Tim Child

Another awesome clip put together by Ben Dawkins

http://www.bendawkins.pwp.blueyonder.co.uk/ps2_stork.html

Couldn’t find any decent instructions for adding https to an apache2.0.52 server so I thought that I would write my own:

Firstly get down the latest versions of openssl and apache into your src directory (not as root)

wget http://www.openssl.org/source/openssl-0.9.7e.tar.gz
wget http://www.mirror.ac.uk/mirror/ftp.apache.org/httpd/httpd-2.0.52.tar.bz2

First we have to make &install openssl:

tar -xvzf openssl-0.9.7e.tar.gzcd openssl-0.9.7e
./config
make
make test
su -c "make install"

This will have made and install a base version of openssl in /usr/local/ssl You can put the bin subdirectory in your Path statement but as we don’t need it very often there is little point.

Now we get to configure and install apache. Kill the old version of apache that you have (su -c “apachectl stop”) cd to the directory that contains the source file and:

bzip2 -dc httpd-2.0.52.tar.bz2 | tar xf -
cd httpd-2.0.52./configure --enable-layout=Debian --enable-mods-shared=most --with-mpm=prefork --with-ssl=/usr/local/ssl --enable-ssl=static
makesu -c "make install"

So thats installed apache 2.0.52 latest version. It should have also picked up your config file and will run the site normally with no problem, but obviously we want to get https to work which means creating our server certificate.

So lets create (might be easier to do this with superuser):

mkdir /etc/apache2/ssl.key
cd /etc/apache2/ssl.key
/usr/local/ssl/bin/openssl genrsa -des3 -out server.key 1024

It will ask you for a phrase, type something in that you will remember. 1024bits is the recommended for browsers. Then issue the follow command, but when you are asked for “CommonName” put in the name that you will type to view your page in your browser. It doesn’t have to be a domain name, I typed in the IP address of my server with no problems.

openssl req -new -key server.key -out server.csr

So thats got out it, this is normally where we would send off the .csr to verisign or somewhere expensive, but lets self sign ourself by issuing:

openssl x509 -req -days 3650 -set_serial 1 -in server.csr -signkey server.key -out server.crt

And thats created the certificate for us to use. The browser will prompt us because we are not a trusted certificate authority, but that doesn’t matter. All we have to do is make sure the apache config files are setup correctly now.

su -c "vi /etc/apache2/ssl.conf"

The entry for SSLCertificateFile should be:

SSLCertificateFile /etc/apache2/ssl.key/server.crt

and for SSLCertificateKeyFile:

SSLCertificateKeyFibr />

Now just setup the VirtualHost directive replace the existing with:

DocumentRoot "/yourwebserver/root"
ServerName 192.168.0.1:443
ServerAdmin email@email.com

Now save it and issue:

su -c "apachectl startssl"

It will ask you for your passphrase (I am sure that there is a way around this, but for now its good enough for me), it should then startup. If it doesn’t startup and throws up an error about x509 certs, you haven’t compiled the SSL as a static module in Apache. If it can’t find the certificate that means the certificate is not in the place that it thought it would be.

Try it out by connecting with a browser…

Well have been running on some old versions of apps now, so I have taken advantage of this saturday to upgrade PostgreSQL to the latest version: 7.2.6 – version 8 isn’t out yet, but then again this is really good enough for what I want to do with it!. I have also updated the apache on one of my box to the latest 2.0.52 release with OpenSSL support for some future projects on this box. ho hum.

I am saddened to hear that John Peel, one of the most important figures in UK music died today from a heart attack in Peru. He will sadly missed. Read more about it here and leave your tribute: http://www.bbc.co.uk/radio1/news/altnews/041026_john_peel.shtml

Yepp, Halo2 perhaps the most eagerly awaited game of all time has been leaked out onto the Net a month before its 9th November release date. There are different versions going around, but its mostly the european versions. News at IGN has more information here: http://xbox.ign.com/articles/557/557133p1.html aswell as the beeb http://news.bbc.co.uk/1/hi/technology/3743110.stm

Actor Christopher Reeve died last night aged 52.
He will be missed. Read more: http://news.bbc.co.uk/1/hi/entertainment/film/3732310.stm

So what to use to interpolate your photos, well I have been using Genuine Fractals Print Pro for many years now but there are a couple of newcomers on the market, with the surprise being Adobe Photoshop CS. Apparently, and I have yet to test, using “bicubic smoother” option when upsizing will give you excellent results within certain ranges. I wouldn’t use it for downsizing – “bicubic sharpening” being the favoured method still.

I have also tested Extensis pxl smartscale but I didn’t find the results quite as good as Genuine Fractals on almost all subject matter. Its just a pity that Genuine Fractals program is so buggy. Which is why perhaps this new entrant (well new to me), Shortcut PhotoZoom Pro will make some head way. I think the only way to test these products is to do a high quality print but I will see if I can check it out.