Author Archives: Simon

3ware Raid Controller Switch of autoverify

To Switch of the autoverify feature on a 3ware controller which can be a real performance killer do the following:

First check the current status:

tw_cli /c0/u0 show autoverify
/c0/u0 Auto Verify Policy = on

As you can see the autoverify feature is on Auto Verify Policy = on. If your raid controller is also c0 and you unit is u0 you may use the following command. Please check this first with the command:

tw_cli /c0 show

Do not just copy and paste. If c0 doesn’t work try a higher number it depends on which pci slot your controller is in.

tw_cli /c0/u0 set autoverify=off
Setting Auto-Verify Policy on /c0/u0 to [off] ... Done.

Check the autoverify settings:

tw_cli /c0/u0 show autoverify
/c0/u0 Auto Verify Policy = off

That’s it no more autoverify. Please make sure to check you raid status regularly to detect problems.

Activate Webdav in Plesk

The Plesk interface does not support the webdav protocol. But Apache does support webdav. Webdav can be used as an iDisk under MacOS X. Webdav can also be used with Linux or Windows. Here are the steps to get webdav up and running. These instructions should work on Debian based system. But similar commands should work with all major Linux distributions:

First activate the webdav Apache modules and restart apache:

a2enmod dav
a2enmod dav_fs
service apache2 restart

Then create a vhost config for the domain you are using adding webdav. Please replace domain.tld with you domain. And check the directory line:

vi /var/www/vhosts/domain.tld/conf/vhost.conf

<Directory /var/www/vhosts/domain.tld/httpdocs>
DAV on
</Directory>

To get Plesk to include our custom configuration we must reconfigure the domain with the httpdmng.

/usr/local/psa/admin/sbin/httpdmng --reconfigure-domain domain.tld

This will make Plesk include the file vhost.conf in our Apache configuration adding the webdav directive.

You should be able to connect to the web share (webdav) now. Using the user name and password of the domain user in Plesk. You can either use the MacOS X finder (connect to server). Or you can also connect through most Linux desktops using Nautilus for example. If you experience any problems writing to the share. You may need to change the permissions on the folder so that the Apache user has write permissions:

chown -R www-data:www-data /var/www/vhosts/domain.tld/httpdocs/

Thats it you have created your own web share.

OpenDNS Server

Google’s Public DNS Servers in case you need a public uncensored DNS server you can use these:

8.8.8.8
8.8.4.4

Here is my resolv.conf with the open DNS servers:

nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver 94.75.228.2
nameserver 80.237.196.2

The last two are also open DNS Servers but not from Google.

Plesk Change PHP Admin Values and Rebuild Vhost Config

Create a file called “vhost.conf” in the directory “/var/www/vhosts/example.com/conf/”

<Directory /var/www/vhosts/example.com/httpdocs>
php_admin_value safe_mode off
php_admin_flag register_globals on
</Directory>

Rebuild the domain config for the particular vhost with:

/usr/local/psa/admin/sbin/httpdmng --reconfigure-domain example.com

Or rebuild all vhosts if you changed more than one with:

/usr/local/psa/admin/sbin/httpdmng --reconfigure-all

You can also change other settings this way here are some examples:

php_admin_value post_max_size 20M
php_admin_value upload_max_filesize 20M
php_admin_value open_basedir none

Plesk panel 404 /relay after upgrade

After upgrading a plesk install yesterday. From 10.1 to 10.3.1 the admin panel started redirecting me from myserver.com:8443 to myserver.com:8443/relay. Which resulted in a 404 error with no plesk panel. During the upgrade plesk must have activated the sso component which stopped the webinterface from working. To fix this issue do the following:

/usr/local/psa/bin/sso --disable

Update a Mysql password field with an MD5 string

One of our servers had a database with quite a lot of ftp users using there username as there password. To get rid of that problem i did the following. Make sure to backup you databases first. Now find out how many users there are with userid=passwd.

This select will show you which users have a userid field equal to the passwd field not a good idea.

select * from ftpuser where userid=passwd;

This update statement will update all of these users and set a random MD5 string as there password.

update ftpuser set passwd=MD5(RAND()) where userid=passwd;

This will only work with clear text passwords.

frequently used SSL commands

generate a new private key and matching Certificate Signing Request (eg to send to a commercial CA)
openssl req -out MYCSR.csr -pubkey -new -keyout MYKEY.key

-add -nodes to create an unencrypted private key
-add -config if your config file has not been set in the environment

decrypt private key

openssl rsa -in MYKEY.key >> MYKEY-NOCRYPT.key

generate a certificate siging request for an existing private key

openssl req -out MYCSR.csr -key MYKEY.key -new

generate a certificate signing request based on an existing x509 certificate

openssl x509 -x509toreq -in MYCRT.crt -out MYCSR.csr -signkey MYKEY.key

create self-signed certificate (can be used to sign other certificates)

openssl req -x509 -new -out MYCERT.crt -keyout MYKEY.key -days 365

sign a Certificate Signing Request
openssl x509 -req -in MYCSR.csr -CA MY-CA-CERT.crt -CAkey MY-CA-KEY.key -CAcreateserial -out MYCERT.crt -days 365

-days has to be less than the validity of the CA certificate

convert DER (.crt .cer .der) to PEM

openssl x509 -inform der -in MYCERT.cer -out MYCERT.pem

convert PEM to DER

openssl x509 -outform der -in MYCERT.pem -out MYCERT.der

convert PKCS#12 (.pfx .p12) to PEM containing both private key and certificates

openssl pkcs12 -in KEYSTORE.pfx -out KEYSTORE.pem -nodes

add -nocerts for private key only; add -nokeys for certificates only

convert (add) a seperate key and certificate to a new keystore of type PKCS#12

openssl pkcs12 -export -in MYCERT.crt -inkey MYKEY.key -out KEYSTORE.p12 -name "tomcat"
check a private key

openssl rsa -in MYKEY.key -check

add -noout to not disclose the key

check a Certificate Signing Request

openssl req -text -noout -verify -in MYCSR.csr

check a certificate

openssl x509 -in MYCERT.crt -text -noout
check a PKCS#12 keystore

openssl pkcs12 -info -in KEYSTORE.p12

check a trust chain of a certificate

openssl verify -CAfile MYCHAINFILE.pem -verbose MYCERT.crt

-to check for server usage: -purpose sslserver
-to check for client usage: -purpose sslient