How to setup Secure Webserver HTTPS (SSL) on Apache in Ubuntu

Secure HTTP (SSL/TLS) has become a must if you are planning to setup a website which includes user authentication (ie. login box) or sensitive data. HTTPS prevents the sensitive data from being transfered across the network in clear text where it is susceptible to being sniffed or altered. Here is the tutorial on how to setup a secure HTTP on Apache web server in Ubuntu 10.04 (Lucid Lynx).

What do you need?

  • apache2 (Web Server)
  • openssl
  • A bit patient, because it will take some time to learn

Step 1: Create a self-signed certificate
You need to create a self-signed certificate with openssl. To do that you will need to generate the server key.


openssl genrsa -des3 -out server-sec.key 4096

…and certificate signing request (CSR)


openssl req -new -key server-sec.key -out server.csr

After that, generate the server certificate by signing it with the server key.

openssl x509 -req -days 365 -in server.csr -signkey server-sec.key -out server.crt

Keep the server-sec.key in a secure location, with read/write permission assigned only to root. Then generate a password-less copy of the key for Apache use.

openssl rsa -in server-sec.key -out server.key

By this time, you should have :

  • server.key (passwordless key for Apache)
  • server.csr (certificate signing request)
  • server.crt (certificate)
  • server-sec.key (server key)

Continue reading “How to setup Secure Webserver HTTPS (SSL) on Apache in Ubuntu”

Upgrade Pidgin to solve Yahoo messenger Issue

Regarding the previous post Solving Pidgin Yahoo Messenger Connection Problem , the temporary solution may not work anymore as Yahoo already upgraded their server to accept newer authentication mode.

Pidgin logo

The good news is, users can download the latest Pidgin release (2.5.7) in order to keep connected with Yahoo Messenger.

For Ubuntu users, Pidgin 2.5.7 is available for download from the Click-and-Run GetDeb.net portal. Just select Pidgin package, and choose to open it with gdebi.

Hopefully you can solve the Pidgin login problem through this post.

How to make my Ubuntu detect more than 4GB memory

There were a couple of people that I met recently complained to me that their Ubuntu only detects 3 gigs of RAM after they upgraded their machine to 4 GB RAM.

Actually the problem does not lie with Ubuntu or any operating system in particular, rather the problem is related to 32bit operating system which only can address maximum of 232 bytes of memory.

Some might argue that 32-bit should be enough to address 4GB RAM, but in reality some of those memory location are reserved for computer and application operation that only a fraction of it are addressable when you installed 4GB RAM on a 32bit operating system. Thus you would see that your computer would only have around 3.5 GB only.

The solution?

There are two solutions to remedy this problem :
i) Install a 64-bit (Ubuntu) operating system
ii) Compile/Install kernel with PAE features enabled

The (i) solution is obvious, just install a 64bit edition of Ubuntu to your computer, and your problem will be automatically solved! The downside is, you probably does not want to use a 64bit edition of Ubuntu yet for some obscure reason (the evil binary only drivers and blobs)

The (ii) solution requires you to install a kernel with Physical Address Extension (PAE) support enabled.

For you information, Ubuntu comes with pre-compiled linux kernel that has PAE enabled. What you need to do is to apt-get these 3 packages “linux-headers-server, linux-image-server and linux-server” and reboot your computer. This will enable you operating system to recognize the extra RAM installed inside your computer.

p/s : The best solution is to get a system that does not depend on binary blogs (hardware drivers, etc) and move to 64-bit operating system in order to enjoy the full potential of your computer.

Quick and Dirty Network File sharing with Python

Ever find yourself in need to share file over the network quickly, but find yourself lacking time to setup a proper NFS or samba share? Here’s a way to do this with the good old Python CLI.

  • First, go to the directory that you want to share, for example ~/Desktop
  • Then run this command "python -m SimpleHTTPServer"
  • You may access the folder from a remote computer using any webrowser using the url – http://192.168.1.20:8000, change the ip address accordingly
Simple HTTP Server
file sharing with python

You may find this technique offers limited options to share files, but its a real time saver!

How to find cause of heavy usage on your Apache webserver

Here’s a quick and dirty tips on how to find cause of heavy CPU resources usage on your Apache webserver (especially when running php scripts).

First you need to locate the Apache 2 “access.log” file. By default in Ubuntu, this file is located in “/var/logs/apache2” directory.

Then you need to run this command to find out which IP address accesses your website the most in a short time.
[code]
tail -10000 access.log| awk ‘{print $1}’ | sort | uniq -c |sort -n
[/code]

The output of the command should contain a list of IP addresses along with the number of hits it made in the last 10,000 access of your website
[code]
47 117.58.252.98
81 202.124.242.186
84 202.124.245.26
182 194.164.101.217
220 208.101.22.146
225 72.167.131.144
3946 93.135.xxx.xxx
[/code]

From here you can easily locate the offending ip address and proceed to block it from accessing your website further using .htaccess file or other blocking method.

Here is an example to block certain ip address from accessing your website using .htaccess file
[code] order deny,allow
deny from 93.135.xxx.xxx
[/code]

Save .htaccess file in the root directory of your web server (example /var/www), and the ip address wont be available to access your site again.

Hope that would help you!