Configure a site with SSL on an Nginx server

This post describes how to setup a server block on nginx with a Thawte SSL123 certificate.

This how to can of course also be used with other SSL vendors (comodo, digicert, …) but you’ll have to change some steps of course 🙂

First, we’ll start with the certificate request.

To create your request, use the openssl command:

And follow the SSL csr generation process:

Now, if you look inside of your CSR files, you’ll see something like

Now it’s time to go and buy your certificate at your favorite SSL reseller…

Be sure to have a mailbox to be able to send your certificate approval email to (mainly this is: admin@securedomain.com or webmaster@, hostmaster@, administrator@,…)

Once you have received your SSL Certificate from Thawte, create a new file and paste in the certificate.

So paste it inside of www.securedomain.com.crt

Thawte has upgraded their root hierarchy to 2048bit RSA Keys (more information),  so you need the Intermediate CA to support old web browsers. For the nginx web server you can download the file from Thawte here by:

One you have this file, echo the contents and paste it at the end of your crt file.

Now enable SSL in your nginx server block by:

In my example, your site will listen to both Port 80 and 443 (SSL), you can of course redirect http to https by adding this in your nginx server block config:

 

Migrating a DNS server to PowerDNS

Today I had to migrate a customer’s DNS server to a new server… This because the old server (a very old plesk instance) was end of life.

As I have very good experiences with PowerDNS, we decided to migrate from Bind (Named) to PowerDNS.

PowerDNS provides you with the utilities to do so, but I did not find a straight forward way to export/import zones from Bind into PowerDNS.

Installation of PowerDNS and PowerAdmin (a PowerDNS Gui) is out of the scope of this document, so I assume you already have a working PowerDNS server.

These are the steps I had to perform to migrate from the Plesk 8.2 server to PowerDNS:

1) First of all, you need to allow zone transfer (AXFR) on your bind server from your new PowerDNS server IP. You need to change the contents of /etc/named.conf in something like this (add the allow-transfer lines in the Options block.

2) Reload or restart named to take effect:

3)Test a zone transfer, eg:

4) Now that you know zone transfer is working, create a list of domains that your Bind server is ‘serving’.  In my case i have to remove some extra .lock and .saved_by_psa files from my listing. If you use this tutorial, your command can look differently of course.

If needed: check if the domains in bind still use your old nameservers… (do not polute your new powerDNS server :))

Then delete all domains from /root/domainlist.dns if they not valid anymore
5) Import your zones by:
a) Create Zone Import SQL scripts

From these generated files, remove duplicate SOA records from all import files:

If needed: change TTLs:

Depending if your imported zones need to be set as NATIVE or MASTER

Change extra stuff with sed, like hostmaster and so on

b) Test import into mysql

c) Verify in poweradmin and drop the imported zone (or you’ll get an import error on the next step, which is not bad or something… but hey :))

d) Import all your zones, if you like what you have done:

 

Install Zend Optimizer for php 5.2 and earlier

Zend Optimizer has been updated and renamed to Zend Guard since PHP 5.3.

However, you might still have some older projects running PHP 5.2, where Zend Optimizer is still needed.

Here’s a small how to install for Ubuntu 12.04 LTS with PHP 5.2.

First of all, download Zend Optimizer 3.3.3 through this link: Zend

Unpack it on your server with this command:

Navigate into the data directory, and correct php version, eg:

copy the so file to the php path:

Enable zend optimizer throught /etc/php5/conf.d by typing:

Enable Zend optimizer by reloading apache

Check if Zend Optimizer is enabled by: