Setting up SSL certificates using StartSSL

By admin | October 29, 2014 - 04:41 am |October 29, 2014 Technical

Generate an SSL/TLS key, which will be used to actually encrypt traffic.

DOMAIN=nntp.za3k.com
openssl genrsa -out ${DOMAIN}.key 4096
chmod 700 ${DOMAIN}.key

Generate a Certificate Signing Request, which is sent to your authentication provider. The details here will have to match the details they have on file (for StartSSL, just the domain name).

# -subj "/C=US/ST=/L=/O=/CN=${DOMAIN}" can be omitted to fill in custom identification details
# -sha512 is the hash of your key used for identification. This was the reasonable option in Oct 2014. It isn't supported by IE6
openssl req -new -key ${DOMAIN}.key -out ${DOMAIN}.csr -subj "/C=US/ST=/L=/O=/CN=${DOMAIN}" -sha512

Submit your Certificate Signing Request to your authentication provider. Assuming the signing request details match whatever they know about you, they’ll return you a certificate. You should also make sure to grab any intermediate and root certificates here.
```
echo "Saved certificate" > ${DOMAIN}.crt
wget https://www.startssl.com/certs/sca.server1.crt https://www.startssl.com/certs/ca.crt # Intermediate and root certificate for StartSSL
```
Combine the chain of trust (key, CSR, certificate, intermediate certificates(s), root certificate) into a single file with concatenation. Leaving out the key will give you a combined certificate of trust for the key, which you may need for other applications.
```
cat ${DOMAIN}.crt sca.server1.crt >${DOMAIN}.pem # Main cert
cat ${DOMAIN}.key ${DOMAIN}.crt sca.server1.crt ca.crt >${DOMAIN}.full.pem
chmod 700 ${DOMAIN}.full.pem
```

Tagged http, ssl, system administration, tls

Running a forge server on headless linux

By admin | October 4, 2014 - 02:10 am |October 4, 2014 Technical

I’ve had a lot of trouble getting Minecraft Forge to run headless. They have a friendly installer option that I just can’t use in my situation, but one of the devs seems actively hostile around providing help to headless servers, so I didn’t bother asking forge for help. I thought I’d write up what I had to do to get things working. As a warning, it requires some local work; you can’t do everything headless with these directions.

I’m running Minecraft 1.6.4, with the latest version of forge for that, 9.11.1.965.

Locally, download and start the minecraft client for the correct version at least once. Not sure if you’ll need to ‘play online’ or not. If you have the current installer, you need to make a new profile with the correct minecraft version and play that.
Copy ~/.minecraft/libraries to the headless machine.
Download forge (the installer version, not the universal) from http://files.minecraftforge.net/. The non-adly version is the little star for non-interactive use.

Run

java -jar forge-1.6.4-9.11.1.965-installer.jar --installServer

Delete the installer, you don’t need it any more.
Install any mods you want to the ‘mods’ directory, edit server.properties, etc. Normal server setup.
To execute the server, run the file indicated in the installer. In my case, I run
```
java -jar minecraftforge-universal-1.6.4-9.11.1.965-v164-pregradle.jar nogui
```

Alternatively, you can install the entire server locally and copy it over.

Tagged minecraft

Amazon AWS

By admin | July 26, 2014 - 11:29 pm |July 26, 2014 Technical

I was originally planning to write a rosetta-stone style guide for similar commands between digital ocean, google compute, and AWS. Instead, I spent all day writing this CLI tool for EC2 which wraps the enormous and unintuitive AWS command-line tool. It’s not totally polished, namely you’ll have to hand-substitute some stuff at the top of the script that should properly go in a config file, but hopefully someone will find it useful.

As a warning it terminates, not just stops, all amazon instances when asked.

Tagged AWS, cloud