Free SSL for web, easy way !

I want say very short steps to make you page secure SSL with “Let’s Encrypt

Free-SSL
Free-SSL

Our case, we consider a server where we have ssh access, and we can modify configuration files from apache and restart services.

First step, install certbot.
yum install certbot

Second, request key for you webpage:
certbot certonly –webroot -w /var/www/html/roundcubemail/ -d webmail.your-domain.com

If you run for the first time here, you will get some questions:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Enter email address (used for urgent renewal and security notices) (Enter ‘c’ to
cancel): postmaster@your-domain.com
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org

——————————————————————————-
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v01.api.letsencrypt.org/directory
——————————————————————————-
(A)gree/(C)ancel: A


Next step you will get the key !

IMPORTANT NOTES:
– Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/webmail.your-domain.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/webmail.your-domain.com/privkey.pem
Your cert will expire on 2018-10-07. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
“certbot renew”
– Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
– If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

Final step create you own VHOST config in web server.

webmail
<VirtualHost 192.168.0.1:443>
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/webmail.your-domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/webmail.your-domain.com/privkey.pem
ServerAdmin postmaster@your-domain.com
ServerName webmail.your-domain.com
DocumentRoot /var/www/html/roundcubemail
CustomLog /var/log/httpd/webmailssl_access.log common
ErrorLog /var/log/httpd/webmailssl_error.log
</VirtualHost>

and restart you apache server:  systemctl restart httpd

Frecvente utilizate în Romania de operatorii de telefonie mobila!

Care sunt frecvențele utilizate de Orange România pentru retelele 2G, 3G si 4G ?

Raspuns:
2G = 900 Mhz / 1800 Mhz
3G = 2100 Mhz / 900 Mhz
4G = 800 Mhz / 1800 Mhz / 2600 Mhz. Sursa

Care sunt frecventele pentru Vodafone ?
Raspuns:
2G/GSM:900/1800
3G:900 si in orasele mari 2100
4G:800 și 1800 (mai ales 1800 ) [ 4G/LTE in benzile 3 si 20 (1800/800 Mhz). ]

Care sunt frecventele pentru Telekom ?
2G = 900 si 1800
3G = 900 și 2100
4G = 800, 900 și 1800

Care sunt pentru Digi ?
3G = 900Mhz si 2100Mhz
4G = banda 1 2100 Mhz FDD, banda 38 2600 Mhz TDD

O poza cu benzile în 4G în Romania, update 24.05.2018.

Network 4G Romania
Network 4G Romania

Redirect your visitors to SSL webpage!

https://steemit-production-imageproxy-upload.s3.amazonaws.com/DQmeUopNdPZ89XRjXQXocdDUhD25mqTFrEkE5ShdEtmnyYZ

After we’ve been able to get a free SSL certificate for our page now, we need to redirect to the SSL page.
According to Apache, the best way is to avoid using mod_rewrite !
Example:

< VirtualHost *:80 >
ServerName webmail.biotree.tk
Redirect "/" "https://webmail.biotree.tk/"
< /VirtualHost >

< VirtualHost *:443 >
    ServerName webmail.biotree.tk
    # ... SSL configuration goes here
< /VirtualHost >

I think this is the easiest way to redirect SSL from a non-SSL page.

How to activate Steempress plugin in WordPress !

A week ago, I posted on steemit.com a story about how to integrate wordpress with Blockchain steem. Here link!

Now I post from my blog that built with CMS wordpress where I installed and activated the stempress!

Let’s start with activating the steempres plugin.

As you can see in the picture you have to click on the “Activate” button and it should look like Stempress!

Now click on the settings and go to the activation menu.
Here we have to connect with the user and “Posting key” from the steem.
The “Posting key” is taken from our account on steemit.com.
Click on “SHOW PRIBATE KEY” to show your real key for login.  What you see at first time it’s not your real key.

Once you log in, it should look like this!
That’s all, when you post, you have the option of posting what you write on the blog or not on steem Blockchain. See picture!

I think this is the first wordpress written post that also appears on Steem blockchain.

I wish you an excellent day!

Postfix user sender resctriction

Hello all !

Today we want to restrict local user to send mail to more destinations!

1 First step

postconf -e 'smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/restricted_senders'
postconf -e 'smtpd_restriction_classes = local_only'
postconf -e 'local_only = check_recipient_access hash:/etc/postfix/local_domains, reject'

2. Step 2 Then create the file /etc/postfix/restricted_senders which looks similar to this one:

user@ceae.info        local_only
lucian@ceae.info       local_only

3. Final step Afterwards create /etc/postfix/local_domains which should look similar to this:

ceae.info                  OK
domain.com                 OK
otherdomain.de             OK

After this restart your server postfix! Enjoy!
(Source https://www.howtoforge.com/community/threads/postfix-users-restriction.3947/ Thanks falko )

How to add repository to your Edge Router Lite!

Hello in new year 2018 !

Today we add repository to Edge router lite for install more apps used in cli mode.

Log with ssh to your edge router lite or with cli:

type

sudo bash

and paste next commands

set system package repository wheezy components 'main contrib non-free'
set system package repository wheezy distribution wheezy
set system package repository wheezy password ''
set system package repository wheezy url 'http://ftp.us.debian.org/debian/'
set system package repository wheezy username ''
set system package repository wheezy-backports components main
set system package repository wheezy-backports distribution wheezy-backports
set system package repository wheezy-backports password ''
set system package repository wheezy-backports url 'http://http.us.debian.org/debian'
set system package repository wheezy-backports username ''
set system package repository wheezy-updates components 'main contrib'
set system package repository wheezy-updates distribution wheezy/updates
set system package repository wheezy-updates password ''
set system package repository wheezy-updates url 'http://security.debian.org/'
set system package repository wheezy-updates username ''

after this type

apt-get update

Now you can install nmap.

apt-get install nmap

Enjoy !

How to upgrade roundcubemail! From 1.1.1 to 1.3.3

This day we make update update to new version roundcubemail-1.3.3

    1. First step  make backup of actual version.
cp -R -p webmail_old/ /root/work/webmail_old-20171221
mysqldump -uroot -p yourpassword --routines --single-transaction your_roundcube_db > /etc/sqldump/your_roundcube_db.dump.sql

2. Second step download new version.

wget https://github.com/roundcube/roundcubemail/releases/download/1.3.3/roundcubemail-1.3.3-complete.tar.gz
or
wget https://serverde.biotree.tk/roundcubemail-1.3.3-complete.tar.gz

3. Unarhive and test if you have all you need to run

tar -zxvf roundcubemail-1.3.3-complete.tar.gz -C /path/to/folder/
( ex: tar -zxvf roundcubemail-1.3.3-complete.tar.gz -C /var/www/html/ )
read file roundcubemail-1.3.3/UPGRADING for REQUIREMENTS and roundcubemail-1.3.3/INSTALL

4. Final step, upgrade roundcubemail.

roundcubemail-1.3.3/bin/installto.sh webmail_old/
Upgrading from 1.1.1. Do you want to continue? (y/N)
y
.....................................................

Tips after update:
a. Check .htaccess settings (some php settings could become required)
b. If you’re using build-in addressbook, run indexing script /bin/indexcontacts.sh.
c. When upgrading from version older than 0.6-beta you should make sure
your folder settings contain namespace prefix. For example Courier users
should add INBOX. prefix to folder names in main configuration file.
d. Change layout in file  roundcubemail-1.3.3/config/defaults.inc.php

// Interface layout. Default: 'widescreen'.
//  'widescreen' - three columns
//  'desktop'    - two columns, preview on bottom
//  'list'       - two columns, no preview
$config['layout'] = 'widescreen';

default come with ‘widescreen’ but I like ‘desktop’.
and ‘show_images‘ change to 1.

// display remote inline images
// 0 - Never, always ask
// 1 - Ask if sender is not in address book
// 2 - Always show inline images
$config['show_images'] = 0;

Enjoy !

Update Centos 6.x to 6.9 and fail connect to Openvpn!

This week update to last vesion of centos 6.9 and find Openvpn do not work.

Error: ERROR: depth=0, error=certificate signature failure:
OpenSSL: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned

RHEL 6.9 / Centos 6.9 remove Deprecated Insecure Algorithms and Protocols link.

More info: CentOS 6.9 Release Notes

Solution 1:  Remove old keys from your Openvpn server and create new key.
Solution 2: Add exception for keys you have now but don’t forget to change keys in soon as posible.

Exception:

echo -e “LegacySigningMDs md2 md5\nMinimumDHBits 512\n” >> /etc/pki/tls/legacy-settings
service openvpn restart

Enjoy for today !

Adding the new MySQL user with access in database and just one table!

Q: I would like to know how to give permission to the database user logged in to access only one table and not whole database?
A: 1. Create user:
CREATE USER 'userlimit'@'%' IDENTIFIED BY 'NewPassword';
2. Now run the following to grant the SELECT privilage to the table and database selected ( where you wish ).
GRANT SELECT ON database_name.table_name TO 'userlimit'@'%';
Enjoy!

Test:
MariaDB [database_name]> select * from loturi;
ERROR 1142 (42000): SELECT command denied to user 'userlimit'@'localhost' for table 'loturi'

How remove a lot of mail from mailq with few cli comands.

Hello,

We have a lot of mail with errors like:

D7AF9121256 34341 Tue Nov 21 11:19:27 MAILER-DAEMON ……….

We want to remove them.

First commands:

mailq | grep MAILER-DAEMON | awk ‘{ print $1 }’ > /root/mailq-201711.txt

Here we catch the ID like D7AF9121256 each mail and save in file /root/mailq-201711.txt.

cat /root/mailq-201711.txt

F0DFF124FDB*
D79941257D6*
75668125191*
5879A1256F4*
4A9DB124CA3*
489E6124A01*
C7DC9124A8A*
3EE891252EC*
7E956125735*
69B0E124DAA*
58F9E12535D*
8DBF71255A0*
8D633125035*
08A411254DE*
549C9124902*
8144B12537B*
D927512497A*
6606C125774*
E09BA125439*
538091259BD*
1F749125973*
8A9CB1255DC*
1D949124DD7*
13B1812546E*

Now we have to remove caracacter * from each ID because we get error to next commands.
Open file /root/mailq-201711.txt with vim and execute commands :1,$ s/*/<space>/g   where 1 it’s first line and $ last line.   Save file and exit ( :wq )

And now delete mails form mailq with:

while read i; do postsuper -d $i; done </root/mailq-201711.txt

After read each line I delete ID with postsuper -d $i and read next line.   Enjoy!