How To Secure Self-Hosted Bamboo and Crucible with Let’s Encrypt SSL Certificates

Author: , Posted on Thursday, September 14th, 2023 at 6:26:30am


In this blog we explore how to use certificates from Let’s Encrypt to secure self-hosted Bamboo and Crucible.

Process To Follow

  • Install Certbot
  • Ensure that external DNS resolves to the correct IP address
  • Ensure that Port 80 is open from the outside to that IP address so that Let’s Encrypt can validate the domain
  • Ensure nothing is listening on Port 80
    netstat -pan | grep 80 | grep LISTEN | wc -l
  • Generate the new certificate via Let’s Encrypt
  • Create the new Java keystore for use with Bamboo and Crucible
  • Copy the new keystore into place and set ownership and permissions
  • Restart the services
  • Test

Install Certbot

You must first install Python >= 3
I like using pip to install certbot, but urge you to use any method that is the easiest and most familiar:
Run certbot help to confirm that it has been installed properly

Generate the Let’s Encrypt Certificate

Create The New Java Keystore

This step will result in two new files being created: example.p12 and example.jks


  • the name/alias MUST be “tomcat” (no quotes)
  • the password MUST be “changeit” (no quotes), unless you modify the config xml settings which is beyond the scope of this blog post.
  • when you list out the new example.jks keystore using keytool, ensure that it says PrivateKeyEntry next to the alias tomcat.
  • ignore the warning at the end because Apache Tomcat requires the JKS keystore format, not the PKCS12 format – do NOT convert!

Copy The Java Keystore Into Place

This step will copy the new keystore (bamboo.jks)into place for both bamboo and Crucible as ~/.keystore for each user. Ownership and permissions must also be set.

Restart Bamboo and Crucible

This step will restart the processes, so they read in the new certificate.

Test Bamboo and Crucible

Use the openssl command to test the new certs:

How to add and delete security group rules in AWS via the CLI (and list them too!)

Author: , Posted on Wednesday, September 13th, 2023 at 5:22:39pm

Add inbound rule(s) for a security group ID:

## Delete inbound rule(s) for a security group ID

## List security groups by security group ID

## List inbound rules for a specific security group ID

Thanks to:

How To Use SSL With sysbench To Test MySQL Server

Author: , Posted on Thursday, September 7th, 2023 at 11:02:30am


If sysbench is started with the “–mysql-ssl=on” option, it looks in the current directory for the following files:


Locate the current MySQL database certificates, usually in /var/lib/mysql, and make sure that the OS user running sysbench is able to read the following 3 files:

Next, cd to the OS user’s home directory and create symbolic links as follows:

Finally, create a simple wrapper to ensure proper location and adding --mysql-ssl=on to sysbench command, for example:

How To Upgrade MySQL to 8.0 on CentOS/AWS Linux

Author: , Posted on Thursday, August 31st, 2023 at 11:02:51am

START: Server version: 5.7.43-log MySQL Community Server (GPL)
FINISH: Server version: 8.0.34-log MySQL Community Server (GPL)

Check and veify your my.cnf ssl entries if you see the following error in the /var/log/mysqld.log file at startup:

How To Save iptables To Disk On Amazon Linux 2

Author: , Posted on Friday, July 21st, 2023 at 9:38:26am

I wanted to save the iptables list to disk, but got an error when I tried:

# service iptables save
The service command supports only basic LSB actions (start, stop, restart, try-restart, reload, force-reload, status). For other actions, please try to use systemctl.

The solution was to install the iptables-services package:

# yum install iptables-services -y
iptables-services.x86_64 0:1.8.4-10.amzn2.1.2


I was then able to save properly:

root@inbound2:/var/log # service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]

How To Fix Error “Wrong Fs Type, Bad Option, Bad Superblock” When Mounting a Filesystem

Author: , Posted on Friday, June 23rd, 2023 at 4:43:39pm

When trying to mount can XFS filestsen on an AWS instance, I got the error “mount: wrong fs type, bad option, bad superblock on /dev/sdh”

Examine the volume’s UUID with the xfs_db command:

shell> sudo xfs_db -c uuid /dev/nvme2n1

To fix the problem, you have two options…

Temporary Solution

Add nouuid mount option to temporarily ignore the duplicate validation:

shell> sudo mount -t xfs -o nouuid /dev/nvme2n1 /volumes/tmp

Permanent Solution

The xfs_admin command can permanently adjust the UUID for the volume:

How To Fix Error “Cannot open access to console, the root account is locked”

Author: , Posted on Friday, June 23rd, 2023 at 4:31:14pm

When trying to access the serial console on AWS, I got the following error:
Cannot open access to console, the root account is locked

Since I had edited /etc/fstab, the host would not boot.

The only way to fix this problem is to unmount the root volume from the affected instance, mount it on another node, edit the stab file, and reverse the process., ending up with that volume re-attached as root on the problem node

How To Fix Mouse Scrolls the Command Line History Instead of the Window Buffer in Terminal

Author: , Posted on Tuesday, May 23rd, 2023 at 8:23:49am

In the macOS Terminal, my mouse scroll wheel would magically start scrolling the command line history instead of the window buffer scroll bar on the right to show window history.

This happened when an SSH session was disconnected or timed out.

The fix is to run the reset command.

How To Enable SSH Login From OS X Yosemite 10.10.5 to macOS Ventura 13.3.1

Author: , Posted on Friday, May 19th, 2023 at 10:37:58am

I was unable to login from my old iMac running Yosemite to my new iMac running Ventura using RSA keys.

It turns out that RSA key support was disabled in Ventura.

To correct the problem, I added the following two lines to the bottom of /etc/ssh/sshd_config:

How To Fix SSH Permission Denied From macOS Ventura To Amazon Linux

Author: , Posted on Tuesday, May 9th, 2023 at 9:55:13am

I have been using RSA SSH keys forever to login to my various AWS EC2 instances.

With macOS Ventura 13.3.1 ssh failed with the “Permission Denied” error. Using ssh -vvv, I saw that the RSA key was now being rejected.

After much research, I decided to implement new keys on the client (Ventura) side using ed25519, like this:

I then placed the new contents into the ~/.ssh/authorized_keys files on the target nodes, and everything started working!