Posts Tagged linux

Global php composer install or update

Installing or updating a global installed composer can be a PITA if you don’t want to rely on the Linux distro
An easy way is:

curl -sS | sudo php -- --install-dir=/bin --filename=composer

Tags: , , , ,

http/2.0 sslciphersuites with 256 bit alias crypto wars part eight TLSv1.3

Now with the release of Apache 2.4.37 it supports TLSv1.3 (with OpenSSL 1.1.1). Before is was possible to compile Apache against OpenSSL 1.1.1 but it had no effect compared to OpenSSL 1.1.0

There are some advantages using TLS 1.3. it comes with Zero Round Trip Time (0-RTT). Explained simply, with TLS 1.2, two round-trips had been needed to complete the TLS handshake. With TLSv1.3, it requires only one round-trip, which in turn cuts the encryption latency in half. It feels faster.

At the moment only Chrome and Firefox support TLS 1.3. But I think other browser will follow soon.

This requires Apache 2.4.37 or better and OpenSSL 1.1.1 or better. Note that there are now two different directives for SSLCipherSuite. Also new is that the names for the Ciphers for TLS 1.3 are  directly taken from the OpenSSL internal naming. This is different compared to the old way in apache. Only two ciphers that are allowed for TLSv1.3 support 256 bit encryption that is why I chose those.

Listen 443
<If "%{SERVER_PORT} == '443'">
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15553000; preload"

ProtocolsHonorOrder On
Protocols h2c h2 http/1.1

TraceEnable Off

SSLUseStapling On
SSLSessionCache shmcb:/opt/apache2/logs/ssl_gcache_data(512000)
SSLStaplingCache shmcb:/opt/apache2/logs/ssl_stapling_data(512000)
SSLOptions +StrictRequire +StdEnvVars -ExportCertData
SSLProtocol -all +TLSv1.2 +TLSv1.3
SSLCompression Off
SSLHonorCipherOrder On
SSLCipherSuite TLSv1.3 TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384

SSLOpenSSLConfCmd DHParameters "/opt/apache2/conf/dh4096.pem"
SSLOpenSSLConfCmd ECDHParameters secp384r1
SSLOpenSSLConfCmd Curves sect571r1:sect571k1:secp521r1:sect409k1:sect409r1:secp384r1:sect283k1:sect283r1:secp256k1:prime256v1

H2Direct On

Sadly not OS Distributions support the last OpenSSL version or that TLv1.3 version has been backported or it has been patched, but apache shows still an older version number.

Tags: , , , ,

git cheat sheet

Delete all local branches but master and the current one

git branch | grep -v "master" | grep -v ^* | xargs git branch -D;

what did I do? aka git last commit

git diff @~..@

What did I do the last week?

git log --stat --since='1 Week Ago' --graph --pretty=oneline --abbrev-commit --date=relative

git log only the relevant merges

git log --all --graph --decorate --oneline --simplify-by-decoration

show all untracked files

git ls-files --others --exclude-standard

last tag

describe --tags --abbrev=0

Tags: , , , , ,

MariaDB Case Sensitive Table names on Windows

I had an issue while migrating (My)SQL data back and forth from Linux and Windows. When ever I made come changes on my local windows dev system and tried to apply the changes to the production system the SQL statement failed. Later I noticed that the table names on Windows were no matter what I tried in lower case. The MariaDB docs told me that the table names on Windows where always lower case and case insensitive. What a bummer.

Searching I foundlower_case_table_names in the docs. With the values 0,1 and 2.

0 (Unix) = table names and aliases and database names are compared in a case-sensitive manner.
1 (Windows) = names are stored in lowercase and not compared in a case-sensitive manner.
2 (Mac OS X) = names are stored as declared, but compared in lowercase.

I tried 0 and got

[ERROR] The server option 'lower_case_table_names' is configured to use case sensitive table names but the data directory resides on a case-insensitive file system. Please use a case sensitive file system for your data directory or switch to a case-insensitive table name mode.
[ERROR] Aborting

But setting it to 2 works. No longer problems

datadir=C:/Program Files/MariaDB 10.2/data
performance_schema = ON
lower_case_table_names = 2
plugin-dir=C:/Program Files/MariaDB 10.2/lib/plugin

I wonder cause in the old days of using MySQL it never was a problem.

Tags: , , ,

http/2.0 sslciphersuites with 256 bit alias crypto wars part five A+ at SSL Test

At Qualys SLL Test labs tests I never had 100% for Key Exchange. Even adding a 4096 Diffie Hellman key did not do the trick.

Now I found adding

SSLOpenSSLConfCmd ECDHParameters secp384r1

to the config from Part 4 does the trick!

Now I can have all your bars on Qualys SSL Test at 100% without having an insane config no client can connect to.

Tags: , , , , , , ,

rm -rf argument list too long

Well to often here is this the error message rm -rf argument list too long cause there are too many file in the directory. With the help of a little script those files can be deleted.

for FILE in `ls`
rm $FILE

Tags: , ,

debian boots into uefi shell

Today one of my linux servers did not boot. Instead there was a grub uefi shell. Typing the help command listed a bunch of commands in dark blue on a dark grey. Not easy to read. Trying to use the gui did not solve the problem. Resetting the config did also not help. Some forum posts said to create a symlink to the efi file. My issue was that /boot/efi is a separate partion due btrfs on the my system.

What did work was using the command line to add the efi again.

bcfg boot add 0 fs0:\EFI\debian\grubx64.efi "Debian"

However writing in english mode on a german style keyboard is often “times of wonder”. Use # ( hash) for the backslash and ä for the quotes. I still wonder why I have to use a backslash on a linux system…

Tags: ,

/dev/null: Permission denied

Das ist mal ein nette Fehlermeldung! Also, wie reparieren?

sudo rm /dev/null
sudo mknod -m 0666 /dev/null c 1 3

und schwups geht alles wieder. Bleibt nur die Frage, wieso und wann das  kaputt gegangen ist!?


Compling Apache 2.4 on Ubuntu or Debian

tar xvfz httpd-2.4.2.tar.gz
tar xvfz httpd-2.4.2-deps.tar.gz
cd httpd-2.4.2/srclib
tar xvfz apr-iconv-1.2.1.tar.gz
mv apr-iconv-1.2.1 apr-iconv
tar xvfz zlib-1.2.7.tar.gz
mv zlib-1.2.7 zlib
tar xvfz pcre-8.21.tar.gz
mv pcre-8.21 pcre
tar xfz openssl-1.0.1.tar.gz
cd openssl-*
./config --prefix=/usr zlib-dynamic --openssldir=/etc/ssl shared
make test
sudo make install
cd ../..
./configure --prefix=/opt/apache2 --enable-pie --enable-mods-shared=all --enable-so --disable-include --enable-deflate --enable-headers --enable-expires --enable-ssl=shared --enable-mpms-shared=all --with-mpm=event --enable-rewrite --with-z=/home/mario/apache24/httpd-2.4.2/srclib/zlib --enable-module=ssl --enable-fcgid --with-included-apr
sudo make install
cd ..
tar xvfz mod_fcgid-2.3.7.tar.gz
cd mod_fcgid-*
APXS=/opt/apache2/bin/apxs ./configure.apxs
sudo make install

For using PHP install php-cgi

add httpd.conf

FcgidMaxProcesses 50
FcgidFixPathinfo 1
FcgidProcessLifeTime 0
FcgidTimeScore 3
FcgidZombieScanInterval 20
FcgidMaxRequestsPerProcess 0
FcgidMaxRequestLen 33554432
FcgidIOTimeout 120

in each vhost

Options Indexes ExecCGI
AddHandler fcgid-script .php
FCGIWrapper /usr/lib/cgi-bin/php5 .php

Tags: , , , , ,

farbige man pages

Man pages sind nicht immer sehr übersichtlich. Die man pages etwas einzufärben hilft!

ans Ende der .bashrc

export LESS_TERMCAP_mb=$'\E[01;31m'
export LESS_TERMCAP_md=$'\E[01;31m'
export LESS_TERMCAP_me=$'\E[0m'
export LESS_TERMCAP_se=$'\E[0m'
export LESS_TERMCAP_so=$'\E[01;44;33m'
export LESS_TERMCAP_ue=$'\E[0m'
export LESS_TERMCAP_us=$'\E[01;32m'

schon sind die man pages in Farbe.

Tags: , , , ,

Archives by Subject:

Archives by Month: