Thursday, November 8, 2012

Addressing OpenJDK bug with SSL on Ubuntu 12.04 Server (javax.net.ssl.SSLException)


Introduction

After countless hours, you finally finished a secure java server ready for deployment.
If you installed clean copy of Ubuntu 12.04 server or updated it, you may face following error during run time.


 javax.net.ssl.SSLException: java.security.ProviderException: 

 sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DOMAIN_PARAMS_INVALID


Problem

This is known bug with OpenJDK that has not been resolved yet.

Solution

This can be fixed by editing following file:


 /etc/java-6-openjdk/security/java.security



Find following line:


 security.provider.9=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/nss.cfg


And change to following lines:



 security.provider.9=sun.security.ec.SunEC
 security.provider.10=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/nss.cfg



Now your server will not crash!! or you have another fun problem with deal with!


Posted by at 4 comments:

[Tutorial] How to SSH into Amazon EC2 Server




Introduction


Amazon AWS is relatively new web service but its been growing rapidly since its initial launch.
They have thousands of large clients including banks and federal government.
I have recently started using their services for a start-up I am working on.

Amazon AWS EC2 server is set up little different than other common servers in a sense that it only allows access through a private key. Upon creation of Amazon AWS EC2 Server you will receive private key.
It is important to have this key saved somewhere secure and NEVER LOSE IT!!! or else you are going to have bad time.

Requires Private Key

Simply accessing the server over SSH will give you Permission Denied (public key) error.


 ssh root@your-ip


You need to use your private key to access.



 ssh -i your-key.pem your-ip



Requires Permission Change


If you get following error:



 It is required that your private key files are NOT accessible by others.
  This private key will be ignored.





This means your private key is not protected and you need to change the permission.


 chmod 400 your-key.pem




Know your user

If you will still see Permission Denied (public key) error, it is very likely that you have wrong user.
Depending on your linux distribution, you probably wont be able to log in with root.
For Ubuntu distribution available in AWS repository, the default user is "ubuntu"



 ssh -v -l ubuntu -i your-key.pem your-ip





There you go! You should be able to log into your server now.

Posted by at No comments:

[Tutorial] Run script at bootup in linux (cronjob or bashscript)



Introduction

If you are lazy programmer like me, you would like to automate everything rather than having to do stuff manually. Usually bash script / python script can become extremely handy getting things done. You can have these scripts to start automatically at bootup or at scheduled time.

Running script/program at bootup under linux environment

In order to run your custom script at bootup under linux environment, you need to copy your script to /etc/init.d/ directory


 cp custom_script.sh /etc/init.d/.


Then you need to change permission to make it executable.


 chmod +x /etc/init.d/custom_script.sh


Create link to your script in rc.d directory.


 ln /etc/init.d/custom_script.sh /etc/rc.d/custom_script.sh


You are all ready to go and your script will be running next time you reboot your computer!

Cron Job


If you want to run your custom script at specific time, then you can use crontab to schedule and automatically run it.

Make sure you have crontab available on your linux machine and edit your crontab file by typing following:


 crontab -e


Crontab syntax is pretty simple. Each line consists of this simple syntax consisting of 6 columns.


 Minute Hour Day Month Week_Day Command


You can specify the script to run every unit (hour, minute etc.) time by using * instead of real number.
Following cron line will run cmd every minute of every hour of every month.


 * * * * * cmd

You can specify the script to run at specific time interval using dash.
For example, following cron line will run the command every weekday between 9 am and 5 pm.

 00 09-17 * * 1-5 cmd



That's it!
Now you can just relax and let the script start automatically.
If you want the script to keep running all the time, you can write a bash script to keep restarting it when it dies.
For more info, look at my another posting here.



Posted by at No comments:

[Tutorial] Never dying program (How to automatically restart a program if it dies/crashes


Introduction

When you have an unstable server that keeps crashing, normally you would have to access the server via SSH and restart the server. This is a tedious work and if you need the server up and running and if you don't have access to the computer then it can be extremely annoying.

Solution

In order to solve this problem, you can write a simple bash script that checks periodically if a specific program is running and run it if not.


 #!/bin/bash
 ps ax | grep -v grep | grep custom_app





** Ill include the script in a few hours.



Now you don't have to worry about restarting your server again!

But just keep in mind, this script will not be able to do anything if your server freezes!









Posted by



at





No comments:
  




























        

      









Subscribe to:
Posts (Atom)