Redirecting Apache HTTP to HTTPS

Now that everyone can enjoy and use free SSL certificates from Let’s Encrypt, let’s all encrypt!

To forward HTTP requests to secure HTTPS, there are multiple options.

If you’re using some kind of panel to edit Apache configuration (like ISPConfig) that does not allow to edit the virtual host for HTTP separate from the virtual host for HTTPS, you can use this configuration in both configuration containers:

RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]

If you’re able to edit the virtual host for HTTP separately, Apache recommends using “Redirect”: http://httpd.apache.org/docs/current/rewrite/avoid.html#redirect

<VirtualHost *:80>
    ServerName www.example.com
    Redirect "/" "https://www.example.com/"
</VirtualHost>

<VirtualHost *:443>
    ServerName www.example.com
    # ... SSL configuration goes here
</VirtualHost>

By the way: if you’re using ISPConfig, I can recommend installing the Let’s Encrypt plugin from https://github.com/alexalouit/ISPConfig-letsencrypt. The plugin will be included into the upcoming new version of ISPConfig >3.1.

Restore trashed mails from dovecot maildir

To remove the “T”rashed flag from mails in a maildir, the files need to be renamed.

rename 's/(.+),ST$/$1,S/' ./**/*
rename 's/(.+),RST$/$1,RS/' ./**/*
rename 's/(.+),STab$/$1,Sab/' ./**/*
find . -type f -regex '.*,\(ST\|RST\|STa\|STb\|STab\)' -exec echo `echo {}` \;

I have also created a script which can be executed in the Maildir, searching for files and renaming the files: https://gist.github.com/mattanja/1367bc04750dd105317f

automysqlbackup – Backup databases on server

The easiest way that I have found for an advanced backup of all databases on a web hosting server was using the automysqlbackup tool.

By default the tool creates backups with automatic daily, weekly and monthly rotation. The backup files are being compressed and will be placed into your configured backup folder. Email notifications and a lot of additional options can be configured.
Of course the backup folder would then have to be backed up onto some other medium like a tape or remote servers.

automysqlbackup can be installed by cloning my fork from https://github.com/mattanja/automysqlbackup or downloading the original files from http://sourceforge.net/projects/automysqlbackup/

git clone git@github.com:mattanja/automysqlbackup.git

After cloning, simply run the setup script:

cd automysqlbackup
./install.sh

The executable script will be placed in /usr/local/bin/automysqlbackup using the default settings. The default configuration will be placed in /etc/automysqlbackup.

Next, update your server configuration in /etc/automysqlbackup/automysqlbackup.conf and/or /etc/automysqlbackup/myserver.conf – details can be found in the projects README file.

A run script is provided in /etc/automysqlbackup/run which can be used to setup a daily cronjob with the example-cron-file located in the same directory.

# cat example-cron-file
# Put this file into /etc/cron.d and adjust to your needs.
# Run the mysql backup scripts every morning at 4.30 h:
30 4 * * * root /etc/automysqlbackup/run

With this simple setup you’ll have a very advanced backup of all MySQL databases on your server within minutes. Thank you “wipe_out“.

Groupware options for small companies or organizations

(tbd – work in progress… Advice welcome…)

Over the last weeks and months I’ve had multiple people asking for advice about groupware software. For me that is still kind of an open issue and I’m not sure what the best answer would be. These are the options I know and would consider using at this point in time (in Germany):

  • Google Apps – expensive, not everybody wants their data hosted at Google
  • Zimbra OS – on some virtual server
  • OpenXchange (I never understood the licensing/pricing options there)
  • 1&1 MailXchange – hosted OpenXchange service, pricing ok
  • Microsoft Exchange (too expensive for small business)
  • atmail – looks promising, haven’t tried yet

The following list contains the requirements that I would put on such a system:

  • Mailbox for each user with delegation mailbox options
  • Calendar
  • Contacts
  • Mobile sync for Mail, Calendar & Contacts on Android & iPhone, preferably without having to install additional apps
  • Web-mail user interface with Google Mail as a reference “gold standard” – keyboard shortcuts and labels are the killer features of Google Mail for me

Additionally these requirements need to be met regarding server-side and administration:

  • “Domain-level” administration of mailboxes and permissions
  • Automated online backup possible

Actually these two points are the major constraints of Zimbras Open-Source edition which I have been using for some years now. Besides these limitations, Zimbra OS also lacks support for mobile devices (except for IMAP), which is another deal breaker. zextras may help with all of these and I will try it out as soon as I’ll have time for that.

Other options and comments welcome…

Install rails >=1.9.3 on Ubuntu 12.04 (for Redmine) with RVM

Quick reference on installing specific versions of rails on an “older” version of ubuntu without the need of having all packages in the ubuntu repositories.

\curl -L https://get.rvm.io | bash -s stable --ruby
/usr/local/rvm/bin/gem install ... (all needed gems)
/usr/local/rvm/bin/gem install passenger
apt-get install libcurl4-openssl-dev apache2-threaded-dev
/usr/local/rvm/gems/ruby-2.0.0-p247/gems/passenger-4.0.10/bin/passenger-install-apache2-module

The Apache 2 module was successfully installed.

Please edit your Apache configuration file, and add these lines:

   LoadModule passenger_module /usr/local/rvm/gems/ruby-2.0.0-p247/gems/passenger-4.0.10/buildout/apache2/mod_passenger.so
   PassengerRoot /usr/local/rvm/gems/ruby-2.0.0-p247/gems/passenger-4.0.10
   PassengerDefaultRuby /usr/bin/ruby1.8

After you restart Apache, you are ready to deploy any number of Ruby on Rails
applications on Apache, without any further Ruby on Rails-specific
configuration!

After doing so, you can continue to install redmine as described in http://www.redmine.org/projects/redmine/wiki/RedmineInstall

/usr/local/rvm/gems/ruby-2.0.0-p247/bin/bundle install --without development test

This will fail if the environment is not set correctly – this helped me a lot:
http://stackoverflow.com/questions/12127603/usr-bin-env-ruby-noexec-wrapper-fails-with-no-file-or-directory

source /usr/local/rvm/environments/ruby-2.0.0-p247

And finally the last missing gem:

/usr/local/rvm/bin/gem install rake -v=10.1.0

That’s it.