Linux


SSL Linux


SSL Linux

Configure local https on ubuntu

T0 set up a local HTTPS server on Ubuntu, use a tool like

mkcert for simplicity or openssl for more control, and then configure your web server (e.g., Apache) to use the generated certificates. The recommended method is to install and use mkcert, which generates a trusted, local Certificate Authority (CA) to create self-signed certificates for localhost or custom hostnames without browser warnings. Alternatively, you can generate a self-signed certificate using openssl, which requires more manual steps to create the key, certificate, and to trust it in your browser. 



Method 1: Using mkcert (Recommended)

This video demonstrates how to set up HTTPS with mkcert and enable HTTPS for localhost:

  1. Install mkcert: Install the tool to manage local certificate authorities and certificates.
    • sudo apt install mkcert
  2. Install the local CA: Run mkcert to install a local CA that your system will trust.
    • mkcert -install
  3. Create a certificate: Generate a certificate and key for your local site (e.g., localhost) or domain. Point to note here in case of domain, ip address should be mapped to it  before this command.
    • mkcert localhost 127.0.0.1
    • sudo mkcert drupalwithdata.offline.com

Configure your server: Configure your specific application or web server to use the generated localhost.pem (certificate) and localhost-key.pem (key) files. 


Method 2: Using openssl


  1. Install openssl: Ensure openssl is installed. It is usually pre-installed on Ubuntu.
  2. Generate a private key and a certificate signing request (CSR):
    • openssl req -new -newkey rsa:2048 -nodes -keyout localhost.key -out localhost.csr
  3. Generate the self-signed certificate: Use the CSR and private key to create the certificate.
    • openssl x509 -req -days 365 -in localhost.csr -signkey localhost.key -out localhost.crt
  4. Configure your web server:
    • For Apache:
      • Enable the SSL module: sudo a2enmod ssl.
      • Configure your site's virtual host to point to your certificate (localhost.crt) and private key (localhost.key) files.
      • Restart Apache: sudo systemctl restart apache2.
    • For other servers: Configure your server's settings to use the .crt and .key files.
  5. Trust the certificate:
    • This is an optional but recommended step to avoid browser warnings.
    • Install certificate utilities: sudo apt-get install libnss3-tools.
    • Import and trust the certificate into the browser's database (using pk12util for Firefox or certutil for other applications). 


Final steps for both methods


SSL Linux

install OpenSSL locally on Ubuntu

To install OpenSSL locally on Ubuntu, you can

compile and install it from source by first installing build tools, then downloading and extracting the OpenSSL source code, and finally running the config, make, and make install commands with the appropriate prefix and flags. For the simplest local installation, download the source, change to the directory, and use ./config --prefix=/openssl --openssldir=/openssl, followed by make and make install, then update your ~/.bash_profile with the correct PATH and LD_LIBRARY_PATH. 



Method 1: Install from source to a local directory

This method installs a specific version of OpenSSL to a custom directory, like ~/openssl, so it doesn't interfere with the system-installed version.


bash
# Install build tools
sudo apt update
sudo apt install build-essential zlib1g-dev

# Create a working directory and download OpenSSL source
cd /usr/local/src/
wget https://www.openssl.org/source/openssl-1.1.1k.tar.gz
tar -xf openssl-1.1.1k.tar.gz
cd openssl-1.1.1k

# Configure and build (using --prefix to specify local install)
./config --prefix=~/openssl --openssldir=~/openssl
make

# Install to the local directory
make install

Method 2: Update your environment variables

After installing from source, you must tell your shell where to find the new binaries and libraries.

  1. Edit the bash profile:
    bash
  2. nano ~/.bash_profile
    
  3. Add the following lines at the end of the file (adjusting username if necessary):
    bash
  4. export PATH=$HOME/openssl/bin:$PATH
    export LD_LIBRARY_PATH=$HOME/openssl/lib:$LD_LIBRARY_PATH
    export LDFLAGS="-L $HOME/openssl/lib -Wl,-rpath,$HOME/openssl/lib"
    
  5. Save and close the file, then reload your profile:
    bash
source ~/.bash_profile

Method 3: Verify the installation

  1. Check the version to ensure you are using the new installation:
    bash
  2. openssl version
    
    This should output the version you installed (e.g., OpenSSL 1.1.1k 25 Mar 2025).

Verify the path to confirm it's the local one:bash

which openssl

This should point to ~/openssl/bin/openssl

MULTIVERSIONS ON UBUNTU BOX


sudo apt install apache2 libapache2-mod-fastcgi

sudo apt-get install mysql-server
sudo mysql_secure_installation


sudo apt install software-properties-common
sudo add-apt-repository ppa:ondrej/php
sudo apt update

Use this command to install different versions of php just changing the string 7.1 to the required version
sudo apt install php7.1 php7.1-fpm libapache2-mod-php7.1


NOW ALL SET LAMP is installed and working


Now while u will require to change the php version

This command will change the php version on system
sudo update-alternatives --config php


Disable all version apached modules of php installed, just replace the 7.4 in below command
sudo a2dismod php7.4

Enable the version u need to use with apache, just replace the 8.0 in below command
sudo a2enmod php8.0

Restart the apache
sudo service apache2 restart

kernel tuning/troubleshooting

Kernel tuning/troubleshooting involves adjusting operating system (OS) parameters for performance/stability (tuning) or fixing crashes/issues (troubleshooting), often using tools like sysctlulimitmake menuconfig (Linux), or boot options/diagnostics (Mac/Linux), focusing on memory, filesystems, I/O, and software conflicts to match workloads, requiring careful baselining and testing to avoid instability. 

Kernel Tuning (Linux Focus)

Kernel Troubleshooting

Best Practices

Jupyter Notebook Kernel Issues (Related but Different)

filesystems tuning

File system tuning optimizes storage performance by adjusting settings like block size, caching, journaling, and I/O methods (sync/async) to match workloads, improving speed, throughput, and resource use for specific tasks, crucial for servers running databases or virtual machines. Key techniques involve optimizing disk hardware, tuning buffer sizes (like numfsbufs), leveraging read-ahead/write-behind, using Direct I/O, and applying system profiles via tools like tuned-adm for Linux, all aiming to reduce bottlenecks and enhance efficiency. 

Core Concepts & Parameters

Key Tuning Techniques

How to Approach Tuning
  1. Monitor: Identify bottlenecks using tools like vmstat -v or iostat.
  2. Select: Choose parameters relevant to your workload (e.g., database needs high I/O, web server needs low latency).
  3. Apply: Use commands like mkfs (for creation), mount options, or tuned-adm to change settings.
  4. Test: Verify improvements with performance benchmarks.