Gregs Uberfast version:

Linux:

openssl genrsa -des3 -out CA.key 1024
openssl req -new -key CA.key -x509 -days 3650 -out CA.crt
chmod 400 CA.key
chmod 400 CA.crt

(the above made a new CA, you want to install the crt into IE’s trusted certs.)

Win:

Make cert request in IIS – take to Lin.

Linux:

(All one line)
openssl x509 -req -days 3650 -in certreq.txt -CA CA.crt
-CAkey CA.key -CAcreateserial -out mail.server.crt

Win:

Take that mail.server.crt and install in IIS. People browsing yoru site will get a “not valid CA” type error, especially in IE7, and they’ll need to accept that. Otherwise, you need to buy a real cert. If it’s only your users on the site, then just have them install the CA.crt into IE, as then they will trust the authority/key from the web server. Every user will need to do that.

Statically/manually define/set duplex on linux network card
Use mii-tool or ethtool

//////////////////////////////

A Note About Duplex Settings

By default, Linux NICs negotiate their speed and duplex settings
with the switch. This is done by exchanging electronic signals
called Fast Link Pulses (FLP). When the speed and duplex are forced
to a particular setting the FLPs are not sent. When a NIC is in
auto-negotiation mode and detects a healthy, viable link but receives
no FLPs, it errs on the side of caution and sets its duplex to
half-duplex and sometimes it will also set its speed to the lowest
configurable value. It is therefore possible to force a switch port to
100 Mbps full duplex, but have the auto-negotiating server NIC set
itself to 100Mbps half-duplex which will result in errors. The same is
true for the switch if the switch port is set to auto-negotiate and
server NIC is set to 100 Mbps full duplex. It is best to either force
both the switch port and server NIC to either auto-negotiate or
the same forced speed and duplex values.

//////////////////////////////

//////////////////////////////// mii-tool

/////////////////////////////////////////////////////////////

[root@bigboy tmp]# mii-tool
SIOCGMIIPHY on ‘eth0′ failed: Operation not supported
eth1: 100 Mbit, half duplex, link ok
[root@bigboy tmp]#

[root@bigboy tmp]# mii-tool -v
eth1: negotiated 100baseTx-FD, link ok
product info: vendor 00:10:18, model 33 rev 2
basic mode:   autonegotiation enabled
basic status: autonegotiation complete, link ok
capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
advertising:  100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
[root@bigboy tmp]#

mii-tool -F 100baseTx-FD eth0

//////////////////////////////// Ethtool

/////////////////////////////////////////////////////////////

[root@bigboy tmp]# ethtool eth0
Settings for eth0:
Supported ports: [ TP MII ]
Supported link modes:   10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
Supports auto-negotiation: Yes
Advertised link modes:  10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
Advertised auto-negotiation: No
Speed: 100Mb/s
Duplex: Full
Port: MII
PHYAD: 1
Transceiver: internal
Auto-negotiation: off
Supports Wake-on: g
Wake-on: g
Current message level: 0×00000007 (7)
Link detected: yes
[root@bigboy tmp]#

#
# File: /etc/sysconfig/network-scripts/ifcfg-eth0
#
DEVICE=eth0
IPADDR=192.168.1.100
NETMASK=255.255.255.0
BOOTPROTO=static
ONBOOT=yes
ETHTOOL_OPTS=”speed 100 duplex full autoneg off”

////////////////////// or
ethtool -s eth1 speed 100 duplex full autoneg off

Uber quick howto:  (based on Debian)
1. Make sure ssh, rsync and sudo are installed and working.
2. Add a user account,  on remote system.
2.a Add a certificate with openssl or ssh-keygen (look that up elsewhere)
2.b Make sure the cert is unencrypted with no password. Yes,  that is a slight security concern, HOWEVER, if you are very careful to secure that private key, you are ok.  In other words, don’t share it or let it out!
2.c Add your public key to your new users /home/username/.ssh/authorized_keys file.  (how to’s for this stuff are on the web)
2.d Test this user’s login and make sure it logs you in from your local machine.
3.  Now, this new user is unprivileged, so you need to use sudo for running the remote rsync command.  Add this to your remote machine /etc/sudoers file:

 nameofnewuser	remotemachinename=NOPASSWD:/usr/bin/rsync

Above, you replace with the appropriate names.

4. Copy your private key from the remote machine and save it on the local machine where you will be backing up to.  For example, save it in the local user’s .ssh directory.  /home/localuseraccount/.ssh/private.key

5. You need to create a script.  In the example below, I have an exclude.txt file also, so I can exclude directories and files.  Look that up in the rsync how-to’s.

#!/bin/bash

rsync -avz --rsync-path="sudo /usr/bin/rsync" 	

	--exclude-from=exclude.txt -e

 	"ssh -p 22 -i /home/localuseraccount/.ssh/private.key"

  	remoteuseraccount@remote.server.com:/ /backup/to/path

In case you didn’t catch that, the section above with the rsync command is all one line!

I spent quite a while searching for solutions to this issue:

Reading Package Lists... Error!

E: Dynamic MMap ran out of room

I found several posts and sites that mention updating the cache limit, but that did not work. Here’s what I found though.

First, create the file if it does not exist.
/etc/apt/apt.conf

Then, add this:

APT::Default-Release "stable"; 

APT::Cache-Limit "141943904";

And that did the trick!  You can probably find this lots of places, but it took me too long to find the right fix, so I saved this here for myself!

Have a great day!

Courier Virtual Email Hosting – No SQL Servers

Using USERDB

1. Add the domain(s)
   Add your domain name to esmtpacceptmailfor.dir/default
   Add your domain name to hosteddomains/default
   Then create the courier system files, run:

   makeacceptmailfor
   makehosteddomains

2. Add the users
   You run 2 commands to add a user. (same user/pw for smtp also)
   userdb and userdbpw

   Let’s say we want to add a user account for misc@1stbyte.com.

   1^st create the virtual account home dirs. I save mine in /home/virtual. You will create a sub dir for each domain, then user. And you must create the Maildir folders in this home folder. So it will look like this:
   /home/virtual/domain.com/user
   Run:
   mkdir /home/virtual/1stbyte.com/misc
   maildirmake /home/virtual/1stbyte.com/misc/Maildir
   chown -Rv 999.999 /home/virtual/1stbyte.com/misc
   userdb misc@1stbyte.com set uid=999 gid=999 home=/homevirtual/1stbyte.com/misc
   userdbpw | userdb misc@1stbyte.com set systempw

   userdbpw will ask for a password and pipe into the “set systempw” command and save it into the userdb database. You can see the data in /etc/courier/userdb.

   When you are done run: makeuserdb

3. Setup any aliases

   if you have any aliases, set them in aliases/system. Edit the file and add full email account names like:
   vuser@domain.com: mailaccount@domian.com

   It’s alias: realaccount.
   The can be other domains too:
   fakeuser@accptedmaildomain.com: realaccount@realhosteddomain.com
   info@1stbyte.com: misc@1stbyte.com

   And of course, run: makealiases

Download and unpack Apache and PHP. MySQL 5 is install already. (as per another blog: http://www.1stbyte.com/2006/04/02/mysql-5-upgrade-compiled/

Make sure you have the proper dev packages. In my case I had to install ‘libflex’ and ‘libgdbm-dev’ using apt-get install to install PHP. (I have Debian Unstable)

./configure –prefix=/var/httpd –enable-so –enable-proxy –enable-proxy-ftp –enable-proxy-http –enable-ssl –enable-headers –enable-rewrite –enable-cgi –enable-deflate –enable-mime-magic –enable-dav –enable-dav-fs –enable-userdir –enable-status –enable-info

make && make install

then I copied the original Apache conf from /etc/apache2 to the new root, /var/httpd/conf. I also had to update the httpd.conf file to set the correct server root and other misc server directives, but mostly they were all the same.

Test your install /var/httpd/bin/apachectl start
Goto http://localhost and make sure you get the web site.

Now install PHP.
./configure –with-apxs2=/var/httpd/bin/apxs –with-mysql=/var/mysql5010 –with-mysql-sock=/tmp/mysql5.sock –prefix=/var/httpd/php –with-config-file-path=/var/httpd/php –enable-force-cgi-redirect –disable-cgi –with-zlib –with-gettext –with-gdbm

make
cp -p .libs/libphp4.so /var/httpd/modules
cp -p php.ini-recommended /var/httpd/php/php.ini

I then put these into httpd.conf

<IfModule mod_php4.c>
AddType application/x-httpd-php .php .phtml .php3
AddType application/x-httpd-php-source .phps
</IfModule>
LoadModule php4_module modules/libphp4.so

then ran:
make install

Edit: 10/25/05

Additional new notes:

When configure is run, I do it this way now:

./configure –prefix=/var/httpd –enable-so –enable-proxy –enable-proxy-ftp –enable-proxy-http –enable-ssl –enable-headers –enable-rewrite –enable-cgi –enable-deflate –enable-mime-magic –enable-dav –enable-dav-fs –enable-userdir –enable-status –enable-info –enable-cache –enable-disk-cache –enable-mem-cache

And…

For setup with Zope I am running ProxyPass instead of Rewrites:

ProxyRequests On ProxyPass / http://127.0.0.1:18080/VirtualHostBase/http/www.adomain.com:80/clients/adomain_com/VirtualHostRoot/ ProxyPassReverse / http://127.0.0.1:18080/VirtualHostBase/http/www.adomain.com:80/clients/adomain_com/VirtualHostRoot/ ProxyRequests On ProxyPass / http://127.0.0.1:18080/VirtualHostBase/http/domain.1stbyte.org:80/clients/domain_com/VirtualHostRoot/ ProxyPassReverse / http://127.0.0.1:18080/VirtualHostBase/http/domain.1stbyte.org:80/clients/domain_com/VirtualHostRoot/

When you add the PHP config, you need to first add flex.

apt-get install flex

Also, the httpd.conf additons are partially done in the mods-enabled folder for php.conf.

I just upgraded my MySQL server from 5.0.7 to 5.0.10. I wanted to make a few notes about what I did to set it up.

1. I compiled MySQL 5.0.10-beta.

./configure --prefix=/var/mysql5010
--with-unix-socket-path=/tmp/mysql5.sock
--with-mysqld-ldflags=-all-static
--enable-assembler
--with-low-memory
--with-named-curses-libs=/lib/libncurses.so.5
--with-mysqld-user=mysql

2. Did a make && make install
3. Stop mysql507 (on my server I created a script to stop and start mysql and mysql5, this way I can easily run both servers at the same time) stopmysql5
4. mkdir /var/mysql5010/var
5. cp -Rv /var/mysql507/var/* /var/mysql5010/var
6. Chmod -Rv mysql.mysql /var/mysql5010
7. Updated the startmysql5 script to point to the new path (var/mysql5010), same with stopmysql5 script.
8. startmysql5

And I was running!  Now, this might not work on future versions, particularly since MySQL 5.x is in beta right now.

I did not recompile MySQLdb yet, as it is working fine for me, however it might be wise.  In fact, I really should do that because the libraries are pointing to the /var/mysql507 directory.

Edit: 10/25/05

The config options here are for a smaller/slower server.  Use this for normal servers with decent amount of RAM:

./configure --prefix=/var/mysql
--with-unix-socket-path=/tmp/mysql.sock
--with-mysqld-ldflags=-all-static
--enable-assembler
--with-named-curses-libs=/lib/libncurses.so.5
--with-mysqld-user=mysql
--enable-thread-safe-client

This also enables the Thread Safe client, which will work better with mysql-python modules.

Wow! This has turned out to be a real pain.  Below is a process I started, but ran into issues.  I could see the module, but it would never make a Wlan0 to access using iwconfig or ifconfig.

I tried this on the Trendnet TEW-229UB and the TEW-424UB.  Maybe because they are cheap devices, but heck, I spent something like $25 for both, and in Windows, they work perfectly.

After I had depmod -a and the ndiswrapper module listed (lsmod), everything seemed ok.  The syslog had no errors on the 424, but never showed the wlan0.  I could run lshw -C network, but would only show the wired adapter.  I could run lsusb, and it would show the device.  I could even run ndiswrapper -l and the device showed installed and hardware present.  So, what the hell?  No errors, everything working, but no WLAN0 shows up?

If I find more info, I’ll post it.

1. make sure the ndiswrapper package is installed, so do that.
2. Make sure that the wireless-tools package is installed. Probably is from the initial install.
3. Get your wireless driver for Windows XP.
4. Unpack the driver somewhere, then cd there and run ndiswrapper on driver. Something like so:
   ndiswrapper -i driver.inf

   I installed the Trendnet TEW-229 and that was:
   ndiswrapper -i sis162u.inf

5. Then let ndiswrapper setup the module.
   ndiswrapper -m
6. Then run: depmod -a
   After that you’ll see the ndiswrapper module when you run lsmod.

And from here I can see the module, but don’t know what to do… I’ll try to figure it out though, and write it here!

Here’s a quick post based on a Python Script I made in Zope to display the data from a ZSQL method in a 2 column table layout. Not that big of a deal, but I wanted to save this because it took a little bit of thought and some learning.
(My original code is all mess up on this, I’ll try to find and repost it.)

## Script (Python) "genlodinfo" ##bind container=container ##bind context=context ##bind namespace= ##bind script=script ##bind subpath=traverse_subpath ##parameters=itemid ##title= ## # Example code:  ################################### """  Author: Greg Fischer  1st Byte Solutions - greg@1stbyte.com   Date: 9/24/05   License: You are free to reengineer  rework, recode, redistribute, resell  or alter this  code in any way you see fit, but you   must give credit to my original work  and you must provide this same license  to those that may receive your distribution  if you do. (just leave my name on it,  and you must offer the same freedom  in your work, that's all)   Purpose: This script will gather  from a zsql method, cat the records  into address records (with exra info),  then generate a table with alternating  rows. In other words, it will fill the table  from left to right, then down a row, 2 columns  wide. """ ###################################  def iseven(n):    """Return true if n is even."""    return n%2==0  def isodd(n):    """Return true if n is odd."""       return not iseven(n)  # Import a standard function, and get the HTML request and response objects. from Products.PythonScripts.standard import html_quote request = container.REQUEST RESPONSE =  request.RESPONSE  rs = context.sql.ap_lodging(itemid) rownum = 1 x = [] for r in rs: 	ritemid = str(r[0]) 	rtqstart = str(r[4]) 	rtqend = str(r[5]) 	rstreet1 = r[12] 	rstreet2 = r[13] 	rcity = r[14] 	rstate = r[15] 	rzip = r[16] 	rnotes = r[18] 	 	lodstr = rtqstart + ' - ' + rtqend + '
' 	lodstr = lodstr + rstreet1 + '
' + rstreet2 + '
' 	lodstr = lodstr + rcity + ', ' + rstate + ' ' + rzip + '
' 	if rnotes <> '': 		lodstr = lodstr + rnotes + '
' 	 	x.append(lodstr)  table = '' tablee = '

' tr = '' tre = '' td = '' tde = '' 	 if len(x) >= 1: 	c = len(x) 	listing = '' 	cur = 0 	for addy in x: 		listing = listing + '' 		#first build the addy with starting table elements 		#first record only 		if cur == 0: 			listing = listing + table + tr + td + addy + tde 		#Now check if this is an odd seq item, 		#just add a new cell and end the row 		if isodd(cur): 			listing = listing + td + addy + tde + tre 		#if this is an even item, it should be on a new row 		#and NOT the first item 		if iseven(cur) and cur <> 0: 			listing = listing + tr + td + addy + tde 			#all good, but if last record, then end row 			#else skip and loop to previous isodd and  			#add a new cell(which ends the row as well) 			if cur == (c - 1): 				listing = listing + tre 		#if this is the last item, end the table 		if cur == (c - 1): 			listing = listing + tablee 		cur = cur + 1 else: 	listing = 'No records'   return listing

And you return the results simply by calling the script in your dtml. something like: dtml-var “path.to.script(itemid=itemid)”

As always, I hope this help someone else out there, not just myself! Good luck!

Ok, here’s my configure command:

 ./configure
--with-apxs2=/path/to/httpd/bin/apxs
--with-mysql=/path/to/mysql
--with-mysql-sock=/tmp/mysql.sock
--prefix=/path/to/httpd/php
--with-config-file-path=/path/to/httpd/php
--enable-force-cgi-redirect
--disable-cgi
--with-zlib
--with-gettext
--with-gdbm
--with-gd
--with-png
--with-png-dir=/usr/lib
--with-jpeg
--with-jpeg-dir=/usr/lib
--with-pdo-mysql
--with-mysqli

I ran into errors trying to run the function imagecreatefromjpeg and imagesx and imagesy. And the system could not find the jpeg libs. On Debian Sarge, you need to run an apt-get install libjpeg62-dev. Also, I ran configure with just the –with-jpeg switch, and it didn’t work. So, I had to also include the –with-jpeg-dir=/path/to/lib. On Debian is was in /usr/lib. After that, it all worked out.

It’s worth noting, you must have libpng, libjpeg, and GD installed as well.  If I remember, GD was already on Debian, or maybe it was in PHP, not sure about that, but I know it must installed.

I just spent an hour trying to figure this out, AGAIN! To compile Zlib support into your Python interpreter, do this:

1. Install the Zlib-dev package for your distribution. (you probably have zlib already, but not the dev package)
On Ubuntu it’s called ‘zlib1g-dev’, on others it might just be: zlib-dev or zlib-devel. Do a search on your distro package lists to find it.
You should end up with a ‘zlib.h’ file in your system. In mine, Ubuntu, I have /usr/include/zlib.h

2. Get your python sources to compile and run the configure script like so:
./configure –with-zlib=/usr/include

See there that I included the ‘/usr/include’ directory to find zlib.h in? After the make && make install it worked great!

Keep in mind your mileage may vary, but this might help I hope. More importantly, now I can remember how I did this! :)