How to setup auto renewable free SSL certificate using Lets Encrypt and Nginx on Ubuntu machine

In this tutorial, we are going to set up free SSL auto-renewable Let's Encrypt along with Nginx.

Prerequisites:

Before we start setup, first make sure your domain e.g example.com is pointed to the server's public IP address. You can set up and point this configuration from the dashboard of your domain service provider.

Connect to the remote server:

First SSH into the remote server where we want to set up the SSL.

If you are using a server password to connect, use the following command

sudo ssh server_username@ip_address

Here use your server username and server IP address to connect. For example ubuntu@34.344.56

If you are using a .pem file or other private keys to connect to a server then use the following command

sudo ssh -i path_to_pem_file server_username@ip_address

Install Nginx:

First, let's install Nginx on the server using the following commands.

sudo apt-get update
sudo apt-get install nginx

If nginx got successfully installed, then use the following command to verify.

nginx -v

nginx version: nginx/1.18.0 (Ubuntu)

Or we can verify by checking the status

sudo systemctl status nginx

Setup Nginx Configuration:

Now let's configure the Nginx for our domain. For this navigate to the Nginx directory

cd /etc/nginx/sites-available

Here, if we use the ls command we can see the default file for configuration. We will create a new file for our domain to configure for e.g 360learntocode.com, you can create using your domain name.

sudo vim 360learntocode.com

Now the new empty file is open lets edit and inserts the configuration by entering Shift + i

server {
      server_name 360learntocode.com;

      location / {
        proxy_set_header   X-Forwarded-For $remote_addr;
        proxy_set_header   Host $http_host;
        proxy_pass              http://568.19.34.63:8080;
      }
}

Make sure to replace 360learntocode.com with your domain name and http://568.19.34.63:8080 with your IP address and the port in which your application is running.

Now save the configuration. Enter Esc and type :wq and hit Enter.

Now, symlink this file with the directory “sites-available” in our Nginx for this navigate to sites-available

cd /etc/nginx/sites-enabled/

sudo ln -s /etc/nginx/sites-available/360learntocode.com /etc/nginx/sites-enabled/

To check the Nginx configuration use the following command

sudo nginx -t

We are supposed to see the output as below

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Reload the Nginx to reflect the changes:

sudo systemctl reload nginx

If we try to open our domain, we can see the Nginx 502 Bad Gateway if our application is not running otherwise we will see the running application.

Setup SSL Certificate:

For the SSL certificate, we are using the let's encrypt and certbot client. For more detail check let's Encrypt and Certbot

- Install Certbot client

Use the following commands to install certbot client

sudo apt-get update
 sudo apt-get install python3-certbot-nginx

Now, the certbot is successfully installed on our server. Let's create an SSL certificate for our domain

sudo certbot --nginx -d 360learntocode.com

Note: use your own domain name. Follow the steps asked afterward.

Here are some sample examples screens.

Now, let's reload the Nginx so that our configuration changes will reflect.

sudo systemctl reload nginx

If we load our domain URL then it will open over HTTPS.

If you want to see the overall configuration setup, please open the file that we created previously i.e 360learntocode.com inside /etc/nginx/sites-available/, there we can see all the setup done. The sample file looks like as below.

server {
      server_name 360learntocode.com;

      location / {
        proxy_set_header   X-Forwarded-For $remote_addr;
        proxy_set_header   Host $http_host;
        proxy_pass              http://568.19.34.63:8080;
      }


    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/360learntocode.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/360learntocode.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    if ($host = 360learntocode.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


      server_name 360learntocode.com;
    listen 80;
    return 404; # managed by Certbot


}

Here, the auto-renew script is managed by certbot client so we don't have to worry about the SSL expiration. To verify the auto-renew scripts navigate to the script file.

cd /etc/cron.d/
sudo vi certbot

In the certbot file, we can see the auto-renew script as below added by cerbot client

0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew

Thanks for following the tutorial, Happy coding !!

Read More

Install Docker on Ubuntu 20.04

In this tutorial, we will learn how to install docker on Ubuntu Linux.

Install docker using the repository:

For this, first set up the repository. Use the following command.

sudo apt-get update

sudo apt-get install \
    ca-certificates \
    curl \
    gnupg \
    lsb-release

Now, add docker's GPG key

sudo mkdir -p /etc/apt/keyrings

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg

Now give the sufficient permission

sudo chmod a+r /etc/apt/keyrings/docker.gpg

In order to set up the repository, use the following command

echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
  $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

Now for installing Docker use the following command, which will install the latest docker.

sudo apt-get update & sudo apt-get install docker-ce docker-ce-cli containerd.io docker-compose-plugin

Install Docker using .deb package:

If we might have a problem with installing the docker with the above or wants to install a specific version of the docker then using .deb package is a good solution.

Download the desired version of .deb from here

In order to test the ubuntu version use the following command

lsb_release -a

we can get the output as below

No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 20.04.3 LTS
Release:	20.04
Codename:	focal

Here, the codename is focal so We chose the same as above. Then browse to pool/stable/, choose amd64, armhf, arm64, or s390x, and download the .deb file

In order to test the CPU available use the following command

lscpu

Go to the download folder and execute the deb package using the following command

sudo dpkg -i docker-ce-cli_18.09.0_3-0_ubuntu-bionic_amd64.deb

Note: make sure to use your own version of the .deb package. Now start the docker

Now, we successfully install docker.

Check the Docker Version:

docker --version

Uninstall Docker:

Uninstall docker, CLI, Containerd, and Docker Compose packages using the following command

sudo apt-get purge docker-ce docker-ce-cli containerd.io docker-compose-plugin

Now, delete all images, containers, and volumes

sudo rm -rf /var/lib/docker
 sudo rm -rf /var/lib/containerd

Read More

Install OpenCv in Linux/Ubuntu for Java Application.

Table Of Contents

• - Introduction
• - Download OpenCV
  
• - Build OpenCV
• - Run Sample Example

1. Introduction:

In this blog post, we are going to install and set up OpenCV in ubuntu os for the java applications. OpenCV is a widely used great computer vision library. You can learn more about the OpenCV tutorial from here. For documentation, you can follow here. We will also cover some tutorials for Java bindings too.

 

2. Download OpenCV:

You can download OpenCV from the public Github repository of OpenCV or from their official website from here.  Select the desired version and click "Sources", which will download the zip file. Unzip the file.

unzip opencv-4.3.0.zip

 

3. Build OpenCV:

In order to build OpenCV, go to the OpenCV path in my case it's under "/opt/opencv-4.3.0" so I will use the same.

Create a directory to build.

mkdir build
  cd build

Now, if you don't have installed cmake software please install it using the below command

sudo apt-get  install cmake

Next, is to generate and configure with cmake for building executables in our system.

cmake -DBUILD_SHARED_LIBS=OFF ..

Note: When OpenCV is built as a set of static libraries (-DBUILD_SHARED_LIBS=OFF option) the Java bindings dynamic library is all-sufficient, i.e. doesn’t depend on other OpenCV libs, but includes all the OpenCV code inside. 

Make sure the output of the above command looks like below:

If it doesn't find the ant and java then you may get the following output: 

Java:
   ant:                         NO
   JNI:                         NO
   Java tests:                 YES

For this, install and setup your java and install ant

sudo apt install openjdk-8-jdk
sudo apt-get install ant

If you are still getting ant as NO then try the following command to install ant

sudo snap install ant --classic

Now start the build

make -j4

Note: Be careful not to run out of memory during the build. We need 4GB of memory per core. For example, if we compile with 4 cores (e.g. make -j4) we need a machine with at least 16GB of RAM.

The output look likes this and it will take some time.

If everything is fine, you successfully build OpenCV. Make sure the following files are packaged in the corresponding directory.

/opt/opencv-4.3.0/build/lib/libopencv_java430.so
/opt/opencv-4.3.0/build/bin/opencv-430.jar

The path of those files is created according to your OpenCV version and directory. You need to make sure the so and jar file must be created. This jar file contains the java wrapper code which we will used in the sample example.

 

4. Run Sample Example:

Now we are going to add the compiled jar file in our project library.

For IntelliJ Idea:

Go to : File >> Project Structure >> Libraries (under project settings)

you can see the + icon at the top left, to add a new project library click on it, and select java and add the path of previously created jar file i.e opencv-430.jar. 

It's time to run a sample test example.

import org.opencv.core.CvType;
import org.opencv.core.Mat;

public class SampleTest {

    public static void main(String[] args) {
        System.load("/opt/opencv-4.3.0/build/lib/libopencv_java430.so");
        Mat mat = Mat.eye(3, 3, CvType.CV_8UC1);
        System.out.println("mat = " + mat.dump());
    }
}

Make sure that you loaded your corresponding .so file.

Output:

mat = [  1,   0,   0;
   0,   1,   0;
   0,   0,   1]

For those who are running OpenCV in an existing project, you can set up with Gradle project as below:

For Gradle:

Copy the jar file in your project directory package for e.g "libs" and add following inside dependencies in build.gradle file.

dependencies {
//other dependencies

compile fileTree(dir: 'libs', include: '*.jar')
}

Read More

Tunnel local server to the public internet with https using Ngrok.

How to tunnel our local server to the public internet with https using Ngrok.

Table Of Contents

• 1. Introduction
  
• 2. Install and setup on windows system
• 3. Install and setup on linux system

1. Introduction:

It seems to be daunting if we need to test our application locally over Https. Generally, when we need to listen webhook from any other service provider, testing applications locally will be difficult. In this tutorial, I will show how to tunnel the local server into the live one using ngrok.

Create an account from ngrok from which we can get tunnel auth token which we will use to get persistent Https URLs even if the outage of the internet until ngrok is running.

2. Install and set up on windows system:

Download ngrok for windows system here and unzip. After that, you will see the ngrok binary file, to run that file double click it. Make sure the path of ngrok, you will see the command prompt as bellow.

Now you are ready to tunnel your local server port. Simply execute the following command.

ngrok.exe http 80

Here, port 80 is the server port running; you need to use the respective port of your running local server like 8080, 8090 etc.

We have successfully tunnel our local server running at port 80. We can see the two forwarding URLs which are accessible publicly. As we can see the session expires in about 8 hrs which means those URLs will be changes every 8 hrs; here we need an auth token to prevent this. Execute the following command.

ngrok.exe authtoken 5AXFH2DjGMu9NFHntjxZf_73wZyVZiKeCxrA1hwZWqX

Use your own auth token from your account instead. You can see the message in the command prompt.

Authtoken saved to configuration file: C:\Users\yourUser/.ngrok2/ngrok.yml

We will use this file to set up for multiple port tunnels. Now again run your local server port you will see the final tunneling URLs without session expires limit.

Now its time to tunnel more than one port if you need it. For this, we are using ngrok.yml config file as below:


ngrok.yml

tunnels:

 backend:

  addr: 8080
  proto: http
  
 frontend:

  addr: 8081
  proto: http

Here, I have running two applications on port 8080 and 8081. Now again run the ngrok.exe file and run the following command to start and tunnel all ports.

ngrok.exe start -all

We have successfully tunnel a multi-port server.

Note: if you get Invalid Host header error while running that URLs, start tunneling port with the following command instead:

ngrok.exe http 8080 -host-header="localhost:8080"

or

ngrok.exe http --host-header=rewrite 8080

For multiport tunnels

tunnels:

 backend:

  addr: 8080
  proto: http
  host_header: "localhost:8080"
  
 frontend:

  addr: 8081
  proto: http
  host_header: "localhost:8081"

3. Install and set up on Linux system:

Download ngrok for the Linux system here. Go to download path and simply right click and extract the file. You will see the ngrok binary file, we need to make it executable so, copy this file to usr/bin directory. 

sudo cp ~/Downloads/ngrok-stable-linux-amd64/ngrok /usr/bin/

Now type ngrok command in the terminal you can see the following output if it is successfully installed.

If it is not installed then go to the ngrok binary file path and open terminal and type command ./ngrok instead of ngrok to run and tunnel your server port.

For the persistent URLs, setup auth token using command:

ngrok authtoken 5AXFH2DjGMu9NFHntjxZf_73wZyVZiKeCxrA1hwZWqX

Use your auth token from your ngrok account, which will configure ngrok config file in your home directory.

Authtoken saved to configuration file: /home/36olearntocode/.ngrok2/ngrok.yml

If you want to tunnel single port then simply run following command and you will see the following output.

ngrok http 80

Use the respective port of your server.  

If you want to tunnel multiple ports then set up ngrok config file as:





ngrok.yml

tunnels:

 backend:

  addr: 8080
  proto: http
  
 frontend:

  addr: 8081
  proto: http

Now again run the command to start:

ngrok start -all

Output:

Note: if you get Invalid Host header error while running that URLs, start tunneling port with the following command instead:

ngrok http 8080 -host-header="localhost:8080"

or

ngrok http --host-header=rewrite 8080

For multiport tunnels

tunnels:

 backend:

  addr: 8080
  proto: http
  host_header: "localhost:8080"
  
 frontend:

  addr: 8081
  proto: http
  host_header: "localhost:8081"

We have successfully tunnel our two port 8080 and 8081 over https.

Read More

How to record GIF on Ubuntu Linux

This is a quick tutorial on how we can record the animated GIF on a Linux Ubuntu machine.

 For this, there is a software called Peek, a simple screen recorder with an easy to use interface

Peek is very easy to create short screencasts of specific screen areas. We can simply place the Peek window over the area where we want to record and start recording.

Although it is optimized for recording and generating animated GIFs, we can also record WebM and MP4 videos too.

Let's look at how we can install it. For this open your terminal and type the following command

For Ubuntu:

sudo add-apt-repository ppa:peek-developers/stable
sudo apt update
sudo apt install peek

Here, we are adding PPA repositories required, while doing so use enter key to allow. Now, after running the above command you can simply open the peek recorder and start recording the GIFs animation.

The sample recording screen looks as below:

For Debian:

sudo apt install peek

For ElementaryOS:

sudo apt install software-properties-common
sudo add-apt-repository ppa:peek-developers/stable
sudo apt update
sudo apt install peek

For Arch Linux:

sudo pacman -S peek

Read More

How to open the Dicom Image in Linux

This is a short tutorial on how we can open and view the Dicom images in Linux operating system.

Here, we will install weasis desktop application to view the Dicom images.

Installation: 

Download the desired weasis installer compatible with your operating system from weasis website. 

For Linux, download the .deb installer. Go to the download folder and open the terminal and execute the .deb file

sudo dpkg -i weasis_3.8.0-1_amd64.deb

Here, weasis_3.8.0-1_amd64.deb is the downloaded file, you can use your own downloaded .deb file.

Now, you are good to go to open the Dicom images. Go to the sample image and select the image and right-click, you can see open with weasis option, select and view the image. Or simply double click on the image which will open the installed weasis application to view the Dicom image.

Key Features: 

• Display all kinds of DICOM files (including multi-frame, enhanced, MPEG-2, MPEG-4, MIME Encapsulation, SR, PR, KOS, AU, RT and ECG)
• Image manipulation (pan, zoom, windowing, presets, rotation, flip, scroll, crosshair, filtering...)
• Viewer for common image formats (TIFF, BMP, GIF, JPEG, PNG, RAS, HDR, and PNM)
• Layouts for comparing series or studies
• Advanced series synchronization options
• Display Presentation States (GSPS) and Key Object Selection
• Create key images (Key Object Selection object) by selection
• Support of Modality LUTs, VOI LUTs, and Presentation LUTs (even non-linear) 
• Support of several screens with different calibration, support of HiDPI (High Dots Per Inch) monitors, full-screen mode
• Multiplanar reconstructions and Maximum Intensity Projection
• Display Structured Reports
• Display and search into all DICOM attributes
• Display cross-lines Measurement and annotation tools
• Region statistics of pixels (Min, Max, Mean, StDev, Skewness, Kurtosis, Entropy)
• Histogram of modality values 
• SUV measurement 
• Save measurements and annotations in DICOM PR or XML file
• Import CD/DVD and local DICOM files 
• Export DICOM with several options (DICOMDIR, ZIP, ISO image file with Weasis, TIFF, JPEG, PNG...)
• Magnifier glass Native and DICOM printing 
• Read DICOM image containing float or double data (Parametric Map)
• DICOM ECG Viewer

Read More

Create a Self-Signed free SSL certificate for Tomcat on CentOS Linux using Let's Encrypt.

How to Install and configure a free SSL/TLS certificate for Tomcat using Let's Encrypt on Centos Linux.

Table Of Contents

• 1. Introduction
  
• 2. Prerequisites
• 3. Install Certbort and create an SSL certificate
• 4. Tomcat configuration for HTTPs
• 5. Renew certificate

1. Introduction:

In this tutorial, we are going to create and set up a free SSL/TLS certificate on the Linux CentOS server. We are using Let's Encrypt for this which provides the free SSL and is valid for 90 days. You can renew it during that time duration. We will show how to renew it too. You can find about Let's Encrypt from here.

This service is used by many people to secure their website worldwide so, it's totally trust-worthy and supported if you can't afford from other paid service provider.

2. prerequisites:

We consider you already have the following setup.

1. Running CentOS server
2. Running tomcat server
3. Domain pointed to the server Ip address

3. Install Certbort and create an SSL certificate:

First, SSH into to the running CentOS server where you want to create your SSL certificate. To create an SSL certificate, we need to first install Certbort on the server so, let's do it. I recommend selecting the desired version from here, which will give the command to install Certbot.

Install Certbot:

yum -y install yum-utils
     yum-config-manager --enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-server-optional 
     sudo yum install certbot

Create a certificate:

If you have already running service which uses port 80 stop it. To obtain an SSL certificate for your domain using a built-in "standalone" webserver type the following command:

sudo certbot certonly --standalone -d example.com

Here, replace the domain name you want to secure instead of example.com 

which will create the following certificate file to the directory:"/etc/letsencrypt/live/example.com/"

cert.pem, chain.pem, fullchain.pem, privkey.pem.

Now, logged in as root user and go to that directory

sudo -i
cd /etc/letsencrypt/live/example.com/

Next step is to convert those certificate PEM file to password-based PFX format so that we can use in tomcat configuration. We can do this by using the OpenSSL command as below.

openssl pkcs12 -export -out bundle.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem -password pass:password

Replace the password with your desired one. It will create a password-protected file bundle.pfx under the same directory "/etc/letsencrypt/live/example.com/" which we need to use in tomcat configuration.

 

4. Tomcat configuration for HTTPs:

Go to your tomcat directory, and backup the server.xml file; as we are going to change the file.

cp conf/server.xml conf/server-copy.xml

Edit the server.xml file.

sudo vi conf/server.xml  // no need to type sudo if you are logged in as root user

You can see the following commented XML tag, which we are going to change:

For Tomcat 7:

For tomcat 8:

Add the following changes near to the above XML tag or you can simply change that XML tag as below.

Here, we are changing port 8443 to 443, keystoreType as "PKCS12", keystoreFile as the path of the pfx file created previously and keystorePass as your password that we used while creating PFX file. 

Change the port 8080 to 80:

Under server.xml you can find the following tag.

change the above XML tag as below:

Here, we are changing the port from 8080 to 80 and 8443 to 443. By doing so, if your domain running with port 8080 i.e example.com:8080, now it will open with port 80 i.e example.com. If you type your domain in the browser then you can run it with both HTTP and https i.e http://example.com and https://example.com.

Save the server.xml file by clicking "Esc" key and type ":wq!" and hit Enter.

As we want to always redirect our domain to https. To do so, open the web.xml file under conf/web.xml.

 

sudo vi conf/web.xml

Click "Shift + G" to go the end of the file and add the below code at the end of the file as below.

<security-constraint>
  <web-resource-collection>
  <web-resource-name>Entire Application</web-resource-name>
   <url-pattern>/*</url-pattern>
 </web-resource-collection>
  <!--auth-constraint goes here if you requre authentication-->
 <user-data-constraint>
 <transport-guarantee>CONFIDENTIAL</transport-guarantee>
 </user-data-constraint>
 </security-constraint>
 

Save the file. This will always redirect to HTTPs.

 

5. Renew certificate:

The certificate is valid for only 90 days so we need to renew before expiry. For this, stop tomcat and type the following command:

sudo certbot renew

sudo -i
cd /etc/letsencrypt/live/example.com/
openssl pkcs12 -export -out bundle.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem -password pass:password

Don't forget to use your existing password. And restart the tomcat server.

Read More