FS_METHOD forces the filesystem method. It should only be “direct”, “ssh2”, “ftpext”, or “ftpsockets”. Generally, You should only change this if you are experiencing update problems, If you change it, and it doesnt help change it back/remove it, Under most circumstances, setting it to ‘ftpsockets’ will work if the automatically chosen method does not.
(Primary Preference) “direct” forces it to use Direct File I/O requests from within PHP, this is fraught with opening up security issues on poorly configured hosts, This is chosen automatically when appropriate.
(Secondary Preference) “ssh2” is to force the usage of the SSH PHP Extension if installed
(3rd Preference) “ftpext” is to force the usage of the FTP PHP Extension for FTP Access, and finally
(4th Preference) “ftpsockets” utilises the PHP Sockets Class for FTP Access.
Author: erics, Posted on Monday, February 5th, 2024 at 4:10:35pm
shell> vimdiff file1 file2
~OR~
shell> vim file1 file2
Create a vertical split window: Control-w v
Enable visual diff on the left side: :diffthis
Move the cursor to the right side buffer: Control-w Right-arrow
Enable visual diff on the left side: :diffthis
You should now see the differences highlighted on both sides.
Author: erics, Posted on Thursday, September 14th, 2023 at 6:26:30am
Summary
In this blog we explore how to use certificates from Let’s Encrypt to secure self-hosted Bamboo and Crucible.
Process To Follow
Install Certbot
Ensure that external DNS resolves to the correct IP address ping example.yourdomain.com
Ensure that Port 80 is open from the outside to that IP address so that Let’s Encrypt can validate the domain
Ensure nothing is listening on Port 80 netstat -pan | grep 80 | grep LISTEN | wc -l
Generate the new certificate via Let’s Encrypt
Create the new Java keystore for use with Bamboo and Crucible
Copy the new keystore into place and set ownership and permissions
Restart the services
Test
Install Certbot
You must first install Python >= 3
I like using pip to install certbot, but urge you to use any method that is the easiest and most familiar: https://certbot.eff.org/instructions?ws=other&os=pip
Run certbot help to confirm that it has been installed properly
Generate the Let’s Encrypt Certificate
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
shell>sudo-i
shell# touch ~/ssl
shell# chmod 755 ~/ssl
shell# cat >> ~/ssl <<EOF
#!/bin/sh
certbot certonly\
--standalone\
--renew-by-default\
--agree-tos\
-v\
--debug\
--email admin@yourdomain.com\
-dexample.yourdomain.com
EOF
OPEN Port80on your firewall now.
shell# ~/ssl
CLOSE Port80on your firewall now.
shell# ls -l /etc/letsencrypt/live/example.yourdomain.com/
The JKS keystore usesaproprietary format.It isrecommended tomigrate toPKCS12 which isan industry standard format using"keytool -importkeystore -srckeystore bamboo.jks -destkeystore bamboo.jks -deststoretype pkcs12".
Copy The Java Keystore Into Place
This step will copy the new keystore (bamboo.jks)into place for both bamboo and Crucible as ~/.keystore for each user. Ownership and permissions must also be set.
1
2
3
4
5
6
7
8
9
10
11
shell>sudo-i
BAMBOO STEPS
shell# cp example.jks ~bamboo/.keystore
shell# chown bamboo ~bamboo/.keystore
shell# chmod 664 ~bamboo/.keystore
CRUCIBLE STEPS
shell# cp example.jks ~crucible/.keystore
shell# chown crucible ~crucible/.keystore
shell# chmod 664 ~crucible/.keystore
Restart Bamboo and Crucible
This step will restart the processes, so they read in the new certificate.
1
2
3
4
5
6
7
8
9
10
11
shell>sudo-i
BAMBOO STEPS
shell# su - bamboo -c ./current/bin/stop-bamboo.sh
shell# su - bamboo -c ./current/bin/start-bamboo.sh
Author: erics, Posted on Thursday, September 7th, 2023 at 11:02:30am
SUMMARY
If sysbench is started with the “–mysql-ssl=on” option, it looks in the current directory for the following files:
1
2
3
client-cert.pem
client-key.pem
cacert.pem(note no dash)
PROCEDURE
Locate the current MySQL database certificates, usually in /var/lib/mysql, and make sure that the OS user running sysbench is able to read the following 3 files:
1
2
3
ca.pem
client-cert.pem
client-key.pem
Next, cd to the OS user’s home directory and create symbolic links as follows:
1
2
3
4
5
export DIR=/var/lib/mysql
cd
ln-s${DIR}/ca.pem cacert.pem
ln-s${DIR}/client-cert.pem
ln-s${DIR}/client-key.pem
Finally, create a simple wrapper to ensure proper location and adding --mysql-ssl=on to sysbench command, for example: