Category Archives: Linux

Linux related How-tos

Running multiple SSL sites on one IP with NGINX

This how-to will step you through the process needed to be able to run two different SSL sites (completely different URLs) on the same IP (same NGINX server too)

Let’s say you have own the domains www.example1.com and www.example2.org and that you wish to host both sites on the same server with one IP.  Let’s also say you wish to make it so that that both sites are SSL enabled (https).  Finally let’s assume that you have already secured proper SSL certificates for each domain.

The first step should be to ensure that we have the SSL certificates in a good location for NGINX to be able to reach them.  My personal preference isto store the certificates in /etc/nginx/ssl directory, usually in a directory named after the URL for the certificate.  Using the example names from above, we need to create two directories in /etc/nginx/ssl.  Something like the following:
# cd /etc/nginx/ssl
# mkdir www.example1.com
# mkdir www.example2.org

Now copy the certificates to their corresponding directories under /etc/nginx/ssl.

The next step is to create a configuration file for the first domain in /etc/nginx/sites-available directory. Let’s call the configuration file SSL-example1-com, its contents should be:

server {

listen 443;
server_name www.example1.com;

root /usr/share/nginx/www1;
index index.html index.htm;

ssl on;
ssl_certificate /etc/nginx/ssl/www.example1.com/cert_for_example1_com-server.crt;
ssl_certificate_key /etc/nginx/ssl/www.example.com/key_for_example_com1_server.key;
}

Notice that server_name is using the example1.com fully qualified domain name and that
the certificate and key correspond to the example1.com fully qualified domain name.

Now we create the configuration for the second site.  Lets use SSL-example2-org as the name and include the following as content:

server {

listen 443;
server_name www.example2.org;

root /usr/share/nginx/www2;
index index.html index.htm;

ssl on;
ssl_certificate /etc/nginx/ssl/www.example2.org/cert_for_example2-org-server.crt;
ssl_certificate_key /etc/nginx/ssl/www.example2.org/key_for_example2_server_org.key;
}

Notice that server_name is using the example2.org fully qualified domain name and that
the certificate and key correspond to the example2.org fully qualified domain name.

Now create links to these configuration files in etc/nginx/sites-enabled:

# ln -s ../sites-available/SSL-example1-com 001-example-com
# ln -s ../sites-available/SSL-example2-org 002-example-org

Finally restart NGINX

Installing xrdp 9.3 and xorgxrdp 2.3 on Debian Jessie (or Stretch)

This how-to is based on the install instructions from XRDP’s github pages for installing on Debian 8.

Install xrdp’s dependencies:

$ sudo apt-get install git autoconf libtool pkg-config gcc g++ make libssl-dev libpam0g-dev libjpeg-dev libx11-dev libxfixes-dev libxrandr-dev flex bison libxml2-dev intltool xsltproc xutils-dev python-libxml2 g++ xutils libfuse-dev libmp3lame-dev nasm libpixman-1-dev xserver-xorg-dev

Get the xrdp and xorgxrdp sources:

$ mkdir -p GIT-sources/neutrinolabs
$ cd GIT-sources/neutrinolabs
$ wget https://github.com/neutrinolabs/xrdp/releases/download/v0.9.3/xrdp-0.9.3.tar.gz
$ wget https://github.com/neutrinolabs/xorgxrdp/releases/download/v0.2.3/xorgxrdp-0.2.3.tar.gz

Building and installing xrdp:

$ cd GIT-sources/neutrinolabs
$ tar xvfz xrdp-0.9.3.tar.gz
$ cd xrdp-0.9.3
$ ./bootstrap
$ ./configure --enable-fuse --enable-mp3lame --enable-pixman --enable-sound
$ make -j2
$ sudo make install
$ sudo ln -s /usr/local/sbin/xrdp{,-sesman} /usr/sbin

Building and installing xorgxrdp:

$ cd GIT-sources/neutrinolabs
$ tar xvfz xorgxrdp-0.2.3.tar.gz
$ cd xorgxrdp-0.2.3
$ ./bootstrap
$ ./configure
$ make -j2
$ sudo make install

Generate keys:

$ sudo xrdp-keygen xrdp auto 2048

Building the pulseaudio modules:

$ cd ~
$ mkdir -p Release-sources/pulseaudio
$ cd Release-sources/pulseaudio
$ sudo apt-get install dpkg-dev
$ sudo apt-get source pulseaudio
$ sudo apt-get build-dep pulseaudio

Change the permisions on the pulseaudio directory to your user:

$ sudo chown -R [USER]:[GROUP] pulseaudio-10.0
$ cd pulseaudio-10.0
$ ./configure

In change directory to “~/GIT-sources/neutrinolabs/xrdp-0.9.3/sesman/chansrv/pulse”

$ cd ~/GIT-sources/neutrinolabs/xrdp-0.9.3/sesman/chansrv/pulse

Edit the Makefile with your favorite editor and point it to the sources for pulseaudio by changing:

PULSE_DIR = /tmp/pulseaudio-10.0

to:

PULSE_DIR = ../../../../../../Release-sources/pulseaudio/pulseaudio-10.0

then:

$ make -j2

If the build is successful , copy the 2 modules to /usr/lib/pulse-10.0/modules.

$ sudo cp module-xrdp*.so /usr/lib/pulse-10.0/modules

Check the /usr/lib/pulse-10.0/modules directory:

$ ls -al /usr/lib/pulse-10.0/modules

If necessary, fix the ownership and permissions on the two modules:

$ cd /usr/lib/pulse-10.0/modules
$ sudo chown root:root module-xrdp-s*.so
$ sudo chmod 644 module-xrdp-s*.so

The modules are named module-xrdp-sink.so and module-xrdp-source.so

Enable the services:

$ sudo systemctl enable xrdp.service
$ sudo systemctl enable xrdp-sesman.service

Fixes for possible issues:

To run it as terminal server (also useful for Guacamole) add allowed_users=anybody to /etc/X11/Xwrapper.config to allow anybody to start X

To fix the thinclient_drives share error when connected via RDP to the client:

$ sudo umount thinclient_drives

logout and re-login via rdp