Generating Self-Signed Certificate in XAMPP Win32 for Apache Web Server

Below are the steps and additional information used to generate self-signed certificate and keys for Apache Web server in XAMPP for Win32 platform.

#Step 1: Generate a Private Key
C:\xampp\apache\bin>openssl genrsa -des3 -out server.key 1024     
Loading ‘screen’ into random state – done
Generating RSA private key, 1024 bit long modulus
…………………………………………………++++++
……………………………………++++++
e is 65537 (0×10001)
Enter pass phrase for server.key: xxxxxxxx
Verifying – Enter pass phrase for server.key: xxxxxxxx

#Step 2: Generate a CSR (Certificate Signing Request)
C:\xampp\apache\bin>openssl req -new -key server.key -config “C:\xampp\php\extras\openssl\openssl.cnf” -out server.csr              
Enter pass phrase for server.key:  xxxxxxxx
Loading ‘screen’ into random state – done
You are about to be asked to enter information that will be incorporated into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:Western Australia
Locality Name (eg, city) []:Perth
Organization Name (eg, company) [Internet Widgits Pty Ltd]:LatunyJ Corporation
Organizational Unit Name (eg, section) []:Information Technology
Common Name (eg, YOUR name) []:latunyj.no-ip.org
Email Address []:latunyj@hotmail.com

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []: xxxxxxxx
An optional company name []:LatunyJ Corporation

#Step 3: Remove Passphrase from Key
C:\xampp\apache\bin>copy server.key server.key.org                                                                                  
1 file(s) copied.

C:\xampp\apache\bin>openssl rsa -in server.key.org -out server.key
Enter pass phrase for server.key.org:
writing RSA key

#Step 4: Generating a Self-Signed Certificate
C:\xampp\apache\bin>openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Loading ‘screen’ into random state – done
Signature ok
subject=/C=AU/ST=Western Australia/L=Perth/O=LatunyJ Corporation/OU=Information Technology/CN=latunyj.no-ip.org/emailAddress=latunyj@hotmail.com
Getting Private key

#Step 5: Installing the Private Key and Certificate
C:\xampp\apache\bin>copy server.crt c:\xampp\apache\conf\ssl.crt
C:\xampp\apache\bin>copy server.key c:\xampp\apache\conf\ssl.key

#Step 6: Restart Apache and Test 
Restart Apache

References:
http://www.akadia.com/services/ssh_test_certificate.html
http://www.opencodez.com/apache/ssl-certificate-and-install-in-xampp.htm

Advertisements

Installing GeoIP database in Ubuntu 10.04

These are the steps used to install free version of Maxmind GeoIP database which is used to get the location information of an Internet Protocol Address (IP Address) through a query using PHP.

Install geoip for php5 by using the command: sudo apt-get install php5-geoip
Restart apache2 server by using the command: sudo /usr/sbin/apache2ctl graceful

Next, getting the geoip database itself by issuing the command: wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz

Further, it is needed to unzip the database by using the command: gunzip GeoLiteCity.dat.gz
Create a directory/folder to put the database: sudo mkdir -v /usr/share/GeoIP
Move the database to its position: sudo mv -v GeoLiteCity.dat /usr/share/GeoIP/GeoIPCity.dat

To use the installed geoip database, construct a simple PHP file (i.e., testgeoip.php) and copy the following codes and paste into the testgeoip.php

//content of testgeoip.php

<?php
$trace_ip_addr = ‘180.216.59.213’; // put any chosen IP address here
$geoinfo = geoip_record_by_name(”.$trace_ip_addr.”);
echo “Raw GeoIP information for:  $trace_ip_addr \n\n”;
print_r($geoinfo);
?>

Run the file within the terminal by issuing the command: php testgeoip.php or put the file in www root folder of a web server and open it using a browser.

>> To test how a GeoIP database is implemented using PHP to be accessed via browser, click here.

Ref: http://php.net/manual/en/geoip.setup.php

Mail Server with Postfix, Dovecot and MySQL on Ubuntu 10.04 LTS using Virtual Domain

=== Install Packages ===
Let’s start by installing the corresponding packages needed for a virtual mail server in Ubuntu 10.04 by issuing the following install commands:

apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server dovecot-common dovecot-imapd dovecot-pop3d libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql

First set proper server hostname with its FQDN (Fully Qualified Domain Name).
hostname -f unpatti.inherent-dikti.net

=== MySQL: Create Database, Tables and Users ====
Login to MySQL and create corresponding database, tables and users:

CREATE DATABASE mail;
USE mail;

GRANT SELECT, INSERT, UPDATE, DELETE ON mail.* TO ‘mailadmin’@’localhost’ IDENTIFIED BY ‘password’;
GRANT SELECT, INSERT, UPDATE, DELETE ON mail.* TO ‘mailadmin’@’localhost.localdomain’ IDENTIFIED BY ‘password’;
FLUSH PRIVILEGES;

CREATE TABLE domains (domain varchar(50) NOT NULL, PRIMARY KEY (domain) );
CREATE TABLE forwardings (source varchar(80) NOT NULL, destination TEXT NOT NULL, PRIMARY KEY (source) );
CREATE TABLE users (email varchar(80) NOT NULL, password varchar(20) NOT NULL, PRIMARY KEY (email) );
CREATE TABLE transport ( domain varchar(128) NOT NULL default ”, transport varchar(128) NOT NULL default ”, UNIQUE KEY domain (domain) );
quit

=== Create Configuration files ===

nano /etc/postfix/mysql-virtual_domains.cf
Copy and paste the following contents, change somepassword to an appropriate one.

user = mailadmin
password = somepassword
dbname = mail
query = SELECT domain AS virtual FROM domains WHERE domain=’%s’
hosts = 127.0.0.1

nano /etc/postfix/mysql-virtual_forwardings.cf
Copy and paste the following contents, change somepassword to an appropriate one.

user = mailadmin
password = somepassword
dbname = mail
query = SELECT destination FROM forwardings WHERE source=’%s’
hosts = 127.0.0.1

nano /etc/postfix/mysql-virtual_mailboxes.cf
Copy and paste the following contents, change somepassword to an appropriate one.

user = mailadmin
password = somepassword
dbname = mail
query = SELECT CONCAT(SUBSTRING_INDEX(email,’@’,-1),’/’,SUBSTRING_INDEX(email,’@’,1),’/’) FROM users WHERE email=’%s’
hosts = 127.0.0.1

nano /etc/postfix/mysql-virtual_email2email.cf
Copy and paste the following contents, change somepassword to an appropriate one.

user = mailadmin
password = somepassword
dbname = mail
query = SELECT email FROM users WHERE email=’%s’
hosts = 127.0.0.1

Set proper permissions and ownership for these configuration files by issuing the following commands:
chmod o= /etc/postfix/mysql-virtual_*.cf
chgrp postfix /etc/postfix/mysql-virtual_*.cf

create a user and group for mail handling. All virtual mailboxes will be stored under this user’s home directory.

groupadd -g 5000 vmail
useradd -g vmail -u 5000 vmail -d /home/vmail -m

Issue the following commands to complete the remaining steps required for Postfix configuration, be sure to replace “unpatti.inherent-dikti.net” with the fully qualified domain name for your system mail name.

postconf -e ‘myhostname = unpatti.inherent-dikti.net’
postconf -e ‘mydestination = ‘
mynetworks = 127.0.0.0/8 [::1]/128
postconf -e ‘message_size_limit = 30720000′
postconf -e ‘virtual_alias_domains =’
postconf -e ‘virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf’
postconf -e ‘virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf’
postconf -e ‘virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf’
postconf -e ‘virtual_mailbox_base = /home/vmail’
postconf -e ‘virtual_uid_maps = static:5000′
postconf -e ‘virtual_gid_maps = static:5000′
postconf -e ‘smtpd_sasl_auth_enable = yes’
postconf -e ‘broken_sasl_auth_clients = yes’
postconf -e ‘smtpd_sasl_authenticated_header = yes’
postconf -e ‘smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination’
postconf -e ‘smtpd_use_tls = yes’
postconf -e ‘smtpd_tls_cert_file = /etc/postfix/smtpd.cert’
postconf -e ‘smtpd_tls_key_file = /etc/postfix/smtpd.key’
postconf -e ‘virtual_create_maildirsize = yes’
postconf -e ‘virtual_maildir_extended = yes’
postconf -e ‘proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps’
postconf -e virtual_transport=dovecot
postconf -e dovecot_destination_recipient_limit=1

Example of my Postfix main.cf contents are shown below.
=================== Example of MAIN.CF =====

# See /usr/share/postfix/main.cf.dist for a commented, more complete version

# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA’s job.
append_dot_mydomain = no

# Uncomment the next line to generate “delayed mail” warnings
#delay_warning_time = 4h

readme_directory = /usr/share/doc/postfix

# TLS parameters
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = unpatti.inherent-dikti.net
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination =
relayhost =
mynetworks = 127.0.0.0/8 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
#inet_protocols = all

# Virtual Mailbox Domain Settings

virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_limit = 51200000
virtual_minimum_uid = 5000
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
virtual_mailbox_base = /home/vmail
virtual_transport = dovecot

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
inet_protocols = all
message_size_limit = 30720000
virtual_alias_domains =
smtpd_sasl_authenticated_header = yes
virtual_maildir_extended = yes
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
dovecot_destination_recipient_limit = 1
html_directory = /usr/share/doc/postfix/html

=================== End of Example of MAIN.CF =====

Create an SSL Certificate for Postfix ===
Issue the following commands to create the SSL certificate:

cd /etc/postfix
openssl req -new -outform PEM -out smtpd.cert -newkey rsa:2048 -nodes -keyout smtpd.key -keyform PEM -days 365 -x509

Enter the appropriate information for your server, remember to use a FQDN mail name for Common Name line in the place of unpatti.inherent-dikti.net

Country Name (2 letter code) [AU]:ID
State or Province Name (full name) [Some-State]:Maluku
Locality Name (eg, city) []:Ambon
Organization Name (eg, company) [Internet Widgits Pty Ltd]:UNPATTI
Organizational Unit Name (eg, section) []:INHERENT
Common Name (eg, YOUR name) []:unpatti.inherent-dikti.net
Email Address []:postmaster@unpatti.inherent-dikti.net

Set proper permissions for the key file by issuing the following command:
chmod o= /etc/postfix/smtpd.key

=== Configure saslauthd to use MySQL ===

Create a directory for saslauthd:
mkdir -p /var/spool/postfix/var/run/saslauthd

Make a backup copy of the /etc/default/saslauthd:
cp -a /etc/default/saslauthd /etc/default/saslauthd.bak

Edit the file /etc/default/saslauthd to match the configuration shown below.
nano /etc/default/saslauthd
Copy and paste the following contents.

START=yes
DESC=”SASL Authentication Daemon”
NAME=”saslauthd”
MECHANISMS=”pam”
MECH_OPTIONS=””
THREADS=5
OPTIONS=”-c -m /var/spool/postfix/var/run/saslauthd -r”

Create the file /etc/pam.d/smtp and copy in the following two lines. Be sure to change “mailadmin_password” to the password you chose for your mail administration of MySQL user.
nano /etc/pam.d/smtp
Copy and paste the following contents.

auth    required   pam_mysql.so user=mailadmin passwd=somepassword host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1
account sufficient pam_mysql.so user=mailadmin passwd=somepassword host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1

Create a file named /etc/postfix/sasl/smtpd.conf with the following contents. Be sure to change “somepassword” to the password you chose for your mail administration of MySQL user.
nano /etc/postfix/sasl/smtpd.conf
Copy and paste the following contents, change somepassword to an appropriate one.

pwcheck_method: saslauthd
mech_list: plain login
allow_plaintext: true
auxprop_plugin: mysql
sql_hostnames: 127.0.0.1
sql_user: mailadmin
sql_passwd: somepassword
sql_database: mail
sql_select: select password from users where email = ‘%u’

Set proper permissions and ownership for these configuration files:
chmod o= /etc/pam.d/smtp
chmod o= /etc/postfix/sasl/smtpd.conf

Add the Postfix user to the sasl group and restart Postfix and saslauthd by issuing the following commands:
adduser postfix sasl
service postfix restart
service saslauthd restart

=== Configure Dovecot ===
Edit the file /etc/postfix/master.cf
nano /etc/postfix/master.cf
Add the dovecot service content to the bottom of the file.

dovecot   unix  –       n       n       –       –       pipe
flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -d ${recipient}

Make a backup copy of /etc/dovecot/dovecot.conf file.
cp -a /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.conf.bak

Edit /etc/dovecot/dovecot.conf file.
nano /etc/dovecot/dovecot.conf

Replace the contents of the file with the following example, substituting your system’s domain name to replace unpatti.inherent-dikti.net
Copy and paste the following contents.

protocols = imap imaps pop3 pop3s

log_timestamp = “%Y-%m-%d %H:%M:%S “
mail_location = maildir:/home/vmail/%d/%n/Maildir

ssl_cert_file = /etc/ssl/certs/dovecot.pem
ssl_key_file = /etc/ssl/private/dovecot.pem

namespace private {
separator = .
prefix = INBOX.
inbox = yes
}

protocol lda {
log_path = /home/vmail/dovecot-deliver.log
auth_socket_path = /var/run/dovecot/auth-master
postmaster_address = postmaster@unpatti.inherent-dikti.net
mail_plugins = sieve
global_script_path = /home/vmail/globalsieverc
}

protocol pop3 {
pop3_uidl_format = %08Xu%08Xv
}

auth default {
user = root

passdb sql {
args = /etc/dovecot/dovecot-sql.conf
}

userdb static {
args = uid=5000 gid=5000 home=/home/vmail/%d/%n allow_all_users=yes
}

socket listen {
master {
path = /var/run/dovecot/auth-master
mode = 0600
user = vmail
}

client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
}

MySQL will be used to store password information, so /etc/dovecot/dovecot-sql.conf must be edited.
Make a backup copy of the existing file.
cp -a /etc/dovecot/dovecot-sql.conf /etc/dovecot/dovecot-sql.conf.bak

Replace the contents of the file with the following example, making sure to replace “mailadmin_password” with your mail password.
nano /etc/dovecot/dovecot-sql.conf

driver = mysql
connect = host=127.0.0.1 dbname=mail user=mailadmin password=somepassword
default_pass_scheme = CRYPT
password_query = SELECT email as user, password FROM users WHERE email=’%u’;

Dovecot has now been configured. You must restart it to make sure it is working properly:
service dovecot restart

Check the /var/log/mail.log to make sure dovecot started without errors.
tail /var/log/mail.log

The log should have lines similar to the following:
Aug  1 22:16:32 unpatti dovecot: Dovecot v1.2.9 starting up (core dumps disabled)
Aug  1 22:16:32 unpatti dovecot: auth-worker(default): mysql: Connected to 127.0.0.1 (mail)

Change the permissions on /etc/dovecot/dovecot.conf to allow the vmail user to access them:

chgrp vmail /etc/dovecot/dovecot.conf
chmod g+r /etc/dovecot/dovecot.conf

Test the POP3 server to make sure it’s running properly
telnet localhost pop3

=== Configure Mail Aliases ===

nano /etc/aliases
Copy and paste the following contents.

postmaster: root
root: postmaster@unpatti.inherent-dikti.net

Run the following commands to update aliases and restart Postfix:

newaliases
service postfix restart

=== Testing Postfix section ===

To test Postfix for SMTP-AUTH and TLS, issue the following command:
telnet localhost 25

While connected to Postfix, issue the following command:
ehlo localhost

Check the output, you should see the line “250-STARTTLS” included.
Issue the command quit to terminate the Postfix connection.

Setting up Domains and Users ===
Login to MySQL to create domain and email user name / address:

mysql -u root -p

USE mail;
INSERT INTO domains (domain) VALUES (‘unpatti.inherent-dikti.net’);
INSERT INTO users (email, password) VALUES (‘admin@unpatti.inherent-dikti.net’, ENCRYPT(‘somepassword’));
INSERT INTO users (email, password) VALUES (‘postmaster@unpatti.inherent-dikti.net’, ENCRYPT(‘somepassword’));
INSERT INTO users (email, password) VALUES (‘hostmaster@unpatti.inherent-dikti.net’, ENCRYPT(‘somepassword’));
INSERT INTO users (email, password) VALUES (‘latunyj@unpatti.inherent-dikti.net’, ENCRYPT(‘mypassword’));
quit

Replace the above email addresses and passwords that suits your system.

it is needed to send a welcome message to new email accounts before they can be accessed via IMAP or POP3. This is because the mailboxes for new users will not be created until an email is received for them.

=== Check Mail Server Logs ===
After welcome / test mail had been sent the test mail, you’ll want to check your error logs to make sure the mail was delivered. First check your mail.log located in /var/log/mail.log. You should see something similar to the following:

Aug  1 23:45:54 unpatti postfix/cleanup[7383]: 0E631400968: message-id=<5162.180.216.122.76.1312260058.squirrel@latunyj.no-ip.org>
Aug  1 23:45:54 unpatti postfix/qmgr[7168]: 0E631400968: from=<beta@latunyj.no-ip.org>, size=1516, nrcpt=1 (queue active)
Aug  1 23:45:55 unpatti postfix/pipe[7384]: 0E631400968: to=<latunyj@unpatti.inherent-dikti.net>, relay=dovecot, delay=2.7, delays=2.6/0.01/0/0.14, dsn=2.0.0, status=sent (delivered via dovecot service)
Aug  1 23:45:55 unpatti postfix/qmgr[7168]: 0E631400968: removed

cat /home/vmail/dovecot-deliver.log

Next, check the Dovecot delivery log located in /home/vmail/dovecot-deliver.log. The contents should look similar to the following:

2011-08-01 23:45:55 deliver(latunyj@unpatti.inherent-dikti.net): Info: msgid=<5162.180.216.122.76.1312260058.squirrel@latunyj.no-ip.org>: saved mail to INBOX

=== Test the Mailbox ===

cd /home/vmail/unpatti.inherent-dikti.net/latunyj/Maildir
find

The output similar to the following should be seen:
.
./new
./new/1312209954.M981760P7385.unpatti.inherent-dikti.net,S=1571,W=1604
./cur
./dovecot.index.log
./dovecot-uidlist
./dovecot-uidvalidity
./tmp
./dovecot-uidvalidity.4e36bc22

Up to this section the mail server using Virtual Domain with Postfix, MySQL and Dovecot is ready. Squirrelmail can be installed to provide a web-based mail access to users.

Reference: http://library.linode.com/email/postfix/dovecot-mysql-ubuntu-10.04-lucid

Fedena Project version 2.0 for Win32 Platform

Installation steps of Fedena Project version 2.0 for Win32 platform:

Part A: Install Ruby
Download and install One-Click Ruby Installer for Windows.
http://rubyforge.org/frs/download.php/72085/rubyinstaller-1.8.7-p302.exe

Part B: Install Rails
Use the RubyGems package manager to download and install Rails 2.3.5 (Note: Version should be 2.3.5),
1. Open a command window and run the command “gem install rails -v=2.3.5 –remote” (without quotes).
2. Check rake version: “gem list rake” (check version, if v 0.9.2 installed, it must be downgraded)
3. Run the command “gem uninstall rake”. (this will uninstall v 0.9.2)
4. Run the command “gem install rake -v 0.8.7″. (downgraded to version 0.8.7)
5. Then, run the command “gem install prawn -v=0.6.3 –remote”.

Part C: Install MySQL
1. Download and install the “essential” version of the MySQL installer v5.0 from http://downloads.mysql.com/archives/mysql-5.0/mysql-essential-5.0.90-win32.msi
2. Copy libmysql.dll from MySQL bin directory (usually C:\Program Files\MySQL\MySQL Server 5.0\bin) to Ruby bin directory (usually C:\Ruby\bin)
3. Or download it from http://instantrails.rubyforge.org/svn/trunk/InstantRails-win/InstantRails/mysql/bin/libmySQL.dll

Part D: Setup Fedena
1. Download Fedena source code from GitHub or from http://www.projectfedena.org/download. Extract the ZIP/TAR archive and save to a folder (i.e., C:\Fedena).
2. Now go to the Fedena source directory in the command window.
3. Run the command “gem install mysql”.
4. Run the command “rake gems:install” .This will install all missing gems.
5. Update the MySQL database details in Fedena/config/database.yml (under “development:”)
6. Run the command “rake db:create”. This will create the required databases.
7. Run the command “rake db:migrate”. This will populate the database with required tables.
8. Run the command “rake gems:install”. This will install 2 missing gems, declarative_authorization & searchlogic.
9. Run the command “ruby script/server”. This would start the server and it will be accessible at http://localhost:3000
10. If you want to run Fedena in production mode, run the command “ruby script/server –e=production”. For this, Production database details should be given in config/database.yml
11. To solve Warning “C:/Ruby187/lib/ruby/gems/1.8/gems/rails-2.3.5/lib/rails/gem_dependency.rb:119:Warning: Gem::Dependency#version_requirements is deprecated and will be removed on or after August 2010. Use #requirement”
It is needed to edit C:\Ruby187\lib\ruby\gems\1.8\gems\rails-2.3.5\lib\rails\gem_dependency.rb according to the changes shown at https://github.com/rails/rails/commit/268c9040d5c3c7ed30f3923eee71a78eeece8a8a#diff-0

Part E: Install Mongrel web server to speed up access via LAN
1. Navigate to Ruby187\bin folder
2. install mongrel web server, run the command “gem install mongrel”
3. Then navigate to Fedena directory and run the command “mongrel_rails start” or mongrel_rails start –e=production
4. Also port can be changed or specified for mongrel by using command: “mongrel_rails start -p 80 –e=production” . This will run Fedena on port 80, hence it can be accessed directly by typing server IP (i.e., 127.0.0.1)

References:
http://www.projectfedena.org/install
http://www.mattvsworld.com/blog/2010/03/version_requirements-deprecated-warning-in-rails/
http://railsforum.com/viewtopic.php?id=34012

Enabling HTTPS web service in Ubuntu 10.04 LTS

The first step to enable https web service (port 443) in Ubuntu 10.04 LTS is enabling SSL module for apache2, by issuing the following command (bold face) in command prompt:

marinyo@paparisa:~$ sudo a2enmod ssl
Enabling module ssl. (SSL Engine)
See /usr/share/doc/apache2.2-common/README.Debian.gz on how to configure SSL and create self-signed certificates.
Run ‘/etc/init.d/apache2 restart’ to activate new configuration!

Next step is to generate keys. This section will cover generating a key with a passphrase, and one without. The non-passphrase key will then be used to generate a certificate that can be used with various service daemons such as apache2.
Note: Running a secure service without a passphrase is convenient because it will not needed to enter the passphrase every time a secure service is started. But it is insecure and a compromise of the key means a compromise of the server as well.

To generate the keys for the Certificate Signing Request (CSR) run the command:

marinyo@paparisa:~$ openssl genrsa -des3 -out server.key 1024
Generating RSA private key, 1024 bit long modulus
………++++++
…………………………………………………………………++++++
e is 65537 (0×10001)
Enter pass phrase for server.key:yourpass phrase
Verifying – Enter pass phrase for server.key:yourpass phrase

Re-type the passphrase to verify. Once you have re-typed it correctly, the server key is generated and stored in the server.key file.

Next create the insecure key, the one without a passphrase,

marinyo@paparisa:~$ openssl rsa -in server.key -out server.key.insecure
Enter pass phrase for server.key:yourpass phrase
writing RSA key

And, next, shuffle the key names by using the following commands:

marinyo@paparisa:~$ mv server.key server.key.secure
marinyo@paparisa:~$ mv server.key.insecure server.key

The insecure key is now named server.key, and it can be used to generate the CSR without passphrase.

Next is creating CSR, to create the CSR, run the following command at a terminal prompt:

marinyo@paparisa:~$ openssl req -new -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]:your country code
State or Province Name (full name) [Some-State]:your state
Locality Name (eg, city) []your city
Organization Name (eg, company) [Internet Widgits Pty Ltd]:your company
Organizational Unit Name (eg, section) []:your dept
Common Name (eg, YOUR name) []:your common name
Email Address []:youremail@yourdomain.com

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:yourchallenge password
An optional company name []:your company

=== Once you enter all these details, your CSR will be created and it will be stored in the server.csr file.

=== Creating a Self-Signed Certificate

=== To create the self-signed certificate, run the following command at a terminal prompt:

marinyo@paparisa:~$ sudo openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=AU/ST=your state/L=your city/O=your company/OU=your dept/CN=your common name/emailAddress=email@yourdomain.com
Getting Private key

Next, copy the generated certificate to their place in the system:

marinyo@paparisa:~$ sudo cp server.crt /etc/ssl/certs
marinyo@paparisa:~$ sudo cp server.key /etc/ssl/private

Next step is to create and edit config file(s) in /etc/apache2/sites-available

marinyo@paparisa:~$ cd /etc/apache2/sites-available/

Create new config file named ssl for https service using template of default configuration file

marinyo@paparisa:/etc/apache2/sites-available$ sudo cp default ssl

Edit default configuration file:

marinyo@paparisa:/etc/apache2/sites-available$ sudo nano default

Do the following:

=== change: NameVirtualHost * to NameVirtualHost *:80
=== change: <VirtualHost *> to <VirtualHost *:80>
=== Save changes

Edit ssl configuration file:

marinyo@paparisa:/etc/apache2/sites-available$ sudo nano ssl

Do the following:

=== change: NameVirtualHost * to NameVirtualHost *:443
=== change: <VirtualHost *> to <VirtualHost *:443>

==== Find line: DocumentRoot /var/www/
==== add the following lines below it
SSLEngine on
SSLOptions +StrictRequire

SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
=== Save changes

Next move to /etc/apache2/sites-available

marinyo@paparisa:/etc/apache2/sites-available$ cd ../sites-enabled

Enabling ssl site config by issuing the following command:

marinyo@paparisa:/etc/apache2/sites-enabled$ sudo a2ensite ssl
Site ssl installed; run /etc/init.d/apache2 reload to enable.

Restart Apache2 service:

marinyo@paparisa:/etc/apache2/sites-enabled$ sudo /etc/init.d/apache2 restart
* Restarting web server apache2
…done.

Check whether the https web service is available by browsing to https://yourdomain.com

References:
https://help.ubuntu.com/10.04/serverguide/C/httpd.html
https://help.ubuntu.com/10.04/serverguide/C/certificates-and-security.html
https://help.ubuntu.com/10.04/serverguide/C/httpd.html
https://help.ubuntu.com/10.04/serverguide/C/certificates-and-security.html

Malay Ambon – English Dictionary

I found an interesting site which holds simple text information contains about more than 3500+ words of Malay Ambon / Bahasa Ambon words and their meaning or explanation in English. This simple dictionary rises my interest since I am an Ambonese and in my opinion, this is a rare and a unique collection. So, I decided to adapt the contents of the site and transform it to become a more user friendly dictionary hence all Malay Ambon / Bahasa Ambon words and their English explanation were converted into a simple database and equipped it with a simple search feature.

I really appreciate the invaluable work of the editor of this Malay Ambon – English dictionary. This has motivated me to enhance how the dictionary can be used on-line by moving all of the contents into an active database and try to add Bahasa Indonesia meaning for each of Malay Ambon word. However, I’ve found out that there are several words that I haven’t find their correct meaning in Bahasa Indonesia. For the words that I’ve not get their exact translation in Bahasa Indonesia, an unknown identifier is given to Indonesian column in the dictionary.

If you know the meaning of an unknown word or if you think that the current translation in Bahasa Indonesia is not correct, please feel free to let me know by contacting me via e-mail at beta@latunyj.no-ip.org

>>> Click here to access the Malay Ambon – English dictionary.

Simple NAT using IPtables

It was needed to do NAT (Network Address Translation) in the network of INHERENT Universitas Pattimura (UNPATTI). In this case, it was decided to do NAT of one INHERENT’s IP which is 167.205.164.5. The purpose is to be able to connect several client computers assigned with class C private IP in 192.168.76.xxx through 167.205.164.5.

The machine used to handle this task is an IBM x3650 which also serves  as a multipurpose server as web server and database server. The operating system installed is CentOS 5, and as far as it was tried, centOS is the only Linux distro that can be installed in this machine and nothing else of open source distro works.

The NAT application implemented is very straight forward, network schema is as shown in the picture below.

inherent unpatti nat

It is needed to pass inbound and outbound trafics from/to eth0 167.205.164.5 from/to eth1 192.168.76.1 and to achieve this task, IPtables is used.

Here are the IPtables commands that were used to configure the NAT for 192.168.76.0/24 and 167.205.164.5

[inherent@hotumese ~]$/sbin/iptables -t nat -A POSTROUTING -o eth0 -s 192.168.76.0/24 -j SNAT –to-source 167.205.164.5

[inherent@hotumese ~]$/sbin/iptables-save > /etc/sysconfig/iptables