Admin – Page 5

Gitify Your Life

Git was written to manage code, but Richard Hartmann presents a whole range of projects and tools that use Git for all sorts of things. 😀

From tracking personal notes to managing your website, wiki, and blog over tracking system and personal configuration files to managing videos, photos and other large files and making system backups, a lot of tools have been grown around the git ecosystem to help you support most tasks of your digital life. This talk will show you a lot of neat tools and tricks and it’s highly likely that you will adopt at least one of the various solutions.

http://youtu.be/Ln1Ri8kLzok

Watch it on YouTube or get it from the Debian Archives.

API Response Fail

If you must use XML in your APIs … OK, I can handle that. But if your responses look like this … I hate you!

WHY?!?!

System Administrators

System administrators are like janitors for the Internet. They have keys to everything, they make sure you’re warm and safe and if they do their job well you won’t even know they’re there.

… and like all people keeping infrastructure running they are grossly under-payed. 😉

Sometimes well-intentioned features have unintended side effects. Case in point: WordPress’ maintenance mode. Whenever you update plugins WP will automatically enter maintenance mode, which displays a nice message to your visitors that the site will be back online shortly. It will automatically go out of maintenance once the updates are done.

Well, sometimes unexpected things happen: you are stuck in maintenance mode. WP will effectively lock you out … even the admin section will not be accessible. *ugh* This is the moment you start panicking … luckily if you wait 10 minutes or delete the .maintenance file manually you’ll be able to access your site again. *phew*

Just went though that whole cycle. m(

JetPack vs. Antispam Bee

Seems like Jetpack discussions and Antispam Bee don’t go well together: upon submitting a comment you get a “Invalid security token” error. Well … bye, bye Jetpack discussions.

GitLab 3.1 released

Yay … GitLab 3.1 is out. 😀

Custom CAs everywhere

I recently finished introducing custom CA infrastructure in two instances. Each having two sub CAs, two Servers and a bunch of users. The “create your own CA” part was quite easy after I found a dated but still accurate tutorial. In hindsight it is quite silly why I didn’t do this before.

On the server side I had to make it work on:

Apache
Nginx
Postfix
Cyrus
Dovecot

Each expecting its own Format/Packing of certificates, keys and certificate chains. :/

On the client side I had to produce installation and configuration howtos for Windows and OS X and a bunch of popular browsers and email clients. Then there is the “user education” part … this is still in progress, but its looking good.

All in all, I’m happy with the result. 🙂

Fixing Borked UTF-8 Data in MySQL

While updating ownCloud to version 4 it reencoded my already UTF-8-encoded data and left me with borked strings.

I thought about trying to do a bunch of find and replace operations, but I knew this was error prone.

A little internet research produced a very simple simple solution for fixing double-encoded data in MySQL:

mysqldump -u DB_USER -p DB_PASSWORD --opt --quote-names --skip-set-charset --default-character-set=latin1 DB_NAME > DB_NAME-latin1-dump.sql
mysql -u DB_USER -p DB_PASSWORD --default-character-set=utf8 DB_NAME < DB_NAME-latin1-dump.sql

Just replace DB_USER, DB_PASSWORD and DB_NAME with the appropriate values and your good to go. 😀

Howto Renew Your SSL Certificates

So my IMAP server certificate expired today … so I needed to renew it. I use self-signed certificates for services I run myself.

First you need your config file. If you don’t have this you will be prompted to do so. (the Ubuntu Wiki has a nice introduction)

[ req ]
default_bits = 2048
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no

[ req_dn ]
C=DE
ST=HB
L=Bremen
O=IMAP-Server
OU=Automatically-generated IMAP SSL key
CN=imap.your-domain.tld
emailAddress=postmaster@yourdomain.tld

[ cert_type ]
nsCertType = server

Then you generate the new certificate (expiring in 365 days) using the config file from above (imapd.cnf) and have it save it into imapd.pem.

openssl req -x509 -days 365 -nodes -newkey rsa:2048 -config imapd.cnf -keyout imapd.pem -out imapd.pem

Restart your service.

If you need to check the new key’s fingerprint you can get it with the following command.

openssl x509 -in imapd.pem -fingerprint

Debugging SASL

If you are using Cyrus SASL with your Postfix you might feel the need to debug what SASL does in the background. But SASL does not log into /var/log/mail.*. 🙁

So after some research I fount a way …

/etc/init.d/saslauthd stop

Stop the SASL daemon and start it by hand:

saslauthd -d -a pam -r -c -m /var/spool/postfix/var/run/saslauthd

Consult the MECHANISMS and OPTIONS settings in /etc/defaults/saslauthd for which options to use in your case.
But the most important option is -d. It will run the daemon in the foreground and make it more verbose.

Now it will show you everything it does. 😀

Don’t forget to start the actual daemon once you are done debugging:

/etc/init.d/saslauthd start

Tag: Admin