Wednesday, July 31, 2013

Enable SSL for Apache Httpd - Tomcat


Follow the steps below to achieve ssl (or https):

  1. Enable ssl module on apache : sudo a2enmod ssl (the ssl mod config is usually located @ /etc/apache2/mods-available)
  2. Edit the /etc/apache2/sites-available/default-ssl file. Add the following lines:
    • ProxyPass /payment         ajp://<your website url>/<sub folder to redirect> (e.g. ajp://anant.apnapaisa.com/payment)
    • ProxyPassReverse /payment   ajp://<your website url>/<sub folder to redirect>  )e.g. ajp://anant.apnapaisa.com/payment)
  3. Add the below lines to enable images, scripts and styles to be served via https.
    • Alias /<path to scripts> /<Complete path to scripts> (e.g. /scripts /home/anant/code/tomcat/webapps/als/scripts)
    • Alias /<path to styles>/style /<Complete path to sty;es> (e.g. /home/anant/code/tomcat/webapps/als/style)
    • Alias /<path to images> /<Complete path to imagess> (e.g. /images/ /home/anant/code/tomcat/webapps/als/images/)
  4. Save the file and enable the default-site: sudo a2ensite default-ssl
  5. Try running https://localhost. Ignore the security warning your browser displays (if it displays any). You should reach the "It Works" page.
  6. In your tomcat conf/server.xml, uncomment the line:

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"

                       maxThreads="150" scheme="https" secure="true"                       clientAuth="false" sslProtocol="TLS" />

You should now be able to direct https request to your servlets deployed on tomcat.

Note: The proxy settings are for ajp connector. Use the appropriate protocol for http connector.
Posted by at No comments:

Monday, June 24, 2013

MySql replication error: "Could not parse relay log event entry"

I was able to solve this problem by executing the following steps.


  1. I checked replication on the other slave. The replication thread on the other slave was running fine and slave was upto date with the master, implying that the relay logs on the first slave were the problem.
  2. On my first slave (the one with the replication error) I ran the following commands:
    • stop slave;
    • show slave status\G;
    • Note the Relay_Master_Log_File and Exec_Master_Log_Pos variables.
    • run command:- change master to MASTER_LOG_FILE='mysql-bin.010530, MASTER_LOG_POS=40783167;
    • start slave
This fixed my replication problem.
Posted by at No comments:

Wednesday, June 19, 2013

Debugging ssh permission denied for password-less login

Sometimes after setting up password less login using ssh, you still get the password prompt when a login is attempted. The reason could be multifold. This is how you can go about debugging the problem.

  • use the -v switch with ssh. This will give you the detailed steps of all that ssh tried before falling back to the password prompt.
  • Login to the machine where you were trying to connect to and look at the auth logs on the machine. (Note: Auth logs are located @/var/log/auth.log. )
  • Often the problem is that you have to add the users group to "AllowGroups" property in /etc/ssh/sshd_config file.
Posted by at No comments:

Thursday, May 16, 2013

Password less login using ssh

Password less login using ssh


Here are the steps you need to take to achieve this.

On your system:
  • run ssh-keygen -t dsa (you can use either dsa or rsa. Both provide almost the same level of security. dsa can only be used for signing where rsa can be used for encryption as well.). Below is a typical command line output for this command.
    • tritium@tritium-pc:~&gt; ssh-keygen -t dsa  
 Generating public/private dsa key pair.  
 Enter file in which to save the key (/home/tritium/.ssh/id_dsa):  
 Enter passphrase (empty for no passphrase):  
 Enter same passphrase again:  
 Your identification has been saved in /home/tritium/.ssh/id_dsa.  
 Your public key has been saved in /home/tritium/.ssh/id_dsa.pub.  
 The key fingerprint is:  
 f6:61:a8:27:35:cf:4c:6d:13:22:70:cf:4c:c8:a0:23 tritium@tritium-pc
  • The public key i.e id_dsa.pub (or id_rsa.pub in case you used rsa) will be used for authentication. You can enter an empty passpharse (by pressing enter key) or a random string/statement (with spaces) as the passphrase.
  • Login to the remote machine to which you want to enable password less login as yourself which is tritium. If you do not have the user tritium on the remote server you will need to create one. User creation require root user access.
    • To create the user tritium login to the remote machine as root and run the command adduser <username>. Below is a sample run for the command
    • root@Play-area:~$ adduser tritium  
 Adding user `tritium' ...  
 Adding new group `tritium' (1004) ...  
 Adding new user `tritium' (1003) with group `tritium' ...  
 Creating home directory `/home/tritium' ...  
 Copying files from `/etc/skel' ...  
 Enter new UNIX password:   
 Retype new UNIX password:   
 passwd: password updated successfully  
 Changing the user information for anant  
 Enter the new value, or press ENTER for the default  
      Full Name []: Tritium  
      Room Number []:   
      Work Phone []:   
      Home Phone []:   
      Other []:   
 Is the information correct? [Y/n] Y  
      Note: I have used adduser instead of the lower lever useradd. adduser is mostly a wrapper over useradd. It creates the user home directory and copies over the /etc/skel i.e. the .bash files over the created user. 
  • Create the .ssh folder and give it permissions 740.
  • Copy the id_pub.dsa (or id_pub.rsa) file to the directory.ssh and give it the permission 400.
  • Rename the id_pud.dsa (or id_pub.rsa) to authorized_keys.
  • That is it. You are done. Now if ssh the remote machine it will login without promting for your password. It will ask for the passphrase if a non-null passphrase was used.
    • tritium@tritium-pc:~$ ssh 192.168.11.13  
 Linux Play-area 2.6.32-21-generic-pae #32-Ubuntu SMP Fri Apr 16 09:39:35 UTC 2010 i686 GNU/Linux  
 Ubuntu 10.04.4 LTS  
 Welcome to Ubuntu!  
  * Documentation: https://help.ubuntu.com/  
  System information as of Thu May 16 11:47:46 IST 2013  
  System load: 0.0         Memory usage: 47%  Processes:    92  
  Usage of /: 34.2% of 140.68GB  Swap usage:  0%  Users logged in: 0  
  Graph this data and manage this system at https://landscape.canonical.com/  
 33 packages can be updated.  
 28 updates are security updates.  
 New release 'precise' available.  
 Run 'do-release-upgrade' to upgrade to it.  
 *** System restart required ***  
 Last login: Thu May 16 11:42:25 2013 from tritium-pc
Posted by at No comments:
Subscribe to: Posts (Atom)