LinuxWebLog.com

1. Convert key and cert to a single pkcs12 format.
   openssl pkcs12 -export -inkey <pathto>/key.txt -in <pathto>/cert.txt -out cert.pkcs12

2. Remove existing tomcat aliased PrivateKeyEntry from cacerts.
   keytool -delete -alias tomcat -keystore <pathto>/cacerts

3. Use java-1.6 keytools to import PKCS12 keystoretype into existing cacerts keystore file.
   keytool -importkeystore -destkeystore cacerts -srckeystore cert.pkcs12 -srcstoretype PKCS12

4. Note the alias of the newly imported PrivateKeyEntry, which would normally be 1.
   keytool -list -keystore <pathto>/cacerts | grep PrivateKeyEntry

5. Change the alias to tomcat.
   keytool -changealias -alias 1 -destalias tomcat -keystore <pathto>/cacerts

Embed the captcha image by calling a php script in "contact_us.php":

Edit contact_us.php file and exactly after the below line:

place the verification code:

To support C/C++ 32 bit development libraries on CentOS-5.2 x86_64 arch the below devel packages are required:

Below is example output of multilib support for gcc:

Helper script to create users on all OpenVZ VEs simultaneously:

If you manage several OpenVZ containers, here is a simple bash script to keep the OpenVZ containers upto date.

Following the instruction over at OpenVZ Wiki, I've had no problems with the installation and creation of templates prior to CentOS-5.2 on x86_64 systems. However, with the latest set of updates to CentOS-5.2, the vzpkgcache seems to have been broken as sysklogd is no longer being installed by default. Below is how I got it to work:

Note: edit /vz/template/centos/5/x86_64/config/minimal.list and append .x86_64 to all except for the addons packages. Then run:

which gives the below error at the end:

The solution was to edit "/vz/template/centos/5/x86_64/config/install-post" and set syslog and syslog.conf sed replacements with exit status of "0".

I've had to reduce the logical volume that was alloted for mysql data from 8GB to 4GB, which was a breeze with e2fsadm available for lvm1 on RHEL-3 .

Stop the running serivces using the volume:

e2fsadm will reduce the filesystem and then the logical volume.

Check with df, which should now show the new volume size:

Start the running serivces using the volume:

Note: e2fsadm is not available in lvm2 and will need to reduce in two steps:

1. Reduce the filesystem residing on the logical volume.
2. Reduce the logical volume.

The default install of ffmpeg on Ubuntu Dapper does not come with support for encoding mp3. I had to get the source and re-compile with mp3 support using lame as the encoder.

Make sure you have multiverse and universe enabled.

1. Increase the NUMIPTENT values in VE conf file to 1000 on the host:
   
   NUMIPTENT="1000:1000";
2. Edit "/etc/sysconfig/vz" on the host:
   
   IPTABLES="ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ip_conntrack_ftp ip_conntrack_irc ipt_owner ipt_length ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp ipt_recent"
3. Make sure the above modules are loaded on the host, so it would help if you have APF on the host as well.
   
4. Restart the VE
   
   # vzctl restart <VEID>
5. It is normal to get ipt_recent error as below:
   
   Warning: Unknown iptable module: ipt_recent, skipped

   You can verify the modules loaded via:
   

   # vzctl exec <VEID> grep ipt_recent /proc/net/ip_tables_matches

   Note: ipt_recent is required for passive ftp to work, else... will need to specify passive ftp ports in ftp conf file and open those ports via apf as well.

6. Here is a typical apf config on a VE with CentOS-5 running ISPConfig.
   DEVEL_MODE="0"
IFACE_IN="venet0"
IFACE_OUT="venet0"
IFACE_TRUSTED=""r />SET_MONOKERN="1"r />IG_TCP_CPORTS="21,22,25,53,80,81,110,143,443" />IG_UDP_CPORTS="53"
EGF="1"
EG_TCP_CPORTS="21,25,80,443,43"
EG_UDP_CPORTS="20,21,53"

Yales' CAS client attempts to verify the service ticket it received from CAS, and when it tries to connect to the CAS server, it encounters SSL handshake error caused by using a self-signed SSL certificate on the CAS server. The Java process running tomcat does not trust the certificate presented by the CAS server. This is part of Java security.

A work around the issue would be to tell Java to trust the self-signed certificate as below:

Use the below command to list: