Category: FreeBSD

Note sure what happened to system patches p6, and  p7 but system update 11 p8 is now out and been duly applied.   Plus updates to Apache, PHP and MySql in recent weeks hopefully means I am up to date on the latest patches.

With Microsoft forcing everyone that uses Office 365 to use TLS 1.2 from the 1st March I thought it about time to check my webserver and see which old protocols where still supported .  Qualys have an excellent tool for checking at  https://www.ssllabs.com/ssltest/index.html

It was relatively easy after a quick google to check the default recommendations in httpd-ssl.conf to disable SSL 3.0, TLS 1.0 and TLS 1.1

A quick restart of Apache and a re-test at Qualys and now the server is only supporting TLS 1.2 and “approved” ciphers,

Its that time again, to renew the SSL Cert with LetsEncrypt.

 

 

Following the renew instructions here
https://certbot.eff.org/all-instructions/#freebsd-none-of-the-above

Essentially main steps are to stop Apache so it can bind to port 80 or 443.

sudo apachectl stop

sudo certbot renew -dry-run

sudo certbot renew

sudo apachectl start

Assuming all goes well, the new cert will be applied.   Next step is to set up a CRON job to automate this every 60 days.

 

Bootnote: whilst updating WordPress I also got around to enabling Google Analytics following instructions from http://www.wpbeginner.com/beginners-guide/how-to-install-google-analytics-in-wordpress/ 

Trying to update Lumina via the ports to the latest 1.3.0 didn’t play nicely with portmaster.  Kept complaining about a circular reference with the Lumina Archiver.

It seems the Meta port now needs to be deleted before the Lumina-Core port can be updated, but that is not mention in UPDATING.  But a quick SUDO PKG DELETE LUMINA seemed to do the trick and I was then able to build the new Lumina-Core from the dedicated port directory.

I have yet to check if I now need to install all the other new Lumina ports, but Chromium works fine which is all I am normally using it for.

On the plus side I also notices that MATE-SESSIONS was also no longer installed and MATE had ceased firing up from STARTX, but installing that port again has restored MATE to full working order as well.

 

Successfully completed an in-place upgrade of Freebsd 11.0 to the 11.1 release using the simple FREEBSD-UPDATE command and a couple of reboots as required to update the kernel and then the installed package libraries.

No new features that I can make use of, as its running on legacy hardware, but least it means another year of security patches.

Two power cuts in quick succession last week borked the database server so although up and running, corruptions to the backend probably prevented much content being server.   A quick bit of googling and forcing a rebuild of the DB engine looks to have everything back up and running.

It was also a timely reminded to renew the LetsEncrypt SSL Certificate so we are good until December again.   Renewal process worked flawlessly once I had stopped Apache so its could bind onto port 443 to do the actual renewal.

 

 

Not much happening on the server other than routine patching and fixing the mail server so it now talks nicely to my ISP so that the nightly update reports are fired out properly.

Updating DRI drivers appears to have broken the MATE desktop, but Lumina is still working find, so suspect some library conflict to resolve when the long nights are back.

Several teams at work are using Kanban as a Project Methodology, so have installed Kanboard, a php driven web app to manage projects to have a dabble.

https://www.farcorfe.org.uk/kanboard/index.php