Table of Contents
Solaris tips
HTTPS Apache web server
The goal is to run HTTPS Apache web server using Let's Encrypt certificate.
Let's encrypt
In order to get a certificate from Let’s Encrypt, it is necessary to demonstrate control over the domain. With Let’s Encrypt, it is done by using software that uses the ACME protocol which typically runs on a web host. For Solaris (and other OSes), there is an ACME client available.
Deployment of ACME client in Solaris zone running Apache
- install
$ ssh carmon # pkg install -v gnu-tar $ mkdir ~/scripts $ cd ~/scripts $ wget -O acme.sh https://get.acme.sh $ ./acme.sh install $ crontab -l 48 0 * * * "/home/dambi/.acme.sh"/acme.sh --cron --home "/home/dambi/.acme.sh" > /dev/null
- issue a certificate
# chmod a+w /var/apache2/2.4/htdocs/ $ cd ~/.acme.sh $ ./acme.sh --issue -d tio.ddns.net -w /var/apache2/2.4/htdocs/
- install the certificate to Apache
$ ./acme.sh --install-cert -d tio.ddns.net --cert-file /etc/apache2/2.4/letsencrypt/tio.ddns.net/cert.pem --key-file /etc/apache2/2.4/letsencrypt/tio.ddns.net/key.pem --fullchain-file /etc/apache2/2.4/letsencrypt/tio.ddns.net/fullchain.pem --reloadcmd "svcadm refresh apache24" $ chmod a+r /etc/apache2/2.4/letsencrypt/tio.ddns.net/key.pem
Configure Apache to use Let's Encrypt certificates
- enable SSL in Apache
# vim /etc/apache2/2.4/httpd.conf
...
Listen 80
Listen 443
...
LoadModule ssl_module libexec/mod_ssl.so
...
<VirtualHost *:80>
ServerName tio.ddns.net
Redirect / https://tio.ddns.net/
</VirtualHost>
<VirtualHost *:443>
ServerName tio.ddns.net
Protocols h2 http/1.1
SSLEngine on
SSLCertificateFile /etc/apache2/2.4/letsencrypt/tio.ddns.net/fullchain.pem
SSLCertificateKeyFile /etc/apache2/2.4/letsencrypt/tio.ddns.net/key.pem
</VirtualHost>
...
# svcadm restart apache24
Jako alternativa viz článek Apache & Let's Encrypt na Rootu.
Howto remove password from pdf document
$ qpdf --password=YOURPASSWORD-HERE --decrypt input.pdf output.pdf
Howto merge pdf documents
$ pdfunite pdf1.pdf pdf2.pdf ... out.pdf
or
$ gs -sDEVICE=pdfwrite -dNOPAUSE -dQUIET -dBATCH -sOutputFile=out.pdf *.pdf
Howto convert plain text file to pdf
$ pr -f <file> | a2ps -1 -m -B --borders=no -o - | ps2pdf - - > /tmp/pr.pdf
Howto disable launching X on /dev/console
Can't just disable gdm(1m), since it takes care of launching Xnewt for Sun Ray thin clients. Instead, disabled just primary ConsoleKit seat by setting Hidden attribute to true in /etc/ConsoleKit/seats.d/00-primary.seat configuration file:
$ grep Hidden /etc/ConsoleKit/seats.d/00-primary.seat #Hidden=false Hidden=true
More info in console-kit-daemon(1m) man page.
Create new Mercurial repository
$ cd /data/hg $ mkdir elektro $ cd elektro $ hg init
