Generate Certificates

This is just a note since I create a lot of certificates so I don’t have to Google each time.

Generate a key:

CSR:

Self-signed certificate:

ECC and CA certificates: here

Setup IKEv2 service on Ubuntu 16.04

Reference: http://dcamero.azurewebsites.net/strongswan-ubuntu-1604-ios-9.html

This article is simplified and slightly modified from the reference for a general purpose IKEv2 VPN proxy running on a fresh installed Ubuntu 16.04.

1. Use letsencrypt to obtain a certificate for your domain (e.g. vpn.example.com)
Note: During my configuration process, the certificates must be pointed directly from the ipsec configuration files instead of a link, or you may get a “Permission Denied” error.

2. Install strongSwan and MS-CHAPv2 plugin for username / password authentication


3. Configure ipsec

Sample /etc/ipsec.conf configuration:
This is a basic configuration that allows username / password authentication and multiple connections for each user.

Continue reading

WoSign and StartCom Distrusted

WoSign and StartCom CA will get distrusted soon.
I switched to GeoTrust and Comodo.

Google Security Blog:
https://security.googleblog.com/2016/10/distrusting-wosign-and-startcom.html

Mozilla’s Announcement:
https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/

Update from Apple:
https://support.apple.com/en-us/HT204132

A list of WoSign issues from Mozilla:
https://wiki.mozilla.org/CA:WoSign_Issues

Continue reading

Another way to debug “File not found” error on LNMP

It is possible that the mysterious "File not found" errors will occur on complex nginx configurations, php-fpm workers only write a "Primary script unknown" message to stderr, thus the information for debugging is limited.

Recently I found a powerful tool strace which can trace I/O operations of any process, with this tool, we will be able to figure out the path php-fpm workers actually tried to read.

Simply use strace -p pid to attach a php-fpm worker, then start requesting on client side.