Certbot renewal script

By now you know that your website needs to run over HTTPS. One of the easiest and cheapest ways to do this is by using
https://certbot.eff.org/ which in turn deploys https://letsencrypt.org/ certificates.

Once you have it installed, you’ll want to install a crontab entry that will run the updates 2x per day:

23 3,15 * * * /usr/local/sbin/certbot-renew.sh
#!/bin/sh
#
# Save this file as /usr/local/sbin/certbot-renew.sh
#
UPDATE_FLAG_FILE=/var/lib/letsencrypt/updated

rm -f $UPDATE_FLAG_FILE
/usr/local/bin/certbot-auto renew --post-hook "touch $UPDATE_FLAG_FILE"

if [ $? -gt 0 ]; then
  exit $?
fi

if [ ! -f $UPDATE_FLAG_FILE ]; then
  exit 0
fi


service apache2 status

if [ $? -eq 0 ]; then
  service apache2 reload
  if [ $? -gt 0 ]; then
    >&2 echo failed to reload apache2
    exit 1
  fi
fi

Adding django via pipenv

Pip environments with python and django have evolved over the years, but once constant has remained: virtual environments to run the code and packages in. The latest consensus is to use pipenv to keep things separated. Let’s see how.

First, I’ll assume that you already have python 3.7 installed. If you need help, check out this other post I wrote: https://markcerv.com/2019/03/adding-python-3-7-to-ubuntu-18-x/

Next:

sudo apt install python-pip
sudo pip install pipenv

pipenv --python 3.7 install django

In order to use pipenv, you will need to cd to the directory where you want to put your code, and then:

cd  somename
pipenv --python 3.7 install django django-cors-headers \
         djangorestframework pytz
# a bunch of things will happen, including that a virtualenv
# will get get created like:
# ~/.local/share/virtualenvs/somename-oYSXMPkF

# to actually fire up the environment
pipenv shell

Next, you’ll need to setup a minimum of files to get django going. :

django-admin startproject test2

cd test2

python manage.py migrate     #will setup the needed database stuff
python manage.py createsuperuser    # lets you make a u/p for login

./manage.py  runserver  0.0.0.0:8000

You can now jump over to a browser, and visit http://127.0.0.1:8000/admin/ and sign in to your app. It’s pretty boring right now, but you can fix that.

Adding python 3.7 to ubuntu 18.x

If you quickly want to get the latest version of Python installed on Ubuntu and get future updates automatically, then you can install it from the below third-party PPA repository…

To do that, run the commands below to add the PPA.

First install Ubuntu software properties package if it’s not already installed on your system..

sudo apt update
sudo apt install software-properties-common

After that run the commands to add the PPA..

 sudo add-apt-repository ppa:deadsnakes/ppa 

Finally, run the commands below to install Python 3.7

sudo apt update
sudo apt install python3.7

That’s it!


Brother HL3140CW Printer – Reset ‘out of toner’ message

How to reset the fake “out of toner message” and instantly make the printer work again:

1. Open the top lid of the printer and leave it open.
2. Press and hold the “Secure” and “X Cancel” buttons at the same time.
3. Use the arrow keys to select the cartridge model you would like to reset and press “OK”.
4. Press the UP arrow to reset the cartridge.

Once reset is selected you will see “ACCEPTED” on the screen.

Reset them all by scrolling through the various colors on the menu.

5. Close the top lid. It will make a bunch of noise for a minute or so, then it will print like new again.

Now the printer thinks you installed brand new toner cartridges, and you will get double or more the amount of printed pages from the same old “out” toner. When you notice the quality of the printouts degrading, THEN its time to replace the toner. Not before. While you are waiting for your new toner to arrive, take the old one out and shake it- prints will look new again for a short period of time. Buy toner when you are out, not when the machine tries to tell you what to do.

Moving over VirtualBox/Vagrant the easy way

There is a right way to move/copy over a VirtualBox to a new computer/colleague/etc.

Step 1 – Package up the old box

Run a command prompt and switch into the directory that contains the Vagrant box that you want to copy.

NOTE: Make sure that the box has been properly shutdown/powered off from VirtualBox manager.

vagrant  package  --output  project_20XX_XX_xx.box

==> default: Exporting VM...
   (about 10 minutes passed)
==> default: Compressing package to: c:/home/project_20XX_XX_xx.box
   (about 7 more minutes passed)
   (then complete.  Back to c:\

On my ThinkPad X1 Carbon with Intel I7-6600 CPU @2.7 GHz and 16GB ram, it took xyz minutes to create a xxx GB .box file.

Step 2 – Copy the .box file

Next, copy over the c:/home/project_20XX_XX_xx.box to the computer/directory you want it in. You might need

 vagrant  box  add  project  project_20XX_XX_xx.box
==> box: Box file was not detected as metadata. Adding it directly...
==> box: Adding box 'project' (v0) for provider:
    box: Unpacking necessary files from: file://c:/home/project_20XX_XX_xx.box
    box: Progress: 100% (Rate: 104M/s, Estimated time remaining: --:--:--)
==> box: Successfully added box 'project' (v0) for 'virtualbox'!

Next, fire it up

vagrant  init   project
A `Vagrantfile` has been placed in this directory. You are now
ready to `vagrant up` your first virtual environment! Please read
the comments in the Vagrantfile as well as documentation on
`vagrantup.com` for more information on using Vagrant.


vagrant  up
Bringing machine 'default' up with 'virtualbox' provider...
==> default: Importing base box 'jbv2'...
Progress: 90%
==> default: Machine booted and ready!

SSH in and you are good to go.

Moving over VirtualBox/Vagrant the hard way

There is a right way to move/copy over a VirtualBox to a new computer/colleague/etc.

And then there is the hard way.  What is the hard way?  The hard way is when you need to manually copy over .vbx and .box files and edit .xml files. 

Step 1 – Copy files over from the old drive.

Copy over the directory that contains the .vagrant folder. The way I have my environment it’s “c:\home\blah”.  I do by having 2 windows explorer windows open, and dragging and right-clicking on the destination folder, then clicking “Copy here” or “TerraCopy here.”

Take note of the value of c:\home\blah\.vagrant\machines\default\virtualboxes\id

067c8f42-0e93-4825-a02a-8ecf3a6586d3

Next, copy over the c:\Users\YOURNAME\VirtualBox VMs\xxx folder that corresponds/correlates to your Vagrant box.

Then, double click on the .vbox file in the directory you just copied over. This should automatically import it into VirtualBox.

Finally, open up c:\Users\YOURNAME\.VirtualBox\VirtualBox.xml and check that the uuid matches.

      <MachineEntry uuid="{aaaaaaa-bbbb-cccc-dddd-eeeeeeeeee}" src="C:/Users/YOURNAME/VirtualBox VMs/xxx/xxx.vbox"/>
    </MachineRegistry

Fire up your cmd prompt, switch to the c:\home\xxx\ directory and

vagrant up

Celebrate!

Limiting Access with SFTP Jails on Debian and Ubuntu

(taken from: Linode guide to Limiting Access with SFTP Jails on Debian and Ubuntu

As the system administrator for your Linode, you may want to give your users the ability to securely upload files to your server. The most common way to do this is to allow file transfers via Secure File Transfer Protocol (SFTP), which uses SSH to provide encryption. This requires that you give your users SSH logins. However, by default SSH users are able to view your Linode’s entire filesystem, which may not be desirable.

Limiting Access with SFTP Jails on Debian and Ubuntu

This guide will help you configure OpenSSH to restrict users to their home directories, and to SFTP access only. Please note that these instructions are not intended to support shell logins; any user accounts modified in accordance with this guide will have the ability to transfer files, but not the ability to log into a remote shell session.

These instructions will work for Ubuntu 9.04, Debian 5, and later. Unfortunately, the version of SSH packaged with Ubuntu 8.04 is too old to support this configuration.

Configure OpenSSH

  1. Edit your /etc/ssh/sshd_config file with your favorite text editor:

    vim /etc/ssh/sshd_config
    
  2. Add or modify the Subsystem sftp line to look like the following:

    /etc/ssh/sshd_config
    1
    
    Subsystem sftp internal-sftp
  3. Add this block of settings to the end of the file:

    /etc/ssh/sshd_config
    1
    2
    3
    4
    5
    
    Match Group filetransfer
        ChrootDirectory %h
        X11Forwarding no
        AllowTcpForwarding no
        ForceCommand internal-sftp

    Save the changes to your file.

  4. Restart OpenSSH:

    service ssh restart
    

    OpenSSH has been successfully modified.

Modify User Accounts

This section will set up the correct groups, ownership, and permissions for your user accounts.

  1. Create a system group for users whom you want to restrict to SFTP access:

    addgroup --system filetransfer
    
  2. Modify the user accounts that you wish to restrict to SFTP. Issue the following commands for each account, substituting the appropriate username. Please keep in mind that this will prevent these users from being able to log into a remote shell session.

    usermod -G filetransfer username
    chown root:root /home/username
    chmod 755 /home/username
    

    These users will now be unable to create files in their home directories, since these directories are owned by the root user.

  3. Next, you need to create new directories for each user, to which they will have full access. Issue the following commands for each user, changing the directories created to suit your needs:

    cd /home/username
    mkdir docs public_html
    chown username:filetransfer *
    

    Your users should now be able to log into their accounts via SFTP and transfer files to and from their assigned subdirectories, but they shouldn’t be able to see the rest of your Linode’s filesystem.

Use SFTP

  1. Use sftp from the terminal:

    sftp username@<Your_Linodes_IP>
    

    You can use the help command to see what commands you have access too within the SFTP shell. You have the ability to pwd, cd and ls, for instance. There are also commands like lpwd, that will print the local working directory. In the local home directory type touch test.txt

  2. Transfer local files to the remote system:

    cd docs
    put test.txt
    
  3. Transfer files to the local system from the remote system:

    get test.txt
    
  4. You can test the file permissions by navigating to a different directory within the SFTP shell, and trying to transfer a file.

    sftp> put test.txt /tmp/
    Uploading test.txt to /tmp/
    remote open("/tmp/"): Failure
    
  5. Exit the session with the exit command.

Ubuntu package management shortcuts from command line

Here are some of the more frequently used commands that I find useful.

To search for a particular package by name or description:
From the command-line, use:


apt-cache search keyword

The apt tool on Ubuntu 14.04 and above makes this very easy.


apt list --installed

Check available version of a package in Ubuntu repositories from command line:

apt-cache policy

You may wonder if the given package is installed or not. It’s easy to find out too.

In the above output, you see two words namely Installed and Candidate.

Installed : This will tell you the version that you have currently installed in your Ubuntu system.
Candidate : This is actual version that will be installed from the Ubuntu repositories when you install the package using apt-get.

If your system is in state where apt-get is mostly unusable you could try using dpkg to remove the affected package, in this case try:


sudo dpkg --purge php5-memcache

If you are unable to connect to git server over https

NOTE: Make sure you know/trust the server you are communicating with in the first place

Sometimes, git servers can have issues with TLS or other secure handshaking procedures. This is often due to connecting from an older linux/ubuntu box. If you are truly desperate and don’t have time to fix the SSL/TLS properly, here is a very quick fix:

export GIT_SSL_NO_VERIFY=1

Then run your normal git fetch or git push command.