Manifesto for Software Craftsmanship

It’s been a while, and my commitment continue.

Manifesto

Running Nginx with SSL/TLS provided by Let’s Encrypt

Let’s Encrypt is Certificate Authority (CA) and provide free SSL/TLS certificates to enable HTTPS connections on our website. It’s very simple to implement and integrate to nginx, you just have to generate the certificate with certbot script and add it to the server configuration. I am currently running Slackware 14, to run certbot, I need install the follow pyhton packages with easy_install:

  • python-setuptools
  • zope.interface
  • zope.component
  • six
  • pytz
  • pyrfc3339
  • PyOpenSSL
  • python-parsedatetime
  • parsedatetime
  • mock
  • configobj
  • ConfigArgParse
  • requests
  • psutil
  • pycparser
  • ipaddress
  • enum34
  • idna
  • cffi
  • pyasn1
  • cryptography
  • ndg_httpsclient
  • python2-pythondialog
  • python-augeas

Now, running this command will get a certificate.

certbot certonly -a webroot --webroot-path=/usr/share/nginx/html -d mydomain.cl

After obtaining the cert, you will have the following PEM-encoded files:

  • cert1.pem: Your domain’s certificate
  • chain1.pem: The Let’s Encrypt chain certificate
  • fullchain1.pem: cert.pem and chain.pem combined
  • privkey1.pem: Your certificate’s private key

You can check that the files exist by running the command:

  ls -l /etc/letsencrypt/live/mydomain.cl

Within this file, we just need to set:

  • ssl_certificate: directive to our certificate file
  • ssl_certificate_key: associated key.

the nginx.conf should looks like this:

# HTTPS server
#
server {
    listen       443 ssl;
    server_name  mydomain.cl;

    ssl_certificate      /etc/letsencrypt/live/mydomain.cl/cert.pem;
    ssl_certificate_key  /etc/letsencrypt/live/mydomain.cl/privkey.pem;

    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;

    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;

    location / {
        root   /var/www/nginx/public;
        index  index.html index.htm;
    }

    ...
}

Reference Certificats SSL/TLS avec Certbot sous Slackware

Slackware mosquitto script

#!/bin/sh
#
# Mosquitto daemon control script.
# Written for Slackware Linux by Jose Bovet Derpich <jose.bovet@gmail.com>.

BIN=/usr/sbin/mosquitto
CONF=/etc/mosquitto/mosquitto.conf
# enable pid_file in /etc/mosquitto/mosquitto.conf
PID=/var/run/mosquitto.pid

mosquitto_start() {
  if [ ! -r $CONF ]; then # no config file, exit:
    echo "$CONF does not appear to exist. Abort."
    exit 1
  fi

  if [ -s $PID ]; then
    echo "Mosquitto appears to already be running?"
    exit 1
  fi

  echo "Starting Mosquitto server daemon..."
  if [ -x $BIN ]; then
    $BIN -c $CONF -d
  fi
}

mosquitto_stop() {
  echo "Shutdown Mosquitto..."
  if [ -r $PID ]; then
    kill -TERM $(cat $PID)
    rm $PID
  fi
}

mosquitto_restart() {
  mosquitto_stop
  sleep 3
  mosquitto_start
}

case "$1" in
  start)
    mosquitto_start
    ;;
  stop)
    mosquitto_stop
    ;;
  restart)
    mosquitto_restart
    ;;
  *)
  echo "usage: `basename $0` {start|stop|restart}"
esac

Gist Link

Current Status

Currently I’m running Slackware Linux 14.2 on a VPS with Kernel 4.9.15-x86_64 provided by Linode.com. The main specifications are 2GB RAM, 1 CPU Core Intel(R) Xeon(R) CPU E5-2680 v3 @ 2.50GHz, 30 GB SSD Storage, 2TB Transfer, 40 Gbps Network In and 1000 Mbps Network Out, enough to be a happy user! smiley

At the moment, I’ve running few services like nginx stable version 1.12.0 as HTTP server and jekyll as static website, Let’s Encrypt as Certificate Authority provider for free SSL/TLS support heart I will soon install postfix mail server,

Integración Webpay Transbank SOAP

Ejemplo de Integración con java para servicio Webpay SOAP con springboot 1.4.2 + cxf 3.1.x

Link