SOHO : Small Office Home Office
Freeware - Opensource software tips, tricks, tweaks & fixes for managing, securing, improving the performance of SOHO Desktop, Laptop, Networks

Friday, December 11, 2020

How to clear DNS cache on dd-wrt?

My router is flashed with dd-wrt which uses the dnsmaq daemon.

About dnsmasq? 

dnsmasq is a lightweight DNS, TFTP and DHCP server. It is intended to provide coupled DNS and DHCP service to a LAN. Dnsmasq accepts DNS queries and either answers them from a small, local, cache or forwards them to a real, recursive, DNS server. 

To flush out dns cache the dnsmasq daemon has to be restarted.

Login to the router terminal and run commands

# stopservice dnsmasq

# startservice dnsmasq

 

image

Continue Reading...

Wednesday, September 16, 2020

python3 [virtualenvwrapper] : set up virtualenv in ubuntu LTS

Setting up virtual environment in ubuntu lts.


  • Installing virtualenv: Install into user folder instead of system wide

sudo apt-get install python3-pip

python3 -m pip install --user virtualenvwrapper

  • Config virtualenvwrapper

nano ~/home/username/.bashrc

  • Add below lines to .bashrc

#setup virtualenv

export WORKON_HOME=$HOME/.virtualenvs

export ROJECT_HOME=$HOME/Devel

export VIRTUALENVWRAPPER_PYTHON = /usr/bin/python3

export VIRTUALENVWRAPPER_SCRIPT=/home/username/.local/bin/virtualenvwrapper.sh

source /home/username/.local/bin/virtualenvwrapper.sh

  • Enable config 

source ~/.bashrc

  • For below error or screenshot :  export VIRTUALENVWRAPPER_PYTHON=/usr/bin/virtualenvwrapper.sh

/usr/bin/python: No module named virtualenvwrapper

virtualenvwrapper.sh: There was a problem running the initialization hooks.

If python could not import the module virtualenvwrapper.hook_loader,

check that virtualenvwrapper has been installed for 

VIRTUALENVWRAPPER_PYTHON=/usr/bin/python and that python is set properly.



  • Quick-Start

Run: workon

A list of environments, empty, is printed.

Run: mkvirtualenv temp

A new environment, temp is created and activated.

Run: workon

This time, the temp environment is included.

Ref: https://virtualenvwrapper.readthedocs.io/en/latest/install.html#basic-installation

Continue Reading...

Tuesday, September 15, 2020

Mysql (adminer) : error "Access denied for user 'root'@'localhost'(using password :yes)

  •  Server

 ubuntu 18.04LTS

  • Mysql 

mysql-server v5.7


  • Error: 
image

  • edit mysql config file

sudo nano /etc/mysql/my.cnf

  • Add to my.cnf

[mysqld]

skip-grant-tables

  • restart mysql

sudo systemctl restart mysql

  • login to mysql and run command

$ mysql -u root 

UPDATE mysql.user SET authentication_string=PASSWORD('YOURNEWPASSWORD'), plugin='mysql_native_password' WHERE User='root';

exit;

  • disable the added lines from my.cnf

#[mysqld]

#skip-grant-tables

  • Restart mysql 

sudo systemctl restart mysql

  • Run mysql_secure_installation and set 'y' for all options

sudo mysql_secure_installation

  • check login to mysql 

mysql -u root -p  

Now login to mysql as user root with new password must be possible.




Continue Reading...

Monday, September 14, 2020

Apache2 : Setup https with self signed certificate and redirect http to https

Note : Internet Browser will issue warning  on self signed certificates.

Self signed secure socket layer (TLS/SSL) certificate, to enable https on apache2 server. Even though the server is on lan, security is a concern when there is a large group of nodes. A zero cost self signed certificate is generated and all http request is rerouted to https

  • Create a folder to hold certificate

sudo mkdir /etc/apache2/ssl

 

  • Create cretificate and key valid for three years (days 1095 is 3 years)

sudo openssl req -x509 -nodes -days 1095 -newkey rsa:2048 -out /etc/apache2/ssl/server.crt -keyout /etc/apache2/ssl/server.key

 

  • Openssl information of certificate

Country Name (2 letter code) [AU]: IN
State or Province Name (full name) [Some-State]: KA
Locality Name (eg, city) []: Bangalore
Organization Name (eg, company) [My Company]: my company
Organizational Unit Name (eg, section) []: IT
The common name is your domain name or the server IP address.
Common Name (e.g. server FQDN or YOUR name) []:
192.168.2.3 or secure.myserver.lan 
Email Address []:dummy@example.com
                     
                    • Enable ssl

                    sudo a2enmod ssl

                     

                    • Edit config file (my personal preference I add both http and https conf in one file)

                    <VirtualHost  *:80>

                    ServerName myserver.lan

                    ServerAlias www.myserver.lan

                    ServerAdmin servername@localhost

                    ErrorLog ${APACHE_LOG_DIR}/myserver-lan-error.log

                    CustomLog ${APACHE_LOG_DIR}/myserver-lan-access.log combined

                                        # below line will redirect all http request to https 

                    Redirect permanent / https://myserver.lan

                    </VirtualHost>

                    <VirtualHost  *:443>

                    ServerName myserver.lan

                    ServerAdmin servername@localhost

                    DocumentRoot /var/www/secure

                    <Directory /var/www/secure/>

                    require host localhost

                    require ip 127.0.0.1

                    require ip 192.168

                    </Directory>

                    ErrorLog ${APACHE_LOG_DIR}/myserver_lan-error.log

                    CustomLog ${APACHE_LOG_DIR}/myserver_lan.log combined

                    SSLEngine on

                    SSLCertificateFile  /etc/apache2/ssl/myservre-lan.crt

                    SSLCertificateKeyFile  /etc/apache2/ssl/myserver-lan.key

                    <FilesMatch "\.(cgi|shtml|phtml|php)$">

                    SSLOptions +StdEnvVars

                    </FilesMatch>

                    <Directory /usr/lib/cgi-bin>

                    SSLOptions +StdEnvVars

                    </Directory>

                    </VirtualHost> 


                    • Restart apache

                    sudo systemctl restart apache2

                     

                    • Enable firewall

                    sudo ufw allow 'Apache full'

                     

                    For named virtual host create ssl certificates as per the domain name and follow the above steps.


                    Continue Reading...

                    Apache2 : Setup named virtual hosts

                    A server is setup on local lan which acts as a development server, backup server, a secure domain to manage database servers and host other important data on local lan. The setup is same for a valid FQDN which can be accessed from WAN.

                    Server : Ubuntu 18.04 LTS
                    Application server :  LAMP stack
                    Main site path : /var/www/html
                    domain name : myserver.lan
                    Virtual host path :  /var/www/vhosts                 
                    domain name1 : your domain name. 
                    Example : dev.myserve.lan
                    domain name2 : your domain name. 
                    Example : secure.myserver.lan
                    • Create config files for vhosts 
                    run command :             
                    cd /etc/apache2/sites-available
                    sudo cp  000-default.conf  dev-myserver-lan.conf
                    sudo cp 000-default.conf  secure-myserver-lan.conf

                    • Edit config files:
                    sudo nano /etc/apache2/sites-available/secure-myserver-lan.conf
                    # Note: you can add ip as <VirtualHost 192.168.1.1:80> to respond to a specific ip.
                    <VirtualHost *:80>
                        ServerName secure.myserver.lan
                        #ServerAlias www.myserver.lan 
                        ServerAdmin secure_myserver_lan@localhost
                        DocumentRoot /var/www/secure
                    # This site can be accessed from local lan  and ip range (192.168.*.*) only
                        <Directory /var/www/secure/>
                            require host localhost
                            require ip 127.0.0.1
                            require ip 192.168
                        </Directory> 
                    # very important set logs for each site (personal preference)
                        ErrorLog ${APACHE_LOG_DIR}/secire_myserver_lan-error.log
                     
                        CustomLog ${APACHE_LOG_DIR}/secure_myserver_lan-access.log combined

                    <VirtualHost>

                    • Enable virtual host
                    # sudo a2ensite your-domain-conf
                    sudo a2ensite secure-myserver-lan.conf
                    sudo systemctl restart apache2

                    • Disable virtualhost
                    # sudo a2ensite your-domain-conf
                    sudo a2dissite secure-myserver-lan.conf
                    sudo systemctl restart apache2

                    • Routing : If the domains are on local lan, you can forward the requests from your router or add to local host file
                    sudo nano /etc/hosts
                    [...]
                    192.168.1.251    secure.myserver.lan
                    192.168.1.251    dev.myserver.lan
                    [...]

                    • To access the site from a browser use the http or https tag without fail or you may be redirected to websearch
                    Browser address bar

                    Wrong : dev.myserver.lan

                    Right : http://dev.myserver.lan

                    Right : https://dev.myserver.lan 

                    Continue Reading...