TinyCert: Generate SSL Certificates And Become Your Own Certificate Authority

tinycert

A few days ago I moved longren.io to https. I didn’t pay for a certificate though like I would when setting up an e-commerce site or something else important.

I even get the little green lock symbol in the address bar, but I think this is mostly due to my use of Cloudflare.

TinyCert is a service I discovered that lets you be your own PKI/certificate authority. It’s entirely free and provides you with a very nice interface for managing your certificates. The image below shows the interface for managing your certificates. The list on the right is a list of certificates, as you can see I’ve got one made up for longrendev.io, but haven’t put it in place quite yet.
tinycertinterface

The support from TinyCert is very good as well, I had a few questions regarding how their certificates would work with Cloudflare and they quickly cleared my questions up. SSL Labs from Qualys gives the SSL certificate an “A” rating. Should you use certificates from TinyCert in production? Probably not. I am, however, due to my use of Cloudflare.
ssl

This post isn’t meant to show you how to install certificates or use TinyCert, it’s simply to make you aware of the tool and what can be done with it. TinyCert has a pretty extensive FAQ, so should you have questions, which I’m sure you do, head on over and start reading. If you do need help installing the certificates from TinyCert, their help center does a nice job of providing instructions for Apache and Nginx based setups.

Have fun with TinyCert, it’s a pretty awesome service that I’ll continue to use and will absolutely be donating to. But please remember, TinyCert certificates should not be used for regular public websites and the service is not a substitute for a proper certification authority, but for self-signed certificates.

Automate Taking Snapshots of Your DigitalOcean Droplets with DOSnapshot

dosnapshot1

Multi-threading. Auto-cleanup. Cron optimized.

There are a lot of neat tools people have built for DigitalOcean.

The app I’m really in love with is DOSnapshot, and is hosted on GitHub. DOSnapshot does exactly what its name would suggest, it takes snapshots of your droplets.

As of this post, I’m the only one that’s left a comment on the DOSnapshot Community Projects page, which took me a bit by surprise, given the quality of the tool.

Taking a snapshot of a DigitalOcean Droplet is essentially like making an exact copy of the Droplet (server) that you can then use again at a later time. Very useful for scaling and updating a Droplet to a newer version of your Linux distribution without losing all of the Droplet’s configuration.

Etel Sverdlov does a very good job of explaining the difference between snapshots and backups in this DigitalOcean community tutorial. I suggest you read it if you’re unsure what the differences between a backup and snapshot are.

1. Install DOSnapshot

DOSnapshot can be installed as a ruby gem, which is what I chose to do because it’s just so easy. Don’t install this on your DigitalOcean Droplet! It’s meant to run from your local machine. Installing DOSnapshot as a Rubygem is as simple as:

Pre-built binaries are also provided for Linux users, and OSX users have the option of installing via Homebrew Tap.

2. Set Your DigitalOcean Client ID and API Key

Once you’ve got it installed, you’ll need to set your DigitalOcean Client ID and API Key. You can set them as environment variables, or you can pass them as parameters when actually running DOSnapshot. This is straight from the README:

First you may need to set DigitalOcean API keys:

$ export DIGITAL_OCEAN_CLIENT_ID=”SOMEID”
$ export DIGITAL_OCEAN_API_KEY=”SOMEKEY”

If you want to set keys without environment, than set it via options when you run do_snapshot:

$ do_snapshot –digital-ocean-client-id YOURLONGAPICLIENTID –digital-ocean-api-key YOURLONGAPIKEY

3. Take A Snapshot

DOSnapshot has a pretty large number of options that you can specify. I’m going to keep this simple so you get the basics of it. Learning a few of the main options will be mostly what you need to know, after you’ve got them figured out, setting up a cronjob is cake.

You can take snapshots of all of your droplets at once, you can specify which droplets to take snapshots of, and you can specify droplets that you don’t want to take a snapshot of. I typically take a snapshot of a single droplet at a time, and I do it like this:

The above will take a snapshot of only one droplet, a droplet with an ID of 1111, replace 1111 with the ID of your droplet. You can find your droplets ID in your browser URL bar while managing the droplet. So if you see https://cloud.digitalocean.com/droplets/1234567, your droplet’s ID is 1234567.

Here’s all of the options.

4. Scheduling With Cron

First, you must have cron installed. There’s plenty of tutorials on how to do that. That tutorial even explains how to configure a cron job using the crontab utility. There’s an example crontab entry in the DOSnapshot README. Mine is pretty simple:

If you have questions about setting any of this up, feel free to leave a comment!

Monitor SSH Activity on Your Server with Papertrail & Saved Searches

papertrail-not-listed-setup

Search for common phrases related to SSH logins

Papertrail is good for all types of things, I especially enjoy it because it makes finding problems quite easy. Another fun thing to do with Papertrail is see how many people are trying to either login to your server via ssh, or attack sshd itself.

Find Potential Break-In Attempts

You can save searches in Papertrail, which makes finding certain events extremely easy. When I want to see potential break-in attempts, I have a saved search for not listed in AllowUsers. My server names have been blacked out in the image below.
papertrail-not-listed

Show All sshd Associated Event Logs

To see all events associated with sshd, you can save a search for program:sshd. This will show all log entries generated by sshd. Again, server names have been censored.
papertrail-program-sshd

Papertrail has groups that you can put your servers into. Saved searches can be applied to a specific group of servers, or all servers. It’s really quite nice, especially if you have a server that almost nobody ever logs in to. Papertrail also lets you know the last time a log message was received from a server. For most servers, the last log event will have been moments ago.

Receive Alerts for Saved Searches

One of the best features are the alerts on saved searches. If you have a server that nobody but you logs into but you, you can setup an alert for when someone logs in via SSH. Most of the time the alert will just be you logging in, but this is excellent information to have if someone else does manage to login. Someone could have obtained your private key or your password.

You can specify the minimum number of events needed before the alert is activated. I’ve got an alert setup that sends me an email after my public key has been accepted 20 times. The alert is sent once an hour. I have the minimum number of events so high because I login frequently with FileZilla and make small edits to files, which causes a lot of SSH logins.
papertrail-saved-search-alert

If you have to manage any servers at all, you might as well give Papertrail a try. They have a free plan that lasts forever. If you find that you need more than 100MB of log storage space, you can get 1GB for $5 per month, which is plenty for most folks. $5 only includes 1 day of log retention, $7 per month gets you a week of log retention.

My Portfolio

longrendev

I finally have one!

I’ve known for a long time that I need some type of portfolio, especially since I’m doing freelance web development full-time now.

A potential client wanted to see my portfolio. I explained that I didn’t have one for various reasons, and instead described to him some of the more interesting projects I’ve done.

After the long email describing previous projects, I decided to create an online portfolio. I had recently bought the domain longrendev.io, but wasn’t using it for anything. So, I found a nice Twitter Bootstrap based portfolio WordPress theme and got to work. The theme needed some tweaking, the grid displaying the projects was a bit messed up and needed fixed, which was very easy.

The theme I chose was StanleyWP, a simple, minimalistic portfolio theme. The best thing about it was it’s price, free.

It’s built with Twitter Bootstrap 3.0.3, which is a little old, but still gets the job done. The current version of Twitter Bootstrap is 3.2.0.

Once I get some client projects finished up, I’ll probably take some time to update StanleyWP to use Twitter Bootstrap 3.2.0, or whatever the newest version is at that point in time.

Anyway, check it out and let me know what you think. There’s a LOT of projects I still need to add, so the list of projects right now is fairly minimal. I am also going to be using that site to take project requests.

If you need a portfolio site and would like to use StanleyWP, let me know if you need help fixing up the grid issues. It’s very simple to do, but may not be so simple for someone who isn’t a developer, like a designer. :)

Meet Unyson, A Drag & Drop WordPress Framework

unyson

Features a visual drag & drop page builder that will let your users create countless pages at a drop of a dime

Got an email from Olga at ThemeFuse yesterday announcing the release of their new drag & drop WordPress framework named Unyson.

Unyson comes with many built-in extensions, and the documentation seems to be very helpful and complete. Some highlights from the Unyson home page:

  • All the built in extensions & options work in perfect harmony. You’ll find developing on Unyson a breeze.
  • Your users will love the drag and drop page builder and the customization options built into
  • All you need to do is download the Unyson WordPress framework and start developing your theme.
  • We have a lot of tools ready to help you along the way: developer manual, Trello, GitHub Support and more.

unyson-docs
Unyson also includes an extensive list of customizations and options:

  • Page Builder
  • Option Types
  • Styling
  • Sidebars
  • Megamenu
  • Backup
  • Sliders
  • SEO
  • Breadcrumbs
  • Portfolio
  • Custom Widgets

I enjoy this theme so much because it has many features that premium or paid themes have, but Unyson is free! You can download the source on GitHub.

Getting started with Unyson is extremely easy, but slightly different than how you’d typically upload a theme. Installation of Unyson is like so:

  1. Download the framework archive from the framework’s GitHub repository
  2. Extract it to your parent theme directory. After this you must have framework/ directory in parent theme. It’s mandatory to have this exact same folder structure otherwise it will not work.
  3. Include the Unyson framework by adding this line in your theme’s functions.php:

require_once TEMPLATEPATH .'/framework/bootstrap.php';

After that, you’ll need to add some more code to the beginning of all the PHP files associated with your theme. I suggest you go over the Getting Started guide and really pay attention so you get a good understanding of what Unyson can do. The documentation is really awesome, most issues or questions you could have are more than likely covered in the docs.

I haven’t had much of a chance to play with Unyson, but will get the opportunity to on an upcoming client project, so I’m really looking forward to that.

Unyson is quite new, so hopefully we will see more features as it matures. It’s definitely worth checking out.