PHP

OpenBSD - PHP 8.2

Running PHP on OpenBSD

yes, i know … it’s not rocket science .. but why not make a short post so other (or myself) can have a quick look if needed ?

pkg_info -Q php
pkg_add php--%8.2
pkg_add php-sqlite3--%8.2
pkg_add php-curl--%8.2

Set TimeZone

and allow short open tags

sed -i s'#date.timezone = UTC.*#date.timezone = Europe/Zurich#'  /etc/php-8.2.ini
sed -i s'#short_open_tag = Off.*#short_open_tag = On#'  /etc/php-8.2.ini

Install all Modules

if needed .. does not make sense for me :(

Nextcloud on OpenBSD

Intro

Wanna run your own Nextcloud Server on OpenBSD … ? Give a Try ! It’s quite trivial as you can see. Just fireup an empty machine, assign an Hostname / DNS Record, and follow the Examples below. This Setup is done on the current Version, 6.9. Have Fun !

Inspired by: https://dev.to/nabbisen/nextcloud-on-openbsd-installation-15d6

Packages

install some packages. i use sqlite as db because i don’t expect a lot of users/traffic/files.

$ doas pkg_add nextcloud
quirks-3.633 signed on 2021-09-27T19:58:00Z
Ambiguous: choose package for nextcloud
a 0: <None>
  1: nextcloud-20.0.12
  2: nextcloud-21.0.4
Your choice: 2
Ambiguous: choose dependency for nextcloud-21.0.4:
a 0: php-pdo_mysql-7.4.23
  1: php-pdo_pgsql-7.4.23
  2: php-pdo_sqlite-7.4.23
Your choice: 2
nextcloud-21.0.4:argon2-20190702: ok
nextcloud-21.0.4:libsodium-1.0.18p1: ok
nextcloud-21.0.4:libxml-2.9.10p3: ok
nextcloud-21.0.4:oniguruma-6.9.6: ok
...
nextcloud-21.0.4: ok
Running tags: ok
The following new rcscripts were installed: /etc/rc.d/php74_fpm
See rcctl(8) for details.
New and changed readme(s):
  /usr/local/share/doc/pkg-readmes/femail-chroot
  /usr/local/share/doc/pkg-readmes/nextcloud
  /usr/local/share/doc/pkg-readmes/php-7.4

Preare Chroot

Create some Folders and stuff in the Chrooted Environment

PHP 8.0 on OpenBSD 6.9

OpenBSD 6.9 and PHP 8 is out … Why not give a try ?

list packages

what PHP Packages are available with Version 6.9 ?

root@host # pkg_info -Q php |grep '\-8'
php-8.0.3
php-apache-8.0.3
php-bz2-8.0.3
php-cgi-8.0.3
php-curl-8.0.3
php-dba-8.0.3
php-dbg-8.0.3
php-enchant-8.0.3
php-gd-8.0.3
php-gmp-8.0.3
php-imap-8.0.3
php-intl-8.0.3
php-ldap-8.0.3
php-mysqli-8.0.3
php-odbc-8.0.3
php-pcntl-8.0.3
php-pdo_dblib-8.0.3
php-pdo_mysql-8.0.3
php-pdo_odbc-8.0.3
php-pdo_pgsql-8.0.3
php-pdo_sqlite-8.0.3
php-pgsql-8.0.3
php-pspell-8.0.3
php-shmop-8.0.3
php-snmp-8.0.3
php-soap-8.0.3
php-sqlite3-8.0.3
php-tidy-8.0.3
php-xsl-8.0.3
php-zip-8.0.3

Install and Configure Nginx

add nginx, php8

add webserver, php8 and enable the services

Cheatsheet

IP Commands from @linuxopsys

Curl from @linuxopsys

NMAP from @hackingarticles

5 Years Later, Is Docker Still Delivering ?

Beginner Python CheatSheet NoStarch

Docker CLI Cheat Sheet

Docker Command Cheat Sheet

Visual Studio Code for macOS

Linux Netzplan CT

Ansible Edureka

Windows Events

NMAP

SQL Stuff

Bash Convention and Libraries

Assembler 80186 and higher

HTTP Status Codes

Python Cheatsheet - Olivier La Flamme

Data Wrangling with pandas Cheat Sheet

OWASP Key Management Cheat Sheet

OpenBSD & PHP Stuff 7.4

Install NGINX & PHP

pkg_add nginx php--%7.4
rcctl enable nginx php74_fpm

Edit php.ini

sed -i s'/date.timezone = UTC.*/date.timezone = Europe\/Zurich/'  /etc/php-7.4.ini
sed -i s'/short_open_tag = Off.*/short_open_tag = On/'  /etc/php-7.4.ini

Stop 7.3 & Start 7.4

rcctl stop php73_fpm
rcctl restart nginx php74_fpm

Uninstall PHP 7.3

pkg_del php--%7.3
pkg_del -a

Any Comments ?

sha256: 850d0140d76843ff867fcf764ff3313d19cf8d967c611e180b6a264e7bc274c4

Hugo Forms PHP

Wanna add some simple forms and process the Content with PHP ?

Add RawHTML Template

if not yet done

mkdir layouts/shortcodes/
cat << 'EOF' > layouts/shortcodes/rawhtml.html
<!-- raw html -->
{{.Inner}}
EOF

Create Script

cat << 'EOF' > static/welcome.php
<html>
<body>

Welcome <?php echo $_POST["name"]; ?><br>
Your email address is: <?php echo $_POST["email"]; ?>

</body>
</html>
EOF

Create new Post and add rawhtml

without " " between { and {

hugo new content/post/rawtest.md

vim content/post/rawtest.md

{ {<rawhtml>} }
<form action="/welcome.php" method="post">
Name: <input type="text" name="name"><br>
E-mail: <input type="text" name="email"><br>
<input type="submit">
</form>
{ {</rawhtml>} }

Example

Just a small Form Example

Name:
E-mail:

HugoIO Templates

Custom Template Stuff

mkdir -p layouts/shortcodes

cat << 'EOF' > layouts/shortcodes/date.html
{{ now.Format "2006-01-02 03:04:05" }}
EOF

Insert Code in Template

current date ? { {< date >} }

Result ?

current date ?? 2024-11-19 10:15:09

Add RawHTML

Create Template

cat << 'EOF' > layouts/shortcodes/rawhtml.html
<!-- raw html -->
{{.Inner}}
EOF

Add Code

{ {< rawhtml >} }
  <p class="speshal-fancy-custom">
    This is <strong>raw HTML</strong>, inside Markdown.
  </p>
{ {< /rawhtml >} }

Result ?

This is raw HTML, inside Markdown.

Tweak Nginx Webserver with limited Client Certificate

Install NGINX & PHP

pkg_add nginx php--%7.3
rcctl enable nginx php73_fpm

Edit php.ini

sed -i s'/date.timezone = UTC.*/date.timezone = Europe\/Zurich/'  /etc/php-7.3.ini
sed -i s'/short_open_tag = Off.*/short_open_tag = On/'  /etc/php-7.3.ini

nginx.conf

mkdir /var/log/nginx

cat << 'EOF' > /etc/nginx/nginx.conf
worker_processes  1;

worker_rlimit_nofile 1024;

events {
    worker_connections  800;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    index         index.php index.html index.htm;

    keepalive_timeout  65;

    server_tokens off;

    proxy_cache_valid any 0s;

    log_format  main  '$remote_addr - $ssl_client_serial - [$time_local] - "$request" - $status - $body_bytes_sent';

    map $ssl_client_serial $ssl_access {
      default 0;
      WFuDgzQBZXV740D3 1;   # Hans Muster
      EDugUslEX1Et90WX 0;   # Beat Breu
      2DF3C663741296F5 1;   # Ruedi Ruessel
    }
    #
    # HTTP -> Redirect to HTTPS
    #
    server {
        listen        80;
        server_name   localhost;
        access_log    logs/host.access.log  main;
        return 301    https://$host$request_uri;
    }
    #
    # HTTPS server
    #
    server {
        listen        443 ssl;
        server_name   localhost;
        access_log    /var/log/nginx/puffy205.log main;
        error_log     /var/log/nginx/puffy205-error.log;

        ssl_certificate             /etc/ssl/combo/host.crt;
        ssl_certificate_key         /etc/ssl/combo/host.crt;
        ssl_session_timeout         5m;
        ssl_session_cache           shared:SSL:1m;
        ssl_ciphers                 HIGH:!aNULL:!MD5:!RC4;
        ssl_prefer_server_ciphers   on;

        ssl_client_certificate      /etc/ssl/combo/root.crt;
        ssl_verify_client           optional;

        root                        /var/www/htdocs;

        location / {
          # Block if no Cert
          if ($ssl_client_verify != SUCCESS) {
            return 403;
          }
          # Block if not whitelisted
          if ($ssl_access = 0) {
            return 403;
          }
        }

        location ~ \.php$ {
          try_files      $uri $uri/ =404;
          fastcgi_pass   unix:run/php-fpm.sock;
          fastcgi_index  index.php;
          fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
          fastcgi_param  SSL_CLIENT_SERIAL $ssl_client_serial;
          include        fastcgi_params;
        }
    }
}
EOF

Root Cert, Server Cert

mkdir -p /etc/ssl/combo/
cat << 'EOF' > /etc/ssl/combo/host.crt
-----BEGIN CERTIFICATE-----
MIID6jCCAtKgAwIBAgIIaGXwEvomrIYwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UE
BhMCQ0gxFDASBgNVBAgTC1N3aXR6ZXJsYW5kMQ8wDQYDVQQHEwZadXJpY2gxEjAQ
BgNVBAoTCVN0b2VnZSBBRzEQMA4GA1UEAxMHcm9vdCBDQTAeFw0yMDA0MDIxNTE1
MDBaFw0yMjA2MTExNTE1MDBaMGIxCzAJBgNVBAYTAkNIMRQwEgYDVQQIEwtTd2l0
emVybGFuZDEPMA0GA1UEBxMGWnVyaWNoMRIwEAYDVQQKEwlTdG9lZ2UgQUcxGDAW
BgNVBAMTD3B1ZmZ5MjA1LnBsYW5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAKiWF3qZvvXDPxuwhMHE3WDIQIJvRPKmBQQsEnnn598tD+W7aeSgvnZ3
Oel3n4WRl6syNF3CLPo3EbMy8VgZrCOul8Uvjro9WLZeL7tG5CndRFZu9Erzq2Ic
KodQGxEc3jC3UxFypr4OuUAigrlWi5dRp3dhzP4/xqQ42c1axPoI/YDzIdw5O6WZ
QWZf0YfsAIbbkw3YymLBoZQxyBmhasaU6xBnIAMLuYA6IVqz3QoGHxDr8bij34y5
TRb0575TzTdAtmWhN3GE+xGOJ/KPQ6MZjaA9oz15bMVuVg1uZgUXE5K22kx6eZLk
ejhV4nxnokftPJBZfaC9LbX661B9GTUCAwEAAaOBqzCBqDAMBgNVHRMBAf8EAjAA
MB0GA1UdDgQWBBT9D1+1pNUT3SuAfeptzaeszgUivTALBgNVHQ8EBAMCBeAwEwYD
VR0lBAwwCgYIKwYBBQUHAwEwJAYDVR0RBB0wG4IPcHVmZnkyMDUucGxhbmV0gghw
dWZmeTIwNTARBglghkgBhvhCAQEEBAMCBkAwHgYJYIZIAYb4QgENBBEWD3hjYSBj
ZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAQEAKfRir/cZkKdeoDWV5qN3NNw/
AWNJZjkA6KvFwuXjvMR00/vlaqTuOOBKEU5CtxnHDKhfpkjSnX7ynoJXoAQYkNag
3reSKkFZ1TX1yz/Pf/f8YLbiA3e1hx9E0E5gAENtYB6vkZh5quhRnqsHSJpJP6H6
IYaZLh7w4+RL5qvQmN1tlyKwInrJmY6jsLPhALUDFQewDPJDla/iJ6ivlHsvCtMC
MA/slsJ2iWaHbAIzCXZyBeJHR949zJvja0jJPJHVDknsKypO9WEeMclaSoY1AfVI
dGg5W8ahwxuwX2e3ygbORoG0R1Qoeqdp8+VRvOpxM4R97NPtkEq/XPgrtWnoyQ==
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAqJYXepm+9cM/G7CEwcTdYMhAgm9E8qYFBCwSeefn3y0P5btp
...
AsoXCZvnbPzWsP8M2JokEngD0201NZN8/aBuDi0+aF1b3xA1vtKumdM=
-----END RSA PRIVATE KEY-----
EOF
chmod 440 /etc/ssl/combo/host.crt

cat << 'EOF' > /etc/ssl/combo/root.crt
-----BEGIN CERTIFICATE-----
MIIDqDCCApCgAwIBAgIIe1F3tBzaragwDQYJKoZIhvcNAQEMBQAwWjELMAkGA1UE
BhMCQ0gxFDASBgNVBAgTC1N3aXR6ZXJsYW5kMQ8wDQYDVQQHEwZadXJpY2gxEjAQ
BgNVBAoTCVN0b2VnZSBBRzEQMA4GA1UEAxMHcm9vdCBDQTAeFw0xOTA2MDUyMDA0
MDBaFw0yOTA2MDUyMDA0MDBaMFoxCzAJBgNVBAYTAkNIMRQwEgYDVQQIEwtTd2l0
emVybGFuZDEPMA0GA1UEBxMGWnVyaWNoMRIwEAYDVQQKEwlTdG9lZ2UgQUcxEDAO
BgNVBAMTB3Jvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8
kBixlR0b3tE7Db6CuFTYeKdSGbnLx2Df8zir0ueFlv6JX5rLgbWbb5rMnWOH1O1N
AmCbuh0CrXD1evl1Glyf3hmumIvW4GVfWcQNvBsq1iUfoJn24qGnTu502xX1Gv5F
TCOxq2HqdLEwsktl2Pn76/49quj1PlBSSpYLWBsvqj1NkNIXgMzUjBURF+fEtRby
SE5RLbw+fubAw1e9K3Xu5VLgItno3g9t2B4MKTApsCZsOR288kedrAUxFhyB2pD/
6L9sbyM1h5r+EMjAzyeTeUKtXXqC+AyLthkw3eB58UY/QxpoNiggQY+5yd57yzxK
Ox1QHh+kj2+8eK5b3+pFAgMBAAGjcjBwMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O
BBYEFG8FFqfTRx/lTT0qfF/tEknHS7LSMAsGA1UdDwQEAwIBBjARBglghkgBhvhC
AQEEBAMCAAcwHgYJYIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTANBgkqhkiG
9w0BAQwFAAOCAQEATzFY8H0EX+yFWEgRtGNciIp0WsQ53cjRnNxdkDsW+W2gB+cs
QdS2LBoWts5jLHXrZstJAoy1qyEhqyYvXFMf4SsfKsrXfli7fgod5figyVjhmz41
6v/Ss668kyjWOYkY3CYqPTJolxDuIpMIq/AMGurlcf6oTDdP/FPs4nvdGed16Qjp
849n7r+ugQKrbDC4VpDXcZECXlQjI3QgUeXKqly0LXcwqFXqC3+m1O6YTwyIFrLy
8ZyWjAKN4NdKd88eiczvEj3uQVXhqkbmiEyp3q5jsXcQLzblJ0aCABqppvGLgASq
Z9QeBLjqhJ3DIcgKcHqJsox+xKrDLtIvgYmaOg==
-----END CERTIFICATE-----
EOF
chmod 440 /etc/ssl/combo/root.crt

index.php

cat << 'EOF' > /var/www/htdocs/index.php
Hi <?
  $array = [
    "WFuDgzQBZXV740D3" => "Hans Muster",
    "EDugUslEX1Et90WX" => "Beat Breu",
    "2DF3C663741296F5" => "Ruedi Ruessel"
  ];
  echo $array[$_SERVER['SSL_CLIENT_SERIAL']];
?>, your Certificat Serial Number is
<?
  echo $_SERVER['SSL_CLIENT_SERIAL'];
?>
EOF

Start all stuff

rcctl restart nginx php73_fpm

Open Webpage:

puffy205

Librenms on Debian 10.3

How to Install LibreNMS on Debian

https://docs.librenms.org/Installation/Installation-Ubuntu-1804-Apache/

Packages

apt-get install acl apache2 borgbackup curl fping hping3 htop ipcalc jq lftp lynx mlocate mtr nmap pwgen rsync sipcalc tmate tree tshark unzip vim vnstat wget zip curl apache2 composer fping git graphviz imagemagick python-memcache python-mysqldb rrdtool snmp snmpd whois mariadb-client mariadb-server mtr-tiny nmap libapache2-mod-php7.3

apt-get install php7.3-cli php7.3-curl php7.3-gd php7.3-json php7.3-mbstring php7.3-mysql php7.3-snmp php7.3-xml php7.3-zip

add User

useradd librenms -d /opt/librenms -M -r
usermod -a -G librenms www-data

get Git

cd /opt
git clone https://github.com/librenms/librenms.git

set Permission

chown -R librenms:librenms /opt/librenms
chmod 770 /opt/librenms
setfacl -d -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/
setfacl -R -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/

add Dependencis

su - librenms
./scripts/composer_wrapper.php install --no-dev
exit

Configure MySQL

systemctl restart mysql
mysql -uroot -p

CREATE DATABASE librenms CHARACTER SET utf8 COLLATE utf8_unicode_ci;
CREATE USER 'librenms'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON librenms.* TO 'librenms'@'localhost';
FLUSH PRIVILEGES;
exit

MySQL Conf

vi /etc/mysql/mariadb.conf.d/50-server.cnf

Within the [mysqld] section please add:
innodb_file_per_table=1
lower_case_table_names=0

systemctl restart mysql

PHP Ini

vi /etc/php/7.3/apache2/php.ini
[Date]
date.timezone = Europe/Zurich

vi /etc/php/7.3/cli/php.ini
[Date]
date.timezone = Europe/Zurich

Update Apache

a2enmod php7.3
a2dismod mpm_event
a2enmod mpm_prefork

Configure Apache

cat << EOF > /etc/apache2/sites-available/librenms.conf
<VirtualHost *:80>
  DocumentRoot /opt/librenms/html/
  ServerName  host211.planet

  AllowEncodedSlashes NoDecode
  <Directory "/opt/librenms/html/">
    Require all granted
    AllowOverride All
    Options FollowSymLinks MultiViews
  </Directory>
</VirtualHost>
EOF

Enable Site librenms.conf

a2ensite librenms.conf
a2enmod rewrite
systemctl restart apache2

SNMP

cp /opt/librenms/snmpd.conf.example /etc/snmp/snmpd.conf
vi /etc/snmp/snmpd.conf

curl -o /usr/bin/distro https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distro
chmod +x /usr/bin/distro
systemctl restart snmpd

Crontab

cp /opt/librenms/librenms.nonroot.cron /etc/cron.d/librenms

Logrotate

cp /opt/librenms/misc/librenms.logrotate /etc/logrotate.d/librenms

Configure Web

http://host211.planet/install.php

Fix Permission

chown librenms:librenms /opt/librenms/config.php

Any Comments ?

sha256: 9f39db52f8279c0fbb2f3072bc1da003c2334bb210d5aef9a3878e7ff55fbd13