Remove SSL certificate passphrase

A lot of people ask how they can remove the passphrase requirements from a private key so that Apache can be (re)started without the need to re-enter the key’s passphrase.

Security warning

Once you remove the requirement for the passphrase, the certificate can be easily copied and used elsewhere, thus raising the risk of it being abused. If you must remove the passphrase then you must take adequate protection in the storage of the file. Ensure that the permissions are set to only allow access to those who need it.

Now that you have been warned about the risks, we can continue onto the options

1) httpd has a directive you can use, SSLPassPhraseDialog.
2) You can use OpenSSL to remove the passphrase from the certificate completely.

An example usage of SSLPassPhraseDialog :

SSLPassPhraseDialog exec:/path/to/script

N.B. 'SSLPassPhraseDialog' can only be used in the main server config, and must be outside of any <Directory> or <Location> blocks.

Inside an example perl script:

#!/bin/sh
echo "put the passphrase here"

After saving the passphrase script, set the file executable

chmod +x /path/to/passphrase-script

How to strip a key with OpenSSL

With OpenSSL you can actually remove the passphrase from the SSL key completely. This will avoid Apache asking you to enter the passphrase every time it is started. To do this go to the command line and type

/path/to/openssl rsa -in /path/to/originalkeywithpass.key -out /path/to/newkeywithnopass.key

with the file names and paths appropriate for your environment.

Add Swap File on AWS EC2 Ubuntu Redhat Linux

Use following commands to create swap file on your system.

$ sudo dd if=/dev/zero of=/var/swapfile bs=1M count=2048

bs=1M count=2048 means it will create 2GB of swap file, You may change as per you need. After enabling swap we can see that our system has swap enabled by running “free -m” command.

To prevent the file from being world-readable, you should set up the correct permissions on the swap file:

$ sudo chown root:root /var/swapfile
$ sudo chmod 0600 /var/swapfile

Subsequently we are going to prepare the swap file by creating a linux swap area.

$ sudo mkswap /var/swapfile

Finish up by activating the swap file.

$ sudo swapon /var/swapfile

You will then be able to see the new swap file when you view the swap summary.

$ sudo swapon -s

This file will last on the virtual private server until the machine reboots. You can ensure that the swap is permanent by adding it to the fstab file.

$ sudo nano /etc/fstab

Paste in the following line:

/var/swapfile swap swap defaults 0 0

Ubuntu system comes with a default of 60, meaning that the swap file will be used fairly often if the memory usage is around half of my RAM. You can check your own system’s swappiness value by running:

$ cat /proc/sys/vm/swappiness

As I have 4 GB of RAM, so I’d like to turn that down to 10 or 15. The swap file will then only be used when my RAM usage is around 80 or 90 percent. To change the system swappiness value, open /etc/sysctl.conf as root. Then, change or add this line to the file:

vm.swappiness = 10

Reboot for the change to take effect.

You can also change the value while your system is still running

sysctl vm.swappiness=10

Skipping this step may cause both poor performance.

You can also clear your swap by running

swapoff -a

And then

swapon -a

As root instead of rebooting to achieve the same effect.

Redirect www to non www URL Using HTACCESS for WordPress

Learn to redirect www to non-www URLs or non www to www URLs using .htaccess file. You can do 301 permanent redirect on shared server with multiple domains also. If you have a self hosted WordPress website, you it would be useful for you.

mod_rewrite module of Apache server

Apache server uses modules for various functionalists. mod_rewrite is a module that enables redirection and URL rewriting. If this module is installed and available on Apache server, only then your redirection will work.

If mod_rewrite is available, it will take your redirection commands from .htaccess file.

Redirect old domain to new domain

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www.olddomainname.com$ [OR]
RewriteCond %{HTTP_HOST} ^olddomainname.com$
RewriteRule ^(.*)$ http://www.newdomainname.com/$1 [R=301,L]
</IfModule>

Redirect www to non-www URL Domain

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www.example.com [NC]
RewriteRule ^(.*) http://example.com/$1 [L,R=301]
</IfModule>

Redirect non-www to www URL Domain

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_HOST} ^example.com [nocase]
RewriteRule ^(.*) http://www.example.com/$1 [last,redirect=301]
</IfModule>