the itjerk

my adventures with technology

Tag Archives: apache2

ssl 24/7

While I’ve had ssl on my website for sometime (for anything login related), I had never enabled it by default. First, I had to install the patch the Video Filter module to work with https connections to Youtube. Then, using the developers tools built into Chrome, I found I had a http link to a Facebook logo (I have no idea why it isn’t local). That had to be fixed in the site’s theme. Finally, I found I had the remnants of ShareThis in a block. Although I deleted the module eons ago, I forgot about the block (which is how it appears on a page). Thankfully, those developer tools in Chrome made it plain as day. Now that all that was fixed, I edited the .htaccess file for the site, and entered the following to force https connections. (Remember to restart Apache after you edit .htaccess.)

RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://mywebsite.com/$1 [R,L]

With a free certificate from Let’s Encrypt, why not enable ssl. Oddly enough, only Chrome, Firefox and Microsoft browsers make it obvious when your connection to a website is secure. What’s up with that Apple?

linux box, clean install

Hardware all happy, it’s time to do a clean install of Ubuntu 14.04 LTS. The most important step before installing is to get a complete backup and a list of applications/settings etc. before tearing down the old computer! It’s also a good time to think about your new system, so consider what needs to be installed, and what needs to stay backed up, and what needs to be forgotten.

After installing from disk and running apt-get update/upgrade, there are a few usability tweaks I want to do right away:
1. Add packages nautilus-terminal, openssh-server, numlockx, update-motd, weather-util, landscape-common.
2. Setup ssh keys for my hosted server, and secure sshd!
3. Disable guest login in lightDM.
4. Import bookmarks and set panel applets (this could be a lot easier Canonical).
5. Fix writing to USB drives, then flash motherboard bios (F9 to F12)
sudo hdparm -r0 /dev/sdg

Then,
1. Configure router DHCP to give computer a fixed IP via MAC address.
2. Set privacy options in Unity. Include Imageviewer and Movie ;).
3. Install firewall (using gufw).
4. The fstab entries: Mount my new media hard drive. Side note here, always, always mount these things to /mnt/. The /media/ directory is not for anything in /etc/fstab. My backup directory (which is on a NAS drive), I have to enable cifs-utils, and set the cifs password.
5. Restore data from backup, sparingly.
6. Install applications, ditto.

Music stuff:
1. sudo apt-get install eyed facc lame flac vorbis-tools moc sox
2. I also installed Audex, Banshee, EasyTag, DeVeDe, Asunder, VLC, Audacious and Audacity.
3. Reinstall Logitech Media Server, located here.

Webserver:
1. Reinstall LAMP. You’ll be prompted to set MYSQL password, so be prepared with the one for your old databases!
sudo apt-get update.
sudo apt-get install tasksel
sudo tasksel install lamp-server

2. Create empty MYSQL databases, then restore backups. It’s as easy as:
mysql -u root -p
Create database databasename;
exit

then
mysql -u root -p databasename < path/to/backup.sql
3. Copy website backup to /var/www (or wherever), fix permissions. Then set initial directory in sites-available/default.conf and restart apache2.
4. For Drupal, I need to install php5-gd and add cron.php to crontab. For clean urls, I need to enable mod_rewrite (a2enmod rewrite) and configure .htaccess by adding this to sites-available/default.conf:

<Directory /var/www>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
<Directory>

5. Restart apache2.

SSD:
Because I now have a speedy SSD drive (oh yes, it’s fast!), I read up on potential tweaks to improve performance and life of the drive. With 14.04, the trim command is executed weekly (/etc/cron.weekly/fstrim) by default. This is fine because my box is on 24/7, otherwise it should be moved to rc.local so it executes on boot. If you want to check if trim is enabled, try this script:
sudo hdparm -I /dev/sda | awk '/.*TRIM supported.*/{ if ($1 == "*") print "Yes, TRIM is enabled"; else print "No, TRIM is not enabled.";}'
1. Add noatime parameter to /etc/fstab for / to disable file read stamps.
2. Create a virtual file system with /etc fstab:
tmpfs /tmp tmpfs defaults,noatime,mode=1777 0
3. Then, move browser Firefox and Chromium caches to /tmp
4. Change swappiness? Actually I don’t use swap. RAM is cheap and faster!
5. Finally, I debated moving /home off the SSD, but couldn’t discern any benefit: I mean, every $$$ notebook ships with one, right? Easy to get sucked into all the tweaking… So I’ll opt for just paring down what’s in my home folder, and moving music, photos and videos to my /mnt/media drive. Heck I should buy another disk and create a RAID 1 for all that media…

Anyway, that’s got me up and running. Job complete.