Archive for November, 2013

Change Internet Explorer to open in tabs / Force IE Open Links in new tab

Thursday, November 28th, 2013

Internet-explorer multiple opened windows annoying behaviour fix howto picture

If you have to work on MS Windows 7 / 8 with Internet Explorer for the reason websites you're forced to work are only properly working under IE. This is common in big companies like my employer Hewlett Packard or IBM for instance. You certainly have been annoyed by default Internet Explorer 7 / Internet Explorer 8 or EI 9 behaviour to open each new link in separate Windows. By default normal browsers like Opera, Firefox and Google Chrome does not behave in such irritating ways but open each new link in separate tab. If you're like me used to work most of your life with Firefox, this IE behavior can quickly drive you "crazy" so you will look for fastly to change that abnormal browser actions. What makes things with default IE behavior even more messy is the fact that there are sites which automatically open in Separate tab (for they were javascripted) to do so and ones that open in new Window making the whole browsing experience a "pure windows hell".

Thanks God IE new window page popups can be easily changed

1. Open Internet Explorer and Click on
-> Internet Options

Internet explorer Internet options menu screenshot
(Note: if your version of Internet Explorer is hiding menus press Alt key to make it visualize menus)

In General (tab) select on (Change how webpage is displayed in Tabs) Settings

Internet Explorer internet options change webpage displayed in tabs settings screenshot

3.  Under field When a popup is encountered: Choose radio button of ( Always Open Pop-ups in new tab )

Internet explorer tabbed browser settings Microsoft Windows 8 screenshot

After Apply and OK press finally Pages will start opening in a "human readable" way 🙂 in new Tabs. Hope this hint helps someone. Enjoy 🙂

Cross Cultural Communication: What is Low Contextual Culture and High Contextual Culture ?

Tuesday, November 26th, 2013

As part of my assigned training in Hewlett Packard today in the field of Cross Cultural Communication, I've learned that according to modern research on different cultures. Nations and people belonging to them can be grouped generally in 2 major groups people / nations with Low Contextual Culture and people with High Contextual Culture. Its quite interesting to know this concept as it can explain plenty of clashes between civilizations and why some people from certain nation gets obsessed with Chineese, Japanese and generally Asian Cultures, where some gets obsessed with Western / American Culture – Civilization. This concepts catched my attention and I decided to blog on that because I myself hold deep interest in Anthropology and this concepts can give some scientific explanation on why certain people belonging to a nation behave the way they do? Dual Conceptual Culture concept idea was introduced by antrophologist Edward T. Hall in a book Beyond Culture dating from year 1976. What this theory stands for is that nation cultures can be divided by two general groups. One that are more definitive and express themselves right to the point being descriptive and direct where verbal communication mostly matters – (Low Conceptual Cultures) and 2. Cultures which are more easy going not so strict with a lot of non-verbal communication (so called kind cultuers) – where things like pride, dignity and respect are much higher than in Low Conceptual Cultuers.
Where this two cultures has to communicate / negotiate often as a consequence for a difference big culture problems occurs thus it is useful that one is aware of existence of both types of culture and having to communicate with International people (especially in Field of International Business deals), one keeps always in mind to try to communicate in Low or High contextual cultures waves based on people with whom communicating.

Its interesting word emphasis and "deepness" meaning differs between two, in High Contextual Cultures more can be said by less words, where in Low Contextual Cultures words said meaning is not so strong and communication is much more casual just like for instance in (American Movies). Of course cultures exist which are mixture of Lower and High Contextuality and with modern life globalization the merit between two starts to disappear and well known High Contextual Cultures like Asians start to become more Low Contextual, where Low Conceptual ones like Americans start to become more High Conceptual as result of encountering High Conceptual ones. However in general because the fact that Western World Cultures still are richer and more business developed, the influence fo Low Contextual ones to Higher Contextual ones is higher than the other way around. Of course both concepts strongly can vary on various individuals part of certain nations, where some Asians might be more Higher Contextual influenced as a result with encountering and interested more in Western Civilization and on other hand Western People can be more influenced by Asian Cultures for their internal set to be more Asian by nature (I myself am a good example for that).

It is typical that Higher Conceptual Cultures by nature are more relational, collectivist, intuitive, and contemplative, where Low Conceptual ones are more individualistic and logic driven.

nations-of-low-and-high-contextual-cultures basic anthropology

An examples of Nations which are more Lower Conceptual are;
British, Canadian, Australian, Finnish, Dutch, German, Hebrews, New Zealand, Scandinavians, Swiss, Americans (not including Southern United States) etc.

Main Nations who might be categorized as High Conceptual Categories are;

Japanese, Southern Americans, Spanish, African, Arab, Brazilian, Chineese, French, Greek, Hungarian, Bulgarian, Indian, Indonesian, Irish, South Slavic nations, Thai, Turkish, Viatnamese, Persian, Nepali, Koreans

low high contextual cultures curve by country flags

Its interesting fact that High Contextual Culture is more to be seen in cultures with less ratial diversity. Cultures more rich in tradition and history are also usually more Higher Contextual Cultures.

low high contextual culture nations and profession fields of expertise

Lower and Higher Culture is highly used in modern marketing and thus are must have skills for anyone who wants to enter International Business field. According to modern business theories there is connection between Low / High Contextual Cultures and fields of expertise. In my view according to Contextual 2 types Spirituality in general is filling up more into cultures with High Contextual Cultures than in Low. Knowing and identifying type of Contextual Culture of person is very helpful for example when you have to give presentation in audiences in countries around the world. Identifying the audience can help you to present in a way so audience is not offended by presentation. There is plenty of real life examples where knowing of Low and High Contextual Culture existence gives you big advantage if you work for some big company like IBM, Hewlett Packard or Comverse in multi-national environment knowing your colleagues culture is vital to build good colleague relations and work succesfully in teams.


Web and Middleware JBoss Training at Hewlett Packard – Intro to JBoss JAVA application server

Thursday, November 21st, 2013

jboss application server logo- serve java servlet pages on Linux and Windows

I and my TEAM Web and Middleware Implementation Team @Hewlett Packard are assigned an online training to follow on topic of JBoss Application server.It is my first online training of this kind where a number of people are streamed a video from a trainer who explains in real time concepts of JBossA Community Drive open source middleware (Application Server), since some time JBoss is known under a new name (WildFly).

Wildfly new name of jboss application java servlet server

In short what is JBoss? – It is an application server similar to Apache Tomcat  -an open source software implementation of the Java Servlet and JavaServer Pages technologies.

Apache Tomcat java servlet application server logo

In case you wonder about what is Middleware it is a buzzword well established in Corporate world referring to all kind of servers in the middle between Servers on pure OS and hardware Level and end client. Middleware includes all kind of Web and Application servers like Apache, JBoss, Tomcat, Adobe's WebLogic Webserver, IBM WebSphere application server etc..

What this means is JBOSS is very similar to Tomcat but it is designed to run interpret through (Java Virtual Machine), higher scale of Java Applications and then return content to a a web browser. In other words if you need to have a Webserver with support for Java VM. JBoss is one of the open source technologies available which can be a substitute for Tomcat. In Fact Jboss itself started as a fork of Tomcat and n owadays, Jboss has an implementation of Tomcat embedded into itself. Jboss is mainly developed and supported by Redhat. It has 3 major releases used in IT Companies. Jboss 5, JBoss 6 and JBoss 7. In most production server systems running some kind of Java servlets currently still Jboss ver. 5 and Jboss v. 6 is used. Just like Tomcat, the server is messy in its structure. But if we have to compare Tomcat with Jboss then JBoss is at least 100 times more messy and hard to configure tune than Tomcat. Actually after getting to know JBoss 6 I would not advice anyone to use this Application server. Its too complex and all configuration and performance tuning is done through hundred of XML so it is like a hell for the usual System Administrator who likes clearness and simplicity. JBoss has a Web configuration interface which in version 7 is a bit advanced and easier to configure and get to know the server compared to previous versions. But same web interface for older releases is lousy and not nice. Just like Tomcat, JBoss supports clustering, here is full list of all features it supports:

  • Full clustering support for both traditional J2EE applications and EJB 3.0 POJO applications
  • Automatic discovery. Nodes in cluster find each other with no additional configuration.
  • Cluster-wide replicated JNDI context
  • Failover and load-balancing for JNDI, RMI and all EJB types
  • Stateful Session Bean state replication
  • HTTP Session replication
  • High Availability JMS
  • Farming. Distributed deployment of JBoss components. Deploying on one node deploys on all nodes.

Looks like JBoss is among the few Application Servers supporting deployment of Java JSP, WAR Archive files, SAR Archives, JMS (Java Message Service), JNDI (Java Naming and Directory Interface). Jboss supports load balancing between clustered nodes, supports SOAP, Java servlet faces and Java MQ (Messaging Queue). JBoss can be installed on GNU / Linux, FreeBSD and Windows. So far from what I've learned for JBOSS I prefer not to use it and don't recommend this Application server to anyone. Its too complex and doesn't worth the effort to learn. Proprietary products like WebLogic and Webspehere are in light years better.

How to make SSH tunnel with PuTTY terminal client

Monday, November 18th, 2013

Create-how to make ssh tunnel with Putty on microsoft windows Vista / 7 XP / 2000
Earlier I blogged how to create SSH tunnels on Linux. Another interesting thing is how to make SSH tunnels on Windows. This can be done with multiple SSH clients but probably quickest and most standard way is to do create SSH tunnel with Putty. So why would one want to make SSH tunnel to a Windows host? Lets say your remote server has a port filtered to the Internet but available to a local network to which you don't have direct access, the only way to access the port in question then is to create SSH tunnel between your computer and remote machine on some locally binded port (lets say you need to access port 80 on remote host and you will access it through localhost tunneled through 8080). Very common scenario where tunneling comes handy if you have a Tomcat server behind firewalled DMZ| / load balancer or Reverse Proxy. Usually on well secured networks direct access to Tomcat application server will be disabled to its listen port (lets say 11444). Another important great think of SSH tunnels is all information between Remote server and local PC are transferred in strong SSH crypted form so this adds extra security level to your communication.
Once "real life" case of SSH tunnel is whether you have to deploy an application which fails after deployment with no meaningful message but error is returned by Apache Reverse Proxy. To test directly tomcat best thing is to create SSH tunnel between remote host 11444 and local host through 11444 (or any other port of choice). Other useful case would be if you have to access directly via CLI interface an SQL server lets say MySQL (remote port 3306 filtered) and inaccessible with mysql cli or Oracle DB with Db listener on port 1521 (needed to accessed via sqlplus).

In that case Putty's Tunneling capabilities comes handy especially if you don't have a Linux box at hand.
To create new SSH tunnel in putty to MySQL port 3306 on localhost (3306) – be sure MySQL is not running on localhost 😉
Open Putty Navigate in left pane config bar to:

SSH -> Tunnels

Type in

Source Port

– port on which SSH tunnel will be binded on your Windows (localhost / in this example case 3306.

Then for

– IP address or host of remote host with number of port to which SSH tunnel will be opened.

N.B. ! in order to make tunneling possible you will need to have opened access to SSH port of remote (Destination) host

make ssh tunnel on Microsoft Windows putty to remote filtered mysql shot

make ssh tunnels on Microsoft windows putty to remote filtered mysql 2 screenshot

open ssh tunnel via WINDOWS port 22 on microsoft windows 7 screenshot

Once click Open you will be prompted for username on remote host in my case to my local router Once you login to remote host open command prompt and try to connect Windows Command prompt Start -> Run (cmd.exe) ;

C:\Users\\hipo> telnet localhost 3306

Connection should be succesful and you from there on assuming you have the MySQL cli version for windows installed you can use to login to remote SQL via SSH tunnel with;

C:\Users\\hipo> mysql -u root -h localhost -p

To later remove existing SSH Tunnel go again to SSH -> Tunnels press on SSH tunnel and choose Remove

Further you can craete multiple SSH tunnels for all services to remote host where access is needed. Important think to remember when creating multiple SSH connections is source port on localhost to remote machine should be unique

MobaXTerm: A good gnome-terminal like tabbed SSH client for Windows / Windows Putty Tabs Alternative

Wednesday, November 13th, 2013

Mobaxterm ssh client putty MS Windows alternative with tabs suitable for ex linux users

mobaxterm with tabbed ssh connections screenshot best putty windows ssh client alternative now

Last 10+ years I worked on GNU / Linux as Desktop. Last 7 years most of my SSH connections were managed from GNOME and I'm quite used to gnome-terminal ssh tabbing. In my new Employee Hewlett Packard. I'm forced to work on Microsoft Windows 7 and thus I used for a month or so Putty and Kitty fork from version 0.63 of PuTTY advertising itself as the best telnet / SSH client in the world. Both of the two lack tabbing and have interface which is pretty unfamiliar to me. As I'm so used to using native UNIX terminal. Fortunately a colleague of mine Ivelin was using an SSH client called MobaXTerm which very much did emulation similar to my favourite gnome-terminal. MobaXterm is not free software / open source app but this doesn't matter so much to me as anyways I'm running a non-free Win OS on my desktop. What makes MobaXterm so attractive is its rich functionality (cosmic years infront of Putty).

Here is website description of MobaXterm quoted from its website:

MobaXterm is an enhanced terminal for Windows with an X11 server, a tabbed SSH client and several other network tools for remote computing (VNC, RDP, telnet, rlogin). MobaXterm brings all the essential Unix commands to Windows desktop, in a single portable exe file which works out of the box.

Overall list of features MobaXterm offers are;

  •     multitab terminal with embedded Unix commands (ls, cd, cat, sed, grep, awk, rsync, wget, …)

  •     embedded X11 server for easily exporting your Unix/Linux display

  •     a session manager with several network utilities: SSH, RDP, VNC, Telnet, Rlogin, FTP, SFTP and XDMCP

  •     passwords management for SSH, RDP, VNC, SFTP (on demand password saving)

  •     easy graphical file transfer using drag and drop during SSH sessions

  •     advanced SSH tunnels creation tool (graphical port forwarding builder)

  •     tasks automation using scripts or macros

Mobaxterm is portable just like Putty so its useful to use on HOP stations to servers like used in big companies like HP. Featured embedded Unix commands (e.g., ls, cd, cat, sed, grep, awk, rsync, wget) gives a feeling like you're working on pure Linux console making people addicted to Linux / BSD quite confortable. Some other very useful terminal emulator functions are support for anti-aliasing session manager (save / remember passwords for ssh sessions in Crypted format so much missing in Putty) and it even supports basic macros.
Basic UNIX commands embedded in MobaXterm are taken and ported from Cygwin projectLinux-like environment for Windows making it possible to port software running on POSIX systems (such as Linux, BSD, and Unix systems) to Windows. A very cool think is also MobaXterm gives you a Linux like feel of console navigation in between basic files installed from Cygwin. Some downside I found is program menus which look at first glimpse a bit confusing especially for people used to simplicity of gnome-terminal. Once logged in to remote host via ssh command the program offers you to log you in also via SFTP protocol listing in parallel small window with possibility to navigate / copy / move etc. between server files in SFTP session which at times is pretty useful as it saves you time to use some external SFTP connector tools like  WinSCP.

From Tools configuration menu, there are few precious tools as well;
         – embedded text editor MobaTextEditor
         – MobaFoldersDiff (Able to show diffeernces between directories)
         – AsciiTable (Complete List of Ascii table with respective codes and characters)
         – Embedded simple Calculator
         – List open network ports – GUI Tool to list all open ports on Windows localhost
         – Network packets capture – A Gui tool showing basic info like from UNIX's tcpdump!
         – Ability to start quickly on local machine (TFTP, FTP, SFTP / SSH server, Telnet server, NFS server, VNC Server and even simple implementation of HTTP server)

Mobaxterm list of tools various stuff

         Mobaxterm run various services quickly on Windows servers management screenshot

Below are few screenshots to get you also idea about what kind of configuration MobaXterm supports
  mobaxterm terminal configuration settings screenshot

mobaxterm better putty alternative x11 configuration tab screenshot

mobaxterm windows ssh client for linux users configuration ssh tab screenshot

MobaXTerm Microsoft Windows ssh client configuration misc menu screenshot
To configure and use Telnet, RSH, RDP, VNC, FTP etc. Sessions use the Sessions tab on top menu.

One very handy thing is MobaXterm supports export of remote UNIX display with no requirement to install special Xserver like already a bit obsolete Xming – X server for Windows.
The X Display Manager Control Protocol (XCMCP) is a key feature of the X11 architecture. Together with XDMCP, the X network protocol allows distributed operation of the X server and X display manager. The requesting X server runs on the client (usually as an X terminal), thus providing a login service, that why the X server ported to MobaXterm from Cygwin also supports XDMCP. If, for example, you want to start a VNC session with a remote VNC server, all you have to do is enter the remote VNC server’s IP address in the VNC area; the default VNC port is already registered.

Accessing the remote Windows server via RDP (Remote Desktop Protocol) is also a piece of cake. Once you establish a session to RDP or other Proto it is possible to save this session so later you just choose between session to access. The infamous (X11 Port Forwarding) or creation of SSH encrypted tunnels between hosts to transfer data securily or hide your hostname is also there.

MobaXterm is undoubtedly a very useful and versatile tool. Functionally, the software is well mannered, and Windows users who want to sniff a little Linux/Unix air can get a good idea of how Linux works. A closer look reveals that anything you can do with MobaXterm can be achieved directly with freely available tools (Cygwin) and Unix tools ported from Cygwin. However, although Cygwin provides a non-Posix environment for Windows, it doesn’t offer a decent terminal, which is one thing Moba-Xterm has going for it.

Admittedly, in pure vanilla Cygwin, you can start an X server automatically and then use xterm, but xterm lacks good-quality fonts, whereas MobaXterm conveniently lets you integrate a font server.

Curious: Old ladies from Plovdiv, Bulgaria are knitting mobile and computer equipment hand made cases

Monday, November 11th, 2013

new business idea manual hand crafted knitted mobile device cases

While reading one of my daily tech news websites today I stimbled on very unusual news and a business idea, worthy to re-blog 😉 The idea of the new Innovative business is just genious and simple as that – knitted digital equipment cases. There are plenty of old ladies in Bulgaria who are used to knitting sweaters, hats and all kind of hand made winter clothes. Knitting was among the must have skills for ladies in Bulgaria until some years time even my grandmother when a bit younger used to knit in most of her free time. Thus most of grandmothers in Bulgaria still when get old and have a lot of free time, kill their time with the craft they learned as young. For the young European people who probably never heard of it knitting is unique kind of manufacture for producing winter clothes from yarn.

yarn in different colors the base material for knitting

Knitting was a top ladies craft before the boom of industrial manufacture before 19th century industrial revolution, nowadays its almost a forgotten craft. Now some genious people in Bulgaria decided to give work to this old ladies and pay them for knitting computer and mobile equipment cases (cases for Tablets, Smartphones, Notebooks etc.) Knitting of mobile equipment cases opens new work places and introduces new way for old people to earn some extra income, such extra income is absolutely necessary in Bulgaria nowdays as most old ladies receive ridiculous pension of 120 to 150 EUR per month (money insufficient to pay expensive winter heating bills and so expensive food that is nowdays in Bulgaria).

lady knitting a sweater or some kind of clothe

The company who invented this new business and introduced it for the masses is Snug Essentials and is started by enthusiastic young people who had grandmothers practicing the old craft. The innovative product is distributed via Etsy Global Platform for distributing hand crafted goods as well as in   Facebook, Twitter and Ebay. As of time of writting the companyis extremely small 6 old grandmas work on producing the knitted cases for digital equipment but the tendency is this to rise soon, as there are plenty of people who love the hand made cases.
The price of a case is also not too high, it costs only around 10$ per knitted case. Here are few nice knitted cases produced by grandmas 🙂

notebook laptop in knitted hand made case

Your girlfriend will love it if you gift her one of these 🙂

knitted notebook case original business idea


Raspberry Pi – Cheap portable credit-card sized single board Linux computer box

Thursday, November 7th, 2013

RaspberryPi tiny-computer running Linux and free software Logo

Not of a the latest thing out there but I believe a must know for every geek is existence of Raspberry Pi mini computer Linux board. It is a geek credit-card sized mini PC on extremely cheap price between 25$ and 35$ bucks (e.g. Raspberry Pi model A and Raspberry Pi Model B).

Raspberry Pi hardware you get for this ultra low price is as follows:

  • Broadcom BCM2835 system on chip
  • ARM Mobile processor model ARM1176JZF running at 700 Mhz (overlocking up to 1Ghz is possible – overclocked RP is called Turbo 🙂 )!
  • VideoCore IV GPU with 512 MBytes of ram
  • No Build hard disk or solid-state drive but instead designed to use SD-Card as a Storage
  • two video outputs
  • composite RCA and an HDMI port
  • 3.5mm audio output
  • 2 or 1SD/MMC/SDIO card slot (depending on device model A or model B)
  • Micro USB adapter power charger 500mA  (2.5 watts) – Model and 700mA (3.5 watts)

Raspberry PI mini computer hardware running Linux explained picture

The idea of whole device is to make cheap affordable device for pupils and people from third countries who can't afford to pay big money for a full-featured computer. Achievement is unique all you need to Raspberry Pi credit card sized device is external keyboard a mouse, SD-card and a monitor, this makes a 700Mhz featured almost fully functional computer for less than lets say 80$ whether used with a second hand monitor / mouse and kbd :). A fully functional computer or full functional thin client for as less as 80$ yes that's what RaspberryPi is!

It is recommendable that SD-Card storage on which it is installed is at least 4GB as this is part of its minimum requirement, however it is best if you can get an SD-Card of 32GBytes whether you plan to use its whole graphic functionalities.

Raspberry Pi Hardware is not too powerful to run a version of Windows as well as there is no free version of MS-Windows for ARM Processor, so basicly device is planned to run free software OSes GNU / Linux. 5 operating systems are working fine with the mini-board device as time of writting;

  • Raspbian – Debian "Wheezy" Linux port
  • Pidora – Fedora mixed version ported to run on Raspberry Pi
  • Risk OS port
  • Arch Linux port for ARM devices
  • Slackware Arm
    FreeBSD / NetBSD
  • QtonPi

Recommended and probably best distro port is for Debian Squeeze

To boot an OS into raspberry PI dowbnload respective image from

– Use application for copying and extracting image to SD-Card like Win32 Disk Imager – whether on Windows platform

Win32DiskImager burning raspberry PI mini Linux card board computer box image

– Or from Linux format SD-Card with gparted (N!B! format disk to be in FAT32 filesystem), extrat files and copy them to SD-CARD.

Once Raspberry Pi loads up it will drop you into Linux console, so further configuration will have to be done manually with invoking plenty of apt-get commands (which I will not talk about here as there are plenty of manuals already) – you will have to manually install your Desktop … Default shipped Web browser in Debian is Midori and due to lack of ported version of flash player for ARM streaming video websites like / does not work in browser. There is a Google Chrome for Raspberry Pi port but just like with Midori heavy object loaded websites works very slow and thus not very suitable for multimedia.

raspberry pi cheaest portable linux powered computer sized of a credit card

Raspberry Pi device is very suitable for ThinClient use there is a special separate project – Raspberry ThinClient Project – using which a hobbyist can save 400$ for buying proprietary ThinClient.

RaspberryPI linux as a free software hardware thinclient picture


How to generate self signed SSL certificate with openssl on Linux / BSD

Wednesday, November 6th, 2013

How to generate self signed SSL certificate with openssl on Linux / BSD

It is common solution for personal use to generate SSL certificates which are self-signed. Self-signed certificates are dangerous as no authority or company guarantees that remote site is trustable. However for private use having encrypted connection whether you need to transfer personal data is better than not having such. There are plenty of tutorials online pointing how to set-up Apache webserver to provide access via SSL port 443 with self-signed certifacate, but anyways I decided to blog here a one-liner command way, which makes generating self-signed certificate a piece of cake. Self-signed certificates on UNIX are generated with openssl command part of openssl (Secure Socket Layer cryptocgraphic tools).

On Debian Linux to install openssl (if you still don't have it):

apt-get install --yes openssl

On Fedora, RHEL, CentOS etc. same install should be done with:

yum install -y openssl

On FreeBSD to install it use ports;

cd /usr/ports/security/openssl
make install clean

Once openssl is available, here is command to generate self signed SSL certitifacate;

openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout my-sitename.key -out my-sitename.crt
Generating a 2048 bit RSA private key
writing new private key to 'key.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]:BG
State or Province Name (full name) [Some-State]:Sofia
Locality Name (eg, city) []:Sofia
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Pc Freak
Organizational Unit Name (eg, section) []:Pc Freak
Common Name (eg, YOUR name) []
Email Address []

The generated certificate Private Key file is placed in my-sitename.key
, actual certificate is located in my-sitename.crt -days option tells for how long period certificate will be valid. Regenerating certificate every year (360 days) is good security practice but it is pretty annoying to see your certificate has expered thus for private self signed SSL certificate it is more confortable to generate cert for 10 years time.
To use my-sitename.key and my-sitename.crt copy them to /etc/ssl/crt/

cp -rpf my-sitename.crt /etc/ssl/crt/
cp -rpf my-sitename.key /etc/ssl/crt/

Next what's left is to configure Apache to use new generated certs. Quickest way is to add it inside virtual host. Adding to Apache also depends on Linux distribution where SSL has to be added but in general, what should work is something like:

SSLEngine on
SSLCertificateFile /etc/ssl/crt/my-sitename.crt
SSLCertificateKeyFile /etc/ssl/crt/my-sitename.key

Note that if SSL has to be enabled for specific Virtual Host you will have to place above Apache directives into the Vhost. Though certifiate will only be trusted by your authority RSA 2048 bit encryption in transfer data between your Webserver and Browser should guarantee you extra security of data, not that it is impossible for data to be still sniffed by a skilled hacker but makes data securily transferred in probably 99% of cases 🙂

Apache Reverse Proxy to Tomcat – What is reverse proxying and how to configure it on Linux

Monday, November 4th, 2013

Reverse proxy diagram Apache and Tomcat webserver diagram how to make reverse proxy of tomcat behind Apache

Reverse Proxy is a Proxy server which routes all incoming traffic to secondary Webserver situated behind the Reverse Proxy site. Then all incoming replies from secondary webserver (which is not visible) from the internet gets routed back to Reverse Proxy service. The result is it seems like all incoming and outgoing HTTP requests are served from Reverse Proxy host where in reality, reverse proxy host just does traffic redirection. Problem with reverse proxies is it is one more point of failure the good side of it can protect and route only certain traffic to your webserver, preventing the behind reverse proxy located server from crackers malicious HTTP requests.

Very common use of Reverse Proxy is whether traffic has to be served by Tomcat webservers. Probably one of most common configuration is Apache (configured to serve traffic) as reverse proxy and one or more Tomcat Webservers to which web traffic is re-routed.
By default Tomcat listens for client connections on port 8082 (-. http://localhost:8082), Apache is then used to route all requests serving as Reverse Proxy incoming on port

Reverse Proxy:80 to -> Tomcat server (secondary host):8082

  • So what are benefits (PROS) of Reverse Proxy?

        a) Webservers in Internal Network will be less vulnerable to attacks from the Internet
        b) Reduces risk to sensitive data – Only existent resources on Proxied server will available
        c) Enables makes easy Load Balancing and Fail Over

  • What are disadvantages (CONS) of Reverse Proxy?

         a) If a single instalce of Reverse Proxy is available, this creates a single point of failure

To have reverse proxy it is necessary that Apache server is configured with enabled mod_proxy
Creating a reverse proxy is being done as follows (Assuming you have to do it for a Virtualhost)

Open Apache config with VirtualHost for which Reverse Proxy has to be set, whether only one domain is set on server there is no need for <VirtualHost *:80> opening and close directives but same rules has to be set for primary domain.

<VirtualHost *:80>
  ServerAlias *
  ProxyRequests off 
  ProxyPassMatch /server-status !
  ProxyPassMatch /server-info !
  ProxyPassMatch /ldap-status !
  ProxyPass / keepalive=on timeout=30 connectiontimeout=60 retry=20
  ProxyPassReverse / 

In above example is is local IP address of DMZed host running Tomcat server. That's all necessary assuming that on port 8082 Catalina Tomcat is running. Of course same scenario can be used not only with Tomcat but with DMZ-ed Webservers with Apache, Nginx or Lighttpd.