LetsEncrypt

18 September 2018

Months ago, I started setting up LetsEncrypt using certbot on my Debian web server. It hosts multiple virtual hosts, so I setup 2 different sets of certificates: one for hjsoft.com/www.hjsoft.com and the other for johnflinchbaugh.com/www.johnflinchbaugh.com/blog.johnflinchbaugh.com.

On Debian, at least when I got started, it was recommernded to have certbot shutdown your apache2 and let it start its own temporary web server to verify the LetsEncrypt setup (--authenticator standalone). The other trick is to register multiple domain names for one certificate by repeating the -d option. I did this with this invocation:

certbot \
    --pre-hook "systemctl stop apache2" \
    --post-hook "systemctl start apache2" \
    --authenticator standalone \
    --installer apache \
    -d johnflinchbaugh.com \
    -d www.johnflinchbaugh.com \
    -d blog.johnflinchbaugh.com

I got it started a couple months ago, but I didn’t know how to setup multiple domain names, so I was always getting errors that this certificate was for a different name: johnflinchbaugh.com instead of www.johnflinchbaugh.com, etc.

That’s all sorted out now, and all my sites should be SSL all the time.

For more information on setup, certbot has a great set of guides based on your OS and web server.


Reclaiming Drives to Build a New RAID

07 January 2018

A couple years ago, I replaced my old spinner drives with matching SSDs. I left the old drives mounted but disconnected the cables. I’ve been watching my photo collection grow and consume about half my live storage, so I figured it was time to bring those slower spinning drives back online, so I can move my archive of old photos off my fast drives and get a little extra room.

I plugged in the first drive, and observed that it fortunately did not try to join the existing RAID arrays. lsblk showed me a list of drives and partitions and how they were currently used, so I could confidently cfdisk /dev/sda to wipe and recreate 1 primary partition on the drive as type fd (Linux raid autodetect). I rebooted to see the new partition table, and then installed and did the second drive (/dev/sdb in my case).

I setup the new drives in a mirror:

# create a new RAID1 mirror out of those new partitions:
mdadm --create /dev/md2 --level 1 --raid-devices=2 /dev/sda1 /dev/sdb1

# to ensure it's still called md2, and not md127 on reboot
update-initramfs -u

# create a filesystem
mkfs -t ext4 /dev/md2

# mount it to copy
mkdir /mnt/new
mount /dev/md2 /mnt/new

# migrate all my photos
rsync -av /home/john/Photos/ /mnt/new

After the initial migration, I tested it:

  • Rebooted

  • Checked that the array is there with the same name: cat /proc/mdstat (It initially had not kept the name, and that’s when I learned to update-initramfs above.)

  • Mounted the new array as /home/john/Photos,

  • Checked that Digikam still works.

That looked good, so it’s time to make it permanent:

  • Unmounted the new filesystem

  • Deleted all the old contents of /home/john/Photos

  • Added the new array to the /etc/fstab to mount it automatically

  • Rebooted!


2018-01-04 Source Local Bash RC

04 January 2018

Today, I’m knocking something off the TODO list: Ensuring a way to have local, non-shared shell initialization across workstations, while still sharing most the code.


Refiltering Mail

07 June 2017

Spamassassin daemon on my server had apparently shutdown, and I hadn’t noticed until I logged in to check email and found thousands of emails in my inbox, instead of having been properly filtered for spam. I cleaned up about 100 messages by hand, but I quickly realized I didn’t want to do this anymore. I found a tip at the Unix StackExchange suggesting that procmail could be run again on each message file as it sits in the Maildir, and each would be processed through spamassassin normally and redelivered to the correct mailbox.

To be safe, I moved all the new mail files (~/Maildir/new/\*) to /tmp/mail, fired up mutt to see them all gone, and then piped each file into procmail again:

for x in /tmp/mail/\*; do echo $x; procmail < $x; done

Back in mutt, I could see mail starting to appear again in my inbox and in my spam folders.

When the loop was done, and I was sure my inbox looked good, I removed /tmp/mail, and I was back in business.


All the Posts

September 2018

January 2018

June 2017

November 2016

February 2016

December 2012

November 2012

October 2011

December 2010

May 2010

January 2010

August 2009

March 2009

November 2008

October 2008

March 2008

January 2008

December 2007

September 2007

August 2007

June 2007

May 2007

April 2007

March 2007

January 2007

November 2006

October 2006

September 2006

August 2006

July 2006

June 2006

May 2006

March 2006

February 2006

January 2006

December 2005

November 2005

October 2005

September 2005

August 2005

July 2005

June 2005

May 2005

April 2005

March 2005

February 2005

January 2005

November 2004

October 2004

September 2004

August 2004

July 2004

June 2004

May 2004

April 2004

March 2004

February 2004

January 2004

December 2003

October 2003

August 2003