Getting an SSL certificate for your web server has traditionally been a something of an effort. You need to correctly generate a weird thing called a certificate signing request (CSR), submit it to the web page of your chosen Certificate Authority (CA), wait for them to sign and generate a certificate, work out where to put the certificate to configure it for your web server—making sure you also configure any required intermediate CA certificates—and then restart the web server. If you got all that right, you then need to enter a calendar entry so you’ll remember to go through the process again in (say) a year’s time. Even some of the biggest names in IT can mess up this process.
With new CAs like Let’s Encrypt, along with some supporting software, the rigmarole around SSL certificates becomes a thing of the past. The technology behind this revolution is Automatic Certificate Management Environment (ACME), a new IETF standard (RFC 8555) client/server protocol which allows TLS certificates to be automatically obtained, deployed, and renewed. In this protocol, an “agent” running on the server that needs an SSL certificate will talk to to the CA’s ACME server over HTTP.
A popular method for using ACME on your Red Hat Enterprise Linux 7 server is certbot. Certbot is a standalone ACME agent that is configured out-of-the-box to work with Let’s Encrypt and can work with Apache httpd, Nginx, and a wide variety of other web (and non-web!) servers. The certbot authors have an excellent guide describing how to set up certbot with httpd on RHEL7.
In this tutorial, I’ll show an alternative method—the mod_md module—which is an ACME agent implemented as a module for Apache httpd, tightly integrated with mod_ssl, and is supported today in Red Hat Enterprise Linux 7. The mod_md module was implemented by Stefan Eissing—a prolific developer who also added HTTP/2 support to httpd—and contributed to the Apache Software Foundation, becoming a standard part of any new installation since httpd version 2.4.30.
Continue reading “Using Let’s Encrypt with Apache httpd on Red Hat Enterprise Linux 7”
One of the new software collections we’ve introduced this fall is for Rust, the programming language that aims for memory and thread safety without compromising performance. Dangling pointers and data races are caught at compile time, while still optimizing to fast native code without a language runtime!
In rust-toolset-7, we’re including everything you need to start programming in Rust on Red Hat Enterprise Linux 7, in the familiar format of software collections. In this release, we’re shipping Rust 1.20 and its matching Cargo 0.21 – both as Tech Preview. (NOTE: The “-7” in our toolset name is to sync with the other collections now being released, devtoolset-7, go-toolset-7, and llvm-toolset-7.)
Continue reading “Getting started with rust-toolset”
One of the new software collections we’ve introduced this fall is for Go, the programming language that aims to make it easy to build simple, reliable, and efficient software. Go is a compiled, statically typed language in the C/C++ tradition with garbage collection, concurrent programming support, and memory safety features.
In go-toolset-7, we’re including everything you need to start programming in Go on Red Hat Enterprise Linux 7, in the familiar format of software collections. In this release, we’re shipping golang as a Tech Preview. (NOTE: The “-7” in our toolset name is to sync with the other collections now being released, devtoolset-7, rust-toolset-7, and llvm-toolset-7.)
Continue reading “Getting started with go-toolset”
You have been asked to create a LAMP stack, whether you’re thinking “Lamp stack, as in lights and bulbs” or “Ok let’s build a web server” this guide will help get you working quickly.
Continue reading “How to set up a LAMP stack on Red Hat Enterprise Linux 7”
Have you ever used a temporary directory? I’m guessing if you use a computer, you’ve used one of these. It’s a core feature of nearly every operating-system.
To ensure system stability, you should always check that filesystems on which a temporary directory resides don’t get full — running out of space can quickly bring your system to a grinding halt.
One method to prevent running out of space could be to place those directories on a dedicated partition, but no matter the solution, it is a best practice to clean those directories periodically, based on your/your app’s needs.
Continue reading “Managing temporary files with systemd-tmpfiles on Red Hat Enterprise Linux 7”
EfficiOS is pleased to announce it is now providing LTTng packages for Red Hat Enterprise Linux 7, available today as part of its Enterprise Packages portal.
EfficiOS specialises in the research and development of open source performance analysis tools. As part of its activities, EfficiOS develops the Linux Tracing Toolkit: next generation for which it provides enterprise support, training and consulting services.
What is tracing?
Tracing is a technique used to understand the behaviour of a software system. In this regard, it is not far removed from logging. However, tracers and loggers are designed to accommodate very different use cases.
Continue reading “LTTng Packages now Available for Red Hat Enterprise Linux 7”
A leap second is an adjustment that is once in a while applied to the Coordinated Universal Time (UTC) to keep it close to the mean solar time. The concept is similar to that of leap day, but instead of adding a 29th day to February to keep the calendar synchronized with Earth’s orbit around the Sun, an extra second 23:59:60 is added to the last day of June or December to keep the time of the day synchronized with the Earth’s rotation relative to the Sun. The mean solar day is about 2 milliseconds longer than 24 hours and in long term it’s getting longer as the Moon is constantly slowing down the Earth’s rotation.
UTC is based on the International Atomic Time (TAI) and it is currently 35 seconds behind TAI. The first leap second was inserted in 1972 and 25 seconds were inserted so far. The next one is scheduled for 30 June 2015, when the offset from TAI will increase to 36 seconds. Leap seconds are scheduled only about 6 months in advance.
Continue reading “Five different ways to handle leap seconds with NTP”
DNS is a distributed database that is capable of storing different types of data, not only IP addresses, in which the domain owner can publish various domain specific data. Yet, plain DNS does not offer any type of security measures. This means that DNS data in the response can be spoofed by anybody at any time.
This is where DNSSEC comes in. DNSSEC stands for DNS SECurity Extensions and brings the data authentication and data integrity check into the DNS world. The whole solution is based on asymmetric cryptography.
Continue reading “Writing an application that supports DNSSEC in RHEL and Fedora”
Red Hat’s Performance Engineering team is responsible for the performance of many of Red Hat’s products. We cover existing
Continue reading Shaping the Performance of a Linux Distro: Inside Red Hat Enterprise Linux 7
One feedback I got from my blog post on Understanding malloc behavior using Systemtap userspace probes was that I should have included an example script to explain how this works. Well, better late than never, so here’s an example script. This script prints some diagnostic information during a program run and also logs some information to print out a summary at the end. I’ll go through the script a few related probes at a time.
global sbrk, waits, arenalist, mmap_threshold = 131072, heaplist
Continue reading “Malloc systemtap probes: an example”