Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
notes:solaris_tips [2014/01/07 20:35] admin [Howto disable launching X on /dev/console] |
notes:solaris_tips [2021/05/01 09:45] admin [Let's encrypt] |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== Solaris tips ====== | ====== Solaris tips ====== | ||
+ | ===== HTTPS Apache web server ===== | ||
+ | The goal is to run HTTPS Apache web server using [[https://letsencrypt.org/|Let's Encrypt]] certificate. | ||
+ | ==== Let's encrypt ==== | ||
+ | In order to get a certificate from Let’s Encrypt, it is necessary to demonstrate control over the domain. With Let’s Encrypt, it is done by using software that uses the [[https://tools.ietf.org/html/rfc8555|ACME]] protocol which typically runs on a web host. For Solaris (and other OSes), there is an [[https://github.com/acmesh-official/acme.sh|ACME client]] available. | ||
+ | === Deployment of ACME client in Solaris zone running Apache === | ||
+ | * install | ||
+ | <code> | ||
+ | $ ssh carmon | ||
+ | # pkg install -v gnu-tar | ||
+ | |||
+ | $ mkdir ~/scripts | ||
+ | $ cd ~/scripts | ||
+ | $ wget -O acme.sh https://get.acme.sh | ||
+ | $ ./acme.sh install | ||
+ | </code> | ||
+ | * issue a certificate | ||
+ | <code> | ||
+ | # chmod a+w /var/apache2/2.4/htdocs/ | ||
+ | $ cd ~/.acme.sh | ||
+ | $ ./acme.sh --issue -d tio.ddns.net -w /var/apache2/2.4/htdocs/ | ||
+ | </code> | ||
+ | * install the certificate to Apache | ||
+ | <code> | ||
+ | $ ./acme.sh --install-cert -d tio.ddns.net --cert-file /etc/apache2/2.4/letsencrypt/tio.ddns.net/cert.pem --key-file /etc/apache2/2.4/letsencrypt/tio.ddns.net/key.pem --fullchain-file /etc/apache2/2.4/letsencrypt/tio.ddns.net/fullchain.pem --reloadcmd "svcadm refresh apache24" | ||
+ | $ chmod a+r /etc/apache2/2.4/letsencrypt/tio.ddns.net/key.pem | ||
+ | </code> | ||
+ | === Configure Apache to use Let's Encrypt certificates === | ||
+ | * enable SSL in Apache | ||
+ | * [[https://cwiki.apache.org/confluence/display/httpd/RedirectSSL|redirect HTTP to HTTPS ]] | ||
+ | <code> | ||
+ | # vim /etc/apache2/2.4/httpd.conf | ||
+ | ... | ||
+ | Listen 80 | ||
+ | Listen 443 | ||
+ | ... | ||
+ | LoadModule ssl_module libexec/mod_ssl.so | ||
+ | ... | ||
+ | <VirtualHost *:80> | ||
+ | ServerName tio.ddns.net | ||
+ | Redirect / https://tio.ddns.net/ | ||
+ | </VirtualHost> | ||
+ | |||
+ | <VirtualHost *:443> | ||
+ | ServerName tio.ddns.net | ||
+ | Protocols h2 http/1.1 | ||
+ | |||
+ | SSLEngine on | ||
+ | SSLCertificateFile /etc/apache2/2.4/letsencrypt/tio.ddns.net/fullchain.pem | ||
+ | SSLCertificateKeyFile /etc/apache2/2.4/letsencrypt/tio.ddns.net/key.pem | ||
+ | </VirtualHost> | ||
+ | ... | ||
+ | # svcadm restart apache24 | ||
+ | </code> | ||
+ | Jako alternativa viz článek [[https://www.root.cz/clanky/apache-pridava-podporu-let-s-encrypt-pro-https-staci-jeden-radek-konfigurace/|Apache & Let's Encrypt]] na Rootu. | ||
===== Howto merge pdf documents ===== | ===== Howto merge pdf documents ===== | ||
<code> | <code> | ||
$ gs -sDEVICE=pdfwrite -dNOPAUSE -dQUIET -dBATCH -sOutputFile=out.pdf *.pdf | $ gs -sDEVICE=pdfwrite -dNOPAUSE -dQUIET -dBATCH -sOutputFile=out.pdf *.pdf | ||
+ | </code> | ||
+ | ===== Howto convert plain text file to pdf ===== | ||
+ | <code> | ||
+ | $ pr -f <file> | a2ps -1 -m -B --borders=no -o - | ps2pdf - - > /tmp/pr.pdf | ||
</code> | </code> | ||
===== Howto disable launching X on /dev/console ===== | ===== Howto disable launching X on /dev/console ===== | ||
Line 12: | Line 70: | ||
</code> | </code> | ||
More info in **console-kit-daemon(1m)** man page. | More info in **console-kit-daemon(1m)** man page. | ||
+ | ===== Create new Mercurial repository ===== | ||
+ | <code> | ||
+ | $ cd /data/hg | ||
+ | $ mkdir elektro | ||
+ | $ cd elektro | ||
+ | $ hg init | ||
+ | </code> | ||
+ |