One of my websites is being hosted using OpenLiteSpeed web server. It was created from a Digital Ocean OpenLiteSpeed WordPress droplet from the DO marketplace. On installation, a certificate was created using Let's Encrypt but it appears that the renewal of the certificate was not automated. OpenLiteSpeed is a fantastic and extremely fast webserver but there is no integration with the Certbot Let's Encrypt SSL certificate automation. Well, there probably is, but I haven't found out how to do it at the moment. For the time being, until I either buy a certificate or find a way to automate it. These are the steps to quickly perform a manual Let's Encrypt certificate renewal.
Stop the web server
root@webserver:~# service lsws stop
Run certbot to issue another certificate
root@webserver:~# certbot certonly
Choose the method you want to authenticate your domain ownership with the ACME CA. I chose option 1 "Spin up a temporary webserver (standalone)" which is the reason that we stopped the webserver in the first instance as we cannot have two webservers trying to use the same port (s) at the same time.
How would you like to authenticate with the ACME CA? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: Spin up a temporary webserver (standalone) 2: Place files in webroot directory (webroot) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Now type in the domain name(s) that you need the certificate to be issued for
Please enter in your domain name(s) (comma and/or space separated) (Enter 'c' to cancel): example.com
Certbot will go through and do it's stuff and create the certificate(s) that you need and it will tell you where it has placed the certificate files.
Cert is due for renewal, auto-renewing... Renewing an existing certificate Performing the following challenges: http-01 challenge for example.com Waiting for verification... Cleaning up challenges IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/example.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/example.com/privkey.pem Your cert will expire on 2019-XX-XX. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
Once the certs have been obtained we are going to start up OpenLiteSpeed again
root@webserver:~# service lsws start
Now we have to login in to the LiteSpeed WebAdmin Console at https://example.com:7080. Once you are logged in you need to click on 'Listeners' in the left-hand menu. Next, click on 'View' for the listener that needs the new certificates. When you are on the correct listener, click on the 'SSL' tab at the top. Once there you need to fill out the 'Private Key File' and the 'Certificate File' information as in the image below.
The locations are symbolic links that go on to the actual certificates which are stored elsewhere in the 'etc/letsencrypt' directory structure.
Once this is done, perform a 'graceful restart' of LiteSpeed and your new certificate will be installed.
KVM (Kernel-based Virtual Machine) is the Linux version of a Hypervisor. Compared to its rivals VMware ESXi/Workstation, Oracle VirtualBox and Microsoft’s own Hyper-V it is a pared down offering without many of the features that its counterparts offer, as far as I have seen. What it lacks in features it more than makes up for in ease-of-use. I first heard of a Linux variant of a hypervisor through watching Wendell on the Level1Techs YouTube channel. Though they didn’t go into the details of how to configure this kind of setup – in the videos that I have seen – they did put the seed in my brain. Once I had a spare computer powerful enough to make it worthwhile I had a dig around to see what I could come up with.
First things first, KVM will only work if your CPU has hardware virtualization support – either Intel VT-x or AMD-V. If this option is not available to you in your BIOS/UEFI then you are not going to get any further in this endeavour.
If you already have Ubuntu installed (I am running Server 17.04 at time of writing) then you can check whether your system is compatible by running the following:
egrep -c '(svm|vmx)' /proc/cpuinfo
If you are returned a
0 then, unfortunately, this means your CPU does not support hardware virtualization. Any number other than
0 means that virtualization is supported. Bear in mind that even if your computer output is something other than
0 you may still have to ensure that you have enabled VT-x or AMD-V correctly in the BIOS/UEFI but this output is telling you that virtualization will be supported. The output from this command indicates how many cores or threads your processor is able to run.
For example, my 4 core non-hyperthreaded Core i5 3570K outputs:
root@localhost:~# egrep -c '(svm|vmx)' /proc/cpuinfo
Whereas my 8 core hyperthreaded Ryzen 7 1800X outputs:
root@localhost:~# egrep -c '(svm|vmx)' /proc/cpuinfo
If you are looking to go further and assign VMs specific hardware then your system will need to support VT-d. This is not to be confused with VT-x/AMD-V which is specifically about CPU support for virtualization. At the moment VT-d eludes me so I am not going to go into it here but it can allow you to do some very cool things. For example, if you are looking to have a Windows VM that you can use to game that is running on a Linux KVM then this is what you will need to allow the Windows VM to utilise the GPU along with the ability to provision specific USB ports to pass through the connectivity required for the keyboard and mouse. Watch this YouTube video for a good idea of what that could mean at the extreme end of things.
First thing to do with your server is to install all the required packages:
root@localhost:~# sudo apt-get install qemu-kvm libvirt-bin virtinst bridge-utils cpu-checker
Once these packages are all installed you can check whether KVM is in, working and you are ready to start creating VMs. To check that you need to issue the following command:
INFO: /dev/kvm exists
KVM acceleration can be used
If you see the above output then you are good to go.
Next we have to configure the network bridge, we installed the required bridge-utils package already so we just need to edit the network config to get this working so load up /etc/network/interfaces into your editor of choice. I commented out some of the existing config and added some to leave the following (changes are in bold italic):
iface lo inet loopback
# The primary network interface
#iface enp3s0 inet dhcp
# This is an autoconfigured IPv6 interface
#iface enp3s0 inet6 auto
iface br0 inet dhcp
This should give you an idea of what to do but I think you are best off looking at the NetworkConnectionBridge guide in the Ubuntu Documentation