2020-09-25

OpenSSL Generate self-signed certificate for HaProxy

#A/ OpenSSL-Gen-CERT.sh
#LastUpdate: #14:49 2020.09.25, #14:30 2020.09.25
############################################
#REF: https://gist.github.com/yuezhu/47b15b4b8e944221861ccf7d7f5868f5
############################################
#__________GLOBAL_VAR:BEGIN
SSL_CERT_LOC="."
mkdir -p $SSL_CERT_LOC
cd $SSL_CERT_LOC
/bin/rm -rf {*.crt,*.csr,*.key,*.pem}

MyDomain="ha.stats.local"
#__________GLOBAL_VAR:END


#A__________GEN_PRIVATE_KEY:BEGIN
# Generate a unique private key (KEY)
# sudo openssl genrsa -out $MyDomain.key 2048
#__________GEN_PRIVATE_KEY:END


#B__________GEN_CSR:BEGIN
# Generating a Certificate Signing Request (CSR)
#sudo openssl req -new -key $MyDomain.key -out $MyDomain.csr -config openssl.cnf
#__________GEN_CSR:END


#C=A+B:
COUNTRY_NAME="US"
STATE_NAME="CA"
LOCATION_NAME="CA"
ORG_NAME="ORG NAME"
ORG_UNIT_NAME="UNIT-InformationTechnologyCenter"

sudo openssl req -nodes \
-newkey rsa:2048 \
-keyout $MyDomain.key \
-out $MyDomain.csr \
-subj "/C=$COUNTRY_NAME/ST=$STATE_NAME/L=$LOCATION_NAME/O=$ORG_NAME/OU=$ORG_UNIT_NAME/CN=$MyDomain"



#D__________GEN_SELF_SIGNED_CERT:BEGIN
# Creating a Self-Signed Certificate (CRT)
openssl x509 -req -days 3650 -in $MyDomain.csr -signkey $MyDomain.key -out $MyDomain.crt
#__________GEN_SELF_SIGNED_CERT:END



#E__________GEN_PEM:BEGIN
# Append KEY and CRT to $MyDomain.pem
cat $MyDomain.key $MyDomain.crt >> $MyDomain.pem
#__________GEN_PEM:END



#F__________CHECK_SSL_CERT:BEGIN
#https://www.sslshopper.com/article-most-common-openssl-commands.html

#F.1:
echo "------------------------------------------"
echo "Check a Certificate Signing Request (CSR): [$MyDomain.csr]"
openssl req -text -noout -verify -in $MyDomain.csr
sleep 10

#F.2:
echo "------------------------------------------"
echo "Check a private key: [$MyDomain.key]"
openssl rsa -check -in $MyDomain.key
sleep 10

#F.3:
echo "------------------------------------------"
echo "Check a certificate: [$MyDomain.crt]"
openssl x509 -text -noout -in $MyDomain.crt
sleep 10

# #F.4:
# echo "------------------------------------------"
# echo "Check a PKCS#12 file (.pfx or .p12):"
# openssl pkcs12 -info -in $MyDomain.p12

#F.5:
for var_temp in *.pem;
do    
    echo "------------------------------------------"
    echo 'CREATED SSL CERT: ['$var_temp']':
    openssl x509 -noout -dates -in $var_temp

done
echo "------------------------------------------"
#sleep 10

echo "CREATED SSL SELF CERT: DONE"
echo ""

#__________CHECK_SSL_CERT:END

#THE_END

#CHECK SSL CERT:
#https://support.acquia.com/hc/en-us/articles/360004119234-Verifying-the-validity-of-an-SSL-certificate
# openssl x509 -noout -modulus -in $MyDomain.pem | openssl md5
# openssl rsa  -noout -modulus -in $MyDomain.key | openssl md5
# openssl x509 -noout -dates -in $MyDomain.pem

# openssl x509 -in $MyDomain.pem -noout -pubkey
# openssl rsa -in $MyDomain.key -pubout


#https://www.sslshopper.com/article-most-common-openssl-commands.html
# openssl req -text -noout -verify -in $MyDomain.csr
# openssl x509 -in $MyDomain.crt -text -noout


#RESULT:





































































































#B/ Import SSL CERT TO HAPROXY:

#/etc/haproxy/crtlist.txt
#LastUpdate: #15:11 2020.09.25
###################################
# #HTTPS:
# frontend FRONTEND_443  
    # http-response set-header Strict-Transport-Security max-age=31536000;\ includeSubdomains;\ preload
    # http-response set-header X-Frame-Options SAMEORIGIN
    # http-response set-header X-Content-Type-Options nosniff
    # bind *:443 ssl crt-list /etc/haproxy/crtlist.txt
    # mode http
    # option httpclose
    # option forwardfor
    # reqadd X-Forwarded-Proto:\ https
###################################

#___________SSL_CERT:BEGIN
#15:11 2020.09.25
/etc/haproxy/certs/ha.stats.local.pem
#___________SSL_CERT:END

#----------------------------------#END
#THE-END


#FILE_NAME="haproxy_99_HAProxyStats_9999.tcp"
#LastUpdate: #8:23 2020.09.25
#################################
#REF: 
#Setup HAProxy stats over HTTPS
#https://evancarmi.com/writing/setup-haproxy-stats-over-https/
#################################
##__________FRONTEND_[HAProxyStats]:BEGIN
listen  BACKEND_HAProxyStats_9999
    mode http
    bind *:9999 ssl crt-list /etc/haproxy/crtlist.txt alpn h2,http/1.1
    #bind *:9999
    stats enable
    #stats http-request
    #stats hide-version
    stats realm Haproxy\ Statistics
    stats refresh 30s
    #stats uri /haproxy?stats
    stats uri /
    stats auth a:b
    redirect scheme https code 301 if !{ ssl_fc }
##__________FRONTEND_[HAProxyStats]:END
#THE-END


#URL: 
http://10.0.1.105:9999/haproxy?stats: Not OK
https://10.0.1.105:9999/haproxy?stats: OK























































2020-09-16

XAMPP/XEMPP/XNMPP (Linux, Nginx, MariaDB, PHP-FPM, Pure-FTPd) Portable for all Linux Server

XAMPP/XEMPP/XNMPP:
Linux
N
ginx
M
ariaDB
P
HP-FPM
P
ure-FTPd
Portable for Linux Ubuntu Server
LastUpdate: 2020.09.16-17h00 GMT+7



###########################
Index:
A/ Operating System: 
Linux Ubuntu Server 18.04.LTS.x64

B/ Web Server: 
Nginx version: "nginx-1.18.0"
(Included LetsEncrypt for HTTPS)

C/ RDBMS Database: 
MariaDB 10.4.13

D/ PHP Processor:
PHP-FPM: FastCGI Process Manager

E/ FTP Server: 
pure-ftpd FTP Sercure



###########################
A/ Operating System

A.1/ Ubuntu Server 18.04.LTS.x64
root@futurepo:/opt# cat /etc/lsb-release 
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=18.04
DISTRIB_CODENAME=bionic
DISTRIB_DESCRIPTION="Ubuntu 18.04.5 LTS"

A.2/ Kernel Information:
root@futurepo:/opt/lampp/script# uname -a
Linux futurepo 4.15.0-112-generic #113-Ubuntu SMP Thu Jul 9 23:41:39 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux



###########################
B/ Web Server
Nginx version: "nginx-1.18.0"
root@futurepo:/opt/lampp/script# /opt/lampp/nginx-1.18.0/sbin/nginx -V
nginx version: nginx-1.18.0/20200819
built by gcc 7.5.0 (Ubuntu 7.5.0-3ubuntu1~18.04) 
built with OpenSSL 1.1.1  11 Sep 2018
TLS SNI support enabled
configure arguments: 
--prefix=/opt/lampp/nginx-1.18.0 
--add-module=headers-more-nginx-module 
--error-log-path=/opt/lampp/nginx-1.18.0/log/error.log 
--http-log-path=/opt/lampp/nginx-1.18.0/log/access.log 
--pid-path=/opt/lampp/nginx-1.18.0/nginx.pid 
--lock-path=/opt/lampp/nginx-1.18.0/nginx.lock 
--http-client-body-temp-path=/opt/lampp/nginx-1.18.0/cache/client_temp 
--http-proxy-temp-path=/opt/lampp/nginx-1.18.0/cache/proxy_temp 
--http-fastcgi-temp-path=/opt/lampp/nginx-1.18.0/cache/fastcgi_temp 
--http-uwsgi-temp-path=/opt/lampp/nginx-1.18.0/cache/uwsgi_temp 
--http-scgi-temp-path=/opt/lampp/nginx-1.18.0/cache/scgi_temp 
--user=nginx 
--group=nginx 
--with-http_ssl_module 
--with-http_realip_module 
--with-http_addition_module 
--with-http_sub_module 
--with-http_dav_module 
--with-http_flv_module 
--with-http_mp4_module 
--with-http_gunzip_module 
--with-http_gzip_static_module 
--with-http_random_index_module 
--with-http_secure_link_module 
--with-http_stub_status_module 
--with-http_auth_request_module 
--with-http_image_filter_module 
--with-mail 
--with-mail_ssl_module 
--with-file-aio 
--with-http_v2_module 
--with-cc-opt='-O2 -g -pipe -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic'
root@futurepo:/opt/lampp/script# 



###########################
C/ RDBMS Database: MariaDB
root@futurepo:/opt/lampp/nginx-1.18.0/sbin# A004-xampp-mysql-console-admin.sh
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 3107
Server version: 10.4.13-MariaDB Source distribution
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> status
--------------
/opt/lampp/bin/mysql  Ver 15.1 Distrib 10.4.13-MariaDB, for Linux (x86_64) using readline 5.1
Connection id:          3107
Current database:
Current user:           root@localhost
SSL:                    Not in use
Current pager:          stdout
Using outfile:          ''
Using delimiter:        ;
Server:                 MariaDB
Server version:         10.4.13-MariaDB Source distribution
Protocol version:       10
Connection:             Localhost via UNIX socket
Server characterset:    utf8mb4
Db     characterset:    utf8mb4
Client characterset:    utf8mb4
Conn.  characterset:    utf8mb4
UNIX socket:            /opt/lampp/var/mysql/mysql.sock
Uptime:                 1 hour 38 min 14 sec
Threads: 12  Questions: 22339  Slow queries: 0  Opens: 51  Flush tables: 1  Open tables: 41  Queries per second avg: 3.790
--------------
MariaDB [(none)]> 




###########################
D/ PHP-FPM: FastCGI Process Manager
###PHP: D001-1-php-fpm-7.4-restart.sh | D001-3-wordpress-security.sh
    #php-fpm-reload.sh | php-fpm-restart.sh | php-fpm-status.sh | php-fpm-stop.sh
    #/opt/lampp/php-7.4.9/bin/php -v
        PHP 7.4.9 (cli) (built: Aug 18 2020 11:04:00) ( NTS )
        Copyright (c) The PHP Group
        Zend Engine v3.4.0, Copyright (c) Zend Technologies
        #/opt/lampp/php-7.4.9/bin/php -i| grep php.ini
        Configuration File (php.ini) Path => /opt/lampp/php-7.4.9/lib        
        #-rw-r--r-- 1 root root 72599 Aug 18 14:05 /opt/lampp/php-7.4.9/lib/php.ini
    #/opt/lampp/php-7.4.9/sbin/php-fpm -v
        PHP 7.4.9 (fpm-fcgi) (built: Aug 18 2020 11:04:10)
        Copyright (c) The PHP Group
        Zend Engine v3.4.0, Copyright (c) Zend Technologies
        #/opt/lampp/php-7.4.9/sbin/php-fpm -i| grep php.ini
        Configuration File (php.ini) Path => /opt/lampp/php-7.4.9/lib
        Loaded Configuration File => /opt/lampp/php-7.4.9/lib/php.ini
        #-rw-r--r-- 1 root root 72599 Aug 18 14:05 /opt/lampp/php-7.4.9/lib/php.ini



###########################
E/ FTP Server: 
pure-ftpd FTP Sercure
root@futurepo:/opt/lampp/pure-ftpd# B001-1-pureftpd-restart-FULL.sh
######################################
PURE-FTPD CURRENT PID: 
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN      7694/pure-ftpd (SER 
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      7510/mysqld         

PURE-FTPD [FULL PERMISSION] RESTARTING...
21/tcp:               7694
######################################
PURE-FTPD NEW PID: 
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN      24370/pure-ftpd (SE 
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      7510/mysqld         
######################################




###########################
Bonus:
Bonus1: root@futurepo:/opt/lampp/script# ll
root root 1857 Aug 17 14:36  A001-xampp-mysql-initial.sh.bk
root root 3691 Aug 17 13:34  A002-MySQL-Upgrade.sh*
root root  605 Aug 19 09:49  A003-1-xampp-mysql-restart.sh*
root root  298 Jan 17  2019  A003-2-xampp-mysql-stop.sh*
root root  238 Jan 17  2019  A004-xampp-mysql-console-admin.sh*
root root  338 Aug 17 14:24  A005-1-mysql-EventScheduler-ON.sh*
root root  171 Jan 17  2019  A005-2-mysql-EventScheduler-ON.sql
root root  322 Aug 17 13:52  A006-1-mysql-EventScheduler-OFF.sh*
root root  171 Jan 17  2019  A006-2-mysql-EventScheduler-OFF.sql
root root 1764 Aug 19 16:29  A007-3-backup-website.sh*
root root    1 Aug 21 08:27  A007-4-restore-website.sh*
root root 1570 Aug 21 08:27  A007-5-Backup-1-DB.sh*
root root 1862 Aug 21 15:10  A007-6-Restore-1-DB.sh*

root root 1749 Aug 19 09:49  B001-1-pureftpd-restart-FULL.sh*
root root 1516 Jan 17  2019  B001-2-pureftpd-restart-RO.sh*
root root   38 Dec 11  2018  B001-3-pureftpd-log.sh*
root root  359 Dec 11  2018  B001-4-ssl-cert-expired-date-pure-ftpd.sh*

root root  685 Feb 12  2020  C001-1-xampp-APACHE-restart.sh*
root root  688 Feb 12  2020  C001-2-xampp-APACHE.stop.sh*

root root  874 Sep 16 14:16  D001-1-php-fpm-7.4-restart.sh*
root root  639 Aug 19 09:18  D001-2-php-fpm-7.4-stop.sh*
root root 1476 Sep 16 14:31  D001-3-wordpress-security.sh*

root root 3109 Aug 19 09:48  E001-1-nginx-restart-all-instance.sh*
root root 1582 Aug 19 09:28  E001-2-nginx-stop-all-instance.sh*
root root 2655 Aug 19 09:31  E001-3-nginx-reload-all-instance.sh*
root root 1271 Aug 19 09:33  E001-4-nginx-status-all-instance.sh*
root root 2121 Aug 20 11:23  E001-5-nginx-test-all-instance.sh*


Bonus2: /etc/rc.local
#!/bin/bash
###################################
#FILE_NAME: /etc/rc.local
#Author: qwerty | 
#LastUpdate: #2020.08.12-15.54.35.332
###################################
###################################CONTENT:BEGIN
#!/bin/bash
#!/bin/sh -e
# rc.local
# By default this script does nothing.
#####################################

#SAMBA:
/opt/script/samba-stop.sh

#MariaDB:
/opt/lampp/script/A003-1-xampp-mysql-restart.sh

#FTP Server:
/opt/lampp/script/B001-1-pureftpd-restart-FULL.sh

#PHP-FPM: 7.4.9:
/opt/lampp/script/D001-1-php-fpm-7.4-restart.sh

#NGINX:
/opt/lampp/script/E001-1-nginx-restart-all-instance.sh

#######
exit 0
###################################CONTENT:END



Bonus3:crontab -l
root@futurepo:/opt/lampp/script# crontab -l
##############################################
#UBUNTU: /var/spool/cron/crontabs/root
#CENTOS: /var/spool/cron/root
#LastUpdate: #10:19 2020.09.16
##############################################
#*     *     *   *    *      command to be executed         
#-     -     -   -    -                                       
#|     |     |   |    |                                       
#|     |     |   |    +----- day of week (MON-1|TUE-2|WED-3|THU-4|FRI-5|SAT-6|SUN-0)
#|     |     |   +------- month (1-12)                    
#|     |     +--------- day of month (1-31)
#|     +----------- hour (0-23)                    
#+------------- min (0-59)
##############################################
#GET DATE PER 1min:
* * * * * /opt/script/schedule-per-1s.sh

#Sync Time Server, daily, 23h00:          
00 23 * * * /opt/script/time-force-update.sh

#CRONTAB BACKUP, DAILY, 23h00:
#00 23 * * * /opt/script/crontab-backup.sh

# Check process HAProxy status every minute.
# * * * * * /opt/script/haproxy_monitor_stats.sh

#CLEAR RAM PER HOUR: 
0 */1 * * * /opt/script/ram.clear.sh

#RENEW SSL CERT: Daily, 0h00:
00 00 * * * /opt/script/le-renew-[futurepo.xxx].sh

#Wordpress Security Checking: DAILY, 23h00:
00 23 * * * /opt/lampp/script/D001-3-wordpress-security.sh

#Wordpress: Backup Websites: Daily, 0h00:
#
A007-3-backup-website.sh <DBName> <Wordpress Website Name>
00 23 * * * /opt/lampp/script/A007-3-backup-website.sh "futurepo" "futurepo.xxx"


Bonus4:date;netstat-status.sh















###########################
Download:
Contact to: iadmin@mgiay.com



###########################
Keyword:
#XAMPP
#XEMPP
#XNMPP
#Linux
#Nginx
#MariaDB
#PHP
#Pure-FTPd
Linux, Nginx, MariaDB, PHP, Pure-FTPd

XAMPP is currently only availably as 32 bit application. Please use a 32 bit compatibility library for your system

 

XAMPP is currently only availably as 32 bit application. Please use a 32 bit compatibility library for your system.

sudo apt-get install ia32-libs
sudo apt-get install lib32stdc++6

#/opt/lampp/lampp

#qwerty: 13:37 2020.09.16
# # XAMPP is currently 32 bit only
# case `uname -m` in
            # *_64)
            # if $XAMPP_ROOT/bin/php -v > /dev/null 2>&1
            # then
                        # :
            # else
                        # $GETTEXT -s "XAMPP is currently only availably as 32 bit application. Please use a 32 bit compatibility library for your system."
                        # exit 1
            # fi
            # ;;
# esac



/opt/lampp/lampp start