====== Solaris tips ======
===== HTTPS Apache web server =====
The goal is to run HTTPS Apache web server using [[https://letsencrypt.org/|Let's Encrypt]] certificate.
==== Let's encrypt ====
In order to get a certificate from Let’s Encrypt, it is necessary to demonstrate control over the domain. With Let’s Encrypt, it is done by using software that uses the [[https://tools.ietf.org/html/rfc8555|ACME]] protocol which typically runs on a web host. For Solaris (and other OSes), there is an [[https://github.com/acmesh-official/acme.sh|ACME client]] available.
=== Deployment of ACME client in Solaris zone running Apache ===
* install
$ ssh carmon
# pkg install -v gnu-tar
$ mkdir ~/scripts
$ cd ~/scripts
$ wget -O acme.sh https://get.acme.sh
$ ./acme.sh install
$ crontab -l
48 0 * * * "/home/dambi/.acme.sh"/acme.sh --cron --home "/home/dambi/.acme.sh" > /dev/null
* issue a certificate
# chmod a+w /var/apache2/2.4/htdocs/
$ cd ~/.acme.sh
$ ./acme.sh --issue -d tio.ddns.net -w /var/apache2/2.4/htdocs/
* install the certificate to Apache
$ ./acme.sh --install-cert -d tio.ddns.net --cert-file /etc/apache2/2.4/letsencrypt/tio.ddns.net/cert.pem --key-file /etc/apache2/2.4/letsencrypt/tio.ddns.net/key.pem --fullchain-file /etc/apache2/2.4/letsencrypt/tio.ddns.net/fullchain.pem --reloadcmd "svcadm refresh apache24"
$ chmod a+r /etc/apache2/2.4/letsencrypt/tio.ddns.net/key.pem
=== Configure Apache to use Let's Encrypt certificates ===
* enable SSL in Apache
* [[https://cwiki.apache.org/confluence/display/httpd/RedirectSSL|redirect HTTP to HTTPS ]]
# vim /etc/apache2/2.4/httpd.conf
...
Listen 80
Listen 443
...
LoadModule ssl_module libexec/mod_ssl.so
...
ServerName tio.ddns.net
Redirect / https://tio.ddns.net/
ServerName tio.ddns.net
Protocols h2 http/1.1
SSLEngine on
SSLCertificateFile /etc/apache2/2.4/letsencrypt/tio.ddns.net/fullchain.pem
SSLCertificateKeyFile /etc/apache2/2.4/letsencrypt/tio.ddns.net/key.pem
...
# svcadm restart apache24
Jako alternativa viz článek [[https://www.root.cz/clanky/apache-pridava-podporu-let-s-encrypt-pro-https-staci-jeden-radek-konfigurace/|Apache & Let's Encrypt]] na Rootu.
===== Howto remove password from pdf document =====
$ qpdf --password=YOURPASSWORD-HERE --decrypt input.pdf output.pdf
===== Howto merge pdf documents =====
$ pdfunite pdf1.pdf pdf2.pdf ... out.pdf
or
$ gs -sDEVICE=pdfwrite -dNOPAUSE -dQUIET -dBATCH -sOutputFile=out.pdf *.pdf
===== Howto convert plain text file to pdf =====
$ pr -f | a2ps -1 -m -B --borders=no -o - | ps2pdf - - > /tmp/pr.pdf
===== Howto disable launching X on /dev/console =====
Can't just disable **gdm(1m)**, since it takes care of launching Xnewt for Sun Ray thin clients. Instead, disabled just primary ConsoleKit seat by setting **Hidden** attribute to **true** in **/etc/ConsoleKit/seats.d/00-primary.seat** configuration file:
$ grep Hidden /etc/ConsoleKit/seats.d/00-primary.seat
#Hidden=false
Hidden=true
More info in **console-kit-daemon(1m)** man page.
===== Create new Mercurial repository =====
$ cd /data/hg
$ mkdir elektro
$ cd elektro
$ hg init