How do I setup SSL for DigitalOcean droplet running OpenLiteSpeed NodeJS? Is there any command that I can run to make this possible? Thanks
Auto setup:
An interactive script that runs will first prompt you for your domain or subdomain.
You can press CTRL+C and continue to SSH. The prompt will open again the next time you log in, and will continue to do so until you finish the whole setup.
Please input a valid domain:
Please verify it is correct. [y/N]
Enter the root domain only, then the system will add both the root domain and the www domain for you.
You can also automatically apply Let's Encrypt SSL if your domain is pointed to this server already. Enter y and your email address to finish the process.
Do you wish to issue a Let's encrypt certificate for this domain? [y/N]
Please enter your E-mail:
Please verify it is correct: [y/N]
Once finished, you should see Certificate has been successfully installed...
Do you wish to force the HTTPS rewrite rule for this domain? [y/N]
Once finished, force HTTPS rules will be applied
Do you wish to update the system which includes the webserver? [Y/n]
This script will automatically go away after your domain has been added.
Manually setup:
Navigate to OpenLiteSpeed Web Server WebAdmin > Listeners, and add Your Domain to HTTP/HTTPS.
Once the DNS records are set up, you can generate the SSL certificate. Be sure to substitute the correct domain name in the following command:
certbot certonly --webroot -w /var/www/html/ -d example.com -d www.example.com
Navigate to OpenLiteSpeed Web Server WebAdmin > Listeners > SSL, and edit the following three items:
Private Key File = /etc/letsencrypt/live/example.com/privkey.pem
Certificate File = /etc/letsencrypt/live/example.com/fullchain.pem
Chained Certificate = Yes
Save and perform a Graceful Restart.
Refer https://docs.litespeedtech.com/cloud/images/nodejs/#optional-setup
Related
I have a nodejs/express api on a AWS EC2 server with a ssl certificate that is generated with Let's encrypt every 3 months.
Auto renewal isn't on and we let it exipre before trying to renew but after renewing it we are getting an error saying:
Unable to verify the first certificate
or
UNABLE_TO_VERIFY_LEAF_SIGNATURE
depending on what we are testing with.
We are using Certbot for renewing with the following command (and not $ certbot renew) :
$ sudo certbot certonly --dns-route53 -d *.example.com -d example.com --server https://acme-v02.api.letsencrypt.org/directory
Certificates are generated as expected with an expiration date 3 months from now.
Any ideas on what's going on ? I've tried most of the things I could find on SO and elsewhere but nothing worked.
P.S. Servers and I don't go along very well :/ (I do mobile app dev) so assume that I don't know anything when replying :D
Solution was quite easy, just needed to use the fullchain.pem file (and reboot your server if applicable).
Sidenote:
If someone on your team tells you that they've tested a solution and that it didn't work, don't just blindly trust them but test it yourself if all other possible solutions didn't work...(have lost 1+ day because someone thought they did test with the fullchain.pem (or did it wrongly)
i'd like to deny access to example.com/phpmyadmin or secure it with a password-prompt using .htaccess and .htpasswd.
Is that possible? If so,how can i achieve that?
I don't need to access phpmyadmin over the web.
I'm running an openlitespeed wordpress droplet on DigitalOcean.
Thanks for any help!
Cheers,
Dan
Follow this guide
If you don't need to visit it from browser at all:
Just remove phpmyadmin from the WebAdmin > Virtual Hosts >
Context.
If you want to set password to protect it, follow Method 2 from the guide:
Log into SSH console and create a password file:
touch /usr/local/lsws/conf/PASS
chown lsadm:lsadm /usr/local/lsws/conf/PASS
Navigate to WebAdmin > Security
Set Realm Name = example, and User DB Location = /usr/local/lsws/conf/PASS
Click /usr/local/lsws/conf/PASS to create a user/password
Navigate to WebAdmin > Virtual Hosts > Context > phpmyadmin
Set Realm to example
Best
I do as toran proxy document step by step, but i occur a problem
I have configure toran_host and toran_prot in parameters.yml, but generated package josn remain using the the domain
example.org
Package.json
I try to find issue source, but the application is too complex for me.
this is my parameters.yml:
parameters:
# this secret should be changed to something unique and random if possible
secret: ThisTokenIsNotSoSecret-Change-It
# http or https depending on your hosting setup
toran_scheme: http
# in case you use non-standard ports you can update them here
toran_http_port: 91
toran_https_port: 443
# the hostname toran is hosted at
toran_host: 121.199.35.34:91
# e.g. /foo if toran is hosted in a sub-directory, or leave it empty if it is on its own domain, no trailing slash!
toran_base_url:
but have you tried clearing the cache? Delete
everything in ·app/cache/· and try again, because the parameters need to
be set correctly before the cache is created otherwise it is not rebuilt.
this answer come from Jordi's email to me, he is a author of toran, thank for nice and hard work .
You have to modify your config file at app/config/parameters.yml:
# the hostname toran is hosted at
toran_host: example.org
Then delete the production cache at app/cache/prod, and finally run the cron job again php bin/cron -v
For further instructions follow official installation documentation here: https://toranproxy.com/download
I am trying to get my hands with puppet. I boot up 2 VM both running on linuxmint 17. I intended one as puppetmaster and one as puppetclient. I am follow this guide https://help.ubuntu.com/12.04/serverguide/puppet.html
in /etc/hostname
in /etc/hosts
master:
127.0.0.1 localhost /// no chance
127.0.1.1 puppetmaster //
192.168.75.141 puppetclient //this client's ip address after nm-tool search.
client:
127.0.0.1 localhost
127.0.1.1 puppetclient
192.168.75.142 puppetmaster // this is the master's ip address
In both client and master I created a file in etc/puppet/manifests/site.pp
package {
'apache2':
ensure => installed
}
service {
'apache2':
ensure => true,
enable => true,
require => Package['apache2']
}
In master I created a file in /etc/puppet/manifests/nodes.pp
node 'meercat02.example.com' {
include apache2
}
In client I create a file /etc/default/puppet and put START=yes.
Here's what I think there's a problem. In the guide, the file should already exist but in my case I have to create it.
So then I followed everything in the guide to sign the client certificate. I typed in sudo puppetca --sign puppetclient in puppetmaster's terminal . That didn't work and I found the solution in another post. https://serverfault.com/questions/457349/installed-puppetmaster-but-why-do-i-get-puppetca-command-not-found. So after reading the post I typed sudo puppet cert list --sign 'puppetclient'. Then it gives me this
Notice: Signed certificate request for ca
Error: Could not find certificates request for list
After the first five pages of google search I end up here asking for help. =) Anyone can help me resolve this issue? Thanks.
You cannot sign a certificate before there is a certificate request.
You have to establish the agent/master communication first.
Find out the certificate name of your master
puppet master --configprint certname
On the agent node, make sure that name resolves to the master's IP address (you currently used puppetmaster for this, which might suffice).
Send the initial request to the master
Do this on the agent node.
puppet agent --test --master=<name you just registered>
The agent generates a CSR, and prints a message that it could not receive a certificate.
Sign the certificate
On the master:
puppet cert list
Locate the CSR of your agent, then
puppet cert sign <agent>
The next puppet agent --test call will receive the certificate.
Try this
puppet agent --test master="name you just register"
its work for me.
I am new to SSH and Linux and I hope someone can help. I am working on a site with a dedicated server (VPS) and I am also working with WordPress. I used SSH to log into the site's files with Cyberduck (I've also used FileZilla successfully) and install WordPress on the server.
The problem I'm having now is that I can't edit or add any plugins or files on WordPress because WordPress doesn't have access to the site's FTP which is standard. It asks for credentials and when I attempt to enter them into the WordPress dashboard, it doesn't work. There is an option for FTP and there is an option for FTPS (SSL). I know these are different than SSH but I tried the SSH credentials anyway and obviously they didn't work.
I then logged into the SSH through Mac Terminal and did the instructions here:
1. Login as root through SSH.
2. Next add the user account you want using the 'useradd' command
useradd <username>
3. Now create a special group for that user.
groupadd <groupname>
4. Now to add the user to the group
gpasswd -a <username> <groupname>
5. Change the group ownership of the special directory to that group.
chgrp -R groupname
/path/to/your/web/directory
6. Enable write permissions
chmod -R g+rw
/path/to/your/web/directory
And it worked. I was able to add a new user (and I could confirm this by looking at the /etc/passwd file). I then logged out and tried to log in with Cyberduck using the new credentials and setting it to FTP (instead of SSH) and it didn't work. It did however work to log in with SSH with the new user credentials. So it seems I can successfully add a new SSH user but not a new FTP user.
I need the user to be FTP so I can hook WordPress up and begin editing. How do I specific the user to be FTP as opposed to SSH? Thanks for any help!
I've found an answer to my question and figured I'd document here for anyone else who runs across this issue. It's surprisingly easy.
Just go to this link and download the plug-in:
http://wordpress.org/plugins/ssh-sftp-updater-support/
You obviously have to upload this straight into your WordPress directory in the SFTP (/wp-content/plugins) in order for it to work correctly since it won't work from within the WordPress dashboard.
Once those files are there, when WordPress prompts you to login to your 'FTP' it will have an option for SSH which you can select and log-in. Voila!