This is an old revision of the document!
Table of Contents
Solaris tips
HTTPS Apache web server
The goal is to run HTTPS Apache web server using Let's Encrypt certificate.
Let's encrypt
In order to get a certificate from Let’s Encrypt, it is necessary to demonstrate control over the domain. With Let’s Encrypt, it is done by using software that uses the ACME protocol which typically runs on a web host. For Solaris (and other OSes), there is an ACME client available.
Deployment of ACME client in Solaris zone running Apache
- install
$ ssh carmon # pkg install -v gnu-tar $ mkdir ~/scripts $ cd ~/scripts $ wget -O acme.sh https://get.acme.sh $ ./acme.sh install
- issue a certificate
# chmod a+w /var/apache2/2.4/htdocs/ $ cd ~/.acme.sh $ ./acme.sh --issue -d tio.ddns.net -w /var/apache2/2.4/htdocs/
- install the certificate to Apache
$ ./acme.sh --install-cert -d tio.ddns.net --cert-file /etc/apache2/2.4/letsencrypt/tio.ddns.net/cert.pem --key-file /etc/apache2/2.4/letsencrypt/tio.ddns.net/key.pem --fullchain-file /etc/apache2/2.4/letsencrypt/tio.ddns.net/fullchain.pem --reloadcmd "svcadm refresh apache24" $ chmod a+r /etc/apache2/2.4/letsencrypt/tio.ddns.net/key.pem
Configure Apache to use Let's Encrypt certificates
- enable SSL in Apache
# vim /etc/apache2/2.4/httpd.conf ... Listen 80 Listen 443 ... LoadModule ssl_module libexec/mod_ssl.so ... <VirtualHost *:80> ServerName tio.ddns.net Redirect / https://tio.ddns.net/ </VirtualHost> <VirtualHost *:443> ServerName tio.ddns.net Protocols h2 http/1.1 SSLEngine on SSLCertificateFile /etc/apache2/2.4/letsencrypt/tio.ddns.net/fullchain.pem SSLCertificateKeyFile /etc/apache2/2.4/letsencrypt/tio.ddns.net/key.pem </VirtualHost> ... # svcadm restart apache24
Jako alternativa viz článek Apache & Let's Encrypt na Rootu.
Howto merge pdf documents
$ gs -sDEVICE=pdfwrite -dNOPAUSE -dQUIET -dBATCH -sOutputFile=out.pdf *.pdf
Howto convert plain text file to pdf
$ pr -f <file> | a2ps -1 -m -B --borders=no -o - | ps2pdf - - > /tmp/pr.pdf
Howto disable launching X on /dev/console
Can't just disable gdm(1m), since it takes care of launching Xnewt for Sun Ray thin clients. Instead, disabled just primary ConsoleKit seat by setting Hidden attribute to true in /etc/ConsoleKit/seats.d/00-primary.seat configuration file:
$ grep Hidden /etc/ConsoleKit/seats.d/00-primary.seat #Hidden=false Hidden=true
More info in console-kit-daemon(1m) man page.
Create new Mercurial repository
$ cd /data/hg $ mkdir elektro $ cd elektro $ hg init