After a few weeks with a self signed SSL certificate I had a closer look at the site statistics and as thought before still lots of people don’t visit a site behind a self signed certificate. Because I don’t want to spend money for a certificate I made the whole site accessible via http instead of redirecting everybody to the secure SSL site. Now the user has the choice to use http or https.
Of course I created a redirect to SSL for all login/admin stuff.
I had to checkout a very large repository which included branches, tags and trunk in a subfolder of the project. So checking out the basedir gets all branches and tags which makes SVN very slow. So I was looking for a way to exclude folder from checkout. The following statement makes SVN ignore and delete folders locally but lets them untouched on the server.
svn update --set-depth=exclude <foldername>
After this the folder with name <foldername> is deleted and wont be updated anymore. This is NOT the same as the svn:ignore property!
I created my own certificate authority (CA) with easyrsa which is now hosted on github. In my howto you’ll find instructions how to import my root certificate into google chrome. It’s mainly the same for firefox and thunderbird. I’ll only fall back to startssl if visits go down very much after this change.
To undo all changes until a specified version, here is the command to do that:
svn merge -rHEAD:456 .
here is a list of often needed openssl commands to work with ssl keys:
- Create new private key + CSR:
openssl req -new -newkey rsa:2048 -nodes
-keyout common_name.key -out common_name.csr
- Create CSR from existing private key:
openssl req -new -key common_name.key -out common_name.csr
openssl req -text -noout -verify -in common_name.csr
openssl rsa -in common_name.key -check
openssl x509 -in common_name.crt -text -noout
- Remove password from key:
openssl rsa -in common_name.key.bak -out common_name.key
openssl x509 -req -days 365 -in common_name.csr
-signkey common_name.key -out common_name.crt
openssl s_client -connect HOST:PORT
I use git to share my projects with my workstation and my notebook. So I often start a project locally on one of them and want to continue on the other. Because I’ve already installed a central gitosis server this is no problem. Here is how to move the local project to gitosis after having created it in gitosis-admin:
git remote add origin git@<domain>:<project>.git
git push origin master:refs/heads/master
mv <project> <project>2
git clone git@<domain>:<project>.git
Then check if you’ve configured some maybe needed resources to be ignored and run your tests to verify nothing important is missing. If so there is a backup in <project>2 folder if you haven’t deleted the project instead of renaming it as proposed above.
If you are using special ports or different usernames on different ssh-hosts you can simplify your connect commands with a .ssh/config file like the one in the following example.
ssh test1 equals ssh firstname.lastname@example.org -p 12345. The last entry lets you use root for all other hosts.
… to my blog. I am going to publish solutions to everyday problems a system administrator/software developer has to solve. If you have better solutions than mine please don’t hesitate to write a comment or a mail.