Install Gogs on Ubuntu with Reverse Proxy

Problem

  • Fast and easy install of Gogs on Ubuntu

Solution

Update everything

sudo apt-get update && sudo apt-get upgrade && sudo apt-get install git

Install MySQL

sudo apt-get install mysql-server

Securing it

mysql_secure_installation

(Remove remote connectivity etc.)

Login MySQL

mysql -u root -p

In MySQL Shell

CREATE DATABASE gogs;
GRANT ALL PRIVILEGES ON gogs.* TO ‘gogs’@’localhost’ IDENTIFIED BY ‘<>’;
FLUSH PRIVILEGES;
quit;

Create a Service User to run Gogs and store repositories (optional)

useradd –system –create-home git
sudo passwd git

Login as git user (optional)

su git
cd —

Download Gogs

Goto Gogs site and copy the current version download link.

wget https://dl.gogs.io/0.11.34/linux_amd64.zip

unzip linux_amd64.zip

Systemd

nano ./gogs/scripts/systemd/gogs.service

Edit File like this (for git user; change git if you install it in an another directory)

[Unit]
Description=Gogs
After=syslog.target
After=network.target
After=mysqld.service

[Service]
# Modify these two values and uncomment them if you have
# repos with lots of files and get an HTTP error 500 because
# of that
###
#LimitMEMLOCK=infinity
#LimitNOFILE=65535
Type=simple
User=git
Group=git
WorkingDirectory=/home/git/gogs
ExecStart=/home/git/gogs/gogs web
Restart=always
Environment=USER=git HOME=/home/git

Copy and enable

cp ./gogs/scripts/systemd/gogs.service /etc/systemd/system/gogs.service
sudo systemctl enable gogs

Start Gogs

sudo systemctl start gogs

Finally, open http://<<yourserver>&gt;:3000 and enter the needed data:

At last, register a new user. The user will be admin as default.

Apache2 Reverse Proxy (Optional)

sudo apt-get install apache2
sudo a2enmod proxy
sudo a2enmod proxy_http

Edit conf

sudo nano /etc/apache2/sites-available/000-default.conf

Set reverse proxy

<VirtualHost *:80>
ProxyPreserveHost On
ProxyRequests off
ProxyPass / http://127.0.0.1:3000/
ProxyPassReverse / http://127.0.0.1:3000/
</VirtualHost>

Restart Apache2

sudo systemctl restart apache2

Fin.

Advertisements

Install Jenkins on Ubuntu

Problem

  • Install Jenkins on Ubuntu with package manager
  • Quick and dirty

Solution

wget -q -O – https://pkg.jenkins.io/debian/jenkins-ci.org.key | sudo apt-key add –

deb https://pkg.jenkins.io/debian-stable binary/ | sudo tee /etc/apt/sources.list.d/jenkins.list

sudo apt-get install jenkins

sudo systemctl start jenkins

 

http://YOURDOMAIN:8080

sudo cat /var/lib/jenkins/secrets/initialAdminPassword

Do not forget to install the simple theme plugin.

Install Splunk on Ubuntu and hide behind Apache2 Proxy

Problem

  • Hide Splunk behind Apache2
  • Enable .htaccess
  • Ubuntu 16.04 LTS

Solution

Install Splunk

dpkg -i splunk_package_name.deb

/opt/splunk/bin/splunk start –accept-license

For enable this behavior, please set the following in /opt/splunk/etc/system/default/web.conf

root_endpoint=/NAME

Restart Splunk:

/opt/splunk/bin/splunk restart

Start at boot time:

opt/splunk/bin/splunk enable boot-start

Apache

Enable needed modules:

  • sudo a2enmod proxy
  • sudo a2enmod proxy_http

Edit /etc/apache2/sites-available/000-default.conf

<VirtualHost *:80>
ProxyPreserveHost On

ProxyPass / http://127.0.0.1:8000/NAME
ProxyPassReverse / http://127.0.0.1:8000/NAME
</VirtualHost>

Add .htaccess to VirtualHost

<Location /NAME>
AuthType Basic
AuthName “Wrapper auth”
AuthBasicProvider file
AuthUserFile “/PATHTOHTPASSWD/htpasswd”
Require valid-user
</Location>

Restart

sudo systemctl restart apache2

Install Apache2 with SSL/HTTPs on Ubuntu

Problem

  • You need a Apache2 with HTTPs on Ubuntu

Solution

Prepare

sudo apt-get update && sudo apt-get upgrade -y

sudo apt-get install apache2

Create certificate

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt

You will be asked for some infomation. Just put in, what you want:

Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:

Optional

Create strong Diffie-Hellman

sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

SSL Params

SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder On
# Disable preloading HSTS for now. You can use the commented out header line that includes
# the “preload” directive if you understand the implications.
#Header always set Strict-Transport-Security “max-age=63072000; includeSubdomains; preload”
Header always set Strict-Transport-Security “max-age=63072000; includeSubdomains”
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
# Requires Apache >= 2.4
SSLCompression off
SSLSessionTickets Off
SSLUseStapling on
SSLStaplingCache “shmcb:logs/stapling-cache(150000)”

Edit /etc/apache2/sites-available/default-ssl.conf

sudo nano /etc/apache2/sites-available/default-ssl.conf

Change to

SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key

Eanble everything

sudo a2enmod ssl
sudo a2enmod headers
sudo a2ensite default-ssl
sudo a2enconf ssl-params

Restart Apache2

sudo systemctl restart apache2

 

 

 

Install RabbitMQ on Ubuntu 16.04

Problem

  • Install RabbitMQ on Ubuntu Server

Solution

Install Repository

echo ‘deb http://www.rabbitmq.com/debian/ testing main’ | sudo tee /etc/apt/sources.list.d/rabbitmq.list

wget -O- https://www.rabbitmq.com/rabbitmq-release-signing-key.asc | sudo apt-key add –

Install RabbitMQ

sudo apt-get update

sudo apt-get install rabbitmq-server

Status

sudo systemctl status rabbitmq-server

Start RabbitMQ

sudo systemctl start rabbitmq-server

Stop RabbitMQ

sudo systemctl stop rabbitmq-server

Limits

sudo nano /etc/sysctl.conf

Add

fs.file-max = 65536

Run

sudo sysctl -p

Edit

sudo nano /etc/security/limits.conf

Add

* soft nproc 65536
* hard nproc 65536
* soft nofile 65536
* hard nofile 65536
root soft nproc 65536
root hard nproc 65536
root soft nofile 65536
root hard nofile 65536

Edit

sudo nano /etc/pam.d/common-session

Add

session required pam_limits.so

Restart

sudo reboot

Ports

Open Ports: 15672 (Mgmt), 5672 and 5671 (Messages)

Management Plugin

sudo rabbitmq-plugins enable rabbitmq_management

sudo systemctl restart rabbitmq-server

Add Admin

rabbitmqctl add_user admin <<password>>
rabbitmqctl set_user_tags admin administrator
rabbitmqctl set_permissions -p / admin “.*” “.*” “.*”

See Management Site

Open http://<<IP>>:15672

Install iTop on Linux

Problem

  • Install itop on Linux with SELinux

Setting

  • Oracle Linux
  • iTop Version 2.3.4

Solution

Install MySQL

yum install mysql mysql-server

#Set root password
/usr/bin/mysql_secure_installation

mysql – u -p <>

mysql> create database itop;
mysql> create user ‘itop’@’%’ identified by ‘itop-password’;
mysql> grant all privileges on itop.* to ‘itop’@’%’;

mysql> quit;

Install Apache and PHP

yum install httpd php php-mysql php-xml php-soap

systemctl start httpd

Get iTop

wget https://downloads.sourceforge.net/project/itop/itop/2.3.4/iTop-2.3.4-3302.zip?r=https%3A%2F%2Fsourceforge.net%2Fprojects%2Fitop%2Ffiles%2Fitop%2F2.3.4%2F&ts=1502963636&use_mirror=10gbps-io

Files

mv ./web /var/www/itop

cd /var/www/html/itop

mkdir conf
mkdir env-production

chmod 777 conf
chmod 777 data
chmod 777 env-production
chmod 777 log

# If SELinux blocks access
chcon –user system_u –type httpd_sys_content_t -Rv /var/www/html/itop/
# or
sudo setenforce 0

Start install process

Go in your browser and type: http://localhost/itop

Fin

 

Restart failed program every 5 min

Problem

  • Your program fails regularly
  • You need to check if it is running and if not, restart it

Solution

Create a script:

nano restart.sh

Put in the code and replace htop with your program name:

#!/bin/sh

ps cax | grep htop > /dev/null
if [ $? -eq 0 ]; then
echo “Process running.”
else
echo “Process is down.”
fi

Make the script executable:

chmod +x restart.sh

Create a cron job:

crontab -e

Create a new line (replace /home/user/):

*/5 * * * * /home/user/restart.sh

Fin.

 

System wide proxy settings for Xubuntu (16.10)

Problem

  • You have to set http etc. proxy settings for all application
  • XUbuntu GUI is not helpful 😉

Solution

Step 1: Edit environment

sudo nano /etc/environment

Append these lines (fill in your proxy):

http_proxy=http://yourproxy:8080/
https_proxy=http://yourproxy:8080/
HTTP_PROXY=http://yourproxy:8080/
HTTPS_PROXY=http://yourproxy:8080/

To load the new variables:

source /etc/environment

Step 2: Edit apt

Go to /etc/apt/apt.conf.d/ and create a file named 95proxies.

sudo nano /etc/apt/apt.conf.d/95proxies

Fill in these lines:

Acquire::http::proxy “http://yourproxy:8080/&#8221;;
Acquire::ftp::proxy “ftp://yourproxy:8080/”;
Acquire::https::proxy “http://yourproxy:8080/&#8221;;

Fin.