Tag Archives: linux

Elementary OS (Loki)

10 essentials steps to use Elementary OS as media station

I was looking for an easy and good alternative for Windows 7 on a laptop used as a media station to watch Netflix and Crunchyroll and I choose Elementary OS.

This GNU/Linux distribution is based on Ubuntu and it’s relatively easy to install. Anyway, it needs some steps to work great as media station. Here we go:

  1. Make AppCenter Work
    1. Click on Applications on the top left corner of the screen
    2. Click on Terminal
    3. On the console type these commands:
      sudo dpkg --configure -a
      sudo apt update
      
  2. Update your system
    1. Open the AppCenter moving the mouse at the bottom on the screen, then click on the store icon
    2. Click on Updates on the top of the window
    3. Click on Update All and wait until all packages are installed
    4. When finished, click on the Power icon in top right corner of the screen and restart
  3. Update language (if different than English)
    1. Go to the System settings on the bottom bar
    2. Choose Language & Region
    3. A yellow box should appear telling the language installation is not complete: click on Complete installation
    4. Type the user password you’ve choosen during the installation
    5. Click on Unlock
    6. Select your language, region and format
    7. Log out using the top right power button and log in again. The OS is now translated.
    8. Click on Update names to change home directories names according to the selected language (or keep it in the English version)
  4. Install VLC
    1. Go to AppCenter
    2. On the top right corner of the AppCenter search “vlc”
    3. Click Install
  5. Install your preferred browser
    1. On the top right corner of the AppCenter look for your favourite browser:
      1. If you’re looking for Firefox, type “firefox” and install it
      2. If you’re looking for Chrome, type “chromium” and install it. It’s the open source alternative of Chrome.
  6. Make your browsers ready to watch streaming shows:
    1. If you’re using Firefox, go to Menu > Preferences > Content > and flag Play DRM content checkbox. It will allow services using this meh technology.
    2. Optional: Install Flash Player for Linux if needed (automatically installed in Firefox):
      https://get.adobe.com/it/flashplayer/otherversions/
  7. Optional: Translate your browser
    1. On Firefox, type about:addons in the address bar
    2. Search for your language and install
      1. Language pack
      2. Dictionary
  8. Optional: Install Office Productivity Tools:
    1. On AppCenter, search for LibreOffice, LibreOffice Writer and LibreOffice calc and install them (one by one) to open Word and Excel files or Open Office files.
  9. Optional: get new wallpapers automatically
    1. In the AppCenter search for “Variety
    2. Install and configure it
    3. You can add nice quotes and a clock to the desktop editing Preferences
  10. Switch the sound to the TV when the HDMI cable is plugged into the port:
    1. By default, when you plug the HDMI cable to the PC you can hear the sound coming from PC speakers
    2. To solve this issue open the Terminal and type
      sudo bash
      

      And type your password.

    3. Follow this howto to automatically redirect sound to the TV when it’s plugged in. To create or edit files you can use:
      nano /path/to/file
      

With these steps your brand new media station is ready for watching streaming relying on the strong security implemented in GNU/Linux systems.

Advertisements
HTTPS, encrypt via SSL / TLS

Free SSL certificates and how to install on nginx in 10 steps

Here how you can get free SSL cerificates using Let’s Encrypt. Forget about the expire of certificates using the auto-renewal script. A complete reference to install a Let’s Encrypt certificate is this Digital Ocean’s howto. Here there’s a quick guide based on it, plus some additional suggestions. Here we go!

The following code download the script and make it executable. (1)

cd /usr/local/sbin
wget https://dl.eff.org/certbot-auto
chmod a+x /usr/local/sbin/certbot-auto

The following code create a path for ssl certificate. Change /usr/local/etc/my/files/path/ssl_cert with a path for where you’ll store certificates, you can select a path not in your document root. (2)

mkdir /usr/local/etc/my/files/path/ssl_cert

Now edit your /etc/nginx/conf.d/mysites.conf and add this into the server {…} directive to make available example.com/.well-known url (3):

        location ^~ /.well-known {
                alias /usr/local/etc/my/files/path/ssl_cert/.well-known;
                allow all;
        }

Now execute the script to install certificates for your domains. Remember to use the command with -d domain-without-www -d www-domain in this order. (4)

  1. Install all needed dependencies for your system (via yum on RedHat based distro and apt on Debian based)
  2. Generate a valid certificate
certbot-auto certonly -a webroot --webroot-path=/usr/local/etc/my/files/path/ssl_cert -d example.com -d www.example.com -d mysite.com -d www.mysite.com

An auto check will be performed and you will get a Congratulation message.

Now generate a strong Diffie-Hellman group with this command (5):

openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

Check syntax and if ok reload the nginx server to apply changes and . (6)

nginx -t
systemctl reload nginx

Auto-renewal

A certificate will be valid for a short period of time, e.g. 3 months.

To auto-renew the certificate for all of your domains, you should add the auto-renewal command to cron (7):

30 2 * * 0 /usr/local/sbin/certbot-auto renew >> /var/log/le-renew.log
35 2 * * 0 /etc/init.d/nginx reload

The command will be executed every sunday night, between 2.30-2.35am, when the certificate will be checked to be renewed if needed.

Enable SSL on nginx

To enable SSL on nginx, if you have already a mysite.conf file mapped for uncrypted connection on port 80. Inside the /etc/nginx/conf.d directory, copy the file as mysite_ssl.conf and:

Change all occurrences of:

listen 80;

to:

listen 443 ssl;

In this way nginx will listen to 443 port on SSL. Ensure you have this port available externally (firewall and/or Selinux audit2allow). (8)

In the original file, mysite.conf, you can delete all entries but you have to keep the well-know part (step 3). This will avoid errors by Let’s Encrypt script.

Add and enable cyphers. Here there’s a good cyphers list, reliable for compatibile but secure using TLS only. (9)

server {
    # the port your site will be served on
    listen      443 ssl;
    # the domain name it will serve for
    server_name example.com; # substitute your machine's IP address or FQDN
    ssl_certificate /etc/letsencrypt/live/mysite.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/mysite.com/privkey.pem;
    ##### Cyphers and SSL fine tuning #####
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_stapling on;
    ssl_stapling_verify on;
    add_header Strict-Transport-Security max-age=15768000;
    ##### END Cyphers and SSL fine tuning #####
    # charset     utf-8; etc...
}

Test nginx syntax with:

nginx -t

and then reload nginx to apply changes (10), on CentOS:

systemctl restart nginx

Free disk space by finding big files

Here you can find some useful application to look for big files on disk for Windows and Linux. These disk tools are all free software, and very useful to find big files on disk and free disk space.

On Windows: WinDirStat

  • Download and install WinDirStat
  • Run WinDirStat on your disks (it will take time)
  • You’ll see a coloured map of file occupation by file type

windirstat

On Linux command line: ncdu

  • On Ubuntu / Debian
    • apt-get install ncdu
    • cd /dir/to/check
    • ncdu
  • On CentOS / Fedora / RedHat
    • yum install ncdu
    • cd /dir/to/check
    • ncdu
ncdu-screenshot

ncdu screenshot by dev.yorhel.nl: Official Website

On Linux with window manager

  • CentOS / Fedora / RedHat
    • apt-get install k4dirstat
  • On Ubuntu / Debian
    • yum install k4dirstat

Again, you’ll see a coloured map of file occupation by file type.

Official website

 

dirstat1-yuenhoe

Screenshot by yuenhoe.com

Turn Raspberry into a small NAS with samba

I got a Raspberry Pi Model B. It’s cheap and I want to do some experiments for fun.

Experiment #1: I have a 1T external HDD (FAT) and I want to turn Raspberry into a very basic NAS.

I used:

  • 1 External USB HDD (with external power supply)
  • 1 ethernet cable CAT. 5 (10/100) or better
  • 1 HDMI cable and monitor / tv
  • 1 smartphone microusb battery charger
  • 1 SDHC (for the OS)
  • Raspbian “wheezy” (tested on 2012-08-16 release)
  • 1 modem router for connectivity (4 port)
  • 1 Windows PC plugged to the router

I flashed Raspbian into a class 10 SDHC, I follow this useful howto about to turn on HDMI instead of TV and voilà, I got a down-scaled debian system into a silent, little board that I charge with the smartphone charger via microusb (5V, 700mA).

I plug a wireless mouse and keyboard on the first USB port, and then I plug my external drive on the second. Debian read the FAT partition well (mounted on /media/MYDRIVE), but now I have to turn it into a wannabe-NAS.

Shall we dance? With Samba!

I plug the RJ-45 ethernet connector from my modem router into the Raspberry Pi and I follow this howto in Italian.

$ is a pi console (Start > Accessories > LXTerminal)
# is a root console (Start > Accessories > Root terminal)

# adduser guest --home=/home/public --shell=/bin/false --disabled-password
# sudo chmod -R 0700 /home/public
# chown -R guest.guest /home/public
$ sudo apt-get install samba smbfs

Then I have a new user “guest” with no password authentication. The howto covers the creation of a shared home (/home/public) but I do something slightly different (WORKGROUP is my local network name):

editing /etc/samba/smb.conf

## Browsing/Identification ###
# Change this to the workgroup/NT-domain name your Samba server will part of
   workgroup = WORKGROUP

####### Authentication #######
   security = share

   obey pam restrictions = yes
   guest account = guest
   invalid users = root

And now the most interesting part:

[MYDRIVE]
comment = Mydrive
read only = no
locking = no
path = /media/MYDRIVE
guest ok = yes
force user = pi

Where /media/MYDRIVE is the path to your external usb drive.

And then:

# /etc/init.d/samba restart

to apply.

As this howto explains, the “force user” allows a user (i.e. guest) to get the files from a device mounted by another user (i.e. pi, the default raspbian user).

Have fun

Now on the Windows machine on the Network panel I look for RASPBERRYPI and inside it I find the “mydrive” folder, with all the files from MYDRIVE within. I play a 720p video without slowdown. And so, the cheap NAS experiment is successfully completed.

Make Flash works with Chrome on Ubuntu 64 bit

  1. Download Chrome for Linux (64 bit .deb package)
  2. Install the package
  3. On shell type:
    $ sudo bash
    If you don’t have wget installed:
    # apt-get install wget
    # cd /opt/google/chrome/
    # mkdir plugins
  4. Get the latest experimental Flash Player “Square” on
    http://labs.adobe.com/technologies/flashplayer10/square/
    and then put it on Chrome plugins folder e.g.

    wget http://download.macromedia.com/pub/labs/flashplayer10/flashplayer10_2_p3_64bit_linux_111710.tar.gz
  5. Close and restart Chrome: now Flash 10 is working.

See also:

Site off-line error after changing mysql to mysqli on Drupal

Sometimes Drupal try to access MySQL using a wrong socket, i.e. /tmp/mysql.sock.

There are two solutions: creating a symbolic link from the wrong location to the right location, or change the php.ini (es. /etc/php.ini) to point to the right socket:

mysqli.default_socket = /var/lib/mysql/mysql.sock

This solution is more reliable, since the symbolic link to socket should be recreated at any system boot on solution #1.

See also:

Disable file system check on boot

Sometimes you want to disable time-based automatic check on your filesystems on boot. To do so, you can use the tune2fs utility with the following command:

tune2fs -c0 -i0d /dev/mydev

Where /dev/mydev is your device.

See also: