Next Meeting: May 26, 2022

by

Topic: Round table – Bring all your Linux ideas!
Presenter: Everyone!
Location: https://meet.elug.rocks/26May2022
RSVP to the Startup Edmonton ELUG event: https://www.meetup.com/startupedmonton/events/ltgwcsydchbjc/

The Edmonton Linux User Group (ELUG) Meetup is a chance to get together with other users of Linux, GNU, and Unix-like operating systems, and open source software. Our members range from newcomers to power users to seasoned administrators and developers; so, all are welcome!

We meet as an opportunity to exchange ideas, knowledge, and experiences for several reasons:
– to educate for personal and professional growth
– to promote and advocate for the free and open source movement
– to support and assist with Linux-related challenges
– and to socialize with peers who have a common interest

Examples of topics that may be discussed or presented include (but not limited to):
– Exposure to different distributions
– Workshops on various tools and commands
– User-level and system-level development and tuning
– just about anything else Linux-related

We welcome anyone with an interest in Linux and/or open source software and look forward to building the Linux community in Edmonton.

Standard Agenda:

6:00pm – Arrival, mingling, setting up techno-stuff
6:30pm – Welcome & introductions, presentation begins
7:30pm – Announcements, open discussions
8:00pm – Event conclusion (officially, but we usually hang around for as long as we feel like it after)

If you would like to help with the operations of this group, or even just make suggestions, please contact Robert Salomons or Manuel Eller or David Laycock.

ELUG Meetup: April 28, 2022

by

David showed us how to set up a NextCloud instance. Nextcloud is your own personal cloud offering a myriad of features and functions. You want to setup your own, private iCloud? Nextcloud makes sure your data never leaves your control. You want to be able to edit office documents on in the cloud? Nextcloud offers a full fledged office solution. You want to synchronize your phone’s data with your Nextcloud instance? Install the iPhone or Android app, connect to your server and you are good to go.

If you want to have a quick look at what was covered in our last meeting please feel free to review the video here:

https://nextcloud.elug.rocks/index.php/s/AkaeFBHDBZ8DFpL?path=%2F2022-04%20Nextcloud

ELUG Meetup: January 27, 2022

by

A new year and the ELUG is still strong on their VIM journey. This month, Rajiv presented some of the really, really advance features that VIM offers. If you want to see for yourself, there is a video about that available here.

ELUG Meetup: October 28, 2021

by

We had a great walk through this month. Spencer showed off a way to setup his own NTP server in-house. The details are hosted on a private GITHUB site. If you want access to follow Spencer’s instructions, please join our SLACK chat at https://elugyeg.slack.com and contact Spencer for the access to his GITHUB.

ELUG Meetup: September 23, 2021

by

This month we had an open forum. The focus was on general networking. There were a few questions around DHCP and static IPs. Some basics around network protocols were discussed as well as how these were developed. A few of the items that came up were token ring networking, OCI, TCP, UDP to name a few.

If you want to take a look into our Nextcloud instance you can find that here:

https://nextcloud.elug.rocks/index.php/s/AkaeFBHDBZ8DFpL?path=%2F2021-09%20General%20Networking%20(open%20forum)

ELUG Meetup: August 26, 2021

by

In our meeting on August 26 Spencer walked us through how to setup different machines and ensure that they are equipped with certificates. Once accessed with a browser these devices show up as “secure” where as the default behaviour would highlight the site as not secure.

A video of that session was recorded so if you want to take a look at look check that out here:

https://nextcloud.elug.rocks/index.php/s/AkaeFBHDBZ8DFpL?path=%2F2021-08%20Certificate%20authority%20(Spencer)

Spencer also was kind enough to provide a high level overview:

# "something about a self-signed certificate and pi-hole"## Objective
---
​
As a user I want to view the pi-hole admin page using https instead of http. As the creator of a local certificate authority, I accept the risk of installing its certificate on my local devices.
​
## Requirements (prework)
---
​
1. Lessons 1.1, 1.2, and 1.3 from *resource #1*
    1. Check the device hostname
    1. Sync your clock
    1. Review your OpenSSL configuration (openssl version -a)
    1. Create a directory structure to store the keys, signing requests, and certs
    1. Lock it down (chmod 600)
​
## Create the private key and cert for the CA
---
``` sh
# Create a private key for the CA
openssl genrsa -aes256 -out private/cakey.pem 4096
​
# Create a certificate for the CA
openssl req -new -x509 -key /root/ca/private/cakey.pem -out cacert.pem -days 3650 -set_serial 0
```
## Create the private key and cert for the pihole
---
​
``` sh
# Create a new private key
openssl genpkey -algorithm RSA -out /root/ca/private/my_server.key
​
# Create a new certificate signing request (CSR)
openssl req -new -key /root/ca/private/my_server.key -out /root/ca/requests/my_server.csr
​
# CA signing the CSR 
openssl ca -in /root/ca/requests/my_server.csr -out /root/ca/certs/my_server_NO-SAN.crt
​
# CA signing the CSR with configuration file with X509v3 extensions to add
# NET::ERR_CERT_COMMON_NAME_INVALID is resolved by adding 'subjectAltName'
openssl ca -in /root/ca/requests/my_server.csr -extfile /root/ca/my_server.ext -out /root/ca/certs/my_server_SAN.crt
```
​> my_server.ext
​
``` sh
subjectAltName = DNS:my_server.local, DNS:pi.hole, IP:10.0.0.10
```
​
### Checking the certificate
---
​
``` sh
# Check for SAN
openssl x509 -text -in /root/ca/certs/my_server_SAN.crt -noout
```
> Expected output should include:
``` sh
X509v3 extensions:
    X509v3 Subject Alternative Name:
        DNS:my_server.local, DNS:pi.hole, IP Address:10.0.0.10
```
​
## lighttpd config
---
​
``` sh
nano /etc/lighttpd/external.conf
```
​
``` sh
server.modules += ("mod_openssl")
$HTTP["host"] == "my_server.local" {
  $SERVER["socket"] == ":443" {
    ssl.engine = "enable"                                # basic option
    ssl.pemfile = "/usr/lib/ssl/certs/my_server_SAN.crt" # basic option
#   ssl.pemfile = "/usr/lib/ssl/certs/my_server_NO-SAN.crt"
    ssl.privkey = "/usr/lib/ssl/private/my_server.key"   # basic option
    ssl.ca-file = "/usr/lib/ssl/certs/cacert.pem"        # (deprecated) renamed ssl.verifyclient.ca-file (since 1.4.60)
  }
}
```
​## Resources
---
​
1. [OpenSSL Certification Authority (CA) on Ubuntu Server](https://networklessons.com/uncategorized/openssl-certification-authority-ca-ubuntu-server)
    1. Prerequisites
        1. hostname, /etc/hosts, and ntp
    1. OpenSSL Configuration
        1. Specify the path, generate cakey.pem & cacert.pem
        1. Install cacert.pem on your client machine(s)
2. [Enabling HTTPS for your Pi-hole Web Interface](https://discourse.pi-hole.net/t/enabling-https-for-your-pi-hole-web-interface/5771)
    1. Which config file to edit (/etc/lighttpd/external.conf)
3. [OpenSSL man pages - genpkey](https://www.openssl.org/docs/man1.1.1/man1/genpkey.html)
    1. Generate a private key using genpkey; 
4. [Lighttpd wiki #Self-Signed-Certificates](https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_SSL#Self-Signed-Certificates)
    1. Used the 'Quick Start'
    1. Tip: keep your lighttpd -version in mind
5. [Firefox no longer trusts my internal certificate authority used for internal sites on our domain.](https://support.mozilla.org/en-US/questions/1175296)
    1. See also *security.enterprise_roots.enabled* on the about:config page.