Tricks Tips Tools | bitpost.com/news

Next-gen PGP is GPG

I’ve been playing with PGP for a long time, and it was a sad day when it was sucked up and commercialized. There’s still a free version somewhere, but now there’s an open-source solution as well, GPG. Works great! Under Windoze, there’s a GUI called GPGshell that is very PGP-ish. Countrymen, send me your keys!

Comments | Friday, February 11, 2005

k3b, burner of choice?

Trying out k3b, looks to be the best GUI front-end for the command line utilities cdrecord, cdrdao, and growisofs. Looks nero-like, cool.

Comments | Friday, January 28, 2005

Handling Virtual Domains with Cyrus IMAP

I am no longer a total Cyrus IMAP newbie. Cyrus IMAP newbies don’t run and administer Cyrus IMAP servers, at least not for long.

That said, I’ve lost a lot of email along the way. This stuff hasn’t been easy or straightforward. That’s mainly due to linux’s modular architecture, which is the only way to go, but it’s a mixed blessing. By the time you really figure out something like Cyrus, you’ll likely have learned a lot about linux’s authentication (PAM), your mail transport agent (MTA – it actually listens for mail and hands it off to Cyrus), other available MTA’s (sendmail, exim, qmail… why are there so many?), PHP and Mysql configuration, and so on.

So I’m not going to try to explain what it takes to get it all working. The main doc that makes that attempt is here. Use it as a reference – it’s extremely unlikely you’ll be able to actually go through the outlined steps directly. I definitely recommend trying to find a pre-built package for your distro.

I just wanted to document the steps that are needed with postfix and cyrus to get multiple virtual domains handled on one installation. There are two files that need tweaking, /etc/postfix/main.cf, and /etc/imapd.conf.

To do…

Comments | Wednesday, January 5, 2005

Anonymous Squid Proxy

It’s easy to set up the squid proxy cache as an anonymous proxy. Whenever you surf through the proxy, it will drop the HTTP headers that identify you, so the only thing that shows up at the HTTP server you’re browsing to is the IP of the machine where squid resides. Just check out /etc/squid/squid.conf, it describes which lines to add in order to remove all the header information.

Being more anonymous is great, but it’s not really much use to me, for two reasons: the proxy IP *is* my IP, so I haven’t hidden that; and if you browse anonymously, forget about all the advantages of being identified – i.e., using cookies. You simply won’t be able to browse any site that requires cookies. Cest la vie.

Comments | Thursday, December 30, 2004

One Apache, multiple SSL websites

One apache installation can easily host multiple domains using a couple different VirtualHost directives. Basically, a standard HTTP request includes the requested domain name, and Apache uses that to determine which pages to serve up.

From what I understand, SSL-encrypted sites are a wee bit trickier, because HTTPS requests are encrypted and the requested domain name isn’t available. So all you have to go by is the IP address…. and the port. So that’s the trick – you have to use a different port for each SSL-encrypted domain name you want to support.

Steps to make Apache listen for SSL requests for different domains on 443 and 8080:

Add “Listen 443” and “Listen 8080” directives at the top of your apache configuration.

Add a “VirtualHost myfirstsite.com:443” block for the first site, and a “VirtualHost mysecondsite.com:8080” for the second.

Make sure your firewall allows incoming traffic on both ports.

See? Easy. :> And since your website will typically redirect traffic to SSL pages (as opposed to expecting users to type them in), hopefully using a non-default port won’t be a problem.