waffel’s Weblog

März 13, 2014

no running imapd / slapd under gentoo

Einsortiert unter: administration,webmaster — Thomas Wabner @ 2:46 nachmittags

Today, I discovered that my mailserver was down on a root server (running gentoo). I tried to search why and whats the problem.

  1. I see error messages, that some processes cannot connect to ldap
  2. I tried to use phpldapadmin to check whats wrong. Here I got the next error: Fatal error: Cannot redeclare password_hash()
  3. I changed the used php version from php-5.5 to php-5.4 … phpldapadmin again works, but I cannot login
  4. I see imapd segmentation faults in dmesg in libwrappers …so I guess there is a problem with sys-apps/tcp-wrappers
  5. I rebuild tcp-wrappers, restarting nearly all processed from /etc/init.d without success
  6. I get deeper into the logfiles of my server (needed to take a look into the live logfiles (which logs all into one file, which is heavy under a root server with many hosted domains)
  7. I see an error, that some processes (one was also slapd) cannot read /etc/hosts.deny
  8. I see, that only root has the permission to read /etc/hosts.deny
  9. I change the permission to get all a read of this file
  10. Restarting slapd and all stuff works again … what a pain

Feels like one of my living years are gone … sometimes I love, but sometimes I hate gentoo.

I do not know who has changed the permissions on this file … but if I found he/it … *g*

September 7, 2013

no CSS in mediawiki anymore

Einsortiert unter: administration,webmaster — Thomas Wabner @ 5:22 nachmittags
Tags: , , ,

After upgrading my gentoo system, I discovered a problem with one of my new mediawiki installations:

No CSS anymore!

That’s frustrating. Looking with my browser tools, I see, that the load.php from mediawiki returns nothing. Searching around and found only one place which helped:

https://bugs.php.net/bug.php?id=64836 <– the bug entry on php.

Now I tried to downgrade my gentoo package sys-apps/file back to 5.11 and restarting my apache … viola … it works.

emerge =sys-apps/file-5.11

Now the load.php works again and it looks like, that this has nothing to do with mediawiki itself.

Januar 2, 2012

epson perfection VT10 under gentoo

Einsortiert unter: administration — Thomas Wabner @ 3:22 nachmittags
Tags: , , , , ,

Today I make my Epson scanner perfection VT10 running under gentoo.

What I did:

  1. Emerge the iscan packages:

    USE="X gimp jpeg png tiff -doc" emerge -av media-gfx/iscan
    emerge -av media-gfx/iscan-data
  2. Create a backup of the /etc/sane.dll/dll.conf and create a new one with only one line:

    mv /etc/sane.dll/dll.conf /etc/sane.dll/dll.conf.org
    echo "epkowa" >> /etc/sane.dll/dll.conf
  3. Changing the /etc/sane.d/epkowa.conf configuration to match the Perfection VT10.

    changing/uncomment in /etc/sane.d/epkowa.conf following lines (nothing more!):

    usb
    usb 0x04b8 0x012d

  4. Now I need some binaries for the scanner and some libs. They can be downloaded here:

    http://linux.avasys.jp/drivers/iscan-plugins/iscan-plugin-gt-s600/2.1.2/iscan-plugin-gt-s600-2.1.2-1.i386.rpm

  5. I opened the archive and extracted the libs libesint66* to /usr/lib/iscan and also the /usr/share/iscan/esfw66.bin
  6. Now I need to register the libraries and scanner binary to iscan:

    iscan-registry --add interpreter usb 0x04b8 0x012d /usr/lib/iscan/libesint66.so /usr/share/iscan/esfw66.bin
  7. The next step was to create a file called “interpreter” in /usr/share/iscan-data/interpreter and adding the lib and binary:

    echo "interpreter usb 0x04b8 0x012d /usr/lib/iscan/libesint66 /usr/share/iscan/esfw66.bin" >> /usr/share/iscan-data/interpreter

After that, I was able to start iscan, select the first entry from the founded scanners and start to scan :-)

November 17, 2009

create self signed multi domain certificate

Einsortiert unter: administration,webmaster — Thomas Wabner @ 6:29 nachmittags
Tags: , , , , , , , , ,

I have a domain mydomain.com with some sub level domains like

Now I need a self signed certificate for all these domains because I want to use them over HTTPS. There are some steps to do this. First of all: you don’t need for this propose your own root certificate. You should replace all occurrence of mydomain.com with your own domain name and sub domains.

On the gentoo server where the apache should host the domains, I have to create the certificate. I do following steps:

  1. Generate a private key
    openssl genrsa -des3 -out mydomain.key 1024
    
  2. Generate a CSR (Certificate Signing Request)
    openssl req -new -key mydomain.key -out mydomain.csr
    
    Country Name (2 letter code) [DE]:DE
    State or Province Name (full name) [Sachsen]:Sachsen
    Locality Name (eg, city) [Leipzig]:Leipzig
    Organization Name (eg, company) [My Company Ltd]:mydomain.com
    Organizational Unit Name (eg, section) []:Information Technology
    Common Name (eg, your name or your server's hostname) []:mydomain.com
    Email Address []:thomas dot wabner at mydomain dot com
    Please enter the following 'extra' attributes
    to be sent with your certificate request
    A challenge password []:
    An optional company name []:
    
  3. Remove Passphrase from Key
    cp mydomain.key mydomain.key.org
    openssl rsa -in mydomain.key.org -out mydomain.key
    
  4. Generating a Self-Signed Certificate

    To include all required subdomains a extensions file must be used. For example I have created a file /home/waffel/ssl/mydomain_extensions with following content:

    [ mydomain_http ]
    nsCertType      = server
    keyUsage        = digitalSignature,nonRepudiation,keyEncipherment
    extendedKeyUsage        = serverAuth
    subjectKeyIdentifier    = hash
    authorityKeyIdentifier  = keyid,issuer
    subjectAltName          = @mydomain_http_subject
    [ mydomain_http_subject ]
    DNS.1 = www.mydomain.com
    DNS.2 = nexus.mydomain.com
    DNS.3 = trac.mydomain.com
    DNS.4 = svn.mydomain.com
    

    The last command to create the certificate is:

    openssl x509 -req -days 365 -in mydomain.csr -signkey mydomain.key -out mydomain.crt -extfile /home/waffel/ssl/mydomain_extensions -extensions mydomain_http
    

In the apache configuration for the ssl host’s I have enabled the ssl module with following content:

...
ServerAlias svn.mydomain.com trac.mydomain.com nexus.mydomain.com

        ErrorLog /var/log/apache2/ssl_mydomain_error_log
        <IfModule log_config_module>
                TransferLog /var/log/apache2/ssl_mydomain_access_log
        </IfModule>

        SSLEngine on
        SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
        SSLCertificateFile /etc/apache2/ssl/mydomain.crt
        SSLCertificateKeyFile /etc/apache2/ssl/mydomain.key
        SSLCertificateChainFile /etc/ssl/cacert.pem
        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory "/var/www/localhost/cgi-bin">
                SSLOptions +StdEnvVars
        </Directory>
        <IfModule log_config_module>
                CustomLog /var/log/apache2/ssl_mydomain_request_log \
                        "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
        </IfModule>
...

For example if you need such certificate to connect your maven with a self installed nexus repositiory over https you can follow the article from ahoehma.

A more detailed description with some background information about the certificate creation can be found here.

Oktober 2, 2009

Howto upgrade ]project-open[ 3.1 to vmware 3.2 version

Einsortiert unter: administration — Thomas Wabner @ 12:05 nachmittags
Tags: , , , ,

We have a self compiled version of ]project-open[ version 3.1 running on our intranet server. Because there is no more support for this version and there is also no more any documentation about this version out there we have decided to switch to the ]project-open[ vmware 3.2 version. There are some steps required to get all data from 3.1 into the 3.2 installation.

First of all: Make a backup of your database!

  1. Login as admin into your 3.1 web interface and make a postges backup http://%5BYOUR_SERVER%5D/intranet/admin/backup/
  2. The backup data is now on your 3.1 machine under /web/projop/filesystemstorage/backup/[YOUR_BACKUP_FILE].sql .
  3. Download the ]project-open[ vmware image from sourceforge. Because we use virtualbox instead of vmware we mount the vmware image into our virtualbox.
  4. In virtualbox you have to select SCSI:1 as your harddisk interface because the vmware installation tries to mount /dev/sda1 as your root.
  5. after success start of the virtualbox you have to login as root (default password is root)
  6. Now you have to switch your runlevel to S (single user mode) with init S.
  7. In this runlevel you have to restart postgres with /etc/init.d/postgesql restart.
  8. Switch now from root to postgres with su - postgres.
  9. Connect to the postgresql master database template1 with psql template1
  10. Drop the projop database drop database projop;
  11. Now you can leave the postgresql shell with \q
  12. Create a new projop database createdb projop --owner projop
  13. Set postgres dialect for the database createlang plpqsql projop
  14. Import the tsearch2 tablees psql projop -f /web/projop/packages/intranet-search-pg/postgresql/tsearch2.sql
  15. Import your backup from the 3.1 system (copy the data from your 3.1 machine first) psql projop -f /web/projop/filesystemstorage/backup/[YOUR_BACKUP_FILE].sql
  16. Run the post patch psql projop -f /web/projop/preconf/poall.post-patch.sql
  17. Switch back to root exit
  18. Switch back to the runlevel 5 init 5
  19. Restart the postgresql system /etc/init.d/postgresql restart
  20. In you web browser you should now be able to login as administator (username and password from your old 3.1 system!)
  21. Update all enabled packages http://%5BYOUR_SERVER%5D/acs-admin/apm/packages-install?update_only_p=1
  22. Select on the page all packages which should be upgraded and start the update procedure (this may take any time)
  23. Restart the projop web server with http://%5BYOUR_SERVER%5D/acs-admin/server-restart

I hope thats all and your system is now running with ]project-open[ 3.2.

November 13, 2008

updating mediawiki is easy

Einsortiert unter: administration,software — Thomas Wabner @ 2:33 nachmittags
Tags: ,

I have updated some homepages to the brand new mediawiki version 1.13.2 which was very easy. They have a very good description what you have to do, if you update to a new version and a very nice update script which works also for very old wiki versions (I have tested this with the 1.4.5 version).

But there ara small problems with own skin (for example on http://www.buzztard.org). The skin have to be fixed per hand. Hopfully ensonic can do this the next days.

The Rubric Theme Bloggen Sie auf WordPress.com.

Follow

Erhalte jeden neuen Beitrag in deinen Posteingang.

Schließe dich 28 Followern an