Categories
interwebs security web server

Let’s Encrypt in manual mode

SSL and TLS are cryptographic protocols designed to provide secure conenction between web client and web server. This security is achieved by installing SSL/TLS certificate on a web server. Certificate contains the public key and additional information such as issuer, what the cert is supposed to be used for, and other types of metadata. Certificate is signed by a certificate authority (CA) using CA’s private key. This verifies the authenticity of the certificate. Secure connection between client and server is established over HTTPS protocol.

Let’s Encrypt is a CA. In order to get a certificate for your website’s domain from Let’s Encrypt, you have to demonstrate control over the domain. If you don’t have shell access (SSH access) to your web host, you can use Certbot software on your own computer in so called manual mode. In manual mode, you upload a specific file to your website to prove your control. Certbot will then retrieve a cert that you can upload to your hosting provider. Example:

certbot certonly --manual --preferred-challenges=http --email admin@domain.com --agree-tos -d domain.com

When you run command above, Certbot will ask you to put specific file on your website to prove ownership. After it is verified you will get your private key (privkey.pem) and chain/bundle (fullchain.pem). Chain files contains your certificate. To decode your cert you can type

openssl x509 -in certificate.crt -text -noout

or use tool such Online Decoder.

Now you need to send those files to your website administrator to make HTTPS work. Downside of this method is that it is time-consuming and you will need to repeat it several times per year as your cert expires every 90 days.

Categories
linux programming web server

Simple Laravel Docker setup

composer create-project laravel/laravel laravel-app
cd laravel-app
touch .docker/Dockerfile
touch .docker/vhost.conf

Content of Dockerfile:

FROM php:7.3-apache
COPY . /srv/app
COPY .docker/vhost.conf /etc/apache2/sites-available/000-default.conf
RUN chown -R www-data:www-data /srv/app && a2enmod rewrite

Content of vhost.conf:

<VirtualHost *:80>
    DocumentRoot /srv/app/public
    <Directory "/srv/app/public">
        AllowOverride all
        Require all granted
    </Directory>
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Building image:

docker build --file .docker/Dockerfile -t laravel-app .

Running container:

docker run --rm -p 8080:80 laravel-app

Source: BitPress

Categories
programming web server

Docker Compose

Compose is a tool for defining and running multi-container Docker applications. With Compose, you can use YAML file to configure your application’s services. Then, with a single command, you can create and start all the services from your configuration.

  • define your app’s environment with Dockerfile
  • define services (containers with additional stuff) that make up your app in docker-compose.yml
  • run docker-compose up so Compose can start and run your entire app

Commands

docker-compose ps
docker-compose up -d
docker-compose stop
docker-compose down
docker-compose rm [name]
docker-compose build [name]
or docker-compose build --no-cache
docker-compose up -d
docker-compose logs --follow [service_name]
docker-compose exec [service_name] [command]

Source: freeCodeCamp

Categories
linux programming web server

Docker

Containerization is the process of encapsulating software code along with all of its dependencies inside a single package so that it can be run consistently anywhere. Docker is an open source containerization platform. It provides the ability to run applications in an isolated environment known as a container.

Containers are lightweight virtual machines that can run multiple containers simultaneously. Containers can be deployed on servers.

Images are multi-layered self-contained files with necessary instructions to create containers. Containers are runnable instances of images. If we compare images with classes from OOP then containers are the objects. Images are stored in registries such Docker Hub, the default public registry for storing images.

Arch install

pacman -Sy docker docker-compose
systemctl start docker.service
gpasswd -a benke docker
docker info
kitematic

Images commands

docker images
docker image ls
docker rmi [image_id]
docker run [image_id]
docker create [image_id]
docker start [container_id]
docker run [image_id] -d
docker pull [image_id]

Containers commands

docker run -it docker/whalesay cowsay Petar
docker run -it -p 80:80 nginx
docker ps
docker ps -a
docker container ls
docker start [container_id]
docker restart [container_id]
docker exec [container_id] [command]
docker logs [container_id]
docker stop [container_id]
docker rm [container_id]
docker container rm --force [container_id]
docker system prune
docker inspect [container_id] (look for RestartPolicy in the output)
docker update --restart=no [container_id]

Dockerfile

  • FROM
  • WORKDIR
  • COPY
  • RUN
  • EXPOSE
  • ENTRYPOINT
  • CMD

Source: freeCodeCamp

Categories
programming web server

Elastic Stack

Elasticsearch

Search engine that provides full-text search using JSON interface over HTTP protocol. Elasticsearch excels in indexing streams of semi-structured data such as logs or decoded network packets.

Logstash

Data collecting and log-parsing engine.

Beats

Data shippers that you install as agents on your servers to send operational data to Elasticsearch. Beats can send data directly to Elasticsearch or via Logstash for further processing.

Kibana

Visualisation dashboard on top of the content indexed on an Elasticsearch cluster. Kibana is used to search, view and interact with data stored in Elasticsearch indices.

Categories
linux programming web server

Vagrant

Za početak:

git clone <source> ~/projekat
cd ~/projekat
composer update
git clone https://github.com/laravel/homestead.gt ~/Homestead
cd ~/Homestead
git checkout v7.4.2
bash init.sh

Zatim editujemo ~/Homestead/Homestead.yaml u nešto poput ovog:

---
ip: "192.168.10.10"
memory: 2048
cpus: 1
provider: virtualbox

authorize: ~/.ssh/id_rsa.pub

keys:
    - ~/.ssh/id_rsa

folders:
    - map: ~/projekat
      to: /home/vagrant/code

sites:
    - map: projekat.local
      to: /home/vagrant/code/public

databases:
    - homestead

Nakon toga je potrebno dodati zapis u datoteku /etc/hosts:

192.168.10.10 projekat.local

I za kraj iz ~/Homestead direktorijuma pokrećemo virtuelnu mašinu:

vagrant up
Categories
linux programming web server

October CMS instalacija

October CMS možemo instalirati pomoću instalera, što je i preporučljiv način, a možemo i preko Kompozera:

composer create-project october/october projekat
cd projekat
php artisan october:install

Ako instalaciju vršimo preko Kompozera, onda ćemo u datoteci config/cms.php promenljivu disableCoreUpdates da postavimo na true.

Pošto ja imam običaj da projekte držim u svom home direktorijumu i da pravim simboličke linkove u /srv/http/, moraćemo da podesimo dozvole. Kao prvo i osnovno je da sebe dodam u grupu http. Nakon toga mogu ovako da podesim dozvole i da to sve manje-više radi kako treba 🙂

chown -R benke:http projekat/
chown -R http:http projekat/storage/
chmod -R ug+w projekat/

Na ovaj način mogu da menjam kod i iz Atoma i iz October CMS integrisanog editora i da nemam problema sa snimanjem dokumenata.

Categories
interwebs web server

Optimizacija učitavanja sajta

U principu, sve što je potrebno da se uradi da bi se optimizovalo učitavanje sajta se nalazi na Guglovoj stranici PageSpeed Insights ali evo u kratkim crtama šta je sve to:

Slike treba kompresovati kako bi se smanjila količina bajtova. Smanjivanje količine bajtova (informacija o slici) vodi ka degradaciji kvaliteta pa stoga treba naći kompromis između veličine fajla i kvaliteta prikaza. Sajt Optimizilla vam može pomoći oko optimizacije slika. Generalno gledano, JPEG fajlovi su manji od PNG fajlova ali samo ako imamo sliku sa puno nijansi boja i detalja (fotografiju); ako slika više naginje ka crtežu i ima manji broj velikih jednobojnih površina, onda je PNG bolje rešenje.

gzip je format kompresije fajlova koji podržavaju svi moderni brauzeri i u principu se svodi na to da server, kada brauzeru šalje podatke, šalje ih u kompresovanom obliku a onda ih brauzer u letu dekompresuje i prikazuje korisniku bez da ovaj išta primeti sem naravno toga da se stranice brže učitavaju 🙂 Ukoliko veb hosting podržava gzip kompresiju, treba je uključiti kako bi se ubrzalo učitavanje sajta.

Minifikacijom se uklanjaju nepotrebni znaci poput praznina i novih redova iz HTML, CSS i JS koda čime se dobijaju manji fajlovi te se stranice opet brže učitavaju.

Keširanje je proces kojim se fajlovi u određenom periodu čuvaju na klijenstkoj strani i ne dovlače uvek iznova sa servera čime se takođe pozitivno utiče na brže učitavanje sajta.

CDN je mreža servera koja omogućuje krajnjem korisniku da bude bliže vašem sajtu bez obzira u kom se delu sveta on nalazio.

Odlaganje učitavanje sadržaja koji se ne vidi odmah po otvaranju sajta (above the fold) kao i skriptova koji nisu od presudne važnosti.

freeCodecamp

Categories
interwebs web server

Tehnička optimizacija sajta

Pagespeed score

  • uključiti spoljne veze u kompresiju stranice
  • minifikovati skriptove
  • smanjiti broj redirekcija
  • optimizovati slike uključujući i pozivanje slika sa spoljnih veza
  • odložiti učitavanje skriptova

YSlow score

  • dodati u zaglavlju kada ističe fajl
  • smanjiti broj HTTP zahteva ka spoljnim skriptovima
  • komprimovati komponente pomoću gzip
  • koristiti CDN
  • minifikovati skriptove
  • izbegavati preusmeravanje URL adresa
  • izbegavati slanje kolačića za statične sadržaje (slike)
  • smanjiti DNS potraživanja (komponente koje se nalaze na više domena)
Categories
web server

Priručni HTTP server

Podizanje veb servera ako imamo instaliran Pajton

Folder iz kojeg je pokrenut server predstavlja document root. Dakle, prvo je potrebno komandom cd otići do stranica koje želimo da otvorimo u brauzeru. Komandom

python –version

proveravamo koja verzija Pajtone je instalirana. Ako imamo Pajton verzije 2, server se pokreće komandom

python -m SimpleHTTPServer

a ako imamo Pajton verzije 3, onda koristimo komandu

python -m http.server

Nakon što se server pokrene, u brauzeru otvaramo adresu http://localhost:8000 i dobijamo pristup stranicama iz foldera iz kojeg smo pokrenuli server 🙂

Podizanje veb servera ako imamo instaliran npm

Slično kao u prethodnom primeru, prvo pređemo u folder u kojem nam se nalaze stranice koje želimo da otvorimo u brauzeru. Zatim komandom

npm install live-server

instaliramo server a pokrećemo ga sa

./node_modules/.bin/live-server

Nakon što se server pokrene, u brauzeru otvaramo adresu http://127.0.0.1:8080 i dobijamo pristup stranicama iz foldera iz kojeg smo pokrenuli server. Bitna razlika u odnosu na Pajton server je u tome što se ovde prikaz u brauzeru automatski osvežava nakon svake promene u fajlovima što može da ubrza razvoj naše aplikacije.

Dokumentacija: www.npmjs.com/package/live-server

Laravel PHP server

Ako radimo projekat u Laravelu, možemo iz osnovnog direktorijuma projekta da pokrenemo server komandom

php artisan serve

Adresa je http://127.0.0.1:8000.