Direkt zum Hauptbereich

Posts

Es werden Posts vom Dezember, 2013 angezeigt.

Putting phpPgAdmin behind SSL virtualhost and securing it a bit more

This could be a huge post, but I am cutting it short:

configure pg_hba.conf right, e.g. set host stuff to password md5try to connect to your database locally to test it,
e.g. psql -U user "psql -U user dbname -W" and type in the passwordinstall phppgadmin, e.g. on debian I could not find a /etc/phppgadmin/apache.conf but a /etc/apache2/conf.d/phppgadminyour apache2 should be able to serve SSL, otherwise look a my post from yesterday: SSL virtualhost after you setup a SSH connection through rsa keys and always redirect to itin order to serve multiple site using SSL you should change to *:443 instead of _default_also you have to tell /etc/apache2/ports.conf to use NameVirtualhost when listening on 443; otherwise apache will tell you about conflicting virtualhosts.apache2: now its time to copy the content of conf.d/phppgadmin into a sites-available file and dont forget to delete the alias line and adjust names and folders.From now on I followed these steps: Step Two—Adjust The Se…

SSL virtualhost after you setup a SSH connection through rsa keys and always redirect to it

You may have done this: ssh-keygen and ssh-copy-id and now you want to enable SSL. With Eric Ambergs "Linux-Server" book and Converting keys between openssl and openssh, I did this so far:

local: "scp MYKEY root@remote.server:~"
after this its just remote:"a2enmod ssl""mkdir /etc/apache2/ssl""openssl req -x509 -days 365 -new -key MYKEY -out /etc/apache2/ssl/nedab.de.pem" and make sure you use a wildcard domain as common name, e.g. *.common.com. That way your certificate is valid for all subdomains. "a2enmod redirect"virtualhost in /etc/apache/site-available with help from Redirect Request to SSL: <VirtualHost *:80> ServerName .......... Redirect permanent / https://........../ </VirtualHost> <VirtualHost _default_:443> SSLEngine on SSLCipherSuite HIGH:MEDIUM SSLCertificateFile /etc/apache2/ssl/........pem SSLCertificateKeyFile /etc/apache2/ssl/MYKEY …

iptables - setting up a decent firewall

Here is nothing else to write about but the source code you put into /etc/init.d/firewall as a 755 script, and a ". /etc/init.d/firewall" line in to /etc/rc.local".

I adjusted some stuff reading through Eric Ambergs "Linux-Server" book.


#!/bin/sh echo "Initialisiere Firewall iptables ..." # Firewallregeln löschen iptables -F iptables -X iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP iptables -Z # Module laden für FTP ports modprobe ip_conntrack_ftp #------------------------------------------------------------------------------ # # http://wiki.debianforum.de/Einfaches_Firewall-Script # # Logging options. LOG="LOG --log-level 4 --log-tcp-sequence --log-tcp-options" LOG="$LOG --log-ip-options" # Defaults for rate limiting RLIMIT="-m limit --limit 3/s --limit-burst 30" # Custom user-defined chains. # LOG packets, …

rails cms admin area with access control - side note to my latex project

Recently I started to try out rails again, now the version 4. So far I am still very pleased, but have to admit that I was out of it for too long. A lot of things have to be "normal" to be able to get the creative flow going. At this stage I am researching for most of the time.

My goal is to use latex to put out pdf files. And the best solution is to create temporary folders through the ruby library and let it be controlled by rails session management. Because rails-latex seems to not fulfill my needs, a different purpose.

Anyway... I stumbled over the gem rails_admin and find it very useful. You just install it, and it will create a devise setup for you and in a jiffy your app has a admin backend through which you can control EVERYTHING.

Regarding the every day programmer creating apps for customers it may seem to be too much, but for me its perfect for I know what to do with the full access to all the models.

Definitely easier than setting up refineryCMS or some other cms.