All My IT Tech Posts

All My IT Tech Post Knowledge – Introduction

This eBook is a collection of 123 WordPress Posts I wrote from 2014-2022, on very varied technical subjects, using Linux as the primary tool for various IT and telecoms topics of interest to me.

It represents a comprehensive summary of my total IT tech knowledge across Linux, Windows, Networking, Cisco, Programming (JS, HTML, CSS, C, Python), MYSQL Databases, WordPress website hosting, SD Radio, Raspberry Pis, Linux/Windows Admin, Tech theory on many topics such Protocols, Encapsulation and Multiplexing...and much more.

I hope there is something for everyone in the Title List below.

I suggest using your PDF reader's text search function to copy the Post title you wish to read so it takes you to the relevant page where the Post starts.

Thanks for purchasing a copy if you have and I hope my decades of education provides you with some benefit if you are looking to get into the IT world at whatever level, which never happened for me as a career for many reasons.

The purchase of the eBook does NOT imply ANY form of author tech support or liability for its content use on ANY IT system!

Post Titles

All My IT Tech Post Knowledge – Introduction

Post Titles

Main Page – Linux Admin & WebDev – Beginner to Intermediate IT Topics

Running Apache2, MYSQL and WordPress on Win11 WSL Ubuntu

SSL on Ubuntu Apache2 – Creating Self Signed Certificates, Checking SSL Traffic with TCPDUMP and Wireshark

VS Code Live Server SSL Settings

First Site Pages Speed and SEO Tweaks

WordPress Images Not Showing – Rare Solution

Uploading Your Local WordPress MYSQL Site to a New Hosting cPanel Site

WordPress CLI Commands and some MYSQL Repair Commands

MYSQL DB Repair Commands

Downgrading PHP Versions

WebDev: Embedded Video Code for Landing Page Link

Form Validation Types, Results Script and Non Default Web Font Use

WebDev Portfolio 2 – Fun Conspiracy Theory Quiz

WebDev Portfolio 1 – First Solo Project – Noughts and Crosses

JS Behind The Scenes : Hoisting and the TDZ – Temporal Dead Zone

JS: Refactoring the Guess Number Game Code

JavaScript: Guess Number Game

Functions: Writing and Converting JS Functions to Arrow Functions

CSS Grid Layouts

CSS Flex Positioning Options

JS, HTML and CSS Todo List – Saves List to JSON File

Equivalent Prime Numbers Programs for Java, Python, C and JScript Testing

ADSL Cmd Line Tests for Win11 and Linux

Building A PHP Webpage Input Button for DB Connection

Pi Imager on Linux for Pi/Ubuntu

Converting DVD VOB Files to Smaller VOB and MKV

Joining/Sizing MP4 Video Files

Thumbdrive Performance Differences V USB SATA disk

Manipulating PDFs using PDFTK and PDF-Shuffler

GParted MBR Weirdness – New fdisk MSDOS Partition Needed on Some Hard Disks

GParted's e2fsck -fyvC0 /dev/sdx and ntfsresize -ifv /dev/sdx

Rescue Your System from an MBR corruption? grub rescue>

Quickest Cloning of Working Mint System

Cool Command #11 cat /etc/*release; env

My Rsync Local WordPress Backup Examples (in Win11 I just use Syncback)

WP Info/Search Replace on CMD Line/vsftpd

New Mint Install and Want WordPress at Home? Full Steps I Take...

Post Install Mint Sonya 18.2 Additions

HP AMDA8 1.0 TB Hard Disk Benchmark Reference

Pi3 – Can't Log In To Desktop Except User Pi

Pi3 Wifi Setup Problem – RESOLVED; group=netdev Fault?? Eh?

Pi3 USB Boot Device with Picam Motion

Booting a Pi3 from USB3 Devices

WordPress Upload Limit – .user.ini

Ripper X – MP3 Ripper

Microsoft, Not You, Now Owns Your Laptop via W10! Install Mint Anyway Despite the Deliberate W10 Designed Problems

Check Working Keys Using Ubuntu's Handy Utility

Backing Up Working Picam Images Over the Net With dd and Netcat

Cool Command Number...?? pssh containing cssh and more

Linux Compatible WiFi Dongles...That Aren't Really...And Ugly but Unique Network Device Names

Remember – Debian Still Supports 32 Bit Systems, Even If Ubuntu, Mint and Chrome Don't...Learn Debian PPA Installs

Ubuntu Saves My 10 Year Old Acer Laptop. First Look Opinions?

Windows 10 Dictatorship – It Gets Worse!!

Comparisons of Dell T3400 Dual V T3400 Quad

Basic Failed Hard Disk Fault Finding and Wrecking/Fixing With fdisk, sdisk, cfdisk and badblocks

Intel's Supercomputer Test – How Many GFlops Is Yours?

Personal Data Awareness for Broken/Stolen PCs – The Data People Give Away! Use Shred/Other App

Easy Driver Install for MediaTek 7601 USB WiFi on Later Mint Kernels

DD and Cloning Windows System Drives

Cheap But Handy USB/SATA/IDE Backup Gizmos from the Web

Slick Canon Printer Support for Linux – How Corporations Should Do It...

At Least 15 Reasons Not to Use Win 10!

Cisco Setup WiFi LAN and NTP – Full Config + Password Reset + Webpage Access

Cisco Setup ACL Settings and Basic Routing Concepts

Cisco Setup NAT Connections (LAN to WAN), ACLs, DNS and DHCP Server

Cisco Setup ADSL Connection (WAN)

Cisco Setup via Linux – Serial Port Connection

Quad Dell 490 Upgrade to 8 Cores and 20GB

Quad Dell T3400 Upgrade to NV GTS450 V GT610

Comparisons of Quad Dell T3400 and Dell 490 Servers

Linux with a Good but Older ATI X1800 GPU – a Legacy Farce

Spec Comparison of Dell T3400 Quad and HP AMDA8 Quad Using Hardinfo

Google Chromecast – A Way to View Browsers on TV

Maximise Premises DSL Signal to Router Jack Socket – then Call Support to RESET!

Small Business Data Security Requirements Summary

Intro to Software Defined Radio – FM Stations and Tracking Aircraft

The Linux Gaming Scene via Steam

Save Gigabytes of Failed Rsync Video Transfers on a Drive

AWK as a Limited Spreadsheet Simulation for Stats

Developing One Liners with Command Substitution

Basic Editing of Your Worpress Style.CSS Sheet

Printing (LIVE!) ASCII Histograms from Numeric Data Output + Files

Gpick – an HTML Colour Code Utility

Converting m4a to mp3

Sysbench – Simulated Database Testing

Awk/Perl/SED Notepad

CPU Bound Loop to Load 1 CPU Core to 100% to Test Observability Tools

How Slow Can You Go? Sysbench Comparisons Disk/File IO

How Slow Can You Go? Sysbench Comparisons – Memory

How Slow Can You Go? Sysbench Comparisons – CPUs

Gnuplot – Basic Ideas to Capture Live System Data

Gnuplot – Basic Starter Example Data File for System Profile Plots

How Slow Can You Go? Old and New Tech Moore's Law Comparison – Hard Drives

Linux Performance Tools List Check Utilisation, Saturation, Errors (USE)

Flame Graphs by www.brendangregg.com – Intro to System Profiling and Admin Tools

Intro to Gnuplot

Apache server-status Monitoring

An Intro to Metachar Search Methods – Wreck the MP3s!!

WebDAV Web based Distributed Authoring and Versioning – Digest Auth with HTTPS Access

WebDAV Web based Distributed Authoring and Versioning – Basic Auth with HTTP Access

Setting Up Linux Mint RSyslog Server to Log Vigor Router Data

Exploring Find Cmd Options – Continuing With Metacharacters

Byobu and Entropy – A Truly Random Discovery Post

Exploring Find Cmd Options – file types you may want to find...and go insane trying

Remote Server gkrellm Monitors or Other GUI Apps via SSH and X11

Setting Sudo Users with Adduser and Visudo in Mint and Raspbian

Experiment with Pipes, Redirection, Command Substitution and Variable Expansion

Post New Mint Install Tweaks Options

Practical C Programming – Unitsconverter Prog: using fmod for float remainder

Practical C Programming – Switch and Nested Switches Example

Chapter 9 Notes Practical C Programming, 3rd Edition By Steve Oualline

Creating an eBook PDF from your WordPress Posts

Chapter 8 Notes Practical C Programming, 3rd Edition By Steve Oualline

Chapter 7 Notes – Practical C Programming, 3rd Edition By Steve Oualline

Chapter 6 Notes Practical C Programming, 3rd Edition By Steve Oualline

Chapter 5 Notes – Practical C Programming, 3rd Edition By Steve Oualline

Chapters 1-4 Notes – Practical C Programming, 3rd Edition By Steve Oualline

Multi Picam Webserver

Cool Command #10 – mogrify

Sony Arc S USB to Mint connection problems

Testing graphics (PCIE) cards with phoronix-test-suite

Tutor's/New User's Linux Mint 5 Day Essentials Introduction Course Material

Linux 5 Day Essentials Introduction Course Material

Encapsulation – From Bits to Gigabytes in 200 Years

Openshot – An Instantly Usable Video Editor

Issues Writing with DD to /dev/sr0 With Blank DVDs

Cool Command #9 – extundelete

Creating DOS images for Virtualbox to install DOS for legacy games/education/nostalgia reasons.

Home Made Outdoor Surveillance PiCams, Pi Cam's IR Sensitivity, with TalkTalk Powerline

When students ask: What's an IP Address?

SED Basics using O_Reilly.pdf example, and Unexpected Mind-Bending Parsing Behaviour

Some Linux One Line Cmds

Using Crontab to Automate Commands on Schedule and with Poweroff

Slow Mint Install? Some Things To Check re UEFI, USB and Linux GPU Drivers, then a Windows free future!

Chinese IP Camera Garbage Keep Calm and Steer Clear

Understanding Basic Ideas Behind Optimised Code and Erastosthenes Sieve

Using and finding the attribute of i assigned to a file with chattr and lsattr

Picam with Motion Only Minimal Fresh Install and NLoad Stream BW

Cool Command #8 – lsof

Fix Double Minus Sign Problem in WordPress in Theme Functions php

Basic Rsync Usage Summaries from Man Page

Using Awk, Sed, Cut and TR To Cut a Column List for Character Substitution and Nmap Bad Ports List

Adding a SSH Share Using SSHFS and Viewing Netstat

Pi USB Mediatek WiFi dongle drivers and (failed) Pi install

Using Sendemail/Curl For a Motion Alert and Hacking Its 2+ year old Perl TLS Bug

Working Motion Installs On 2 Identically Setup Pi2's

A Working ZoneMinder Pi Install With PiCam and Creative Optia Webcam in 10 Mins!

Testing Webcams With fswebcam, Pi Noir Picam and Remote View of Motion on the Pi

USB Cam Intro to Motion and Zoneminder

Mint 17.2 Zoneminder Nightmares

First Python Scripts For Pi Camera

AVCONV Video Format Conversion Command Line Structure

Create a Bootable Windows PE Image

PXE Menu Issues and ISO Boot File Problems

QEMU/KVM on Mint

Setting up Kickstart server in centos 6.3, by Joe Moore at databasejoe.com

Mint as a PXE Server for PartedMagic and Multi OSs

Mint's Default Key Net Files After First Install, Reboot and Update and Windows Pings

Raspberry Pi Quad Core Install X11vnc config and BOGOMIPS comparisons

Setup and Access a 1TB FAT32 USB Share on a Draytek Router

Linux Zenmap GUI for Nmap

Linux Mint and Windows Network Share Investigation of Permissions

Rsync and Grsync GUI Tutorials by Unixmen.com

New Mint 17.2 Rafaela Install Beginner's Base Functionality Setups?

Top Linux Admin Links And Articles From Geekstuff.com

Linux Anti Virus 3 Comodo AV

Google Docs

Basic Maths and Ideas Behind Password Complexity

Backing Up and Running Your Public WordPress Site Locally

Linux Commands + Packages – How Many, and What For?

Apache2 Encryption and Certs On Raspberry Pi

Apache2 Web Server On Raspberry Pi

Raspberry Pi – A lot of PC and OSs for £35!

Cryptography + Encryption

Windows 8 DNSClient Internet Blockage and Fault Finding Logic

Computerphile Vids – End of Unix Time

The NSA Backdoor in Encryption Algorithms

Cool Cmd #7 tmux

Cool Cmd #6 – dd_rescue

File Recovery with TestDisk / Photorec

Locked Out of Win NT? Offline Reg Editor

Cool Cmd #5 – p7zip

Linux Mint Samba and Windows Shares

Apache2 Webserver Install on Mint Quianna

Protect/Recover Your Data and PC – Basic Overview Recap – Old AV Links

Basic Security Concepts – Principles For Any System or OS

Online Web Compiler and cmd line C/Java programmes

William Shotts SysInfo.html Creator Script

Simple WordPress CSS Text Size and Color Tweaks

Linux Mint Quick Test – a Windows Replacement? Definitely!!

Cool Command #3 Rsync

Cool Command #2 – Find with -exec or -delete or | xargs rm -v

Cool Command #1 – DD with Progress

Simple Script Analysis

Introduction to Scripts

Exim4 MTA – Message Transfer Agent

Re-install Win 7 With No DVD and Replace Laptop Auto Recovery Partition

Databases – A Research Paper 2009

Main Page – Linux Admin & WebDev – Beginner to Intermediate IT Topics

A MOST useful and speedy thing on a Linux desktop is the ability to highlight text with the Left mouse button then immediately paste it elsewhere with the middle mouse button/wheel press (= both laptop buttons).its separate mem from Ctrl C too, so use BOTH for two text option pastes.

Tab Key - completes available command line options in consoles

F3 - find text in some apps and pages like this webpage!

F5 - browser and Konqueror based apps page refresh (or e.g. http://192.168.1.2/server-status?refresh=5)

Ctrl-C - stops nearly all running command line progs

CTl-Alt-BackSpace - kills and respawns X window on CtrlAltF8

Ctrl-F1 - App help?

CtrlZ - undo

CtrlX - cut

CtrlC - copy text etc (GUI/App/R click)

CtrlV - paste

Ctrl-S - stops fast scroll in tty

Ctrl-T for new tab in browser

Ctrl + or - to magnify/shrink text (Ctrl+wheel)

Ctrl A/E (move cursor to start/end of cmd line)

Ctrl U (deletes cmd line)

Ctrl Z (pause running cmd line job)

Ctrl-Alt-F1 to F7 Linux terminals and Dtop GUI (F8 usually)

Esc - close last open box etc.

Alt-F1 - Workspaces

Alt-F2 - GUI run cmd box

Alt-F3 - ?

Alt F4 - closes active window/app

Alt-F5 - reduces window size to pre max

Print Screen saves screenshot to Pictures in Mint

Alt-PrntScr - saves active window to Pictures in Mint

Ctrl-Alt-Delete - close session option from GUI or reboot from F1-7 terminal

Raspberry Picams Are Amazing!

I have to showcase the Picams with Motion first as they really have been the most useful bits of kit I have for reliable but relatively cheap home security/surveillance hobbyists. Their image quality, flexibility and 24/7 reliability is outstanding:

https://youtu.be/hUORBntR2OY?list=TLGGd7QTkUNsQskxODA2MjAyNA

The topic of camera surveillance in Linux was a time-consuming and steep learning curve from scratch, as seen by the Post histories leading up to the REALLY SIMPLE final incarnation of the overall setup which has been super stable since Sept 2015! They all rebooted 13 times in one day without corruption, in thunderstorm power cuts!

That says a lot for the Raspberry Pi and Debian Raspbian OS with ext4 filesystem. Could you imagine the state a Windows FS would be in?

A little serendipity helped for the final Apache2 server page setup that I stole the iframe code for - a weather channel viewer - to embed the Picam's IP addresses in. Don't reinvent the wheel! The beauty of this simple index.html page is that it calls all the picams streams in one page, so you can have a copy of it on every desktop on your network/smartphone and just open it in your browser and it will show you all the camera's live views without even needing an apache webserver on your network, except if you want internet access via NAT through your router.

The final Post showing the setup;  http://localhost/DebianAdmin/picam-webserver/

I can also access the Apache2 webserver via DynDNS from anywhere on the web via NAT routing - or directly for those with a static IP. The Pi units were set up using my own steps - some are probably not required with later Raspbian/Motion releases or depending on how you set up your shared folders - I was still getting to grips with Linux permissions overall back then, but the more terse Post for those steps is here:  http://localhost/DebianAdmin/pi-with-motion-only-minimal-fresh-install-summary/.

I review the Picams daily and then delete the videos. I have a crontab set on each also to delete the videos every week if I was away for any reason, as the cams will stop when the SD card is full if not. File rotation needs research here as necessary. A typical review is as below:

https://youtu.be/I0864uS08MI?list=TLGGZnSm5Jnwo2IxODA2MjAyNA

How to autoplay and loop the videos you make once uploaded to YouTube. The code for the (quoted for WPress sake here) embed is of format:

Image Editing

This is a big one if you think of how many photos/images need timely size reduction/cropping to get uploaded to websites for bandwidth optimisation and minimal server/backup storage. The handiest smartphone multiple photo shrinker cmd ever for me is

mogrify -resize 25% *jpg

- part of ImageMagik.

Used with screenshot and rarely, GIMP, these tools are all I need to get images to WordPress with minimal pain.

File Permissions

If you are serious about understanding Linux - or any other OS - past a basic user level, you need to understand this topic well! It takes practice. I only now - in the last year - feel I understand perms to a satisfactory level after writing my Linux Tutor's Course PDFs. That is also why there are 2 days devoted to the topic in my course PDFs, to make a student/newbie WORK through the examples to think about, research, and realise the importance, function, and complexity - yet the genius design of the Unix system regarding directory and file ownership/protection. Download them from the menu links. Perms affects system function in many ways - not least overall security or potential data loss. You can even set a perm so root cannot directly delete files using chattr. Setting up the Picams was a classic case of perms as required knowledge to get Motion to work at the time.

Utilising Metachars on the Command Line

Exploring metachars for command manipulation is fundamental to the effective use and understanding of Unix.

Useful examples as an intro to this topic is the removal of white space from file names as was required in the PDF eBook Post, and in messy MP3 album/filenames shown in the Find with -Exec Post:

Linux white space file name removal

https://youtube.com/watch?v=dhR3i-GsHUk

Basic Programming Insight

I'm a useless programmer. But computing in general will be far more interesting and understandable if you study even the most basic elements of programming up to concepts of iteration loops say; while/for loops etc - even if - like me - you are not good at it. The logic is instantly usable on the Linux cmd line, and will help you understand any commands using iterative operations such as find or rsync.

Linux for loop

https://youtube.com/watch?v=S-Ye1I0IXiI

Try these yourself:

for x in {1..100}; do printf \ 100\ Repeats \n ; done

echo What is your name? ; read MY_NAME ; echo Hello $MY_NAME - hope you're well.

a=1; b=2; echo `expr $a + $b`

cd; for i in G M K; do du -hsx * | grep $i\b | sort -nr; done 2>/dev/null

for x in {1..5}; do echo $((1 + RANDOM % 20)); done

while sleep 1 ; do printf lots of text\n ; done

SED/VIM search and replace methods is a good place to start, and AWK specifically, as a path to C. I have Post examples on this and C programming with examples you can just copy and paste into a vim text file in your home dir and then run them.

echo my name is steve

my name is steve

echo my name is steve | sed s/steve/fred/g

my name is fred

Now can you see how the white space search and replace command above works? The same function found in the Search/Replace webpage in the Run Your WP DB Locally Post.

Understanding $(variable) expansion is very useful when you need the iterated output of an operation to be expanded first then processed as part of another command, as in the http://localhost/DebianAdmin/developing-one-liners-with-command-substitution/

eBook Creation Post or the Nmap BadPorts example.

SSH, Rsync, X11, and Passwordless Logins for Aliased Remote Backups

These few procedures make general networking admin much easier.

For the ssh passwordless login process, see the Notepad page, and to understand rsync in conjunction with that. Aliases for these long commands can be set up after it has been checked as working with dry run (-n) e.g:

alias budellmint='rsync -e ssh—delete-excluded—progress /home/stevee/* stevee@dellmint:/home/stevee/—exclude=. -vahn'

Linux remote rsync

https://youtube.com/watch?v=CFEjFMfQAFI

Once the alias is setup,its a breeze to do an immediate backup of say, a newly downloaded file to my other remote PCs using just my budellmint type aliases.

To run remote X11 GUI based apps on a remote PC, but viewed on your own screen, connect to the remote PC, dellmint, using:

ssh -X dellmint

Then run the GUI based app remotely to see it appear on the local PC:

Linux gkrellm

https://youtube.com/watch?v=nYn19udwI88

This is useful for updating/running CAV AntiVirus on a remote server via command line.

Running Apache2, MYSQL and WordPress on Win11 WSL Ubuntu

As I've done so much work on my websites and WordPress recently rebuilding/fixing/designing them for uploading to the web (here! lol) and I have about 256GB of space on my Win11 laptop, I wondered if all my Posts would work flawlessly on WSL, following my How-Tos line by line, and see if they worked as on Linux Mint or if there were issues. It would also be very useful to have a 2nd working backup of my home site should my very old Linux laptop fail. I thought I'd document it and log all that happens, from first steps following this Post:

http://localhost/DebianAdmin/new-mint-install-want-wordpress-at-home-full-steps-i-take/

I thought I'd make this version clearer for beginners to understand better what is going on so there's more explained each step than before, and asits WSL and Win11, I don't know what may happen myself.

Before that though - for those who know Windows but not Linux much and want to learn - how do you install WSL first? In my case,its installed already but follow the instructions.

WSL Setup

Open a Powershell prompt as Administrator and run:

wsl—install

Windows Subsystem for Linux is already installed.

The following is a list of valid distributions that can be installed.

Install using 'wsl—install -d '.

NAME FRIENDLY NAME

Ubuntu Ubuntu

Debian Debian GNU/Linux

kali-Linux Kali Linux Rolling

SLES-12 SUSE Linux Enterprise Server v12

SLES-15 SUSE Linux Enterprise Server v15

Ubuntu-18.04 Ubuntu 18.04 LTS

Ubuntu-20.04 Ubuntu 20.04 LTS

OracleLinux_8_5 Oracle Linux 8.5

OracleLinux_7_9 Oracle Linux 7.9

PS C:WINDOWSsystem32> wsl—list—verbose

NAME STATE VERSION

* Ubuntu Running 2

To access the files in the wsl2 UBUNTU distro from the WINDOWS 11 explorer:

Open Windows Explorer and enter wsl$ in the address bar -its the same place as the Linux icon under the Network link:

NEVER change files with Win tools in here as you can corrupt the Linux OS!!its just for reference and orientation!!

IF you want GUI access to your Linux systems, see this link for Win10 - it doesn't work for my Win11 - it won't get past the Ubuntu login page then Win RDT drops out:

http://dev.to/aitorsol/wsl2-windows-Linux-subsystem-a-guide-to-install-a-local-web-server-ubuntu-20-04-apache-php8-y-mysql8-3bbk

Once your Linux Distribution choice is installed, search for WSL in Windows, create a penguin shortcut to put on your Taskbar, open a terminal and feel free to update all the packages from the repositories of whatever Distro you chose, using its command - Ubuntu in my case. Get to your home directory first for reference:

cd

stevee@laptop:~$ ls -al

total 52

drwxr-xr-x 5 stevee stevee 4096 Nov 21 23:57 .

drwxr-xr-x 3 root root 4096 Sep 22 14:32 ..

-rw——-—1 stevee stevee 8252 Nov 24 19:12 .bash_history

-rw-r—r—1 stevee stevee 220 Sep 22 14:32 .bash_logout

-rw-r—r—1 stevee stevee 3771 Sep 22 14:32 .bashrc

-rw-r—r—1 stevee stevee 62 Oct 17 11:11 .gitconfig

drwxr-xr-x 2 stevee stevee 4096 Sep 22 14:32 .landscape

drwxr-xr-x 3 stevee stevee 4096 Oct 16 20:19 .local

-rw-r—r—1 stevee stevee 0 Nov 24 15:43 .motd_shown

-rw-r—r—1 stevee stevee 807 Sep 22 14:32 .profile

drwx———2 stevee stevee 4096 Nov 24 15:43 .ssh

-rw-r—r—1 stevee stevee 0 Sep 22 14:45 .sudo_as_admin_successful

-rw——-—1 stevee stevee 3893 Oct 17 10:57 .viminfo

sudo apt update

30 packages can be upgraded. Run 'apt list—upgradable' to see them.

sudo apt upgrade

sudo apt autoremove

Samba Setup

Now I can start with my first steps from my Post above toward a WSL based webserver for my WordPress sites:

sudo apt-get install ssh nmap vim automake autoconf module-assistant nbtscan locate libnss-winbind winbind g++ gparted intel-microcode amd64-microcode Linux-firmware mysql-server wordpress apache2 samba libapache2-mod-php php-mbstring php-curl php php-mysql

If you have a slow ADSL connection for the downloads, open another Linux terminal to continue other tasks like setting a root password:

stevee@laptop:~$ sudo passwd root

New password:

Retype new password:

passwd: password updated successfully

A samba network share password is required to access other Linux network shares later - the same password as your user name on those other PCs to keep logins simple:

sudo smbpasswd -a stevee

New SMB password:

Retype new SMB password:

Added user stevee.

sudo vim /etc/samba/smb.conf

Uncomment the section - permissions according to what read/write access you want to allow from remote PCs:

; comment = Home Directories

browseable = 1

read only = 0

create mask = 0775

directory mask = 0775

valid users = %S

To add extra shares, write them at the bottom of the smb.conf file in the form:

path = /var/www/

writeable = 1

browseable = 1

Save the file in vim with

:wq

Check it for errors:

stevee@laptop:~$ testparm

Load smb config files from /etc/samba/smb.conf

Loaded services file OK.

Weak crypto is allowed

Start Samba services:

sudo service smbd start

sudo service nmbd start

But nothing on the network is visible - windows stopped using SMB for network connections a while ago, why Linux and Windows can only connect via mapped drives out of the box now - but the Linux laptop should be seen?:

stevee@laptop:/var/www$ sudo smbstatus

sudo: unable to resolve host laptop: System error

Samba version 4.13.17-Ubuntu

PID Username Group Machine Protocol Version Encryption Signing

APACHE2 Setup

For WP to run, not just read the wp-*php files it will require:

sudo apt install mysql-server wordpress apache2 libapache2-mod-php php-mbstring php-curl php php-mysql

As these have already been installed above, there may be nothing to do except another:

sudo apt autoremove

Configure the Apache2 files to suit your site - I only want 2 sites available whose WordPress content folders will be stored in /var/www:

sudo vi /etc/apache2/sites-enabled/000-default.conf

DocumentRoot /var/www

Alias DebianAdmin /var/www/DebianAdmin

Alias ElectronicsStuff /var/www/ElectronicsStuff

Amend this file accordingly:

sudo vi /etc/apache2/apache2.conf

# Global configuration

#

ServerName laptop

# In vim, press / then search var/www, and change code to:

Options Indexes FollowSymLinks

AllowOverride All

Require all granted

stevee@laptop:~$ sudo service apache2 restart

* Restarting Apache httpd web server apache2

If you now enter your http site name in a browser bar you should see the insecurity compliant:

If you continue, you won't see any site files, as I haven't copied the WP contents folder or index.html to /var/www or set the permissions yet.

So my user and Apache2 have access to the web folder /var/www, set the ownership of user:group:

sudo chown stevee:www-data -R /var/www/

sudo chmod 775 -R /var/www/

ls -l /var/www/

total 4

drwxrwxr-x 2 stevee www-data 4096 Nov 24 22:55 html

Now I have to copy the WP site's content folders here from where they are already - I don't need to be root as I own both source and destination folders - about 7.4GB in total:

cp -vr /mnt/c/MyShare/www/* /var/www/

The files retain their old ownership permissions so have to be changed again for Apache2 group access.

stevee@laptop:/var/www$ ls -l /var/www/

total 4653712

-rwxr-xr-x 1 stevee stevee 2480 Nov 24 23:36 android-chrome-96x96.png

-rwxr-xr-x 1 stevee stevee 3167 Nov 24 23:36 Apache2SSLCerts.txt

-rwxr-xr-x 1 stevee stevee 1898 Nov 24 23:36 apple-touch-icon.png

Assume all wp site folders are unpacked or copied into /var/www/. Set all files to correct permissions for a local PC only (755/644) or network group access (775/664) and user:group permissions:

sudo chown stevee:www-data -R /var/www

sudo find /var/www/ -type d -exec chmod 775 -R {} +

sudo find /var/www/ -type f -exec chmod 664 -R {} +

stevee@laptop:/var/www$ ls -l /var/www/

-rw-rw-r—1 stevee www-data 4603540204 Nov 24 23:36 backup-11.23.2022_20-15-52_steveped.tar.gz

drwxrwxr-x 2 stevee www-data 4096 Nov 24 23:36 CTQuiz

drwxrwxr-x 6 stevee www-data 4096 Nov 24 23:40 DebianAdmin

These permissions allow network access to the site.

To be sure WP can update plugins and Themes if 775/644 doesn't allow them to change the updates/plugins folders in wp-content:

sudo find /var/www/*/wp-* -type d -exec chmod 777 -R {} ;

If this was a production site it would have to be changed back to 755/644 afterward if necessary. My web host sites don't have to be changed from default permissions 755/644, but home sites do.

MYSQL Setup 

Before I import the different site's SQL database files, they need to have all references to the old site name - localhost - changed to the new server's name - localhost (IMPORTANTLY in this case - as I found out after doing all this Post).

Also importantly, is to use the full http://localhost line in the database so legitimate use of the word localhost isn't changed to localhost in normal text etc - but only for the web links!

Note the forward slashes (/) have to be escaped with a backslash in Linux () and because this site will be upgraded to HTTPS later, I'll keep the current file's HTTPS links intact.

I use SED for this as it is fast and effective - if unforgiving of errors - like most old Linux commands so be SURE you have the correct strings to search and replace before you run it!!

sed -i 's/http://localhost/http://localhost/g' DebianAdmin.SQL

sed -i 's/http://localhost/http://localhost/g' ElectronicsStuff.sql

Now I can access MYSQL, create and import the WP databases, hopefully:

stevee@laptop:/var/www$ sudo service mysql start

* Starting MySQL database server mysqld su: warning: cannot change directory to /nonexistent: No such file or directory.

Hmm, dunno what that means? Research later...

stevee@laptop:/var/www$ sudo mysql -u root -p

Enter password:

Welcome to the MySQL monitor. Commands end with; or g.

Your MySQL connection id is 10

Server version: 8.0.31-0ubuntu0.20.04.1 (Ubuntu)

Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.

mysql> show databases ;

+——————————+

| Database |

+——————————+

| information_schema |

| mysql |

| performance_schema |

| sys |

+——————————+

4 rows in set (0.02 sec)

mysql> create database DebianAdmin ;

Query OK, 1 row affected (0.02 sec)

mysql> create database ElectronicsStuff ;

Query OK, 1 row affected (0.00 sec)

mysql> show databases ;

+——————————+

| Database |

+——————————+

| DebianAdmin |

| ElectronicsStuff |

| information_schema |

| mysql |

| performance_schema |

| sys |

+——————————+

6 rows in set (0.00 sec)

mysql> use DebianAdmin ;

Database changed

mysql> source /var/www/DebianAdmin.SQL ;

mysql> use ElectronicsStuff ;

mysql> source /var/www/ElectronicsStuff.sql ;

mysql> show databases ;

+——————————+

| Database |

+——————————+

| DebianAdmin |

| ElectronicsStuff |

| information_schema |

| mysql |

| performance_schema |

| sys |

+——————————+

6 rows in set (0.00 sec)

I have to allow access to these Dbs for my local user with my password:

mysql> 

CREATE USER 'stevee'@'%' IDENTIFIED BY 'pword';

OR:

CREATE USER 'stevee'@'localhost' IDENTIFIED BY 'pword';

DROP USER 'wronguser'@'%';

GRANT ALL on *.* TO 'stevee'@'localhost' ;

mysql> SHOW GRANTS FOR 'stevee'@'localhost';

+————————————————————————————————————————————————————————————————+

| Grants for stevee@localhost

|

+————————————————————————————————————————————————————————————————+

| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, REFERENCES, ALTER ON *.* TO `stevee`@`localhost` WITH GRANT OPTION |

+————————————————————————————————————————————————————————————————+

1 row in set (0.00 sec)

The principal user name given access here is the name that goes into wp-config.php file for that database name.

sudo vi DebianAdmin/wp-config.php

// ** MySQL settings - You can get this info from your web host ** //

/** The name of the database for WordPress */

define('DB_NAME', 'DebianAdmin');

/** MySQL database username */

define('DB_USER', 'stevee');

/** MySQL database password */

define('DB_PASSWORD', 'xxx');

/** MySQL hostname */

define('DB_HOST', 'localhost');

Now check out and test user stevee can access MYSQL:

mysql> exit

Bye

stevee@laptop:/var/www$ sudo mysql -u stevee -p

password for stevee:

Enter password:

Welcome to the MySQL monitor. Commands end with ; or g

Restart MYSQL:

stevee@laptop:/var/www$ sudo service mysql restart

* Stopping MySQL database server mysqld

* Starting MySQL database server mysqld su: warning: cannot change directory to /nonexistent: No such file or directory

For issue:

su: warning: cannot change directory to /nonexistent: No such file or directory

I'd like to verify this is the problem. Here's the line from my /etc/passwd with the /nonexistent directory name: mysql:x:112:119:MySQL Server,,,:/nonexistent:/bin/false

FIX - give mysql a valid directory, not /nonexistent:

sudo service mysql stop

sudo usermod -d /var/lib/mysql/ mysql

sudo service mysql start

Now, mysql has a valid directory as seen in:

stevee@laptop:/var/www$ grep—color mysql /etc/passwd

mysql:x:113:120:MySQL Server,,,:/var/lib/mysql/:/bin/false

To Export DBs:

stevee@laptop:/var/www$ sudo mysqldump -vu root -p DebianAdmin > /var/www/DA.sql

Check all required web services are running:

nmap localhost

Not shown: 998 closed ports

PORT STATE SERVICE

80/tcp open http

3306/tcp open mysql

Now input:

localhost/

into your browser page to see your index.html Landing Page if you have one - it works:

BUT! Access to the WP sites is not working - and notice it tried the PC name, not localhost:

FOR net access from PCs, edit 127.0.0.1 bind addr :

sudo vi /etc/mysql/mysql.conf.d/mysqld.cnf

Let's see what nmap says:

stevee@laptop:/var/www$ nmap localhost

Starting Nmap 7.80 ( http://nmap.org ) at 2022-11-25 13:20 GMT

Nmap scan report for localhost (127.0.0.1)

Host is up (0.000022s latency).

Not shown: 998 closed ports

PORT STATE SERVICE

80/tcp open http

3306/tcp open mysql

OK, so the services are running for localhost but only http for server name laptop:

stevee@laptop:/var/www$ nmap laptop

Starting Nmap 7.80 ( http://nmap.org ) at 2022-11-25 13:23 GMT

Nmap scan report for laptop (127.0.1.1)

Host is up (0.000026s latency).

rDNS record for 127.0.1.1: laptop.localdomain

Not shown: 999 closed ports

PORT STATE SERVICE

80/tcp open http

3306/tcp open mysql

That means I should have access to the WP AND Apache sites:

My Electronics site is partly showing so that's a WP config issue mostly, but DebianAdmin is not showing at all as it is redirecting from localhost to laptop- but still a WP config or Apache HTTPS re-direct issue, probably from the old Linux laptop Apache file settings:

I can also get local access via IP address: http://172.31.108.16/ElectronicsStuff/

You can use Better Search Replace plugin to change any errant non http links that may affect things like YouTube vids not showing:

I DONT have remote PC access though either by browser address name /laptop or IP address so I cannot login as its link is via PC name.

Let's look at some network issues like firewall access to the network connections. This laptop only has a wifi card but no ethernet port.

In WSL Ubuntu, unlike Mint, ifconfig does not work until net-tools is installed:

sudo apt install net-tools

ifconfig

eth0: flags=4163 mtu 1500

inet 172.31.104.71 netmask 255.255.240.0 broadcast 172.31.111.255

What weird IP addresses are these?? My router DHCP is set to 192.168.1.x addresses?

Ok, some independent /20 WSL network? Using a net calc, as my Networking skills are way overdue for a recap...like by 12 years..lol

Netmask

255.255.240.0 = 20

Network

172.31.96.0/20

Broadcast

172.31.111.255

First IP

172.31.96.1

Last IP

172.31.111.254

Hosts/Net

4094

I only have wifi on this laptop too and WSL saysits eth0?!

That's because WSL runs on a VM with a virtual network adaptor, so the name doesn't matter -its just an IP gateway.

My Win11 netcard is 192.168.1.16. Is there some WSL aliasing going on here to share the wifi adaptor? What does nmap make of it all? Interestingly, neither IP addresses show mysql port 3306 so STILL will not be able to connect to my WP/MYSQL websites:

stevee@laptop:/var/www$ nmap 172.31.104.71

Starting Nmap 7.80 ( http://nmap.org ) at 2022-11-25 01:16 GMT

Nmap scan report for 172.31.104.71

Host is up (0.000065s latency).

Not shown: 999 closed ports

PORT STATE SERVICE

80/tcp open http

stevee@laptop:/var/www$ nmap 192.168.1.16 -Pn

Starting Nmap 7.80 ( http://nmap.org ) at 2022-11-25 01:29 GMT

Nmap scan report for laptop (192.168.1.16)

Host is up (0.00044s latency).

Not shown: 996 filtered ports

PORT STATE SERVICE

135/tcp open msrpc

139/tcp open netbios-ssn

445/tcp open microsoft-ds

5357/tcp open wsdapi

I will need to let mysql out of the firewall at least maybe? Been a long time since I've done that shit in Windows...hmm..just for fun, let's turn it off the firewall first as the easiest thing to see what connects or not then..

No change for nmap on:

stevee@laptop:/var/www$ nmap 172.31.108.16 -Pn

Starting Nmap 7.80 ( http://nmap.org ) at 2022-11-25 13:43 GMT

Nmap scan report for 172.31.108.16

Host is up (0.000025s latency).

Not shown: 999 closed ports

PORT STATE SERVICE

80/tcp open http

The Win11 wifi IP is:

Windows key + I to open the Settings menu.

Or, in cmd:

stevee@laptop:/var/www$ nmap 192.168.1.16 -Pn

Starting Nmap 7.80 ( http://nmap.org ) at 2022-11-25 13:46 GMT

Nmap scan report for laptop (192.168.1.16)

Host is up (0.00038s latency).

Not shown: 996 closed ports

PORT STATE SERVICE

135/tcp open msrpc

139/tcp open netbios-ssn

445/tcp open microsoft-ds

5357/tcp open wsdapi

So, no external access to WSL via the local network at all on ports 80 or 3306...so I need to research how WSL works with the Win11 network, as even after opening up port 80 inbound/outbound in the Firewall:

I did ports for both In and OUT Rules:

There is also the UFW firewall on Ubuntu, so disable that too:

sudo ufw disable

Firewall stopped and disabled on system startup

This still doesn't allow any different access than before:

stevee@laptop:/var/www$ nmap 192.168.1.16 -Pn

Starting Nmap 7.80 ( http://nmap.org ) at 2022-11-25 13:57 GMT

Nmap scan report for laptop (192.168.1.16)

Host is up (0.00059s latency).

Not shown: 996 filtered ports

PORT STATE SERVICE

135/tcp open msrpc

139/tcp open netbios-ssn

445/tcp open microsoft-ds

5357/tcp open wsdapi

Research time...ho hum - nothing is or was ever simple in Windows networking...

For now I'll continue with the SSL and upgrading the PHP version as this site was running on PHP8.0 on the Linux laptop as that may clear up the local re-direct and HTTPS link issues inside the WP site docs.

The PPA is maintained by Ondrej Surý, a Debian developer who has been packaging PHP for Debian since PHP 5.

stevee@laptop:/var/www$ php -v

PHP 7.4.3 (cli) (built: Nov 2 2022 09:53:44) ( NTS )

Copyright (c) The PHP Group

Zend Engine v3.4.0, Copyright (c) Zend Technologies

with Zend OPcache v7.4.3, Copyright (c), by Zend Technologies

sudo apt-add-repository ppa:ondrej/php

sudo apt update && sudo apt upgrade

sudo apt install php8.0

sudo apt autoremove

Ah, I see it just goes to ver8.1 not 8.0.

stevee@laptop:/var/www$ php -v

PHP 8.1.12 (cli) (built: Oct 28 2022 17:39:37) (NTS)

Copyright (c) The PHP Group

Zend Engine v4.1.12, Copyright (c) Zend Technologies

with Zend OPcache v8.1.12, Copyright (c), by Zend Technologies

stevee@laptop:/var/www$ sudo a2dismod php7.4

Module php7.4 disabled.

stevee@laptop:/var/www$ sudo a2enmod php8.0

Enabling module php8.0.

To activate the new configuration, you need to run:

sudo service apache2 restart

To see WP errors, set DEBUG true in wp-config.php:

define('WP_DEBUG', true);

The bloody Chrome caching fucks up testing SO much!! In Incognito mode, BOTH sites are suffering from the same missing extension issue! Damn.., going backwards here.

The php-mysql extension WAS installed earlier, so I don't know whyits complaining..? But it IS missing mysqli.ini here.

Compare the PHP details of old and new sites in the browser - you can see mysqli.ini is missing from this new install in phpinfo.php:

http://localhost/phpinfo.php; http://localhost/phpinfo.php

To create a phpinfo file, in your root Apache2 html directory (/var/www/ in my case) create an empty file:

vi phpinfo.php 

and type or copy into it:

phpinfo();

?>

If you TAB the command:

sudo apt install php-

you will see all the php extensions available for install. Not that it helps ATM, but handy to know when the WP Site Health complains you have extension like GD missing, so you can search for them with this command and install what's missing e.g:

sudo apt install php-gd

Ah! I was trying to remember the extension command because I used it last week, butits specific to the PHP version!its

sudo apt-get install php8.0-mysql

Has it helped? No.

But if you get Site Health complaints like:

You can add these missing extensions by using the php version based command of php-mysqlXX and Tabbing to complete the extension options - especially if marked Critical with a red X, as it may be why your site isn't fully functional:

You may have to restart Apache to remove the extension warning after install, as Shift-F5 cache refresh did not work to re-read the database state.

The 8.1 version is already installed - so what version IS running exactly?

stevee@laptop:/var/www$ php -v

PHP 8.1.12 (cli) (built: Oct 28 2022 17:39:37) (NTS)

Copyright (c) The PHP Group

Zend Engine v4.1.12, Copyright (c) Zend Technologies

with Zend OPcache v8.1.12, Copyright (c), by Zend Technologies

Ok, let's downgrade to 8.0 as that was what the WP site was running fine on before export using this Post:

http://localhost/DebianAdmin/downgrading-php-versions/

Install the required dependencies.

sudo apt install software-properties-common ca-certificates lsb-release apt-transport-http

Add the required PPA

sudo add-apt-repository ppa:ondrej/php

Update the Apt package manager

sudo apt update

Install PHP 8.0 and all the PHP modules for Drupal 9.

sudo apt install php8.0

sudo apt install php8.0-mysql php8.0-mbstring php8.0-xml php8.0-curl php8.0-gd

Switch PHP versions and enable PHP 8.0

Set 8.09 as the default PHP version for CLI and Apache.

Command Line PHP:

sudo update-alternatives—config php

Select php8.0 from the list with the available options:

There are 2 choices for the alternative php (providing /usr/bin/php).

Selection Path Priority Status

——————————————————————————————

0 /usr/bin/php8.1 81 auto mode

* 1 /usr/bin/php8.0 80 manual mode

2 /usr/bin/php8.1 81 manual mode

Press to keep the current choice, or type selection number:

Disable PHP 8.1

sudo a2dismod php8.1

sudo service apache2 restart

Enable PHP 8.0

sudo a2enmod php8.0

sudo service apache2 restart

Verify PHP Version

php -v

PHP 8.0.18 (cli) (built: May 1 2022 04:42:09) ( NTS )

Copyright (c) The PHP Group

Zend Engine v4.0.18, Copyright (c) Zend Technologies

with Zend OPcache v8.0.18, Copyright (c), by Zend Technologies

For verifying the PHP version Apache uses, specify the configururation .ini file.

php -c /etc/php/apache2/php.ini -v

Yes! Now there is WP site access:

ElectronicsStuff still not displaying properly but that IS a WP config issue:

Also, the errant extension now shows in phpinfo.php:

I'll move on to the network stuff.

I need better name resolution to see other PCs on the net from this WSL install if possible, as I can't ping localhost PC by name - see if this old Linux/Win net name method works? - add wins to:

sudo vi /etc/nsswitch.conf

hosts: wins files dns

sudo winbindd

Also add the PC name to the hosts file to see if that helps name resolution - though I think the WSL IP changes periodically or at each session?:

127.0.0.1 localhost laptop

127.0.1.1 laptop.localdomain laptop

192.168.1.16 laptop

192.168.1.11 localhost

172.31.108.16 laptop

stevee@laptop:/var/www$ nmap localhost

Starting Nmap 7.80 ( http://nmap.org ) at 2022-11-25 17:31 GMT

Nmap scan report for localhost (192.168.1.11)

Host is up (0.89s latency).

Not shown: 993 closed ports

PORT STATE SERVICE

21/tcp open ftp

22/tcp open ssh

80/tcp open http

139/tcp open netbios-ssn

443/tcp open http

445/tcp open microsoft-ds

3306/tcp open mysql

OK, some name resolution is working now.

Hmmm, doesn't find other Win PCs on the whole local net by name or IP - but now it has seen the router and my Linux PC which have open SSL ports 443 for HTTPS.

stevee@laptop:/var/www$ nmap 192.168.1.0/24

Starting Nmap 7.80 ( http://nmap.org ) at 2022-11-25 16:41 GMT

Nmap scan report for 192.168.1.1

Host is up (0.0027s latency).

Not shown: 994 filtered ports

PORT STATE SERVICE

21/tcp open ftp

22/tcp open ssh

23/tcp open telnet

80/tcp open http

443/tcp open http

445/tcp open microsoft-ds

Nmap scan report for 192.168.1.11

Host is up (0.0020s latency).

Not shown: 993 closed ports

PORT STATE SERVICE

21/tcp open ftp

22/tcp open ssh

80/tcp open http

139/tcp open netbios-ssn

443/tcp open http

445/tcp open microsoft-ds

3306/tcp open mysql

Nmap done: 256 IP addresses (2 hosts up) scanned in 8.02 seconds

As these .sql files came from an SSL secure PC, I'll press on with self-signed Certs from this Post here:

http://localhost/DebianAdmin/ssl-on-ubuntu-apache2-creating-self-signed-certificates-checking-ssl-traffic-with-tcpdump-and-wireshark/

Step 1: This step before amending /etc/apache2/sites-available/default-ssl.conf:

stevee@laptop:/var/www$ sudo a2enmod ssl

sudo: unable to resolve host laptop: System error

Considering dependency setenvif for ssl:

Module setenvif already enabled

Considering dependency mime for ssl:

Module mime already enabled

Considering dependency socache_shmcb for ssl:

Enabling module socache_shmcb.

Enabling module ssl.

See /usr/share/doc/apache2/README.Debian.gz on how to configure SSL and create self-signed certificates.

To activate the new configuration, you need to run:

service apache2 restart

Step 2 – Creating the SSL Certificate - you can insert junk text inhere except for the server name, asits not a real cert, or checked by a cert auth:

stevee@laptop:/var/www$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt

sudo: unable to resolve host laptop: System error

Generating a RSA private key

........................................+++++

............................+++++

writing new private key to '/etc/ssl/private/apache-selfsigned.key'

——-

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

——-

Country Name (2 letter code) :UK

State or Province Name (full name) :sdf

Locality Name (eg, city) []:sdf

Organization Name (eg, company) :sdf

Organizational Unit Name (eg, section) []:sdf

Common Name (e.g. server FQDN or YOUR name) []:laptop

Email Address []:asdf@sdf

ls /etc/ssl/certs/apache-selfsigned.crt -l

-rw-r—r—1 root root 1359 Nov 25 19:21 /etc/ssl/certs/apache-selfsigned.crt

Step 3 – Configuring Apache to Use SSL - create a local server named conf file:

cd /etc/apache2/sites-available

stevee@laptop:/etc/apache2/sites-available$ ls

000-default.conf default-ssl.conf

Make an empty conf file for your new SSL site with your server name:

stevee@localhost:/etc/apache2/sites-available$ sudo touch laptop.conf

stevee@laptop:/etc/apache2/sites-available$ ls

000-default.conf laptop.conf default-ssl.conf

stevee@laptop:/etc/apache2/sites-available$ sudo a2ensite

sudo: unable to resolve host laptop: System error

Your choices are: 000-default default-ssl laptop

Which site(s) do you want to enable (wildcards ok)?

laptop

Enabling site laptop.

To activate the new configuration, you need to run:

sudo service apache2 reload

Add the following red settings to your empty site file to suit your site and folders where you created the certificates :

sudo vi /etc/apache2/sites-available/laptop.conf

ServerAdmin webmaster@localhost

ServerName laptop

DocumentRoot /var/www

SSLEngine on

SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt

SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key

stevee@laptop:/etc/apache2/sites-available$ sudo apache2ctl configtest

sudo: unable to resolve host laptop: System error

Syntax OK

Step 4 — Redirecting HTTP to HTTPS

sudo vi /etc/apache2/sites-enabled/000-default.conf

ServerAdmin webmaster@localhost

ServerName localhost

DocumentRoot /var/www

Redirect / http://localhost/

Alias DebianAdmin /var/www/DebianAdmin

Alias ElectronicsStuff /var/www/ElectronicsStuff

stevee@laptop:/etc/apache2/sites-available$ sudo service apache2 start

sudo: unable to resolve host laptop: System error

* Starting Apache httpd web server apache2

The change to the hosts file now resolves for nmap:

stevee@laptop:/etc/apache2/sites-available$ nmap localhost

Starting Nmap 7.80 ( http://nmap.org ) at 2022-11-25 20:06 GMT

Nmap scan report for localhost (127.0.0.1)

Host is up (0.000026s latency).

Not shown: 995 closed ports

PORT STATE SERVICE

80/tcp open http

139/tcp open netbios-ssn

443/tcp open http

445/tcp open microsoft-ds

3306/tcp open mysql

In principle the WP sites should be accessible via SSL if not for the WP Extension problem.

For now - that's as good as it gets until I've researched how to resolve the sudo: unable to resolve host laptop: System error and allow net access to WSL from my local net - whetherits config or firewall or just typical of Windows to NOT allow full functionality of Linux without MANY hoops to junp - especially asits hosted on their terms. Nothing is ever straight forward!

Found this - I also unblocked the inbound connections too:

How do I allow WSL through my firewall?

This way you will allow connections from WSL while still having the firewall protect your computer from external threats.

Go to Firewall Settings and click on Advanced Settings.

Click Windows Defender Firewall Properties.

Select Public Profile tab.

Click Customize Protected network connections.

Unclick vEthernet (WSL)

After a reboot I have name resolution for host laptop and all required WP site services showing:

stevee@laptop:/var/www$ nmap laptop

Starting Nmap 7.80 ( http://nmap.org ) at 2022-11-25 22:37 GMT

Nmap scan report for laptop (127.0.1.1)

Host is up (0.000032s latency).

rDNS record for 127.0.1.1: laptop.localdomain

Not shown: 997 closed ports

PORT STATE SERVICE

80/tcp open http

443/tcp open http

3306/tcp open mysql

So that hasn't worked for local net access, but this laptop only has wifi so I'll unclick wifi also on the Public Profile - this was all reset after the reboot anyway! I decided to unclick Public, Private and Domain profiles for wifi and WSL. Can I connect from a net PC now??? No! Getting fucked off with the Windows bullshit factor now...

A static IP will have to be assigned to the WSL virtual netcard to stop the change every reboot:

Assign a new IP address to the virtual NIC in WSL2

Assign the virtual ethernet NIC an additional IP address 192.168.1.2:

sudo ip addr add 192.168.1.2/24 broadcast 192.168.2.255 dev eth0 label eth0:1

To remove in the future:

sudo ip addr del 192.168.1.201/24 dev eth0:1

stevee@laptop:/var/www$ ifconfig

eth0: flags=4163 mtu 1500

inet 172.31.105.158 netmask 255.255.240.0 broadcast 172.31.111.255nma

inet6 fe80::215:5dff:fe35:4e75 prefixlen 64 scopeid 0x20

ether 00:15:5d:35:4e:75 txqueuelen 1000 (Ethernet)

RX packets 1676 bytes 1452320 (1.4 MB)

RX errors 0 dropped 0 overruns 0 frame 0

TX packets 1033 bytes 118230 (118.2 KB)

TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

eth0:1: flags=4163 mtu 1500

inet 192.168.1.2 netmask 255.255.255.0 broadcast 192.168.2.255

ether 00:15:5d:35:4e:75 txqueuelen 1000 (Ethernet)

This shows the required services for WP also:

stevee@laptop:/var/www$ nmap 192.168.1.2

Starting Nmap 7.80 ( http://nmap.org ) at 2022-11-25 22:59 GMT

Nmap scan report for 192.168.1.2

Host is up (0.000029s latency).

Not shown: 997 closed ports

PORT STATE SERVICE

80/tcp open http

443/tcp open http

3306/tcp open mysql

Still can't get past Windows pissing firewall though! Arseholes!! At least WSL ufw has stayed disabled:

stevee@laptop:/var/www$ sudo ufw status

Status: inactive

On reboot the /etc/hosts file is regenerated - it says:

# This file was automatically generated by WSL. To stop automatic generation of this file, add the following entry to /etc/wsl.conf:

#

# generateHosts = false

127.0.0.1 localhost

127.0.1.1 laptop.localdomain laptop

So, I added:

sudo vi /etc/wsl.conf

#

# generateHosts = false

127.0.0.1 localhost

127.0.1.1 laptop.localdomain laptop

192.168.1.2 laptop

STILL cannot access sites at 192.168.1.2...

Set up Windows firewall allow rule (once only)

The vEthernet (WSL) network device uses the Public Windows network profile, where all traffic is blocked by default. We need to allow traffic from the new 192.168.1.0/24 subnet to access the host Windows machine from WSL2.

Open Windows Defender Firewall with Advanced Security

In Inbound rules, add a new Inbound Rule

Select Custom Rule

Select All programs

Select Any Protocol Type

Scope to remote IP addresses 192.168.1.0/24

Select Allow the connection

Select only Public for the rule to apply

Name WSL2 or similar

In Inbound rules, remove any existing block rules for applications that WSL2 needs to access, as these will take precedence over the allow rule. These are usually created by Windows when you first run an application (the UAC modal warning asking you about firewall rules sets these up).

And people wonder why I would NEVER go back into Networking! Still doesn't work - everything that Windows does and always did, is always SO unnecessarily complicated and time-wasting. The summary so far is: You cannot easily get your WSL to act as a local network server except for localhost for MANY complex reasons - bridging (stops wsl access to internet so updates), firewall rules (WSL IP/port settings get changed on reboot), local dchp server cannot set up an IP different to the Win PC mac address..etc...etc...

Can't be fkin bothered with the bullshit..got better things to do - as historically usual for most things Windows ever did...but credit where it is due - Win11 is a nice OS - unlike 8-10 shit.

SSL on Ubuntu Apache2 – Creating Self Signed Certificates, Checking SSL Traffic with TCPDUMP and Wireshark

Programmers need to write their web apps for secure server hosting practically universally now, so you should also be writing them in VS Code/other IDE with a Live Server set up for SSL as in the last Post, but if you also write at home and host on a local apache2 server or similar, it should also be using SSL too so you know your creation works on SSL(TLS)/HTTPS/port 443 platforms, rather than be surprised when first loaded to a secure web host...

Is my SSL connection encrypted if the locally created certificate isn't trusted?

Yes - you can see the pink packet in Wireshark on port 443 - so how do you install a certificate on Linux Apache2? Read on..:

SSL consists of two major parts:

the encryption of the data

the validation that you are actually talking to the expected server

If you get the warning about an untrusted certificate than the encryption will still work, but you cannot be sure that you are talking to the expected server. This means a man-in-the-middle attack might be possible where an active attacker will decrypt, sniff, and re-encrypt the traffic. That is instead of this:

Browser <————-—encrypted———————————-> Bank

you get this:

Browser <—encrypted—> Attacker <-—encrypted——> Bank

In this case, the attacker can sniff all data (passwords etc) and even modify the data and the client will not notice it. The connections are still encrypted, but not end-to-end (browser-to-server) but browser-to-attacker and again attacker-to-server.

Usually, you should not override the warning by the browser because chances are high that there is a man-in-the-middle attack going on. Only in the case where you know that the certificate is the expected one (verify the fingerprint, not just the subject of the certificate) you can override the warning.

Note that there are cases of legal man-in-the-middle attacks, i.e. SSL interception done by antivirus proxies or by middleboxes (firewalls) so that these can analyse the encrypted traffic. In this case, your computer is either automatically configured to trust these certificates or you need to explicitly import the proxy-CA which signed the new certificates. If you are having such kind of problem while using your computer inside the company please ask the network administrator how you should proceed and don't simply accept the certificates.

Step 1: This step before amending /etc/apache2/sites-available/default-ssl.conf:

sudo a2enmod ssl

Step 2 – Creating the SSL Certificate

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt

Common Name (eg, your name or your server's hostname) []:localhost

ls /etc/ssl/certs/apache-selfsigned.crt

/etc/ssl/certs/apache-selfsigned.crt

Step 3 – Configuring Apache to Use SSL - create a local server named conf file:

cd /etc/apache2/sites-available

stevee@localhost:/etc/apache2/sites-available$ ls

000-default.conf default-ssl

make a conf file for your new SSL site for your server name:

stevee@localhost:/etc/apache2/sites-available$ sudo touch localhost.conf

stevee@localhost:/etc/apache2/sites-available$ ls

000-default.conf localhost.conf default-ssl

stevee@localhost:/var/www$ sudo a2ensite

Your choices are: 000-default localhost default-ssl

Which site(s) do you want to enable (wildcards ok)?

localhost

Enabling site localhost.

To activate the new configuration, you need to run:

systemctl reload apache2

Add the following red settings to your empty site file to suit your site and folders where you created the certificates :

sudo vi /etc/apache2/sites-available/localhost.conf

ServerAdmin webmaster@localhost

ServerName localhost

DocumentRoot /var/www

SSLEngine on

SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt

SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key

sudo apache2ctl configtest

Syntax OK

sudo systemctl reload apache2

Step 4 — Redirecting HTTP to HTTPS

sudo vi /etc/apache2/sites-enabled/000-default.conf

#ServerName www.example.com

ServerName localhost

DocumentRoot /var/www

Redirect / http://localhost/

Save the file in vim with

:wq

sudo apachectl configtest

Syntax OK

sudo systemctl reload apache2

Now you can browse to your home site and change the address bar prefix to http:// OR hit Shift-F5 to make your page cache refresh to get the new SSL site.

As the certificate is self-signed and so unverified, the browser will complain:

Continue on and you will get to your site but with the HTTPS struck through - but as seen in Wireshark - the traffic IS still encrypted on port 443 using TLS:

To capture and read the packets using tcpdump and wireshark:

sudo apt install wireshark tcpdump

tcpdump can only write to files of particular suffix - a dump.txt file for example will give a Permission Denied.

dump.pcap works fine.

Capture a small file of SSL traffic by being ready to click to your non HTTPS site once you start tcpdump running - stop the capture with Ctrl-C - as this checks that the re-direct from http port 80 to SSL port 443 works AND the site traffic captured is encrypted:

sudo tcpdump -i ens5 -w dump.pcap

Now you can read it back on the local server where Wireshark is installed to give the screen view at the start of the Post - it needs an xserver, so you cannot see output over remote SSH without further tech wizardry to run a GUI app over SSH:

ssh -X stevee@192.168.1.11

once logged in, cd to the dumpfile folder on the Apache server, and you see Transport Layer Security version 1.3 used for the encryption:

wireshark -r dump.pcap

VS Code Live Server SSL Settings

First you need to set up an SSL certificate for your VS code PC to mimic a Cert Authority locally, so on my Win11 laptop I have installed WSL Ubuntu so openssl can be run to use Linux commands for the following cert setup. It doesn't matter what nonsense values you put in the certificate fields, as it's not a real certificate - except for the pass phrase you use that openssl will generate the encrypted keys.

WSL for windows can be installed from Powershell if you prefer Linux.

I have opened a WSL terminal in VS Code in my Source Control projects folder. I will create the cert files/keys here also.

If you are not Linux comfortable then DL openssl for windows from the web and learn how to use it that way...can't help you there right now.

step 1: Install openssl/create public key:

stevee@laptop:/mnt/c/MyShare/SourceControl$ sudo apt install openssl

1. create a private key

openssl genrsa -aes256 -out localhost.key 2048

// you will be prompted to provide a password

//this will create localhost.key (call it whatever you like)

Enter PEM pass