Categories
Linux nginx Virtualization

Nginx ProxMox Proxy using Letsencrypt SSL cert

Why use a nginx proxmox proxy using letsencrypt ssl?

1st: why not?
2nd: Load balancing! Nginx is built to handle many concurrent connections at the same time from multitude of clients. This makes it ideal for being the point-of-contact for said clients. The server can pass requests to any number of backend servers to handle the bulk of the work, which spreads the load across your infrastructure. This design also provides you with flexibility in easily adding backend servers or taking them down as needed for maintenance.
3rd: Security! Many times Nginx can be secured to not allow access to certain parts of the underlying application so life doesnt throw you a curveball at 3AM on December 24th 2006(dont ask 🙁 ).
4th: Port firewall constraints! Sometimes you need to access an application on port 34563 but firewall doesn’t allow access on random ports. You can allow incoming connections on port 80 via nginx but proxy them to the app on 34563.
5th: seriously… why not…..

Now you know why we may want nginx as  a frontend proxy for our underlying app. so let’s get to setting it up for our use case which is to protect proxmox from bad actors! and to provide reliable access to our proxmox for ourselves. We are going to setup nginx to forward all traffic from port 80 to port 443 where letsencrypt will provide us with ssl encrypted access!

Install nginx light instead of full, so you have a smaller set of utilities but also a lighter install. you can install nginx or nginx-full also if you wish.

apt-get install nginx-light

remove default nginx config

rm /etc/nginx/sites-enabled/default

add new nginx config copying the code below

nano /etc/nginx/sites-enabled/default

add the folllowing in there

upstream proxmox {
    server "proxmoxdomain.com";
}

server {
    listen 80 default_server;
    location ~ /.well-known {
      root "/var/www/html";
      allow all;
    }
    rewrite ^(.*) https://$host$1 permanent;

}

server {
    listen 443;
    server_name _;
    ssl on;
    ssl_certificate /etc/letsencrypt/live/proxmoxdomain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/proxmoxdomain.com/privkey.pem;
    include ssl-params.conf;
    proxy_redirect off;

        location ~ /.well-known {
                root "/var/www/html";
                allow all;
        }

    location / {
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header  Host  $host;
        proxy_set_header  X-Real-IP  $remote_addr;
        proxy_pass https://localhost:8006;
        proxy_buffering off;
        client_max_body_size 0;
        proxy_connect_timeout  3600s;
        proxy_read_timeout  3600s;
        proxy_send_timeout  3600s;
        send_timeout  3600s;
    }
}

install git

apt-get -y install git

grab a copy of letsencrypt client

git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt

get the certs

cd /opt/letsencrypt
./letsencrypt-auto certonly -a webroot --webroot-path=/var/www/html -d proxmoxdomain.com

specify your email when asked, this is only to retrieve lost certs.
lets encrypt add emailAgree to the TOS.lets encrypt tos

you will get 4 files from this:

  • cert.pem: Your domain’s certificate
  • chain.pem: The Let’s Encrypt chain certificate
  • fullchain.pem: cert.pem and chain.pem combined
  • privkey.pem: Your certificate’s private key

these files are located in

  • /etc/letsencrypt/live/proxmoddomain.com

Now that your certs are live and running! restart your nginx and you are live!

service nginx restart

or

systemctl restart nginx
Categories
Linux shell

Alsa CLI Volume control

I couldn’t find the silly volume control in the system settings one day so i figured there had to be something I could use to control volume settings like mic boost without needing a gui or remembering names and numbers for the CLI. well there is and it’s so easy a caveman could do it (hah remember those ads….)…. so without further ado here’s a fun and great way to control your volume via Alsa CLI Volume control.

type the following then use your arrows to move right/left and make the volume higher or lower by using up/down keys:

alsamixer -c 0

the 0 at the end is the number of your device. if a system only has one device you will use 0. if you have two devices you can use 0 or 1. it tells you the name of the device currently being edited so you don’t give yourself a heart attack by changing the wrong volume. picture of the control is attached.

 
[et_pb_section admin_label=”section”][et_pb_row admin_label=”row”][et_pb_column type=”4_4″][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” use_border_color=”off” border_color=”#ffffff” border_style=”solid”] [/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section]

Categories
General Linux

Ubuntu 16.04 release changes & info

Ubuntu 16.04, code-named “Xenial Xerus“, is here and its amazing! many new changes, many new additions and some removals of old outdated software/functionality. Unity has been polished and streamlined along with the much maligned ads have been removed! so lets get into the details.

Snap Packages

Ubuntu 16.04 LTS introduces a new application format, the ‘snap’, which can be installed alongside traditional deb packages. These two packaging formats live comfortably next to one another and enable Ubuntu to maintain its existing processes for development and updates. In short you can now install third party apps or who desktop environments without having to worry about polluting your OS! Everything stays confined away from the rest of the system in a nice little self contained environment yet still allows access to the rest of the system. So you have

  • Apps can install with their own specific set of libraries and dependencies without issues with other existing apps or ones you may install in the future.
  • Safety & security are bolstered across the board.

Packages

As with any ubuntu upgrade there are many package upgrades and software changes.

  • Ubuntu now defaults to kernel 4.4+
  • python2 is out and python 3.5 is now the base. you can still install python 2 but python 3 is the new norm. Vim by default now uses python 3.
  • Golang is now using th 1.6 toolchain.
  • With the recent discoveries in vulnerable crypto settings in openssh, the new base OpenSSH 7.2p2 disables many to bolster security.
  • the GNU toolchain is now updated to latest version of many tools.

ZFS

“Controversy ahoy Cap’n!” ZFS is now included with ubuntu and how happy are we all to see it so. ZFS is a pretty cool piece of tech that is a mix of a volume manager and a filesystem. So think of LVM and EXT4 having a nerdy baby! lots of distros have supported ZFs before but not usually out of the box, almost all required installed software/libraries or using fuse, which comes with its own overhead. Find out more about Ubuntu 16.04 support for ZFS here.

Unity

Many of us are waiting for Unity 8 which brings with it a slew of changes such as Convergance which allows unity to handle both desktop and mobile environments and interfaces. However that day is not yet here. We are getting a polished, cleaned up unity 7.4 which comes with many changes.

  • The online search ads based on your search results are gone! dead! goodbye!
  • the launcher can be moved to the bottom of the screen.
  • Ubuntu software center is gone! replaced by Gnome software center
  • Empathy IM is gone.
  • Improved launcher integration with file manager and devices
  • Support for formatting removable devices from quicklist
  • Improved support for gtk applications using headerbars
  • Improvements to the switcher and spread backends
  • App spread shortcut is now Super+Ctrl+W
  • Unity control center option to always show menus
  • Improvements to GNOME key grabbing
  • New dash overlay scrollbars
  • Better Dash theming support
  • Improved Support for HiDPI environments
  • Show icons launching state in launcher when apps launched elsewhere

All in all Ubuntu 16.04 Xenial Xerus is a must have version of Ubuntu. Check below to download it.

Click here to download directly as ISO via HTTP from Canonical : [button link=”http://releases.ubuntu.com/16.04/” color=”orange” newwindow=”yes”] Click to download Xenial Xerus[/button]

Categories
Linux shell

Linux distribution info & kernel info

Do you have multiple vms and real machines you use for random testing, and small tasks? need to know what machine you are on? what kernel you are using? what the current Linux distribution info is? what OS version did you last install on here? and more such questions? well! we have some of the answers for you. well maybe not answers, but more like small tools so you can get the answers!

Distribution info

lsb_release -a
on my ubuntu system it gives the following result :

$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu Xenial Xerus (development branch)
Release: 16.04
Codename: xenial

On a debian system it gives the following result :

# lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 8.4 (jessie)
Release: 8.4
Codename: jessie

If lsb_release -a doesn’t cut it for you then you can try
cat /etc/issue

as a result we see the following examples :

# cat /etc/issue
Debian GNU/Linux 8 \n \l

$ cat /etc/issue
Ubuntu Xenial Xerus (development branch) \n \l

In some cases where you suspect you are on centos or redhat, maybe because you noticed the package versions are old enough to be used by columbus while sailing the open seas, then you can use either

cat /etc/centos-release

or

cat /etc/redhat-release

which will give you result such as :

CentOS release 6.2 (Final)

Kernel Info

now as far as finding the kernel info goes you can get all the info you need via uname.

$ uname -a
Linux testhost 4.4.0-9-generic #24-Ubuntu SMP Mon Feb 29 19:33:19 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
$ uname -r
4.4.0-9-generic

as you can see uname -r gives you just the kernel version and uname -a gives you multiple pieces of info, like date the kernel was compiled, the arch (i.e. x86_64).

Categories
General Linux nginx shell

Letsencrypt ssl cert for mumble

I needed to set up a mumble server for a friends minecraft community. The Mumble software uses a client–server architecture which allows users to talk to each other via the same server. It has a very simple administrative interface and features high sound quality and low latency where possible. All communication is encrypted to make sure user privacy using either a self signed cert or a cert purchased via a vendor. The great thing about Mumble is that it’s free and open-source software, is cross-platform, and is released under the terms of the new BSD license. Since letsencrypt is awesome and provides completely free certs to the end users, I figured it would be perfect to use in this attempt.  So I started on the road to acquire a letsencrypt ssl cert for mumble.

First we need to acquire the letsencrypt client. for this you need git.

git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./letsencrypt-auto certonly --standalone --standalone-supported-challenges tls-sni-01

A text / curses bases dialogue will start. it will ask you to input your domain(s) you want a cert for. If you want multiple domains or multiple subdomains at the same time just separate them via a space or a comma, follow the prompts and it will install your cert in /etc/letsencrypt/live/<domain>/cert.pem. So far so good! now you need to install murmur/mumble-server on your machine. I would like to tell you how to do it but due to the nature of software it might change, the best way to do it is via checking the official mumble wiki for info on how to do it for your OS. To do it in Ubuntu I used the following commands

sudo add-apt-repository ppa:mumble/release
sudo apt-get update
sudo apt-get install mumble-server
sudo dpkg-reconfigure mumble-server

Now lets setup the mumble server to use the certs we acquired earlier.  Edit /etc/mumble-server.ini , I prefer using nano but it’s because I am a pleb, you may be a super 1337 operator and use vi or vim or directly edit the 1’s and 0’s on the drive platters. Find the following keys and edit them or add if they don’t exist or are commented out.

sslCert=/etc/letsencrypt/live/<domain>/cert.pem
sslKey=/etc/letsencrypt/live/<domain>/privkey.pem
sslCA=/etc/letsencrypt/live/<domain>/fullchain.pem

the sslCA may not exist, thats fine, this allows all mumble clients to accept the cert from LE. One last issue you need to resolve before you can start mumble-server is the ssl cert is root only access at the moment. the way I resolved this is to change the group on the files and folders. you may have a better solution, please do share it in the comments.

chgrp -R ssl-cert /etc/letsencrypt
chmod -R g=rX /etc/letsencrypt

now start mumble-server with a service mumble-server restart or whatever your OS accepts, and Voila! you are now up and running using a valid letsencrypt ssl cert for mumble 🙂 if you have any questions, or comments, or better way of doing this please let me know.

 

Categories
News

Ubuntu-powered tablet coming from Spain to launch soon

We can finally talk about an Ubuntu-powered tablet entering the market. The Canonical software developer has finally started to talk about the device, which will be a modified existing tablet from Spanish manufacturer BQ. The Aquaris M10 tablet will be modified to become the first piece of consumer Ubuntu hardware to become a PC when you connect a mouse, keyboard and display to it.

 

 

 

Under the chassis, things will remain the same, including the 10.1-inch display and the quad-core MediaTek MT8163A chipset. This is not the first attempt at a melange between an Android device and Ubuntu. Canonical released an Ubuntu installer for the Nexus 7 a few years back, and Nexus 10 enjoyed a preview version of Ubuntu Touch.

 

The Ubuntu interface will transform into a desktop view once the peripherals are connected to the tablet and this shift will make it easier for the user to multitask, or run desktop and mobile apps. Users can add more software via the platform app store, where a lot of work will have to be done to make an Ubuntu mobile device relevant on the market.

 

Source: Endgadget