One place for hosting & domains

      July 2019

      Add CAA Records in the Linode Cloud Manager


      Updated by Linode

      Written by Linode

      Certification Authority Authorization (CAA) is a type of DNS record that allows the owner of a domain to specify which certificate authority (or authorities) are allowed to issue SSL/TLS certificates for their domain(s). This quick answer shows you how to set up CAA records on your Linode.

      Add a Single CAA Record

      1. Log in to the Linode Cloud Manager

      2. Select the Domains link in the sidebar.

      3. Select the domain you want to add the record to, or add a domain if you don’t already have one listed.

      4. Under the CAA Record section, select Add a CAA record. A form with the following fields will appear:

        Name: The subdomain you want the CAA record to cover. To apply it to your entire website (for example: example.com), leave this field blank. To limit the record’s application to a subdomain on your site, (for example: subdomain.example.com), enter the subdomain’s name into the form field (for example: subdomain).

        Tag:

        • issue – Authorize the certificate authority entered in the Value field further below to issue TLS certificates for your site.

        • issuewild – Same as above, with the exception that you were issued a wildcard certificate.

        • iodef – URL where your CA can report security policy violations to you concerning certificate issue requests.

        Value: If the issue or issuewild tag was selected above, then the Value field takes the domain of your certificate issuer (for example: letsencrypt.org). If the iodef tag was selected, the Value field takes a contact or submission URL (http or mailto).

        TTL (Time to Live): Time in seconds that your new CAA record will be cached by Linode’s name servers before being refreshed. The Default selection’s TTL is 300 seconds, which is fine for most cases. You can use the dig command to view the remaining time your DNS records will be cached until refreshed. Replace linode.com with your site’s domain or subdomain in the command below:

        root@debian:~# dig +nocmd +noall +answer example.com
        example.com.     167 IN  A   203.0.113.1
        
      5. Click the Save button when finished. The CAA record should be fully propagated within the TTL duration.

      Add Multiple CAA Records

      Multiple CAA records must be added individually. If your site example.com was issued a TLS certificate by Let’s Encrypt, but your subdomain store.example.com uses a Symantec certificate, you would need two different CAA records. A reporting URL for the iodef tag would also need its own record. Those three would look something like this:

      Multiple CAA records

      More Information

      You may wish to consult the following resources for additional information on this topic. While these are provided in the hope that they will be useful, please note that we cannot vouch for the accuracy or timeliness of externally hosted materials.

      Find answers, ask questions, and help others.

      This guide is published under a CC BY-ND 4.0 license.



      Source link

      How To Set Up Time Synchronization on Debian 10


      Introduction

      Accurate timekeeping has become a critical component of modern software deployments. Whether it’s making sure logs are recorded in the right order or database updates are applied correctly, out-of-sync time can cause errors, data corruption, and other difficult issues to debug.

      Debian 10 has time synchronization built in and activated by default using the standard ntpd time server, provided by the ntp package. In this article we will look at some basic time-related commands, verify that ntpd is active and connected to peers, and learn how to activate the alternate systemd-timesyncd network time service.

      Prerequisites

      Before starting this tutorial, you will need a Debian 10 server with a non-root, sudo-enabled user, as described in this Debian 10 server setup tutorial.

      Step 1 — Navigating Basic Time Commands

      The most basic command for finding out the time on your server is date. Any user can type this command to print out the date and time:

      Output

      Wed 31 Jul 2019 06:03:19 PM UTC

      Most often your server will default to the UTC time zone, as highlighted in the above output. UTC is Coordinated Universal Time, the time at zero degrees longitude. Consistently using Universal Time reduces confusion when your infrastructure spans multiple time zones.

      If you have different requirements and need to change the time zone, you can use the timedatectl command to do so.

      First, list the available time zones:

      • timedatectl list-timezones

      A list of time zones will print to your screen. You can press SPACE to page down, and b to page up. Once you find the correct time zone, make note of it then type q to exit the list.

      Now set the time zone with timedatectl set-timezone, making sure to replace the highlighted portion below with the time zone you found in the list. You'll need to use sudo with timedatectl to make this change:

      • sudo timedatectl set-timezone America/New_York

      You can verify your changes by running date again:

      Output

      Wed 31 Jul 2019 02:08:43 PM EDT

      The time zone abbreviation should reflect the newly chosen value.

      Now that we know how to check the clock and set time zones, let’s make sure our time is being synchronized properly.

      Step 2 — Checking the Status of ntpd

      By default, Debian 10 runs the standard ntpd server to keep your system time synchronized with a pool of external time servers. We can check that it's running with the systemctl command:

      • sudo systemctl status ntp

      Output

      ● ntp.service - Network Time Service Loaded: loaded (/lib/systemd/system/ntp.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2019-07-31 13:57:08 EDT; 17min ago Docs: man:ntpd(8) Main PID: 429 (ntpd) Tasks: 2 (limit: 1168) Memory: 2.1M CGroup: /system.slice/ntp.service └─429 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 106:112 . . .

      The active (running) status indicates that ntpd started up properly. To get more information about the status of ntpd we can use the ntpq command:

      Output

      remote refid st t when poll reach delay offset jitter ============================================================================== 0.debian.pool.n .POOL. 16 p - 64 0 0.000 0.000 0.000 1.debian.pool.n .POOL. 16 p - 64 0 0.000 0.000 0.000 2.debian.pool.n .POOL. 16 p - 64 0 0.000 0.000 0.000 3.debian.pool.n .POOL. 16 p - 64 0 0.000 0.000 0.000 +208.67.72.50 152.2.133.55 2 u 12 64 377 39.381 1.696 0.674 +198.46.223.227 204.9.54.119 2 u 6 64 377 22.671 3.536 1.818 -zinc.frizzen.ne 108.61.56.35 3 u 43 64 377 12.012 1.268 2.553 -pyramid.latt.ne 204.123.2.72 2 u 11 64 377 69.922 2.858 0.604 +nu.binary.net 128.252.19.1 2 u 10 64 377 35.362 3.148 0.587 #107.155.79.108 129.7.1.66 2 u 65 64 377 42.380 1.638 1.014 +t1.time.bf1.yah 98.139.133.62 2 u 6 64 377 11.233 3.305 1.118 *sombrero.spider 129.6.15.30 2 u 47 64 377 1.304 2.941 0.889 +hydrogen.consta 209.51.161.238 2 u 45 64 377 1.830 2.280 1.026 -4.53.160.75 142.66.101.13 2 u 42 64 377 29.077 2.997 0.789 #horp-bsd01.horp 146.186.222.14 2 u 39 64 377 16.165 4.189 0.717 -ntpool1.603.new 204.9.54.119 2 u 46 64 377 27.914 3.717 0.939

      ntpq is a query tool for ntpd. The -p flag asks for information about the NTP servers (or peers) ntpd is connected to. Your output will be slightly different, but should list the default Debian pool servers plus a few others. Bear in mind that it can take a few minutes for ntpd to establish connections.

      Step 3 — Switching to systemd-timesyncd

      It is possible to use systemd's built-in timesyncd component to replace ntpd. timesyncd is a lighter-weight alternative to ntpd that is more integrated with systemd. Note, however, that it doesn't support running as a time server, and it is slightly less sophisticated in the techniques it uses to keep your system time in sync. If you are running complex real-time distributed systems, you may want to stick with ntpd.

      To use timesyncd, we must first uninstall ntpd:

      Then, start up the timesyncd service:

      • sudo systemctl start systemd-timesyncd

      Finally, check the status of the service to make sure it's running:

      • sudo systemctl status systemd-timesyncd

      Output

      ● systemd-timesyncd.service - Network Time Synchronization Loaded: loaded (/lib/systemd/system/systemd-timesyncd.service; enabled; vendor preset: enabled) Drop-In: /usr/lib/systemd/system/systemd-timesyncd.service.d └─disable-with-time-daemon.conf Active: active (running) since Wed 2019-07-31 14:21:37 EDT; 6s ago Docs: man:systemd-timesyncd.service(8) Main PID: 1681 (systemd-timesyn) Status: "Synchronized to time server for the first time 96.245.170.99:123 (0.debian.pool.ntp.org)." Tasks: 2 (limit: 1168) Memory: 1.3M CGroup: /system.slice/systemd-timesyncd.service └─1681 /lib/systemd/systemd-timesyncd

      We can use timedatectl to print out systemd's current understanding of the time:

      Output

      Local time: Wed 2019-07-31 14:22:15 EDT Universal time: Wed 2019-07-31 18:22:15 UTC RTC time: n/a Time zone: America/New_York (EDT, -0400) System clock synchronized: yes NTP service: active RTC in local TZ: no

      This prints out the local time, universal time (which may be the same as local time, if you didn't switch from the UTC time zone), and some network time status information. System clock synchronized: yes means that the time has been successfully synced, and NTP service: active means that timesyncd is enabled and running.

      Conclusion

      In this article we’ve shown how to view the system time, change time zones, work with ntpd, and switch to systemd's timesyncd service. If you have more sophisticated timekeeping needs than what we’ve covered here, you might refer to the offical NTP documentation, and also take a look at the NTP Pool Project, a global group of volunteers providing much of the world's NTP infrastructure.



      Source link

      How To Install Ruby on Rails with rbenv on macOS


      Introduction

      Ruby on Rails is a popular application stack for developers looking to create sites and web apps. The Ruby programming language, combined with the Rails development framework, makes app development quick and efficient.

      One way to install Ruby and Rails is with the command-line tool rbenv. Using rbenv will provide you with a well-controlled and robust environment for developing your Ruby on Rails applications, allowing you to easily switch the version of Ruby for your entire team when needed.

      rbenv provides support for specifying application-specific versions of Ruby, lets you change the global Ruby for each user, and allows you to use an environment variable to override the Ruby version.

      In this tutorial, you will use rbenv to install and set up Ruby on Rails on your local macOS machine.

      Prerequisites

      To follow this tutorial, you will need:

      Step 1 — Installing rbenv

      In this step, you will install rbenv and make sure that it starts automatically at boot. To do this on macOS, this tutorial will use the package manager Homebrew.

      To download the rbenv package with Homebrew, run the following command:

      This will install rbenv and the ruby-build plugin. This plugin adds therbenv install command, which streamlines the installation process for new versions of Ruby.

      Next, you'll add the command eval "$(rbenv init -)" to your ~/.bash_profile file to make rbenv load automatically when you open up the Terminal. To do this, open your .bash_profile in your favorite text editor:

      Add the following line to the file:

      ~/.bash_profile

      eval "$(rbenv init -)"
      

      Save and quit the file.

      Next, apply the changes you made to your ~/.bash_profile file to your current shell session:

      To verify that rbenv is set up properly, use the type command, which will display more information about the rbenv command:

      Your terminal window will display the following:

      Output

      rbenv is a function rbenv () { local command; command="${1:-}"; if [ "$#" -gt 0 ]; then shift; fi; case "$command" in rehash | shell) eval "$(rbenv "sh-$command" "$@")" ;; *) command rbenv "$command" "$@" ;; esac }

      At this point, you have both rbenv and ruby-build installed on your machine. This will allow you to install Ruby from the command line in the next step.

      Step 2 — Installing Ruby

      With the ruby-build plugin now installed, you can install any version of Ruby you may need through a single command. In this step, you will choose a version of Ruby, install it on your machine, and then verify the installation.

      First, use the -l flag to list all the available versions of Ruby:

      The output of that command will be a long list of versions that you can choose to install.

      For this tutorial, install Ruby 2.6.3:

      Installing Ruby can be a lengthy process, so be prepared for the installation to take some time to complete.

      Once it's done installing, set it as your default version of Ruby with the global sub-command:

      Verify that Ruby was properly installed by checking its version number:

      Your output will look something like this:

      Output

      ruby 2.6.3p62 (2019-04-16 revision 67580) [x86_64-darwin18]

      To install and use a different version of Ruby, run the rbenv commands with a different version number, such as rbenv install 2.3.0 and rbenv global 2.3.0.

      You now have one version of Ruby installed and have set your default Ruby version. Next, you will set yourself up to work with Ruby packages and libraries, or gems, which will then allow you to install Rails.

      Step 3 — Working with Gems

      Gems are packages of Ruby libraries and programs that can be distributed throughout the Ruby ecosystem. You use the gem command to manage these gems. In this step, you will configure the gem command to prepare for the Rails installation.

      When you install a gem, the installation process generates local documentation. This can add a significant amount of time to each gem's installation process, so turn off local documentation generation by creating a file called ~/.gemrc which contains a configuration setting to turn off this feature:

      • echo "gem: --no-document" > ~/.gemrc

      With that done, use the gem command to install Bundler, a tool that manages gem dependencies for projects. This is needed for Rails to work correctly:

      You'll see output like this:

      Output

      Fetching: bundler-2.0.2.gem Successfully installed bundler-2.0.2 1 gem installed

      You can use the gem env command to learn more about the environment and configuration of gems. To see the location of installed gems, use the home argument, like this:

      You'll see output similar to this:

      /Users/sammy/.rbenv/versions/2.6.3/lib/ruby/gems/2.6.0
      

      Now that you have set up and explored your gem workflow, you are free to install Rails.

      Step 4 — Installing Rails

      In this step, you will install Rails, verify the installation, and prepare it for use.

      To install the most recent version of Rails, use the gem install command:

      The gem command installs the gem you specify, as well as every dependency. Rails is a complex web development framework and has many dependencies, so the process will take some time to complete. Eventually you'll see a message stating that Rails is installed, along with its dependencies:

      Output

      ... Successfully installed rails-5.2.3 38 gems installed

      Note: If you would like to install a specific version of Rails, you can list its valid versions by doing a search, which will output a long list of options:

      • gem search '^rails$' --all

      You could then install a specific version, such as 4.2.7:

      • gem install rails -v 4.2.7

      rbenv works by creating a directory of shims, or libraries that intercept calls and change or redirect them. In this case, shims point Ruby commands to the files used by the Ruby version that's currently enabled. Through the rehash sub-command, rbenv maintains shims in that directory to match every Ruby command across every installed version of Ruby on your server. Whenever you install a new version of Ruby or a gem that provides commands, such as Rails, you should use rehash.

      To rehash the directory of shims, run the following command:

      Verify your installation of Rails by printing its version with this command:

      You will see the version of Rails that was installed:

      Output

      Rails 5.2.3

      With Rails successfully installed, you can begin testing your Ruby on Rails installation and start to develop web applications. In the next step, you will learn how to update and uninstall rbenv and Ruby.

      Step 5 — Updating and Uninstalling rbenv and Ruby

      When maintaining projects, it is useful to know how to update and uninstall when the need arises. In this step, you will upgrade rbenv, then uninstall Ruby and rbenv from your machine.

      You can upgrade rbenv and ruby-build using Homebrew by running the following command:

      • brew upgrade rbenv ruby-build

      If rbenv or ruby-build need to be updated, Homebrew will do it for you automatically. If your set up is already up to date, you will get output similar to the following:

      Output

      Error: rbenv 1.1.2 already installed Error: ruby-build 20190615 already installed

      This will ensure that we are using the most up-to-date version of rbenv available.

      As you download additional versions of Ruby, you may accumulate more versions than you would like in your ~/.rbenv/versions directory. Using the ruby-build plugin's uninstall subcommand, you can remove these previous versions.

      For example, run the following to uninstall Ruby version 2.1.3:

      With the rbenv uninstall command you can clean up old versions of Ruby so that you do not have more installed than you are currently using.

      If you've decided you no longer want to use rbenv, you can remove it from your system.

      To do this, first open your ~/.bash_profile file in your editor:

      Find and remove the following line from the file to stop rbenv from starting when you open the Terminal:

      ~/.bash_profile

      ...
      eval "$(rbenv init -)"
      

      Once you have deleted this line, save the file and exit the editor.

      Run the following command to apply the changes to your shell:

      Next, remove rbenv and all installed Ruby versions with this command:

      Finally, remove the rbenv package itself with Homebrew:

      Check the rbenv version to make sure that it has been uninstalled:

      You will get the following output:

      Output

      -bash: /usr/local/bin/rbenv: No such file or directory

      This means that you have successfully removed rbenv from your machine.

      Conclusion

      In this tutorial you installed Ruby on Rails with rbenv on macOS. From here, you can learn more about coding in Ruby with our How To Code in Ruby series. You can also explore how to use Ruby on Rails with PostgreSQL rather than its default sqlite3 database, which provides more scalability, centralization, and stability for your applications.



      Source link