How to clear DNS cache on dd-wrt?

My router is flashed with dd-wrt which uses the dnsmaq daemon.

About dnsmasq? 

dnsmasq is a lightweight DNS, TFTP and DHCP server. It is intended to provide coupled DNS and DHCP service to a LAN. Dnsmasq accepts DNS queries and either answers them from a small, local, cache or forwards them to a real, recursive, DNS server. 

To flush out dns cache the dnsmasq daemon has to be restarted.

Login to the router terminal and run commands

# stopservice dnsmasq

# startservice dnsmasq

 

Continue Reading...

python3 [virtualenvwrapper] : set up virtualenv in ubuntu LTS

Setting up virtual environment in ubuntu lts.

• Installing virtualenv: Install into user folder instead of system wide

sudo apt-get install python3-pip

python3 -m pip install --user virtualenvwrapper

• Config virtualenvwrapper

nano ~/home/username/.bashrc

• Add below lines to .bashrc

#setup virtualenv

export WORKON_HOME=$HOME/.virtualenvs

export ROJECT_HOME=$HOME/Devel

export VIRTUALENVWRAPPER_PYTHON = /usr/bin/python3

export VIRTUALENVWRAPPER_SCRIPT=/home/username/.local/bin/virtualenvwrapper.sh

source /home/username/.local/bin/virtualenvwrapper.sh

• Enable config 

source ~/.bashrc

• For below error or screenshot :  export VIRTUALENVWRAPPER_PYTHON=/usr/bin/virtualenvwrapper.sh

/usr/bin/python: No module named virtualenvwrapper

virtualenvwrapper.sh: There was a problem running the initialization hooks.

If python could not import the module virtualenvwrapper.hook_loader,

check that virtualenvwrapper has been installed for 

VIRTUALENVWRAPPER_PYTHON=/usr/bin/python and that python is set properly.

• Quick-Start

Run: workon

A list of environments, empty, is printed.

Run: mkvirtualenv temp

A new environment, temp is created and activated.

Run: workon

This time, the temp environment is included.

Ref: https://virtualenvwrapper.readthedocs.io/en/latest/install.html#basic-installation

Continue Reading...

Mysql (adminer) : error "Access denied for user 'root'@'localhost'(using password :yes)

•  Server

 ubuntu 18.04LTS

• Mysql 

mysql-server v5.7

• Error: 

• edit mysql config file

sudo nano /etc/mysql/my.cnf

• Add to my.cnf

[mysqld]

skip-grant-tables

• restart mysql

sudo systemctl restart mysql

• login to mysql and run command

$ mysql -u root 

UPDATE mysql.user SET authentication_string=PASSWORD('YOURNEWPASSWORD'), plugin='mysql_native_password' WHERE User='root';

exit;

• disable the added lines from my.cnf

#[mysqld]

#skip-grant-tables

• Restart mysql 

sudo systemctl restart mysql

• Run mysql_secure_installation and set 'y' for all options

sudo mysql_secure_installation

• check login to mysql 

mysql -u root -p  

Now login to mysql as user root with new password must be possible.

Continue Reading...

Apache2 : Setup https with self signed certificate and redirect http to https

Note : Internet Browser will issue warning  on self signed certificates.

Self signed secure socket layer (TLS/SSL) certificate, to enable https on apache2 server. Even though the server is on lan, security is a concern when there is a large group of nodes. A zero cost self signed certificate is generated and all http request is rerouted to https

• Create a folder to hold certificate

sudo mkdir /etc/apache2/ssl

 

• Create cretificate and key valid for three years (days 1095 is 3 years)

sudo openssl req -x509 -nodes -days 1095 -newkey rsa:2048 -out /etc/apache2/ssl/server.crt -keyout /etc/apache2/ssl/server.key

 

• Openssl information of certificate

Country Name (2 letter code) [AU]: IN
State or Province Name (full name) [Some-State]: KA
Locality Name (eg, city) []: Bangalore
Organization Name (eg, company) [My Company]: my company
Organizational Unit Name (eg, section) []: IT
The common name is your domain name or the server IP address.
Common Name (e.g. server FQDN or YOUR name) []: 192.168.2.3 or secure.myserver.lan 

Email Address []:dummy@example.com

 

• Enable ssl

sudo a2enmod ssl

 

• Edit config file (my personal preference I add both http and https conf in one file)

<VirtualHost  *:80>

ServerName myserver.lan

ServerAlias www.myserver.lan

ServerAdmin servername@localhost

ErrorLog ${APACHE_LOG_DIR}/myserver-lan-error.log

CustomLog ${APACHE_LOG_DIR}/myserver-lan-access.log combined

                    # below line will redirect all http request to https 

Redirect permanent / https://myserver.lan

</VirtualHost>

<VirtualHost  *:443>

ServerName myserver.lan

ServerAdmin servername@localhost

DocumentRoot /var/www/secure

<Directory /var/www/secure/>

require host localhost

require ip 127.0.0.1

require ip 192.168

</Directory>

ErrorLog ${APACHE_LOG_DIR}/myserver_lan-error.log

CustomLog ${APACHE_LOG_DIR}/myserver_lan.log combined

SSLEngine on

SSLCertificateFile  /etc/apache2/ssl/myservre-lan.crt

SSLCertificateKeyFile  /etc/apache2/ssl/myserver-lan.key

<FilesMatch "\.(cgi|shtml|phtml|php)$">

SSLOptions +StdEnvVars

</FilesMatch>

<Directory /usr/lib/cgi-bin>

SSLOptions +StdEnvVars

</Directory>

</VirtualHost> 

• Restart apache

sudo systemctl restart apache2

 

• Enable firewall

sudo ufw allow 'Apache full'

 

For named virtual host create ssl certificates as per the domain name and follow the above steps.

Continue Reading...

Apache2 : Setup named virtual hosts

A server is setup on local lan which acts as a development server, backup server, a secure domain to manage database servers and host other important data on local lan. The setup is same for a valid FQDN which can be accessed from WAN.

Server : Ubuntu 18.04 LTS

Application server :  LAMP stack

Main site path : /var/www/html

domain name : myserver.lan

Virtual host path :  /var/www/vhosts                 

domain name1 : your domain name. 

Example : dev.myserve.lan

domain name2 : your domain name. 

Example : secure.myserver.lan

• Create config files for vhosts 

run command :             

cd /etc/apache2/sites-available

sudo cp  000-default.conf  dev-myserver-lan.conf

sudo cp 000-default.conf  secure-myserver-lan.conf

• Edit config files:

sudo nano /etc/apache2/sites-available/secure-myserver-lan.conf

# Note: you can add ip as <VirtualHost 192.168.1.1:80> to respond to a specific ip.

<VirtualHost *:80>

    ServerName secure.myserver.lan

    #ServerAlias www.myserver.lan 

    ServerAdmin secure_myserver_lan@localhost

    DocumentRoot /var/www/secure

# This site can be accessed from local lan  and ip range (192.168.*.*) only

    <Directory /var/www/secure/>

        require host localhost

        require ip 127.0.0.1

        require ip 192.168

    </Directory> 

# very important set logs for each site (personal preference)

    ErrorLog ${APACHE_LOG_DIR}/secire_myserver_lan-error.log
 

    CustomLog ${APACHE_LOG_DIR}/secure_myserver_lan-access.log combined

<VirtualHost>

• Enable virtual host

# sudo a2ensite your-domain-conf

sudo a2ensite secure-myserver-lan.conf

sudo systemctl restart apache2

• Disable virtualhost

# sudo a2ensite your-domain-conf

sudo a2dissite secure-myserver-lan.conf

sudo systemctl restart apache2

• Routing : If the domains are on local lan, you can forward the requests from your router or add to local host file

sudo nano /etc/hosts

[...]

192.168.1.251    secure.myserver.lan

192.168.1.251    dev.myserver.lan

[...]

• To access the site from a browser use the http or https tag without fail or you may be redirected to websearch

Browser address bar

Wrong : dev.myserver.lan

Right : http://dev.myserver.lan

Right : https://dev.myserver.lan 

Continue Reading...