How to Use SSL Certificate in LEMP Digital Droplet

(1) We need to create two Certificate to give to SSL Certificate Vendor ( Z.com / GMO-ACE )
———————————-
examplesite.csr
examplesite.key
———————————-

=================================
How do I generate a CSR Code
=================================

———————————————————

OS – Ubuntu 14.04
Digital Ocean Droplet with LEMP
———————————————————

cd /etc/ssl
mkdir /etc/ssl/websitessl
openssl req -new -newkey rsa:2048 -nodes -keyout domainname.key -out domainname.csr

rsa:2048
“`means you create a 2048bits csr. I recommend for more security to use “`rsa:4069“`
You also need to change “`domainname.key“`and “`domainname.csr“` into your own domain name
so you can verify the CSR file. After you filled in all the legit information ,
you can open the new file using a client for example WinSCP, copy it, and use it for your SSL.


 

(2) And then, we have to buy/generate our SSL certificate at SSL Vendor Site and we will get / SSL vendor will generate the certificate files .
———————————–
samplesite.PEM
samplesite.ICA
samplesite.PKCS7
———————————–

We have to copy generated .PEM files from SSL Certifiate Provider to our host ( Digital Ocean LEMP )
http://www.examplesite.com.PEM.
And then, we have to edit the virtual host setting file at
/etc/nginx/site-available/samplesite

===================================================
Using SSL Certificate at Nginx Virtual Host Setting
===================================================
you have to create tow server blocks for both HTTP and HTTPS request.
And then, redirect to every request to HTTPS.

server {
listen 80;
server_name example.com.mm http://www.example.com.mm;
return 301 https://www.example.com.mm$request_uri;
}

server {
listen 443 ssl;
ssl on;

root /var/www/registrations/public;
index index.php index.html index.htm;

# Make site accessible from http://localhost/
server_name example.com.mm http://www.example.com.mm;
# server_name localhost;

access_log /var/log/nginx/nginx.vhost.access.log;
error_log /var/log/nginx/nginx.vhost.error.log;

ssl_certificate /etc/ssl/websitessl/www.example.com.mm.PEM;
ssl_certificate_key /etc/ssl/websitessl/examplesite.key;
ssl_trusted_certificate /etc/ssl/websitessl/www.example.com.mm.ICA;

ssl_ciphers “HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:3DES”;
ssl_prefer_server_ciphers on;

# to disable SSL3 service – to prevent the POODLE Vulnerablitiy attack
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
# try_files $uri $uri/ =404;
try_files $uri $uri/ /index.php?$query_string;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}

# Only for nginx-naxsi used with nginx-naxsi-ui : process denied requests
#location /RequestDenied {
# proxy_pass http://127.0.0.1:8080;
#}

#error_page 404 /404.html;

# redirect server error pages to the static page /50x.html
#
#error_page 500 502 503 504 /50x.html;
#location = /50x.html {
# root /usr/share/nginx/html;
#}

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# # NOTE: You should have “cgi.fix_pathinfo = 0;” in php.ini
#
# # With php5-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php5-fpm:
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}

# deny access to .htaccess files, if Apache’s document root
# concurs with nginx’s one
#
location ~ /\.ht {
deny all;
}

client_max_body_size 10M;
}

—————————————————————————————

Advertisements

Increase the Max Upload File Size at Nginx in Ubuntu 14.04

================================
Adding client_max_body_size” at Virtual Host of Nginx
================================
under /etc/nginx/site-available/sample_site_setting
———————————————————————-
server {
listen 8082;
listen [::]:8082;

root /var/www/registrations/public;
index index.php index.html index.htm;

server_name 128.199.226.122;

location / {
try_files $uri $uri/ /index.php?$query_string;
}

location ~ \.php$ {
try_files $uri /index.php =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}

client_max_body_size 10M;
}

================================
Increase the Max Upload File Size at PHP configuration
================================
/etc/php5/cli/php.ini
———————————————————————
from
post_max_size = 8M
upload_max_filesize = 2M
to
post_max_size = 10M
upload_max_filesize = 10M
———————————————————————–

Creating Wifi Hotspot at Window OS

How to tell if your PC supports Hotspot 2.0

Hotspot 2.0 is relatively new, and it’s available on Windows 10 devices with compatible hardware.

You can quickly check to see if your device supports Hotspot 2.0, using the following steps:

  1. Open Start.
  2. Search for Command Prompt and click the result.
  3. Type the following command and press Enter:

    netsh wlan show wirelesscapabilities

If the command output shows that your PC supports ANQP Service Information Discovery, you can connect to Hotspot 2.0 networks.

=====================================================

Set Up Wi-Fi Hotspot Using the Command Prompt at Windows 10

This method does not require you to download any third-party application. You can easily set up a Wi-Fi hostspot using the built-in tools in Windows OS.

Step 1 – You need to open the command prompt with administrator privileges.

Step 2 – Now we will create the hotspot. Simply enter the following command and press the Enter key:

Now we will create the hotspot. Simply enter the following command and press the Enter key:

netsh wlan set hostednetwork mode=allow ssid=YourHotspotName key=YourPassword

The SSID is the name of the Wifi connection and can be changed to anything you want. The KEY is the password and can be changed, also but bear in mind that it has to be at least eight characters.

Step 3 – You need to start the following command to start the WiFi hotspot:

netsh wlan start hostednetwork

Your WiFi hotspot should be activated and usable. You can check its status in the network and sharing center of your control panel.

 

You can now connect your devices to the hotspot and use the same WiFi connection without using third-party tools.

You can turn off the hotspot when not in use with the following command:

netsh wlan stop hostednetwork

 

=====================================================

Installation and Configuration Guide for Orangescrum Community Edition ( Ubuntu 14.04 LAMP )

Ref : https://hostpresto.com/community/tutorials/communityarticleshow-to-setup-and-install-orangescrum-on-ubuntu-14-04/

Requirements

  • A Server running Ubuntu 14.04
  • A Static IP Address for your server

Install Mysql

By default the mysql package is available in the Ubuntu 14.04 repository.

So, you can easily install mysql using the following command:

sudo apt-get install mysql-server

After this, start mysql service and enable mysql to start on boot.

sudo /etc/init.d/mysql start sudo update-rc.d mysql defaults

Install Php and Apache

After installing mysql, you will need to install PHP and Apache.

sudo apt-get install libapache2-mod-php5 php5 php5-cli php5-common php5-gd php5-mcrypt php5-mysql apache2

After this, start Apache service and enable Apache to start on boot.

sudo /etc/init.d/apache2 start sudo update-rc.d apache2 defaults

Download Orangescrum and Upload it to Apache Web root

You can download Orangescrum open source version from url https://github.com/Orangescrum/orangescrum.

sudo wget https://github.com/Orangescrum/orangescrum/archive/master.zip

After downloading Orangescrum you will need to unzip master.zip.

sudo unzip master.zip

After this, You will find the orangescrum-master directory.

Now, move this directory with name orangescrumPM to your Apache web root directory.

sudo mv orangescrum-master /var/www/html/orangescrumPM

Give proper permissions to the orangescrumPM directory.

sudo chown -R www-data:www-data /var/www/html/orangescrumPM sudo chmod -R 777 /var/www/html/orangescrumPM

Configure Mysql

In order to log into MySQL to secure it, you’ll need the current password for the root user. If you’ve just installed MySQL, and you haven’t set the root password yet, the password will be blank.

sudo mysql_secure_installation

Answer all the questions shown as below:

Enter current password for root (enter for none): **currentrootpasswd**
Set root password? [Y/n]: **Press Enter**
New password: **rootsqlpasswd**
Re-enter new password: **rootsqlpasswd**
Remove anonymous users? [Y/n]: **Press Enter**
Disallow root login remotely? [Y/n]: **Press Enter**
Remove test database and access to it? [Y/n] : **Press Enter**
Reload privilege tables now? [Y/n] : **Press Enter**

All done! If you’ve completed all of the above steps, your MySQL installation should now be secure. Now, You need login to mysql, create database and user for Orangescrum.

sudo mysql -u root -p

Create the database with the name Orangescrum:

mysql> create database orangescrum;

Create the user with the name orangescrum:

mysql> create user orangescrum;

Grant all privileges while assigning the password, chose a secure password and replace my-secret-password with your own:

mysql> grant all on orangescrum.* to 'orangescrum'@'localhost' identified by 'my-secret-password';

Exit from the mysql shell:

mysql> exit

Now, You will need to import the database from database.sql file located in /var/www/html/orangescrumPM directory.

First, change into the orangescrum directory:

sudo cd /var/www/html/orangescrumPM/

Now import the sql file:

sudo mysql -u orangescrum -porangescrum < database.sql

Next, by default STRICT mode is On in Mysql. So you need to disable it.

You can do this by editing my.cnf file:

sudo nano /etc/mysql/my.cnf

Add the following line at the end of file:

sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES

Save and close the file, restart mysql to reflect changes.

sudo /etc/init.d/mysql restart

##Configure PHP

Now, You wiil need to change the ‘post_max_size’ and upload_max_filesize to 200M in php.ini.

You can do this by editing the php.ini file:

sudo nano /etc/php5/cli/php.ini

Change the post_max_size and upload_max_size as shown below:

post_max_size=200M
...
upload_max_filesize=200M

Save and close the file.

Configure Apache

The next step is to add orangescrumPM in the Apache default configuration file.

You can do this by editing apache2.conf file:

sudo nano /etc/apache2/apache2.conf

Add the following content:

``` language-bash

Options Indexes ExecCGI MultiViews FollowSymLinks AllowOverride All Order allow,deny Allow from all


When you are finished, it is recommended to check the configuration for syntax errors.

`sudo apachectl configtest`

You should see following output if Apache configuration syntax is correct:

Syntax OK


After the syntax check is done you need to enable Apache headers and rewrite module.

You can do this by running:

`sudo a2enmod rewrite` `sudo a2enmod headers`

Now, restart Apache to reflect the changes:

`sudo /etc/init.d/apache2 restart`

## Configure Orangescrum

Now you need to update the database connection details in `database.php` file.

You can do this by editing `database.php` file.

`sudo nano /var/www/html/orangescrumPM/app/Config/database.php`

Change the following lines, not forgetting to substitute in your password instead of 'my-secret-password':

    class DATABASE_CONFIG {

public $default = array( 'datasource' => 'Database/Mysql', 'persistent' => false,'host' => 'localhost', 'login' => 'orangescrum', 'password' => 'my-secret-password', 'database' => 'orangescrum', 'prefix' => '', 'encoding' => 'utf8', );}


Save and close the file when you are finished.

Next, you will need to provide an SMTP service for Orangescrum to send email from. In this example we use a Gmail account, but you can use any SMTP service such as Sendgrid or Mandrill.

Edit the Orangescrum `constants.php` file:

`sudo nano /var/www/html/orangescrumPM/app/Config/constants.php`

Change the following line:

    //Gmail SMTP
    define("SMTP_HOST", "ssl://smtp.gmail.com");
    define("SMTP_PORT", "465");
    define("SMTP_UNAME", "user@gmail.com");
    define("SMTP_PWORD", "**********");define('FROM_EMAIL_NOTIFY', 'user@gmail.com'); //(REQUIRED)
    define('SUPPORT_EMAIL', 'user@gmail.com'); //(REQUIRED) From Email
    define("DEV_EMAIL", 'user@gmail.com'); // Developer Email ID to report the application error

define('SUB_FOLDER', '/');

“`

FROM_EMAIL_NOTIFY : All the tasks created/updated notification emails will be sent from this email address.

SUPPORT_EMAIL : All other emails and support related emails will be sent from this email address.

Save and close the file, when you are finished.

##Testing Orangescrum

From a remote machine, open your Firefox browser and type url http://your-server-ip-address

You will be asked to provide your Company Name, Email address and a Password to login and start using Orangescrum.

After this, you can see the orangescrum welcome page.

Setting up Laravel with Nginx and phpmyadmin on Ubuntu 14.04

1) Install the Backend Components
1.1) sudo apt-get update
1.2) sudo apt-get upgrade
1.3) sudo apt-get install nginx php5-fpm php5-cli php5-mcrypt git
--------------------------------------------------------------------------------------------------------------------------
2) Modify the PHP Configuration
2.1) sudo nano /etc/php5/fpm/php.ini
2.2) cgi.fix_pathinfo=0 
2.3) sudo php5enmod mcrypt
2.4) sudo service php5-fpm restart
--------------------------------------------------------------------------------------------------------------------------
3) Configure Nginx and the Web Root
3.1) sudo mkdir -p /var/www/laravel
3.2) sudo nano /etc/nginx/sites-available/default


=======================================================
server {
    listen 80 default_server;
    listen [::]:80 default_server;

    #root /var/www/laravel/public;
    index index.php index.html index.htm;

    server_name server_domain_or_IP;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location ~ \.php$ {
        try_files $uri /index.php =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
}

=======================================================
3.3) sudo service nginx restart
3.4) if you want to setup virtual block
3.4.1) sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/example.com
3.4.2) sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/

sample for "/etc/nginx/site-availables/example.com
=======================================================
server {
    listen 8080 default_server;
    listen [::]:8080 default_server;

    #root /var/www/laravel_example_com/public;
    index index.php index.html index.htm;

    server_name server_domain_or_IP;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location ~ \.php$ {
        try_files $uri /index.php =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
}



======================================================== 

3.4.3) sudo nano /etc/nginx/nginx.conf 
3.4.4) server_names_hash_bucket_size 64; 
3.4.5) sudo service nginx restart 
-------------------------------------------------------------------------------------------------------------------------- 
4) Create Swap File (Optional) 
4.1) sudo fallocate -l 1G /swapfile 2) sudo mkswap /swapfile 3) sudo swapon /swapfile 

--------------------------------------------------------------------------------------------------------------------------
5) Install Composer and Laravel 5.1) cd ~ 
5.2) curl -sS https://getcomposer.org/installer | php 
5.3) sudo mv composer.phar /usr/local/bin/composer 
5.4) sudo composer create-project laravel/laravel /var/www/laravel 
5.5) sudo composer create-project laravel/laravel /var/www/laravel 4.2 
5.6) sudo chown -R :www-data /var/www/laravel 
5.7) sudo chmod -R 775 /var/www/laravel/app/storage 
5.8) http://server_domain_or_IP

--------------------------------------------------------------------------------------------------------------------------
4) Install phpmyadmin
4.1) sudo apt-get install phpmyadmin
4.2) che5.ck where is the site
cd /usr/share/nginx/html

4.3) sudo ln  -s /usr/share/phpmyadmin/ /usr/share/nginx/html
it will create a new link name “phpmyadmin” under /user/share/nginx/html
if you want to create custom phpmyadmin link, you can create by the following command
sudo ln  -s /usr/share/phpmyadmin_mycustom_name/ /usr/share/nginx/html
it will create a new link name “phpmyadmin_mycustom_name” under /user/share/nginx/html
And we can call it from browser by “http://ip_address/phpmyadmin; or “http://ip_address/phpmyadmin_mycustom_name;

4.3 ) sudo systemctl restart nginx

—————————————————————————————————————————————-

5) if there is “root /var/www/html” at /etc/nginx/sites-available/default, comment out it
eg ” # root /var/www/html ” and change server_name to
server_name localhost / ip_address;

—————————————————————————————————————————————

6) if “cgi.fix_pathinfo = 0” at /etc/php/7.0/fpm/php.ini, pls change back to original “cgi.fix_pathinfo = 1”
sudo systemctl restart nginx   OR sudo service nginx restart

 

7) If you used the new port for the virtual host, you have to allow that ports to access from globally ( outside )sudo ufw allow 8000/tcp

 

8) To Create a New User and Grant Permissions in MySQL

================================

Before we create and grant the permissions to the new user, we need to open the ( MySql port 3306 from firewall ).
To check firewall is active or inactive at unbuntu by the following command

ufw status

if reply ufw inactive, we need to open the ufw (firewall) by the following command

ufw enable

And then you can check which port are allow in our web server by the following command

ufw status
and it will reply all status.
If mysql is not allow, we need to allow it by the following command

ufw allow 3306/tcp

if port 3306 is not okay to access from the remote / other local pc, we need to change the mysql default por to ‘3360’ or as you wish.

to change the MySql port to ‘3360’,
go to the /etc/mysql
and edit the my.cnf

go to ‘[mysqld]’ part
chnage the default “bind_address” to “server_ip_address”
change the default “port” to “3360”

And then, restart the mysql service by the follwoing command
sudo service mysql restart

After it all, we need to check one thing
which ports are opening at our Web Server by the following

nmap localhost/ipaddress

========================================

login to mysql with root password
mysql -uroot -p
and then,

8.1) Let’s start by making a new user within the MySQL shell:

CREATE USER ‘newuser’@’localhost’ IDENTIFIED BY ‘password’;

8.2) provide the user with access to the information they will need

GRANT ALL PRIVILEGES ON * . * TO ‘newuser’@’localhost’;

8.3) Let’s start by making a new user within the MySQL shell:

CREATE USER ‘newuser’@’ip_address’ IDENTIFIED BY ‘password’;

8.4) provide the user with access to the information they will need

GRANT ALL PRIVILEGES ON * . * TO ‘newuser’@’ip_address’;

8.5) Reload all privileges

FLUSH PRIVILEGES;

 

Cheers