Tuesday, June 29, 2021

Converting putty formatted ppk private key into ssh formatted private key

Putty used different format of private key compared to openssh. To use putty private key (usually with .ppk extension) with openssh, we need to convert it into openssh formatted private key.

To do this, we need putty tools. To install putty tools:

# apt install putty-tools -y


To convert, just use a command called puttygen, which is part of the putty-tools package

# puttygen myprivatekey.ppk -O private-openssh -o myprivatekey.priv

whereby myprivatekey.ppk is the private key in putty format, -O is to specify what output type we want puttygen to produce and -o is to specify the output file.


Once produced, we can test the private key using ssh command

# ssh myuser@myserver -i myprivatekey.pem

Saturday, June 26, 2021

Adding custom nameserver in systemd-resolve

The old /etc/resolve is now being managed by systemd-resolve service, which is part of systemd. In order to add new nameserver, please follow below steps


1. Create a directory named /etc/systemd/resolved.conf.d/

# mkdir /etc/systemd/resolved.conf.d


2. Add a new configuration file for your new dns server. Let's say we want to add google's dns ip address, which are 8.8.8.8 and 8.8.4.4 

# cat >> /etc/systemd/resolved.conf.d/mynameserver.conf <<EOF

[Resolve]

DNS=8.8.8.8 8.8.4.4

EOF


3. Restart the service

# systemctl restart systemd-resolved


4. Verify that your dns is now being used by the system

# systemd-resolve --status

Global

       LLMNR setting: no                  

MulticastDNS setting: no                  

  DNSOverTLS setting: no                  

      DNSSEC setting: no                  

    DNSSEC supported: no                  

         DNS Servers: 8.8.8.8             

                                8.8.4.4             

...


For more information about what option can be included in the configuration file, please refer to resolved.conf man page.

Friday, June 25, 2021

Testing ssl certificate and key using nginx docker

This is assuming our certs are for www.mydomain.com, our key is domain.key and our domain cert is domain.crt.

1. Get the domain certificate and your private key. The key is generated when you generate the CSR to apply for ssl, and the certificate is sent to you from you ssl provider

$ ls 

domain.crt domain.key


2. If your provider does not provide you with the bundled certificate, you need to get the root and intermediate certificate from the provider, since nginx needs the root, intermediate and domain to be in the same file for the ssl to work.


3. Combine domain certificate, intermediate certificate and root certificate into a file, let's call the file combined.crt

$ cat domain.crt intermediate.crt root.crt > combined.crt


4. Remove any ^M (carriage return) characters from the combined.crt file

$ sed -i 's/\r$//' combined.crt


5. Start an nginx docker container

$ docker run -dit --name nginx nginx:latest


6. Get the ip address of the docker container

$ docker inspect nginx | grep -w IPAddress

            "IPAddress": "172.17.0.2",

                    "IPAddress": "172.17.0.2",


7. Put the reference of our domain to the container's ip address in /etc/hosts
# cat >> /etc/hosts <<EOF
172.17.0.2 www.mydomain.com
EOF

8. Transfer our combined.crt and domain.key into the container
$ docker cp combined.crt nginx:/tmp
$ docker cp domain.key nginx:/tmp

9. Get the nginx configuration from the container, edit it, and upload it back into the container
$ docker cp nginx:/etc/nginx/conf.d/default.conf .
$ vi default.conf
server { 
...
    listen       443 ssl;
    server_name  www.mydomain.com;

    ssl_certificate     /tmp/combined.crt;
    ssl_certificate_key /tmp/domain.key;
...
}
$ docker cp default.conf nginx:/etc/nginx/conf.d

10. Restart nginx container
$ docker restart nginx

11. Make sure the container restarted successfully
$ docker ps

12. Open up a browser and browse to https://www.mydomain.com. If all is good, you should be able to see the padlock icon beside the domain nama, and the status of the connection is secure


Thursday, June 24, 2021

Checking if private key matches ssl certificate

To check if our private key and ssl certificate matched against each other, we need to compare two command outputs:


1. Run below command against the private key
$ openssl rsa -noout -modulus -in private.key | openssl md5

2. Run below command against the ssl certificate
$ openssl x509 -noout -modulus -in server.cert | openssl md5

The output for both the commands should be the same, showing that the key and cert are compatible.

Wednesday, June 23, 2021

Increase file upload size in wildfly

To increase file upload size limit in wildfly, the steps are as follows:

1. Go to bin directory in wildfly (assuming your wildfly directory is located in /opt), and connect to wildfly console

# cd /opt/wildfly/bin

# ./jboss-cli.sh -c


2. Go to /subsystem=undertow/server=default-server/http-listener=default

[standalone@localhost:9990 /] cd /subsystem=undertow/server=default-server/http-listener=default


3. Increase max-header-size to a higher value

[standalone@localhost:9990 /] :write-attribute(name=max-header-size,value=30000000)

{

    "outcome" => "success",

    "response-headers" => {

        "operation-requires-reload" => true,

        "process-state" => "reload-required"

    }

}


4. Increase max-post-size to a higher value

[standalone@localhost:9990 /] :write-attribute(name=max-post-size,value=30000000)

{

    "outcome" => "success",

    "response-headers" => {

        "operation-requires-reload" => true,

        "process-state" => "reload-required"

    }

}


5. Check if both is now increased in value
[standalone@localhost:9990 /] ls
max-header-size=30000000
...
max-post-size=30000000  

You are all set, test upload using your application to verify the change. Restart wildfly if necessary.

Saturday, June 19, 2021

Sending email from command line

To send simple email easily using command line, you can use sendmail command. This command is part of postfix, and should not be confused with the sendmail mail server. You can get this command by installing postfix.

# yum install postfix -y

To use sendmail command, it is very simple. Just run sendmail with a recipient's email address, type your message, and press dot (.) to send the message.
# sendmail myemail@myserver.com
SUBJECT: This is a test email 
Please do not reply, this is just a test email.
.

Check maillog to see if the email is being sent
# tail /var/log/maillog
...
Jun 19 08:19:08 myotherserver postfix/smtp[541113]: 35B81402B95B: to=<myemail@myserver.com>
19/0.04/0.02/0, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 92D95960492)
Jun 19 08:19:08 myotherserver postfix/qmgr[541108]: 35B81402B95B: removed

Tuesday, June 8, 2021

Putting a currently running process in the background

Sometimes a process seems like hanging, the terminal is irresponsive, you know it is running, but somehow you need to logout and need the process to continue running in the background.

This calls for a "kill" command with SIGSTOP and SIGCONT signals.

1. First, find the pid of the process

$ ps -ef | grep myprocess

1234

2. Once you have the pid, issue a kill with SIGSTOP signal to stop the process, assuming the process id is 1234.

$ sudo kill -SIGSTOP 1234

3. Issue a kill with SIGCONT to continue the process back in the background

$ sudo kill -SIGCONT 1234

4. You can check the backgrounded process using jobs command

$ jobs -l

[1]+ 1234 Stopped (signal)        myprocess

5. To get the process back to the foreground, just use fg command. %1 referring to the jobs number when you use the jobs command.

$ fg %1


You can refer to kill and signal man pages for more information.