Market forces have conspired into forcing me to have a bare-metal Windows install (a Virtualbox Virtual Machine can no longer cut it). I still would rather work solely in Debian, or some form of Linux distribution (distro!), but this presents me with an opportunity to grow my skills in ways I did not anticipate. First, the scenario:
- I use the venerable KeePassX to manage my passwords. It is not to be confused with KeePass. Both programs have similar functions, and even read the same database format (KeePass 1.x), but the latest (and currently maintained) KeePass version depends on .NET, so on Linux that means Mono. Last I checked (which is admittedly a long time ago), the Linux/Mono port looked *terrible*. Luckily, KeePassX has a port for Windows, so I can keep the same look and feel regardless of whether I’m booted into Windows or Linux. FULL DISCLOSURE: KeePassX 0.4.3 has been out for some time, and it appears the development on the next version of KeePassX has slowed to a crawl or is nonexistent.
- No matter which computer I’m using, I want to be able to access the password database. In Linux, I just set up a port forward on my WAN router that points to the SSH port on my Debian workstation, and on my satellite devices I use SSHFS to mount the keepass directory. This “tricks” KeePassX in thinking the password database is local to the satellite machine, any changes are immediately available on the main workstation and satellite machines, and there is no reconciling disparate databases. As part of the (manual) SSHFS mount command, I make a local copy on the satellite so the password is available if my central server is not. Note, if my primary home workstation becomes unavailable, and I need to modify the database in any way, I will need to manually merge my KeePassX databases.
My previous architecture is described above. Adding a dual-boot Windows 7 installation to the mix gives me a number of challenges:
- There is the problem of sharing the database between both OSes (Windows 7 and Debian), such that both versions of KeePassX operate without having to redirect KeePassX to a different location (C:\Users\trey\keepass in Windows, and /home/trey/keepass in Debian).
- Making the database available via SSHFS will pose a challenge on the Windows side.
- Making backups of the database may be difficult from the Windows side
My solutions to the above:
- Sharing the database between the two systems is relatively straightforward. This is where Linux plays the glue system, and makes up for the inadequacies of others. Windows 7 will store the master password database here: C:\Users\trey\keepass\. I can mount the C: drive in Linux (the ntfs-3g filesystem driver is quite mature), and then bind mount the Windows directory to /home/trey/keepass/. Here are the relevant /etc/fstab entries:
/dev/sda2 /windows ntfs defaults,uid=1000 0 0
/windows/Users/trey/keepass /home/trey/keepass none bind 0 0
If I’m booted into Linux, everything is as it was. I don’t anticipate that the database actually residing on an NTFS volume to be a concern, but usage may dictate otherwise.
- Making the directory available from the Debian side is already done, and works as expected. Doing so from Windows is a bit more difficult. I’ll need to install OpenSSH in Cygwin, which is done, but it’s not configured. I’ll first need to expose C:\Users\trey\keepass in the Cygwin filesystem tree. I’ll also need to copy the various SSH keys into the Cygwin environment, so my satellite devices don’t know (or care) when they mount the SSHFS volume. I’m currently writing this from Debian; I’ll need to reboot into Windows and continue this post later.
- I have no idea how my general rsnapshot backup will work if Windows is booted. I’ll have to think of that later, but assuming the keepass directory is properly exposed in Windows/Cygwin, it should be OK.
On to the Windows side…
For my first post, I will discuss how I installed this website on my Debian Sid installation on my EDIS Virtual Private Server (VPS). I first started with the EDIS VRS STARTER, which includes 512MB RAM, with a 10GB disk, 1Gbps network bandwidth, and 2TB total bandwidth allowed per period. Not much to work with, but it’s only ~$7 per month! The nice thing is, the Wheezy image I started with only takes up 200MB of disk space, so there’s plenty to work with.
Here’s the procedure I followed:
- First thing was to install my bare essentials. This includes vim and tmux. I installed them with the following command, as root:
aptitude install vim tmux
- Now that vim was installed, I could remove nano and edit /etc/apt/sources.list properly:
# aptitude purge nano # DIE EVIL NANO!
# vim /etc/apt/sources.list
The /etc/apt/sources.list file ended up like this:
deb http://debian.uchicago.edu/debian sid main contrib
Since this server is in Chicago, IL, USA, I changed the Debian repository server from ftp.at.debian.org (EDIS is based in Austria). The “contrib” parameter was used because several key MySQL components (necessary for WordPress) are not available in the “main” repository because of licensing issues. With that I added the following alias to root’s bash run control file (~/.bashrc):
alias upgrade='aptitude update && aptitude full-upgrade'
I do the above on all of the Debian servers and workstations I manage, to make it a simple matter to update the system to the latest available packages. Sourcing the .bashrc file
source .bashrc(or what I really use)
. .bashrc loaded the new alias. Executing the “upgrade” alias proceeded to update my Wheezy install to Sid, and took about twenty minutes or so. Note that
lsb_release -a still returns Wheezy; I’ll have to investigate that when I have time.
Now that my machine had been updated, I rebooted it to load the new kernel (with the command
reboot. Next, I installed wordpress and mysql. I note that mysql-server is *not* a dependency of wordpress (it merely suggests mysql-server); I discovered this when I tried to start WordPress for the first time and noticed mysql-server was not installed (this led me to adding “contrib” to sources.list above). The command below installed many libraries and helper packages, including apache2 and php5 related packages:
# aptitude install wordpress mysql-server libssh2-php
I installed libssh2-php since I wanted to use SSH keys for WordPress to apply updates, plugins, and themes (rather than use FTP or FTPS [I’ve always found installing and securing FTP repositories to be a major pain]). I was then ready to set up apache.
- Setting up apache was as simple as creating the /etc/apache2/sites-available/eldon.me:
RedirectPermanent / https://eldon.me
Customlog /var/log/apache2/eldon.me-ssh-access.log combined
AllowOverride Limit Options FileInfo
I obtained my SSL certificates from StartSSL, based in Israel. The main reason I use them is they offer level 1 certificates for personal use completely free/gratis! The only downside is that many older, out of date browsers and smartphones don’t recognize their certificate authority credentials, which means many browsers issue an SSL warning (as if the site used self-signed certificates). If that becomes a major problem, I may switch.
The next step was to enable the site:
# a2ensite eldon.me
- The next step is to set up the WordPress MySQL user and database (adapted from here). In Debian, when mysql-server is installed apt/dpkg directs you to set root’s password for the MySQL server. The first command below will prompt for that password:
# mysql -p
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 308
Server version: 5.5.29-1 (Debian)
Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> create database eldon;
Query OK, 1 row affected (0.00 sec)
mysql> grant all privileges on eldon.* to "wp_agent"@"localhost"
-> identified by "SUPERSECRETPASSWORD";
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.01 sec)
Since wordpress installs to /usr/share/wordpress on Debian, I made a symlink, and then restarted apache2:
ln -s /usr/share/wordpress /var/www/eldon.me
service apache2 restart
If I want to add other sites to this VPS, I’ll just need to set up the site as above, and place it in /var/www/. Note thttps://www.startssl.com/hat I’ll have to be careful when setting up SSL. I had originally found that multiple SSL sites on a single IP was impossible. However, when I tried to find the page that explained that, I found this post instead: “Configure Apache to Support Multiple SSL sites on a single IP address”. I could have saved some money, but having multiple VPS services makes sure I have access to one of them should the other go down (I use my other VPS for IRC as well).
- Now, I could finally set up WordPress. I navigated here (you’ll see that it has already been set up). I won’t go into setting up WordPress from there, but this is precisely the same as “Run the Install Script”.
And that’s it for now! Hopefully I didn’t miss any steps.