Running Bitnami LAMP stack in HyperV

September 21, 2014 Leave a comment

Bitnami has several nice prebuilt linux machines that is very useful for quick deploy.

 

In order to make it easier, you just need to setup a base image for the Bitnami LAMP stack VM

 

Download these first

Bitnami LAMP Stack: Goto https://bitnami.com/stack/lamp and grab the vmware virtual machine image

Microsoft Virtual Machine Converter Solution Accelerator 2.0: Goto http://www.microsoft.com/en-sg/download/details.aspx?id=42497 and grab the msi file

 

Convert VMDK to VHD

Run an administrative powershell instance and run the following 2 commands

# Import the MVMC cmdlets
Import-Module ‘C:\Program Files\Microsoft Virtual Machine Converter\MvmcCmdlet.psd1’

 

#Convert the VMDK to VHDX

ConvertTo-MvmcVirtualHardDisk -SourceLiteralPath bitnami-lampstack-5.4.32-0-ubuntu-14.04.vmdk -DestinationLiteralPath bitnami-lampstack-5.4.32-0-ubuntu-14.04.vhdx -VhdType DynamicHardDisk -VhdFormat Vhdx

 

Once the conversion is complete, use the HyperV –> Edit Disk function to compact the VHDX to save space

Create HyperV VM

Once done, just create a normal VM, there is no need to restrict yourself to the legacy network adapters, the new one works fine

 

image

 

Setting up your bitnami VM

Follow the guide found at http://wiki.bitnami.com/Virtual_Appliances_Quick_Start_Guide

 

You can also refer to http://jefferytay.wordpress.com/2014/09/20/common-setup-commands-for-ubuntu-12-x-onwards/ for some of the more administrative functions

 

Updating Integration Services

Issue the following command: sudo pico /etc/initramfs-tools/modules

 

Add these 4 items to the end of the file

hv_vmbus
hv_storvsc
hv_blkvsc
hv_netvsc

image

Now rebuild the boot image

sudo update-initramfs –u

image

The guest OS needs to be rebooted:

sudo shutdown -r now

After the virtual machine reboots, run the following command to check if the modules are enabled:

lsmod

image

Categories: HyperV

Common Setup Commands for Ubuntu 12.x onwards

September 20, 2014 Leave a comment

To change the hostname of the machine
sudo nano /etc/hostname

sudo nano /etc/hosts

To change the IP Address of the machine

sudo vi /etc/network/interfaces

auto eth0
iface eth0 inet static
        address 192.168.1.100
        netmask 255.255.255.0
        network 192.168.1.0
        broadcast 192.168.1.255
        gateway 192.168.1.1
        dns-nameservers 8.8.8.8 8.8.4.4

sudo /etc/init.d/networking restart

To change the account password

passwd

To shutdown the machine

sudo shutdown –h 0

 

To install and enable openssh

sudo apt-get update
sudo apt-get install openssh-server
sudo ufw allow 22

 

sudo nano /etc/ssh/sshd_config
# line 28: uncomment and change ‘no’
# default setting "without-password" means that root login is permited but require keys authentication
PermitRootLogin no

 

sudo initctl restart ssh

Categories: Ubuntu

Seafile end to end encryption for encrypted libraries (v3)

May 11, 2014 Leave a comment

Rephrased from https://seacloud.cc/group/3/wiki/faq-for-security-features/ and https://github.com/haiwen/seafile/wiki/Seafile-server-components-overview

FYI, encryption used are all symmetric

Master Key
When you create an encrypted library, a random file key (master key) is generated. This master key is the main key that is used to encrypt and decrypt the files and this key has NOTHING to do with your password, and is not stored anywhere in the system. As long as you can get this key, your access to the data is confirmed! There is also no known way to change this easily.

Enc Master Key
The password you entered is used to encrypt the master key (enc master key) , this data is stored in the server to send out to the clients in order to derive the actual file key by decrypting with the password.
I.e master key enc master key

Web Browsers (8000, 8082)
For browsers and all access thru http protocols (inc mobile devices) the enc master key and encrypted data is sent to the client/server and the client/server will do the neccessary decryption to get the file key which is then used to decrypt the encrypted data to get the actual file. For mobile apps, it seems the file key is also stored in the app data.

cc net (10001) and seaf daemon (12001)
A magic token is generated from the library id and password and stored on the server. This is used to confirm the password is correct. Once it is confirmed, the master key is stored on the client.

summary
Although no passwords are stored anywhere, this does not really matter since all it does is to decrypt the encrypted master key, what really matters is the file key, which unfortunately seems to be stored on both the client as well as mobile app, quite possibly in an unencrypted format.

So while the sys admin is not able to your files. Should your devices be compromised, the hackers potentially have access to your file key which will unlock the files when they request it from 8082 which does not need any form of authentication.

Categories: Uncategorized

Windows Server Storage Spaces–Auto attach disk

May 8, 2014 Leave a comment

Sometimes when you reformat a server, the volume in the storage spaces is not auto attached.

 

to set it to automatically load use the following powershell

Set-VirtualDisk -FriendlyName Mirror -IsManualAttach 0

Categories: Windows Server

Enabling HTTPS for Seafile (Windows)

May 7, 2014 36 comments

EDIT: Video tutorial can be found at http://www.youtube.com/watch?v=HRNCpR_mSSs&feature=youtu.be

While there has been documentation on how to enable HTTPS for seafile in *nix environment. There is no documentation for doing this on windows.   Looking at the nginx implementation, it is essentially doing a reverse proxy. This is something that IIS+URL Rewrite can easily achieve!   Before we proceed, take a look and understand the reverse proxy requirements found at https://github.com/haiwen/seafile/wiki/Enable-Https-on-Seafile-web-with-nginx   I will not go into steps on how to generate your own SSL cert, but rather focus on how to use IIS to reverse proxy the necessary ports.   Requirements

  1. Standard implementation of seafile ONLY
    1. ie seafile listens on the following port: 8000, 8082, 10001, 12001
  2. HTTP requests to port 80 will be redirected to HTTPS calls on port 443
  3. HTTPS requests on port 443 will be treated as follows
    1. if it starts with seafhttp, send it to seafile port 8082
    2. otherwise send it to seafile port 8000

Step by Step Guide

  1. Install seafile on the server
  2. Install IIS with default options
  3. Run IIS Manager image
  4. Install Web Platform Installer (WebPI)
  5. Inside WebPI, install URLRewrite
  6. Create 2 websites, pointing to separate physical folders. Ensure the https website is associated with a valid SSL certificate image
  7. Edit the web.config for the HTTP site

    <?xml version=”1.0″ encoding=”UTF-8″?> <configuration> <system.webServer> <rewrite> <rules> <rule name=”Redirect to HTTPS” stopProcessing=”true”> <match url=”(.*)” /> <action type=”Redirect” url=”https://{HTTP_HOST}/{R:1}” /> </rule> </rules> </rewrite> </system.webServer> </configuration>

  8. Edit the web.config for the HTTPS site

    <configuration> <system.webServer> <rewrite> <rules> <rule name=”seafhttp” stopProcessing=”true”> <match url=”seafhttp/(.*)” /> <action type=”Rewrite” url=”http://127.0.0.1:8082/{R:1}” appendQueryString=”false” logRewrittenUrl=”true” /> </rule> <rule name=”Reverse Proxy” patternSyntax=”ECMAScript” stopProcessing=”true”> <match url=”(.*)” /> <!– Redirect all requests to non-HTTPS site. –> <action type=”Rewrite” url=”http://localhost:8000/{R:1}” logRewrittenUrl=”true” /> </rule> </rules> </rewrite> </system.webServer> </configuration>

  9. Enjoy a secure version of seafile :)
Categories: General, Hacking, IIS

Disabling/Removing IIS Shared Configuration

March 1, 2014 Leave a comment

 

If you are using IIS Shared Configuration and changed the password for the account accessing the file path, you might encounter the following error

The World Wide Web Publishing Service service depends on the Windows Process Activation Service service which failed to start because of the following error:
The user name or password is incorrect.

The Windows Process Activation Service service terminated with the following error:
The user name or password is incorrect.

Windows Process Activation Service (WAS) is stopping because it encountered an error. The data field contains the error number.

 

Internet Information Services (IIS) Manager will also start with a weird error message and then prompts you to login

 

All these points to an inability to access the shared configuration

 

How to resolve?

 

  1. Stop IIS (iisreset /stop)
  2. Goto C:\Windows\System32\inetsrv\config
    image
  3. Open redirection.config inside notepad
    image
  4. Change the <configurationRedirection> part to <configurationRedirection />
  5. Start IIS again (iisreset)
Categories: IIS, Windows Server

Windows 8.x–Disable Hibernation and Sleep

January 17, 2014 Leave a comment

To turn off either one, first start an administrator mode command prompt

and then type the required commands

 

#turn off hibernate
powercfg /H off

#disable sleep
powercfg -change -standby-timeout-ac 0

 

image

Categories: General
Follow

Get every new post delivered to your Inbox.