Nov 092014
 

I edited /etc/sudoers without visudo, and made a mistake. That will prevent you from successfully using sudo again. No real harm done, but it takes rebooting to get it fixed.

1) reboot in recovery mode (press escape when booting so the grub options are shown)
2) drop to a root shell (option in the recovery menu)
3) mount -o rw,remount /
4) visudo (emacs based editor)
5) reboot the system

You should be up and running again!

Jul 262013
 

I don’t use my local GlassFish much, so of course: I lost the admin password. Here’s a simple method to be able to log in again.

Start asadmin from the $GLASSFISH/bin folder.

asadmin> list-domains
domain1 not running
Command list-domains executed succesfully.

Next create a domain that does not exist yet. Supply an admin user and password that you can remember!

asadmin> create-domain
Enter the value for the domain_name operand> dummy
Enter admin user name [Enter to accept default "admin" / no password]> admin
Enter the admin password [Enter to accept default of no password]> ******
Enter the admin password again> ******
Using default port 4848 for Admin.
Using default port 8080 for HTTP Instance.
...
Domain dummy created.
Domain dummy admin port is 4848.
Domain dummy admin user is "admin".
Command create-domain executed successfully.
asadmin>

Now go to the config folder of domain dummy ($GLASSFISH/glassfish/domains/dummy/config). There is a file admin-keyfile. Copy this file to the config folder of your original domain, e.g. domain1 ($GLASSFISH/glassfish/domains/domain1/config). Make sure you make a backup of the original admin-keyfile first.

Confirm that you can log in as admin again. If so, you can safely delete the dummy-domain:

asadmin> delete-domain dummy
Domain dummy deleted.
Command delete-domain executed successfully.
asadmin>
Jan 162013
 

Ubuntu 12.04 has the default firewall ufw enabled, but I rather use iptables. And everytime I reboot the system, I run a script to enable the firewall rules again. But I just found out I don’t need to, there’s a tool for that. Of course.


sudo apt-get install iptables-persistent

That asks you to save the current IPv4 and IPv6 rules and creates a service that is started at boot time so it reads the created files.

Voila.

Jul 192012
 

To have some directories on my server protected by more than a simple username and password, I wanted to use SSL and client certificates. I could easily restrict the directories to my local network IP-addresses, but when I’m “outside” that would present a problem. Hence the solution with client certificates.

 

As I blogged earlier, I requested a real server certificate from the people at Xolphin. Nice people, low prices, fast service. But…..you cannot create/sign client certificates with such a certificate. You need the real certificate installed on the server, and you need to create a certificate that has been created/signed by you as a fake Certificate Authority. The Fake CA has to be known to Apache and to your browser. Next the client certificate (created/signed by the Fake CA) must be imported into your browser, and of course the directories you want to protect need to be in the SSL-configuration of Apache.

 

Now that I know how it works, it is simple, but most guides on the internet either follow the Fake CA principle (so you don’t need to buy a real certificate) or they only use a real certificate. Spending money to have your SSL-certificate-supplier do the job for you is another thing. But this works. And for € 10 (excluding VAT) per year I now have a real server certificate, and I can further protect my server with my own certificates.

Oct 182011
 

Pfff….finally. It was something that was long overdue, but I’ve setup my mailserver to allow sending mail after succesfully logging in. Done with SASL of course. Updated all the passwords in my MySQL database with the correct encrypted ones, fiddled around with the SASL-database (it needs to be copied for some reason after modifying it), and now it works. The reason of course was to use the switchbl8.nl domain for sending mail from my mobile phone (which is not on my local network, so by default isn’t allow to relay mail to other domains).

Most important change is also that my passwords are not send plain/unencrypted anymore…

Sep 012010
 

Some people hack into resources of others. My wiki and my forums are almost constantly being hacked into, pages are altered, users are created, spam is left behind, etcetera, etcetera. That’s annoying.

I decided that the forums and the wiki will have to go. I hardly ever use them anyway. This is a message so you know where they went after they’re gone.