Monthly Archives: April 2017

Complete AWS CSA Associate exam preparation guide!

Small AWS CSA Associate exam preparation guide to help you get ready for the certification exam. Get confident with the list of test quizzes listed here.

Note: SAA-C01 is retiring now and being replaced with SAA-C02.

Recently I cleared the Amazon Web Services Certified Solutions Architect Associate-level exam and I was bombarded with many questions like How to prepare for the AWS CSA exam? Which book to refer to preparing AWS CSA certification? How to study for AWS CSA? Which online resources available for the certified solutions architect exam? So I thought of summing all this up in a small post which can be useful for AWS CSA aspirants.

Remember this post is compiled from my own experience and should not be taken as the final benchmark for taking the certification exams. This post is mainly aimed to help you gaining confidence in taking examination once you are through your syllabus and hands-on experience.

AWS has three streams where you can pursue your cloud career.

AWS Certified Solutions Architect (Architecture context)
AWS Certified Developer (Developer context)
AWS Certified SysOps Administrator (Operations context)

All these three streams have an associate-level (primary or base) level certification. Later professional (higher level) certification is available for solution architect only. Developer and SysOps get merged into single AWS certified DevOps Engineer professional certification.

So, we are talking here about the Amazon Web Services Certified Solutions Architect Associate level exam! Obviously you should be well versed with AWS and requirements stated by Amazon on exam link. Let’s have some examination details :

AWS CSA Exam details :

Total number of questions: 60-65
Duration: 130 minutes
Cost : $150
Type: Multiple choice questions
Can be retaken after 7 days of cooldown period if failed in the first attempt
Syllabus: Download here.
Pass criteria: 720/1000.

AWS CSA Study material :

Instructor lead training is available. Search for such institutes in your area on Google.
Online training is available on top websites
- AWS Certified Solutions Architect Associate 2020 by A Cloud Guru
- AWS Solutions Architect – Associate Certification Preparation for AWS by Cloud Academy
- AWS Certified Solutions Architect – Associate Level by Linux Academy
AWS CSA official guide here. Do not miss exam essentials and review questions at the end of each lesson.
Free exam readiness training by AWS

Quick recap before exam :

I have compiled a series of quick reviews before taking the exam. Feel free to refer and suggest your addition/feedback.

Below is a list of AWS quiz which I gathered from the web which can help you to put your cloud knowledge to test and gain the confidence to get ready for the exam.

Free Quiz

Amazon web services quiz! (15 questions)
Amazon Redshift quiz (10 questions)
The Cert School Quiz (30 questions)
Flux7 Quiz (11 Questions)
Techtarget AWS Security Quiz (10 questions)
Sample questions by Amazon : (7 questions)
Techtarget S3 quiz (10 questions)
Techtarget Quiz for AWS IaaS (10 questions)
AWS Arch app (Android | iOS) : Total 279 Questions

Premium (paid) Quiz

Cloud academy: 241 Questions. Signup needed (first 7 days free access then paid account)
Linux Academy: 117 Questions. Signup needed (first 7 days free access then paid account)
A Cloud Guru: 294 Questions. Signup needed.
AWS Training practice tests $20. It’s free if you are AWS certified. You can get a voucher from your certification benefits section on the AWS certification portal.
Practice exam by tutorialsdojo

All the best !

Our other certification preparation articles

AWS SWF, Beanstalk, EMR, Cloudfomation revision before the CSA exam

Leave a reply

Quick revision on topics AWS SWF, Beanstalk, EMR, Cloudfomation before appearing AWS Certified Solutions Architect – Associate exam.

This article notes down a few important points about AWS (Amazon Web Services) SWF, Beanstalk, EMR, Cloudfomation. This can be helpful in last-minute revision before appearing for the AWS Certified Solutions Architect – Associate level certification exam.

This is forth part of AWS CSA revision series. Rest of the series listed below :

In this article we are checking out key points about SWF (Simple Work Flow), Beanstalk (App deployment Service), EMR (Elastic MAp Reduce), Cloudfomation (Infrastructure as code).

Recommended read : AWS CSA exam preparation guide

Lets get started :

SWF

Max simultaneous workflows executions 1,00,000
C++ is not supported in SWF
There are three actors :
- activity workers
- workflow starters
- deciders
Each workflow runs in the domain which is a collection of tasks.
Workflows in different domains can not interact

Beanstalk

Scala, WebSphere is not available in Beanstalk
Its free service. You will be charged for resources it provisions for your application
Supported platforms :
- Java
- Ruby
- Python
- PHP
- Node.js
- .net
- Go
- Docker

Cloudfront

One AWS account can have 100 CF origin access identities at max.
Key pairs are only used for EC2 and CloudFront.
All CloudFront URL ends with cloudfront.net
Cloudfront origins can be S3 bucket, EC2, webserver in an on-premise datacenter
It can serve private content by S3 origin access identifiers, signed URLs, and signed cookies.
Limits :
- Req per sec per distribution : 1,00,000
- Transfer rate per distribution : 40 Gbps
- Origins per distribution : 25
- web distributions per account : 200

AWS Infra

Total availability zones currently are 42.
The total regions are 16.
First 3 services launched by AWS are SQS (2004), S3 (2006), EC2 (later in 2006)

AWS CloudFront, SNS, SQS revision before the CSA exam

Leave a reply

Quick revision on topics AWS CloudFront, SNS, SQS before appearing AWS Certified Solutions Architect – Associate exam.

This article notes down a few important points about AWS (Amazon Web Services) CloudFront, SNS, and SQS. This can be helpful in last-minute revision before appearing for the AWS Certified Solutions Architect – Associate level certification exam.

This is third part of AWS CSA revision series. Rest of the series listed below :

In this article, we are checking out key points about CloudFront(CDN Content Delivery Network), SNS (Simple Notification Service), and SQS (Simple Queue Service).

Recommended read : AWS CSA exam preparation guide

Lets get started :

AWS Cloudfront

Origin can be S3 bucket or CNAME of Elastic Load Balancer ELB
S3 bucket as the origin. URL will be bucket_name.s3-reagion.cloudfront.net
Private content sharing with signed URL with an expiration time limit
To serve a new object version, create a new distribution, or create invalidation of the old objects. Since invalidation costs, creating new distribution always helps.
Limits :
- 1,00,000 Requests per second per distribution
- 200 distributions per account
- 40Gbps speed per distribution
- 25 origins per distribution
- 20 GB max file size to serve
By default, object expiration is 24 hours. The minimum TTL is 0.

Amazon SNS

The latest addition to SNS is Lambda
SNS has two clients: Publishers and subscribers
Publishers communicate with subscribers by sending messages to the topic.
Protocol supported :
- HTTP
- HTTPS
- SMS
- email
- email-JSON
- Amazon SQS
- AWS Lambda
SNS Topic of the same name can be created after 30-60 seconds the previous topic deleted.

Amazon SQS

The default visibility timeout is 30 secs. The maximum is 12 hours.
Mainly used to decouple your application
The default period message stays in queue is 4 days. Min-Max periods are 1 min to 2 weeks.
The maximum SQS message size is 256KB.
Supports an unlimited number of queues and unlimited messages per queue.
Long polling can be done from 1 to 20 secs.

How to find MAC address of LAN card in HPUX

Leave a reply

Different ways to find the MAC address of LAN card in HPUX. Learn how to use lanscan, lanadmin, print_manifest, SAM to check MAC.

MAC addresses also known as station addresses can be found physically on LAN cards which are mostly PCI cards on your HP server. Obviously being hardware, it’s not always feasible to open up just to get MAC address! Another way is to get these details from the OS command. You can use lanscan, lanadmin, sam, print_manifest command to get the MAC address of the LAN card in HPUX.

First, you need to get a LAN number on which your expected IP is configured. You can use netstat -nvr to check all IP configured on the system and their respective LAN number.

# netstat -nvr
Routing tables
Dest/Netmask                    Gateway            Flags   Refs Interface  Pmtu
127.0.0.1/255.255.255.255       127.0.0.1          UH        0  lo0        4136
12.123.51.123/255.255.255.255   12.123.51.123      UH        0  lan0       4136
12.125.101.123/255.255.255.255  12.125.101.123     UH        0  lan1       4136
12.123.48.0/255.255.252.0       12.123.51.123      U         2  lan0       1500
12.125.96.0/255.255.248.0       12.125.101.123     U         2  lan1       1500
127.0.0.0/255.0.0.0             127.0.0.1          U         0  lo0        4136
default/0.0.0.0                 12.123.51.1        UG        0  lan0       1500

Look at the interface column to get lanX number. For example, we will try to get the MAC of lan1 interface.

lanscan command

lanscan command without any argument will give you station address i.e. MAC addresses of all available LAN on the system.

# /usr/sbin/lanscan
Hardware Station        Crd  Hdw   Net-Interface    NM   MAC       HP-DLPI DLPI
Path     Address        In#  State NamePPA          ID   Type      Support Mjr#
0/1/2/0  0x001A3B08C4A0 0    UP    lan0 snap0       1    ETHER       Yes   119
0/1/2/1  0x001A3B08C4A1 1    UP    lan1 snap1       2    ETHER       Yes   119

Look station address and column and check the value against lan1! lan1 has MAC of 0x001A3B08C4A1.

lanadmin command

This is not straight forward as lanscan command. After issuing lanadmin command you will be presented with lanadmin console prompt where you can use lanadmin commands. Example below.

# /usr/sbin/lanadmin


          LOCAL AREA NETWORK ONLINE ADMINISTRATION, Version 1.0
                       Mon, Apr 17,2017  18:10:09

               Copyright 1994 Hewlett Packard Company.
                       All rights are reserved.

Test Selection mode.

        lan      = LAN Interface Administration
        menu     = Display this menu
        quit     = Terminate the Administration
        terse    = Do not display command menu
        verbose  = Display command menu

Enter command: lan

Here type command lan. You will be greeted with the LAN interface mode prompt like below.

LAN Interface test mode. LAN Interface PPA Number = 0

        clear    = Clear statistics registers
        display  = Display LAN Interface status and statistics registers
        end      = End LAN Interface Administration, return to Test Selection
        menu     = Display this menu
        ppa      = PPA Number of the LAN Interface
        quit     = Terminate the Administration, return to shell
        reset    = Reset LAN Interface to execute its selftest
        specific = Go to Driver specific menu

Enter command: ppa

Enter command ppa and change your number to 1 since we are checking lan1 in our example. Default is set to lan0

Enter command: ppa
Enter PPA Number.  Currently 0: 1

LAN Interface test mode. LAN Interface PPA Number = 1

Once LAN interface PPA changed to 1 hit command display and you will be shown all details of that lan card including station address!

Enter command: display

                      LAN INTERFACE STATUS DISPLAY
                       Mon, Apr 17,2017  18:10:26

PPA Number                      = 1
Description                     = lan1 HP PCI-X 1000Base-T Release PHNE_36237 B.11.11.15
Type (value)                    = ethernet-csmacd(6)
MTU Size                        = 1500
Speed                           = 1000000000
Station Address                 = 0x1a3b08c4a1
Administration Status (value)   = up(1)
Operation Status (value)        = up(1)
Last Change                     = 185
Inbound Octets                  = 1362884960
Inbound Unicast Packets         = 1309204600
----- output clipped -----

Here you can pad two zeros in from of station address to make it perfect 12 alphanumeric MAC. Means 1a3b08c4a1 becomes 001a3b08c4a1.

Using SAM

You can even use SAM (text based GUI tool) to get these details. Go to,

SAM -> Networking and communications -> Network Interface Cards

Select your lan (in our case lan1) using a space bar (it will be highlighted). Then choose Actions from the menu bar to get details.

Using print_manifest

If you have Ignite installed on the server then you can try print_manifest command to get all system details. Those details also include MAC of all lan cards. The only issue is your LAN PPA number won’t be available here in output to match MAC with lan id.

# /opt/ignite/bin/print_manifest
System Hardware

    Model:              9000/800/rp4440
    Main Memory:        24574 MB
    Processors:         8
    Processor(0) Speed: 999 MHz
    Processor(1) Speed: 999 MHz
    Processor(2) Speed: 999 MHz
    Processor(3) Speed: 999 MHz
    Processor(4) Speed: 999 MHz
    Processor(5) Speed: 999 MHz
    Processor(6) Speed: 999 MHz
    Processor(7) Speed: 999 MHz
    OS mode:            64 bit
    LAN hardware ID:    0x001A3B08C4A0
    LAN hardware ID:    0x001A3B08C4A1
    Software ID:        Z3e1372908dc9758e
    Keyboard Language:  Not_Applicable

----- output clipped ------

AWS VPC, Route53, IAM revision before the CSA exam

1 Reply

Quick revision on topics AWS VPC, Route53, IAM before appearing AWS Certified Solutions Architect – Associate exam.

This article notes down a few important points about AWS (Amazon Web Services) VPC, Route53, and IAM. This can be helpful in last-minute revision before appearing for the AWS Certified Solutions Architect – Associate level certification exam.

This is the second part of the AWS CSA revision series. Rest of the series listed below :

In this article, we are checking out key points about VPC (Virtual Private Cloud), Route53 (DNS Service) and IAM (Identity and Access Management).

Recommended read : AWS CSA exam preparation guide

Lets get started :

VPC (Virtual Private Cloud)

NACL (Network Access Control List) controls traffic security at the subnet level
Security groups control traffic security at the instance level
NACL is stateless (i.e. all traffic need to exclusively allow) while Security groups are stateful (i.e. response traffic is automatically allowed)
Only 1 Internet gateway per VPC is allowed.
VPC peering can be done between two AWS accounts or other VPS within the same region.
VPC peering is a direct network route between two VPC enabling sharing resources in different subnets.
Limits :
- 5 VPC per region
- 50 customer gateways per region
- 200 route table per region
- 50 entries per route table
- 5 elastic IP
- 5 security group per network interface
- 500 security groups per VPC
- 50 rules per security group
First 4 and last 1 IP of each subnet is reserved by AWS as below :
- x.x.x.0: Network IP
- x.x.x.1 : VPC router IP
- x.x.x.2: For VPC DNS
- x.x.x.3: For future use
- x.x.x.255: Broadcast IP

Route 53

Can register domain, act as DNS, Check health of resources.
Port 53 used to serve request by DNS hence the name route 53!
Primarily TCP used to serve DNS request but if the response is more than 512 bytes it will use TCP.
Currently supported records :
- A (address record)
- AAAA (IPv6 address record)
- CNAME (canonical name record)
- MX (mail exchange record)
- NAPTR (name authority pointer record)
- NS (name server record)
- PTR (pointer record)
- SOA (start of authority record)
- SPF (sender policy framework)
- SRV (service locator)
- TXT (text record)
Routing policies :
- Simple routing: Single resource serving traffic
- Weighted routing: Divert proportion wise traffic to multiple resources
- Latency routing: Returns result with the lowest latency to requestor origin
- Failover routing: Active-passive. One resource takes traffic when the other one is failed
- Geolocation routing: Returns DNS queries based on the geolocation of the user
Limits :
- 500 hosted zones per AWS account
- 50 domains per AWS account
Ideal TTL values for CNAME to the existing domain are 24 hours and CNAM to S3 or ELB is 1 hour.
There is no default TTL for any record type in Route 53. You have to specify TTL for your records.
Weights can be assigned as integer 0 to 255. 0 means no weight i.e. don’t route to that record. The probability of routing to be done to a particular record equals to the weight of that record/Sum of all record weights.

IAM (Identity and Access Management)

Never use the root account for login. Create an admin user and use it for administrative tasks
Created users, groups and roles are global and available across all regions in the same AWS account
Prebuilt policy for :
- Administrator – All access
- Power-user – Everything administrator has except IAM management access
- Read-only – Only view access (accounting purpose)
By default, the newly created user has normal deny on all AWS resources. Explicit allow will override normal deny.
Cross account roles can be defined. It assumes access of other users granted to another user.
The public key can be viewed in the account settings anytime. The private key visible only at the time of creation. If lost can not be retrieved and need to create fresh key pair to use.

AWS EC2, S3, RDS revision before the CSA exam

Leave a reply

Quick revision on topics AWS EC2, S3, RDS before appearing AWS Certified Solutions Architect – Associate exam.

This article notes down a few important points about AWS (Amazon Web Services) EC2, S3, and RDS. This can be helpful in last-minute revision before appearing for the AWS Certified Solutions Architect – Associate level certification exam.

This is first part of AWS CSA revision series. Rest of the series listed below :

In this article, we are checking out key points about EC2 (Elastic Compute Cloud), S3 (Simple Storage Service) and RDS (Relational Database Service).

Recommended read : AWS CSA exam preparation guide

Lets get started :

EC2 (Elastic Compute Cloud)

Its an AWS service that provides scalable virtual servers in cloud.
Pricing models are Reserved instances, On-demand instances, and spot instances.
Reserved are less costly since you reserve in advance by paying partial or full.
On-demand ones are costliest. But their launching depends on current available capacity in that zone
Spot instances are bidding unused instances in the Amazon marketplace (cheapest of all). They are allocated and withdrawn according to your bid price.
Max 20 running and 20 shut-down instances can exist per account.
AMI is Amazon Machine Image used to deploy/install the pre-configured OS on EC2 instances.
Instance store backed volumes are ephemeral storage and lost their data once the instance is off
EBS (Elastic Block Store) volumes hold data permanently regardless of instance state.
EBS volume size: Min 1 GiB, Max 16384 GiB (16 Tib)
EBS volume can be attached to 1 instance at a time. It cannot be attached to an instance in a different availability zone.
EBS : 3 IOPS per GiB with a minimum of 100 IOPS, burstable to 3000 IOPS
EBS Provisioned IOPS. 50:1 ratio to be maintained.
RAID 5 and RAID 6 are not recommended for EBS by AWS.
IOPS are measures in chucks of 256KB or smaller.
EC2-Classic is a deprecated service. Exist in accounts before 24 Dec 2013.
The default session timeout for ELB is 60 sec.
5 Elastic IPs per region only.
Key pairs are used by EC2 and CloudFront only.
SAML URL https://signin.aws.amazon.com/saml
Maximum 2 key pairs can be kept per user.
Elastic Load Balancer ELB modes :
- Idle connection timeout
- Cross zone load balancing
- Connection draining
- Proxy protocol
- Sticky session
- Health checks
Auto Scaling plans :
- Current instant levels
- Manual scaling
- Dynamic scaling
- Scheduled scaling
ELB session timeout is 60 sec.
Timeout for connection draining in ELB is 1 sec to 3600 sec. The default is 300 sec.

S3 (Simple Storage Service)

objects (files) are stored in buckets. All root folders are buckets and must have a unique name across all AWS infra
Unlimited storage and high availability by default
99.999999999% (Eleven 9’s) durability and 99.99% availability for data stored on S3
User can enable AES-256 encryption for data at rest
Versioning can be enabled but can not be disabled. It can only be suspended then.
Life cycle policies can be defined for deletion or archival.
The glacier is a low-cost storage option for archiving data. Data in and out of Glacier takes hours or days.
Glacier costs 1 cent / 1 GB for a year.
Object size : min 0 bytes, max 5 TB
Object more than 100MB must use the multipart upload function
All regions support read after write consistency for PUTS (new object) and eventual consistency for PUTS (overwrite) & DELETE.
The object always stays within the region and synced across all availability zones.
The S3 infrequent access (S3-IA) storage class has object durability of 99.999999999% and availability of 99.90%
Max object size in a single put is 5GB.

RDS (Relation Database Service)

Its fully managed database service in the cloud.
Supported databases: Oracle, MySQL, PostgreSQL, MS SQL, Aurora (Amazon homegrown SQL DB)
Scale underlying hardware automatically
Support read replicas of SQL based DB
Disk space : min 5GB, max 3TB
Default database port: 3306
RDS backup retention policy : 0 days min (no backup) to 35 days max.

DynamoDB

Dynamodb supports in-place atomic updates
Dynamodb defaults in the US west Oregon region.
Max 1MB of data can be retrieved in the single query operation.

List of online package repositories

Leave a reply

List of all online Linux yum or apt package repositories, mirrors, download sites. Updated continuously whenever a new link is discovered

List of online resources for linux packages

This article aimed at listing all available mirrors, repositories, package download sites for Linux distros. Let us know broken/new links in comments and we will update this post accordingly.

Use these links on your own risk!

Fedora Mirrors

https://admin.fedoraproject.org/mirrormanager/ (Sorted by distro, arch etc)

More details here

Red Hat Mirrors

ftp://tug.ctan.org/pub/mirrors/ftp.redhat.com/mirror.html (sorted by Geo locations)

More details here

CentOS mirrors

https://www.centos.org/download/mirrors/ (sorted by Geo locations)

More details here

Articles you might be interested :

openSUSE mirrors

http://mirrors.opensuse.org/ (sorted by Geo locations, repo)

Oracle Linux mirrors

https://community.oracle.com/docs/DOC-917963

Oracle public YUM repository : http://public-yum.oracle.com/

EPEL repositories

https://dl.fedoraproject.org/pub/epel/

Remi repository (Fork from EPEL) http://rpms.famillecollet.com/enterprise/
IUS repository (Fork from EPEL) https://ius.io/

Debian worldwide mirrors

https://www.debian.org/mirror/list (sorted by Geo locations, Architecture)

More details here

Ubuntu

Packages search: http://packages.ubuntu.com/
Ubuntu mirrors: https://launchpad.net/ubuntu/+archivemirrors

RPM search and download sites

https://www.rpmfind.net/linux/RPM/

http://rpm.pbone.net/

Nginx installation on Linux server

Leave a reply

Step by step Nginx installation on YUM or APT based Linux servers. Know about configuration files, log files, and directory listing in Nginx.

Nginx is a popular web server and preferred over Apache. Many websites and blogs today run on Nginx webserver. In this article, we are going to see how to install Nginx in Linux.

Nginx Installation

Nginx is available for install in EPEL repositories for YUM based Linux systems and in default repositories of APT (Debian) based systems. Depending on your system type install the Nginx package. Sample outputs below :

# yum install nginx
Loaded plugins: amazon-id, rhui-lb, search-disabled-repos, security
Setting up Install Process
epel/metalink                                                                                                                         | 4.4 kB     00:00
epel                                                                                                                                  | 4.3 kB     00:00
https://mirrors.tuna.tsinghua.edu.cn/epel/6/x86_64/repodata/repomd.xml: [Errno -1] repomd.xml does not match metalink for epel
Trying other mirror.
epel                                                                                                                                  | 4.3 kB     00:00
rhui-REGION-client-config-server-6                                                                                                    | 2.9 kB     00:00
rhui-REGION-rhel-server-releases                                                                                                      | 3.5 kB     00:00
rhui-REGION-rhel-server-releases-optional                                                                                             | 3.5 kB     00:00
rhui-REGION-rhel-server-rh-common                                                                                                     | 3.8 kB     00:00
Resolving Dependencies
--> Running transaction check
---> Package nginx.x86_64 0:1.10.2-1.el6 will be installed
--> Processing Dependency: nginx-filesystem = 1.10.2-1.el6 for package: nginx-1.10.2-1.el6.x86_64
--> Processing Dependency: nginx-all-modules = 1.10.2-1.el6 for package: nginx-1.10.2-1.el6.x86_64
--> Processing Dependency: nginx-filesystem for package: nginx-1.10.2-1.el6.x86_64
--> Running transaction check
---> Package nginx-all-modules.noarch 0:1.10.2-1.el6 will be installed
--> Processing Dependency: nginx-mod-stream = 1.10.2-1.el6 for package: nginx-all-modules-1.10.2-1.el6.noarch
--> Processing Dependency: nginx-mod-mail = 1.10.2-1.el6 for package: nginx-all-modules-1.10.2-1.el6.noarch
--> Processing Dependency: nginx-mod-http-xslt-filter = 1.10.2-1.el6 for package: nginx-all-modules-1.10.2-1.el6.noarch
--> Processing Dependency: nginx-mod-http-perl = 1.10.2-1.el6 for package: nginx-all-modules-1.10.2-1.el6.noarch
--> Processing Dependency: nginx-mod-http-image-filter = 1.10.2-1.el6 for package: nginx-all-modules-1.10.2-1.el6.noarch
--> Processing Dependency: nginx-mod-http-geoip = 1.10.2-1.el6 for package: nginx-all-modules-1.10.2-1.el6.noarch
---> Package nginx-filesystem.noarch 0:1.10.2-1.el6 will be installed
--> Running transaction check
---> Package nginx-mod-http-geoip.x86_64 0:1.10.2-1.el6 will be installed
--> Processing Dependency: GeoIP for package: nginx-mod-http-geoip-1.10.2-1.el6.x86_64
--> Processing Dependency: libGeoIP.so.1()(64bit) for package: nginx-mod-http-geoip-1.10.2-1.el6.x86_64
---> Package nginx-mod-http-image-filter.x86_64 0:1.10.2-1.el6 will be installed
--> Processing Dependency: gd for package: nginx-mod-http-image-filter-1.10.2-1.el6.x86_64
--> Processing Dependency: libgd.so.2()(64bit) for package: nginx-mod-http-image-filter-1.10.2-1.el6.x86_64
---> Package nginx-mod-http-perl.x86_64 0:1.10.2-1.el6 will be installed
---> Package nginx-mod-http-xslt-filter.x86_64 0:1.10.2-1.el6 will be installed
---> Package nginx-mod-mail.x86_64 0:1.10.2-1.el6 will be installed
---> Package nginx-mod-stream.x86_64 0:1.10.2-1.el6 will be installed
--> Running transaction check
---> Package GeoIP.x86_64 0:1.6.5-1.el6 will be installed
--> Processing Dependency: geoipupdate for package: GeoIP-1.6.5-1.el6.x86_64
--> Processing Dependency: GeoIP-data for package: GeoIP-1.6.5-1.el6.x86_64
---> Package gd.x86_64 0:2.0.35-11.el6 will be installed
--> Processing Dependency: libXpm.so.4()(64bit) for package: gd-2.0.35-11.el6.x86_64
--> Running transaction check
---> Package GeoIP-GeoLite-data.noarch 0:2017.01-1.el6 will be installed
--> Processing Dependency: GeoIP-GeoLite-data-extra = 2017.01-1.el6 for package: GeoIP-GeoLite-data-2017.01-1.el6.noarch
---> Package geoipupdate.x86_64 0:2.2.1-2.el6 will be installed
---> Package libXpm.x86_64 0:3.5.10-2.el6 will be installed
--> Running transaction check
---> Package GeoIP-GeoLite-data-extra.noarch 0:2017.01-1.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=============================================================================================================================================================
 Package                                      Arch                    Version                        Repository                                         Size
=============================================================================================================================================================
Installing:
 nginx                                        x86_64                  1.10.2-1.el6                   epel                                              462 k
Installing for dependencies:
 GeoIP                                        x86_64                  1.6.5-1.el6                    epel                                              113 k
 GeoIP-GeoLite-data                           noarch                  2017.01-1.el6                  epel                                              468 k
 GeoIP-GeoLite-data-extra                     noarch                  2017.01-1.el6                  epel                                               23 M
 gd                                           x86_64                  2.0.35-11.el6                  rhui-REGION-rhel-server-releases                  142 k
 geoipupdate                                  x86_64                  2.2.1-2.el6                    epel                                               28 k
 libXpm                                       x86_64                  3.5.10-2.el6                   rhui-REGION-rhel-server-releases                   51 k
 nginx-all-modules                            noarch                  1.10.2-1.el6                   epel                                              7.7 k
 nginx-filesystem                             noarch                  1.10.2-1.el6                   epel                                              8.5 k
 nginx-mod-http-geoip                         x86_64                  1.10.2-1.el6                   epel                                               14 k
 nginx-mod-http-image-filter                  x86_64                  1.10.2-1.el6                   epel                                               16 k
 nginx-mod-http-perl                          x86_64                  1.10.2-1.el6                   epel                                               26 k
 nginx-mod-http-xslt-filter                   x86_64                  1.10.2-1.el6                   epel                                               16 k
 nginx-mod-mail                               x86_64                  1.10.2-1.el6                   epel                                               43 k
 nginx-mod-stream                             x86_64                  1.10.2-1.el6                   epel                                               36 k

Transaction Summary
=============================================================================================================================================================
Install      15 Package(s)

Total download size: 24 M
Installed size: 49 M
Is this ok [y/N]: y
Downloading Packages:
(1/15): GeoIP-1.6.5-1.el6.x86_64.rpm                                                                                                  | 113 kB     00:00
(2/15): GeoIP-GeoLite-data-2017.01-1.el6.noarch.rpm                                                                                   | 468 kB     00:00
(3/15): GeoIP-GeoLite-data-extra-2017.01-1.el6.noarch.rpm                                                                             |  23 MB     00:01
(4/15): gd-2.0.35-11.el6.x86_64.rpm                                                                                                   | 142 kB     00:00
(5/15): geoipupdate-2.2.1-2.el6.x86_64.rpm                                                                                            |  28 kB     00:00
(6/15): libXpm-3.5.10-2.el6.x86_64.rpm                                                                                                |  51 kB     00:00
(7/15): nginx-1.10.2-1.el6.x86_64.rpm                                                                                                 | 462 kB     00:00
(8/15): nginx-all-modules-1.10.2-1.el6.noarch.rpm                                                                                     | 7.7 kB     00:00
(9/15): nginx-filesystem-1.10.2-1.el6.noarch.rpm                                                                                      | 8.5 kB     00:00
(10/15): nginx-mod-http-geoip-1.10.2-1.el6.x86_64.rpm                                                                                 |  14 kB     00:00
(11/15): nginx-mod-http-image-filter-1.10.2-1.el6.x86_64.rpm                                                                          |  16 kB     00:00
(12/15): nginx-mod-http-perl-1.10.2-1.el6.x86_64.rpm                                                                                  |  26 kB     00:00
(13/15): nginx-mod-http-xslt-filter-1.10.2-1.el6.x86_64.rpm                                                                           |  16 kB     00:00
(14/15): nginx-mod-mail-1.10.2-1.el6.x86_64.rpm                                                                                       |  43 kB     00:00
(15/15): nginx-mod-stream-1.10.2-1.el6.x86_64.rpm                                                                                     |  36 kB     00:00
-------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                        6.1 MB/s |  24 MB     00:03
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : GeoIP-GeoLite-data-extra-2017.01-1.el6.noarch                                                                                            1/15
  Installing : GeoIP-GeoLite-data-2017.01-1.el6.noarch                                                                                                  2/15
  Installing : nginx-filesystem-1.10.2-1.el6.noarch                                                                                                     3/15
  Installing : geoipupdate-2.2.1-2.el6.x86_64                                                                                                           4/15
  Installing : GeoIP-1.6.5-1.el6.x86_64                                                                                                                 5/15
  Installing : libXpm-3.5.10-2.el6.x86_64                                                                                                               6/15
  Installing : gd-2.0.35-11.el6.x86_64                                                                                                                  7/15
  Installing : nginx-mod-http-geoip-1.10.2-1.el6.x86_64                                                                                                 8/15
  Installing : nginx-mod-stream-1.10.2-1.el6.x86_64                                                                                                     9/15
  Installing : nginx-mod-http-perl-1.10.2-1.el6.x86_64                                                                                                 10/15
  Installing : nginx-mod-http-image-filter-1.10.2-1.el6.x86_64                                                                                         11/15
  Installing : nginx-mod-http-xslt-filter-1.10.2-1.el6.x86_64                                                                                          12/15
  Installing : nginx-1.10.2-1.el6.x86_64                                                                                                               13/15
  Installing : nginx-mod-mail-1.10.2-1.el6.x86_64                                                                                                      14/15
  Installing : nginx-all-modules-1.10.2-1.el6.noarch                                                                                                   15/15
  Verifying  : nginx-mod-mail-1.10.2-1.el6.x86_64                                                                                                       1/15
  Verifying  : GeoIP-1.6.5-1.el6.x86_64                                                                                                                 2/15
  Verifying  : nginx-mod-http-geoip-1.10.2-1.el6.x86_64                                                                                                 3/15
  Verifying  : libXpm-3.5.10-2.el6.x86_64                                                                                                               4/15
  Verifying  : nginx-mod-stream-1.10.2-1.el6.x86_64                                                                                                     5/15
  Verifying  : nginx-all-modules-1.10.2-1.el6.noarch                                                                                                    6/15
  Verifying  : GeoIP-GeoLite-data-2017.01-1.el6.noarch                                                                                                  7/15
  Verifying  : nginx-mod-http-perl-1.10.2-1.el6.x86_64                                                                                                  8/15
  Verifying  : nginx-mod-http-image-filter-1.10.2-1.el6.x86_64                                                                                          9/15
  Verifying  : nginx-1.10.2-1.el6.x86_64                                                                                                               10/15
  Verifying  : geoipupdate-2.2.1-2.el6.x86_64                                                                                                          11/15
  Verifying  : GeoIP-GeoLite-data-extra-2017.01-1.el6.noarch                                                                                           12/15
  Verifying  : nginx-filesystem-1.10.2-1.el6.noarch                                                                                                    13/15
  Verifying  : gd-2.0.35-11.el6.x86_64                                                                                                                 14/15
  Verifying  : nginx-mod-http-xslt-filter-1.10.2-1.el6.x86_64                                                                                          15/15

Installed:
  nginx.x86_64 0:1.10.2-1.el6

Dependency Installed:
  GeoIP.x86_64 0:1.6.5-1.el6                             GeoIP-GeoLite-data.noarch 0:2017.01-1.el6      GeoIP-GeoLite-data-extra.noarch 0:2017.01-1.el6
  gd.x86_64 0:2.0.35-11.el6                              geoipupdate.x86_64 0:2.2.1-2.el6               libXpm.x86_64 0:3.5.10-2.el6
  nginx-all-modules.noarch 0:1.10.2-1.el6                nginx-filesystem.noarch 0:1.10.2-1.el6         nginx-mod-http-geoip.x86_64 0:1.10.2-1.el6
  nginx-mod-http-image-filter.x86_64 0:1.10.2-1.el6      nginx-mod-http-perl.x86_64 0:1.10.2-1.el6      nginx-mod-http-xslt-filter.x86_64 0:1.10.2-1.el6
  nginx-mod-mail.x86_64 0:1.10.2-1.el6                   nginx-mod-stream.x86_64 0:1.10.2-1.el6

Complete!

# apt-get install nginx
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
  linux-headers-4.4.0-59 linux-headers-4.4.0-59-generic linux-headers-4.4.0-66 linux-headers-4.4.0-66-generic linux-image-4.4.0-59-generic
  linux-image-4.4.0-66-generic
Use 'apt autoremove' to remove them.
The following additional packages will be installed:
  fontconfig-config fonts-dejavu-core libfontconfig1 libgd3 libjbig0 libjpeg-turbo8 libjpeg8 libtiff5 libvpx3 libxpm4 libxslt1.1 nginx-common nginx-core
Suggested packages:
  libgd-tools fcgiwrap nginx-doc ssl-cert
The following NEW packages will be installed:
  fontconfig-config fonts-dejavu-core libfontconfig1 libgd3 libjbig0 libjpeg-turbo8 libjpeg8 libtiff5 libvpx3 libxpm4 libxslt1.1 nginx nginx-common
  nginx-core
0 upgraded, 14 newly installed, 0 to remove and 64 not upgraded.
Need to get 2,999 kB of archives.
After this operation, 9,781 kB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu xenial/main amd64 libjpeg-turbo8 amd64 1.4.2-0ubuntu3 [111 kB]
Get:2 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu xenial/main amd64 libjbig0 amd64 2.1-3.1 [26.6 kB]
Get:3 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu xenial/main amd64 fonts-dejavu-core all 2.35-1 [1,039 kB]
Get:4 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu xenial-updates/main amd64 fontconfig-config all 2.11.94-0ubuntu1.1 [49.9 kB]
Get:5 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libfontconfig1 amd64 2.11.94-0ubuntu1.1 [131 kB]
Get:6 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu xenial/main amd64 libjpeg8 amd64 8c-2ubuntu8 [2,194 B]
Get:7 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libtiff5 amd64 4.0.6-1ubuntu0.1 [146 kB]
Get:8 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu xenial/main amd64 libvpx3 amd64 1.5.0-2ubuntu1 [732 kB]
Get:9 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libxpm4 amd64 1:3.5.11-1ubuntu0.16.04.1 [33.8 kB]
Get:10 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libgd3 amd64 2.1.1-4ubuntu0.16.04.6 [126 kB]
Get:11 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu xenial/main amd64 libxslt1.1 amd64 1.1.28-2.1 [145 kB]
Get:12 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu xenial-updates/main amd64 nginx-common all 1.10.0-0ubuntu0.16.04.4 [26.6 kB]
Get:13 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu xenial-updates/main amd64 nginx-core amd64 1.10.0-0ubuntu0.16.04.4 [428 kB]
Get:14 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu xenial-updates/main amd64 nginx all 1.10.0-0ubuntu0.16.04.4 [3,498 B]
Fetched 2,999 kB in 2s (1,135 kB/s)
Preconfiguring packages ...
Selecting previously unselected package libjpeg-turbo8:amd64.
(Reading database ... 138589 files and directories currently installed.)
Preparing to unpack .../libjpeg-turbo8_1.4.2-0ubuntu3_amd64.deb ...
Unpacking libjpeg-turbo8:amd64 (1.4.2-0ubuntu3) ...
Selecting previously unselected package libjbig0:amd64.
Preparing to unpack .../libjbig0_2.1-3.1_amd64.deb ...
Unpacking libjbig0:amd64 (2.1-3.1) ...
Selecting previously unselected package fonts-dejavu-core.
Preparing to unpack .../fonts-dejavu-core_2.35-1_all.deb ...
Unpacking fonts-dejavu-core (2.35-1) ...
Selecting previously unselected package fontconfig-config.
Preparing to unpack .../fontconfig-config_2.11.94-0ubuntu1.1_all.deb ...
Unpacking fontconfig-config (2.11.94-0ubuntu1.1) ...
Selecting previously unselected package libfontconfig1:amd64.
Preparing to unpack .../libfontconfig1_2.11.94-0ubuntu1.1_amd64.deb ...
Unpacking libfontconfig1:amd64 (2.11.94-0ubuntu1.1) ...
Selecting previously unselected package libjpeg8:amd64.
Preparing to unpack .../libjpeg8_8c-2ubuntu8_amd64.deb ...
Unpacking libjpeg8:amd64 (8c-2ubuntu8) ...
Selecting previously unselected package libtiff5:amd64.
Preparing to unpack .../libtiff5_4.0.6-1ubuntu0.1_amd64.deb ...
Unpacking libtiff5:amd64 (4.0.6-1ubuntu0.1) ...
Selecting previously unselected package libvpx3:amd64.
Preparing to unpack .../libvpx3_1.5.0-2ubuntu1_amd64.deb ...
Unpacking libvpx3:amd64 (1.5.0-2ubuntu1) ...
Selecting previously unselected package libxpm4:amd64.
Preparing to unpack .../libxpm4_1%3a3.5.11-1ubuntu0.16.04.1_amd64.deb ...
Unpacking libxpm4:amd64 (1:3.5.11-1ubuntu0.16.04.1) ...
Selecting previously unselected package libgd3:amd64.
Preparing to unpack .../libgd3_2.1.1-4ubuntu0.16.04.6_amd64.deb ...
Unpacking libgd3:amd64 (2.1.1-4ubuntu0.16.04.6) ...
Selecting previously unselected package libxslt1.1:amd64.
Preparing to unpack .../libxslt1.1_1.1.28-2.1_amd64.deb ...
Unpacking libxslt1.1:amd64 (1.1.28-2.1) ...
Selecting previously unselected package nginx-common.
Preparing to unpack .../nginx-common_1.10.0-0ubuntu0.16.04.4_all.deb ...
Unpacking nginx-common (1.10.0-0ubuntu0.16.04.4) ...
Selecting previously unselected package nginx-core.
Preparing to unpack .../nginx-core_1.10.0-0ubuntu0.16.04.4_amd64.deb ...
Unpacking nginx-core (1.10.0-0ubuntu0.16.04.4) ...
Selecting previously unselected package nginx.
Preparing to unpack .../nginx_1.10.0-0ubuntu0.16.04.4_all.deb ...
Unpacking nginx (1.10.0-0ubuntu0.16.04.4) ...
Processing triggers for libc-bin (2.23-0ubuntu7) ...
Processing triggers for man-db (2.7.5-1) ...
Processing triggers for ufw (0.35-0ubuntu2) ...
Processing triggers for ureadahead (0.100.0-19) ...
Processing triggers for systemd (229-4ubuntu13) ...
Setting up libjpeg-turbo8:amd64 (1.4.2-0ubuntu3) ...
Setting up libjbig0:amd64 (2.1-3.1) ...
Setting up fonts-dejavu-core (2.35-1) ...
Setting up fontconfig-config (2.11.94-0ubuntu1.1) ...
Setting up libfontconfig1:amd64 (2.11.94-0ubuntu1.1) ...
Setting up libjpeg8:amd64 (8c-2ubuntu8) ...
Setting up libtiff5:amd64 (4.0.6-1ubuntu0.1) ...
Setting up libvpx3:amd64 (1.5.0-2ubuntu1) ...
Setting up libxpm4:amd64 (1:3.5.11-1ubuntu0.16.04.1) ...
Setting up libgd3:amd64 (2.1.1-4ubuntu0.16.04.6) ...
Setting up libxslt1.1:amd64 (1.1.28-2.1) ...
Setting up nginx-common (1.10.0-0ubuntu0.16.04.4) ...
Setting up nginx-core (1.10.0-0ubuntu0.16.04.4) ...
Setting up nginx (1.10.0-0ubuntu0.16.04.4) ...
Processing triggers for libc-bin (2.23-0ubuntu7) ...
Processing triggers for systemd (229-4ubuntu13) ...
Processing triggers for ureadahead (0.100.0-19) ...
Processing triggers for ufw (0.35-0ubuntu2) ...

After successful installation, start nginx service.

# service nginx start (Redhat systems)
Starting nginx:                                            [  OK  ]
OR
# systemctl start nginx (RHEL7 & debian)
Starting nginx:                                            [  OK  ]

Verify service is running.

# service nginx status
nginx (pid  1689) is running...

OR

# systemctl status nginx
● nginx.service - A high performance web server and a reverse proxy server
   Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2017-04-04 10:24:19 UTC; 2min 15s ago
 Main PID: 6734 (nginx)
   CGroup: /system.slice/nginx.service
           ├─6734 nginx: master process /usr/sbin/nginx -g daemon on; master_process on
           └─6735 nginx: worker process

That’s it. Your installation is complete and your webserver is up and running.

Nginx server test

Now you can enter your server IP in the browser (http://x.x.x.x/) to check if your Nginx webserver is serving page or not. If you are getting a connection timed out, you may want to check firewall settings on your server to allow port 80.

You will be served with test page like below :

nginx test page on YUM based systems like Red Hat

nginx test page on APT based systems like Ubuntu

This confirms that your Nginx web server installation is successful and it’s ready for customization.

nginx configurations

The default server root directory is /usr/share/nginx/html. Files that are placed in there will be served on your web server. You can place your HTML files here to serve a static website! The test page you seen above is file index.html under /usr/share/nginx/html. This default directory can be changed under Nginx configuration file /etc/nginx/conf.d/default.conf.

nginx global configuration file is /etc/nginx/nginx.conf. In this conf file, you can set the user to run Nginx, its number of processes to fork, etc.

Default log files error.log (for errors) and access.log (logging accesses) are located under /var/log/nginx

Directory listing in nginx

If you place a few files or directories in root directory then you will not see a listing of them in your browser as we saw in Apache configuration. To enable this you need to add autoindex on; in config file after root directive. Look at my config below :

# cat /etc/nginx/conf.d/default.conf
server {
    listen       80 default_server;
    listen       [::]:80 default_server;
    server_name  _;
    root         /tmp;
    autoindex on;

----- output clipped ----

In the above config, I defined /tmp as root and turned on autoindex (highlighted lines). Restart Nginx services after saving the above changes. Now if I check my webpage (http://x.x.x.x/) it will list all files/directories under /tmp

You can see in above screenshot, /tmp directory listing is presented by Nginx. If you don’t put autoindex on then it will serve you 404 forbidden error!

Let’s Encrypt SSL certificate on Apache YUM based Linux system

Leave a reply

Learn to configure the free, open-source, secure Let’s Encrypt SSL certificate on Apache webserver running on YUM based Linux server.

What is Let’s Encrypt

Let’s Encrypt is free, open-source, and automatic SSL CA (Certificate Authority). Its managed by ISRG (Internet Security Research Group). SSL certificate always involved a cost which is recurring every year for renewal. Let’s encrypt aimed at open source and free SSL. This is an ideal choice for small websites, businesses which have less or no critical data on their websites and looking for SSL certificates.

If you are running a personal blog then SSL is essential for having a good search engine reputation. But before you dive into you need one dedicated IP for your domain name. If you are on shared hosting you are likely not having a dedicated IP. So for Let’s Encrypt SSL, you need to buy IP for your domain name.

Lets Encrypt SSL certificate

Let’s encrypt provides you fee SSL after your domain name validity which lasts for 3 months. You have to manually renew it every 3 months. The renewal process can be automatized too. Certbot is currently serving you deploying https on your server and configuring Let’s encrypt certs for you.

Before run into installation you should have these pre-requisite completed :

Install EPEL repo
You should have a webserver running
The webpage is being displayed on your domain name (port 80) properly

Let’s encrypt installation on Apache & YUM Linux system

First of all, you need to clone git repository of letsencrypt. For that install package ‘git’ first. Once done run below git clone command :

# git clone https://github.com/letsencrypt/letsencrypt
Initialized empty Git repository in /root/letsencrypt/.git/
remote: Counting objects: 45178, done.
remote: Compressing objects: 100% (164/164), done.
remote: Total 45178 (delta 112), reused 0 (delta 0), pack-reused 45014
Receiving objects: 100% (45178/45178), 13.38 MiB | 2.15 MiB/s, done.
Resolving deltas: 100% (32345/32345), done.

Now goto letsencrypt directory which is created in your present directory by clone command. Under that directory run below command :

# ./letsencrypt-auto  certonly --standalone

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Please enter in your domain name(s) (comma and/or space separated)  (Enter 'c'
to cancel):ktwebtest.ddns.net
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for ktwebtest.ddns.net
Waiting for verification...
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0002_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0002_csr-certbot.pem

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/ktwebtest.ddns.net/fullchain.pem. Your cert
   will expire on 2017-07-02. To obtain a new or tweaked version of
   this certificate in the future, simply run letsencrypt-auto again.
   To non-interactively renew *all* of your certificates, run
   "letsencrypt-auto renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

You can see above, after supplying domain name, Certbot creates a CSR file on its own, generates a key file, and fetch SSL certificate too. All paths are visible in the output. All files path are :

Key files directory: /etc/letsencrypt/keys/
CSR files directory: /etc/letsencrypt/csr/
SSL files directory: /etc/letsencrypt/live/

It also shows you when your certificate going to expire. And command you can use to renew your certificate. Now you can follow the tutorial of how to install SSL which you obtained in the above step.

You can even automatize this SSL installation steps by using command :

# ./letsencrypt-auto  -d ktwebtest.ddns.net --apache

With this command, it will create key, CSR, fetch SSL, install SSL on your domain webserver!

Certificate renewal

You can renew certificate manually using :

# ./letsencrypt-auto renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/ktwebtest.ddns.net.conf
-------------------------------------------------------------------------------
Cert not yet due for renewal

The following certs are not due for renewal yet:
  /etc/letsencrypt/live/ktwebtest.ddns.net/fullchain.pem (skipped)
No renewals were attempted.

As you can see, it will scan through all fetched let’s encrypt certificates on the server and their due date. If found due, those certificates will be renewed in no time!

If you want to renew certificate regardless of the due date then you can use force renew as below :

# ./letsencrypt-auto renew  --force-renewal

Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/ktwebtest.ddns.net.conf
-------------------------------------------------------------------------------
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for ktwebtest.ddns.net
Waiting for verification...
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0003_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0003_csr-certbot.pem

-------------------------------------------------------------------------------
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/ktwebtest.ddns.net/fullchain.pem
-------------------------------------------------------------------------------

Congratulations, all renewals succeeded. The following certs have been renewed:
  /etc/letsencrypt/live/ktwebtest.ddns.net/fullchain.pem (success)

You can even schedule crontab with a little bit of scripting to have an automatic renewal of certificates.

How to install EPEL repository in YUM based Linux

Leave a reply

Learn how to install EPEL repository (Extra Packages for Enterprise Linux) in YUM based Linux. It enables you to install open source packages.

What is EPEL

EPEL stands for Extra Packages for Enterprise Linux. EPEL repository is helpful and rich with packages that are normally used/needed for commonly used Linux software. This repository is managed by the EPEL group. This repository contains all 100% free open source packages which may not available in the core

EPEL repos should be used in production with extra caution.

As you know EPEL group is the Fedora project, EPEL repository can be enabled for YUM based systems like RHEL, Oracle Linux, Fedora, CentOS, etc distributions.

How to configure EPEL

Adding EPEL repository can take a different route than adding https, FTP repositories in YUM. For EPFL, you need to download related RPM from link using any Linux downloaders. Choose correct distro and architecture while choosing a download link for the EPEL package. Or you can choose noarch rpm as I did below.

I downloaded rpm using wget as below :

# wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm
--2017-04-03 13:18:35--  https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm
Resolving dl.fedoraproject.org... 209.132.181.25, 209.132.181.23, 209.132.181.24
Connecting to dl.fedoraproject.org|209.132.181.25|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 14540 (14K) [application/x-rpm]
Saving to: “epel-release-latest-6.noarch.rpm”

100%[===================================================================================================================>] 14,540      51.5K/s   in 0.3s

2017-04-03 13:18:37 (51.5 KB/s) - “epel-release-latest-6.noarch.rpm” saved [14540/14540]

You should have rpm file in your current directory.

# ll
total 680
-rw-r--r--. 1 root root  14540 Nov  5  2012 epel-release-latest-6.noarch.rpm

You need to install rpm using yum command.

# yum install ./epel-release-latest-*.noarch.rpm
Loaded plugins: amazon-id, rhui-lb, security
Setting up Install Process
Examining ./epel-release-latest-6.noarch.rpm: epel-release-6-8.noarch
Marking ./epel-release-latest-6.noarch.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package epel-release.noarch 0:6-8 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=============================================================================================================================================================
 Package                              Arch                           Version                     Repository                                             Size
=============================================================================================================================================================
Installing:
 epel-release                         noarch                         6-8                         /epel-release-latest-6.noarch                          22 k

Transaction Summary
=============================================================================================================================================================
Install       1 Package(s)

Total size: 22 k
Installed size: 22 k
Is this ok [y/N]: y
Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : epel-release-6-8.noarch                                                                                                                   1/1
  Verifying  : epel-release-6-8.noarch                                                                                                                   1/1

Installed:
  epel-release.noarch 0:6-8

Complete!

Thats it. EPEL repository is accommodated by your YUM configuration now.

EPEL repository test

Let’s test the EPEL repository if it’s configured properly. You should see below the new repo in directory /etc/yum.repos.d This is the first indication EPEL is configured.

# pwd
/etc/yum.repos.d

# ll
total 32
-rw-r--r--. 1 root root  957 Nov  4  2012 epel.repo
-rw-r--r--. 1 root root 1056 Nov  4  2012 epel-testing.repo

Now extract repolist from yum to verify configuration.

# yum repolist
Loaded plugins: amazon-id, rhui-lb, security
repo id                                                         repo name                                                                              status
epel                                                            Extra Packages for Enterprise Linux 6 - x86_64                                         12,361
rhui-REGION-client-config-server-6                              Red Hat Update Infrastructure 2.0 Client Configuration Server 6                             0
rhui-REGION-rhel-server-releases                                Red Hat Enterprise Linux Server 6 (RPMs)                                               19,422
rhui-REGION-rhel-server-releases-optional                       Red Hat Enterprise Linux Server 6 Optional (RPMs)                                      11,057
rhui-REGION-rhel-server-rh-common                               Red Hat Enterprise Linux Server 6 RH Common (RPMs)                                        129
repolist: 48,031

You can see EPEL is configured and identified properly by YUM (highlighted line).