Author Archives: Adam M. Anklewicz

Let’s Encrypt with CPanel

A lot of web hosts have Let’s Encrypt built into the CPanel. Not mine. I was kinda annoyed. I tweeted at them to ask if they’d support it. They wouldn’t. So I decided I would make it work myself. To do this is pertty simple. I’m just going to start by copying and pasting text from a previous article.

Open up your Terminal.app (Go to the Go menu, choose Utilities, double-click on Terminal). This isn’t even a step, you should know this.

Step One – Install Homebrew

/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

At this point, you will be prompted to press RETURN to continue. Press the return key.

It will then start downloading and installing Homebrew.

Install XCode Select

Turns out you need XCode Select installed, too. So I ran this code.

xcode-select --install

That popped up a dialogue box, I said Install.

This install took a few minutes, and then once it was done, I was ready to install certbot.

Install certbot

brew install certbot

That easy? Aye!

Begin the Process

sudo certbot -d anklewicz.com -d neverhadtofight.com -d www.neverhadtofight.com -d www.anklewicz.com --manual --preferred-challenges dns certonly

The program will ask you a few questions, if you’re okay with your IP being logged.

Then it will, for each included domain, ask you to set up a TXT record.

Setup DNS Records

Go to your CPanel, yourdomain.com/cpanel is usually the address. Click on the DNS Zone Editor.

Choose the domain you want and click “Manage.”

Click the down arrow beside “Add Record” and choose to add a TXT record.

In the name field put what it told you in Terminal, aka _acme-challenge.yourdomain.com and under Record paste in the gibberish string that certbot told you.

Back to Terminal, press enter to proceed.

Repeat these steps for all domains.

Wait for it to validate your domains.

Copying certificate to desktop

Using the cp command you can copy the two files over to your desktop.

sudo cp /etc/letsencrypt/live/yourdomain.com/privkey.pem ~/Desktop/privkey.pem
sudo cp /etc/letsencrypt/live/yourdomain.com/fullchain.pem ~/Desktop/fullchain.crt

Installing in CPanel

Go back to your front page of CPanel and look for SSL/TSL, and click on that link.

Click on “Generate, view, upload, or delete SSL certificates.”

Scroll down to find “Choose a certificate file (*.crt).”

Upload the CRT file.

Your list of certificates at the top will update and beside the new one, click on Install.

Open the privkey.pem file in a text editor, like BBEdit, and copy it’s contents.

Paste that into the key area and save.

You’re done.

OMG! APPLE IS GUTTING SERVER.APP!!!! Part 3 DNS to BIND

In July, I will be presenting at MacAdmins at PSU. My talk will be called “OMG! APPLE IS GUTTING SERVER.APP!!!!” I will be using my blog to document all the processes taken to get all the data.

The goal of this is to find easy ways to move away from Server.app while utilizing the existing Apple hardware in your server closet and macOS. Sure you can move to a new system, but you might not have the money or time.

You can find the slide deck here.

Server.app -> BIND

So before I start, I should say that this is fully documented in Apple’s macOS Server Service Migration documentation, which is almost perfect. I’m only making two small changes.

  1. First step is to test the server. After booting this VM, I set my DNS to the testserver. It loaded no problem.
  2. Turn off DNS services in Server.app
  3. Install Xcode.
  4. Here’s the first change, and important one… LAUNCH XCODE and agree to the terms and conditions, otherwise it won’t work.
  5. Go to https://www.isc.org/downloads/
    1. Click on “BIND” to expand that section
    2. Click on Download beside “Current Stable”
    3. The top row will be Windows installers, the second row will have the *nix version, choose that. The link currently says bind-9.12.1-P2.tar.gz – tar.gz
    4. Apple says to grab at least one signature. I did it, I don’t know if that was necessary.
  6. Open Terminal and navigate to the directory you downloaded to, in my case it was cd ~/Downloads
  7. Uncompress the files. tar xzf bind-9.12.1-P2.tar.gz
  8. Navigate the uncompressed directory cd ./bind-9.12.1-P2
  9. Run this command ./configure --infodir="/usr/share/info" --sysconfdir="/etc" --localstatedir="/var" --enable-atomic="no" --with-openssl=no --withgssapi=yes --enable-symtable=none --with-libxml2=no
  10. Make it by typing make
  11. Test the build by running the following commands
    1. sudo ./bin/tests/system/ifconfig.sh up
    2. make test … this seemed to go on FOREVER, so control-c‘ed out of there. I don’t know if I was supposed to.
    3. sudo ./bin/tests/system/ifconfig.sh down
  12. Let’s install it. sudo make install
  13. Apple suggests you verify that it’s installed by pulling up the manual for the DNS service called “named.” You do that by typing man named
  14. Create the launchdaemon by typing sudo nano  /Library/LaunchDaemons/org.isc.named.plist
  15. Go here, go to page 7, copy the contents from step two of “Create a launchd .plist file for the BIND9 service”
  16. Save and exit control-x, y, enter
  17. Here’s the next place I disagree with Apple, they say, “Set file ownership to root:wheel.” However, they use chmod, and it’s chown.
    sudo chown root:wheel /Library/LaunchDaemons/org.isc.named.plist
  18. Load the job sudo launchctl load -w /Library/LaunchDaemons/org.isc.named.plist
  19. Test the job launchctl print system/org.isc.named

Wow. Apple has made this super easy. Hooray for Apple. All your existing settings will be there already. Really. It just works.

OMG! APPLE IS GUTTING SERVER.APP!!!! Part 2 Web to Apache

In July, I will be presenting at MacAdmins at PSU. My talk will be called “OMG! APPLE IS GUTTING SERVER.APP!!!!” I will be using my blog to document all the processes taken to get all the data.

The goal of this is to find easy ways to move away from Server.app while utilizing the existing Apple hardware in your server closet and macOS. Sure you can move to a new system, but you might not have the money or time.

You can find the slide deck here.

Server.app -> Apache

  1. First step is to test the server. After booting this VM, I visited my testserver. Mine was at testserver.leobaeck.ca. It loaded no problem
  2. Then I turned off Websites in Server.app
  3. At that point I duplicated /etc/apache2/httpd.conf, renamed the duplicate httpd.backup and now I have a backup in case I screw anything else up.
  4. Edit /etc/apache2/httpd.conf. Uncomment LoadModule php7_module libexec/apache2/libphp7.so by removing #
  5. Restart apache with sudo apachectl restart
  6. Visit your test server and make sure you see “It works!”
  7. Create a test PHP file to see if it works
    1. sudo touch /Library/WebServer/Documents/phpinfo.php
    2. Using your favourite terminal-based text editor, or mine, edit that file. sudo nano /Library/WebServer/Documents/phpinfo.php
    3. Paste this into that document <?php
      phpinfo();
      ?>
    4. Save, control-o and exit control-x in nano
  8. test by visiting your sever server.domain.com/phpinfo.php
  9. Transfer contents from Server.app’s location to Apache’s
    sudo rsync -av /Library/Server/Web/Data/Sites/Default/ /Library/WebServer/Documents/
  10. Set proper permissions for the documents
    sudo chgrp -R _www /Library/WebServer/Documents/
    sudo chmod -R 775 /Library/WebServer/Documents/
  11. Since I was using Munkireport as my test, I needed to edit httpd.conf to point to /Library/WebServer/Documents/public.
  12. Restart apache, sudo apachectl restart
  13. Test

Migrate existing SSL Certs from Let’s Encrypt to apache

This makes the assumption that you already have an SSL certificate. Much of this is universal, but it’s told from the point of view of using a free cert you got from Let’s Encrypt.

My starting point was this document.

  1. You need to start by editing the /etc/apache2/httpd.conf file, again. This time we’re enabling modules to support SSL
    LoadModule socache_shmcb_module libexec/apache2/mod_socache_shmcb.so
    LoadModule ssl_module libexec/apache2/mod_ssl.so
  2. Uncomment by removing # the line Include /private/etc/apache2/extra/httpd-ssl.conf
  3. I don’t know if this set actually matters, but I did it. You need to edit the Virtual Host file /etc/apache2/extra/httpd-vhosts.conf and paste into the end of chunk of text. Go up to the link and grab the text.

At this point we diverge from the above link, I had tested and it didn’t work.

  1. Find your old downloads from Let’s Encrypt, the two PEM files. Rename fullchain.pem to server.crt and key.pem to server.key. I actually renamed them to the FQDN.*, so testserver.leobaeck.ca.key
  2. Move them into /private/etc/apache2
  3. Edit /private/etc/apache2/extra/httpd-ssl.conf and find ## SSL Virtual Host Context
  4. Make sure DocumentRoot is correct
  5. Put in ServerName
  6. Scroll down a bit more and put in SSLCertificateFile and SSLCertificateFile
  7. Save and exit
  8. Restart Apache sudo apachectl restart

OMG! APPLE IS GUTTING SERVER.APP!!!! Part 1 Web to MAMP

In July, I will be presenting at MacAdmins at PSU. My talk will be called “OMG! APPLE IS GUTTING SERVER.APP!!!!” I will be using my blog to document all the processes taken to get all the data.

The goal of this is to find easy ways to move away from Server.app while utilizing the existing Apple hardware in your server closet and macOS. Sure you can move to a new system, but you might not have the money or time.

You can find the slide deck here.

Server.app -> MAMP

I started with a simple MunkiReport instance running in Server.app. I figured this would be using enough resources to move. I also got a certificate with Let’s Encrypt and had all traffic going through SSL. While the blog post is specifically for servers running 10.12, my steps were the same in 10.13.

  1. Let’s start by downloading MAMP.
  2. Turn off Server.app’s web function
  3. Run the installer you had downloaded.
  4. From /Applications/MAMP launch MAMP
  5. Click start Servers, and check that yourdomain:8888 is working.
  6. Go to Preferences and click on Web-Server. Set the location to be the old root folder.
  7. Stop/Start the server and test.
  8. Go to Preferences and click on Ports. Click that “Set Web & MySQL ports to 80 & 3306 button.
  9. Stop/Start the server and check to make sure it’s working on port 80.

Your web server is up and running. Mostly. Next we need to get SSL setup. MAMP Pro has an easy GUI to do this, but that costs money and this is easy enough for our needs.

I used this this gist to help me through this process.

We already know that MAMP is working on port 80, so you can ignore the first bits of that file.

  1. Duplicate your /Applications/MAMP/conf/ folder, rename the copy something like conf.backup.
  2. Obviously you were using Server.app already and were using it with a Let’s Encrypt certificate using my procedure outlined on this post. So you should have on your Desktop a couple .pem files. Rename them fqdn.crt and fqdn.key and move them to /Applications/MAMP/conf/apache
  3. Open /Applications/MAMP/conf/apache/httpd.conf in BBEdit or your favourite text editor and uncomment by removing the #, Include /Applications/MAMP/conf/apache/extra/httpd-ssl.conf.
  4. Edit /Applications/MAMP/conf/apache/extra/httpd-ssl.conf and search for General setup for the virtual host. From there, you’ll want to enter the path to the web files.
  5. In the same file, you’ll see information about server.crt and server.key. Rename the server part to match the names of the files in step two.
  6. Stop/Start the service.

Find a Mac’s serial number in Recovery Partition or the macOS installer

I couldn’t find this anywhere, so I thought I’d blog about this. Thanks to the #general channel on the MacAdmins Slack for the help.

To find a serial number for a Mac when booted into the Recovery Partition or the macOS installer, to go Utilities and choose Terminal, type in ioreg -rd1 -c IOPlatformExpertDevice | awk -F'"' '/IOPlatformSerialNumber/{print $4}'

That’s it, it will output the serial number for the computer.

Importing Data to FileMaker 16 via APIs

I’m new to APIs. Have quite a bit of FileMaker experience. I’ve decided to see if I can build a system to track parent-teacher contact. This is a system that once existed for the school in an ASP system that I mocked up and outsourced. It was replaced with Edsby, an LMS system that wasn’t truly designed for this purpose. We were smashing a square peg into a round hole.

My proof of concept for this system involves seeing if I can build something that does three things I’ve never done in FileMaker before.

  1. OAuth login using Google authentication
  2. Sending nightly emails of any records that have changed for those affected
  3. Import data from Managebac’s API

The first step was surprisingly easy. Thanks to a blog post that had the entire process outlined on a simple PDF. Thoroughly detailed post from William Porter of Rucksack Texnology.

Step two is actually step three, but ending the blog post with “I haven’t done this yet” would not be very exciting.

For step three, I got off to a bad start. I did some research and didn’t realize that JSON support was added to FileMaker 16 and was looking at a third-party plug in. That plug in was super-confusing, so I stepped back. At that point I decided to upgrade from FileMaker 15 to 16, as I knew I needed that for the OAuth login.

Now that I had FileMaker 16, I decided to rewatch a Lynda.com video that I had watched months ago, and see if there was anything I missed there. There was, there was a whole section dedicated to JSON. Ready to conquer this task with the built-in functionality of FileMaker 16, I began.

I decided to start with the smallest table, teachers. Obviously there are fewer teachers than students, and fewer students than parents.

Using Terminal.app I was able to get what I needed using this command.

curl --request GET --url https://api.managebac.com/v2/teachers --header 'auth-token: <<AUTHTOKENVALUE>>'

Obviously, I removed the actual authtokenvalue, because I’m not a dum dum.

Open FileMaker, open my working database, create a field in the TeacherContacts table for the temp data dump.

I chose “Insert From URL”
Verify SSL Certificate was selected
Select Entire Contents was selected
URL was https://api.managebac.com/v2/teachers
cURL options was “–request GET –H \’auth-token: <<AUTHTOKENVALUE>>\'”

Everything matched my terminal command, the only problem was I was getting an error saying that “Authorization Failed.” Eventually I realized that my problem was using single quotes around auth-token. I replaced those with a double-quote and it worked perfectly.

cURL options is now “–request GET –H \”auth-token: <<AUTHTOKENVALUE>>\””

Once that was working, I was then able to get rid of the data other than the “teachers” table. Using Insert Calculated Results into the field $jsonTeachers, I used the calculation JSONGetElement ( $json ; "teachers" )

The data needed to be cleaned up a bit, using a new Insert Calculated Results this time it was enter into $jsonTeachersFormatted.JSONFormatElements ( $jsonTeachers )

From there, I needed to create records, and to do that, I needed to know when to stop.

This time I Inserted Calculated Results into the $jsonCount variable. The value was the number of records that was exported from Managebac. ValueCount ( JSONListKeys ( $jsonTeachersFormatted ; "" ) )

The JSON array starts count at 0, so $jsonCount is one more than I need. I began a loop and immediately Set Variable [ $jsonCount ; Value: $jsonCount -1 ]. This would trigger every time the loop began.

I then created a New Record/Request and Set Field [StaffContacts:id ; JSONGetElement ( $jsonTeachersFormatted ; "[" & $jsonCount & "]id" ) . I duplicated that for every field I wanted to import and modified id to the new field name. After all that I had an Exit Loop If [ $jsonCount = 0 ] and closed the loop.

Now I had a script that would pull all the teachers from ManageBac, create a new record for each and bring in the data to FileMaker. Now I just need to get it to update a record if it already exists, rather than creating a new record. We’re getting there.

I spent a long time trying to figure this out and it’s a lot easier than I thought. In the loop, after the decrease of the $jsonCount, I went to find mode, Enter Find Mode [ Pause: Off ] and Set Field [ StaffContacts::id ; JSONGetElement ( $jsonTeachersFormatted ; "[" & $jsonCount & "]id" ) . Needed to Set Error Capture [ On ] and ran the find Perform Find [ ] .

At this, I need to enter the data, either on a new record, or into the existing found record. So:

If [ Get (FoundCount) = 0 ]
     New Record/Request
End If

And I’m done. I win! I just have to do this with all the other tables of data, relate them all and build the actual parent contact part.

Recollection Volume 42 – Gaslight

Recollection is a project to review my record collection. I will listen to an album I own and review it. The album will be chosen randomly by computron 2.0. Today computron chooses…

Album: Gaslight b/w Rimb Nugget
Artist: The Ugly Ducklings
Released: 1967
Format(s) I own it on: 7″

The Ugly Ducklings were a Toronto band and Gaslight was their biggest hit. This has been sitting in my drafts folder for almost a year. I seem to do this, get stuck on a single review and not power through. Well, I’m doing it.

Gaslight is a weird song. It’s about a woman gaslighting the singer. Kinda. I think. Either way, he’s in an unhealthy relationship and needs to leave. Dear Mr. Duckling, get out of there.

Is this song worth your time? Maybe. It’s okay. It’s a decent song, but I would probably only listen to it if it can on shuffle.

As for the B-Side, well, it’s not great. It serves its purpose of being there to be a b-side, but it’s not worth anyone’s time to listen.

I DID IT! I WROTE IT! HOORAY! Now I can move on.

Next time: David Bowie’s Aladdin Sane

 

Men 34.295 (82%) | Women 7.705 (18%)
CD: 24 (57%) | Vinyl: 13 (31%) | Digital: 0 (0%) | 7″: 3 (7%) | Box: 1 (2%)
1960s: 6 (12%) | 1970s: 3 (7%) | 1980s: 1 (2%) | 1990s: 12 (29%) | 2000s: 17 (40%) | 2010s: 3 (7%)
Canada 14.8 (35%) | USA 17.2 (41%) | UK 8 (19%) | NZ 1 (2%) | FR 1 (2%)
Ontario 6 (40%) | Quebec 1 (7%) | Nova Scotia 4 (27%) | New Brunswick 2 (13%) | Manitoba 0 (0%) | British Columbia 1 (7%) | Prince Edward Island 0 (0%)
Saskatchewan 0 (0%) | Alberta 0 (0%) | Newfoundland and Labrador 1 (7%) | Northwest Territories 0 (0%) | Yukon 0 (0%) | Nunavut 0 (0%)

Renewing Let’s Encrypt on a macOS machine running 10.12.6 and Server.app

Last time on Never Had To Fight…

Adam installed a certificate using Let’s Encrypt for a macOS server running 10.12.6 and Server.app. It wasn’t exciting, but it worked. Now, three months later, we need to renew.

It was actually really easy.

Renew the certificates

sudo certbot renew

Transfer the .pem files to desktop

Using the cp command enter these to copy your files.

Replace <<FQDN>> with your FQDN. Replace <<USER>> with your username.

sudo cp /etc/letsencrypt/live/<<FQDN>>/privkey.pem /Users/<<USER>>/Desktop/privkey.pem
sudo cp /etc/letsencrypt/live/<<FQDN>>/fullchain.pem /Users/<<USER>>/Desktop/fullchain.pem

Hooray, now these files are on your desktop.

Install Certs

Open Server.app

Go to Certificates.

Click on the +

Choose Import Certificate Identity…

Drag and drop the two .pem files and BAM

DONE!

via GIPHY

Let’s Encrypt on a macOS machine running 10.12.6 and Server.app

Are you doing your web hosting with Server.app? You’re probably not the biggest fan of it, but it works, so… let’s keep on keeping on. Do you want to have a free SSL certificate from Let’s Encrypt? Well, I found some really bad guides, so this is much better.

*Hat tip to MacAdmins slack for a few key points

Open up your Terminal.app (Go to the Go menu, choose Utilities, double-click on Terminal). This isn’t even a step, you should know this.

Step One – Install Homebrew

/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

At this point, you will be prompted to press RETURN to continue. Press the return key.

It will then start downloading and installing Homebrew.

Install XCode Select

Turns out you need XCode Select installed, too. So I ran this code.

xcode-select --install

That popped up a dialogue box, I said Install.

This install took a few minutes, and then once it was done, I was ready to install certbot.

Install certbot

brew install certbot

That easy? Aye!

Get a Certificate!

We’re almost there. Now to get a certificate from Let’s Encrypt.

sudo certbot certonly

It will prompt you to know what type of server you have. Choose 3: Place files in webroot directory.

It will prompt you to provide the fully qualified domain name (FQDN) for the server. Such as neverhadtofight.com

It will then create some files in a subdirectory called .well-known to confirm you have ownership of this website. Once that’s done it will save the .pem files for you.

Transfer the .pem files to desktop

Using the cp command enter these to copy your files.

Replace <<FQDN>> with your FQDN. Replace <<USER>> with your username.

sudo cp /etc/letsencrypt/live/<<FQDN>>/privkey.pem /Users/<<USER>>/Desktop/privkey.pem
sudo cp /etc/letsencrypt/live/<<FQDN>>/fullchain.pem /Users/<<USER>>/Desktop/fullchain.pem

Hooray, now these files are on your desktop.

Install Certs

Open Server.app

Go to Certificates.

Click on the +

Choose Import Certificate Identity…

Drag and drop the two .pem files and BAM

DONE!

via GIPHY

Recollection Volume 41 – Original Music From The Motion Picture “The Such”

Recollection is a project to review my record collection. I will listen to an album I own and review it. The album will be chosen randomly by computron 2.0. Today computron chooses…

Album: Original Music From The Motion Picture “The Such”
Artist: Elevator Through
Released: 1998
Format(s) I own it on: CD

After the break up of Eric’s Trip, Rick White began some home recordings under the name Elevator To Hell, eventually adding Eric’s Trip drummer Mark Gaudet, and Orange Glass alumnus and White’s then-wife, Tara White. Elevator To Hell eventually became Elevator Through who later became Elevator.

Elevator was one of the best psychedelic bands in Canada during the 1990s and 2000s. This is in no small part due to the fantastic rhythm section provided by Mark Gaudet and Tara White. Gaudet’s drumming style is uniquely his own, he plays with a heavy emphasis on the cymbals. Gaudet doesn’t have a light touch, one of the times I saw Elevator live, Gaudet broke his snare’s skin. The band was performing without any breaks in the music, so the Whites jammed while Gaudet fixed the drum.

Tara White’s bass playing is an attack. She knows where to go to move the song. Her bass playing is melodic where you don’t expect it to be. She’s damn good.

I first heard Elevator Through, specifically “The Pick-Up” on a cassette I received from someone I knew on IRC, the #sloan channel. It took me about 15 years before I finally purchased The Such. I still have this cassette, and the contents of that cassette live in a playlist in iTunes. I have no idea if the tape still plays, but sometimes I still expect it to transition between songs like that cassette, going from Belle & Sebastian’s “A Summer Wasting” to Beck’s “Halo of Gold” rather than the more expected “Seymour Stein.”

The Such is the soundtrack to a film that I only just saw. It’s on Vimeo, embedded below. It’s less a film, and more a long-form music video. There are definite pieces that stand out as being from a soundtrack, including the title track, which starts with wind chimes. I first put this record on for reviewing while lying in bed with the gusts of wind blowing through my open window. The chimes brought me into this record. The chimes return throughout the record.

Highlights

My favourite is “The Pick-Up” which I was my entry to Elevator’s music. It’s also the most melodic of the album. Though my partner referred to it as “that album you’ve been listening to that sounds like Doctor Who.” I think that’s a compliment, Delia Derbyshire’s realization of the original Doctor Who theme is an amazing feat.

“The Wink” comes in a close second. I feel it starts off poorly, but once the song gets going, it delivers.

Lowlights

“The Such” is windchimes. It’s going to go here, as lovely as it was that one time, it won’t be when it comes on randomly in my car.1

“Sleep Experiment No. 3” does nothing for me.

Men 33.295 (81%) | Women 7.705 (19%)
CD: 24 (59%) | Vinyl: 13 (32%) | Digital: 0 (0%) | 7″: 2 (5%) | Box: 1 (2%)
1960s: 5 (12%) | 1970s: 3 (7%) | 1980s: 1 (2%) | 1990s: 12 (29%) | 2000s: 17 (41%) | 2010s: 3 (7%)
Canada 13.8 (34%) | USA 17.2 (42%) | UK 8 (20%) | NZ 1 (2%) | FR 1 (2%)
Ontario 5 (36%) | Quebec 1 (7%) | Nova Scotia 4 (29%) | New Brunswick 2 (14%) | Manitoba 0 (0%) | British Columbia 1 (7%) | Prince Edward Island 0 (0%)
Saskatchewan 0 (0%) | Alberta 0 (0%) | Newfoundland and Labrador 1 (7%) | Northwest Territories 0 (0%) | Yukon 0 (0%) | Nunavut 0 (0%)
  1. Fun Story Time™: I have a two room setup with Sonos, was in my bedroom as I was finishing up this article. Pressed play, had two people in my living room yelling, “ADAM! What’s going on?” Apparently I was playing the wind chimes in the wrong room. I forgot about the footnotes part of my blog, I used to have fun with that, I should bring them back. []