Monday, May 21, 2012

StartSSL and Nginx

I recently got a signed SSL certificate for my personal web site for free from StartSSL. In order for most browsers to accept the site and not produce SSL warning messages, an intermediate CA certificate must be added. StartSSL has info for web server software, but not nginx.

I found a blog post that presented a very easy solution. Find the file that Nginx is serving from the "ssl_certificate" directive, and run the following commands on it (where "ssl.crt" is your certificate)
curl http://www.startssl.com/certs/sub.class1.server.ca.pem >>ssl.crt
curl http://www.startssl.com/certs/ca.pem >>ssl.crt

Restart Nginx, and you're ready to go!

Thursday, May 17, 2012

How To: PPTP VPN on Ubuntu 12.04 (pptpd)

I recently started renting a 128 MB RAM Xen VPS for $15/quarter with a promotional offer for nqhost.com as seen on http://www.lowendbox.com/blog/nqhost-15quarter-128mb-xen-vps-in-dallas/
Since nqhost.com offers unmetered bandwidth through a SoftLayer data center in Texas, I decided to set up a VPN server for my own use.

In this tutorial, I will be showing you how to set up pptpd (poptop) on Ubuntu 12.04 to provide PPTP VPN services.

The following instructions are inspired by http://eran.sandler.co.il/2010/08/30/pptp-vpn-on-ubuntu-10-04-for-your-iphone-ipad/


Install Software
sudo apt-get install pptpd ufw

Allow Ports 22 and 1723 on UFW and Enable UFW
Warning: if you are connected to SSH on a port other than 22, please adjust the first command accordingly so you don't get kicked off.

sudo ufw allow 22
sudo ufw allow 1723
sudo ufw enable


Edit /etc/ppp/pptpd-options
Comment out (by placing a "#" at the beginning of the line) the following lines in "/etc/ppp/pptpd-options":
  • refuse-pap
  • refuse-chap
  • refuse-mschap
If you don't want to require encryption, comment out "require-mppe-128" (might be good to disable it just for testing and re-enable it later)
Add the following:
ms-dns 208.67.222.222
ms-dns 208.67.220.220

*note, you can use any DNS servers you like, the two above are OpenDNS's public DNS servers.

Edit /etc/pptpd.conf
At the end of the file "/etc/pptpd.conf", add:
localip 10.99.99.99
remoteip 10.99.99.100-199


These values do not have to correspond to your network. It is best to pick un-accessible/unused addresses here if you only want to use the VPN for Internet access.

Edit /etc/ppp/chap-secrets
The format for "/etc/ppp/chap-secrets" is [Username] [Service] [Password] [Allowed IP Address]
Add something like this to the end (replacing sampleusername and samplepassword with whatever you want):
sampleusername pptpd samplepassword *

Reboot pptpd
Finally, you can reboot the pptpd server with:
sudo /etc/init.d/pptpd restart

Edit /etc/sysctl.conf
Un-comment the following line in "/etc/sysctl.conf":
net.ipv4.ip_forward=1

The following command reloads the configuration (you can also just reboot at the end of this guide):
sudo sysctl -p

Edit /etc/default/ufw
Edit "/etc/default/ufw" and change the option "DEFAULT_FORWARD_POLICY" from "DROP" to "ACCEPT"

Edit /etc/ufw/before.rules
Add the following either at the beginning of "/etc/ufw/before.rules" or just before the *filter rules (recommended):
# NAT table rules
*nat

:POSTROUTING ACCEPT [0:0]
# Allow forward traffic to eth0
-A POSTROUTING -s 10.99.99.0/24 -o eth0 -j MASQUERADE

# Process the NAT table rules
COMMIT


At this point, you can run "sudo ufw disable && sudo ufw enable" or just reboot to be safe. You should be able to connect now. It took me several tries before I could get it to work, and it looks like the "require-mppe-128" line was what gave me so much trouble. I ultimately enabled encryption, but not before I tested it without.

Friday, May 11, 2012

Swap Whitespaces/Underscores in Filenames

I have a folder where some of the files are name "like_this" and some are named "like this". I want to convert all the underscores in all the file names to spaces. Run this command in the directory where you want this to happen (you can swap the '_' and ' ' characters accordingly):

find . -depth|rename 's/\_/ /g'

Wednesday, May 9, 2012

Mirroring a Web Site Directory with wget

I recently decided that I wanted to copy some course web sites from my university's CS department for use during this summer when I'll be on an unreliable Internet connection. There's also httrack, but I couldn't get it to copy everything correctly.

Solution: wget

wget -mk -w 0.25 --no-parent http://example.com/sites/directory
  • -m mirror
  • -k convert links
  • --no-parent don't grab http://example.com, just stuff in the specified directory.
  • -w wait time (seconds) between page grabs (be nice, otherwise you might DoS their servers)
And viola, you have an offline copy of the site directory now!