How to: SSH secure key authentication on Ubuntu

Open SSH is the most widely used SSH server on Linux. Using SSH, one can connect to a remote host and gain a shell access on it in a secure manner as all traffic is encrypted.

A neat feature of open SSH is to authenticate a user using a public/private key pair to log into the remote host. By doing so, you won’t be prompted for the remote user’s password when gaining access to a protected server. Of course you have to hold the key for this to work. By using key based authentication and by disabling the standard user/password authentication, we reduce the risk of having someone gaining access to our machine/s. For more info on data access management, visit sites like https://cyral.com/data-access-governance/. And if you need comprehensive visibility to enable compliance and secure data sharing, you might want to read more here to learn more. Moreover, if you need Cyber Security Solutions in charge of data protection of your company, you may look for a time-limited privileged access management system that evaluates each access request. You may click here to find out more.

Implement NIST Cybersecurity Framework in 3 weeks using CyberArrow. CyberArrow is a technology first solution that automates the evidence collection for NIST CSF controls. CyberArrow can be used by any type of organization.

So if you are not using SSH with public/private key pair, here is how to get this rolling. If you are using AWS (Amazon Web Services) you would have been forced to use this method. This is great! The instructions below will teach you a bit about this and provide insight into setting this up on your dev VM or a server which doesn’t have this level of security turned on.

Useful commands to note

Accessing server using key

ssh -i ./Security/PRIVATEKEY USERNAME@SERVER -p PORT

Example:

ssh -i ./Security/aws/myname_rsa root@127.0.0.1 -p 22345

Restart SSH server

sudo /etc/init.d/ssh restart

Install & Setup SSH Security Access

Note: This section is for admins only.

On your Server (remote host) Locally on your box
1. Install SSHOnly if not already installed.
sudo apt-get install openssh-server
sudo apt-get install openssh-client

Make sure you change your server (and firewall is present) it to listen on port 22345 (or similar port of your liking in the high range) vs the standard unsecure 22.

Via Shell

sudo nano /etc/ssh/sshd_config
sudo /etc/init.d/ssh restart

OR

In Webmin >SSH Server > Networking > Listen on port = 22345

How to install Webmin instructions are here: http://www.theroadtosiliconvalley.com/technology/building-ubuntu-lamp-web-server-vm/

On your Server (remote host) Locally on your box
2. Create a public/private key pair.
ssh-keygen -t rsa

This will generate the keys using a RSA authentication identity of the user. Why RSA instead of DSA? RSA is 2048 bit key vs DSA 1024 bit key restricted. Read here: http://security.stackexchange.com/questions/5096/rsa-vs-dsa-for-ssh-authentication-keys

By default the public key is saved in the file:~/.ssh/id_rsa.pub,
while private key is:~/.ssh/id_rsaeg.

3. Copy the generated myname_rsa.pub file to the remote host. Use SFTP and from:
/Users/name/.ssh/myname_rsa.pub drop it into remote host path:
/root/.ssh/myname_rsa.pubNote: If that folder doesn’t exist then create it.
sudo mkdir /root/.ssh/
On your Server (remote host) Locally on your box
4. SSH into remote host and append it to ~/.ssh/authorized_keys by entering:
cat /root/.ssh/myname_rsa.pub >> ~/.ssh/authorized_keys
rm /root/.ssh/myname_rsa.pub
4.1. Check the permissions on the authorized_keys file.Only the authenticated user should have read and write permissions. If the permissions are not correct change them by:
chmod 600 ~/.ssh/authorized_keys
5. Enable SSH public/private key pair access.
sudo nano /etc/ssh/sshd_config

Make sure you have the following:RSAAuthentication yesPubkeyAuthentication yesSave when exiting.

6. Reload new configuration.
/etc/init.d/ssh reload (or)
service ssh reload
On your Server (remote host) Locally on your box
7. Protect your private key file.Locally on your machine assuming you moved the private key file to folder ./Security/
chmod 0600 ./Security/myname_rsa
8. Test your new setup.Login to your remote host from your machine:
ssh -i ./Security/KEYFILE USERNAME@SERVER -p PORTNO

where ./Security/KEYFILE is the location of your private key file.eg.

ssh -i ./Security/myname_rsa root@1.1.1.1 -p 22345

You should be granted access immediately without password requirements.

On your Server (remote host) Locally on your box
9. Disable authentication by password.
sudo nano /etc/ssh/sshd_config

Make sure you have the following:

ChallengeResponseAuthentication no 
PasswordAuthentication no
UsePAM no

Save when exiting.

10. Reload new configuration.
/etc/init.d/ssh reload (or)
service ssh reload
On your Server (remote host) Locally on your box
11. Test #2 your new setupLogin to your remote host from your machine:
ssh -i ./Security/KEYFILE USERNAME@SERVER -p PORTNO

where ./Security/KEYFILE is the location of your private key file.eg.

ssh -i ./Security/myname_rsa root@1.1.1.1 -p 22345

You should be granted access immediately without password requirements.Also test using the old method which should prohibit access.

ssh root@1.1.1.1 -p 22345

Should yield: Permission denied (publickey).
Server is now protected against brute-force attacks.

Finally make sure you adjust your development tools so they tool can gain access to your secured server.

Tools

Your choice of tools my vary but the process is very similar. The following are my most used tools and how to tweak them to allow SSH key entry to my secured server.

FileZilla – SFTP

To enable FileZilla to access the server under the new configuration do this:

  1. FileZilla > Preferences…
  2. Settings window opens. Select “Connection > SFTP” (left hand navigation).
  3. In the right pane, click on “Add keyfile…”. Navigate to your private keyfile and click on it to add.
  4. You may be asked by FileZilla to “Convert keyfile” to a supported FileZilla format. This is fine and just click “Yes”. Save the output file to the same location as your private key file.
  5. Click OK on the Settings file to save final changes.

SublimeText2 – IDE

To enable SublimeText2 to access the server under the new configuration do this.

In your solutions sftp-settings.json configuration file enable key file access like this:

"ssh_key_file": "~/.ssh/id_rsa",

Example:

"ssh_key_file": "~/Security/myname_rsa",

And that’s it. Happy development!

~ Ernest

How to Change DHCP to a Static IP Address in Ubuntu Server

If you are working via a VM environment you may no doubt have came across the issue of changing IP address. It really messes up your workflow since now all the saved bookmarks, host files and other associations need to be changed to the new IP address. The solution is to disable DHCP and enable a static IP address. But in such a way which still gives you access to the outside world (your machine) and the world outside that (the internet) so you can run updates and drag code from your repositories. If you always access various work or personal websites on your phone, you may buy datacenter proxies.

Here’s a bunch of steps, copy and paste style, which you can run in Ubuntu shell to make this happen.

Do this in your Ubuntu Shell

1. Get your current address, net mask and broadcast.

ifconfig

Under “eth0” (see below) write the numbers down. We will use them to lock in your static ip address.

eth0 Link encap:Ethernet HWaddr 00:0c:29:fe:45:3a
 inet addr:172.16.77.133 Bcast:172.16.77.255 Mask:255.255.255.0

2. Get your gateway and network.

route -n
Kernel IP routing table
 Destination Gateway Genmask Flags Metric Ref Use Iface
 0.0.0.0 172.16.77.2 0.0.0.0 UG 100 0 0 eth0
 172.16.77.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0

UG = U is for route is up and G for gateway. The other IP address is your network IP.

3. Change your IP address.

3.1 Open interfaces in nano

sudo nano /etc/network/interfaces

3.2 You will see something like this:

# The primary network interface
   auto eth0
   iface eth0 inet dhcp 

3.3 Replace it with:

auto eth0
   iface eth0 inet static
   address 172.16.77.133
   netmask 255.255.255.0
   network 172.16.77.0
   broadcast 172.16.77.255
   gateway 172.16.77.2

Note: These number are based on my VM and only serve here as an illustration.

4. Make sure your name server ip address is your gateway ip address.

sudo nano /etc/resolv.conf

5. Remove the dhcp client so it can no longer assign dynamic ip addresses.

sudo apt-get remove dhcp-client

6. Restart networking components.

sudo /etc/init.d/networking restart

7. Confirm you can access the outside world.

ping www.theroadtosiliconvalley.com

Note: ctrl+c to break out of the ping.

8. Enjoy!

And that is it. Simple but an effective measure to productivity.

~ Ernest

How to setup Django + mod_wsgi on Apache & Ubuntu

Django is a great Web Framework which complements the Python programming language. Having switched to Python development few months ago I was on the lookout for a MVC like Web Framework that emphasizes Convention over Configuration (CoC), Rapid Development Principle of Don’t Repeat Yourself (DRY), Separation of concerns has Python as the underlying core language. And lo and behold Django proved to be that beast.

What is Django

Django is a MVT (model-view-template) framework build on the Python language. The MVT is identical to MVC (model-view-controller) but where in the common MVC pattern the view here is the template and controller the view. They both perform the same function separating the business logic from the presentation from the data layer (model). However Django does goes one step further and provides a view/template without native core language polluting the HTML.

Django emphasizes Reusability and “Pluggability” of components, Rapid Development, and the Principle of DRY (Don’t Repeat Yourself). Stuff you hear a lot with Ruby on Rails – another great web framework built on a solid language, Ruby.

Ok, enough of my rambling about how great this framework is. If you want to read more about it I recommend the following 2 links:

The LAMP stack

Ok so everyone is talking about a LAMP stack and everyone wants to run their site on a LAMP stack. Why not when you can tap into great open source tools for free. The word LAMP is a bit over emphasised since most sites today run on a custom configured implementation using best of breed open source software.

“LAMP is an acronym for a solution stack of free, open source software, referring to the first letters of Linux (operating system), Apache HTTP Server, MySQL (database software) and PHP (or sometimes Perl or Python), principal components to build a viable general purpose web server” ~ Wikipedia

Few years ago when open source software was limited, LAMP had typically meant Linux, Apache, MySQL and PHP. Today Linux can take many flavours from CentOS, Red Hat or the popular Debian-derived Linux distribution Ubuntu. The web server Apache can be replaced with a super fast & lighter HTTP and reverse proxy server called nginx. MySQL, post Oracle acquisition is often replaced with PostgreSQL or a NoSQL version called MongoDB. And PHP by cleaner & concise languages like Python or Ruby.

In this post I will cover how to setup a LAMP stack where:

  • Linux = Ubuntu 11.10. This can also work with 10.xx version of Ubuntu.
  • Apache = we will leave it as is since it is still a great web server but hook in mod_wsgi – a Python WSGI adapter module for Apache. WSGI is nothing more than an interface specification by which server and application communicate. In this case with Python.
  • MySQL = will stay with MySQL but you can also install MongoDB.
  • PHP = will be replaced with Python and drop in the Django MVT framework.

Ok let’s get started.

How to Setup Django on Ubuntu

The following assumes you have already installed Ubuntu and LAMP. If not head over to my prior posts on how to:

  1. Install Ubuntu on EC2 and
  2. Install LAMP.

Installing pre-req components

1. Standard procedure is to always run update on your Ubuntu installation.

sudo apt-get update

2. Install mod_wsgi on Apache

sudo apt-get install libapache2-mod-wsgi

3. Install Python setup tools with pip. pip installs packages. Python packages. An easy_install replacement.

sudo apt-get install python-setuptools
sudo apt-get install python-pip

4. Install Django MVT framework using pip.

sudo pip install Django

Now that’s done. Easy hey. Now let’s configure your 1st Django site.
Assuming your site will be called “purpleblue.com

Configuring your 1st Django site

5. Recall from the LAMP setup that we were storing all web sites in /var/www/ folder. For example purposes, I will use purpleblue_com as my Django project. Notice the use of django-admin.py to create the Django site and the use of underscores vs decimal point. Only numbers, letters and underscores are allowed in the Django project name.

cd /var/www/
sudo django-admin.py startproject purpleblue_com

5.1 Verify new project by typing this in and hitting enter. ls lists the contents of a directory showing all files inc hidden ones, hence the -all option.

ls –all

If you see purpleblue_com listed, then change directory to it.

cd purpleblue_com

and verify you can see 4 .py files – init, manage, settings & urls. Those are Django new project default install files.

6. Now we create a wsgi file for the site so apache knows how to run this site.

sudo mkdir /var/www/purpleblue_com/apache
sudo nano /var/www/purpleblue_com/apache/django.wsgi

… and add this into django.wsgi

import os
import sys

path = '/var/www/purpleblue_com'
if path not in sys.path:
    sys.path.insert(0, '/var/www/purpleblue_com')

os.environ['DJANGO_SETTINGS_MODULE'] = 'purpleblue_com.settings'

import django.core.handlers.wsgi
application = django.core.handlers.wsgi.WSGIHandler()

TIP: It’s always a good idea to specify the actual application module.

6. Using webmin (ref our LAMP install) setup new apache site for this project.

6.1 Go to: https://YOUR_DEV_VM_IP:10000/
6.2 Servers > Apache Webserver > Create virtual host
6.3 Configure your new host
Document Root = /var/www/purpleblue_com/
Server Name = purpleblue.com
6.4 Click on “Create Now” button. And go back into the settings by clicking on “Virtual Server” button next to your new host.
6.4 Click on “Edit Directives” and paste the following in:

ServerName purpleblue.com
DocumentRoot /var/www/purpleblue_com

<Directory /var/www/purpleblue_com>
    Order allow,deny
    Allow from all
</Directory>

WSGIDaemonProcess purpleblue_com processes=2 threads=15 display-name=%{GROUP}
WSGIProcessGroup purpleblue_com

WSGIScriptAlias / /var/www/purpleblue_com/apache/django.wsgi

The last 3 lines above allow this Django site to run in daemon mode.

TIP: When you make any .py changes in your Django site, rather then restarting/refreshing apache you can touch this wsgi and the changes will be picked up.

sudo touch /var/www/purpleblue_com/apache/django.wsgi

7. Restart apache to take new site & settings into effect.

sudo /etc/init.d/apache2 restart

8. Add the new domain purpleblue.com to your primary OS host file pointing to your VM where the Django project purpleblue_com resides.

9. Test your new project by going to the Server Name (http://purpleblue.com) you just setup. You should see a similar default Django installation page:

It worked! Congratulations on your first Django-powered page.

If you get an error or cannot see the default Django installation page make sure you check out apache log file. Common approach is to grab the tail end of the apache error log file to see what just happened.

tail /var/log/apache2/error.log

Bonus – Django CMS

If you have the time also check out Django CMS that is built on top of the Django Web Framework.

Django CMS site: https://www.django-cms.org/

Happy Django exploring & Python coding!

References

EC2: how to launch Ubuntu into the cloud

Amazon Elastic Compute Cloud (EC2) delivers scalable, pay-as-you-go compute capacity in the cloud. It is a part of a collection of remote computing services (also called web services) from Amazon that together make up a multi-tenant cloud computing platform. The most central and well-known of these services are Amazon EC2 and Amazon S3. The goal in this post is to get you up and running on an EC2 instance super fast.

Get familiar

I’m going to assume you have an account with AWS and are familiar with:

If you do not know those 3, please spend some time learning about them by following the links in the bullet points above. Else, let’s get rollin.

Step by step guide

1. Setting up security

Before we launch an Instance you need to do some Pre-work since both “Security Group” and “Key Pair Name” cannot be changed once an Instance is mapped to one and started.

  1. Setup a “Security Group” for your new Linux Instance.
    1. From Navigation menu select “Security Groups”.
    2. Click on “Create Security Group” button and fill out the form giving your security group a very descriptive name.
    3. Click “Yes, Create” button, select the new group and in the lower half window/frame press the “Inbound” tab.
    4. Inbound allows you to open ports on this Instance. You can add or remove these after the Instance is created. By default allow these: SSH (22), HTTP (80) and MySQL (3306). For extra security limit (source) SSH & MySQL to only your IP address. If you plan to install Webmin add port 10000 here too.
    5. When done, click on “Apply Rule Changes”.
  2. Create a “Key Pair Name”.
    1. This is super important and will be used for accessing your Instance both via SSH & sFTP.
    2. From Navigation menu select “Key Pairs”.
    3. Click on “Create Key Pair” button.
    4. Give it a descriptive Key Pair Name and click on “Create” button. A private key with extension .pem will download. Save this in a secure location since this is your key to access your Instance.
    5. On your local machine (Linux X or Mac OS X), give this file more secure permissions like this:
      chmod 0700 ./keys/mykey.pem

2. Launching an Instance

  1. From Navigation menu select “Instances”.
  2. Click on “Launch Instance” button.
  3. This launches the Request Instance Wizard where you can select an Amazon Machine Image (AMI). Note that Ubuntu is only available from “Community AMIs”. Click the Community AMIs tab.
    1. Here is a list of available Ubuntu images:
      http://uec-images.ubuntu.com/releases/10.10/release/
    2. Make sure you use an EBS root store – it’s better. For benefits see here:
      http://stackoverflow.com/questions/3630506/benefits-of-ebs-vs-instance-store-and-vice-versa
  4. Step through the 5 stages of the Wizard and click on “Launch” button. This will launch your new Instance. The Wizard is straight forward and you will most likely go with all the defaults.
  5. Your Linux Instance will launch pretty fast. You should now see your Instance listed under “My Instances”.
  6. Click on your Instance. Instance properties window/frame shows up in the bottom half of the console. Note down “Public DNS” and “Private DNS/IP Address”. You will need those to access the box – especially the Public DNS.

3. Building a Ubuntu LAMP Web Server on your new Instance

This step is optional.

But should you want to setup LAMP on this new Instance follow the steps outlined in my previous post here: http://www.theroadtosiliconvalley.com/technology/building-ubuntu-lamp-web-server-vm/

The only additions in light of Amazon EC2 host are:

  • When using SSH/sFTP use the private key with extension .pem you downloaded above.
  • Note that root user in EC2 is “ubuntu” not “root” like in a VM Ubuntu setup.
  • To SSH into your new EC2 Instance do this in terminal where the URL after @ is your Public DNS:
    ssh -i ./keys/mykey.pem ubuntu@region.compute.amazonaws.com
  • Use the Public DNS or setup a static IP address to point to your Instance(s). Amazon calls this Elastic IP Address and this allows you to have multiple Instances all pointing to the 1 IP address for dynamic cloud computing.

Now go and build kick ass products!

There you have it folks. How simple is that. Amazon makes cloud computing look simple and launching new servers (Instances) is a breeze.. in a matter of minutes.

If you found this post useful let me know in comments section below. Super!!

~ Ernest

Building an Ubuntu LAMP Web Server

Recently I was setting up my Mac OS X with a kick ass development environment and jotted down all the cool steps I took to build an Ubuntu LAMP web server in a virtual machine environment. Here is this in-depth guide translated from paper to this digital copy. Hope you find this guide valuable and it saves you time when you need to do the same.

LAMP (Linux, Apache, MySQL and PHP)

Ubuntu Server

The flavor of Linux I like to use as a Web Server is Ubuntu.

What is Ubuntu

Ubuntu , is a secure, intuitive operating system that powers desktops, servers, netbooks and laptops. It is based on the Debian GNU/Linux distribution. Ubuntu is also named after the Southern African ethical ideology Ubuntu (“humanity towards others”) and is distributed as free and open source software with additional proprietary software available.

Why Ubuntu

  1. Reduce costs – free to use with no licensing fees.
  2. Visualization – it runs beautifully & fast in any VM environment (esp. Mac OS X)
  3. Build-in security – tight security, inbuilt firewall and encryption.
  4. It based on a Debian Distribution. A computer operating system composed of software packages released as free and open source software especially under the GNU General Public License and other free software licenses. Debian distributions are slower to release but this means they are extremely thorough.
  5. A lot of the big boys use Ubuntu. See case studies here: http://www.ubuntu.com/business/case-studies

Step by Step – your 1st web server

This guide assumes you have already installed Ubuntu Server. If not, go here and do it first. I recommend you install Ubuntu Server in a VM. I use VMware Fusion to run my instances when developing and Amazon EC2 for production. This guarantees that whatever I do locally in a VM will be compatible when pushed into production.

Ubuntu Server in a VMware Fusion

Goal:

  • Install LAMP – Linux (already done), Apache (web server), MySQL (mysql) and PHP (code compiler).
  • Install Webmin – a web-based interface for system administration for Unix.
  • Allow WWW for sFTP so you can remotely manage your website using a GUI.
  • Setup access to MySQL using MySQL Workbench.

1. Install LAMP

  • SSH into your box as root on Port 22 (default post install).
  • Update your OS software (just in case you are missing some dependencies):
    sudo apt-get update
  • From the terminal window, install LAMP using this 1 line of code (the caret (^) must be included):
    sudo apt-get install lamp-server^
  • The apt package manager will display what it is installing and ask you a bunch of standard questions. Just say yes to all. You will also be asked for a password for your new MySQL database. Type that in and note this down for future.
  • When this finishes you are done. Easy hey! Port 80 (default web server port) is now enabled and pointing to ‘/var/www’. ‘/var/www’ is where your site(s) should be placed.
  • Hit the Public DNS URL of your server (typically your IP) to verify that it’s up. It should show up a page with “It works!” If you are not sure what your box’s IP is, type this in and hit enter (similar to ipconfig on a Windows box).
    ip route
  • Before moving to the next step, you may want to know information about PHP’s configuration inc. installed extensions. You can grab this by creating a PHP file from your terminal window like this:
     sudo nano /var/www/phpinfo.php

    then adding this into it, save it, and quit nano (the editor your in):

    <?php phpinfo(); ?>

    restart Apache:

    sudo /etc/init.d/apache2 restart

    Hit the IP in your browser again with this new file name appended to the end eg. http://170.10.105.110/phpinfo.php – it should show you what is running.

2. Install Webmin

  • Edit “/etc/apt/sources.list” to add 2 new source:
    sudo nano /etc/apt/sources.list
  • … add these 2 new lines to the end, save and exit:
    deb http://download.webmin.com/download/repository sarge contrib
    deb http://webmin.mirror.somersettechsolutions.co.uk/repository sarge contrib
  • Now you can run this in your terminal window to install Webmin.
    sudo apt-get update
    sudo apt-get install webmin
  • Webmin should now be accessible from your browser using the server’s ip address followed by port 10,000 eg. https://170.10.105.110:10000
    Note that you do not have HTTPS cert so your browser will throw a warning since https is (and has to be) the protocol. Ignore it and move forward.
  • If you cannot login with your sudo account you may need to enable root. Follow the steps outlined here: https://help.ubuntu.com/community/WebminWithoutARootAccount
  • Or you can change the password of the root user in your terminal window. Then restart webmin.
    sudo /usr/share/webmin/changepass.pl /etc/webmin/ root foo
    sudo /etc/init.d/webmin restart
    
  • If you need to restart webmin run this:
    sudo /etc/init.d/webmin restart

3. Allow WWW for sFTP

  • You need to make sure the group www-data is added to “/var/www”. Run this in your terminal window:
    sudo chgrp www-data /var/www
  • Make “/var/www” writable for the group.
    sudo chmod 775 /var/www
  • Set the GID for www-data for all sub-folders.
    sudo chmod g+s /var/www
  • Your directory should look like this on an ‘ls -l’ output.
    drwxrwsr-x    root www-data
  • Last, add your user name to the www-data group (secondary group) where USERNAME is the “new” username you will use to sFTP. Note that we follow it by “passwd” to give new account a password.
    sudo useradd -G www-data NEW_USERNAME
    sudo passwd NEW_USER

    OR if the username is “existing” one use the command below. Also don’t forget to add “ubuntu” user if you have set this up on an EC2:

    sudo usermod -a -G www-data EXISTING_USERNAME
  • You should now be able to SFTP to your server using this USERNAME and upload data to “/var/www” with no problems.

4. Access to MySQL using MySQL Workbench

  • MySQL Workbench is a nice free GUI tool by the folks at mysql.com to manage your MySQL database. It can be downloaded from here: http://wb.mysql.com/
  • By default MySQL listens on localhost (127.0.0.1) so if you are going to manage your Ubuntu VM instance from say OS X, MySQL wont allow you entry. Here’s what to do to grant remote management of MySQL.
    1. Go to Webmin and login.
    2. In Webmin, navigate here: Servers > MySQL Database Server > MySQL Server Configuration
    3. Change “MySQL server listening address” to “Any”. By default it is 127.0.0.1. Save this.
    4. Now navigate here: Servers > MySQL Database Server > User Permissions
    5. Click on User “root” on the line where it says 127.0.0.1. And under Hosts change it to “Any”. This set the permissions on your db access.
    6. Save & Restart MySQL and you are done.
  • Remember that this is for “development” purposes only. You would not be allowing “Any” to your DB rather a specific static address and username.

5. Bonus – running multiple web applications on the LAMP instance

To save on time, money and managing multiple boxes, you may want to run multiple websites from this same box. I like to do this using ports as the separator. The following can be done in Webmin:

  1. Upload code to /var/www/mynewsite/
  2. Create a Virtual host for your new web application by navigating to:
    Servers > Apache Webserver > Create virtual host
  3. Fill out the form pointing ‘Document Root’ to the location of your code and assign a ‘Port’ number eg. 81, to this new host. Remember port 80 is your default.
  4. Save and click on ‘Apply Settings’ (link top right of the Webmin interface).
  5. Finally you need to tell Apache to listen to this new port. Navigate here:
    Servers > Apache Webserver > Global configuration > Networking and Addresses
  6. Add port 81 (where your new host is configured on) to ‘Listen on addresses and ports’.
  7. Save, apply changes and restart Apache.
  8. Done. You can now access your website via http://IP_DNS:81

Now go and build kick ass products!

There you have it folks. How simple is that. That’s why I love Ubuntu so much. It’s simple and powerful all under the 1 umbrella. That’s how software should be. All the complexities removed so us engineers can get to work and build kick ass products!

If you found this post useful let me know in comments section below. Super!!

~ Ernest

Making the switch from Windows to Kubuntu

I finally made the switch from Windows Vista to Linux Free Operating System. I moved to the Kubuntu version of Ubuntu 10.10 (a Linux flavour) as my development box and haven’t looked back. Well I lied, since I did look back a bit at the beginning lol. It has been a an interesting challenge mentally adjusting to new way of doing things, new tools (applications) and driver support. In the end it was definitely worth it.

And why Kubuntu? since it’s basically Ubuntu a Debian-derived Linux distribution with KDE (a prettier desktop) on-top. Ubuntu brings your slower machines to life. While Windows keeps on slowing them down. Ubuntu is a secure, intuitive operating system that powers desktops, servers, netbooks and laptops. Ubuntu is, and always will be, absolutely free. More about it here.

Why I switched

Today all my development is open source. This means I run what I create on a LAMP stack – L stands for Linux Server. Doing development on a Windows box and pushing to a LAMP stack is like clawing your way through quick sand instead of using a ninja sword to slice through your tasks.

One day, I asked myself. Wouldn’t it be kick ass if my dev box would be close to identical to my production boxes. Knowing that whatever I do on my dev box will work in production with high certainty. Yes yes, Ubuntu popped into my mind. Which later after speaking with a fellow Linux hacker changed to Kubuntu.

As you may already know, Kubuntu is highly configurable. You even have access to the source code if you wish to venture that deep. It also has a great X window called KDE. Check out these top the winners from a 5-day competition on Facebook where fans were invited to submit a screenshot of their pimped Ubuntu desktop. No excuses about Ubuntu’s poor UI.

My customized Ubuntu desktop
My customized Kubuntu desktop

Linux apps to replace your Windows apps

Here is a comprehensive list of apps to replace your Windows versions.

Note: Most applications & games on Linux are open source. This mostly means free. Thus, the ones I listed below as alternatives in the Linux world are all free and can be downloaded from your package manager. I use Synaptic Package Manager (SPM). All the software here is verified and malicious free – it’s safe to get all your apps from here. To install SPM, in your terminal window type this in and your done. Simple eh.

sudo apt-get update
sudo apt-get install synaptic

Securitythis one just kills windows. Ubuntu comes with a firewall built in and windows viruses – what are they on Ubuntu – non existent. All you need is software like Gufw to help you “manage” your firewall else you can do it via the terminal / konsole window.
In your terminal window type this in and your done. This cannot get any harder 😉

sudo apt-get install gufw

And if you want hard-core detail on securing Ubuntu, read this post covers the process of securing and hardening the default Debian GNU/Linux distribution installation.

Applications… the following let’s use “Synaptic Package Manager”.

Purpose Windows Linux
Development
Code editor Notepad++ gedit
SFTP, FTP and SCP client WinSCP FileZilla
Telnet/SSH Putty OS Konsole /
terminal window
Code compare Beyond Compare Kompare
MySQL manager and admin tool SQLyog MySQL Workbench
Virtualization VMWare VirtualBox
Multimedia
Video player Windows Media Player VLC
Video editor Sony Vegas Kdenlive
Organize, share & edit your photos Picasa Picasa /
Gwenview
Photo editor Photoshop GIMP
Audio player Windows Media Player Amarok
CD/DVD burner Nero K3b
Other
Office (word, excel, powerpoint etc) Windows Office OpenOffice /
Google Docs
File browser Windows Explorer Dolphin
Internet browsers Chrome Chromium
Antivirus & Firewall Take a pick lol Gufw to manage your Firewall
Silverlight MS Silverlight Moonlight

Additional stuff you can install to make your Kubuntu experience pleasing:

Don’t forget to use your Synaptic Package Manager to look for these apps first. Only when you cannot find them there click on the title of each app below to take you to the website hosting the app and instructions.

  • Docky – shortcut bar that sits at the bottom, top, and/or sides of your screen. You can make it look and behave like mac’s bar.
  • KSnapshot – simple & powerful easy to use screen capture program.
  • Ubuntu Tweak – tweak Ubuntu’s desktop and system options that the default desktop environment doesn’t provide.
  • Beagle – advanced desktop search.
  • FreeMind – premier free mind mapping software written in Java.
  • Etherape – graphical network monitor.
  • Other code editors:
    • JetBrain. Their professional developer tools are kickass! I have trialled their PHPStorm & ReSharper with positive results. They also have editors for Ruby & Python (shakes of excitement). It’s not free but they do have trial versions available for download.
    • Eclipse. Open source IDE editors written in Java.
  • Dropbox – Online backup, file sync, and sharing made easy. Get it here: http://db.tt/QDC0nvU
  • ubuntu-restricted-extras – Essential software which is not already included due to legal or copyright reasons. Gives support for MP3 playback and decoding, Java runtime environment, Microsoft fonts, Flash plugin, DVD playback, and LAME (to create compressed audio files).
  • Adobe Flash & Adobe Air so you can run web applications like TweetDeck.

Missing Windows app/s?

If you still miss or cannot find your favorite Windows applications on Kubuntu, you install Wine to run them on Kubuntu. Wine is a program that offers a compatibility layer allowing Linux users to run some Windows-native applications inside of Linux. You can get Wine from Synaptic Package Manager / package manager or by following the instructions here.

Stuff I still need my Windows box for

  • Photo editing – Photoshop and Lightroom and
  • Video editing – Sony Vegas (goes with my Sony HD cam). The Linux alternative Kdenlive just dosent cut it.

With time I’m sure a super duper speced up Mac (with Dual boot for Kubuntu) will replace both my laptops. Now I need to sell myself why I should move to a Mac and pay double the price for hardware.

PS. If you have suggestions or additions to this post please comment below or contact me.

Happy hacking!

~ Ernest