Allow Access To Port in SELinux and Firewall

SELinux can be a pain at times if you don’t have a clear understanding how it works. A good chunk of resolutions around the web end up suggesting turning off SELinux completely. This, to say the least, is one of the worst things you can do to your server.

Allowing access to ports through SELinux is one of the things that came across while setting up Elasticsearch cluster on Cent OS servers and I wanted to share a quick run down of steps/commands required to allow a port through the firewall. In this example, we’ll be allowing access to port 8090. Continue reading

How to update passwords in bulk in ViciDial

To simultaneously update all of the username and phone passwords in ViCiDial, please log in to your MySQL (or PhpMyAdmin, if available) and run the following SQL statements:

 

Special Bash characters and parameters and their meaning

Here I accumulated the most useful and frequently used special Bash characters and parameters. This list of special bash parameters is by no means complete and only contains some of the bash script parameters which I have encountered, so please contribute any bash parameter which is not in this list and you found useful. Continue reading

Webmin uses default certificate instead LetsEncrypt

webmin-logoThe Letsencrypt certificate was successfully configured for Webmin in Webmin Configuration -> SSL settings -> Letsencrypt.

However Webmin still uses default certificate like it does not see Letsencrypt certificate at all.

Steps taken to cause problem: Continue reading

How to properly mirror a git repository

What we want with mirroring is to replicate the state of an origin repository (or upstream repository). By state, we mean all the branches (including master) and all the tags as well.

You’ll need to do this when migrating your upstream repository to a new “home”, like when switching services like GitHub.

As with most tools, there’s a lot of ways to accomplish that, but I’ll be focusing on two of them. The difference lays on whether you already have a working copy of that repository or not.

Mirroring a git repository without a local copy

If you haven’t cloned the repository before, you can mirror it to a new home by

This will get all the branches and tags that are available in the upstream repository and will replicate those into the new location.

Warning

Don’t use git push --mirror in repositories that weren’t cloned by --mirror as well. It’ll overwrite the remote repository with your local references (and your local branches). This is not what we want. Read the next section to discover what to do in these cases.

Also git clone --mirror is prefered over git clone --bare because the former also clones git notes and some other attributes.

Mirroring a git repository if you already have a local working copy

By working copy, we mean a “normal” repository, in which you have the files that are being tracked into git and where you perform commands like git add and so on.

In this case, you may have a lot of local branches and tags that you don’t want to copy to the new location. But you do have references to remote branches. You can view them with git branches -r. If you pay attention to that list, tough, you may notice that you have a lot of branches that were already deleted in the upstream repository. Why?

Cleaning old references to remote branches

By default, when you do a git fetch or git pull, git will not delete the references to branches that were deleted in the upstream repository (you may view them in your .git/refs/remotes dir). We need to clean those old references before mirroring them to a new location.

To do so, run

This will update your references to the origin repository and also clean the stale branches reported by git branch -r.

Finally, mirroring the repository to a new location

Now we’re ready to send those updated references back to the origin repository:

Ok, what just happened here?!

We want those references inside the .git/refs/remotes/origin to be the LOCAL references in the new location. The local references there will be stored in the refs/heads dir. Same thing happens to tags.

The + sign indicates that we want to overwrite any reference there may already exist.

--prune means we want to delete any reference that may exist there if we don’t have such reference in our refs/remotes/origin/* (and tags) references.

Good luck!

 

How to Enable the Slow Query Log in MySQL/MariaDB

mysql-logo-imageEnabling the Slow Query Log for MySQL or MariaDB can be a useful tool to diagnose performance and efficiency issues affecting your server such as MySQL high CPU load. By identifying queries that are particularly slow in their execution, you can address them by restructuring the application that triggers your queries. You can also rebuild the queries themselves to ensure that they are constructed as efficiently as possible. Continue reading

LetsEncrypt certificates automatic renewal in Azure Application Gateway

Letsencrypt-autorenewal-azure-app-gatewayI can bet almost any IT technician have heard of Letsencrypt certificates. They are completely free and fully supported by big corps such as Google, Facebook, Microsoft, and many others, to have a more secure and privacy-respecting Web. A lot of public websites are using those certificates. Of course, as for any free stuff, there are some limitations. For example how many certificates you can generate. Pay attention that Let’s Encrypt certificates are valid for 90 days. So setting up automatic renewal of Letsencrypt certificates is absolutely necessary.

When using an Azure Application Gateway, one of the things you need to do is to install the SSL certificate on the gateway to secure resources behind.

In this article I’ll show you how to set up Letsencrypt certificates automatic renewal in Azure Key Vault and Azure Application Gateway. Continue reading

Goautodial Logging in to your phone. Please wait

Goautodial-Logging-in-to-your-phone-Please-waitThe Gotodial was installed from ISO and agent had issue logging in. The login screen was hanging with the

Logging in to your phone. Please wait…

message.

At that moment I did not have Letsencrypt certificate on Gotodial installed so it operated with default, self-signed certificate.

In /var/log/messages there was the following: Continue reading

Goautodial Login to Dialer button doesnt work

After I set up Letsencrypt certificate in Goautodial box, pointed Apache and Kamalio to it (edited /etc/httpd/conf.d/ssl.conf and /etc/kamalio/tls.conf respectively), restarted the services with

I tried to log in to dialer but when I clicked Login to Dialer absolutely nothing happens. No error, the button doesnt work so an agent cannot login to dialer.
Continue reading

Letsencrypt Unable to find a virtual host listening on port 80

I installed Goautodial where access via HTTPS was configured “out-of-the-box” with self-signed certificate. HTTP access was configured through like default website in Apache without using VirtualHost directive.

I tried to get a certificate from Letsencrypt and got the following error:

Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80. Continue reading

Load more