Pydio 7 with PHP7 and SSL on Debian Jessie

August 12, 2017 d h

Add the dotdeb repository to get latest PHP 7.

# wget -O- https://www.dotdeb.org/dotdeb.gpg | apt-key add -

Create /etc/apt/sources.list.d/dotdeb.list and add the following:

deb http://packages.dotdeb.org jessie all

Once that is done run the following commands:

# apt-get update
# apt install mysql-server php7.0 php7.0-fpm php7.0-mysql php7.0-curl php7.0-json php7.0-gd php7.0-intl php7.0-mbstring php7.0-xml php7.0-zip php7.0-exif php7.0-apcu apt-get install libapache2-mod-php

Disable apache support for php5:
# a2dismod php5

Enable apache support for php7:

# a2enmod php7.0

Add the Pydio repository.

Create /etc/apt/sources.list.d/pydio.list and add the following:

# Pydio Community repositories
deb https://download.pydio.com/pub/linux/debian/ jessie-backports main

then:

# wget -qO - https://download.pydio.com/pub/linux/debian/key/pubkey | apt-key add -

# apt-get install apt-transport-https
# apt-get update

# apt-get install pydio
# apt-get install pydio-all

In /etc/php/7.0/apache2/php.ini change:

output_buffering = 4096

to:

output_buffering = off

Create self-signed certificates for Pydio over ssl

# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/pydio-selfsigned.key -out /etc/ssl/certs/pydio-selfsigned.crt
# openssl x509 -in /etc/ssl/certs/pydio-selfsigned.crt -out /etc/ssl/certs/pydio-selfsigned.pem -outform PEM

Enable ssl on apache:

# a2enmod ssl

In the /etc/apalche2/sites-enabled directory:

# rm 000-default.conf
# ln -s ../sites-available/default-ssl.conf default-ssl.conf

In default-ssl.conf change the follwing line from:

SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem

To:

SSLCertificateFile /etc/ssl/certs/pydio-selfsigned.pem

Also change the following line from:

SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

To:

SSLCertificateKeyFile /etc/ssl/private/pydio-selfsigned.key

Restart apache and pydio

How-tos, Linux

Running multiple SSL sites on one IP with NGINX

August 10, 2017 d h

This how-to will step you through the process needed to be able to run two different SSL sites (completely different URLs) on the same IP (same NGINX server too)

Let’s say you have own the domains www.example1.com and www.example2.org and that you wish to host both sites on the same server with one IP. Let’s also say you wish to make it so that that both sites are SSL enabled (https). Finally let’s assume that you have already secured proper SSL certificates for each domain.

The first step should be to ensure that we have the SSL certificates in a good location for NGINX to be able to reach them. My personal preference isto store the certificates in /etc/nginx/ssl directory, usually in a directory named after the URL for the certificate. Using the example names from above, we need to create two directories in /etc/nginx/ssl. Something like the following:
# cd /etc/nginx/ssl
# mkdir www.example1.com
# mkdir www.example2.org

Now copy the certificates to their corresponding directories under /etc/nginx/ssl.

The next step is to create a configuration file for the first domain in /etc/nginx/sites-available directory. Let’s call the configuration file SSL-example1-com, its contents should be:

server {

listen 443;
server_name www.example1.com;

root /usr/share/nginx/www1;
index index.html index.htm;

ssl on;
ssl_certificate /etc/nginx/ssl/www.example1.com/cert_for_example1_com-server.crt;
ssl_certificate_key /etc/nginx/ssl/www.example.com/key_for_example_com1_server.key;
}

Notice that server_name is using the example1.com fully qualified domain name and that
the certificate and key correspond to the example1.com fully qualified domain name.

Now we create the configuration for the second site. Lets use SSL-example2-org as the name and include the following as content:

server {

listen 443;
server_name www.example2.org;

root /usr/share/nginx/www2;
index index.html index.htm;

ssl on;
ssl_certificate /etc/nginx/ssl/www.example2.org/cert_for_example2-org-server.crt;
ssl_certificate_key /etc/nginx/ssl/www.example2.org/key_for_example2_server_org.key;
}

Notice that server_name is using the example2.org fully qualified domain name and that
the certificate and key correspond to the example2.org fully qualified domain name.

Now create links to these configuration files in etc/nginx/sites-enabled:

# ln -s ../sites-available/SSL-example1-com 001-example-com
# ln -s ../sites-available/SSL-example2-org 002-example-org

Finally restart NGINX

How-tos, Linux

Installing xrdp 9.3 and xorgxrdp 2.3 on Debian Jessie (or Stretch)

August 8, 2017 d h

This how-to is based on the install instructions from XRDP’s github pages for installing on Debian 8.

Install xrdp’s dependencies:

$ sudo apt-get install git autoconf libtool pkg-config gcc g++ make libssl-dev libpam0g-dev libjpeg-dev libx11-dev libxfixes-dev libxrandr-dev flex bison libxml2-dev intltool xsltproc xutils-dev python-libxml2 g++ xutils libfuse-dev libmp3lame-dev nasm libpixman-1-dev xserver-xorg-dev

Get the xrdp and xorgxrdp sources:

$ mkdir -p GIT-sources/neutrinolabs $ cd GIT-sources/neutrinolabs $ wget https://github.com/neutrinolabs/xrdp/releases/download/v0.9.3/xrdp-0.9.3.tar.gz $ wget https://github.com/neutrinolabs/xorgxrdp/releases/download/v0.2.3/xorgxrdp-0.2.3.tar.gz

Building and installing xrdp:

$ cd GIT-sources/neutrinolabs $ tar xvfz xrdp-0.9.3.tar.gz $ cd xrdp-0.9.3 $ ./bootstrap $ ./configure --enable-fuse --enable-mp3lame --enable-pixman --enable-sound $ make -j2 $ sudo make install $ sudo ln -s /usr/local/sbin/xrdp{,-sesman} /usr/sbin

Building and installing xorgxrdp:

$ cd GIT-sources/neutrinolabs $ tar xvfz xorgxrdp-0.2.3.tar.gz $ cd xorgxrdp-0.2.3 $ ./bootstrap $ ./configure $ make -j2 $ sudo make install

Generate keys:

$ sudo xrdp-keygen xrdp auto 2048

Building the pulseaudio modules:

$ cd ~ $ mkdir -p Release-sources/pulseaudio $ cd Release-sources/pulseaudio $ sudo apt-get install dpkg-dev $ sudo apt-get source pulseaudio $ sudo apt-get build-dep pulseaudio

Change the permisions on the pulseaudio directory to your user:

$ sudo chown -R [USER]:[GROUP] pulseaudio-10.0 $ cd pulseaudio-10.0 $ ./configure

In change directory to “~/GIT-sources/neutrinolabs/xrdp-0.9.3/sesman/chansrv/pulse”

$ cd ~/GIT-sources/neutrinolabs/xrdp-0.9.3/sesman/chansrv/pulse

Edit the Makefile with your favorite editor and point it to the sources for pulseaudio by changing:

PULSE_DIR = /tmp/pulseaudio-10.0

to:

PULSE_DIR = ../../../../../../Release-sources/pulseaudio/pulseaudio-10.0

then:

$ make -j2

If the build is successful , copy the 2 modules to /usr/lib/pulse-10.0/modules.

$ sudo cp module-xrdp*.so /usr/lib/pulse-10.0/modules

Check the /usr/lib/pulse-10.0/modules directory:

$ ls -al /usr/lib/pulse-10.0/modules

If necessary, fix the ownership and permissions on the two modules:

$ cd /usr/lib/pulse-10.0/modules
$ sudo chown root:root module-xrdp-s*.so
$ sudo chmod 644 module-xrdp-s*.so

The modules are named module-xrdp-sink.so and module-xrdp-source.so

Enable the services:

$ sudo systemctl enable xrdp.service $ sudo systemctl enable xrdp-sesman.service

Fixes for possible issues:

To run it as terminal server (also useful for Guacamole) add allowed_users=anybody to /etc/X11/Xwrapper.config to allow anybody to start X

To fix the thinclient_drives share error when connected via RDP to the client:

$ sudo umount thinclient_drives

logout and re-login via rdp