Create Own CA

SRC: http://www.debiantutorials.com/create-your-private-certificate-authority-ca/

Create your private certificate authority (CA)
AUGUST 29, 2008 BY ADMIN·3 COMMENTS
Creating a private CA can be useful if you have a lot of services encrypting data for internal use but don’t need the domain to be verified by a public CA like Verisign, Thawte etc. By importing the CA to all computers that will use these services users won’t get the a popup in IE and Firefox saying that the certificate is invalid.

1. Create a CA certificate

Create a private key for your CA:

openssl genrsa -des3 -out ca.key 4096

You will need to enter passphrase, this password will be used everytime you sign a certificate with this CA

Make sure unauthorized users don’t get access to your private key:

chmod 700 ca.key

Create the certificate, this will be shown as the top level certificate when you have signed other certificates so choose expiration day and the certificate contents carefully. All signed certificates will expirate if the top level certificate expires so you may want to choose a few years here

openssl req -new -x509 -days 3650 -key ca.key -out ca.crt

Here is a sample of input values:

Enter pass phrase for ca.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Debian Tutorials
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:Debian Tutorials CA
Email Address []:

Common name will be shown when users are displaying details about the certificate

2. Create a certificate request

Create a private key:

openssl genrsa -des3 -out secure.debiantutorials.net.key 4096

Replace secure.debiantutorials.net by your domain name

Create the certificate request

openssl req -new -key secure.debiantutorials.net.key -out secure.debiantutorials.net.csr

Make sure you put your domain name in the “Common Name” field

3. Sign the certificate with your CA certificate

You will need to provide the certificate request here and the CA key

openssl x509 -req -days 365 -in secure.debiantutorials.net.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out secure.debiantutorials.net.crt

4. Remove password from key (optional)

If using the certificate with Apache, Postfix or other services you may need to replace the password in your private key so that the service can start without user interaction

openssl rsa -in secure.debiantutorials.net.key -out secure.debiantutorials.net.key.insecure
mv secure.debiantutorials.net.key secure.debiantutorials.net.key.secure
mv secure.debiantutorials.net.key.insecure secure.debiantutorials.net.key

Set permissions on the keys

chmod 700 secure.debiantutorials.net.key
chmod 700 secure.debiantutorials.net.key.secure

Mysql Master-Master with many slaves replication

Sources:
https://www.packtpub.com/books/content/setting-mysql-replication-high-availability
https://www.packtpub.com/books/content/installing-and-managing-multi-master-replication-managermmm-mysql-high-availability
https://capttofu.livejournal.com/1752.html

Using Master<->Master replication is good backup solution, but is not good enough if we want to offload queries from master.

Thus we can create:
Master - Master
| |
Slave-Slave Slave-Slave

1. Setup both masters.
Tweak some options in my.cnf (on all masters!):
server-id = 1
log-slave-updates
log-bin = /var/log/mysql/bin.log
log-bin-index = /usr/local/mysql/var/log-bin.index
log-error = /usr/local/mysql/var/error.log
expire_logs_days = 10
max_binlog_size = 200M

WARNING: log-slave-updates is crucial!!! If not set slaves on second node won't get updated and vice versa if pushed from first master.

2. Add MySQL Users:
mysql> grant replication slave on . to 'replication'@'10.0.0.%' identified by 'pass';
Query OK, 0 rows affected (0.00 sec)

mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)

3. Dump all DBs from master. SCP dump on slave and import it. This way we will have 1:1 dbs on both nodes. Note that you may set password for debian-sys-maint user in /etc/mysql/debian.cnf

On master:
$> mysqldump --delete-master-logs --master-data --lock-all-tables --all-databases --hex-blob -u root -p > dumpall.sql
$> bzip2 dumpall.sql
$> scp dumpall.sql.bz2 root@slave:

NOTICE: --delete-master-logs clears all master logs BEFORE this dump. If you have other slaves syncin' or need earlier binlogs remove this option!

On slave:
$> bunzip2 dumpall.sql.bz2
$> mysql -uroot -p mysql < dumpall.sql

check BIN_LOG and POSITION:

$> grep BIN_LOG dumpall.sql

now login in mysql and change master to:

mysql> change master to master_host = '10.0.0.1', master_user='replication', master_password='pass', master_log_file='node1-binary.000001', master_log_pos=1;
mysql> start slave;

Check if 2nd Master slave is running. Check seconds behind. Should be 0 and Error_* too. Usually this means everything is OK.
mysql> show slave status\G
mysq> show master status;

Now do the same thing on 1st Master. Just use second master bin log and position.

mysql> change master to master_host = '10.0.0.2', master_user='replication', master_password='pass', master_log_file='node1-binary.000001', master_log_pos=1;
mysql> start slave;

Check if 1st Master slave is running. Check seconds behind. Should be 0 and Error_* too. Usually this means everything is OK.
mysql> show slave status\G

Now test create/insert/update/delete.
First on 1st master create table. Insert a record. Check on 2nd master if table is there and has record.
On second master insert second record. Check on 1st if there are 2 records.

4. Create Read-Only Slaves connected to the 1st master and on 2nd:

Simply do same setup as above. Dump DB. populate, then change master to BUT WATCH OUT for the binlog/position!

When done settiing up and slave status shows 0 TEST!

First create table on 1st master, insert 1 record.
Then Check on all slaves connected to 1st master.
After Check all slaves connected to 2nd master!
All MUST have table+record.
After that test to insert second row on 2nd slave.
Then Check on all slaves connected to 1st master.
After Check all slaves connected to 2nd master!


I think that's all!
Happy replicating.

jqGrid - update row and blink / highlight it

Ever wondered how to Update a row in jqGrid and make it blink so user see that it's updated?
Here's how I did it.
It's quite simple - extend the jqGrid and call the method after.
Color and time are set in side the method, but they can easily be passed as params.

After loading the jqGrid add this code:

$.jgrid.extend({
updateRowData: function (rowId, data){
var oGrid = $(this);
oGrid.setRowData(rowId,data);

var blinks = 5;
var delay = 500;
var blinkCnt = 0;
var changeColor='red';
var curr=false;
var rr=setInterval(function() {
var color;
if (curr===false) {
color=changeColor;
curr=color;
} else {
color='';
curr=false;
}
oGrid.setRowData(rowId,false,{background:color});
if (blinkCnt >= blinks*2) {
blinkCnt=0;
clearInterval(rr);
oGrid.setRowData(rowId,false,{background:''});
} else {
blinkCnt++;
}
}, delay);
}
});

then you simply call:

grid.updateRowData(41, { col1: 'do', col2: 'good' });

Where 41 is the row id and grid is my grid variable:
grid = $("#list");

Handle cookies without jQuery. jQuery.cookie without jQuery dependency.

I've just had to use cookie in a banner, but the owner of the site placed the jQuery include after my include.
That's why I got my jQuery predefined and my .cookie() method disappeared.
Here is why I simply added jQuery.extend implementation in jQuery.cookie moethod and assigned it to a separate var.
This is a simple solution to get your code working without jQuery if it only depends on .cookie method.


jQcookie = function(key, value, options) {
if (arguments.length > 1 && String(value) !== "[object Object]") {
extendObject = function extend() {
for (var i = 1; i < arguments.length; i++)
for (var key in arguments[i])
if (arguments[i].hasOwnProperty(key))
arguments[0][key] = arguments[i][key];
return arguments[0];
}
options = extendObject({}, options);
if (value === null || value === undefined) {
options.expires = -1;
}
if (typeof options.expires === 'number') {
var days = options.expires, t = options.expires = new Date();
t.setDate(t.getDate() + days);
}
value = String(value);
return (document.cookie = [encodeURIComponent(key), '=', options.raw ? value : encodeURIComponent(value), options.expires ? '; expires=' + options.expires.toUTCString() : '', options.path ? '; path=' + options.path : '', options.domain ? '; domain=' + options.domain : '', options.secure ? '; secure' : ''].join(''));
}
options = value || {};
var result, decode = options.raw ? function(s) {
return s;
} : decodeURIComponent;
return (result = new RegExp('(?:^|; )' + encodeURIComponent(key) + '=([^;]*)').exec(document.cookie)) ? decode(result[1]) : null;
};

Symfony2: 3d to 2d. Display tree navigation menu in a select dropdown in SonataAdmin

Keys: SonataAdmin, Gedmo Tree nested type, Select Dropdown, use EntityManager in configureFormFields Admin page

I've lost 2 days bumping my head on a simple task - I needed to display simple dropdown combo box that will display Nested Gedmo Tree in a Sonata Admin form.

I've installed and get working http://knpbundles.com/roomthirteen/Room13NavigationBundle - It's simple implementation of Gedmo\Tree type="nested" - exactly what I need for a simple menu navigation + it has ready Sonataadmin page to edit nodes.
The nice thing about this exact bundle is that it uses @Translatable, @Blameable, @Timestampable and this is all what I need - to be able to translate my menu, to see when and who updated the records.

After installing it I've noticed that 'path' is missing/empty event getting undefined notice.
I've dug around and found that I have to implement getpath() myself.
I did and created custom repository. I wasn't able to use childrenHierarchy directly in the Entity.


namespace Room13\NavigationBundle\Entity\Repository;
class NavigationNodeRepository extends \Gedmo\Tree\Entity\Repository\NestedTreeRepository{
function getFlatNodes($startNode = null, $options = null) {
if (is_null($options)) {
$options = array(
'decorate' => false,
'rootOpen' => '
    ',
    'rootClose' => '
',
'childOpen' => '
  • ',
    'childClose' => '
  • ',
    'nodeDecorator' => function($node) {
    return ''.$node['title'].'';
    }
    );
    }
    $htmlTree = $this->childrenHierarchy(
    $startNode, / starting from root nodes /
    false, / load all children, not only direct /
    $options
    );
    return $this->ToFlat($htmlTree, ' » ');
    }

    function ToFlat($node, $sep = ' > ', $path = '') {
    $els = array();
    foreach ($node as $id => $opts) {
    $els[$opts['id']] = $path . $opts['title'];
    if (isset($opts['__children']) && is_array($opts['__children']) && sizeof($opts['__children'])) {
    $r = $this->ToFlat($opts['__children'], $sep, ($path . $opts['title'] . $sep));
    foreach($r as $id => $title) {
    $els[$id] = $title;
    }
    }
    }
    return $els;
    }
    }


    After implementing it I've had to find a way so I can display result of this for root node in a flat select box in SonataAdminPage so user can select from a dropdown where the content should show.
    Well.. it turned out that entity type is impossible to be used because it can't call the method from CustomRepo, just the native Entity methods.
    I ended up using simple 'select' type like this:


    $em = $this->modelManager->getEntityManager('Room13NavigationBundle:NavigationNode');
    $tree = $em->getRepository('Room13NavigationBundle:NavigationNode')->getFlatNodes();
    $formMapper
    ->add('name')
    ->add('menu', 'choice', array(
    'label' => 'Place in menu',
    'empty_value' => 'Select menu',
    'choices' => $tree,
    )
    )
    ......
    ;

    DomPDF with UNICODE UTF-8 Support! At last!

    A colleague of mine spent some time and was able to make DomPDF library to run with almost ALL UTF-8 alphabets displayed.
    Until now I was using TCPDF. It supports UTF-8 from a lot of time, but has crappy way of generating documents - VERY simple HTML support and A LOT of calls to internal methods so you can documents looks like the HTML page.

    As far he explained to me the problem was generating proper fonts.

    DomPDF with UTF-8 Support

    UPDATE: Because DomPDF is "the memory MONSTER" (30pages table eat up about 1.5Gigs! GEE!!!) we are now using wkhtmltopdf. It's AMAZINGLY fast and keeps the memory footprint low (same page that took about 2-3min and 1.5Gigs ram for dompdf wkthml uses about 100-200mb and 20-40sec.)
    The funny thing is that it's webkit based and renders PERFECTLY everything on each page I've tested with.
    It's simply SWEET!

    Roundcube with plugins support!!! WOW! Writing a plugin - display custom template has bogus docs.

    Today I've noticed Roundcube has released a new version that finally has plugins support!
    Grrrreaaat!

    As expected in there is a change password plugin (with drivers supports) and some other that are pretty cool!
    A list of plugins here: http://trac.roundcube.net/wiki/Plugin_Repository

    Of course I've had some custom patching for my hosting users and now it's not working.
    I've configured my change password plugin (which was the main showstopper for not upgrating to new roundcube) and the the little tiny hack for domain notification left.
    I've decided to write a plugin that will do the job for me, so I can easily upgade after that.

    Writing plugin isn't that hard at all. Here you can read more:
    http://trac.roundcube.net/wiki/Doc_Plugins

    also you can read plugins directory for more.

    While creating my plugin I hit a problem and I've lost about 40 minutes searching for description and resolution.
    The Resolutions was 5mins reading the class for temapltes but I thought I was wrong - no this is a mis-explanation in docs.
    When you want to create a custom template you mkdir skins/default/templates and create/copy-modify html in it (I've copied login.html template).
    Well all was fine while I've tried to show it.
    Documentation is wrong.
    When you call:

    $rcmail->output->send('mytemplate');

    you must actually call:

    $rcmail->output->send('myplugin.mytemplate');
    so the tpl class can understand this is a plugin and show your template and not search for default tpl.

    Hope that helps someone.
    Going to change/report this in docs now.
    Oh. Symptoms are:

    [12.Nov.2009 17:57:27 +0200]: PHP Error: Error loading template for logininfo in /var/www/roundcube/program/include/rcube_template.php on line 372 (GET /)

    in your error log.

    Dojo: breaking in IE*

    If your dojo based website breaks in IE browsers and not in others, with strange errors in dojo.js then you have to check VERY CAREFULLY for unclosed tags.

    I've had this problem - didn't closed one (only one!) div inside a HTML markup node that used dojoType and viola - dojo threw a "NICE" js error in IE (you know how js is debuged in IE don't ya?) :-)


    So be very very careful when closing tags and using IE+dojo :-)

    IE8 and Opera 10 absolute positioning problems

    IE8 and Opera 10 differs to ALL other browsers (FF3, Safari, Chrome, IE6, IE7) in positionin an absolute element inside a div.
    If you have something like this:

    
    ....
    
    If you don't put the right: 0px the element won't keep it's original position an will go to the left side of the div becase IE8 and Opera will put default left: 0px if nothing set.
    All other browsers will keep a's original position (no left: 0px;)
    hope that help to someone.
    Keywords: IE8 Opera absolute positioning problem

    Fun with JavaScript... I don't recommend this in your code! :-)

    Facebook, FB.Connect - write nice js code and reuse code call...

    I'm writing a poc code that calls some FB.Connect methods.
    As a quick and nasty code reuse I've come up with this code:

    A method that inits and makes the actual code:
    function fbCall(code) {
        FB_RequireFeatures(["XFBML"], function(){
            FB.Facebook.init('ApiKey', '/xd_receiver.htm', null);
            FB.ensureInit(function () {
                eval(code);
            });
        });
    }
    
    so far so good - it all seems ok.
    Here comes the tricky part. I wanted to be able to call multiline variable with comments in it - a normal js code but encapsulated in somethind...
    If you don't know in JS you can't have multiline variable, and if you have something like:
        var mycall = 'FB.Connect.showFeedDialog(
    \'249955020144'\, 
    //here we put some data...
    comment_data, '', "Awesome", null, 
    FB.RequireConnect.promptConnect, function(){alert("Callback");}, fortune, user_message);';
    
    you'll get error while parsing because of the new lines.
    If you replace the new lines with ' ' you'll get the whole code after a comment - commented exept you don't use / /

    The solution is this:
    function fbCall(code) {
        FB_RequireFeatures(["XFBML"], function(){
            FB.Facebook.init('ApiKey', '/xd_receiver.htm', null);
            FB.ensureInit(function () {
                code();
            });
        });
    }
    function askPerms() {
        var c = function() {
            "FB.Connect.showPermissionDialog('perms');";
        }
        fbCall(c);
    }
    
    Notice the difference between two fbCall functions - the second one calls code as a function - it do not evals it.
    This way you can write up your code inside the c 'function' variable and call it after that.
    It's a bit tricky while you get it how it works but the code looks more readable after that.

    Serendipity and dpSyntaxHighlighter plugin with bash support.

    I wanted a syntax highlighter for the previous post.
    I've installed dpsyntaxhighlighter from serendipity plugins list. I wanted a JS code highlighter - not a php one (like GeSHi), so I've chosen this one. (it uses google syntaxhighlighter)
    I've noticed that this nice lib don't have a bash syntax support which I needed now.
    In the wiki of the project I've found this link to a script a guy wrote for bash syntax.
    Great!
    I've placed the js file in ROOT/plugins/serendipity_event_dpsyntaxhighlighter/dp.SyntaxHighlighter/Scripts/ and expected it to work.
    No, it didn't.

    It turned out that you have to add each language highliter js script file in ROOT/serendipity_event_dpsyntaxhighlighter.php

    Around:
    switch($event)
                    case 'frontend_header':
                        echo '    <link rel="stylesheet" type="text/css" href="' . $pluginDir.  '/SyntaxHighlighter.css" />' . "\n";
                        return true;
                        break;
                    case 'frontend_footer':
    


    there is a list with all js files.
    Simply add the new language (on both frontend_footer and backend_preview cases) and there you go!

    How to highlight your text?
    It is used very simple.
    You add code like this in your post:
    
        ... some code here ...
    

    and you have nice formatted code.
    More usage tips here.

    That's all folks.
    Hope that helps you.

    Test your sites with more than one browser or what web developers use for testing their websites...

    In my daily work, I need to test sites I work on with a lot of browsers.


    Another common problem is testing a website as a different users - anon users, registered users, admins etc.


    This is the list of browsers I use in Linux and Windows.



    in my Linux (Debian stable or Ubuntu depends on which machine):



    1. Firefox (www.getfirefox.com) - my favorite! I use it on hourly basis :-). It's a lot of features, plugins and of course something that's a must for a web dev - firebug.

    2. Opera (www.opera.com) - my second choice - Awesome browser!!! Feature rich, perfect for casual user. It has integrated mail client, torrent client. Also has a developer toolbar, but It was hard for me to get used with.

    3. Galeon (galeon.sourceforge.net)- advanced gnome web browser. uses gecko engine. pretty thin and quick.

    4. Epiphany (projects.gnome.org/epiphany) - the default gnome web browser. Light, solid, gecko based, won't eat up your memory as firefox does. :-) Of course it misses some features.

    5. Konqueror (www.konqueror.org) - Default KDE3 web (and file) browser (as all KDE apps - qt based). If you have KDE (and all qt as dependent) libs installed, you can use/install it, otherwise - no point installing so much bloat for nothing. This one uses khtml engine but I've faced a lot of
      annoying problems while using it. It was removed from kde4 [maybe I'm wrong?but it's not default filebrowser anymore? correct me if I'm wrong].


    in Windows (XP Pro, yes I have a license coming with my laptop):



    1. Firefox

    2. Opera

    3. Chrome - very light. very fast. uses khtml engine for html/css representation. pretty cool, but not for me. I prefer opera if want a light experience. :-)

    4. Safari - apple browser, but for windows. Uses khtml engine. I don't like it very much, but it's pretty slick (as all mac programs). Used only for testing :-)

    5. Internet explorer7 (and 6, 8 in different VirtualBox machines. DUMB MicroS!!! They don't provide descent way of installing all three on one windows!!!) - maybe I shall keep silence :-) the link below describes it better.



    more funny reading: If browsers were women.


    I hope this article is helpfull. Please share your experience with me.


    Thanks!