Remove SSL certificate passphrase

A lot of people ask how they can remove the passphrase requirements from a private key so that Apache can be (re)started without the need to re-enter the key’s passphrase.

Security warning

Once you remove the requirement for the passphrase, the certificate can be easily copied and used elsewhere, thus raising the risk of it being abused. If you must remove the passphrase then you must take adequate protection in the storage of the file. Ensure that the permissions are set to only allow access to those who need it.

Now that you have been warned about the risks, we can continue onto the options

1) httpd has a directive you can use, SSLPassPhraseDialog.
2) You can use OpenSSL to remove the passphrase from the certificate completely.

An example usage of SSLPassPhraseDialog :

SSLPassPhraseDialog exec:/path/to/script

N.B. 'SSLPassPhraseDialog' can only be used in the main server config, and must be outside of any <Directory> or <Location> blocks.

Inside an example perl script:

#!/bin/sh
echo "put the passphrase here"

After saving the passphrase script, set the file executable

chmod +x /path/to/passphrase-script

How to strip a key with OpenSSL

With OpenSSL you can actually remove the passphrase from the SSL key completely. This will avoid Apache asking you to enter the passphrase every time it is started. To do this go to the command line and type

/path/to/openssl rsa -in /path/to/originalkeywithpass.key -out /path/to/newkeywithnopass.key

with the file names and paths appropriate for your environment.

[Solved] Instance Status Checks – Failed – AWS EC2 Ubuntu Redhat

1) Stop the Instance (Problem Instance)
2) Detach the Volume (Problem Volume)
3) Fire up another Instance (New Instance)
4) Attach the Problem Volume to the New Instance
5) Start the New Instance
6) Mount the Problem Volume to /ebs
sudo mount /dev/xvdf1 /ebs -t ext4
7) Edit /ebs/etc/fstab
8) Unmount the Problem Volume
sudo umount /ebs
9) Detach the Problem Volume from the New Instance
10) Stop the New Instance
11) Detach the Problem Volume from the New Instance
12) Attach the Problem Volume back to the Problem Instance
Device Name: /dev/sda1
13) Start the Problem Instance

Hope you have your instance rebooted 🙂

Automatically SSL without Passphrase Prompt on Apache2 Restart or Server Reboot

You need to remove encryption from your private key file like this:

openssl rsa -in server.key -out server.key.new
mv server.key.new server.key

Make sure the new key file is only readable by root – otherwise anyone with shell access to this server will be able to grab the private key and impersonate your server.

To make the key readable only by root, do ‘chmod 600 server.key.new’ before swapping keys.

Now you should have Httpd Apache2 automatically started without SSL Passphrase prompt.

Check CPU Usage of Ubuntu Redhat Linux

To get CPU usage, best way is to read /proc/stat file. See man 5 proc for more help.

There is a useful script written by Paul Colby.

#!/bin/bash
# by Paul Colby (http://colby.id.au), no rights reserved ;)

PREV_TOTAL=0
PREV_IDLE=0

while true; do

 CPU=(`cat /proc/stat | grep '^cpu '`) # Get the total CPU statistics.
 unset CPU[0] # Discard the "cpu" prefix.
 IDLE=${CPU[4]} # Get the idle CPU time.

 # Calculate the total CPU time.
 TOTAL=0

 for VALUE in "${CPU[@]:0:4}"; do
 let "TOTAL=$TOTAL+$VALUE"
 done

 # Calculate the CPU usage since we last checked.
 let "DIFF_IDLE=$IDLE-$PREV_IDLE"
 let "DIFF_TOTAL=$TOTAL-$PREV_TOTAL"
 let "DIFF_USAGE=(1000*($DIFF_TOTAL-$DIFF_IDLE)/$DIFF_TOTAL+5)/10"
 echo -en "\rCPU: $DIFF_USAGE% \b\b"

 # Remember the total and idle CPU times for the next check.
 PREV_TOTAL="$TOTAL"
 PREV_IDLE="$IDLE"

 # Wait before checking again.
 sleep 1
done

Save it to ~/cpu_usage, add execute permission sudo chmod +x ~/cpu_usage and run:

~/cpu_usage

To stop the script, hit Ctrl + C

Free EC2 Scheduler to Start and Stop Instances Automatically in Ubuntu

Firstly, you have to install EC2 API Tools & AMI Tools.

Edit sudo nano /root/.bashrc and add following at the end.

export EC2_REGION=<your-ec2-region>
export EC2_URL=ec2.$EC2_REGION.amazonaws.com
export AWS_ACCESS_KEY=<your-access-key>
export AWS_SECRET_KEY=<your-secret-key>
export JAVA_HOME=/usr/lib/jvm/java-7-openjdk-amd64/jre

Remember to change <your-ec2-region>, <your-access-key>, <your-secret-key> accordingly.

Create sudo nano ~/start_instances.sh

# start_instances.sh

export EC2_REGION=<your-ec2-region>
export EC2_URL=ec2.$EC2_REGION.amazonaws.com
export AWS_ACCESS_KEY=<your-access-key>
export AWS_SECRET_KEY=<your-secret-key>
export JAVA_HOME=/usr/lib/jvm/java-7-openjdk-amd64/jre

ec2-start-instances <instance-id>
sleep 5

And create sudo nano ~/stop_instances.sh

# stop_instances.sh

export EC2_REGION=<your-ec2-region>
export EC2_URL=ec2.$EC2_REGION.amazonaws.com
export AWS_ACCESS_KEY=<your-access-key>
export AWS_SECRET_KEY=<your-secret-key>
export JAVA_HOME=/usr/lib/jvm/java-7-openjdk-amd64/jre

ec2-stop-instances <instance-id>
sleep 5

To add into cronjob, crontab -e

# monday to friday, morning 9am to start instances
0 8 * * 1-5 /bin/bash -c ~/start_instances.sh >> ~/start_instances.log 2>&1
# monday to friday, evening 5pm to stop instances
0 17 * * 1-5 /bin/bash -c ~/stop_instances.sh >> ~/stop_instances.log 2>&1

It will create a log file for start & stop instances.

That’s all for a Free and Simple EC2 Scheduler to start and stop instances automatically in your Ubuntu server.

You could also add a timestamp for your log files with this tutorial: Adding Timestamp Date Time while Saving a Log File from Crontab Cronjob Ubuntu Redhat Linux.