Next Meeting: January 27, 2022

by

Topic: TBA
Presenter: TBA
Location: https://meet.elug.rocks/27Jan2022
RSVP to the Startup Edmonton ELUG event: https://www.meetup.com/startupedmonton/events/ltgwcsydccbkc/

The Edmonton Linux User Group (ELUG) Meetup is a chance to get together with other users of Linux, GNU, and Unix-like operating systems, and open source software. Our members range from newcomers to power users to seasoned administrators and developers; so, all are welcome!

We meet as an opportunity to exchange ideas, knowledge, and experiences for several reasons:
– to educate for personal and professional growth
– to promote and advocate for the free and open source movement
– to support and assist with Linux-related challenges
– and to socialize with peers who have a common interest

Examples of topics that may be discussed or presented include (but not limited to):
– Exposure to different distributions
– Workshops on various tools and commands
– User-level and system-level development and tuning
– just about anything else Linux-related

We welcome anyone with an interest in Linux and/or open source software and look forward to building the Linux community in Edmonton.

Standard Agenda:

6:00pm – Arrival, mingling, setting up techno-stuff
6:30pm – Welcome & introductions, presentation begins
7:30pm – Announcements, open discussions
8:00pm – Event conclusion (officially, but we usually hang around for as long as we feel like it after)

If you would like to help with the operations of this group, or even just make suggestions, please contact Robert Salomons or Manuel Eller or David Laycock.

ELUG Meetup: October 28, 2021

by

We had a great walk through this month. Spencer showed off a way to setup his own NTP server in-house. The details are hosted on a private GITHUB site. If you want access to follow Spencer’s instructions, please join our SLACK chat at https://elugyeg.slack.com and contact Spencer for the access to his GITHUB.

ELUG Meetup: September 23, 2021

by

This month we had an open forum. The focus was on general networking. There were a few questions around DHCP and static IPs. Some basics around network protocols were discussed as well as how these were developed. A few of the items that came up were token ring networking, OCI, TCP, UDP to name a few.

If you want to take a look into our Nextcloud instance you can find that here:

https://nextcloud.elug.rocks/index.php/s/AkaeFBHDBZ8DFpL?path=%2F2021-09%20General%20Networking%20(open%20forum)

ELUG Meetup: August 26, 2021

by

In our meeting on August 26 Spencer walked us through how to setup different machines and ensure that they are equipped with certificates. Once accessed with a browser these devices show up as “secure” where as the default behaviour would highlight the site as not secure.

A video of that session was recorded so if you want to take a look at look check that out here:

https://nextcloud.elug.rocks/index.php/s/AkaeFBHDBZ8DFpL?path=%2F2021-08%20Certificate%20authority%20(Spencer)

Spencer also was kind enough to provide a high level overview:

# "something about a self-signed certificate and pi-hole"## Objective
---
​
As a user I want to view the pi-hole admin page using https instead of http. As the creator of a local certificate authority, I accept the risk of installing its certificate on my local devices.
​
## Requirements (prework)
---
​
1. Lessons 1.1, 1.2, and 1.3 from *resource #1*
    1. Check the device hostname
    1. Sync your clock
    1. Review your OpenSSL configuration (openssl version -a)
    1. Create a directory structure to store the keys, signing requests, and certs
    1. Lock it down (chmod 600)
​
## Create the private key and cert for the CA
---
``` sh
# Create a private key for the CA
openssl genrsa -aes256 -out private/cakey.pem 4096
​
# Create a certificate for the CA
openssl req -new -x509 -key /root/ca/private/cakey.pem -out cacert.pem -days 3650 -set_serial 0
```
## Create the private key and cert for the pihole
---
​
``` sh
# Create a new private key
openssl genpkey -algorithm RSA -out /root/ca/private/my_server.key
​
# Create a new certificate signing request (CSR)
openssl req -new -key /root/ca/private/my_server.key -out /root/ca/requests/my_server.csr
​
# CA signing the CSR 
openssl ca -in /root/ca/requests/my_server.csr -out /root/ca/certs/my_server_NO-SAN.crt
​
# CA signing the CSR with configuration file with X509v3 extensions to add
# NET::ERR_CERT_COMMON_NAME_INVALID is resolved by adding 'subjectAltName'
openssl ca -in /root/ca/requests/my_server.csr -extfile /root/ca/my_server.ext -out /root/ca/certs/my_server_SAN.crt
```
​> my_server.ext
​
``` sh
subjectAltName = DNS:my_server.local, DNS:pi.hole, IP:10.0.0.10
```
​
### Checking the certificate
---
​
``` sh
# Check for SAN
openssl x509 -text -in /root/ca/certs/my_server_SAN.crt -noout
```
> Expected output should include:
``` sh
X509v3 extensions:
    X509v3 Subject Alternative Name:
        DNS:my_server.local, DNS:pi.hole, IP Address:10.0.0.10
```
​
## lighttpd config
---
​
``` sh
nano /etc/lighttpd/external.conf
```
​
``` sh
server.modules += ("mod_openssl")
$HTTP["host"] == "my_server.local" {
  $SERVER["socket"] == ":443" {
    ssl.engine = "enable"                                # basic option
    ssl.pemfile = "/usr/lib/ssl/certs/my_server_SAN.crt" # basic option
#   ssl.pemfile = "/usr/lib/ssl/certs/my_server_NO-SAN.crt"
    ssl.privkey = "/usr/lib/ssl/private/my_server.key"   # basic option
    ssl.ca-file = "/usr/lib/ssl/certs/cacert.pem"        # (deprecated) renamed ssl.verifyclient.ca-file (since 1.4.60)
  }
}
```
​## Resources
---
​
1. [OpenSSL Certification Authority (CA) on Ubuntu Server](https://networklessons.com/uncategorized/openssl-certification-authority-ca-ubuntu-server)
    1. Prerequisites
        1. hostname, /etc/hosts, and ntp
    1. OpenSSL Configuration
        1. Specify the path, generate cakey.pem & cacert.pem
        1. Install cacert.pem on your client machine(s)
2. [Enabling HTTPS for your Pi-hole Web Interface](https://discourse.pi-hole.net/t/enabling-https-for-your-pi-hole-web-interface/5771)
    1. Which config file to edit (/etc/lighttpd/external.conf)
3. [OpenSSL man pages - genpkey](https://www.openssl.org/docs/man1.1.1/man1/genpkey.html)
    1. Generate a private key using genpkey; 
4. [Lighttpd wiki #Self-Signed-Certificates](https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_SSL#Self-Signed-Certificates)
    1. Used the 'Quick Start'
    1. Tip: keep your lighttpd -version in mind
5. [Firefox no longer trusts my internal certificate authority used for internal sites on our domain.](https://support.mozilla.org/en-US/questions/1175296)
    1. See also *security.enterprise_roots.enabled* on the about:config page.

ELUG Meetup: June 24, 2021

by

Topic: open forum, speed talks
Presenter: various
Location: https://meet.elug.rocks/24Jun2021
RSVP to the Startup Edmonton ELUG event: https://www.meetup.com/startupedmonton/events/ltgwcsyccjbgc/

This meeting around we will try something different. Whoever wants and is prepared can talk about a LINUX topic for about 5 minutes. Everyone is welcome to do so or just listen if you prefer. No need to register any talk just come, join and talk about a topic, near and dear to your LINUX heart.

ELUG Meetup: April 22, 2021

by

In our latest edition of ELUG virtual meetups, Manuel walked the participants through the developments of services in regards to server infrastructure. From the initial “one machine, one task” philosophy to the development and advantages of virtualization to containerization of applications and container orchestration through kubernetes.

A video of that session was recorded so if you want to take a look at look check that out here:

Virtualization vs Containerization

The presentation can be found here:

https://nextcloud.elug.rocks/index.php/s/rAHEHwFxSZwnK9C

ELUG Meetup: March 25, 2021

by

In our last meeting on March 25, Rajiv presented advanced concepts of VIM. He walked the participants through how and when using the mouse, search, replace, open documents in tabs, vertically split the screen an a lot more. Fortunately, Rajiv also recorded the session as it would be too much to document everything in a post.

If you want to take a look at how great vim can be head over to our Nextcloud instance and check out the video here:

https://nextcloud.elug.rocks/index.php/s/DSzoWfeN5e5NEQG