rss.png profile for ebal on Stack Exchange, a network of free, community-driven Q&A sites
Mar
22
2016
Let’s Encrypt on Prosody & enable Forward secrecy

Below is my setup to enable Forward secrecy

Generate DH parameters:


# openssl dhparam -out /etc/pki/tls/dh-2048.pem 2048

and then configure your prosody with Let’s Encrypt certificates



VirtualHost "balaskas.gr"

  ssl = {
      key = "/etc/letsencrypt/live/balaskas.gr/privkey.pem";
      certificate = "/etc/letsencrypt/live/balaskas.gr/fullchain.pem";
      cafile = "/etc/pki/tls/certs/ca-bundle.crt";

      # enable strong encryption
      ciphers="EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4";
      dhparam = "/etc/pki/tls/dh-2048.pem";
    }

if you only want to accept TLS connection from clients and servers, change your settings to these:


c2s_require_encryption = true
s2s_secure_auth = true

Check your setup

XMPP Observatory

or check your certificates with openssl:


Server: # openssl s_client -connect balaskas.gr:5269  -starttls xmpp < /dev/null
Client: # openssl s_client -connect balaskas.gr:5222  -starttls xmpp < /dev/null
Mar
14
2016
Top Ten Linux Distributions and https

Top Ten Linux Distributions and https



A/A |  Distro    |          URL               | Verified by       | Begin      | End        | Key
01. | ArchLinux  | https://www.archlinux.org/ | Let's Encrypt     | 02/24/2016 | 05/24/2016 | 2048
02. | Linux Mint | https://linuxmint.com/     | COMODO CA Limited | 02/24/2016 | 02/24/2017 | 2048
03. | Debian     | https://www.debian.org/    | Gandi             | 12/11/2015 | 01/21/2017 | 3072
04. | Ubuntu     | http://www.ubuntu.com      | -                 | -          | -          | -
05. | openSUSE   | https://www.opensuse.org/  | DigiCert Inc      | 02/17/2015 | 04/23/2018 | 2048
06. | Fedora     | https://getfedora.org/     | DigiCert Inc      | 11/24/2014 | 11/28/2017 | 4096
07. | CentOS     | https://www.centos.org/    | DigiCert Inc      | 07/29/2014 | 08/02/2017 | 2048
08. | Manjaro    | https://manjaro.github.io/ | DigiCert Inc      | 01/20/2016 | 04/06/2017 | 2048
09. | Mageia     | https://www.mageia.org/    | Gandi             | 03/01/2016 | 02/07/2018 | 2048
10. | Kali       | https://www.kali.org/      | GeoTrust Inc      | 11/09/2014 | 11/12/2018 | 2048
Tag(s): https
Mar
12
2016
Baïkal - CalDAV & CardDAV server

Baïkal is a CalDAV and CardDAV server, based on sabre/dav,

To self hosted your own CalDAV & CardDAV server is one of the first step to better control your data and keep your data, actually, yours!So here comes Baikal which is really easy to setup. That easily you can also configure any device (mobile/tablet/laptop/desktop) to use your baikal instance and synchronize your calendar & contacts everywhere.

 

In this blog post are some personal notes on installing or upgrading baikal on your web server.

 

[ The latest version as this article was written is 0.4.1 ]

 

Change to your web directory (usually is something like: /var/www/html/) and download baikal:

Clean Install - Latest release 0.4.1
based on sabre/dav 3.1.2
You need at least PHP 5.5 but preferable use 5.6.


# wget -c https://github.com/fruux/Baikal/releases/download/0.4.1/baikal-0.4.1.zip
# yes | unzip baikal-0.4.1.zip

# chown -R apache:apache baikal/

That’s it !

 

Be Aware that there is a big difference between 0.2.7 and versions greater that 0.3.x.
And that is, that the URL has an extra part: html

from: https://baikal.example.com/admin
to : https://baikal.example.com/html/admin

If you already had installed baikal-0.2.7 and you want to upgrade to 0.4.x version and later, then you have to follow the below steps:



# wget -c http://baikal-server.com/get/baikal-flat-0.2.7.zip
# unzip baikal-flat-0.2.7.zip
# mv baikal-flat baikal

# wget -c https://github.com/fruux/Baikal/releases/download/0.4.1/baikal-0.4.1.zip
# yes | unzip baikal-0.4.1.zip

# touch baikal/Specific/ENABLE_INSTALL
# chown -R apache:apache baikal/

 

I prefer to create a new virtualhost every time I need to add a new functionality to my domain.

Be smart & use encryption !
Below is mine virtualhost as an example:



< VirtualHost *:443 >

    ServerName  baikal.example.com

    # SSL Support
    SSLEngine on

    SSLProtocol ALL -SSLv2 -SSLv3
    SSLHonorCipherOrder on
    SSLCipherSuite HIGH:!aNULL:!MD5

    SSLCertificateFile /etc/letsencrypt/live/baikal.example.com/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/baikal.example.com/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/baikal.example.com/chain.pem

    # Logs
    CustomLog logs/baikal.access.log combined
    ErrorLog  logs/baikal.error.log

    DocumentRoot /var/www/html/baikal/

    < Directory /var/www/html/baikal/ >
            Order allow,deny
            Allow from all
    < /Directory >

< /VirtualHost >

 

Next step is to open your browser and browse your baikal's location,


eg. https://baikal.example.com/html/

admin interface:


https://baikal.example.com/html/admin/

or

if you have an older version (0.2.7) on your system


eg. https://baikal.example.com

 

I use SQLite for personal use (makes easy backup process) but you can always choose MySQL .

Dashboard on 0.4.1

 

baikal_041d.jpg

 

Useful URIs are:

Principals:

 

baikal_041c.jpg

 

Plugins:

 

baikal_041b.jpg

 

Nodes:

 

baikal_041a.jpg

 

 

Here is a sceen-guide on latest versions:

 

baikal_01.jpg

 

baikal_02.jpg

 

baikal_03.jpg

 

baikal_04.jpg

 

 

Login to the admin dashboard and create your user through
Users and resources tab

and you are done with the baikal installation & configuration process.

Principals

Applications (caldav/carddav and task clients) can now be accessed by visiting principals URI:


https://baikal.example.com/html/card.php/principals

or via dav.php



https://baikal.example.com/html/dav.php

but If your client does not support the above holistic URI, then try the below for calendar & contacts:

CalDAV



https://baikal.example.com/html/cal.php/calendars/test/default

CardDAV



https://baikal.example.com/html/card.php/addressbooks/test/default

 

baikal_041d.jpg

 

On android devices, I use: DAVdroid

If you have a problem with your self-signed certificate,
try adding it to your device through the security settings.

 

davdroid_01.jpg

 
 

davdroid_03.jpg

 
Mar
06
2016
bottle.py and static files

I’ve started a new project with bottle.py and had some hiccups with static files and templates.

My project layout is (something) like that:



/

    app.wsgi
    bottle.py

    static/
        static/css
            static/css/bootstrap-theme.min.css
            static/css/bootstrap.min.css
        static/img
            static/img/logo.png
        static/js
            static/js/bootstrap.min.js
            static/js/npm.js
            static/js/tab.js
            static/js/jquery-1.12.1.min.js

    views/
        views/search.tpl
        views/index.tpl
        views/header.tpl
        views/footer.tpl

my app.wsgi is looking something like (dynamic routes & templates):



@bottle.route('/')
@bottle.route('/< action >/< name >')
def main(action='/',name=None):
    if ( action == '/' ) :
        return template("index", title=" some title ")
    else:
        return template(action, title=" some title ", name=name)

application = bottle.default_app()

I can translate every REST request to a new template and use AJAX inside the templates.

But what-about static files like stylesheets and javascripts ?

eg.



< script src="jquery-1.12.1.min.js"> < / script>
< img src="logo_hp.png" >

When working with dynamic routes (or any routes in bottle) unless you are using the main app.wsgi everything else will be translated to something like:


GET /search/jquery-1.12.1.min.js
GET /view/jquery-1.12.1.min.js
etc

If you noticed the layout then somehow we need to map all static files (css,js,images) to our static folder. We can map static files from "/" with the code below:



@bottle.get('< filename:re:.*.js >')
def static_js(filename):
    return static_file(filename, root='static/js')

@bottle.get(' < filename:re:.*.css > ')
def static_css(filename):
    return static_file(filename, root='static/css')

@bottle.get(' < filename:re:.*.png > ')
def static_img(filename):
    return static_file(filename, root='static/img')

Ok, that worked for the initial route (index page) but what about all the other templates & requests?

The solution was really (really) very very simply, even if it took me a couple hours to figure it out!!

I just needed to add a forward slash in front of every static file:



< script src="/jquery-1.12.1.min.js"> < / script>
< img src="/logo.png" >

and the GET request becomes:


"GET /jquery-1.12.1.min.js

and we can now route the static files to our static file directory.

Tag(s): bottle