Category Archives: Server Administration

Install Let’sEncrypt ssl certificate in nginx hosted on Amazon Linux

If you need ssl certificate for only single EC2 instance, you need to use ELB to use AWS issued free certificate manager, which incurs ~$20 monthly cost. An alternative is to install free certificate by Let’sEncrypt on the nginx hosted on EC2 instance.

Here are the steps for that:

  1. Get letsencrypt

    git clone https://github.com/letsencrypt/letsencrypt && cd letsencrypt/

  2. Create a config file  for certificate request, so you can reuse that


    # File: /etc/letsencrypt/config.ini
    # the domain we want to get the cert for
    domains = yourdomain.com

    # key size
    rsa-key-size = 4096

    # this address will receive renewal reminders, IIRC
    email = email@yourdomain.com

    # turn off the ncurses UI, we want this to be run as a cronjob
    text = True

    # authenticate by placing a file in the webroot (under .well-known/acme-challenge/) and then letting
    # LE fetch it
    authenticator = webroot
    webroot-path = /var/www/html

  3. Now create the certificate by requesting to letsencrypt, it will validate your domain by placing some file in your webroot-path, that has been mentioned in config file

sudo ./letsencrypt-auto --config /etc/letsencrypt/config.ini certonly -d yourdomain.com"

4 files will be created in location: /etc/letsencrypt/live/yourdomain.com/

  • cert.pem: Your domain’s certificate
  • chain.pem: The Let’s Encrypt chain certificate
  • fullchain.pem: cert.pem and chain.pem combined
  • privkey.pem: Your certificate’s private key

You shall need the last two file for your nginx configuration.

4. Now change your nginx config file

# File: /etc/nginx/nginx.conf

# Settings for a TLS enabled server.

  server {

        listen *:443 ssl;

        server_name yourdomain.com;

        root         /var/www/html;

        ssl on;

        ssl_certificate  "/etc/letsencrypt/live/yourdomain.com/fullchain.pem";

        ssl_certificate_key "/etc/letsencrypt/live/yourdomain.com/privkey.pem";

      # It is *strongly* recommended to generate unique DH parameters

      # Generate them with: openssl dhparam -out /etc/letsencrypt/dhparams.pem 2048

      ssl_dhparam "/etc/letsencrypt/dhparams.pem";

      ssl_session_cache shared:SSL:1m;

      ssl_session_timeout  10m;

      ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

      ssl_ciphers HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP;

      ssl_prefer_server_ciphers on;

      # Load configuration files for the default server block.

      include /etc/nginx/default.d/*.conf;

      location / {

        root /var/www/html/yourdomain;

      }

      error_page 404 /404.html;

          location = /40x.html {

      }

      error_page 500 502 503 504 /50x.html;

          location = /50x.html {

      }

  }

And don't forget to forward http request to https:

server {
listen 80 default_server;
listen [::]:80 default_server;
rewrite ^ https://$server_name$request_uri? permanent;

5. Reload nginx

sudo service nginx reload

now you should be ok with https://yourdomain.com

Advertisements

Resolving GuestAdditions version mismatch in vagrant/homestead vm (failed to mount shared folders / modprobe vboxsf failed)

While trying to install homestead machine for Laravel, got some annoying issue: failed to mount shared folders. I had vagrant installed earlier with different version than homestead, causing the problem.
The output from ‘homestead up’ was:

$ homestead up

/opt/vagrant/embedded/gems/gems/vagrant-1.7.4/lib/vagrant/pre-rubygems.rb:31: warning: Insecure world writable dir /usr/local in PATH, mode 040777
/opt/vagrant/embedded/gems/gems/bundler-1.10.5/lib/bundler/shared_helpers.rb:78: warning: Insecure world writable dir /usr/local in PATH, mode 040777
Bringing machine 'default' up with 'virtualbox' provider...
==> default: Checking if box 'laravel/homestead' is up to date...
==> default: Clearing any previously set forwarded ports...
==> default: Clearing any previously set network interfaces...
==> default: Preparing network interfaces based on configuration...
default: Adapter 1: nat
default: Adapter 2: hostonly
==> default: Forwarding ports...
default: 443 => 44300 (adapter 1)
default: 3306 => 33060 (adapter 1)
default: 5432 => 54320 (adapter 1)
default: 80 => 8080 (adapter 1)
default: 81 => 8181 (adapter 1)
default: 86 => 8686 (adapter 1)
default: 82 => 8282 (adapter 1)
default: 22 => 2222 (adapter 1)
==> default: Running 'pre-boot' VM customizations...
==> default: Booting VM...
==> default: Waiting for machine to boot. This may take a few minutes...
default: SSH address: 127.0.0.1:2222
default: SSH username: vagrant
default: SSH auth method: private key
default: Warning: Connection timeout. Retrying...
==> default: Machine booted and ready!
Got different reports about installed GuestAdditions version:
Virtualbox on your host claims: 5.0.4
VBoxService inside the vm claims: 4.3.6
Going on, assuming VBoxService is correct...
GuestAdditions seems to be installed (4.3.6) correctly, but not running.
Got different reports about installed GuestAdditions version:
Virtualbox on your host claims: 5.0.4
VBoxService inside the vm claims: 4.3.6
Going on, assuming VBoxService is correct...
Starting the VirtualBox Guest Additions ...fail!
(modprobe vboxsf failed)
Got different reports about installed GuestAdditions version:
Virtualbox on your host claims: 5.0.4
VBoxService inside the vm claims: 4.3.6
Going on, assuming VBoxService is correct...
Removing existing VirtualBox DKMS kernel modules ...done.
Removing existing VirtualBox non-DKMS kernel modules ...done.
Building the VirtualBox Guest Additions kernel modules
The headers for the current running kernel were not found. If the following
module compilation fails then this could be the reason.

Building the main Guest Additions module ...done.
Building the shared folder support module ...fail!
(Look at /var/log/vboxadd-install.log to find out what went wrong)
Doing non-kernel setup of the Guest Additions ...done.
Restarting VM to apply changes...
==> default: Attempting graceful shutdown of VM...
==> default: Booting VM...
==> default: Waiting for machine to boot. This may take a few minutes...
default: SSH address: 127.0.0.1:2222
default: SSH username: vagrant
default: SSH auth method: private key
default: Warning: Connection timeout. Retrying...
==> default: Machine booted and ready!
==> default: Checking for guest additions in VM...
default: The guest additions on this VM do not match the installed version of
default: VirtualBox! In most cases this is fine, but in rare cases it can
default: prevent things such as shared folders from working properly. If you see
default: shared folder errors, please make sure the guest additions within the
default: virtual machine match the version of VirtualBox you have installed on
default: your host and reload your VM.
default:
default: Guest Additions Version: 5.0.4
default: VirtualBox Version: 4.3
==> default: Setting hostname...
==> default: Configuring and enabling network interfaces...
==> default: Mounting shared folders...
default: /vagrant => /Users/shafiul/source/ws_ui_vagrant
Failed to mount folders in Linux guest. This is usually because
the "vboxsf" file system is not available. Please verify that
the guest additions are properly installed in the guest and
can work properly. The command attempted was:

mount -t vboxsf -o uid=`id -u vagrant`,gid=`getent group vagrant | cut -d: -f3`, vagrant /vagrant
mount -t vboxsf -o uid=`id -u vagrant`,gid=`id -g vagrant`, vagrant /vagrant

The error output from the last command was:

/sbin/mount.vboxsf: mounting failed with the error: No such device

Digging into the error message, found clue in below lines:

Virtualbox on your host claims:   5.0.4
VBoxService inside the vm claims: 4.3.6

So, I decided to install VBoxGuestAdditions 5.0.4 in both host and guest.
In some cases, it has been observed that only running the below command solves the problem:

$ vagrant plugin install vagrant-vbguest

and then run homestead up again.

In case, the error persists, then follow the below steps, which I had to follow to run my homestead machine.

Though the mounting of shared folder failed while starting vm, but vm started successfully. I needed to ssh into vm by homestead ssh and run the following commands inside vm to install dependencies for VBoxGuestAdditions:

$ sudo apt-get update && sudo apt-get install linux-generic
$ sudo apt-get install dkms build-essential linux-headers-$(uname -r)
$ sudo apt-get install binutils gcc make patch libgomp glibc-headers glibc-devel kernel-headers
$ sudo apt-get install kernel-devel
$ sudo apt-get install kernel-pae-devel
$ sudo apt-get install virtualbox-guest-dkms

$ sudo apt-get install xserver-xorg xserver-xorg-core

I am not sure if the last line was needed, please try without it, and see if you get error in next step.

Inside the vm:

$ cd /opt
$ ls 
VBoxGuestAdditions-4.3.6  VBoxGuestAdditions-5.0.4

but the later was empty. So I needed to download and install it.

$ cd /opt/
$ sudo wget http://download.virtualbox.org/virtualbox/5.0.4/VBoxGuestAdditions_5.0.4.iso
$ sudo mount VBoxGuestAdditions_5.0.4.iso -o loop /mnt
$ sudo sh VBoxLinuxAdditions.run
Output should be like below:
Verifying archive integrity... All good.
Uncompressing VirtualBox 5.0.4 Guest Additions for Linux............
VirtualBox Guest Additions installer
Removing installed version 4.3.6 of VirtualBox Guest Additions...
Copying additional installer modules ...
Installing additional modules ...
Removing existing VirtualBox DKMS kernel modules ...done.
Removing existing VirtualBox non-DKMS kernel modules ...done.
Building the VirtualBox Guest Additions kernel modules ...done.
Doing non-kernel setup of the Guest Additions ...done.
You should restart your guest to make sure the new modules are actually used

$ cd /opt/
$ sudo umount /mnt
$ rm -rf *.iso

In my host mac(yosemite), I had to install the new GuestAdditions

$ sudo wget http://download.virtualbox.org/virtualbox/5.0.4/VBoxGuestAdditions_5.0.4.iso
$ sudo mv /Applications/VirtualBox.app/Contents/MacOS/VBoxGuestAdditions.iso ~/.homestead
$ sudo cp VBoxGuestAdditions_5.0.4.iso /Applications/VirtualBox.app/Contents/MacOS/VBoxGuestAdditions.iso

You can remove VBoxGuestAdditions.iso in ~/.homestead dir.

Next step is updating the vagrant version to 5.0.4. Link to installer: http://download.virtualbox.org/virtualbox/5.0.4/VirtualBox-5.0.4-102546-OSX.dmg

And then finally homestead machine ran successfully.

Accidentally deleted cron jobs :( How to recover?

I don’t know exactly, why on earth crontab default key for edit(-e) and remove(-r) was designed sitting next to each other. Accidentally all cron jobs may be removed by entering -r, while trying to edit. So be careful!

How to recover:

  1. If you have backups, that’s great, restore from there.
  2. If no backup, find the cron jobs from log file using command:$ cat /var/log/cron | grep -v your_command.
  3. Repeatedly recover commands from log file.

Future Proof:

Always maintain a file containing all crontab entries and keep it in code repository(e.g git). Then at any time, you can get from repo and re-store in unix.