Ramblings from an IT manager and long time developer.


Using Lets Encrypt to secure cloud-hosted services like Ubiquiti’s mFi, Unifi and Unifi Video

Original post can be found here

Updated Jul 31, 2016: Moved away from letsencrypt-auto and switched to certbot, updated the auto-renewal script, and changed the suggested cron time to weekly. Also made mention that mFi series has been discontinued. Finally, fixed the install instructions for Unifi Video.

Wow – I got myself a free signed SSL cert for my WiFi controller!

Lets Encrypt recently was released and is definitely super interesting. They basically issue SSL Certificates for free. SSL Certs typically would cost hundreds of dollars per domain and even more for Wildcard certificates. It’s insane, it’s essentially an entire industry predecated around artificial pricing for something that is essentially zero cost to generate and maintain. Not to mention holding back security and encryption on the web since not just anyone can afford hundreds of dollars a year for a cert. This entire industry is holding back progress at a massive scale, so we’re going to fix that 🙂

With Lets Encrypt, this is all free now. As cost is no longer a problem, we can encrypt other communication like router config landing pages and other services. No need for self-signed certificates that your browser freaks out about when navigating to. Now we can have real certs!

As I’m a big fan of Ubiquiti products, I’m going to show some examples in this article for how to use Lets Encrypt to generate certificates that are compatible with the mFi automation stuff, Ubiquiti’s Unifi wificontroller and their Unifi Video series for surveillance. Ubiquiti, as they’re an enterprise company, [imo wrongly] expects companies to want to host the backing controller software for these devices on-site. We’re going to host them on EC2 though, so we don’t need to manage servers or have people tripping over power cables. Since we’re on the internet though, we need proper SSL to prevent the NSA and all their shenanigans.

Ubiquiti’s mFi, Unifi wireless and Unifi Video micro camera. They all need a hosted controller.

Note: This article will be specific to configuring Ubiquiti’s services, but the Lets Encrypt instructions are the same regardless of what kind of service you might want.

Note: Also heads up that the mFi line of products has currently been discontinued by Ubiquiti. Instructions here should still work though.

So, lets get started!

Part A: Provisioning an EC2 server w/ Lets Encrypt

Lets Encrypt is somewhat unusual in the way it works. Essentially yes, they give out free certificates, but they need to be renewed every 3 months. Not sure why this is, but my guess is it has something to do with that they’re free. As such, on whatever server you’re using to host your service, you’ll need to have a cronjob that runs Lets Encrypt on that server. Otherwise your cert will expire, and you’re going to have a bad time.

Go to AWS EC2 and create an instance. For Ubiquiti products, I’ve found that even one t2.micromachine can run all three of the servers we’ll be deal with in this artice. If configured right, you might even be able to stay in the AWS Free Tier

  • Type: t2.micro
  • OS: Ubuntu Server 14.04 LTS
  • Storage: ~30GB (maybe more if you’ll be doing a lot of video recording)
  • Ports to open: At least port 443 for the Lets Encrypt verification, but depending on the Ubiquiti service (all TCP unless otherwise specified):
    • mFi: 6080, 6443
    • Unifi: 8081, 8080, 8443, 8880, 8843, 3478 (UDP)
    • Unifi Video: 6666, 7080, 7443, 7445, 7446, 7447

Part B: Install the Ubiquiti services you’d like

You’ll need to add Ubiquiti’s repositories so you can use apt-get to easily install the right services.

  • mFi:
    echo \'deb ubuntu ubiquiti\' | sudo tee -a /etc/apt/sources.list.d/100-ubnt.list
    sudo apt-key adv --keyserver --recv C0A52C50
    sudo apt-get update
    sudo apt-get install mfi


  • Unifi:

    # note that you can change stable to unifi5 for v5
    echo \'deb stable ubiquiti\' | sudo tee -a /etc/apt/sources.list.d/100-ubnt.list
    sudo apt-key adv --keyserver --recv C0A52C50
    sudo apt-get update
    sudo apt-get install unifi
  • Unifi Video:
    # visit for the latest version instructions.
    # here\'s version 3.3, though there may be a newer version by now:
    sudo dpkg -i unifi-video_3.3.0~Debian7_amd64.deb

After the installation of the packages you want, you should be able to go to the https endpoint to see the page. It’ll be: https://:6443 for mFi, https://:8443 for Unifi, and https://:7443 for Unifi Video.

Problem is, you’re using a self-signed certificate, so your web browser will complain. Next, we’re going to use Lets Encrypt to get a real certificate.

Self-signed cert’s not so hot. ;(

Part C: Generating the signed certificate with Lets Encrypt

Lets install Lets Encrypt now. Reminder that this needs to be done on this server, not your local machine. We’ll be using certbot and essentially the instructions there.

chmod a x certbot-auto

That last line will configure certbot and also install some dependencies.

Now, using certbot, we generate the signed certificate. So lets run the wizard:

./certbot-auto certonly

Select option 2 (to use a temporary webserver), then enter your email (so you get alerts if things go wrong), agree to the agreement, then finally type in your domain name (along with the subdomain). If everything went well you should get a Congratulations message.

Part D: Load the certs into the services

The Ubiquiti services are Java-based and they use the Java Keystore as a way of storing the private keys and certificates. We first need to generate a PKCS #12 certificate from the raw ones we just received:

sudo openssl pkcs12 -export -inkey /etc/letsencrypt/live/ -in /etc/letsencrypt/live/ -out /home/ubuntu/cert.p12 -name ubnt -password pass:temppass

Again, don’t forget to replace with your domain name. Everything else can remain as-is.

Now for each service you’ll need to load the PKCS #12 certificate into its own keystore.

  • mFi:
    sudo keytool -importkeystore -deststorepass aircontrolenterprise -destkeypass aircontrolenterprise -destkeystore /var/lib/mfi/keystore -srckeystore /home/ubuntu/cert.p12 -srcstoretype PKCS12 -srcstorepass temppass -alias ubnt -noprompt
  • Unifi:
    sudo keytool -importkeystore -deststorepass aircontrolenterprise -destkeypass aircontrolenterprise -destkeystore /var/lib/unifi/keystore -srckeystore /home/ubuntu/cert.p12 -srcstoretype PKCS12 -srcstorepass temppass -alias ubnt -noprompt
  • Unifi Video:
    sudo keytool -importkeystore -deststorepass ubiquiti -destkeypass ubiquiti -destkeystore /var/lib/unifi-video/keystore -srckeystore /home/ubuntu/cert.p12 -srcstoretype PKCS12 -srcstorepass temppass -alias ubnt -noprompt


Basically all that’s different is the keystore location of the service, and the password Ubiquiti uses to protect it.

Finally, delete the PKCS #12 files (since they’ve already been imported), and restart the services (as appropriate)

sudo rm /home/ubuntu/cert.p12
sudo /etc/init.d/mfi restart
sudo /etc/init.d/unifi restart
sudo /etc/init.d/unifi-video restart


That’s basically it! You should go to those same urls as before and you’ll now hopefully have your browser not complaining. 🙂

The browser likes it!

Part E: Automating Lets Encrypt certificate renewal

As mentioned before, Lets Encrypt certificates only last 3 months. As such, we’ll need to get this machine to attempt to renew the certificates probably weekly and then place the new certs back into services. It’s essentially doing parts C and D on a scheduled job using cron. Weekly can seem like a lot, but it’ll fail fast if no renewal is necessary.

Create a new file /home/ubuntu/ and customize it according to what you used in Parts C and D. No sudo needed since cron will run it automatically as a super user. Use full paths to files. Here’s an example:

# Get the certificate from LetsEncrypt
/home/ubuntu/certbot-auto renew --quiet --no-self-upgrade

# Convert cert to PKCS #12 format
openssl pkcs12 -export -inkey /etc/letsencrypt/live/ -in /etc/letsencrypt/live/ -out /home/ubuntu/cert.p12 -name ubnt -password pass:temppass

# Load it into the java keystore that UBNT understands
keytool -importkeystore -deststorepass aircontrolenterprise -destkeypass aircontrolenterprise -destkeystore /var/lib/mfi/keystore -srckeystore /home/ubuntu/cert.p12 -srcstoretype PKCS12 -srcstorepass temppass -alias ubnt -noprompt
keytool -importkeystore -deststorepass aircontrolenterprise -destkeypass aircontrolenterprise -destkeystore /var/lib/unifi/keystore -srckeystore /home/ubuntu/cert.p12 -srcstoretype PKCS12 -srcstorepass temppass -alias ubnt -noprompt
keytool -importkeystore -deststorepass ubiquiti -destkeypass ubiquiti -destkeystore /var/lib/unifi-video/keystore -srckeystore /home/ubuntu/cert.p12 -srcstoretype PKCS12 -srcstorepass temppass -alias ubnt -noprompt

# Clean up and use new cert
rm /home/ubuntu/cert.p12
/etc/init.d/mfi restart
/etc/init.d/unifi restart
/etc/init.d/unifi-video restart

Make sure to make this executable:

sudo chmod x /home/ubuntu/

Lets start modifying the crontab file with sudo crontab -e and put the following at the bottom:

1 1 * * 1 /home/ubuntu/

This will schedule the certificate renewal every week on Monday at 1:01am

And now you’re really done! You have a free SSL certificate by Lets Encrypt being automatically renewed and assigned to the different services on a monthly basis.

Thanks for reading!


AD Domain Join Ubuntu with DNS update

Here are a couple of useful articles to help with this task

Untested script 🙂

; Set the following values to match your env
DOMAIN_NAME=<my domain name in lower case>
DOMAIN_NAME_UC=<my domain name in uppercase>
DOMAIN_USER=<valid domain user that can join domain>

hostnamectl set-hostname $HOSTNAME

; Install Components
sudo apt-get install krb5-user samba sssd sssd-tools libnss-sss libpam-sss ntp ntpdate realmd adcli

; Update NTP Config
sed -e '\|server $DOMAIN_NAME|h; ${x;s/incl//;{g;t};a\' -e 'server $DOMAIN_NAME' -e '}' /etc/ntp.conf > /etc/ntp.conf

; Force an NTP Update
sudo systemctl stop ntp
sudo ntpdate $DOMAIN_NAME
sudo systemctl start ntp

; Find the Domain
sudo realm discover $DOMAIN_NAME_UC

; Join the Domain (Note: this might fail here due to kinit requiring a password -- if so, just run everything after this manually for now)
sudo realm join --verbose $DOMAIN_NAME_UC -U $DOMAIN_USER --install=/

; Edit the SSD
; Comment out the following line
; use_fully_qualified_names = True
sed -i '/^use_fully_qualified_names = True/s/^/#/g' /etc/sssd/sssd.conf 
sudo service sssd restart

; Setup Home Directory
; Add the following line in this /etc/pam.d/common-session below the line 'session optional' and save it:
session required skel=/etc/skel/ umask=0077
sed -i '/session optional.* some session required skel=/etc/skel/ umask=0077' /etc/pam.d/common-session

; Add suport for Domain Admins to /etc/sudoers
; Add 'AAD DC Administrators' group members as admins.
; %Domain\ Admins ALL=(ALL) NOPASSWD:ALL
sed -e '\|\%Domain\ Admins ALL=(ALL) NOPASSWD:ALL|h; ${x;s/incl//;{g;t};a\' -e '\%Domain\ Admins ALL=(ALL) NOPASSWD:ALL' -e '}' /etc/sudoers > /etc/sudoers

Note: To remove a ubuntu computer from the domain here’s what I did :

  • realm –verbose leave lan.domain.tld
  • deleted computer entry in AD
  • updated /etc/hostname file
  • updated /etc/hosts file
  • reboot, checked new hostname is valid
  • realm –verbose join lan.domain.tld –user-principal=NEWHOSTNAME/administrator@LAN.DOMAIN.TLD –unattended
  • reboot


Setting up ASSP, Postfix with SMTP auth for a remote server


Register Linux (Ubuntu) server with Windows DNS

If you are looking for a script to help register your linux box with a windows DNS sever than you have come to the right place.

Note: For this to work you need to have enabled Windows DNS to allow unsecure updates

Note: This script ASSUMES that your /etc/network/interfaces is setup for static IP and has dns-nameservers and dns-search setup


# The primary network interface
auto eth0
iface eth0 inet static
        # dns-* options are implemented by the resolvconf package, if installed
        dns-nameservers #my Windows DNS server
        dns-search corp.local # my DNS zone that I want to update

Step 1: create a folder calls /var/scripts

sudo vi /var/scripts

Step 2: create a script file called

sudo vi /var/scripts/

Step 3: paste the following into the script file

ADDR=`/sbin/ifconfig eth0 | grep 'inet addr' | awk '{print $2}' | sed -e s/.*://`
HOST=`hostname -f`
DNSSERVER=`grep '[^#]dns-nameservers' /etc/network/interfaces | awk '{print $2}' | head -1`
DNSZONE=`grep '[^#]dns-search' /etc/network/interfaces | awk '{print $2}' | head -1`
echo "server $DNSSERVER" > /var/scripts/nsupdate.txt
echo "zone $DNSZONE" >> /var/scripts/nsupdate.txt
echo "update delete $HOST A" >> /var/scripts/nsupdate.txt
echo "update add $HOST 600 A $ADDR" >> /var/scripts/nsupdate.txt
echo "show" >> /var/scripts/nsupdate.txt
echo "send" >> /var/scripts/nsupdate.txt
nsupdate /var/scripts/nsupdate.txt

Step 4: Enable the script for execution

sudo chmod +x /var/scripts/

Step 5: Run the script (or schedule it via cron)

sudo /var/scripts/dns-update.sh1



Pretty good backup script for linux folders

This was originally taken from here with some modifications by me

Automating backups with tar

It is always interesting to automate the tasks of a backup. Automation offers enormous opportunities for using your Linux server to achieve the goals you set. The following example below is our backup script, called backup.cron. This script is designed to run on any computer by changing only the five variables:


We suggest that you set this script up and run it at the beginning of the month for the first time, and then run it for a month before making major changes. In our example below we do the backup to a directory on the local server BACKUPDIR, but you could modify this script to do it to a tape on the local server or via an NFS mounted file system.

  1. Create the backup script backup.cron file, touch /etc/cron.daily/backup.cron and add the following lines to this backup file:
    # full and incremental backup script
    # created 07 February 2000
    # Based on a script by Daniel O'Callaghan <>
    # and modified by Gerhard Mourani <>
    # and modified by Shawn Anderson <> on 2016-08-14
    #Change the 5 variables below to fit your computer/backup
    COMPUTER=$(hostname) # name of this computer
    BACKUPSET=HOMEDIR # name of the backup set
    DIRECTORIES="/home" # directories to backup
    BACKUPDIR=/backups # where to store the backups
    TIMEDIR=/backups/last-full # where to store time of full backup
    TAR=/bin/tar # name and location of tar
    #You should not have to change anything below here
    DOW=`date +%a` # Day of the week e.g. Mon
    DOM=`date +%d` # Date of the Month e.g. 27
    DM=`date +%d%b` # Date and Month e.g. 27Sep
    #Set various things up
    # Is PV installed?
    type pv &gt;/dev/null 2>&1 || sudo apt-get install pv
    # Do the required paths exist
    if [ ! -d $BACKUPDIR ]; then
       mkdir $BACKUPDIR
    if [ ! -d $TIMEDIR ]; then
       mkdir $TIMEDIR
    # On the 1st of the month a permanent full backup is made
    # Every Sunday a full backup is made - overwriting last Sundays backup
    # The rest of the time an incremental backup is made. Each incremental
    # backup overwrites last weeks incremental backup of the same name.
    # if NEWER = "", then tar backs up all files in the directories
    # otherwise it backs up files newer than the NEWER date. NEWER
    # gets it date from the file written every Sunday.
    # Monthly full backup
    if [ $DOM = "01" ]; then
       $TAR $NEWER cf - -C $DIRECTORIES/* | pv -s $(du -sb $DIRECTORIES | awk '{print $1}') | gzip > $BACKUPDIR/$BACKUPSET-$COMPUTER-$DM.tgz
    # Weekly full backup
    if [ $DOW = "Sun" ]; then
       NOW=`date +%d-%b`
       # Update full backup date
       echo $NOW &gt; $TIMEDIR/$COMPUTER-full-date
       $TAR $NEWER cf - -C $DIRECTORIES/* | pv -s $(du -sb $DIRECTORIES | awk '{print $1}') | gzip > $BACKUPDIR/$BACKUPSET-$COMPUTER-$DOW.tgz
    # Make incremental backup - overwrite last weeks
       # Get date of last full backup
       NEWER="--newer `cat $TIMEDIR/$COMPUTER-full-date`"
       $TAR $NEWER cf - -C $DIRECTORIES/* | pv -s $(du -sb $DIRECTORIES | awk '{print $1}') | gzip > $BACKUPDIR/$BACKUPSET-$COMPUTER-$DOW.tgz
    # Remove backup files older than 90 days (this really shouldn't be necessary unless something
    # isn't right with the auto-rotation. I have it in just for good measures
    find $BACKUPDIR/$BACKUPSET-$COMPUTER* -mtime +90 -exec rm {} \;
    Example 33-1. Backup directory of a week
    Here is an abbreviated look of the backup directory after one week:

    total 22217
    -rw-r--r-- 1 root root 10731288 Feb 7 11:24 deep-HOMEDIR-01Feb.<b class="command">tar</b>
    -rw-r--r-- 1 root root 6879 Feb 7 11:24 deep-HOMEDIR-Fri.<b class="command">tar</b>
    -rw-r--r-- 1 root root 2831 Feb 7 11:24 deep-HOMEDIR-Mon.<b class="command">tar</b>
    -rw-r--r-- 1 root root 7924 Feb 7 11:25 deep-HOMEDIR-Sat.<b class="command">tar</b>
    -rw-r--r-- 1 root root 11923013 Feb 7 11:24 deep-HOMEDIR-Sun.<b class="command">tar</b>
    -rw-r--r-- 1 root root 5643 Feb 7 11:25 deep-HOMEDIR-Thu.<b class="command">tar</b>
    -rw-r--r-- 1 root root 3152 Feb 7 11:25 deep-HOMEDIR-Tue.<b class="command">tar</b>
    -rw-r--r-- 1 root root 4567 Feb 7 11:25 deep-HOMEDIR-Wed.<b class="command">tar</b>
    drwxr-xr-x 2 root root 1024 Feb 7 11:20 last-full

    Important: The directory where to store the backups BACKUPDIR, and the directory where to store time of full backup TIMEDIR must exist or be created before the use of the backup-script, or you will receive an error message.

  2. If you are not running this backup script from the beginning of the month 01-month-year, the incremental backups will need the time of the Sunday backup to be able to work properly. If you start in the middle of the week, you will need to create the time file in the TIMEDIR. To create the time file in the TIMEDIR directory, use the following command:
    [root@deep] /# date +%d%b < /backups/last-full/myserver-full-date

    Where /backups/last-full is our variable TIMEDIR wherein we want to store the time of the full backup, and myserver-full-date is the name of our server e.g. deep, and our time file consists of a single line with the present date i.e. 15-Feb.

  3. Make this script executable and change its default permissions to be writable only by the super-user root 755.
    [root@deep] /# chmod 755 /etc/cron.daily/backup.cron

Because this script is in the /etc/cron.daily directory, it will be automatically run as a cron job at one o’clock in the morning every day.


Ubuntu 15.04 – Configure your system to have x11vnc running at startup

This article was originally posted here.

Hello World,

If you are following us, you probably remember that we wrote already a post about this topic (see Ubuntu 14.10 – Configure your sytem to have x11vnc running at startup).
Since Ubuntu 15.04 is using systemd, the instructions found in the
previous post are not applicable anymore.  Some of our readers had
issues after upgrading to Ubuntu 15.04.  The x11VNC is not running at
startup anymore.

This post will provide the necessary information to have x11vnc running at startup on ubuntu 15.04 when systemd is used.


Our Goal !

At the end of this post, you should be able to connect via vnc to
your Ubuntu machine even if there is a reboot and even if no user are
logged into the machine.  This configuration should display the login
screen via vnc viewer client you are using.

We didn’t invent anything here.  All the
information provided here are based on the information made available
at this location :

Installing x11vnc server

In this post, we have decided to use the
x11vnc server package to provide vnc capabilities.  The installation
process is quite straight forward.  Log into your ubuntu 15.04 machine,
open the terminal console and issue the following command :

sudo apt-get install x11vnc


Click on Picture for Better Resolution

To have a minimum of security, we will protect the vnc connection via
a password.  The password will be stored in a file.  To create this
file, you will need to issue the following command

sudo x11vnc storepasswd /etc/x11vnc.pass

You will be asked to enter a password. Enter the password and confirm your choice and you should be good to go


Click on Picture for Better Resolution

Create the Service Unit file

So far, we have just issued standard command related to the x11vnc
package.  We need to create the service unit file for our x11vnc
service.  To do this, we will issue the following command :

sudo nano /lib/systemd/system/x11vnc.service

This file should content the following lines

Description=Start x11vnc at startup.
ExecStart=/usr/bin/x11vnc -auth guess -forever -loop -noxdamage -repeat -rfbauth /etc/x11vnc.pass -rfbport 5900 -shared

Save the file

Configure Systemd

It’s time to issue the command to have systemd aware of the change
and make the service running at startup.  In a command prompt, you will
issue the following command :

sudo systemctl daemon-reload
sudo systemctl enable x11vnc.service


Restart the system and do not login.  We will check if this is working…..

Testing the solution !

To check that you can indeed perform a vnc connection to your Ubuntu
Machine, you will try to connect to it using your favourite vncviewer
(we are using TigerVnc) while nobody is connected and just after a
reboot of the machine.

In the vncviewer, you will provide the
ip address or hostname of the machine to connect and the port to be
used.  In our example, he port used is 5900.  If you have set a password to protect your vnc connection, you will be prompted for a password as well.


Click on Picture for Better Resolution

If everything is ok, you should see the Ubutun login page displayed inside your vncviewer


Click on Picture for Better Resolution


Final Notes

And voila !  We have sucessfully updated
the instructions on how to have x11vnc run at startup.  As you can see,
since Ubuntu 15.04 is using the Systemd solution, we need to create our
service unit files (x11vnc.service) and register them with systemctl
and we are done.

Pff… the last days I have updated some
of the most popular posts about xrdp, x11vnc and ubuntu 15.04… It’s time
for me to take a break…

Till next time


Setting Up Neo4j 2.0 on an Ubuntu Server

Authored by Steven Hall

Neo4j 2.0 is an awesome release of Neo Technology’s great graph database.  There are some significant new features and some changes to the data model that, I think, make it more accessible.  You can install it locally to play around and do some testing, but I wanted to create a remote server that I could use as a back-end for data visualization projects.  Below are some notes on getting Neo4j installed on Ubuntu 12.04. 

There are some real gotchas that took some time to figure out, but if you follow this step-by-step procedure you should have the browser application bundled with Neo4j up and running in less than 15 minutes.

I should note that the Neo4j website has instructions for setting up on debian based systems, but those instructions, which are very helpful, are incomplete and in some cases just don’t work for Ubuntu 12.04 (at least at the time I am writing this post).

Start from Fresh Ubuntu 12.04 Install

Neo4j is a Java application and in order to run the 2.0 version of the db server you need to have Java 7 installed before installing Neo4j.  Ubuntu does not officially support Java 7 so this becomes at little bit of a headache.  To install it using apt-get you need to add a repository and, incredibly, the command for adding repositories was unintentionally left out the latest versions of Ubuntu, so we need to correct that first.

You can add “sudo” (e.g. sudo apt-get update) to the following commands as applicable.  In my case, I installed as the root user on the server.

Install Java 7

Add the “add-apt-repository” command (important):

apt-get update
apt-get install python-software-properties

Install Java 7:

add-apt-repository ppa:webupd8team/java
apt-get update
apt-get install oracle-java7-installer

Install Neo4j:

Note:  this largely the same as Neo4j recommends, but I had to change a few things.

wget -O – | apt-key add –
echo ‘deb stable/’ > /etc/apt/sources.list.d/neo4j.list
apt-get update
apt-get install neo4j

Start the Server:

/etc/init.d/neo4j-service start

Increasing Max Files

You’ll notice when you start the server that you get warning saying:

WARNING: Max 1024 open files allowed, minimum of 40 000 recommended.

Let’s correct that.  The instructions for handling this on the neo4j website did not work for me without a little modification.  Here’s what to do:

1. Edit /etc/security/limits.conf and add these two lines:
root   soft     nofile  40000
root   hard    nofile  40000

The neo4j recommends “neo4j” in place of “root” here.  That does not work.

2. Edit /etc/pam.d/su and uncomment or add the following line:
session    required

A restart is required for the settings to take effect.

Optionally Allow External Connections

If you want to be able to open the browser app and interact with the graph db on the remote server you need to allow remote connections.  Note that if you allow any IP address to connect then anyone can access your database, but if you just want to play around with the browser app this is what you do:

Edit /etc/neo4j/ and uncomment the following line:


That will allow connections from any IP address, but you can also specify your current IP to limit to just that one.  That will make it a little bit safer, but if your IP changes you need to update the file accordingly.

So now just restart the database server and open the browser application in your web browser by going to:



Removing All Data from Neo4j

A couple more quick notes.  If you are playing around with the neo4j database and just want to clear it out and start over again, there are two things you can do:

1. Run a cypher query like this:

match n
with n
optional match n-[r]-()
delete r,n

This will remove all the nodes and relations in the db. However, a lot of meta-data remains and, in my experience, if have a lot of data in the db it will fail or take a long time to run (or both).

2. Recreate the Data Directory

If you really want to get the job done, it’s better to wipe out the entire data directory and make a new one.  The default directory is set in the /etc/neo4j/ file to data/graph.db.  On Ubuntu this directory will be located at :


To wipe out the data the process would be:

/etc/init.d/neo4j-service stop         //Stop the Server
cd /var/lib/neo4j                           // Change to directory
rm -rf data                                    // Remove data/
mkdir data                                  // Make a new data/
chown neo4j data                     // Make sure neo4j can write to it
/etc/init.d/neo4j-service start    // Restart – Neo4j will make new graph.db etc

Hope that helps someone out there.



Adding a new drive to linux


Determine Drive Information

We assume that the hard drive is physically installed and detected by the BIOS.

To determine the path that your system has assigned to the new hard drive, open a terminal and run:

sudo lshw -C disk

IconsPage/IconExample48.png This should produce output similar to this sample:

       description: ATA Disk
       product: IC25N040ATCS04-0
       vendor: Hitachi
       physical id: 0
       bus info: ide@0.0
       logical name: /dev/sdb
       version: CA4OA71A
       serial: CSH405DCLSHK6B
       size: 37GB
       capacity: 37GB


Be sure to note the “logical name” entry, as it will be used several times throughout this guide.


Command Line Partitioning

You’ll be using “fdisk” to accomplish this. Refer back to the logical name you noted from earlier. For illustration, I’ll use /dev/sdb, and assume that you want a single partition on the disk, occupying all the free space.

If the number of cylinders in the disk is larger than 1024 (and large hard drives always have more), it could, in certain setups, cause problems with:

  1. software that runs at boot time (e.g., old versions of LILO)
  2. booting and partitioning software from other OSs (e.g., DOS FDISK, OS/2 FDISK)

Otherwise, this will not negatively affect you. 

1) Initiate fdisk with the following command:

  •   sudo fdisk /dev/sdb 

2) Fdisk will display the following menu:

  •   Command (m for help): m <enter>
      Command action
       a   toggle a bootable flag
       b   edit bsd disklabel
       c   toggle the dos compatibility flag
       d   delete a partition
       l   list known partition types
       m   print this menu
       n   add a new partition
       o   create a new empty DOS partition table
       p   print the partition table
       q   quit without saving changes
       s   create a new empty Sun disklabel
       t   change a partition's system id
       u   change display/entry units
       v   verify the partition table
       w   write table to disk and exit
       x   extra functionality (experts only)
      Command (m for help):

3) We want to add a new partition. Type “n” and press enter.

  Command action
   e   extended
   p   primary partition (1-4)

4) We want a primary partition. Enter “p” and enter.

  Partition number (1-4):

5) Since this will be the only partition on the drive, number 1. Enter “1” and enter. 

  Command (m for help):

If it asks about the first cylinder, just type “1” and enter. (We are making 1 partition to use the whole disk, so it should start at the beginning.)

6) Now that the partition is entered, choose option “w” to write the partition table to the disk. Type “w” and enter.

  The partition table has been altered!

7) If all went well, you now have a properly partitioned hard drive that’s ready to be formatted. Since this is the first partition, Linux will recognize it as /dev/sdb1, while the disk that the partition is on is still /dev/sdb.


Command Line Formatting

To format the new partition as ext3 file system (best for use under Ubuntu):

  •   sudo mkfs -t ext3 /dev/sdb1

To format the new partition as fat32 file system (best for use under Ubuntu & Windows):

  •   sudo mkfs -t fat32 /dev/sdb1


As always, substitute “/dev/sdb1” with your own partition’s path.


Modify Reserved Space (Optional)

When formatting the drive as ext2/ext3, 5% of the drive’s total space is reserved for the super-user (root) so that the operating system can still write to the disk even if it is full. However, for disks that only contain data, this is not necessary.

NOTE: You may run this command on a fat32 file system, but it will do nothing; therefore, I highly recommend not running it.

You can adjust the percentage of reserved space with the “tune2fs” command, like this:

 sudo tune2fs -m 1 /dev/sdb1

This example reserves 1% of space – change this number if you wish.

  • (i) Using this command does not change any existing data on the drive. You can use it on a drive which already contains data.


Create A Mount Point

Now that the drive is partitioned and formatted, you need to choose a mount point. This will be the location from which you will access the drive in the future. I would recommend using a mount point with “/media”, as it is the default used by Ubuntu. For this example, we’ll use the path “/media/mynewdrive”

  •   sudo mkdir /media/mynewdrive

Now we are ready to mount the drive to the mount point.


Mount The Drive


You can choose to have the drive mounted automatically each time you boot the computer, or manually only when you need to use it.


Automatic Mount At Boot

Note: Ubuntu now recommends to use UUID instead, see the instructions here:

You’ll need to edit /etc/fstab:

  •   sudo vi -Bw /etc/fstab


Add this line to the end (for ext3 file system):

  •   /dev/sdb1    /media/mynewdrive   ext3    defaults     0        2

Add this line to the end (for fat32 file system):

  •   /dev/sdb1    /media/mynewdrive   vfat    defaults     0        2

    The defaults part may allow you to read, but not write. To write other partition and FAT specific options must be used. If gnome nautilus is being used, use the right-click, mount method, from computer folder. Then launch the mount command from terminal, no options. The last entry should be the FAT drive and and look something like:

      /dev/sda5 on /media/mynewdrive type vfat (rw,nosuid,nodev,uhelper=hal,shortname=mixed,uid=1000,utf8,umask=077,flush)

    All of the parts between the parenthesis are the mount options and should replace “defaults” in the fstab file. The “2” at the end instructs your system to run a quick file system check on the hard drive at every boot. Changing it to “0” will skip this. Run ‘man fstab’ for more info here.

You can now run “sudo mount -a” (or reboot the computer) to have the changes take effect.

If you want to allow a normal user to create files on this drive, you can either give this user ownership of the top directory of the drive filesystem: (replace USERNAME with the username)

  •   sudo chown -R USERNAME:USERNAME /media/mynewdrive

or in a more flexible way, practical if you have several users, allow for instance the users in the plugdev group (usually those who are meant to be able to mount removable disks, desktop users) to create files and sub-directories on the disk:

  •   sudo chgrp plugdev /media/mynewdrive
      sudo chmod g+w /media/mynewdrive
      sudo chmod +t /media/mynewdrive

The last “chmod +t” adds the sticky bit, so that people can only delete their own files and sub-directories in a directory, even if they have write permissions to it (see man chmod).


Manually Mount

Alternatively, you may want to manually mount the drive every time you need it.

For manual mounting, use the following command:

sudo mount /dev/sdb1 /media/mynewdrive 

When you are finished with the drive, you can unmount it using:


sudo umount /media/mynewdrive


Ubuntu – The Perfect Server Setup

Page 1:

Page 2:

Page 3:

Page 4:

Page 5:

Page 6:


Installing a GUI on Ubuntu Server

Report from here

We have already discussed how to install ubuntu 10.04 LAMP server .If you are a new user and not familiar with command prompt you can install GUI for your ubuntu LAMP server using one of the 2 options


1) Install desktop Environment

2) Install Webmin

1) Install desktop Environment

First you nee to make sure you have enabled Universe and multiverse repositories in /etc/apt/sources.list file once you have enable you need to use the following command to install GUI


sudo apt-get update

sudo apt-get install ubuntu-desktop



The above command will install GNOME desktop

If you wan to install a graphical desktop manager without some of the desktop addons like Evolution and OpenOffice, but continue to use the server flavor kernel use the following command


sudo aptitude install –no-install-recommends ubuntu-desktop





) Install Webmin in Ubuntu 10.04 server

Webmin is a web-based interface for system administration for Unix. Using any modern web browser, you can setup user accounts, Apache, DNS, file sharing and much more. Webmin removes the need to manually edit Unix configuration files like /etc/passwd, and lets you manage a system from the console or remotely.Currently There is no Webmin package in the Ubuntu repositories.This tutorial will explain how to Install Webmin in Ubuntu Karmic

You can install webmin as your ubuntu server web interface to configure apache2,mysql,FTp servers and many more.Now we will see how to install webmin in Ubuntu 10.04 server

Using the Webmin APT repository

If you like to install and update Webmin via APT, edit the /etc/apt/sources.list file on your system



sudo vi /etc/apt/sources.list



add the line



deb sarge contrib



Save and exit the file

You should also fetch and install my GPG key with which the repository is signed, with the commands :



cd /root


sudo apt-key add jcameron-key.asc




You will now be able to install with the commands


sudo apt-get update

sudo apt-get install webmin





All dependencies should be resolved automatically.

Ubuntu in particular don’t allow logins by the root user by default. However, the user created at system installation time can use sudo to switch to root. Webmin will allow any user who has this sudo capability to login with full root privileges.

Now you need to open your web browser and enter the following