Configuring Let's Encrypt Certbot on CentOS 7 with lighttpd

Installing Certbot

First, install certbot by using the below commands:

sudo yum -y install epel-release
sudo yum install certbot

certbot is python based program that allows you to request SSL certificates for your domains. 

Request a Certificate

Use the below command to request a certificate (adjust paths and replace the test.com domain as necessary):

sudo certbot certonly --webroot -w /var/www/vhosts/test/httpdocs -d test.com

A certificate has now been stored in /etc/letsencrypt/live.  Create a combined certificate format by using the below command (replacing test.com with your real domain):

/bin/cat /etc/letsencrypt/live/test.com/cert.pem /etc/letsencrypt/live/test.com/privkey.pem > /etc/letsencrypt/live/test.com/custom.pem && /bin/chmod 777 /etc/letsencrypt/live/test.com/custom.pem && /sbin/service lighttpd restart

Certificate Renewal Cronjobs

You may want to create a cronjob to renew the certificate and a cronjob for regenerating the combined format certificate since the underlying certificate file can change (such as when it's renewed):

sudo crontab -e

Insert the below cronjobs:

0 1 * * 1 /usr/bin/certbot renew --quiet
5 1 * * 1 /bin/cat /etc/letsencrypt/live/test.com/cert.pem /etc/letsencrypt/live/test.com/privkey.pem > /etc/letsencrypt/live/test.com/custom.pem && /bin/chmod 777 /etc/letsencrypt/live/test.com/custom.pem && /sbin/service lighttpd restart

Save your crontab configuration. 

Setting Up Lighttpd to Use SSL Certificate

Edit your default-enabled lighttpd configuration file in /etc/lighttpd/vhosts.d to look similar to the following (replacing test.com with your real domain and adjusting various file paths)

$HTTP["host"] == "test.com" {
  var.server_name = "test.com"
  server.name = server_name  server.document-root = vhosts_dir + "/test/httpdocs"
  #accesslog.filename          = vhosts_dir + "/test/log" + "/access.log"
}
$SERVER["socket"] == ":80" {
  server.document-root = vhosts_dir + "/test/httpdocs"
}
$SERVER["socket"] == ":443" {
    ssl.engine           = "enable"
    ssl.pemfile          = "/etc/letsencrypt/live/test.com/custom.pem"
    server.document-root = vhosts_dir + "/test/httpdocs"
    ssl.ca-file = "/etc/letsencrypt/live/test.com/chain.pem" # Root CA
    server.name = "test.com" # Domain Name OR Virtual Host Name
}

Here's how you can set a different document root for specific https (port 443) virtual hosts:

$SERVER["socket"] == ":443" {
    ssl.engine           = "enable"
    ssl.pemfile          = "/etc/letsencrypt/live/test.com/custom.pem"
    server.document-root = vhosts_dir + "/test/httpdocs/"
    ssl.ca-file = "/etc/letsencrypt/live/test.com/chain.pem" # Root CA
    server.name = "test.com" # Domain Name OR Virtual Host Name
    
    $HTTP["host"] =~ "(^|www\.)somethingelse.test.com" {
        server.document-root = vhosts_dir + "/test/httpdocs/subdir"
    }
}

Save and restart the lighttpd service.

sudo service lighttpd restart

Congrats, SSL is now available on your domain, and your Let's Encrypt certificate has been configured and will be renewed automatically by your cronjob.

Transferring LVM Containers

Before you transfer a KVM container to another machine, create a KVM virtual machine on the target server with the same or larger disk size than the container being transferred. 

You can see a full list of LVM containers by using the below command:

sudo lvdisplay

Copying an LVM Container from the Local Machine to a Remote Server

sudo -i
dd if=/dev/vms/phpdev bs=4096 | pv | ssh root@IPADDRESS_HERE -p SSH_PORT 'dd of=/dev/pool/phpdev bs=4096'

Adjust the above pool paths as necessary since this may vary from server to server. 

Copying an LVM Container from a Remote Machine to the Local Machine

sudo -i
ssh root@IPADDRESS_HERE -p SSH_PORT "dd if=/dev/vms/phpdev bs=4096" | dd of="/dev/vms/phpdev" bs="4096"

Adjust the above pool paths as necessary since this may vary from server to server. 

With SSH Passphrase Key

If you're using an SSH key that is protected with a passphrase, use the below commands to open the key, provide the passphrase for that key, and copy the containers without being prompted for the passphrase when the container transfer begins:

sudo -i
eval $(ssh-agent)
ssh-add /root/keys/{PATH_TO_KEY}
dd if=/dev/pool/test bs=4096 | pv | ssh root@host.com -p {PORT} -i /root/keys/{PATH_TO_KEY} 'dd of=/dev/haha/test bs=4096'

PolicyKit pkexec – Running without Prompting for Authentication

The following guide explains how to configure a pkexec command to run without prompting for authentication.  This is helpful when you want to grant root access to key piece of the system (such as allowing virsh commands from another user when running KVM virtual machines) or just want to run a GUI command as root without having to login or use authentication. 

https://askubuntu.com/questions/383747/how-to-configure-pkexec-to-not-ask-for-password#answer-388660

Or in our own archive in case the above link disappears.

Location of Ubuntu Startup Application Scripts

All Versions of Ubuntu

In all versions of Ubuntu, startup scripts can be configured and run from the following locations:

/etc/init/*.conf – some init scripts
/etc/rc.local – a file that is run by root on system boot (bash scritps and other commands can go in here)
~/.config/autostart – user specific GUI programs that are run once the X11 environment is started
/etc/xdg/autostart – Global GUI programs that are run once the X11 environment is started
@reboot cronjob – cronjob scripts that are executed when the system boots

Ubuntu 16.04 and Later

systemd init scripts in /etc/systemd/system/*.service files
systemd init scripts in /lib/systemd/system/*.service files

Network Manager Applet NOT Showing in MATE Desktop

If you install the MATE desktop environment on Ubuntu, your Network Manager icon may not show up in the taskbar as shown below:

Without the Network Manager icon showing, you will have a hard time managing and connecting to WIFI networks.  To get it to show up, you will need to edit the following file using nano:

sudo nano /etc/xdg/autostart/nm-applet.desktop

Look for the below line:

AutostartCondition=GNOME3 unless-session gnome

And comment it out like so:

#AutostartCondition=GNOME3 unless-session gnome

Save the file using "Ctrl + O", and then exit nano using "Ctrl + X".  Restart your computer.  The network icon will show up again as shown below:

Note, the actual icon will vary based on the selected MATE desktop theme.  The screenshots above show the icon used in the LUNA theme.

NOT a Robot Recaptcha V2 for phpBB 3.0.14

Download NOT a Robot Recaptcha Version 1.0

Info:

NOT a Robot Recaptcha V2 is a MOD for phpBB 3.0.14.  It integrates Google's Recaptcha V2 (the not a robot test) as an available anti-spam option that can be used during account registration. It prevents spam and forum registration flooding. 

Installation Instructions:

To install NOT a Robot Recaptcha V2 for phpBB 3.0.14, first update your 3.0.x forum to 3.0.14 if you're not currently running 3.0.14.  The AutoMOD mod then needs to be installed (if not already installed) before this mod can be installed.

AutoMOD Installation Instructions:

If you haven't already, please download and install AutoMOD on your forum.  Instructions for installing AutoMOD can be found here.

Installation with AutoMOD:

Login to the Administration Control Panel (ACP).  Click on the AUTOMOD tab at the top of the page.  Under Upload MOD, browse to your downloaded copy of the zipped mod. Upload it. You should now see "Recaptcha V2 NOT a Robot" as a listed mod under AUTOMOD.  Install it.

Once installation is complete, you will need to configure Recaptcha V2 NOT a Robot.  To do so, in the Administration Control Panel (ACP), click on the "GENERAL" tab.  Under "BOARD CONFIGURATION" on the left side, click on "Spambot countermeasures".  Under "Available plugins", next to "Installed plugins:", there is a dropdown.  Select "reCaptcha v2 NOT Robot" from the dropdown and click on "Configure".  Enter your site key and secret key obtainable by registering for free here. Click on Submit.  Reselect "reCaptcha v2 NOT Robot" in the dropdown and click on "Submit".  Your forum is now using reCaptcha v2 NOT a Robot.  When a user attempts to register, he will be shown the "I'm not a robot." captcha that must be completed before registration will be handled.

Works with All Themes

This plugin should work with all themes.  However, since this plugin is using a template not previously found in the base theme, you may want to customize how it looks in your installed custom themes. To do so, copy the "captcha_recaptcha.html" file in your themes "template" folder and rename the copy to "captcha_recaptcha_v2.html".  Open "default/template/captcha_recaptcha_v2.html" and copy the code section into "captcha_recaptcha_v2.html" within the theme you're working on. You just need to copy the entire <table> section from "default/template/captcha_recaptcha_v2.html" and paste it in to your theme's "captcha_recaptcha_v2.html" file. 

So basically, in your theme's "captcha_recaptcha_v2.html" file, replace:
 

                <script type="text/javascript">
                // <![CDATA[
                var RecaptchaOptions = {
                    lang : '{LA_RECAPTCHA_LANG}',
                    theme : 'clean',
                    tabindex : <!-- IF $CAPTCHA_TAB_INDEX -->{$CAPTCHA_TAB_INDEX}<!-- ELSE -->10<!-- ENDIF -->
                };
                // ]]>
                </script>
                <script type="text/javascript" src="{RECAPTCHA_SERVER}/challenge?k={RECAPTCHA_PUBKEY}{RECAPTCHA_ERRORGET}" ></script>
                <script type="text/javascript">
                // <![CDATA[
                <!-- IF S_CONTENT_DIRECTION eq 'rtl' -->
                    document.getElementById('recaptcha_table').style.direction = 'ltr';
                <!-- ENDIF -->
                // ]]>
            </script>
            <noscript>
                <iframe src="{RECAPTCHA_SERVER}/noscript?k={RECAPTCHA_PUBKEY}{RECAPTCHA_ERRORGET}" height="300" width="500" frameborder="0"></iframe><br />
                <textarea name="recaptcha_challenge_field" rows="3" cols="40"></textarea>
                <input type="hidden" name="recaptcha_response_field" value="manual_challenge" />
            </noscript>

With:

<table style="width:100%; border:0;">
        <td style="width:30%;">
            <p>{L_GV2_CONFIRM_CODE}:<br /><span>{L_GV2_CONFIRM_EXPLAIN}</span></p>
        </td>
        <td style="width: 70%; text-align: right;">
            <script type="text/javascript">
            // <![CDATA[
            var RecaptchaOptions = {
                lang : '{LA_RECAPTCHA_LANG}',
                theme : 'clean',
                tabindex : <!-- IF $CAPTCHA_TAB_INDEX -->{$CAPTCHA_TAB_INDEX}<!-- ELSE -->10<!-- ENDIF -->
            };
            // ]]>
            </script>
            <script type="text/javascript" src="{RECAPTCHA_SERVER}"></script>
            <script type="text/javascript">
            // <![CDATA[
            <!-- IF S_CONTENT_DIRECTION eq 'rtl' -->
                document.getElementById('recaptcha_table').style.direction = 'ltr';
            <!-- ENDIF -->
            // ]]>
            </script>
            <div style="display: inline-block;">
                <div class="g-recaptcha" data-sitekey="{RECAPTCHA_PUBKEY}"></div>
            </div>
        </td>
</table>

Screenshots:

Save iptables Rules on Shutdown, Restore on Boot

When your server shutsdown (halts), reboots, or enters runlevel 1, your iptables configuration is automatically wiped and reset.  Packages such as iptables-persistent supposedly help with this problem, but unless you save your rules manually, the rules are never saved automatically when the system reboots. 

I've wanted to truly persist my iptables, so I decided to change their package to always save the iptables rules when the system reboots, halts, or enters runlevel 1 automatically.  The rules are then restored when the system boots to runlevels 2-5.  This means that your iptables configuration will persist forever.  This may not be desired, but if I ban an IP address permanently, I always want it to be banned.

If you'd like to use this modified version of iptables-persistent so that your rules are automatically saved on shutdown, you can install it by running the below commands:

sudo apt-get remove iptables-persistent
sudo dpkg -r iptables-persistent
wget http://dinofly.com/files/linux/iptables-persistent_0.5.8_all.deb
sudo dpkg --install iptables-persistent_0.5.8_all.deb

Use at your own risk.  If you do something stupid, it will persist until you can clear it!

The above package was tested in Ubuntu 12.04 x86, Ubuntu 12.04 x64, Ubuntu 14.04 x86, Ubuntu 14.04 x64, and Ubuntu 15.04 x64.  Should work on other debian operating systems as well.

Modifiying the Source of a Package and Creating a New Deb Binary

In order to download the source code of an existing package, first install the prerequisites:

sudo apt-get install build-essential debhelper

To get the source code of a package, run the following command:

apt-get source {name_of_package_interested_in}

Make changes to the source using an editor like geany or via terminal through nano.  Edit the changelog file and add a record of your changes to build a new revision number.  After you have made the changes, run the following commands to build the package which should include your changes.

dpkg-source --commit
dpkg-buildpackage -b

The updated package has been built.  To install the package, simply use the below commands:

sudo dpkg --install {name_of_new_deb_file}

To remove the software:

sudo dpkg -r {name_of_package [NOT NAME OF DEB FILE]}

Now you can release it!

Install VSFTPD 3.0.2 on the ARM Platform for Raspbian or Debian

Download and install the arm compiled VSFTPD 3.0.2 deb package file and init script:

wget -N http://dinofly.com/files/linux/vsftpd_3.0.2_arm.tar.gz
tar -zxvf vsftpd_3.0.2_arm.tar.gz
if [ ! -e "/etc/init.d/vsftpd" ]; then
    sudo cp vsftpd /etc/init.d/
fi
sudo dpkg -i vsftpd_3.0.2-1_armhf.deb

Now, run these commands:

sudo useradd -d /var/ftp ftp
sudo mkdir -p /var/ftp
sudo chown root.root /var/ftp

Finally, start the VSFTPD service and set it to run on boot:

sudo service vsftpd restart
sudo update-rc.d vsftpd defaults

VSFTPD 3.0.2 should now be installed on your ARM device.