Solaris tips

HTTPS Apache web server

The goal is to run HTTPS Apache web server using Let's Encrypt certificate.

Let's encrypt

In order to get a certificate from Let’s Encrypt, it is necessary to demonstrate control over the domain. With Let’s Encrypt, it is done by using software that uses the ACME protocol which typically runs on a web host. For Solaris (and other OSes), there is an ACME client available.

Deployment of ACME client in Solaris zone running Apache

  • install
$ ssh carmon
# pkg install -v gnu-tar

$ mkdir ~/scripts
$ cd ~/scripts
$ wget -O acme.sh https://get.acme.sh
$ ./acme.sh install
$ crontab -l
48 0 * * * "/home/dambi/.acme.sh"/acme.sh --cron --home "/home/dambi/.acme.sh" > /dev/null
  • issue a certificate
# chmod a+w /var/apache2/2.4/htdocs/
$ cd ~/.acme.sh
$ ./acme.sh --issue -d tio.ddns.net -w /var/apache2/2.4/htdocs/
  • install the certificate to Apache
$ ./acme.sh --install-cert -d tio.ddns.net --cert-file /etc/apache2/2.4/letsencrypt/tio.ddns.net/cert.pem --key-file /etc/apache2/2.4/letsencrypt/tio.ddns.net/key.pem --fullchain-file /etc/apache2/2.4/letsencrypt/tio.ddns.net/fullchain.pem --reloadcmd "svcadm refresh apache24"
$ chmod a+r /etc/apache2/2.4/letsencrypt/tio.ddns.net/key.pem

Configure Apache to use Let's Encrypt certificates

# vim /etc/apache2/2.4/httpd.conf
...
Listen 80
Listen 443
...
LoadModule ssl_module libexec/mod_ssl.so
...
<VirtualHost *:80>
        ServerName tio.ddns.net
        Redirect / https://tio.ddns.net/
</VirtualHost>

<VirtualHost *:443>
        ServerName tio.ddns.net
        Protocols h2 http/1.1

        SSLEngine on
        SSLCertificateFile /etc/apache2/2.4/letsencrypt/tio.ddns.net/fullchain.pem
        SSLCertificateKeyFile /etc/apache2/2.4/letsencrypt/tio.ddns.net/key.pem
</VirtualHost>
...
# svcadm restart apache24

Jako alternativa viz článek Apache & Let's Encrypt na Rootu.

Howto merge pdf documents

$ gs -sDEVICE=pdfwrite -dNOPAUSE -dQUIET -dBATCH -sOutputFile=out.pdf *.pdf

Howto convert plain text file to pdf

$ pr -f <file> | a2ps -1 -m -B --borders=no -o - | ps2pdf - - > /tmp/pr.pdf

Howto disable launching X on /dev/console

Can't just disable gdm(1m), since it takes care of launching Xnewt for Sun Ray thin clients. Instead, disabled just primary ConsoleKit seat by setting Hidden attribute to true in /etc/ConsoleKit/seats.d/00-primary.seat configuration file:

$ grep Hidden /etc/ConsoleKit/seats.d/00-primary.seat
#Hidden=false
Hidden=true

More info in console-kit-daemon(1m) man page.

Create new Mercurial repository

$ cd /data/hg
$ mkdir elektro
$ cd elektro
$ hg init
notes/solaris_tips.txt · Last modified: 2021/05/01 09:48 by admin
CC Attribution-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0