====== Solaris tips ======
===== HTTPS Apache web server =====
The goal is to run HTTPS Apache web server using [[https://letsencrypt.org/|Let's Encrypt]] certificate.
==== Let's encrypt ====
In order to get a certificate from Let’s Encrypt, it is necessary to demonstrate control over the domain. With Let’s Encrypt, it is done by using software that uses the [[https://tools.ietf.org/html/rfc8555|ACME]] protocol which typically runs on a web host. For Solaris (and other OSes), there is an [[https://github.com/acmesh-official/acme.sh|ACME client]] available.
=== Deployment of ACME client in Solaris zone running Apache ===
  * install
<code>
$ ssh carmon
# pkg install -v gnu-tar

$ mkdir ~/scripts
$ cd ~/scripts
$ wget -O acme.sh https://get.acme.sh
$ ./acme.sh install
$ crontab -l
48 0 * * * "/home/dambi/.acme.sh"/acme.sh --cron --home "/home/dambi/.acme.sh" > /dev/null
</code>
  * issue a certificate
<code>
# chmod a+w /var/apache2/2.4/htdocs/
$ cd ~/.acme.sh
$ ./acme.sh --issue -d tio.ddns.net -w /var/apache2/2.4/htdocs/
</code>
  * install the certificate to Apache
<code>
$ ./acme.sh --install-cert -d tio.ddns.net --cert-file /etc/apache2/2.4/letsencrypt/tio.ddns.net/cert.pem --key-file /etc/apache2/2.4/letsencrypt/tio.ddns.net/key.pem --fullchain-file /etc/apache2/2.4/letsencrypt/tio.ddns.net/fullchain.pem --reloadcmd "svcadm refresh apache24"
$ chmod a+r /etc/apache2/2.4/letsencrypt/tio.ddns.net/key.pem
</code>
=== Configure Apache to use Let's Encrypt certificates ===
  * enable SSL in Apache
  * [[https://cwiki.apache.org/confluence/display/httpd/RedirectSSL|redirect HTTP to HTTPS ]]
<code>
# vim /etc/apache2/2.4/httpd.conf
...
Listen 80
Listen 443
...
LoadModule ssl_module libexec/mod_ssl.so
...
<VirtualHost *:80>
        ServerName tio.ddns.net
        Redirect / https://tio.ddns.net/
</VirtualHost>

<VirtualHost *:443>
        ServerName tio.ddns.net
        Protocols h2 http/1.1

        SSLEngine on
        SSLCertificateFile /etc/apache2/2.4/letsencrypt/tio.ddns.net/fullchain.pem
        SSLCertificateKeyFile /etc/apache2/2.4/letsencrypt/tio.ddns.net/key.pem
</VirtualHost>
...
# svcadm restart apache24
</code>
Jako alternativa viz článek [[https://www.root.cz/clanky/apache-pridava-podporu-let-s-encrypt-pro-https-staci-jeden-radek-konfigurace/|Apache & Let's Encrypt]] na Rootu.
===== Howto remove password from pdf document =====
<code>
$ qpdf --password=YOURPASSWORD-HERE --decrypt input.pdf output.pdf
</code>
===== Howto merge pdf documents =====
<code>
$ pdfunite pdf1.pdf pdf2.pdf ... out.pdf
</code>
or
<code>
$ gs -sDEVICE=pdfwrite -dNOPAUSE -dQUIET -dBATCH -sOutputFile=out.pdf *.pdf
</code>
===== Howto convert plain text file to pdf =====
<code>
$ pr -f <file> | a2ps -1 -m -B --borders=no -o - | ps2pdf - - > /tmp/pr.pdf
</code>
===== Howto disable launching X on /dev/console =====
Can't just disable **gdm(1m)**, since it takes care of launching Xnewt for Sun Ray thin clients. Instead, disabled just primary ConsoleKit seat by setting **Hidden** attribute to **true** in **/etc/ConsoleKit/seats.d/00-primary.seat** configuration file:
<code>
$ grep Hidden /etc/ConsoleKit/seats.d/00-primary.seat
#Hidden=false
Hidden=true
</code>
 More info in **console-kit-daemon(1m)** man page.
===== Create new Mercurial repository =====
<code>
$ cd /data/hg
$ mkdir elektro
$ cd elektro
$ hg init
</code>