April 30th, 2017 Admin
I won’t discuss here why you would want to use Let’s Encrypt Certificates, but 3 of the main reasons for me are:
- Certificates are free
- Certificates are automatically updated. So it becomes a set and forget affair. No more fiddling around every 1, 2 or 3 years.
- Automatic updates are done every 3 months. So the certificates are always fresh.
And now for the setup on a fully up-to-date Sentora Centos 6.7 server
Run
yum -y install mod_ssl wget nc netcat; wget -O - https://get.acme.sh | sh
This will install the stand alone certificate management software, that will get and update your certificates from Let’s Encrypt
This is how you use it (issue a certificate for example.com where the http site files are actually located in /home/wwwroot/example.com):
/root/.acme.sh/acme.sh --issue -d example.com -w /home/wwwroot/example.com
There will be an output containing a variety of information you will need to configure APACHE. Keep it.
Then just add this to your crontab:
So your certificates will be automatically updated/renewed
vim /etc/crontab
34 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
Now the APACHE setup
If you have SSL enabled on your Sentora admin panel disable it and see below how to integrate it again.
Add this to
# Custom SSL Apache config
Include /etc/zpanel/configs/apache/httpd-ssl-vhosts.conf
to:
vim /etc/sentora/configs/apache/httpd.conf
create the file:
vim /etc/zpanel/configs/apache/httpd-ssl-vhosts.conf
And fill it with the details for your sites like this (Hint: You will find this in /etc/zpanel/configs/apache/httpd-vhosts.conf):
# This is need only once for multiple SSL/https virtual hosts
NameVirtualHost *:443
# DOMAIN: example.com
<virtualhost *:443>
ServerName example.com
ServerAdmin admin@example.com
DocumentRoot "/var/sentora/hostdata/zadmin/public_html/example_com"
php_admin_value open_basedir "/var/sentora/hostdata/zadmin/public_html/example_com:/var/sentora/temp/"
php_admin_value suhosin.executor.func.blacklist "passthru, show_source, shell_exec, system, pcntl_exec, popen, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, escapeshellcmd, escapeshellarg, exec"
ErrorLog "/var/sentora/logs/domains/zadmin/example.com-error.log"
CustomLog "/var/sentora/logs/domains/zadmin/example.com-access.log" combined
CustomLog "/var/sentora/logs/domains/zadmin/example.com-bandwidth.log" common
<Directory "/var/sentora/hostdata/zadmin/public_html/example_com">
Options +FollowSymLinks -Indexes
AllowOverride All
Order Allow,Deny
Allow from all
</Directory>
AddType application/x-httpd-php .php3 .php
ErrorDocument 500 /_errorpages/500.html
ErrorDocument 403 /_errorpages/403.html
ErrorDocument 510 /_errorpages/510.html
ErrorDocument 404 /_errorpages/404.html
DirectoryIndex index.html index.htm index.php index.asp index.aspx index.jsp index.jspa index.shtml index.shtm
# Custom Global Settings (if any exist)
RewriteEngine on
RewriteOptions inherit
# Custom VH settings (if any exist)
SSLEngine On
SSLCertificateFile /etc/ssl/certs/domain_name.com/domain_name_com.crt
SSLCertificateKeyFile /etc/ssl/certs/domain_name.com/domain_name_com.key
SSLCACertificateFile /etc/ssl/certs/domain_name.com/gs_root.pem
SSLCertificateChainFile /etc/ssl/certs/domain_name.com/gs_intermediate_ca.crt
</virtualhost>
# END DOMAIN: example.com
And now you can add the details for Sentora panel again and re-enable the redirection to ssl for the panel:
# This is need only once for multiple SSL/https virtual hosts
NameVirtualHost *:443
#Configuration for Sentora control panel.
<VirtualHost *:443>
ServerAdmin admin@blue.net.au
DocumentRoot "/etc/sentora/panel/"
ServerName sentorapanel.example.com
ErrorLog "/var/sentora/logs/sentora-error.log"
CustomLog "/var/sentora/logs/sentora-access.log" combined
CustomLog "/var/sentora/logs/sentora-bandwidth.log" common
AddType application/x-httpd-php .php
<Directory "/etc/sentora/panel/">
Options +FollowSymLinks -Indexes
AllowOverride All
Order allow,deny
Allow from all
</Directory>
# Custom settings are loaded below this line (if any exist)
SSLEngine On
SSLCertificateFile /root/.acme.sh/sentorapanel.example.com/sentorapanel.example.com.cer
SSLCertificateKeyFile /root/.acme.sh/sentorapanel.example.com/sentorapanel.example.com.key
SSLCACertificateFile /root/.acme.sh/sentorapanel.example.com/ca.cer
SSLCertificateChainFile /root/.acme.sh/sentorapanel.example.com/fullchain.cer
</VirtualHost>
# END Configuration for Sentora control panel.
# DOMAIN: example.com
<virtualhost *:443>
ServerName example.com
ServerAdmin admin@example.com
DocumentRoot "/var/sentora/hostdata/zadmin/public_html/example_com"
php_admin_value open_basedir "/var/sentora/hostdata/zadmin/public_html/example_com:/var/sentora/temp/"
php_admin_value suhosin.executor.func.blacklist "passthru, show_source, shell_exec, system, pcntl_exec, popen, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, escapeshellcmd, escapeshellarg, exec"
ErrorLog "/var/sentora/logs/domains/zadmin/example.com-error.log"
CustomLog "/var/sentora/logs/domains/zadmin/example.com-access.log" combined
CustomLog "/var/sentora/logs/domains/zadmin/example.com-bandwidth.log" common
<Directory "/var/sentora/hostdata/zadmin/public_html/example_com">
Options +FollowSymLinks -Indexes
AllowOverride All
Order Allow,Deny
Allow from all
</Directory>
AddType application/x-httpd-php .php3 .php
ErrorDocument 500 /_errorpages/500.html
ErrorDocument 403 /_errorpages/403.html
ErrorDocument 510 /_errorpages/510.html
ErrorDocument 404 /_errorpages/404.html
DirectoryIndex index.html index.htm index.php index.asp index.aspx index.jsp index.jspa index.shtml index.shtm
# Custom Global Settings (if any exist)
RewriteEngine on
RewriteOptions inherit
# Custom VH settings (if any exist)
SSLEngine On
SSLCertificateFile /etc/ssl/certs/domain_name.com/domain_name_com.crt
SSLCertificateKeyFile /etc/ssl/certs/domain_name.com/domain_name_com.key
SSLCACertificateFile /etc/ssl/certs/domain_name.com/gs_root.pem
SSLCertificateChainFile /etc/ssl/certs/domain_name.com/gs_intermediate_ca.crt
</virtualhost>
# END DOMAIN: example.com
You might also want to redirect all traffic to your https now.
Put this into your .htaccess file:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Posted in Uncategorized | Comments Off on Sentora virtual domains SSL setup – Let’s Encrypt Certificates
February 23rd, 2017 Athan Villaflor
When you have missed the chance to renew your domain, there is a big possibility that your domain will be registered by companies whose business is to buy available and expired domains to sell them for a higher price when another requires those domain names, usually the previous owner. You do not have to worry about your website content and files though, as it is only the domain name that has been acquired.
The only way to avoid this is to renew your domain before it expires. But if you missed the renewal, here are some options to retrieve the ownership of your domain:
1. Buy the domain back from the new registrant but expect a higher price.
2. You may go to https://www.auda.org.au/ to go against the new registrant. This site is the registration authority for the .au domain space.
If you opted not to do the above methods, you may have to wait until the domain expires again, which most likely will be in two years since the new registrant might drop the domain quickly if no one is interested in buying it from them.
Alternatively, you can register a new domain which is almost identical to your previous domain. Example, if the domain name is blue.net.au, you may register blue.org.au. If it is blue88.com.au, you may register blue-88.com.au as long as it is available. We can get your website to work on the new domain within minutes. Once completed, you do not have to pay SEO companies to submit your website to search engine companies. Below is a good guide about this.
http://www.seomark.co.uk/submit-website-to-search-engines/
You may submit your website to search engines in this link.
http://www.entireweb.com/free_submission/
Of course, it is always better to monitor and make sure your domains are renewed properly and on time. We hope that this information may provide useful to you in the future.
Posted in Uncategorized | Comments Off on Expired domains
July 2nd, 2015 Admin
NAME
rdesktop – Remote Desktop Protocol client
SYNOPSIS
rdesktop [options] server[:port]
DESCRIPTION
rdesktop is a client for Remote Desktop Protocol (RDP), used in a
number of Microsoft products including Windows NT Terminal Server,
Windows 2000 Server, Windows XP and Windows 2003 Server.
OPTIONS
-u <username>
Username for authentication on the server.
-d <domain>
Domain for authentication.
-s <shell>
Startup shell for the user – starts a specific application
instead of Explorer.
-c <directory>
The initial working directory for the user. Often used in
combination with -s to set up a fixed login environment.
-p <password>
The password to authenticate with. Note that this may have no
effect if “Always prompt for password” is enabled on the server.
WARNING: if you specify a password on the command line it may be
visible to other users when they use tools like ps. Use -p – to
make rdesktop request a password at startup (from standard
input).
-n <hostname>
Client hostname. Normally rdesktop automatically obtains the
hostname of the client.
-k <keyboard-map>
Keyboard layout to emulate. This requires a corresponding
keymap file to be installed. The standard keymaps provided with
rdesktop follow the RFC1766 naming scheme: a language code
followed by a country code if necessary – e.g. en-us, en-gb,
de, fr, sv, etc.
The default keyboard map depends on the current locale (LC_* and
LANG environment variables). If the current locale is unknown,
the default keyboard map is en-us (a US English keyboard).
The keyboard maps are file names, which means that they are case
sensitive. The standard keymaps are all in lowercase.
The keyboard maps are searched relative to the directories
$HOME/.rdesktop/keymaps, KEYMAP_PATH (specified at build time),
and $CWD/keymaps, in this order. The keyboard-map argument can
also be an absolute filename.
The special value ‘none’ can be used instead of a keyboard map.
In this case, rdesktop will guess the scancodes from the X11
event key codes using an internal mapping method. This method
only supports the basic alphanumeric keys and may not work
properly on all platforms so its use is discouraged.
-g <geometry>
Desktop geometry (WxH). If geometry is the special word
“workarea”, the geometry will be fetched from the extended
window manager hints property _NET_WORKAREA, from the root
window. The geometry can also be specified as a percentage of
the whole screen, e.g. “-g 80%”.
-f Enable fullscreen mode. This overrides the window manager and
causes the rdesktop window to fully cover the current screen.
Fullscreen mode can be toggled at any time using Ctrl-Alt-Enter.
-b Force the server to send screen updates as bitmaps rather than
using higher-level drawing operations.
-A Enable SeamlessRDP. In this mode, rdesktop creates a X11 window
for each window on the server side. This mode requires the
SeamlessRDP server side component, which is available from
http://www.cendio.com/seamlessrdp/. When using this option, you
should specify a startup shell which launches the desired
application through SeamlessRDP.
Example: rdesktop -A -s ’seamlessrdpshell notepad’.
-B Use the BackingStore of the Xserver instead of the integrated
one in rdesktop.
-e Disable encryption. This option is only needed (and will only
work) if you have a French version of NT TSE.
-E Disable encryption from client to server. This sends an
encrypted login packet, but everything after this is unencrypted
(including interactive logins).
-m Do not send mouse motion events. This saves bandwidth, although
some Windows applications may rely on receiving mouse motion.
-C Use private colourmap. This will improve colour accuracy on an
8-bit display, but rdesktop will appear in false colour when not
focused.
-D Hide window manager decorations, by using MWM hints.
-K Do not override window manager key bindings. By default
rdesktop attempts to grab all keyboard input when it is in
focus.
-S <button size>
Enable single application mode. This option can be used when
running a single, maximized application (via -s). When the
minimize button of the windows application is pressed, the
rdesktop window is minimized instead of the remote application.
The maximize/restore button is disabled. For this to work, you
must specify the correct button size, in pixels. The special
word “standard” means 18 pixels.
-T <title>
Sets the window title. The title must be specified using an
UTF-8 string.
-N Enable numlock syncronization between the Xserver and the remote
RDP session. This is useful with applications that looks at the
numlock state, but might cause problems with some Xservers like
Xvnc.
-X <windowid>
Embed rdesktop-window in another window. The windowid is
expected to be decimal or hexadecimal (prefixed by 0x).
-a <bpp>
Sets the colour depth for the connection (8, 15, 16 or 24).
More than 8 bpp are only supported when connecting to Windows XP
(up to 16 bpp) or newer. Note that the colour depth may also be
limited by the server configuration. The default value is the
depth of the root window.
-z Enable compression of the RDP datastream.
-x <experience>
Changes default bandwidth performance behaviour for RDP5. By
default only theming is enabled, and all other options are
disabled (corresponding to modem (56 Kbps)). Setting experience
to b[roadband] enables menu animations and full window dragging.
Setting experience to l[an] will also enable the desktop
wallpaper. Setting experience to m[odem] disables all (including
themes). Experience can also be a hexidecimal number containing
the flags.
-P Enable caching of bitmaps to disk (persistent bitmap caching).
This generally improves performance (especially on low bandwidth
connections) and reduces network traffic at the cost of slightly
longer startup and some disk space. (10MB for 8-bit colour,
20MB for 15/16-bit colour and 30MB for 24-bit colour sessions)
-r <device>
Enable redirection of the specified device on the client, such
that it appears on the server. Note that the allowed
redirections may be restricted by the server configuration.
Following devices are currently supported:
-r comport:<comport>=<device>,…
Redirects serial devices on your client to the server. Note that
if you need to change any settings on the serial device(s), do
so with an appropriate tool before starting rdesktop. In most
OSes you would use stty. Bidirectional/Read support requires
Windows XP or newer. In Windows 2000 it will create a port, but
it’s not seamless, most shell programs will not work with it.
-r disk:<sharename>=<path>,…
Redirects a path to the share \\tsclient\<sharename> on the
server (requires Windows XP or newer). The share name is limited
to 8 characters.
-r lptport:<lptport>=<device>,…
Redirects parallel devices on your client to the server.
Bidirectional/Read support requires Windows XP or newer. In
Windows 2000 it will create a port, but it’s not seamless, most
shell programs will not work with it.
-r printer:<printername>[=<driver>],…
Redirects a printer queue on the client to the server. The
<printername> is the name of the queue in your local system.
<driver> defaults to a simple PS-driver unless you specify one.
Keep in mind that you need a 100% match in the server
environment, or the driver will fail. The first printer on the
command line will be set as your default printer.
-r sound:[local|off|remote]
Redirects sound generated on the server to the client. “remote”
only has any effect when you connect to the console with the -0
option. (Requires Windows XP or newer).
-r lspci
Activates the lspci channel, which allows the server to
enumerate the clients PCI devices. See the file lspci-
channel.txt in the documentation for more information.
-r scard[:<Scard Name>=<Alias Name>[;<Vendor Name>][,…]]
Enables redirection of one or more smart-cards. You can provide
static name binding between linux and windows. To do this you
can use optional parameters as described: <Scard Name> – device
name in Linux/Unix enviroment, <Alias Name> – device name shown
in Windows enviroment <Vendor Name> – optional device vendor
name. For list of examples run rdesktop without parameters.
-0 Attach to the console of the server (requires Windows Server
2003 or newer).
-4 Use RDP version 4.
-5 Use RDP version 5 (default).
Posted in Raspberry Pi (RPi), Uncategorized | Comments Off on rDesktop options