Tag Archives: apache

How to deal with "RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)" problem

Publicat la 4 January 2014 14 comentarii

If you see [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) in you apache error.log file means you have created a cert that is intended to be used to sign other certs, but you're using that cert as your SSL cert. So, it depends how you create the SSL cert.

But how can we solve this problem?!

1. Generate private key and certificate signing request

[codesyntax lang="bash"]

openssl genrsa -des3 -passout pass:x -out server.pass.key 2048
openssl rsa -passin pass:x -in server.pass.key -out server.key
rm server.pass.key
openssl req -new -key server.key -out server.csr

[/codesyntax]

Note: when the openssl req command asks for a “challenge password”, just press return, leaving the password empty.

2. Generate SSL certificate

[codesyntax lang="bash"]

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

[/codesyntax]

How to install nagios3 from source on debian squeeze

Publicat la 14 December 2012 2 comentarii

1. First we will need to install the prereq’s by running:
[codesyntax lang="bash"]

apt-get install apache2 build-essential libgd2-xpm-dev libperl-dev openssl gcc make autoconf automake mailutils libssl-dev libmysqld-dev libmysqlclient-dev libldap2-dev libradiusclient-ng-dev libapache2-mod-php5 libsnmp-perl nfs-common nfs-kernel-server libnet-dns-perl libnet-snmp-perl libdbi-perl libapache2-request-perl libdbd-mysql-perl libcrypt-ssleay-perl mysql-client libnet-tftp-perl snmp

[/codesyntax]

2. Adding the Nagios user:
[codesyntax lang="bash"]

groupadd -g 9000 nagios && groupadd -g 9001 nagcmd && useradd -u 9000 -g nagios -G nagcmd -d /usr/local/nagios -c "Nagios User" nagios

[/codesyntax]

3. Download Nagios and Nagios plugins:
[codesyntax lang="bash"]

wget -c http://downloads.sourceforge.net/project/nagios/nagios-3.x/nagios-3.5.0/nagios-3.5.0.tar.gz
wget -c http://downloads.sourceforge.net/project/nagiosplug/nagiosplug/1.4.16/nagios-plugins-1.4.16.tar.gz

[/codesyntax]

4. Untar the archives:
[codesyntax lang="bash"]

tar xfvz nagios-3.5.0.tar.gz
tar xfvz nagios-plugins-1.4.16.tar.gz

[/codesyntax]

5. Compile Nagios
[codesyntax lang="bash"]

cd nagios
./configure --enable-nanosleep --enable-embedded-perl --with-command-group=nagcmd --with-gd-lib=/usr/lib --with-gd-inc=/usr/include

make all
make install
make install-init
make install-config
make install-commandmode
make install-webconf
cd ..

[/codesyntax]
6. Compile Nagios plugins:
[codesyntax lang="bash"]

cd nagios-plugins-1.4.16
./configure --with-nagios-user=nagios --with-nagios-group=nagios
make
make install
cd ..

[/codesyntax]
7. Add nagiosadmin user to the apache2
[codesyntax lang="bash"]

htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin

[/codesyntax]

8. Restart apache2 webserver
[codesyntax lang="bash"]

/etc/init.d/apache2 restart

[/codesyntax]

9. Add www-data user to nagcmd group

[codesyntax lang="bash"]

usermod -a -G nagcmd www-data

[/codesyntax]

10. Install nrpe server

[codesyntax lang="bash"]

wget -c http://downloads.sourceforge.net/project/nagios/nrpe-2.x/nrpe-2.14/nrpe-2.14.tar.gz
tar xfvz nrpe-2.14.tar.gz
cd nrpe-2.14
./configure --enable-command-args
make all
make install
cp init-script.debian /etc/init.d/nrpe-server
chmod 755 /etc/init.d/nrpe-server

[/codesyntax]

11. Configure nrpe server

[codesyntax lang="bash"]

cp -a sample-config/nrpe.cfg /usr/local/nagios/etc/

[/codesyntax]

12. Start services

[codesyntax lang="bash"]

/etc/init.d/nagios start
/etc/init.d/nrpe-server start

[/codesyntax]

Troubleshooting

If you get something like bellow:

Error: Could not stat() command file ‘/usr/local/nagios/var/rw/nagios.cmd’!
The external command file may be missing, Nagios may not be running, and/or Nagios may not be checking external commands.
An error occurred while attempting to commit your command for processing.

Return from whence you came

Just do the following:

[codesyntax lang="bash"]

ls -l /usr/local/nagios/var/rw/nagios.cmd

[/codesyntax]
prw-rw---- 1 nagios nagios 0 Aug 11 22:27 /usr/local/nagios/var/rw/nagios.cmd

[codesyntax lang="bash"]

chmod -R g+x /usr/local/nagios/var/rw
ls -l /usr/local/nagios/rw/nagios.cmd

[/codesyntax]
prw-rwx--- 1 nagios nagios 0 Aug 11 22:27 /usr/local/nagios/var/rw/nagios.cmd

[codesyntax lang="bash"]

/etc/init.d/nagios restart

[/codesyntax]

Also change group of the file
[codesyntax lang="bash"]

ls -l /usr/local/nagios/var/rw/nagios.cmd

[/codesyntax]
prw-rw---- 1 nagios nagios 0 Aug 11 22:27 /usr/local/nagios/var/rw/nagios.cmd

[codesyntax lang="bash"]

chown nagios:www-data /usr/local/nagios/var/rw/nagios.cmd

[/codesyntax]

And also, you may need to do the following and restart apache afterwards (I am pretty sure that you skipped by accident the step 9)
[codesyntax lang="bash"]

usermod -G nagios www-data
/etc/init.d/apache2 restart

[/codesyntax]

How to install mercurial on debian squeeze

Publicat la 30 July 2012 1 comentariu

This document describes how to install and configure mercurial on linux debian squeeze. With minor changes you can use this procedure on different linux distributions.

1. Install required packages
[codesyntax lang="bash"]

aptitude install mercurial libapache2-mod-wsgi

[/codesyntax]

2. Create repositories directories

mkdir -pv /repositories
chown -R www-data:www-data /repositories
cd /repositories

3. Configure hgweb.cgi script in order to server the repositories via Apache
[codesyntax lang="bash"]

cp /usr/share/doc/mercurial/examples/hgweb.cgi .
chmod a+x hgweb.cgi
vim /repositories/hgweb.cgi
:%s/\/path\/to\/repo\/or\/config/\/repositories\/hgweb.config
:wq

[/codesyntax]

4. Configure hgweb.config

[codesyntax lang="bash"]

vim /repositories/hgweb.config

[/codesyntax]

[collections]
/repositories = /repositories

[codesyntax lang="bash"]

:wq

[/codesyntax]

5. Configure Apache

[codesyntax lang="bash"]

vim /etc/apache2/sites-available/code.domain.com

[/codesyntax]

ServerName code.domain.com
ServerAlias code.domain.com

ScriptAlias /repositories "/repositories/hgweb.cgi"

DocumentRoot /repositories

ErrorLog /var/log/apache2/code.domain.com-error_log
CustomLog /var/log/apache2/code.domain.com-access.log combined
LogLevel warn
ServerSignature Off
[codesyntax lang="bash"]

:wq

[/codesyntax]

6. Restart Apache
[codesyntax lang="bash"]

/etc/init.d/apache2 restart

[/codesyntax]

7. Make a test repository

[codesyntax lang="bash"]

mkdir test
cd test
hg init

[/codesyntax]

8. Enable notify extension

[codesyntax lang="bash"]

vim /etc/mercurial/hgrc.d/hgext.rc
:%s/# hgext.notify/hgext.notify
:wq

[/codesyntax]

9. Configure email notifications for earlier created repository
[codesyntax lang="bash"]

vim /repositories/test/.hg/hgrc

[/codesyntax]

[paths]
default = ssh://root@code.domain.com//repositories/configs
default-push = ssh://root@code.domain.com//repositories/configs
# in case you have ssh on a non standard port then you should use something like that
#default-push = ssh://root@code.domain.com:port//repositories/configs

[extensions]
hgext.notify=

[hooks]
changegroup.notify = python:hgext.notify.hook

[email]
from = mercurial@domain.com

[smtp]
host = domain.com

[web]
baseurl= http://code.domain.com/repositories/

[notify]
sources = serve

test = False
diffstat = False
merge = False

maxdiff = 0

template = Subject: [{webroot|basename}]: {desc|strip|firstline}\n\ndetails: {baseurl}{webroot|basename}/rev/{node|short}\nchangeset: {rev}:{node|short}\nuser: {author}\ndate: {date|date}\ndescription:\n{desc}\n\nfiles changed:\n {files}\n\n\n

[usersubs]
user@example.com = *

[reposubs]
configs = user@example.com
[codesyntax lang="bash"]

:wq

[/codesyntax]

10. Copying some files in the repository
[codesyntax lang="bash"]

rsync -avz /some/files/* .
hg add
hg status
hg commit -m "Added initial files to the repo" -u user
hg push

[/codesyntax]