Category: FreeBSD

With Microsoft forcing everyone that uses Office 365 to use TLS 1.2 from the 1st March I thought it about time to check my webserver and see which old protocols where still supported .  Qualys have an excellent tool for checking at  https://www.ssllabs.com/ssltest/index.html

It was relatively easy after a quick google to check the default recommendations in httpd-ssl.conf to disable SSL 3.0, TLS 1.0 and TLS 1.1

A quick restart of Apache and a re-test at Qualys and now the server is only supporting TLS 1.2 and “approved” ciphers,

Its that time again, to renew the SSL Cert with LetsEncrypt.

 

 

Following the renew instructions here
https://certbot.eff.org/all-instructions/#freebsd-none-of-the-above

Essentially main steps are to stop Apache so it can bind to port 80 or 443.

sudo apachectl stop

sudo certbot renew -dry-run

sudo certbot renew

sudo apachectl start

Assuming all goes well, the new cert will be applied.   Next step is to set up a CRON job to automate this every 60 days.

 

Bootnote: whilst updating WordPress I also got around to enabling Google Analytics following instructions from http://www.wpbeginner.com/beginners-guide/how-to-install-google-analytics-in-wordpress/ 

Trying to update Lumina via the ports to the latest 1.3.0 didn’t play nicely with portmaster.  Kept complaining about a circular reference with the Lumina Archiver.

It seems the Meta port now needs to be deleted before the Lumina-Core port can be updated, but that is not mention in UPDATING.  But a quick SUDO PKG DELETE LUMINA seemed to do the trick and I was then able to build the new Lumina-Core from the dedicated port directory.

I have yet to check if I now need to install all the other new Lumina ports, but Chromium works fine which is all I am normally using it for.

On the plus side I also notices that MATE-SESSIONS was also no longer installed and MATE had ceased firing up from STARTX, but installing that port again has restored MATE to full working order as well.

 

Successfully completed an in-place upgrade of Freebsd 11.0 to the 11.1 release using the simple FREEBSD-UPDATE command and a couple of reboots as required to update the kernel and then the installed package libraries.

No new features that I can make use of, as its running on legacy hardware, but least it means another year of security patches.

Two power cuts in quick succession last week borked the database server so although up and running, corruptions to the backend probably prevented much content being server.   A quick bit of googling and forcing a rebuild of the DB engine looks to have everything back up and running.

It was also a timely reminded to renew the LetsEncrypt SSL Certificate so we are good until December again.   Renewal process worked flawlessly once I had stopped Apache so its could bind onto port 443 to do the actual renewal.

 

 

Not much happening on the server other than routine patching and fixing the mail server so it now talks nicely to my ISP so that the nightly update reports are fired out properly.

Updating DRI drivers appears to have broken the MATE desktop, but Lumina is still working find, so suspect some library conflict to resolve when the long nights are back.

Several teams at work are using Kanban as a Project Methodology, so have installed Kanboard, a php driven web app to manage projects to have a dabble.

https://www.farcorfe.org.uk/kanboard/index.php

 

 

As the weather has not been so hot, I’ve spent a few hours updating and installing various packages on the server.

Firstly free certificates from LetsEncrypt has allowed me to provide a secure login with trusted certificates. Self signed certs in the past where fine as provided encryption, but Chrome and IE still warned users as not signed by a official Certificate Authority.

The Transmisson Daemon for Torrents has been re-installed. Mainly for access to complete iso files for new Distro’s but obviously other benefits as well.

Finally MiniDLNA server (aka ReadyMedia) allows downloaded media to be quickly and easily shared across the home network,