分類彙整: system

SSL 憑證安裝

今天在安裝 images.abic.com.tw 的憑證的時候
發現在 mobile 的 chrome 上都會發生錯誤…
檢查了一下發現是 SSL Certificate Chain 的問題, 因為我在 server 只上了自已 domain 的憑證
沒把 Intermediate certificate 加上去造成的

Creating a .pem with the Entire SSL Certificate Trust Chain

  1. Log into your DigiCert Management Console and download your Intermediate (DigiCertCA.crt), Root (TrustedRoot.crt), and Primary Certificates (your_domain_name.crt).
  2. Open a text editor (such as wordpad) and paste the entire body of each certificate into one text file in the following order:
    1. The Primary Certificate – your_domain_name.crt
    2. The Intermediate Certificate – DigiCertCA.crt
    3. The Root Certificate – TrustedRoot.crt

    Make sure to include the beginning and end tags on each certificate. The result should look like this:

    —–BEGIN CERTIFICATE—–
    (Your Primary SSL certificate: your_domain_name.crt)
    —–END CERTIFICATE—–
    —–BEGIN CERTIFICATE—–
    (Your Intermediate certificate: DigiCertCA.crt)
    —–END CERTIFICATE—–
    —–BEGIN CERTIFICATE—–
    (Your Root certificate: TrustedRoot.crt)
    —–END CERTIFICATE—–

    Save the combined file as your_domain_name.pem. The .pem file is now ready to use.

上述紅色的部份就是我們完整的 SSL Certificate

檢查 ssl Certificate 的工具
https://cryptoreport.rapidssl.com/checker/views/certCheck.jsp

參考資料
https://www.digicert.com/ssl-support/pem-ssl-creation.htm
https://www.linode.com/docs/platform/nodebalancer/nodebalancer-ssl-configuration

Error: Could not complete SSL handshake.

執行 /usr/local/libexec/nagios/check_nrpe2 -H ip -c check_xxx
發生 /usr/local/libexec/nagios/check_nrpe2 -H 192.168.x.xxx -c check_disk_root
錯誤時
請去檢查 nrpe client
ps -axuw | egrep -i ‘nrpe’
是不是沒有 -n 的參數 例如 /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -d
若沒有 -n
CentOS 請去 /etc/sysconfig/nrpe 加入
# specify additional command line arguments for nrpe
NRPE_SSL_OPT=”-n”

ps:
rpmforge 裝的 nrpe 會是 nagios-nrpe
這個版本不會吃 /etc/sysconfig/nrpe
請裝 epel 的版本
因為這個問題我浪費了一個小時去查…..Fuxk

redmine使用google app 寄送 email 通知信

先安裝及設定
http://redmineblog.com/articles/setup-redmine-to-send-email-using-gmail/

照最下面去改smtp_tls.rb
http://www.redmine.org/boards/2/topics/4833

測試
1. Login as an administrator
2. Go to the Administration panel
3. Go into the Settings and select the “Email notifications” tab
4. In the bottom right, click the link to “Send a test email”

update: 2012/06/08

1. 修改 configuration.yml

production:
  email_delivery:
    delivery_method: :smtp
    smtp_settings:
      tls: true
      enable_starttls_auto: true
      address: "smtp.gmail.com"
      port: 587
      domain: "example.com.tw" # 'your.domain.com' for GoogleApps
      authentication: :plain
      user_name: "redmine@example.com.tw"
      password: "example"

2. 修改 environment.rb

config.action_mailer.perform_deliveries = true

3. 重啟 redmine

收工 *菸*

haproxy Statistics Report

用了haproxy 想要知道目前的狀況就開啟一下這個report 看一下吧
很簡單…………..
就加入
[sourcecode language=’text’]
stats enable
stats hide-version
stats scope .
stats uri /admin?stats
stats realm Haproxy Statistics
stats auth admin1:AdMiN123
stats auth admin2:AdMiN321
[/sourcecode]

手冊上有
http://haproxy.1wt.eu/download/1.3/doc/configuration.txt