CentOS 7 and WebTrees 1.7x

So I finally started getting the new web server up and running with CentOS 7. First step once running was to install a LAMP configuration (php7.1) and to get WebTrees running. Rather than hang WebTrees directly off /var/www/html/webtrees or similar, I chose to place it at /var/www/wt. I basically unzipped it into a working directory in my home folder so I could examine it and then copied the entire folder to my target location.

I ran into three large issues that prevented running the application:

  1. Needed to configure the system properly inside apache’s configuration files to ensure the directory is accessible to the webserver process, and also to create an alias that points to the folder.
  2. Once that part was complete, the web process couldn’t write to /var/www/wt/data folder; apache (httpd) runs with a user/group of apache rather than www-data as found on many other debian-based distros.
  3. Even when correct user/group had been applied to all files, still couldn’t write. Finally dawned on me that SELinux is used on CentOS (and many other distros) and requires some additional permissions to be set. I highly recommend that you do not follow the WebTrees setup wizard advice of assigning 777 (world-read/write) permissions as this bypasses many security things. Also, it won’t work anyway without disabling SELinux, which is an even greater security breach. Read on, do some additional research (not specific to WebTrees) and you’ll see it’s not really that hard. I’ll describe as best I can what the various components mean.

1 – Configure folder access (since it’s not located under /var/www/html)

I normally add this right after the last <Directory> tag found in /etc/httpd/conf/httpd.conf, which for a default installation will probably be your normal /var/www/html access. Please note that this currently does not add SSL as I have the system limited to my local home network. Later, I’ll try to detail how to make this an SSL (https) access instead for additional security.

The Alias directive tells the system that the files found at /var/www/wt should be considered to off /wt on the web server (http://servername/wt). The following Directory entry simply controls whether the files in the directory can be listed, etc.

Alias "/wt" "/var/www/wt"
<Directory "/var/www/wt">
   Options None
   AllowOverride None
   Require all granted

2 – Set correct user/group ownership

This is a relatively simple fix; both 2 and 3 must be done before any noticeable change will occur.

If you use

ls -l /var/www

You’ll see that the default user:group for the wt folder is www-data:www-data. Use the following command to change it to the correct webserver process apache:apache. -R changes everything in the folder not just the folder itself.

sudo chmod -R apache:apache /var/www/wt

3 – Edit SELinux policies to permit proper access control

(Please note that I am definitely not an SELinux expert and have adapted these steps from the description provided by Shane Rainville’s Overview located on http://www.serverlab.ca/tutorials/linux/web-servers-linux/configuring-selinux-policies-for-apache-web-servers/. I highly recommend reviewing this information yourself as I have summarized it to the steps I utilized only.)

I normally login to my web server as a normal user and then use sudo for any commands that require root/admin access. There are many flame wars about what is best for isolated systems, YMMV. If you login as a normal user, prefix all commands with sudo.

Install the core policy utilities:

yum install -y policycoreutils-python

Also install the SELinux troubleshooting (there is a typo on Shane’s list, should be setroubleshoot, not setroubleshooting):

yum install -y setroubleshoot

The two above steps allow you to manage the SELinux policies, view them, etc. Shane’s page illustrates how to list existing policies in place, which is probably handy when combined with grep, but my system printed more than enough to fill up the scroll-back buffer. Knowing how to do it comes in handy later, though, for troubleshooting your typos, etc.

Shane illustrates the need to create several types of process accesses, including content, logs, and cache. However, for WebTrees all that I currently need is the content access. Therefore, I issued the command:

semanage fcontext -a -t http_sys_content_t "/webapps(/.*)?"

to permit the httpd process to access content within the entire /var/www/wt folder and derivatives. Note that the last bit on the end of the command above makes sure all subfolders, files, etc., are covered within that context. Note that double quotes, forward slashes, etc., are all critical to the command.

Next, you need to permit read/write access to the /var/www/wt/data folder and files in order to get past the server check on the setup wizard. In reality, this permits the system to store multimedia files, etc., within the data structure properly. (Note that there was a typo here and the -t was left off Shane’s page, I’ve added it here)

semanage fcontext -a -t httpd_sys_rw_content_t "/webapps/app1/public_html/uploads(/.*)?"

At this point, you should be able to run the setup wizard successfully and get to the MySQL/MariaDB configuration portion to setup the database itself.

One point to make here is that WebTrees places its configuration file (config.inc.php) within the data directory so a command to allow read/write to that file is not required as it is already covered by the previous command. As Shane points out, though, it could be necessary if setting up an application that stores that file in a more traditional location (which could be anywhere, tradition be damned).

Have fun. No guarantees, warranty, etc.


Windows 10 and SQL Server 2016 Installation

If SQL Server 2016 is giving errors when attempting to install on Windows 10 (relating to C runtime, etc.), you might find some Google articles that recommend running SFC /scannow, then when that faults out on a message relating to the service not running, you run:

net start trustedinstaller

or similar, only to find it’s already started. Just reboot your machine. That might be all it takes. I spent 4 hours working on this, consulted logs, tech sites, etc., only to find the only missing component was a reboot for some update or install that didn’t finish. YMMV, but with Windows, rebooting probably can’t hurt. Uptime on Linux: 8 months+ without a reboot. Uptime on Windows: better reboot when you get a chance. Uptime on Mac: could go either way. I run all 3 configuration, not a phanboi of any.

Brother HL-2270DW and NetGear WNDR3400V2

So, moved my printer to a different location in the house and somehow wiped the configuration. Using a MacBook with Sierra, I tried for a couple of hours to get the WPS functionality of the router (which basically sucks as a router) to work with the printer. It was generally an exercise in futility, resulting in some cussing at the dogs and reinforcing the need to get my new Cisco equipment hooked up. The other issue is that the Ethernet port didn’t seem to want to enable, which would probably make it much easier to configure the printer. The solution?

Plug in the Ethernet cable at both ends, do a factory reset on the printer, and the port will enable in DHCP mode initially. It grabbed an IP address from the DHCP server and came online without any problem. A quick login to the printer and I was able to set the desired IP address and just completely disable wireless (the new location was near the router/switch so no need to use wireless). Problem solved in only 2-1/2 hours. What a pain in the back-side. I have a feeling that WPS isn’t all it’s made out to be.

CoCo3 (Tandy / Radio Shack Color Computer 3) and DriveWire 4 with Linux

I picked up a CoCo3 several months ago and had been trying various ways to get it to communicate with DriveWire 4 under Xubuntu (an Ubuntu derivative). Yesterday, I finally had some success.

First, I was lucky in that my CoCo3 included a cassette cable (4-pin round DIN connector and 3 plugs on the other end). This is helpful as I have no diskettes at all for the machine, although I have a total of 5 floppy drives available. Additionally, I ordered an RS-232 Serial cable (round DIN to DB9) which I’m using with a USB-Serial adapter on the Xubuntu end.

When setting up DriveWire 4, simply unzip the archive to its own folder. Make sure you install OpenJDK runtime 8 (9 might also work). You’ll need to change the shell script to executable using chmod +x as well. Finally, add yourself to a group that is permitted to access serial ports. Generally speaking, I add my normal user to dialout, tty, and uucp. I believe, but I’m not certain, that each of these will permit access to the serial port. Once added, you have to log out (not necessarily reboot) and then log in.

Once you’re logged in, start DriveWire 4 and go to the Config -> Simple Config selection. Choose CoCo3 (presumably any of the others would work as well). Make sure your serial adapter is plugged in and select the correct serial port, followed by finished (the defaults are probably okay for starting out).

You now have a chicken-and-egg problem; if you’ll download the DriveWire3 cassette files, etc., from Cloud-9’s web site you’ll then be able to transfer the cassette file (.wav) to the CoCo3 and boot. That will allow you to transfer additional files, images, etc., and if you have the proper hardware can save disks and/or cassettes.

I’m sure I’m leaving out some things but maybe this will help get you off to a good start. Remember, if DriveWire is having trouble finding your RS-232 USB adapter under Linux, it is almost certainly going to be a problem with groups/permissions. If the adapter is found but doesn’t seem to transfer, you probably then have a null-modem vs. terminal issue and need to make sure you are in the correct mode with the correct cable configuration.

Xubuntu 16.10 – Install LinApple (LinApplePie)

I recently installed the LinApplePie version of LinApple in Xubuntu 16.10. In order to compile from source, you’ll need to install the following:

libsdl1.2-dev (for SDL2 development)

libcurl-ocaml-dev (for CURL development)

libzip-dev (for zip file handling)

libsdl-image1.2-dev (for SDL2 images)

It’s possible that other requirements might exist but these seemed to satisfy my system; I always install build-essentials when installing Xubuntu, so if the above doesn’t work you might also give that a try. Remember, you’ll need to use

sudo apt-get install

as regular user accounts won’t work. The final executable (linapple) will be in your src folder so you’ll ultimately need to move it somewhere in the path if you want to run it from arbitrary locations, as well as setting some additional configuration settings to mark the location of MASTER.DSK and/or other files.

LVM Luks Cryptsetup Mount from Alternate Machine or VM

I’ve run into some problems lately as I decided to setup various configurations using encrypted drives, which also includes LVM by default. I accidentally stumbled across an article from 2008 posted on Ubuntu Geek which describes the process. The drive I used for testing was connected via VirtualBox with a USB Cable on a Macbook Pro running El Capitan. The operating system on the VM was Xubuntu 16.04 (an Ubuntu 16.04 derivative) and the original operating system on the encrypted drive was the same.

The link to the original article is: http://www.ubuntugeek.com/rescue-an-encrypted-luks-lvm-volume.html

This tutorial is for people who have encrypted their main volumes of their hard drives using the method offered by the Alternate CD installer.

First you need to Boot into a Live CD environment and open up a terminal window. (applications–>accessories—>terminal)

Install required packages using the following command

sudo apt-get install lvm2 cryptsetup

probe required module using the following command [I didn’t have to do this step]

sudo modprobe dm-crypt

setup the crypto module to recognise the partition

sudo cryptsetup luksOpen /dev/hda5 crypt1

Enter your passphrase. You should get the following message:

key slot 0 unlocked.
Command successful.
If not, something has gone wrong.

Scan for volume groups

sudo vgscan --mknodes

sudo vgchange -ay

[NOTE: You might receive multiple errors at this step about incorrect names, etc. The main take-away from this step is whether it admits to finding a volume.]

REMEMBER the name of the volume group, as you will need it later.

Create a mount point [I simply mounted to /mnt instead]

sudo mkdir /volume

mount the encrypted volume to the mountpoint you just created. [Substitute the volume group name found in place of the paulb-desktop in the next command]

sudo mount /dev/paulb-desktop/root /volume

The volume is mounted, now you can chroot or whatever else you need to do. If you would like to open the gnome file manager for writing to it issue the following command:

sudo nautilus /volume

At this point, hopefully it worked. I wish I’d found these instructions a couple of years ago as I’ve ended up trashing 2 volumes in the process of trying to recover files. Fortunately, I didn’t lose that much but it could have been truly catastrophic, especially had it been a production server.

Dell T7400 and nVidia GT730 audio issues

So, just installed a GT730 or other HDMI-enabled nVidia video card and now your Dell T7400 has lost audio? Messages like “no output device” or “audio not responding”? Well, after 2 hours of useless searching, finally found that the T7400 BIOS allows 3 settings for the onboard audio: OFF, AUTO, and ON. Turns out that if you set the onboard audio to AUTO, it will disable the onboard audio system if another audio system (such as an HDMI video card) is installed. If you wish to keep the built-in audio working, set the onboard audio to ON and then reboot. Windows 8.1 found it this way, others should as well. Once you reboot, you’ll need to open your Playback and Recording from the System Tray and make sure you direct output to the correct device (not nVidia HD audio).

Raspberry Pi Zero, Raspbian Jessie, and WN-250gi WiFi Adapter

So, I bought a Pi Zero right after they came out and have left it languishing on the shelf since as I haven’t had sufficient time to mess with it. However, I recently decided to take a look at some home automation using various IoT concepts and thought this might make a nice little gateway. I ran into several issues getting the device to work, however, for several reasons.

First, I didn’t have a USB hub available to run multiple devices at the same time. With only 1 OTG (on the go) cable available, I was out of luck in that department. (I’m trying to do some gateway / server testing without purchasing new equipment at this point. Second, I don’t have an HDMI TV available, nor do I have any type of adapter to convert to an old-style RCA jack video connection. What I needed was to create the SD card with the image on it, modify the image to support everything, and then remote into it via SSH to run the raspi-config program to configure the rest.

To get the project off the ground, I downloaded the latest image of Raspbian Jessie and installed it on my 64 GB micro-SD card. Note that I’m running Xubuntu 16.04 LTS and the SD card shows up as /dev/mmcblk0. Since DD gives no feedback, I decided to use DCFLDD in its place (which required running sudo apt-get install dcfldd to install the package). The command I used to write the image to the micro-SD card was:

sudo dcfldd bs=1M if=~/Desktop/rasp-jess.img of=/dev/mmcblk0

After this was completed, the number of blocks written was displayed, but it took about 2 minutes to finish emptying the cache and return to the prompt. Be patient, don’t eject the card thinking that it has locked up. Also, make sure before you eject the card it hasn’t been mounted to any locations.

Once the image is written and you’ve ejected the card, re-insert and mount the second partition (probably /dev/mccblk0p2) if it doesn’t automatically mount after 30 seconds or so. From here, you’ll need to edit 4 files to get the image to a useful (headless) state. Not all of these require editing with root rights, but I used sudo for them anyway to avoid error messages.

First, figure out where your card was mounted. Mine was in /media/brian/7f…/, with the 7f being a long 32 character (maybe, I didn’t actually count the characters) string of text. This is where the command line TAB key expansion capability comes in handy.

Use nano or other favorite text editor (remember, sudo may be required) to edit /path_to_partition2/etc/network/interfaces. I wanted to add a static IP address, so my file edited the following section:

auto wlan0 <<=== added this line
allow-hotplug wlan0
iface wlan0 inet static <<=== changed keyword manual to static
address <<=== added the remaining static IP info and wpa
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

At this point, you can save the file. Note that one gotcha may ultimately be that your wireless device doesn’t try to enable as wlan0. In this section and others, you might need to boot the Raspberry Pi Zero, wait for it to boot (90 seconds max usually), plug in the wireless device (mine was a generic type WN-250gi), allow it to boot for 10 to 20 seconds, then shut the Raspberry down and read the syslog file from the SD card. This file will be located in the /path_to_partition2/var/log/syslog location once the card is mounted. Make sure you don’t accidentally read the syslog for your system… Makes you feel kinda dumb for troubleshooting something for 20 minutes only to realize… This file will give you an idea of which interface name is in use but you’ll need to read through it.

Once again, use your favorite sudo’d editor to add the following information to /path_to_partition2/etc/wpa_supplicant/wpa_supplicant.conf. Especially notice that if your SSID is not broadcast you will need to include the scan_ssid=1 line, otherwise omit it.

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev


The country was changed on line 1, then the network entry was added; the other lines were left as found. The SSID is the name of your wifi, scan_ssid=1 is required if SSID is not broadcast, psk is your key (mine is using a 26 character key), and key_mgmt can be something besides WPA-PSK if you have different wireless capabilities. However, you’ll need to look up the changes necessary to make the correct wpa_supplicant.conf entries for WEP or other types of security. Also, this is another place where the syslog file can be your friend. If you’re not getting a connection, you might be missing a firmware file for your wifi adapter. This is usually stated in plain text and will usually give the name of the file needed. Use the Internet to find the correct file, rename it if needed, and use sudo to copy it into /path_to_partition2/lib/firmware.

Now, sudo edit the file /path_to_partition2/etc/resolv.conf to include the name servers that you need. If you have a DNS server on your network (or more than one) you’ll need to include that address; I have both a DNS server and my router to act as DNS servers, so my entries appear as follows:


If there are any other lines and you don’t see a need for them, you can comment them out with a # symbol. As you’re manually editing this card until all errors have been resolved, you can always uncomment if needed.

After those changes, the Pi booted up great and responded to pings in 3 to 6 ms, but absolutely refused to allow an SSH connection to configure the damn thing. Every attempt resulted in a “connection refused” message on port 22. I wasn’t able to find a description of how sshd (the ssh daemon) gets enabled on the Pi other than I needed to run raspi-config on the Pi. The whole point of this exercise is that I can’t connect to the bloody thing to enable ssh. Finally, I sudo edited the file /path_to_partition2/etc/rc.local to include the following 2 lines PRIOR TO exit 0. These lines will cause the sshd server to load and run but it is a temporary solution only and should be removed as soon as you can run raspi-config to enable ssh through the Advanced Options.

insserv ssh <=== this line might not be necessary but I put it in anyway
service ssh start

At this point, go ahead and unmount everything cleanly and boot the Pi with the wifi adapter installed. Give it sufficient time then start pinging. If pings are successful, then attempt an ssh connection using:

ssh pi@ (or whatever your address is)

The password for the user pi is raspberry. You can then change the password once you’re logged in and able to run raspi-config.

If the wifi adapter doesn’t appear to come out (lights are blinking properly) or address doesn’t appear to be properly assigned, load the syslog file from the Pi and examine it carefully. It is really your best source of troubleshooting assistance.

HP Proliant SE1101

Picked up a Proliant SE1101 server this weekend that I plan to use for my home server to replace an aging eMachine that has held up for about 7 years. The server is probably almost the same age but has much more functionality (dual, quad-core Xeon processors, 16 GB RAM, etc). Unit was $50 on Craigslist and is a little beat up on the outside, with 2 drive trays missing and the 1 remaining drive being questionable, but interior is very clean. Will probably get 2 additional drive trays and put several 2 TB drives in the system in a mirrored RAID configuration (unfortunately, the internal RAID is 0,1 only). Also have a Dell PowerEdge R805 coming that will hopefully become a NextCloud server on CentOS 7.

While I’m more comfortable with Xubuntu distro, I believe I’m going to migrate my existing home server from Win 2003 PDC to CentOS and utilize a SAMBA configuration instead. I still need my home users to be able to login on Win 7 through Win 10 (or whatever they want), but I’m tired of maintaining a Windows Server. Then again, I might just keep it on Windows just for practice. Either way, will probably be running on ESXi bare metal with virtual machines. Much easier to maintain.

The system is currently dispersed throughout the house. However, with recent kid departures, we are rearranging and I will be consolidating equipment into one room, with more powerful and reliable Cisco equipment taking the place of other cheap equipment.