letsencrypt on apache and linux

this is a small guide how to setup letsencrypt on apache and on linux

first we need to download a letsencrypt tool and move the sample config to the right position

cd /opt
git clone https://github.com/lukas2511/letsencrypt.sh
mkdir -p /etc/letsencrypt.sh
mkdir -p /var/www/letsencrypt.sh/
chown www-data:www-data /var/www/letsencrypt.sh
cp /opt/letsencrypt.sh/docs/examples/config /opt/letsencrypt.sh/config
cp /opt/letsencrypt.sh/docs/examples/domains.txt /opt/letsencrypt.sh/domains.txt

configure the letsencrypt config file

/opt/letsencrypt.sh/config.sh

BASEDIR="/etc/letsencrypt.sh/"
WELLKNOWN="/var/www/letsencrypt.sh/"
PRIVATE_KEY="${BASEDIR}/private_key.pem"
HOOK="${BASEDIR}/hook.sh"
CONTACT_EMAIL="my@mail.com"

 

configure theletsencrypt alias for apache

/etc/apache2/conf.d/letsencrypt

Alias /.well-known/acme-challenge /var/www/letsencrypt.sh/
Options None
AllowOverride None
Order allow,deny
Allow from all

configure the hook.sh file for reloading the apache

/etc/letsencrypt.sh/hook.sh

#!/bin/bash

if [ ${1} == "deploy_cert" ]; then
echo " + Hook: Restarting Apache..."
/etc/init.d/apache2 reload
else
echo " + Hook: Nothing to do..."
fi

change the mod of this file

chmod +x /opt/letsencrypt.sh/hook.sh

configure the domain file

/opt/letsencrypt.sh/domains

www.mosandl.eu
storage.mosandl.eu

run letsencrypt

/opt/letsencrypt.sh/dehydrated -c

create a crontjob that the certs will be generated every week

1  1	* * *	root	/opt/letsencrypt.sh/dehydrated -c

vhost

SSLEngine On
SSLCertificateFile      /etc/letsencrypt.sh/certs/storage.mosandl.eu/cert.pem
SSLCertificateKeyFile   /etc/letsencrypt.sh/certs/storage.mosandl.eu/privkey.pem
SSLCertificateChainFile /etc/letsencrypt.sh/certs/storage.mosandl.eu/chain.pem
SSLCACertificateFile    /etc/letsencrypt.sh/certs/storage.mosandl.eu/fullchain.pem
SSLHonorCipherOrder On
SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384

rewrites

RewriteEngine On
RewriteCond %{REQUEST_URI} !^/.well-known
Alias /.well-known/acme-challenge /var/www/letsencrypt.sh/
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

proxy pass

ProxyPass /.well-known !
Alias /.well-known/acme-challenge /var/www/letsencrypt.sh/

Errors

Debian 8 Jessie with systemd and updated kernel | The H

Despite turbulence, the Debian Project has completed the new stable release in just two years. Systemd has SysVInit replaced as the default init service and for Debian relationships young kernel ensures good hardware support

The Debian project has, despite significant disturbance and personnel changes die Version 8.0 released its Linux distribution after just two years of development,. It bears the name of the yodeling cowgirl from the movie Toy Story 2. Jessie used first systemd as the default init service and includes a Debian ratios pretty young kernel version 3.16, which ensures good hardware support on current notebooks.

Debian users was the change to the new init system made easy, configure users about their network settings via the Network Manager and admins can normally save the network configuration in the / etc / network / interfaces file. Also the way back to SysVInit is not difficult and for upgrades from Debian Wheezy on the new Jessie SysVInit remains the default init service.

with Linux 3.16 is a relatively young kernel on board, which also provides on current desktop and notebook computers for a good hardware support - but since Debian mitliefert exclusively free software, can occasionally missing firmware files, about the network cards. The default desktop is Gnome 3.14; additionally represent Xfce, WHERE, Cinnamon, Mate and LXDE for election. Iceweasel 31.6 is part of the standard installation, Icedove 31.6 can re-install from the default repository. In the databases you have the choice between MySQL 5.5, PostgreSQL 9.3 and first MariaDB 10.0.

The services supported by Debian Jessie CPU architectures also include now 64-bit ARM- (arm64) and 64-bit PPC processors (ppc64el). Elimination are ia64 architectures, sparc, s390 and the FreeBSD ports - mostly because developers lack. CD- and DVD images for all of Debian 8 Jessie supported platforms are already available for download.

Source: Debian 8 Jessie with systemd and updated kernel | The H

Contact the parcel service

The DHL customer service for standard packages is under 0228/28609898 accessible (Every day 7:00 – 22:00 Clock). The DHL Customer Service for National Express packages can be reached at 0180 6 345 300-1 (20 ct per call from a German landline, max. 60 ct from a German mobile network). DHL also provides direct customer service on the DHL packet Facebook page and the DHL-Twitter-Account.

Deutsche Post Hotline: 0180 2 3333 (0,06 Euro per call from landline deutschm; mobile max. 0,42 EUR/Min.)

DPD-Hotline: 01806 373 200 (0,20 Euro per call from a German landline, max. 0,60 Euro per call from a German mobile network). accessible Mo. Fr. from 8 to 18 Clock. Find the DPD customer service on Twitter

GLS parcel service hotline at the normal rate: 06677-646907000

UPS-Hotline: 01806 882 663 (20 Cent / Call from the German. landline; mobile max. 60 Cent / Call) the English UPS Support can be reached also on Twitter.

Hermes Package-Hotline: 01806-311211 (landline 20 Cent / call, mobile max. 60 Cent / call).
Hotline of Hermes Einrichtungs Service (Sperrgutlieferungen z.B. furniture): 05732 103-0 The Hermes-Service available here also on Twitter.

TNT-Hotline: 01805 900 900 (0,14 EUR /Min. from the landline, mobile max. 0,42 EUR/Min.)

hybris breaks new ground for B2B companies

The mobile phone was born in the enterprise and remains a key tool connecting businesses. As consumers we know that today mobile is more than just voice.

So let’s take a look at what happens when we mix some hybris B2B functionality with a smart phone enabled workforce. Using hybris Stream and a mobile B2B app, Toto quickly orders the dynamite he needs for tomorrow.
His boss, Dan, receives the approval notification en route to a meeting and actions it on the go.
The order needs delivery notification so Annette , using the hybris customer service module, gives Toto a call. Toto confirms the delivery instructions and business carries on as usual.

For more information please head to www.hybris.com

Wie Sie den 5 größten BYOD-Fallen ausweichen

Bring your own Device hat schon immer mindestens so viel Verdruss wie Freude gestiftet, und die meisten Firmen haben sich dem Trend nicht aus Überzeugung angeschlossen. Vielmehr wurden der Druck durch die Mitarbeiter und der unübersehbare Wildwuchs irgendwann so groß, dass das Motto nur noch lauten konnte: Wenn du dich schon nicht dagegen wehren kannst, dann versuche wenigstens, die Dinge im eigenen Sinne zu steuern.
Diese Steuerung funktioniert mittelprächtig, und ein gepflegtes Maß an Verdrängung ist in der Regel unausgesprochener Teil jeder BYOD-Policy.
Bring your own Device ohne Stress gibt es nicht, dazu existieren zu viele Sollbruchstellen. Möglich ist aber – und zwar für Arbeitgeber und Arbeitnehmer – die gängigsten Fallen in diesem Zusammenhang zu entschärfen beziehungsweise ihnen auszuweichen.

Falle 1: Offene Türen für jede Art von App

Wer immer Angry Bird auf seinem iPhone gespielt hat, will nicht plötzlich damit aufhören, nur weil er das Gerät jetzt auch im Job einsetzt. Nun stiehlt der wütende Vogel lediglich Zeit, andere Apps sind dagegen gefährlich, Dropbox zum Beispiel. Wer sein iPhone beruflich nutzen will, muss Einschränkungen hinnehmen. Um dessen Akzeptanz zu erhöhen, sollte die Policy nicht rigider sein als nötig, aber ohne Blacklists und Whitelists für Apps geht es nicht.

Falle 2: Big Brother is watching you

Das sogenannte Geofencing, also die Möglichkeit, einem iPad bestimmte Zugriffe in Abhängigkeit von seinem Standort zu erlauben oder zu verbieten, ist praktisch, aber unbeliebt. Weil der Chef dadurch auch weiß, wo sich der Besitzer des Geräts gerade aufhält.
Allerdings gibt es die Möglichkeit, das Monitoring nur während der Arbeitszeit einzuschalten. Angestellte müssen sich dabei darauf verlassen können, dass sich ihre Firma an diese Einschränkungen hält.

Falle 3: Hohe Kosten durch mangelnde Kontrolle

David Schofield, Partner beim Beratungsunternehmen Network Sourcing Advisors, berichtete im Vergangenen Jahr in einem Artikel über ein Technologieunternehmen, dass 300.000 Dollar zusätzlich für Kommunikation auf der Rechnung hatte, nachdem es 600 Mitarbeiter in ein BOYD-Programm integriert hatte.
Mitarbeiter, die auf irgendwelche Download-Fallen hereinfallen oder oder ohne betriebliche Erfordernis kostenpflichtige Nummern anrufen, müssen diese Kosten auch dann selbst tragen, wenn das ganze unabsichtlich geschah. Generell gibt es in den meisten Unternehmen kaum sinnvolle Anlässe, um mit mobilen Endgeräten große Datenmengen woher auch immer downzuloaden.

Quelle

ownCloud 5.0.0 released

New design
In ownCloud 5, the main navigation was redesigned to clearly differentiate it from the in-app navigations. This also allows the app more room and thus a better focus on the content of your ownCloud directories. Settings and Log-out menus were combined into a user menu on the top right, which also shows the currently logged in user and makes it more intuitive to use. The settings are further simplified and app-specific settings are moved from personal settings into the relevant apps. To help people get their data synchronized, there is a new first run page linking the desktop & mobile apps as well as documentation how to sync contacts and calendars. This information is also displayed in the personal settings – and makes getting started with ownCloud much easier for a user.

Essentially, the new design helps to concentrate more on the content and makes it easier to navigate and setup the Desktop and Mobile syncing clients.

New Antivirus App
The new antivirus system scans uploaded files for viruses. The admin can choose if infected files should be deleted automatically and/or logged/reported in the log file.

New Files Undelete feature
Now users can undelete a file that was accidentally deleted through the web interface. Simply select the files in the files undelete section and they are returned to where they were deleted, with versions maintained.

New REST APIs
A new Open Collaboration Services (OCS)-based REST API is added to access and control ownCloud remotely. The newly released OCS 1.7 spec is supported. Main feature is a new capabilities API for closer communication with the Desktop and Mobile clients. It is now very easy for ownCloud apps to provide an REST API so more API features will be added in the future.

Display names
In the interface and share dialog, display names are shown instead of the login names. The display names are easier to understand for users and can be changed by the admin. The admin can configure the display names and they can be changed by the users themselves. The display names can also be fetched from an LDAP or AD server for bigger installations. This makes it much easier to work with ownCloud, as users are identified separately from their system-generated IDs

New search engine
A new Lucene-based full text search engine app is added. People can use the search to not only find files by name but also by content. Scanning is done in the background to ensure a responsive user experience for the users.

New photo gallery
ownCloud 5 contains an improved and rewritten photo gallery. It has an improved and streamlined user interface with a slideshow feature. Photo galleries can also be shared with others.

New documentation system
There is completely new user, admin and developer documentation. The user and administrator documentation is shipped with ownCloud and available in the help menu. The developer documentation is available online.

LDAP / AD enhancements
LDAP can now search in attributes, not only in the ownCloud username. The search attributes can be configured. Multiple User/Group bases can be configured in the LDAP backend. LDAP backend supports paged results for better performance if the server offers it (requires PHP 5.4) An LDAP/AD backup resp. replica host can be configured for HA environment. Multiple LDAP / AD servers can be configured.

Enhanced external storage app
Increase performance of integrated secondary storage, including Dropbox, Swift, FTP, Google Docs, S3, WebDAV and external ownCloud servers, with a significantly faster, more efficient and easier external storage app. This is the fastest way to a personal hybrid cloud.

Improved Versioning
The versioning support for files is improved with an intelligent algorithm that automatically expires old versions if running out of space. The versioning keeps revisions every 2 seconds for the first 10 seconds, every 10 seconds for the next minute, every minute for the next hour, every hour for the next 24 hours and one revision per day until running out of space or quota.

Expanded file cache
The file cache was rebuilt in ownCloud 4.5, and underwent a minor facelift in ownCloud 5.0 to improve speed, performance of external files, and scalability of sharing. The system is also a little faster with the new file cache, and less prone to corruption in production.

Improved apps management
The management of the shipped and the 3rd-party apps in ownCloud is improved. 3rd-party apps can be easily installed from the central apps repository (apps.owncloud.com) and are automatically removed from the server if disabled. If a new version of an 3rd party app is published by the author then an update button appears on the apps page inside ownCloud and he app can easily updated with just one click. More feedback is now given to the user during long running installation and updating operations. Recommended apps are shown in the apps list with a “recommended” label so that users can find high quality apps better.

Improved bookmarks
The user interface of the bookmarks app is improved and a lot easier to use.

Improved contacts
Contacts are now organized by groups (categories) instead of address books giving more intuitive access to Friends, Coworkers, Family etc. The main view shows an overview of the most relevant fields and the amount of info adjusts automatically depending the size of the browser window or device. The web UI is now written entirely in javascript giving a more responsive user experience.

Improved syncing
The desktop syncing clients and the mobile clients have improved communication with the server and can sync faster with lower server load.

Improved calendar
The calendar has now support for classed and the option to declare events as confidential or public. The sharing is improved and compatibility with clients also extended.

General fixes
In general, there were a number of bug fixes, UI enhancements, and improvements in performance. Most notably a 5x improvement in disk write actions, as well as better overall scalability of ownCloud across the board.

  • Windows Server support extended
  • PDF viewer is updated for improved performance and compatibility
  • Improved media player
  • Improved overall performance
  • Improved download performance
  • Show file size and progress during downloading

More information here: http://owncloud.org/features

Broadcasting Post service compares financial data

Following the introduction of the broadcasting contribution to the beginning of the year will the new review service by ARD, ZDF and Germany Radio - formerly GEZ - compare the address data of the payer once with the data of the registration offices. So to be clarified, for which apartment already broadcasting fee is paid and who must still register, it says in a statement the legal basis for data synchronization is the broadcast contribution treaty.

For the calibration details are to name, Address, Marital status, received birthday and the date of arrival. The data would be provided to the Post Service temporarily ready; they must be processed as quickly as possible and then deleted. insures Post Service, he was no address to third parties. Details of previously reported contributors or superfluous data by persons, for example, do not pay the broadcasting Post, would immediately deleted.

source Heise

Real Racing 3 appears as freemium racing game for iPhone, iPod Touch and iPad

Link to app

The pre-order of the day is undoubtedly Real Racing 3, now directly as title from Electronic Arts, after Real Racing makers Firemint was indeed taken over by EA. The game was truly been waiting for and appears to meet the high expectations of racing fans certainly. Again clearer, improved graphics, a very good control and, above all, an innovation, TSM is, stand for, that this game will be a success.

Continue reading “Real Racing 3 appears as freemium racing game for iPhone, iPod Touch and iPad”

Apple executives must hold triple base salary in shares

Apple builds the financial fate of its management more closely to the company: As the Wall Street Journal reports, have employees from the Positon of “Executive Officer” keep the future at least three times their annual base salary in Apple shares. According to the report, the measure was already reaching the beginning of February.

Originally the Group's Board of (Board of Directors) such a proposal, had previously made to a major shareholder, rejected. It is unclear, what the company has led to a rethinking of the measure. Many managers have been as part of their compensation package over longer Apple's stock packages.

So far, Apple had already CEO Tim Cook obliged, a certain number to keep in stock - here even ten times its annual base salary. Members on the board are also committed, owning five times their allowance in Apple shares. This starts at 50.000 US dollars in, So does at least 250.000 Dollars in share certificates.

Post by Heise

iOS 6.1.3 is ausknipsen your jailbreak

Do you have one of the above 7 Million i-devices with Jailbreak? If so, then you should definitely iOS 6.1.3 keep away. While the new iOS version is still beta, but they will ruin you a Day.

iOS 6.1.3 is still in the beta phase and will fix the error, through which one can overcome the code lock of iOS. But apparently Apple has repaired one of the five critical vulnerabilities, with which the Jailbreak evasi0n was applied. One of the developers told Forbes, that this is a problem. When one of these vulnerabilities is stuffed, then no longer works the Jailbreak. Although you could try to find a new gap, but if Apple or all also weeds out most of the other gaps, Then it's over.

The update will certainly not mean the end of Jailbreakings, but with each closed gap the task becomes more difficult. If you own a device with Jailbreak, then you should not just blindly import the next update but to wait and see, what evad3rs says.

Those: gizmodo