Linux: May 2013

Thursday, May 30, 2013

Nginx SSL Certificate Installation

SSL Certificate Installation in Nginx

Nginx Server SSL Certificate Installation

You should have received a your_domain_name.pem file from DigiCert in an email when your certificate was issued. If you have that file you can skip to step 3. Otherwise, start with step 1.

Copy the Certificate files to your server.
Log in to download your Intermediate (DigiCertCA.crt) and Primary Certificates (your_domain_name.crt) from within your DigiCert Customer Account. Copy them, along with the .key file you generated when you created the CSR, to the directory on your server where you will keep your certificate and key files. Make them readable by root only to increase security.
Concatenate the primary certificate and intermediate certificate.
You need to concatenate the primary certificate file (your_domain_name.crt) and the intermediate certificate file (DigiCertCA.crt) into a single pem file by running the following command:
cat DigiCertCA.crt >> your_domain_name.crt
Edit the Nginx virtual hosts file.
Now open your Nginx virtual host file for the website you are securing. If you need your site to be accessible through both secure (https) and non-secure (http) connections, you will need a server module for each type of connection. Make a copy of the existing non-secure server module and paste it below the original. Then add the lines in bold below:
```
server {

listen   443;

ssl    on;
ssl_certificate    /etc/ssl/your_domain_name.crt; (or .pem)
ssl_certificate_key    /etc/ssl/your_domain_name.key;

server_name your.domain.com;
access_log /var/log/nginx/nginx.vhost.access.log;
error_log /var/log/nginx/nginx.vhost.error.log;
location / {
 root   /home/www/public_html/your.domain.com/public/;
 index  index.html;
}

}
```
Adjust the file names to match your certificate files:
- ssl_certificate should be your primary certificate combined with the intermediate certificate that you made in the previous step (e.g. your_domain_name.crt).
- ssl_certificate_key should be the key file generated when you created the CSR.
Restart Nginx.
Run the following command to restart Nginx:
sudo /etc/init.d/nginx restart

Tuesday, May 28, 2013

Computers not showing up in WSUS console after cloning

WSUS is a real life saver on a Windows network of any size, it more than pays off its huge initial download size when it serves computers on the network and saves internet bandwidth. However, like any other software, it can be temperamental and have tough to troubleshoot problems.
I recently came across a problem during the migration at my work. We set up the client XP SP3 workstation, ran sysprep and then cloned the box. However, after the deployment, only 1 or 2 computers were appearing in the WSUS console when there should have been 38.
Puzzled by this, and by the fact that computers were still getting updates despite not showing up in the console, I decided to investigate. After a lot of internet searching, I narrowed down the seeming culprit to a setting in the registry.
It turns out that for whatever reason, sysprep is not removing these entries in the registry, so the computers after cloning will receive updates but won’t report to the console. It may have been some change Microsoft made with SP3, or it may be the updated Automatic Update client, no one really knows.

Moodle: Nav Menu and Images/Icons are broken out of the box

Installed nginx as http://www.howtoforge.com/installing-nginx-with-php5-and-php-fpm-and-mysql-support-lemp-on-ubuntu-12.10

I got the problem like this

To resolve this, Site administration > Server > Http. Find the option 'Slasharguments' and untick it

Monday, May 6, 2013

FastCGI: comm with server

Use -idle-timeout paramater on "FastCgiExternalServer" line to solve this
problem.

<IfModule mod_fastcgi.c>
AddHandler php5-fcgi .php
Action php5-fcgi /php5-fcgi
Alias /php5-fcgi /usr/lib/cgi-bin/php5-fcgi
FastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi -idle-timeout 250 -socket /tmp/php5-fpm.sock -pass-header Authorization
</IfModule>