The Amazon Linux AMI is a supported and maintained Linux image provided by Amazon Web Services for use on Amazon Elastic Compute Cloud (Amazon EC2). It is designed to provide a stable, secure, and high performance execution environment for applications running on Amazon EC2.
However, for whatever reason it is not enabled with automatic security updates on by default.
So lets fix that.
First lets install a version locking system for yum package manager. The reason we want something like this is to lock any and all packages that are too sensitive for automatic updates. A good example of this is any package where the version number can affect functionality in a major way such as gcc or Java.
sudo yum install yum-plugin-versionlock
You can then lock any package/set of packages with a statement like the following
sudo yum versionlock java*
To view a list of the current package locks, you can
sudo yum versionlock list
To remove all current package locks
sudo yum versionlock clear
Next lets configure automatic updates by first installing yum-cron
sudo yum install yum-cron
Lets modify the configuration to only enable security updates
sudo nano /etc/yum/yum-cron.conf
In the commands section set update_cmd to security and save-exit (Ctrl+o + Ctrl+x)
By default in IntelliJ IDE the internal view of a collection is hidden.
This is rather useless when debugging complex custom collections; so to avoid a bunch of extra debug code, you can simply disable the alternate view of collections in the customize data views option. (Ctrl+Shift+A)
You can also enable showing of static fields in here too which I recommend you turn on.
Now we can see the innards of the collection when debugging – YAY!
Let’s say that you need a run-of-the-mill VPN for your own purposes and you aren’t worried about using VPN-detecting services like Netflix then OpenVPN is a great option. Unfortunately it’s also a configuration nightmare; so lucky us then that the folks over at Streisand VPN have taken care of that.
Step 0 : Unattended Upgrades
The preparation step is to install unattended upgrades as an un-patched web-server is a really bad thing
This is a collection of scripts I regularly use to fix windows problems; some of them I have written myself and some I’ve gotten from others.
ClearEventViewerLog.ps1 – Clears the event viewer log that can get easily bloated over time
DisableMemoryCompression.ps1 – Disables Windows Memory Compression, which should improve application latency at the cost of a little extra memory
EnableLongPaths.ps1 – Enables Windows to deal with file paths that are longer than 255 characters
Fix_Wifi_Ping_Spikes.bat – Enables/Disables Windows WiFi Discovery; when it is off ping spikes are dramatically reduced, sometimes from 70ms down to 2ms
Regular_Maintenance.bat – Very powerful windows repair script that I wrote, does the usual DISM and SFC stuff, and also fixes the Windows Store, Start Menu and other Windows exclusive packages – This script can often bring Windows 10 back from the brink of death
Bring Back/Remove Open With Option on Context Menu.bat – This script will restore the “Open With” context dialog in the event that it has gone missing
SearchAndPackagesFix.ps1 – This script I wrote attempts to re-install all windows packages and also tries to fix the Windows start menu (It is used by Regular_Maintenance.bat)
Decrapify.ps1 – A powerful third-party script that lets you remove bloatware from Windows (be very careful what you select to remove as some packages are required by Windows)
Additionally I like to use BleachBit to clean the temp file mess created by Windows update and Wise Registry Cleaner(This link gives you a discount you can’t ordinary get) to clean the Windows Registry.
Create a new VHOST with whatever parameters you want
Now you’ll want to go to External App->+ sign to add an external app, choose type Web Server
Fill in the details
Now add a new context of type proxy by going to Context->+
Now go to SSL and fill in the SSL parameters from your main domain
Enable Rewrite to HTTPs
Create an A record in your nameserver configuration (in your nameserver’s management interface – typically your domain provider) to point the gitbucket.yourwebsite.com subdomain to your server’s IP address
Add it in both HTTP and HTTPs Listeners for your created VHOST
Save all changes and Do a graceful restart
Now you should be able to visit your subdomain gitbucket.yourwebsite.com and it should automatically redirect to the HTTPS link (this is vital since the connection needs to be secure for logins)
Now that its running we need to make it into a service so that it starts automatically on reboots
First lets move it to somewhere that makes sense for an executable
mv gitbucket.war /usr/bin/gitbucket.war
sudo nano /etc/systemd/system/gitbucket.service
Paste the following contents and save
Description=GitBucket Server Service
ExecStart=/usr/bin/java -jar /usr/bin/gitbucket.war
Now you’ll want to run the following commands to update, start and enable it to run at boot
In order to avoid staring at the screen at right angles (to the detriment of both your neck and sense of orientation) we must make some changes to the configuration file for the orientation matrix in the distro. In the previous tutorial we covered a situation where the distribution didn’t support automatic rotation out of the box; now we cover a situation where the distro does support it.
First lets fix the head cranking temporarily so we can keep our sanity as we do this
In these crazy days of programs that span hundreds if not thousands of separate source files; keeping a track of just what changed where and when and which copy is actually the current one without any kind of source control can be a daunting task.
In comes source-control to the rescue, but it(GIT, SVN, Mercurial, etc..) isn’t very user friendly as is. Thus source control repositories with web-interfaces like BitBucket and GitHub have become very popular. These websites let you easily view changes in a graphically friendly environment as well as conduct merges, copies, forks, and various other handy source control operations with a click of a button.
The problem is that these services charge for the privilege of having a private repository, which protects your code from public viewing. That said, the bigger problem is that it is difficult to assure that your code isn’t being viewed from the service provider.
GitLab solves all these problems and adds CI functionality on top of it. Unfortunately GitLab is also quite the configuration monster when you attempt to use it without the bundled Ruby/Puma/Nginx, so we’ll have to proxy it instead of trying to run it directly through LSAPI (trust me I wasted a day going through the nightmare personally of trying to get it to work by manually installing the required ruby gems, setting the paths, etc.. it’s a hopeless cause)
You will need some way of running terminal commands on your machine, in this tutorial I use XSHELL but there are free alternatives such as putty.
Next go to the Rewrite tab, Enable Rewrite and Auto Load from .htaccess
Next we need to point the subdomain to this vhost configuration before we configure SSL.
To do so go to the Listeners section and modify both HTTP and HTTPs Listeners
Create a new Virtual Host Mapping
Next if your primary website (yourwebsite.com) already has an SSL cert you can use that one (we will be modifying the certificate a bit later in order to add the subdomain). Otherwise you will have to generate a new cert (as is explained in my earlier tutorial).
Hit the refresh configuration button,
Next we need to adjust our DNS records accordingly to point to the new subdomain by adding an A record for that subdomain with the IP address of our server
Now we need to wait a while for the name-server records to update
Now we need to temporarily remove HSTS ( Strict Transport Security) on the main domain as it will force HTTPs but we haven’t extended our certificate yet
Its as simple as removing “includeSubDomains” and clearing your browser cache
After a while we should be able to visit gitlab.yourwebsite.com and see something
You’ll notice that the SSL won’t validate correctly if you don’t have a wildcard certificate
That means we will have to add the subdomain to the existing SSL certificate for it to be valid as well