Monday, June 30, 2014

Installing VMWare Tools on FreeBSD 10

Install compat6x-amd64

Before you can work with the VMware Tools, you must install Perl and an older FreeBSD compatibility layer:

# cd /usr/ports/misc/compat6x
# make install


# pkg_add -r perl compat6x-`uname -m`

Take a VMWare Snapshot

Important! Take a snapshot here! Do not skip this step.

Mount the VMWare Tools ISO

# mount -t cd9660 /dev/cd0 /mnt

Copy the vmware-freebsd-tools.tar.gz file to a local location
# cp /mnt/vmware-freebsd-tools.tar.gz /tmp

Extract the vmware-freebsd-tools.tar.gz
# cd tmp

# tar zxvf vmware-freebsd-tools.tar.gz

Run the installer and configure VMware Tools
# cd vmware-tools-distrib

# ./

Sunday, June 29, 2014

Quick way to update your host to VMware ESXi 5.5 U1

A quick way to upgrade your host to the newest version at the time of this article, ESXi 5.5 U1 has a few requirements:

Valid DNS servers on your ESXi hosts.
Internet access on the ESXi hosts.
Does require a reboot, just as with normal host.
Before attempting the update, be sure to either disable the ESXi firewall (esxcli network firewall set -e false) or enable the correct firewall rule httpClient. (esxcli network firewall ruleset set -e true -r httpClient). This rule allows both TCP/80 (HTTP) and TCP/443 (HTTPS) outbound.

After you’ve disabled the ESXi firewall or enabled the correct rule. you can then start the update using the esxcli software profile update command. To update via the VMware online depot, use the command like this: esxcli software profile install -d -p ESXi-5.5.0-20140302001-standard

The -d option stands for the depot, and this points to the online (VUM) depot. But you can also use it for standalone hosts. -p points to the Image Profile included in the depot, and there are 4 versions available. I chose the 5.5 U1 standard (with tools).


The S in the image profile is a security-only update and only includes security updates. The no-tools is an image profile that does not include the VMware Tools binaries.

If you don’t have access to the online depot, due to something like company policy, you can follow the same procedure for most cases. Upload the offline depot (available on the download page here) to a datastore. Then use the command esxcli software profile update -d /vmfs/volumes/datastore1\ \(3\)/ -p ESXi-5.5.0-20140302001-standard

During the upgrade, I ran into the following error:

You attempted to install an image profile which would have resulted in the removal of VIBs ['VMware_bootbank_vmware-fdm_5.5.0-1312298']. If this is not what you intended, you may use the esxcli software profile update command to preserve the VIBs above. If this is what you intended, please use the –ok-to-remove option to explicitly allow the removal.
Please refer to the log file for more details.

Fix this using esxcli software profile install -d -p ESXi-5.5.0-20140302001-standard –ok-to-remove

Saturday, June 28, 2014

Changing a GPT GUID partition table disk into a master boot record disk MBR

To change a GUID partition table disk into a master boot record disk using command line
Back up or move all volumes on the basic GUID partition table (GPT) disk you want to convert into a master boot record (MBR) disk.

Open an elevated command prompt and type diskpart. If the disk does not contain any partitions or volumes, skip to step 6.
At the DISKPART prompt (right-click Command Prompt, and then click Run as Administrator), type list disk. Make note of the disk number you want to delete.
At the DISKPART prompt, type select disk .
At the DISKPART prompt, type clean.

Important: Running the clean command will delete all partitions or volumes on the disk.

At the DISKPART prompt, type convert mbr.

list disk: Displays a list of disks and information about them, such as their size, amount of available free space, whether the disk is a basic or dynamic disk, and whether the disk uses the master boot record (MBR) or GUID partition table (GPT) partition style. The disk marked with an asterisk (*) has focus.

select disk: Selects the specified disk, where disknumber is the disk number, and gives it focus.

clean: Removes all partitions or volumes from the disk with focus.

convert mbr: Converts an empty basic disk with the GUID Partition Table (GPT) partition style to a basic disk with the master boot record (MBR) partition style.

Symantec Backup Exec 2012

When backing up a FreeBSD on a virtual machine on ESXi:

It took about 5 hours to finish with Exceptions:

Media Label: IMG000001
GRT backup set folder: E:\BEData\IMG000001
Transport mode 'nbd' was used for the disk 'WebProxy.vmdk'
Transport mode 'nbd' was used for the disk 'WebProxy_1.vmdk'
V-79-57344-38761 - Failed to mount one or more virtual disk images because they contained GPT style disks. Backups that were enabled for Granular Recovery Technology may not be available for restore.


In the backup job deselect the option "Use Backup Exec Granular Recovery Technology (GRT) to enable the restore of individual files and folders from virtual machines" under Settings-VMware Virtual Infrastructure.

To simulate a virtual machine is gone completely, I build a fresh install virtual machine with Windows 7 and try to restore the system from the backup:

It took about 10 minutes to restore from the backup. However, the system could not be booted up and it shows the Blue Screen of Death. The solution and the proper procedure is to use a backup exec recovery disk (a .ISO image) to boot up the machine then restore from the Backup Exec server.

Tuesday, June 24, 2014

.htaccess Restrict Magento admin page access to a certain allowed IP address behind a reverse proxy

.htaccess Restrict Magento admin page access to a certain allowed IP address behind a reverse proxy
<IfModule mod_rewrite.c>
  ### Restrict Magento admin page access to a certain allowed IP address
  RewriteCond %{REQUEST_URI} ^/(index.php/)?admin [NC]
  #RewriteCond %{REMOTE_ADDR} !(^192\.168\.1\.7$|^192\.168\.1\.9$)
  RewriteCond %{HTTP:X-FORWARDED-FOR} !(^192\.168\.1\.7$|^88\.88\.88\.88$)
  RewriteRule ^(.*)$ http://%{HTTP_HOST}/ [R=302,L]

Sunday, June 22, 2014

What kind of cable do I need?

What kind of cable do I need?


This is just an example of the progress of time and the evolution of networking equipment. Back in the day it used to be mandatory to use a crossover cable between switches and routers and between some servers and hubs, but modern equipment can autosense the connection type and change it's mdx configuration on a per port basis. Therefore newer training materials will list a standard cable as the proper connection.

I still advise you keep a crossover cable handy though in your travels since you never know when you will meet an older piece of equipment that may require that type of connection.

Good luck with your studies,

To kind of tie into what was said, you should get in the habit of always using the suggested cable type. If you don't then you could spend hours troubleshooting an issue that could have been avoided by using the correct type. It is nice when the devices auto-configure for you, but you do not want to get in the habit of relying on it.
To flex my newly acquired networking muscle...I will shed some light on this topic (I don't have too many networking muscles).

True, auto-sensing ports eliminate the need to think about whether you're using cross over or straight through. But, as mentioned, it is probably safer to practice good networking rules.

Note: The correct method to connect a router to a switch is by using a straight through cable. Switches and Hubs transmit on pins 3 & 6, where as pretty much any other NIC's and Router's transmit on pins 1 & 2.

So :

router to router....crossover

PC to PC....crossover

switch to switch.....crossover

PC to router....crossover

PC to switch, Router to switch, PC to Hub....straight-through
This topic has to do with the OSI Model.

You are dealing with the 3 bottom most layers. Network, Data Link, and Physical.

Routing is done at Layer 3. (IP addressing)
Switching is done at Layer 2 (Mac Addresses, ARP, Etc.)
Cables fall under layer 1. (Fiber, Copper, NIC)

Cross-over cables are used for same layer transfer. (e.g. Layer 2 - Layer 2 and Layer 3 - Layer 3)

Straight through cables are used for different layer transfer(one of many uses) (e.g. Layer 2 to Layer 3)

Auto sensing ports (where available) make life a little easier by doing away with the guess work and layer thinking. I work on a network backbone, so we try not to rely on auto sensing ports to much (its just something else to fail)


Layer 3 Switches Explained

Layer 3 Switches Explained

by DAVID DAVIS on AUGUST 30, 2007
Layer 3 switches are becoming more and more common in the Enterprise. After reading this tip, you’ll know the difference between a switch, a router, and a Layer 3 switch. You’ll also understand what to look for when shopping for Layer 3 switches.

Layer 3 Switches Explained
By: David Davis, CCIE #9369, CWNA, MCSE, CISSP, Linux+, CEH
The following article was originally posted at 3 Switches Explainedand it is reproduced with their permission.
Let’s say that the switches in your data center or wiring closet are old. You know that you need to replace them and have heard about Layer 3 switches. But what is a Layer 3 switch, what can it do for you, and how does it differ from a regular switch or router? Let’s find out.

How do switches and routers work?

Before defining what a Layer 3 switch is, let’s make sure that we are all on common ground and understand what a regular switch and a router do.
switch works at Layer 2 of the OSI model (data-link). It is a LAN device that can also be called a multi-port bridge. A switch switches Ethernet frames between Ethernet devices. Switches do not care about IP addresses nor do they even examine IP addresses as the frames flow through the switch. However, unlike a hub that just duplicates data and sends it out all ports, switches keep a bridge forwarding table that shows what MAC addresses have been seen on what port.
In the Cisco world, the bridge forwarding table is called a CAM Table, or Content Addressable Memory table. If a switch receives an Ethernet frame for a destination that it doesn’t have in its table, it floods that frame out to all ports (like a hub does all the time). However, the switch learns from the response of that flood and records the response to that frame in its forwarding table for the next time. Switches form collision domains. In other words, the switches “play traffic cop” with the inbound frames by buffering each packet before switching it. This way, there are no collisions and, to each device connected to the switch, it seems like that device has its own Ethernet segment and can talk at full speed, without risk of collisions.
router, on the other hand, works at Layer 3 of the OSI model (Network). It is a WAN device that connects a LAN to a WAN or a subnetted LAN to another subnetted LAN. A router routes IP packets between IP networks. Routers do this using an IP routing table. In that table, they have either static or dynamic routes. When an IP packet comes in, the router looks up the destination IP in the IP routing table. If that destination IP is not found in the table the router drops the packet, unless it has a default route. Routers form broadcast domains because they drop broadcast packets.

How does a Layer 3 switch work?

A Layer 3 switch works much like a router because it has the same IP routing table for lookups and it forms a broadcast domain. However, the “switch” part of “Layer 3 switch” is there because:
  1. The layer 3 switch looks like a switch. It has 24+ Ethernet ports and no WAN interfaces.
  2. The layer 3 switch will act like a switch when it is connecting devices that are on the same network.
  3. The layer 3 switch is the same as a switch with the router’s IP routing intelligence built in.
  4. The switch works very quickly to switch or route the packets it is sent.
In other words, the Layer 3 switch is really like a high-speed router without the WAN connectivity.
You might be asking yourself why you would want the routing functionality of a router in your switch if you don’t have WAN interfaces. Well, the routing functionality of the Layer 3 switch is there to route between different subnets or VLANs on a campus LAN or any sort of large LAN. This means that the Layer 3 switch is really for large Ethernet networks that need to subnet into smaller networks. Most of the time, this is done using VLANs.
When it comes to Layer 3 switching, there are two kinds: hardware and software. With a hardware-based solution, the device is using an ASIC (a dedicated chip) to perform the function. With the software implementation, the device is using a computer processor and software to perform the function. Generally, Layer 3 switches and high-end routers route packets using hardware (ASICs) and general-purpose routers use software to perform routing functions.

What is a VLAN?

A VLAN is a virtual LAN. This virtual LAN is also an IP subnet. The difference between just subnetting a network and using VLANs is the flexibility that VLANs can provide for your LAN subnetting. Here is an example: Say that you have a single switch port in one VLAN, in one building. One hundred yards away, you can have another switch port, in another building. Both of those switch ports can be in the same VLAN and only those two switch ports can talk, despite the fact that they are separated by multiple buildings and are connected by a 100 yard fiber optic cable. Without a VLAN, this type of organization wouldn’t be possible.
In a traditional VLAN, switches tag the VLAN traffic, and only the devices on the same VLAN can communicate with one another. If devices on different VLANs need to communicate, they would talk to each other via a trunk port on a router. That trunk port and the processing power of the router would create a bottleneck for communications. With a Layer 3 switch, routing and trunking are performed at very high speeds.
Besides the functionality mentioned above, a VLAN has a number of other features such as:
  • Performance & broadcast control
  • Segregating departments or project networks
  • Security
This article can’t begin to cover all that you need to know about VLANs. What you need to know is that Layer 3 switches are used to make VLANs easier and faster. Layer 3 switches make VLANs easier to configure because you don’t need a separate router between VLANs. All the routing can be done right on the switch. Layer 3 switches make VLANs faster because they eliminate the bottleneck that results from a router forming a single link between VLANs.

Do I need a Layer 3 switch?

You should investigate getting a Layer 3 switch if you can answer yes to any of the following questions:
  • Do you have a network with a lot of broadcasts that needs better performance?
  • Do you have subnets and/or VLANs that are currently connected via a router?
  • Do you need higher performance VLANs?
  • Do departments need their own broadcast domains for performance or security?
  • Are you considering implementing VLANs?
Article summary
Here is what we have learned:
  • Routers work at Layer 3 and route IP packets between networks.
  • Switches work at Layer 2 and switch Ethernet frames between Ethernet devices.
  • For some of the higher-end Cisco switches, enabling Layer 3 switching is simply a software upgrade available for a fee.
  • Layer 3 switches are used primarily for inter-VLAN routing.
  • Layer 3 switches don’t have WAN connectivity


Saturday, June 21, 2014



What is RouterOS?
Quality of service
Web proxy

What is RouterOS?

MikroTik RouterOS is the operating system of MikroTik RouterBOARD hardware. It can also be installed on a PC and will turn it into a router with all the necessary features - routing, firewall, bandwidth management, wireless access point, backhaul link, hotspot gateway, VPN server and more.

RouterOS is a stand-alone operating system based on the Linux v2.6 kernel, and our goal here at MikroTik is to provide all these features with a quick and simple installation and an easy to use interface.

You can try RouterOS today, go to and download the installation CD image. The free trial provides all of the features with no limitations. In the following pages you will find examples of some of the most important RouterOS features.

RouterOS supports various methods of configuration - local access with keyboard and monitor, serial console with a terminal application, Telnet and secure SSH access over networks, a custom GUI configuration tool called Winbox, a simple Web based configuration interface and an API programming interface for building your own control application. In case there is no local access, and there is a problem with IP level communications, RouterOS also supports a MAC level based connection with the custom made Mac-Telnet and Winbox tools.

RouterOS features a powerful, yet easy to learn command-line configuration interface with integrated scripting capabilities.

• Winbox GUI over IP and MAC
• CLI with Telnet, SSH, Local console and Serial console
• API for programming your own tools
• Web interface

New in RouterOS v4 is the Lua scripting language, which opens up a multitude of approaches in automation and programming of your router.

The firewall implements packet filtering and thereby provides security functions, that are used to manage data flow to, from and through the router. Along with the Network Address Translation it serves for preventing unauthorized access to directly attached networks and the router itself as well as a filter for outgoing traffic.

RouterOS features a stateful firewall, which means that is performs stateful packet inspection and keeps track of the state of network connections traveling across it. It also supports Source and Destionation NAT (Network Address Translation), NAT helpers for popular applications and UPnP.

The Firewall provides features to make use of internal connection, routing and packet marks. It can filter by IP address, address range, port, port range, IP protocol, DSCP and other parameters, also supports Static and Dynamic Address Lists, and can match packets by pattern in their content, specified in Regular Expressions, called Layer7 matching.

The RouterOS Firewall facility also supports IPv6.

RouterOS supports static routing and a multitude of dynamic routing protocols.

• For IPv4 it supports RIP v1 and v2, OSPF v2, BGP v4.
• For IPv6 it supports RIPng, OSPFv3 and BGP.

RouterOS also suppors Virtual Routing and Forwarding (VRF), Policy based routing, Interface based routing and ECMP routing. You can use the Firewall filter to mark specific connections with Routing marks, and then make the marked traffic use a different ISP.

Now with MPLS support added to RouterOS, VRF is also introduced. Virtual Routing and Forwarding is a technology that allows multiple instances of a routing table to co-exist within the same router at the same time. Because the routing instances are independent, the same or overlapping IP addresses can be used without conflicting with each other. VRF also increases network security. It is often used in, but not limited to MPLS networks.

MPLS stands for MultiProtocol Label Switching. It can be used to replace IP outing - packet forwarding decision is no longer based on fields in IP header and routing table, but on labels that are attached to packet. This approach speeds up forwarding process because next hop lookup becomes very simple compared to routing lookup.

Efficency of forwarding process is the main benefit of MPLS. MPLS makes it easy to create “virtual links” between nodes on the network, regardless of the protocol of their encapsulated data.

It is a highly scalable, protocol agnostic, data-carrying mechanism. In an MPLS network, data packets are assigned labels. Packet-forwarding decisions are made solely on the contents of this label, without the need to examine the packet itself. This allows one to create end-to-end circuits across any type of transport medium, using any protocol.

Some of the supported MPLS features:
• Static Label bindings for IPv4
• Label Distribution protocol for IPv4
• RSVP Traffic Engineering tunnels
• VPLS MP-BGP based autodiscovery and signaling

To establish secure connections over open networks or the Internet, or connect remote locations with encrypted links, RouterOS supports various VPN methods and tunnel protocols:

• Ipsec – tunnel and transport mode, certificate or PSK, AH and ESP security protocols
• Point to point tunneling (OpenVPN, PPTP, PPPoE, L2TP)
• Advanced PPP features (MLPPP, BCP)
• Simple tunnels (IPIP, EoIP)
• 6to4 tunnel support (IPv6 over IPv4 network)
• VLAN – IEEE802.1q Virtual LAN support, Q-in-Q support
• MPLS based VPNs
This means that you can securely interconnect banking networks, use your workplace resources while travelling, connect to your home local network, or increase security of your wireless backbone link. You can even interconnect two branch office networks and they would be able to use each other’s resources, as if the computers would be in the same location - all secure and encrypted.

A variety of Wireless technologies are suppored in RouterOS, the most basic of them being the wireless access point and client. If it’s a small hotspot network in your home, or a city wide mesh network, RouterOS will help you in all situations.

Some of the features supported by RouterOS:

• IEEE802.11a/b/g/n wireless client and access point
• Nstreme and Nstreme2 proprietary protocols
• Client polling
• Wireless Distribution System (WDS)
• Virtual AP
• WEP, WPA, WPA2 encryption
• Access control list
• Wireless client roaming
• HWMP+ Wireless MESH protocol
• MME wireless routing protocol

RouterOS also features the NStreme proprietary wireless protocol that allows to extend the connection range and speed, when using MikroTik routers at each end. This has helped to achieve the current non-amplified wifi link lenght world record in Italy. Also supported is NSteme dual which allows to use two antennas at each end, one for receiving and one for sending.

The MikroTik HotSpot Gateway enables providing of public network access for clients using wireless or wired network connections. The user will be presented a login screen when first opening their web broswer. Once a login and password is provided, the user will be allowed internet access. This is ideal for hotel, school, airport, internet cafe or any other public place where administration doesn’t have control over the user computer. No software installatin or network configuration is needed, hotspot will direct any connection request to the login form.

Extensive user management is possible by making different user profiles, each of which can allow certain uptime, upload and download speed limitation, transfer amount limitation and more.

Hotspot also supports authentication against standard RADIUS servers and MikroTik’s own User Manager which will give you a centralized management of all users in your networks.

• Plug-n-Play access to the Network
• Authentication of local Network Clients
• User Accounting
• RADIUS support for Authentication and Accounting
• Configurable bypass for non-interactive devices
• Walled garden for browsing exceptions
• Trial user and Advertisement modes
Quality of Service

Bandwidth Control is a set of mechanisms that control data rate allocation, delay variability, timely delivery, and delivery reliability.

Quality of Service (QoS) means that the router can prioritize and shape network traffic. Some features of MikroTik RouterOS traffic control mechanism are listed below:

• limit data rate for certain IP adresses, subnets, protocols, ports, and other parameters
• limit peer-to-peer traffic
• prioritize some packet flows over others
• use queue bursts for faster web browsing
• apply queues on fixed time intervals
• share available traffic among users equally, or depending on the load of the channel
RouterOS supports Hierarchical Token Bucket (HTB) QoS system with CIR, MIR, burst and priority support, and provides both advanced queuing, and also an easy solution for basic QoS implementation - Simple queues.
Web Proxy

RouterOS features a MikroTik custom made proxy server for caching web resources, and speeding up customer browsing by delivering them cached file copies at local network speed. MikroTik RouterOS implements the following proxy server features:

• Regular HTTP proxy
• Transparent proxy
• Access list by source, destination, URL and requested method (HTTP firewall)
• Cache access list to specify which objects to cache, and which not.
• Direct Access List to specify which resources should be accessed directly, and which - through another proxy server
• Logging facility
• SOCKS proxy support
• Parent proxy support
• Cache storage on external drives
RouterOS can also act as a Transparent Caching server, with no configuration required in the customer PC. RouterOS will take all HTTP requests and redirect them to the local proxy service. This process will be entirely transparent to the user, and the only difference to them will be the increased browsing speed.

To help administrating your network, RouterOS also provides a large number of small network tools to optimize your everyday tasks. Here are some of them:

• Ping, traceroute
• Bandwidth test, ping flood
• Packet sniffer, torch
• Telnet, SSH
• E-mail and SMS send tools
• Automated script execution tools
• CALEA data mirroring
• File Fetch tool
• Active connection table
• NTP Client and Server
• TFTP server
• Dynamic DNS updater
• VRRP redundancy support
• SNMP for providing graphs and stats
• RADIUS client and server (User Manager)

Getting Apache installed to get a web server running

Getting Apache installed to get a web server running!

Installing Apache2.2

Make sure you update ports and then run the following commands:

# cd /usr/ports/www/apache22
# make install clean

That will install apache2.2
Configuring apache2
Lets edit the httpd.conf file:

# vi /usr/local/etc/apache22/httpd.conf

Scroll down and change the following settings. The optional settings I will put OPTIONAL before the setting:

OPTIONAL: Listen 80 - You can change this default option if you have more than one apache server running on your network

User www - Changes what user apache runs as

Group www - Changes what group apache runs as

ServerAdmin to your email address.

DocumentRoot "/usr/local/www/apache22/data" - I don't usually use the default path. I put my www documents on a seperate drive.

Directory "/usr/local/www/apache22/data" - Change this to the same path as DocumentRoot (See above)

<Directory /usr/local/www/apache22/> Change this to the root of your vhosts folder

DirectoryIndex index.html index.html.var - add any pages you would use. For instance, add index.php if you use php pages

OPTIONAL: #CustomLog /var/log/httpd-access.log combined - I usually leave this commented unless you want to use this to track users looking at your site

ScriptAlias /cgi-bin/ "/usr/local/www/cgi-bin/" - change this to your cgi-bin path

Directory "/usr/local/www/cgi-bin"> - change this to the same path as ScriptAlias /cgi-bin above

Now lets tell apache to start:

# apachectl start

and hit Enter on your keyboard
We now need to tell Apache to run on startup. Please run the following command:

# echo 'apache22_enable="YES"' >> /etc/rc.conf

If you get no errors, apache should be running. Look at the page by opening a browser to http://localhost or replace localhost with the IP or the actual hostname of the box. If you went with the DocumentRoot defaults, You will see an apache test page until you get your site up and going. If you are behind a router or firewall, make sure you forward the apache port (Port 80) to the FreeBSD box otherwise you won't be able to get there from here. :-)

Configuring SSL

Let's get SSL Configured and Installed:


# mkdir /usr/local/etc/apache22/ssl.key
# mkdir /usr/local/etc/apache22/ssl.crt
# chmod 500 /usr/local/etc/apache22/ssl.key
# chmod 500 /usr/local/etc/apache22/ssl.crt
# chown root:wheel /usr/local/etc/apache22/ssl.key
# chown root:wheel /usr/local/etc/apache22/ssl.crt

Create Certificate
Now, you need to understand that one server can hold multiple certificates, but only one per listening IP address. So, if your server is listening on one IP address, you can only have one certificate for the server. Follow me so far? All of your virtual domains can share the same certificate, but clients will get warning prompts when they connect to a secure site where the certificate does not match the domain name. If your server is listening on multiple IP addresses, your virtual hosts have to be IP-based -- not name-based. This is something to consider when creating your certificate. :-)

Change to your root dir by typing in the following command. We want to save this configuration there as a backup.

# cd /root
# openssl genrsa -des3 -out server.key 1024

You will now be prompted to enter in a password. Write this down as you will need it later. We need to make a Certificate Signing Request (CSR):

# openssl req -new -key server.key -out server.csr

Enter your password when it asks for it. Make sure you enter your FQDN for the "Common Name" portion.
Self-signing your Certificate
You could always pay money to Verisign or Thawte for this but it costs $$$. Here is the way to do it:

# openssl x509 -req -days 365 -in /root/server.csr -signkey /root/server.key -out /root/server.crt

Now your cert is good for 365 days. If you want to make it longer, go right ahead and do so :-)
If you would like more information about SSL Certs, go to

Now we need to copy the certs to the right place:

# cp /root/server.key /usr/local/etc/apache22/ssl.key/
# cp /root/server.crt /usr/local/etc/apache22/ssl.crt/

Now to give them the right permissions as well:

# chmod 400 /usr/local/etc/apache22/ssl.key/server.key
# chmod 400 /usr/local/etc/apache22/ssl.crt/server.crt
# chown root:wheel /usr/local/etc/apache22/ssl.key/server.key
# chown root:wheel /usr/local/etc/apache22/ssl.key/server.crt

We will now want to copy the default httpd-ssl.conf from the extras folder to the Includes folder:

# cd /usr/local/etc/apache22/extra
# vi httpd-ssl.conf

Now modify the following:

DocumentRoot "/usr/local/www/data" - Change the path to your httpd.conf document root.

ServerName - Change to your domain name.

  Change this to your email address

ErrorLog /var/log/httpd-error.log - You can leave this or comment it out.

TransferLog /var/log/httpd-access.log - You can leave this or comment it out.

SSLCertificateFile "/usr/local/etc/apache22/ssl.crt/server.crt"

SSLCertificateKeyFile "/usr/local/etc/apache22/ssl.key/server.key"

One additional thing you will need to do is open up  /usr/local/etc/apache22/httpd.conf and comment out the following line:
Include etc/apache22/extra/httpd-ssl.conf 
Now run the following:

# apachectl stop
# apachectl start

The start means it will start in ssl mode to serve both http:// and https:// addresses. This used to be apachectl sslstart but that command has been depreciated.
The URL below includes instructions on how to remove the pass phrase prompt when apache starts
Configuring php for Apache

This section is pretty easy. Just run the following:

# cd /usr/ports/lang/php5
# make config

Make sure the box is checked that says Apache. If it isisn’t, put the cursor over it and then hit the Space Bar. Hit Tab and then hit Enter.
Then run the following to upgrade php5 to support Apache2.2

# make install clean

Next, we want to configure apache to use php5.

# vi /usr/local/etc/apache22/httpd.conf

and look for the first AddType section and add this to next line below the AddType section

AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps

Next go to DirectoryIndex and make sure index.php is part of it like so:

DirectoryIndex index.php index.html

With Apache2.2 it now wants to load an Accept Filter. If you don't load the following module on startup, You will get an error everytime you start apache. Run the following command:

# echo 'accf_http_load="YES"' >> /boot/loader.conf

Now rather than rebooting the box, we can load the module manually by running:

# kldload accf_http

and then if you start Apache, You won't get that error.
Now run the following command to start apache.

# apachectl stop
# apachectl start

You will now have apache with SSL and PHP support!


vSphere Web Client Login

vSphere Web Client URL: https://vcenter:9443
name: administrator@vsphere.local
password: *********

Lookup Service URL: https://vcenter:7444/lookupservice/sdk
vCenter Inventory Service URL: https://vcenter:10443

Friday, June 20, 2014

Ways to transfer VMware Workstation Virtual Machines to ESXi

Method 1:
Connecting to ESXi host > right click on the virtual machine > Manage > Upload

Method 2:
Right click on left pane > select Datastore and Datastore Clusters > select a datastore > click on "Browse this datastore".

Method 3:
File > Export to OVF.

Using the Local ESXi Shell

Using the Local ESXi Shell

After you enable the ESXi Shell in the direct console, you can use it from main direct console screen or remotely through a serial port.

1. At the main direct console screen, press Alt-F1 to open a virtual console window to the host.

2. Get a list of running virtual machines, identified by World ID, UUID, Display Name, and path to the .vmx configuration file, using this command:

# esxcli vm process list

3. Power off one of the virtual machines from the list using this command:

# esxcli vm process kill --type=[soft,hard,force] --world-id=WorldNumber

Alternate power off command syntax is:

# esxcli vm process kill -t [soft,hard,force] -w WorldNumber

4. shutdown and restart commands:

# reboot -f
# halt
# shutdown

Thursday, June 19, 2014


作者 / Bryan Yao











危機往往就是轉機, 許多資深PM都懂得這個道理,因此反而很歡迎這樣的變更,他們知道這正是爭取更多資源的契機,而且客戶也會獲得更多的價值,是個雙贏。畢竟對專業賽車手來說,有彎道才有超越的機會呀!

Tuesday, June 17, 2014

Automatic vertical scroll bar in WPF TextBlock?

Automatic vertical scroll bar in WPF TextBlock?

<TextBox Name="myTextBox"
ScrollViewer.CanContentScroll="True">SOME TEXT

These are attached property of wpf. For more information

Monday, June 16, 2014

MySQL Import error

ERROR HY000: This function has none of DETERMINISTIC, NO SQL, or READS SQL DATA in its declaration and binary logging is enabled (you *might* want to use the less safe log_bin_trust_function_creators variable)

mysql> SET GLOBAL log_bin_trust_function_creators = 1;

Note: You can also set this variable by using the --log-bin-trust-function-creators=1 option when starting the server.

cmd> mysql --default-character-set=utf8 -u root -p DB_NAME < 2014-06-16_DB_NAME.sql

After imported, run this query to set it back:
mysql> SET GLOBAL log_bin_trust_function_creators = 0;

Thursday, June 12, 2014

MySQL Query Log

Turn on query log permanently, eidt my.ini:



Turn on query log at runtime:

SET GLOBAL general_log = 'ON';
SET GLOBAL general_log = 'OFF';

Note: use the "FLUSH LOGS" command to flush the logs from memory to the log file.

Wednesday, June 11, 2014

MySQL C# Text Encoding Problem


<add key="MyDBConnectionString" value="Server=;Database=posserver;Uid=root;Pwd=mypassword;Port=3306;CharSet=utf8;"/>

Note: Use lower case value utf8 and not upper case UTF8 as this will fail.
Note: that resultsets still are returned in the character set of the data returned.

Tuesday, June 10, 2014

flush refresh MySQL query log file

mysql> flush logs;