Getting an SSL certificate for your web server has traditionally been a something of an effort. You need to correctly generate a weird thing called a certificate signing request (CSR), submit it to the web page of your chosen Certificate Authority (CA), wait for them to sign and generate a certificate, work out where to put the certificate to configure it for your web server—making sure you also configure any required intermediate CA certificates—and then restart the web server. If you got all that right, you then need to enter a calendar entry so you’ll remember to go through the process again in (say) a year’s time. Even some of the biggest names in IT can mess up this process.
With new CAs like Let’s Encrypt, along with some supporting software, the rigmarole around SSL certificates becomes a thing of the past. The technology behind this revolution is Automatic Certificate Management Environment (ACME), a new IETF standard (RFC 8555) client/server protocol which allows TLS certificates to be automatically obtained, deployed, and renewed. In this protocol, an “agent” running on the server that needs an SSL certificate will talk to to the CA’s ACME server over HTTP.
A popular method for using ACME on your Red Hat Enterprise Linux 7 server is certbot. Certbot is a standalone ACME agent that is configured out-of-the-box to work with Let’s Encrypt and can work with Apache httpd, Nginx, and a wide variety of other web (and non-web!) servers. The certbot authors have an excellent guide describing how to set up certbot with httpd on RHEL7.
In this tutorial, I’ll show an alternative method—the mod_md module—which is an ACME agent implemented as a module for Apache httpd, tightly integrated with mod_ssl, and is supported today in Red Hat Enterprise Linux 7. The mod_md module was implemented by Stefan Eissing—a prolific developer who also added HTTP/2 support to httpd—and contributed to the Apache Software Foundation, becoming a standard part of any new installation since httpd version 2.4.30.
Continue reading “Using Let’s Encrypt with Apache httpd on Red Hat Enterprise Linux 7”
Red Hat Software Collections supplies the latest, stable versions of development tools and components for Red Hat Enterprise Linux via two release trains per year. As part of the Red Hat Software Collections 3.3 release, we are pleased to announce that MariaDB 10.3 is now available for Red Hat Enterprise Linux 7.
Continue reading “MariaDB 10.3 now available on Red Hat Enterprise Linux 7”
Red Hat Software Collections supply the latest, stable versions of development tools for Red Hat Enterprise Linux via two release trains per year. As part of the latest Software Collections 3.3 release, we are pleased to announce that Redis 5 is now generally available and supported on RHEL 7.
Continue reading “Redis 5 now available on Red Hat Enterprise Linux 7”
Red Hat Software Collections supply the latest, stable versions of development tools for Red Hat Enterprise Linux via two release trains per year. As part of the latest Software Collections 3.3 release, we are pleased to share that Ruby 2.6 is now generally available and supported on Red Hat Enterprise Linux 7.
Continue reading “Ruby 2.6 now available on Red Hat Enterprise Linux 7”
If you’re like me—a developer who works with customers who rely on the tried-and-true Red Hat Enterprise Linux (RHEL), works with containerized applications, and also prefers to work with Fedora Linux as their desktop operating system—you’re excited by the announcement of the Universal Base Images (UBI). This article shows how UBI actually works, by building the container image for a simple PHP application.
With UBI, you can build and redistribute container images based on Red Hat Enterprise Linux without requiring a Red Hat subscription. Users of UBI-based container images do not need Red Hat subscriptions. No more extra work creating CentOS-based container images for your community projects or for your customers that prefer self-support.
I tested all these steps on my personal Fedora 29 system, and they should work on any Linux distribution. I am also a big fan of the new container tools such as Podman, which should be available to your favorite Linux distribution. If you are working on a Windows or MacOS system, you can replace the Podman commands with Docker.
Continue reading “Working with Red Hat Enterprise Linux Universal Base Images (UBI)”
Red Hat Software Collections supply the latest, stable versions of development tools for Red Hat Enterprise Linux via two release trains per year. We are pleased to introduce three new and two updated components in this release, Red Hat Software Collections 3.3 Beta.
The new components are:
- Ruby 2.6
- MariaDB 10.3 featuring a new MariaDB Connector for Java
- Redis 5.0
The updated items include:
- Two updates to Apache httpd
- One update to HAProxy
See below for component details.
Continue reading “Red Hat Software Collections 3.3 Beta: New and updated components”
Application developers continue to need newer versions of libraries, including core runtimes like GNU C Library (glibc), for their applications. In this article, I’ll look at some issues related to upgrading glibc in an operating system (OS) distribution, and I also encourage you to read Florian Weimer’s excellent blog post on the topic.
Deciding between a library rebase or continued backporting of commits involves a complex set of risks and rewards. For some customers and users, it is important not to rebase the library (ensuring the lowest risk of impact by change); but for others, the rebase brings valuable bug fixes (lowest risk of impact from known issues). In other cases, the newer library may perform better, even if the interfaces haven’t changed, because it can take advantage of newer hardware or a newer Linux kernel (performance advantage to first mover).
There is no way to simultaneously satisfy all the requirements of slow-moving versus fast-moving development. The recent work in Fedora Modularity is aimed at solving the root of this problem, but there is a limit to this work. The further down the stack you go, the harder the problem becomes. The potential for breakage further up the stack increases. You can’t always arbitrarily change a component’s installed version without consequences, either at build time or at runtime.
Continue reading “A platform interface for the GNU C Library”
JDK Mission Control is now the newest member of the Red Hat Software Collections (RHSCL). JDK Mission Control is a powerful profiler for HotSpot Java virtual machines (JVMs) and has an advanced set of tools that enable efficient and detailed analysis of the extensive data collected by JDK Flight Recorder. The toolchain enables developers and administrators to collect and analyze data from Java applications running locally or deployed in production environments using OpenJDK 11.
In this article, I will go through a primary example of setting up JDK Mission Control. For Linux, JDK Mission Control is part of the RHSCL and, for Windows, it is available as part of the OpenJDK zip distribution on the Red Hat Customer Portal. For Linux, these instructions assume that Red Hat Build of OpenJDK 11 is already installed. I will show how to set up the system to install software from RHSCL, which provides the latest development technologies for Red Hat Enterprise Linux. Then, I will install the JDK Mission Control and run a simple sample application. The whole tutorial should take fewer than 10 minutes to complete.
Continue reading “Set up JDK Mission Control with Red Hat Build of OpenJDK”
“Fuzzing” an application is a great way to find bugs that may be missed by other testing methods. Fuzzers test programs by generating random string inputs and feeding them into an application. Any program that accepts arbitrary inputs from its users is a good candidate for fuzzing. This includes compilers, interpreters, web applications, JSON or YAML parsers, and many more types of programs.
libFuzzer is a library to assist with the fuzzing of applications and libraries. It is integrated into the Clang C compiler and can be enabled for your application with the addition of a compile flag and by adding a fuzzing target to your code. libFuzzer has been used successfully to find bugs in many programs, and in this article, I will show how you can integrate libFuzzer into your own applications.
Continue reading “Introduction to using libFuzzer with llvm-toolset”
There has been a lot of work to improve C/C++ compilers in recent years. A number of articles have been posted by Red Hat engineers working on the compilers themselves covering usability improvements, features to detect possible bugs, and security issues in your code.
Red Hat Enterprise Linux 8 Beta ships with GCC 8 as the default compiler. This article shows you how to install GCC 8 as well as Clang/LLVM 6 on Red Hat Enterprise Linux 7. You’ll be able to use the same updated (and supported) compilers from Red Hat on both RHEL 7 and 8.
If you want your default
gcc to always be GCC 8, or you want
clang to always be in your path, this article shows how to permanently enable a software collection by adding it to the profile (dot files) for your user account. A number of common questions about software collections are also answered.
Continue reading “How to install GCC 8 and Clang/LLVM 6 on Red Hat Enterprise Linux 7”