ~bamboo/.keystore shell# chown bamboo ~bamboo/.keystore shell# chmod 664 ~bamboo/.keystore CRUCIBLE STEPS shell# cp example.jks ~crucible/.keystore shell# chown crucible ~crucible/.keystore shell# chmod 664 ~crucible/.keystore |
This step will restart the processes, so they read in the new certificate.
1 2 3 4 5 6 7 8 9 10 11 |
shell> sudo -i BAMBOO STEPS shell# su - bamboo -c ./current/bin/stop-bamboo.sh shell# su - bamboo -c ./current/bin/start-bamboo.sh shell# tail -f ~bamboo/current/logs/catalina.out CRUCIBLE STEPS shell# su - crucible -c ./current/bin/stop.sh shell# su - crucible -c ./current/bin/start.sh shell# tail -f ~crucible/instances/default/var/log/fisheye.out |
Use the openssl command to test the new certs:
1 2 3 4 5 6 7 |
BAMBOO STEPS shell> openssl s_client -state -debug -showcerts -verify 0 -connect bamboo.continuent.com:8443 ^C CRUCIBLE STEPS shell> openssl s_client -state -debug -showcerts -verify 0 -connect bamboo.continuent.com:6443 ^C |
Add inbound rule(s) for a security group ID:
1 |
shell> aws ec2 authorize-security-group-ingress --group-id sg-NNNNNNNN --protocol tcp --port 80 --cidr '0.0.0.0/0' |
## Delete inbound rule(s) for a security group ID
1 |
shell> aws ec2 revoke-security-group-ingress --group-id sg-NNNNNNNN --protocol tcp --port 80 --cidr '0.0.0.0/0' |
## List security groups by security group ID
1 |
shell> aws ec2 describe-security-groups --output json | jq -r '.SecurityGroups[]|.GroupId+" "+.GroupName' |
## List inbound rules for a specific security group ID
1 |
shell> aws ec2 describe-security-groups --group-ids sg-NNNNNNNN --output json | jq -r '.SecurityGroups[].IpPermissions[]|. as $parent|(.IpRanges[].CidrIp+" "+($parent.ToPort|tostring))' |
Thanks to:
https://www.bluematador.com/learn/aws-cli-cheatsheet