Using PEAR

pear update-channels

#Instalare pachet PEAR:
pear install PHP_Archive        -> e versiune gen alpha, beta, etc si de-aia nu se instaleaza
pear install PHP_Archive-0.11.4 -> specificata versiunea exacta si instalarea va rula fara probleme
pear search pecl                -> cautare pachet pecl (gasit CodeGen_PECL)
pear install CodeGen_PECL       -> instalare varianta stable, deci fara a specifica versiunea

	root@nsa310:~# pecl upgrade is using a unsupported protocol - This should never happen.
	upgrade failed
	pear update-channels
	pear upgrade-all
	pecl upgrade-all

Compiling Apache 2.2.29

#See for building environment, script and other things not defined here.
#Before starting you must declare the environment variables specified at the link above.

#building env vars (required when rebuilding too)
ls -l /tmp/$NEW_BUILD_NAME-*
ls -l ~/ffp_0.7_armv5/packages/$NEW_BUILD_NAME-*

#extract sources
rm -r ~/compile/httpd-2.2.29-unpacked
cd ~/compile && mkdir httpd-2.2.29-unpacked
tar xvzf httpd-2.2.29.tar.gz -C ./httpd-2.2.29-unpacked
cd ~/compile/httpd-2.2.29-unpacked/httpd-2.2.29

#If any additional problems related to libtool see below.
#Modify "" and "configure" (search for: "case $libtoolversion in"):
  case $libtoolversion in
		  LTCFLAGS="-prefer-non-pic -static"
		  //pedro: setez cumva SH_LIBTOOL
		  //SH_LIBTOOL='$(SHELL) $(top_builddir)/shlibtool $(LTFLAGS)' -> comenteaza (nu exista shlibtool)
		  SH_LIBTOOL='/ffp/lib/apr-1.4.8/build-1/libtool $(LTFLAGS)' -> to add

#Enable NPN
cd ~/compile/httpd-2.2.29-unpacked/httpd-2.2.29
wget -O npn.patch
#Modify npn.patch:
	Index: modules/ssl/ssl_engine_kernel.c
	--- modules/ssl/ssl_engine_kernel.c	(revision 1306012)
	+++ modules/ssl/ssl_engine_kernel.c	(working copy)
	@@ -29,5 +29,6 @@
									   time I was too famous.''
												 -- Unknown                */
	 #include "ssl_private.h"
	+#include "mod_ssl.h"
	 static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn);
patch -p0 -i npn.patch

#Enable mod_fcgid
rm -r ~/compile/mod_fcgid
cd ~/compile/
svn checkout mod_fcgid
cp -r ~/compile/mod_fcgid/modules/fcgid ~/compile/httpd-2.2.29-unpacked/httpd-2.2.29/modules/

#Enable WebSocket with mod_proxy_wstunnel
cd ~/compile/httpd-2.2.29-unpacked/httpd-2.2.29
wget -O apache-2.2-wstunnel.patch
patch -p1 -i apache-2.2-wstunnel.patch
#cp -r httpd-2.2.29 httpd-2.2.29-fcgid-npn-wstunnel
#You may encounter some compilation error with version 2.2.22 and later similar to:
#modules/http/.libs/libmod_http.a(byterange_filter.o): In function `ap_set_byterange':
#byterange_filter.c:(.text+0x130d): undefined reference to `apr_array_clear'
#collect2: ld returned 1 exit status
#This is a known bug. A workaround consist in adding --with-included-apr to the configure options.

#configure new added modules (fcgid)
cd ~/compile/httpd-2.2.29-unpacked/httpd-2.2.29
~/ ffpg
~/ ffpg

#start from here when REBUILDING (only if not deleted ~/compile/httpd-2.2.29-unpacked/httpd-2.2.29)
cd ~/compile/httpd-2.2.29-unpacked/httpd-2.2.29
rm -r ../httpd-2.2.29-build
mkdir ../httpd-2.2.29-build

cd ~/compile/httpd-2.2.29-unpacked/httpd-2.2.29-build
../httpd-2.2.29/configure --help > ../
#../httpd-2.2.29/configure --prefix=/ffp/opt/apache-2.2.29-$APACHE_MPM --enable-mods-shared=all --with-apr=/ffp --with-apr-util=/ffp --with-pcre=/ffp --with-z=/ffp --with-ssl=/ffp --with-mpm=$APACHE_MPM --enable-fcgid
../httpd-2.2.29/configure --prefix=/ffp/opt/apache-2.2.29-$APACHE_MPM --enable-modules="log_config mime alias autoindex headers authz_host userdir env setenvif filter authn_file ssl actions dir negotiation auth_basic authz_default authz_user rewrite proxy proxy_http proxy_ajp dav dav_svn authz_svn expires deflate info dav_fs proxy_wstunnel" --enable-mods-shared="fcgid asis authn_default authz_groupfile cache cgi cgid disk_cache file_cache include mem_cache proxy_balancer proxy_connect proxy_ftp proxy_scgi status version" --with-pcre=/ffp --with-z=/ffp --with-ssl=/ffp --with-mpm=$APACHE_MPM --enable-fcgid

#prepare for FFP again
cd ~/compile/httpd-2.2.29-unpacked/httpd-2.2.29-build
~/ ffpg1
cd ~/compile/httpd-2.2.29-unpacked/httpd-2.2.29
~/ ffpg

cd ~/compile/httpd-2.2.29-unpacked/httpd-2.2.29-build
nohup /ffp/bin/make -C ~/compile/httpd-2.2.29-unpacked/httpd-2.2.29-build &
renice -6 `pidof cc1plus` -p `pidof make` -p `pidof as` -p `pidof ld` -p `pidof configure` -p `pidof cc1`
tail -f nohup.out

cd ~/compile/httpd-2.2.29-unpacked/httpd-2.2.29-build
#Running make -n install permits previewing the build process, as it prints out all 
#the commands that would be triggered by a make, without actually executing them.
cp -v /tmp/$NEW_BUILD_NAME-$NEW_BUILD_VER-arm-$NEW_BUILD_NR.txz ~/ffp_0.7_armv5/packages/
funpkg -q $NEW_BUILD_NAME
funpkg -i ~/ffp_0.7_armv5/packages/$NEW_BUILD_NAME-$NEW_BUILD_VER-arm-$NEW_BUILD_NR.txz

#copy additional modules
cd $HOME
sed -i s/"User daemon"/"User nobody"/ /ffp/opt/apache-2.2.29-$APACHE_MPM/conf/httpd.conf
sed -i s/"Group daemon"/"Group nobody"/ /ffp/opt/apache-2.2.29-$APACHE_MPM/conf/httpd.conf
mkdir /ffp/opt/apache-2.2.29-$APACHE_MPM/conf-original
cp -r /ffp/opt/apache-2.2.29-$APACHE_MPM/conf/* /ffp/opt/apache-2.2.29-$APACHE_MPM/conf-original
cp -v /ffp/libexec/ /ffp/opt/apache-2.2.29-$APACHE_MPM/modules/
cp -v /ffp/libexec/ /ffp/opt/apache-2.2.29-$APACHE_MPM/modules/
ls -dl ~/NSA310-backups/*apache-modules*
cp -v ~/NSA310-backups/2015-02-01\ apache-modules\ worker/*.so /ffp/opt/apache-2.2.29-$APACHE_MPM/modules/
ls -dl ~/NSA310-backups/*pagespeed*
cp -v ~/NSA310-backups/2015-01-23\ pagespeed\ trunk/*.so /ffp/opt/apache-2.2.29-$APACHE_MPM/modules/

#lists configured httpd modules:
#/usr/sbin/httpd -M -f /etc/service_conf/httpd.conf
#/ffp/opt/apache-2.2.29-worker/bin/httpd -M -f /etc/service_conf/xhttpd.conf
#lists built-in httpd modules:
#/usr/sbin/httpd -l
#/ffp/opt/apache-2.2.29-worker/bin/httpd -l

#owncloud, apache, php-zts and fcgid
#If fcgid is not a shared module (--enable-mods-shared) than after logging off 
#from owncloud you won't be able to login again (you'll have to restart apache).
#Does not have this problem when using php-non-zts.

Compiling litmus 0.13

cd ~/compile
rm -r litmus-0.13
tar -xzf litmus-0.13.tar.gz
cd ~/compile/litmus-0.13
export LDFLAGS="-L/ffp/lib -lintl"
export CPPFLAGS="-I/ffp/include -I/ffp/include/readline"
export CXXFLAGS="-I/ffp/include -I/ffp/include/readline"
export CFLAGS="-march=armv5te -mtune=xscale -mfloat-abi=soft -mabi=aapcs-linux -O2 -lintl -Wall"
./configure --help >
./configure --prefix=/ffp --disable-debug --enable-threadsafe-ssl=posix --with-ssl=openssl --with-included-neon
nohup make -C ~/compile/litmus-0.13 &
renice -14 `pidof cc1plus` -p `pidof make` -p `pidof as`
tail -f nohup.out
make install DESTDIR=~/temp/litmus-0.13
#makepkg litmusversion buildnumber
cd ~/temp/litmus-0.13
makepkg litmus 0.13 0
cp -v /tmp/litmus-0.13-arm-0.txz ~/ffp_0.7_armv5

Compiling php 5.5.x

cd ~/compile
curl -L -k -o php-5.5.19.tar.gz
tar -xzf php-5.5.19.tar.gz
cd ~/compile/php-5.5.19
find . -type f \( -exec sed -i s/"\/usr\/bin\/perl"/"\/ffp\/bin\/perl"/ {} \; , -exec sed -i s/"\/usr\/bin\/python"/"\/ffp\/bin\/python"/ {} \; , -exec sed -i s/"\/usr\/bin\/bash"/"\/ffp\/bin\/bash"/ {} \; , -exec sed -i s/"\/usr\/bin\/sh"/"\/ffp\/bin\/sh"/ {} \; , -exec sed -i s/"\/usr\/bin\/env"/"\/ffp\/bin\/env"/ {} \; , -exec sed -i s/"\/bin\/bash"/"\/ffp\/bin\/bash"/ {} \; , -exec sed -i s/"\/bin\/sh"/"\/ffp\/bin\/sh"/ {} \; , -exec sed -i s/"\/bin\/env"/"\/ffp\/bin\/env"/ {} \; , -exec sed -i s/"\/ffp\/ffp\/"/"\/ffp\/"/ {} \; \)
cp -r ~/compile/php-5.5.19 ~/compile/php-5.5.19-ffp
#to do only when rebuilding; start also from here:
cd ~/compile
rm -r ~/compile/php-5.5.19
cp -r ~/compile/php-5.5.19-ffp ~/compile/php-5.5.19
cd ~/compile/php-5.5.19
export BUILD_FLAGS="-march=armv5te -mtune=xscale -mfloat-abi=soft -mabi=aapcs-linux -pthread -O2 -lintl -Wall -I/ffp/include"
export BUILD_FLAGS="-march=armv5te -mfloat-abi=soft -mabi=aapcs-linux -pthread -O2 -lintl -Wall -I/ffp/include"
export LDFLAGS="-L/ffp/lib -lintl"

./configure --help >

	don't know how to define struct flock on this system ... set --enable-opcache=no
	funpkg -r libgd-2.1.0-arm-0

#ATTENTION, don't use --with-pear, will fail at end and won't install pear.

#With threads (with zts)
#See also install pthreads php-module:
#Remarca utilizarea apache-2.2.29-worker ci nu prefork!
./configure --prefix=/ffp --enable-re2c-cgoto --enable-mod-charset=shared --with-apxs2=/ffp/opt/apache-2.2.29-worker/bin/apxs --with-config-file-path=/ffp/etc --with-libxml-dir=/ffp --with-zlib=/ffp --with-zlib-dir=/ffp --with-bz2=/ffp --enable-calendar=shared --with-curl=/ffp --enable-dba=shared --enable-exif=shared --with-pcre-dir=/ffp --enable-ftp=shared --with-openssl=/ffp --with-jpeg-dir=/ffp --with-png-dir=/ffp --with-freetype-dir=/ffp --with-gettext=/ffp --with-gmp=/ffp --with-mhash=/ffp --with-icu-dir=/ffp --enable-mbstring=shared --with-onig=/ffp --with-mcrypt=/ffp --with-mysql=shared,/ffp --with-mysql-sock=/ffp/var/run/mysql/mysql.sock --with-mysqli=shared,/ffp/bin/mysql_config --enable-opcache --enable-pcntl --with-pdo-mysql=/ffp --with-mysql-sock=/ffp/var/run/mysql/mysql.sock --with-readline=/ffp --with-snmp=/ffp --enable-soap=shared --enable-sockets --with-iconv=/ffp --with-xsl=/ffp --enable-zip=shared --enable-mysqlnd=shared --with-tsrm-pth=/ffp/bin/pth-config --with-gd=shared --enable-maintainer-zts

#Without threads (without zts; not required: --disable-maintainer-zts)
#Remarca utilizarea apache-2.2.29-prefork ci nu worker!
./configure --prefix=/ffp --enable-re2c-cgoto=shared --enable-mod-charset=shared --with-apxs2=/ffp/opt/apache-2.2.29-prefork/bin/apxs --with-config-file-path=/ffp/etc/php.ini --with-config-file-scan-dir=/ffp/etc --with-libxml-dir=/ffp --with-zlib=/ffp --with-zlib-dir=/ffp --with-bz2=shared,/ffp --enable-calendar=shared --with-curl=shared,/ffp --enable-dba=shared --enable-exif=shared --with-pcre-dir=/ffp --enable-ftp=shared --with-openssl=/ffp --with-jpeg-dir=/ffp --with-png-dir=/ffp --with-freetype-dir=/ffp --with-gettext=shared,/ffp --with-gmp=shared,/ffp --with-mhash=shared,/ffp --with-icu-dir=/ffp --enable-mbstring --with-onig=/ffp --with-mcrypt=shared,/ffp --with-mysql=/ffp --with-mysql-sock=/ffp/var/run/mysql/mysql.sock --with-mysqli=/ffp/bin/mysql_config --enable-opcache=shared --enable-pcntl=shared --with-pdo-mysql=/ffp --with-readline=shared,/ffp --with-snmp=shared,/ffp --enable-soap=shared --enable-sockets=shared --with-iconv=/ffp --with-xsl=shared,/ffp --enable-zip --enable-mysqlnd --without-pear --without-pdo-sqlite --without-sqlite3

nohup make -C ~/compile/php-5.5.19 &
renice -14 `pidof cc1plus` -p `pidof make` -p `pidof as`
tail -f nohup.out
#If installed using --with-pear do (but anyway will still fail to install pear):
sed -i s/"phar:\/\/install-pear-nozlib\.phar\/index\.php"/"\/ffp\/home\/root\/compile\/php-5.5.19\/pear\/install-pear-nozlib.phar"/ pear/install-pear-nozlib.phar

rm -r $HOME/temp/php-5.5.19
mkdir -p $HOME/temp/php-5.5.19/ffp/opt/apache-2.2.29-prefork/conf/
cp -v /ffp/opt/apache-2.2.29-prefork/conf/httpd.conf $HOME/temp/php-5.5.19/ffp/opt/apache-2.2.29-prefork/conf/
INSTALL_ROOT=$HOME/temp/php-5.5.19 make install
libtool --finish /ffp/home/root/compile/php-5.5.19/libs
rm -vr $HOME/temp/php-5.5.19/ffp/opt/apache-2.2.29-prefork/conf/
cd $HOME/temp/php-5.5.19
ls -l /tmp/php-*
ls -l ~/ffp_0.7_armv5/packages/php-*
#makepkg php version buildnumber
#makepkg php-mysql-5.5.28 5.5.19 0
makepkg php-mysql-5.6.21 5.5.19 0
funpkg -i /tmp/php-mysql-5.6.21-5.5.19-arm-0.txz
cp -v /tmp/php-5.5.19-*.txz $HOME/ffp_0.7_armv5/packages/
mv -v /ffp/opt/apache-2.2.29-prefork/modules/ /ffp/opt/apache-2.2.29-prefork/modules/
cp -v /ffp/opt/apache-2.2.29-prefork/modules/libphp5-*.so ~/NSA310-backups/2014-08-19\ apache-modules

php go-pear.phar
#INSTALL APCu (compile or use
cd ~/compile
tar zxfv apcu-4.0.7.tgz
cd ~/compile/apcu-4.0.7
./configure --with-php-config=/ffp/bin/php-config --enable-apcu
make install
#dezactiveaza autentificarea in ~/compile/apcu-4.0.7/apc.php: defaults('USE_AUTHENTICATION',0)
#Nu copia apc.php in /i-data/60cb70cf/www/pages/wordpress/wp-content/plugins/wp-apc-panel/include/ pt ca deja exista!
cp -v ~/compile/apcu-4.0.7/apc.php $HOME/tools/
cd ~/temp
mkdir php-5.5.201306201030-arm-1
cd ~/temp/php-5.5.201306201030-arm-1
tar Jxvf php-5.5.201306201030-arm-1.txz
cp -v ffp/lib/php/extensions/no-debug-non-zts-20121212/ /ffp/lib/php/extensions/no-debug-non-zts-20121212/

#show php modules
php -m

#Using php5_module with Apache:
#LoadModule php5_module /usr/local/zy-pkgs/lib/
#Link required: /usr/local/zy-pkgs/php/php.ini -> /ffp/etc/php.ini
#PHPIniDir /usr/local/zy-pkgs/php
#AddHandler php5-script .php
#AddType application/x-httpd-php .php .phtml
#AddType application/x-httpd-php-source .phps

Apache basic authentication password creation

# see

# -c option means to create the passwords file
/ffp/opt/apache-2.2.9-prefork/bin/htpasswd -c -m passwords_file_path user_name1
# -m option means to add/modify the user user_name2
/ffp/opt/apache-2.2.9-prefork/bin/htpasswd -m passwords_file_path user_name2
# -D option means to delete the user user_name3
htpasswd -D passwords_file_path user_name3

Install linux headers

cd ~/compile
rm -r linux-
rm -r linux_headers
mkdir linux_headers
tar xvzf linux-
cd linux-
export ARCH=arm 
export ARM_ARCH=armv5te 
export CLFS_FLOAT=soft
unset CFLAGS
#For Zyxel NSA310 only:
#Replace /ffp/home/root/compile/linux- with
cp -v /ffp/home/root/temp/build_NSA310/trunk/linux- /ffp/home/root/compile/linux-
make mrproper
make ARCH=arm ARM_ARCH=armv5te CLFS_FLOAT=soft headers_check
make ARCH=arm ARM_ARCH=armv5te CLFS_FLOAT=soft INSTALL_HDR_PATH=`pwd`/../linux_headers headers_install
cd ../linux_headers
#That's all!

#the below is the packaging specific for my Zyxel NSA310
mkdir ffp
mv include/ ffp/
#makepkg findutils version buildnumber
makepkg linux-headers ?
cp /tmp/linux-headers-*.txz ~/ffp_0.7_armv5
funpkg -q linux
funpkg -r linux-headers-
funpkg -i ~/ffp_0.7_armv5/linux-headers-
Table 4.1. ARM Hard Floating Point Versions
fpa		fpe2		fpe3		maverick
vfp		vfpv3		vfpv3-fp16	vfpv3-d16
vfpv3-d16-fp16	vfpv3xd		vfpv3xd-fp16	neon
neon-fp16	vfpv4		vfpv4-d16	fpv4-sp-d16

Table 4.3. ARM Archiecture Choices
armv4t	armv5	armv5t	armv5te
armv6	armv6j	armv6t2	armv6z
armv6zk	armv6-m	armv7	armv7-a
armv7-r	armv7-m	 	 

For ARCH, ARM_ARCH, CLFS_FLOAT values click also here.
Inspired from here.

Hibernate 4.3.5 + Spring 4.0.5

	<bean id="sessionFactory" lazy-init="true"
		<property name="dataSource" ref="dataSource"/>
		<!--<property name="mappingLocations">-->
		<property name="packagesToScan" value="image.exifweb.persistence"/>
		<property name="hibernateProperties">
				<prop key="hibernate.dialect">org.hibernate.dialect.MySQL5InnoDBDialect</prop>
				<prop key="hibernate.jdbc.batch_size">20</prop>
				<prop key="hibernate.show_sql">false</prop>
				<prop key="hibernate.format_sql">true</prop>
				<prop key="hibernate.validator.autoregister_listeners">false</prop>
				<!--<prop key="">update</prop>-->
				<prop key="">true</prop>
				<prop key="hibernate.current_session_context_class">jta</prop> -->
				<!--<prop key="javax.persistence.validation.mode"></prop>-->

	<!-- Transaction manager for a single Hibernate SessionFactory (alternative to JTA) -->
	<bean id="transactionManager" name="transactionManager"
		<property name="sessionFactory" ref="sessionFactory"/>

	<tx:annotation-driven mode="aspectj"/>

Recursively remove all empty or almost empty directories

find /i-data/md0/video/ -type d -empty -delete

# print files/directories with size less 1M:
cd /********/Videos/couchpotato-complete
du -sh * | grep -P "\d+K" | awk '{for (i=2; i<NF; i++) printf $i " "; print $NF}' | sort
du -sh * | grep -P "\d+K" | awk '{for (i=2; i<NF; i++) printf $i " "; print $NF}' | sort > movies_to_delete.txt
while read -r file; do rm -rv -- "$file"; done < movies_to_delete.txt
rm -v movies_to_delete.txt

ActiveMQ + Spring 3.2.x

	<!-- CachingConnectionFactory Definition, sessionCacheSize property is the number of sessions to cache -->
	<bean id="connectionFactory" class="org.springframework.jms.connection.CachingConnectionFactory">
		<constructor-arg ref="amqConnectionFactory"/>
		<property name="exceptionListener" ref="jmsExceptionListener"/>
		<property name="sessionCacheSize" value="100"/>
		<property name="cacheConsumers" value="true"/>

	<!-- JmsTemplate Definition -->
	<bean id="jmsTemplate" class="org.springframework.jms.core.JmsTemplate">
		<constructor-arg ref="connectionFactory"/>

	<amq:connectionFactory id="amqConnectionFactory" brokerURL="${jms.brokerURL}"
	                       userName="${jms.username}" password="${jms.password}"/>

	<jms:listener-container concurrency="1" destination-type="queue">
		<jms:listener id="QueueListener" destination="${}" ref="queueListener"/>

	<jms:listener-container concurrency="1" destination-type="topic">
		<jms:listener id="TopicListener" destination="${}" ref="topicListener"/>

JPA (hibernate 4.3.x) + Spring 3.2.x

	<bean id="transactionManager" class="org.springframework.orm.jpa.JpaTransactionManager">
		<property name="entityManagerFactory" ref="entityManager" />
	<bean id="entityManager" depends-on="dataSource"
		<property name="dataSource" ref="dataSource" />
		<property name="packagesToScan"
			value="...packages...persistence.entity" />
		<property name="persistenceUnitName" value="gigi" />
		<property name="persistenceProvider">
			<bean class="org.hibernate.jpa.HibernatePersistenceProvider" />
		<property name="jpaPropertyMap" ref="jpaPropertyMap" />
		<property name="jpaVendorAdapter" ref="jpaVendorAdapter" />
		<property name="jpaDialect">
			<bean class="org.springframework.orm.jpa.vendor.HibernateJpaDialect" />

	<jpa:repositories base-package="...some package..."
		<repository:include-filter type="annotation"

	<bean id="jpaVendorAdapter"
		<property name="database" value="POSTGRESQL"/>
		<property name="showSql" value="true"/>
		<property name="databasePlatform"
	<util:properties id="jpaPropertyMap">
		<prop key="hibernate.transaction.jta.platform">
		<prop key="hibernate.connection.autocommit">false</prop>
		<prop key="hibernate.dialect">
		<prop key="hibernate.show_sql">true</prop>

	<bean class="org.springframework.orm.hibernate4.HibernateExceptionTranslator"/>


Pt debug din mediul de dezvoltare trebuie modificat:

a) setenv.bat:
SET "JAVA_HOME=c:\Program Files\Java\jdk1.7.0_60"
CATALINA_OPTS=-Xms512m -Xmx2048m -XX:MaxPermSize=512M -XX:+CMSClassUnloadingEnabled -javaagent:c:\maven.repository.3x\org\springframework\spring-instrument-tomcat\4.0.6.RELEASE\spring-instrument-tomcat-4.0.6.RELEASE.jar
SET "JPDA_OPTS=-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005"

b) startup.bat (la finalul fisierului):
call "%EXECUTABLE%" jpda start %CMD_LINE_ARGS% -> pt a determina utilizarea lui JPDA_OPTS

Install & configure ghost

Installing ghost on linux (official)
Compiling nodejs

cd /ffp/opt/
rm -r ghost
#curl -L -k -o
unzip -uo -d ghost
cd /ffp/opt/ghost
find . -type f -exec sed -i s/"\/usr\/bin\/bash"/"\/ffp\/bin\/bash"/ {} \;
find . -type f -exec sed -i s/"\/usr\/bin\/sh"/"\/ffp\/bin\/sh"/ {} \;
find . -type f -exec sed -i s/"\/usr\/bin\/env"/"\/ffp\/bin\/env"/ {} \;
find . -type f -exec sed -i s/"\/bin\/bash"/"\/ffp\/bin\/bash"/ {} \;
find . -type f -exec sed -i s/"\/bin\/sh"/"\/ffp\/bin\/sh"/ {} \;
find . -type f -exec sed -i s/"\/bin\/env"/"\/ffp\/bin\/env"/ {} \;
find . -type f -exec sed -i s/"\/ffp\/ffp\/"/"\/ffp\/"/ {} \;
#cp -r /ffp/opt/ghost ~/temp/ghost
/ffp/opt/nodejs/bin/npm install --production

	sh: /usr/local/zy-pkgs/ffproot/ffp/opt/ghost/node_modules/sqlite3/node_modules/.bin/node-pre-gyp: /usr/bin/env: bad interpreter: No such file or directory
	#See something like in error message.
	cd ~/temp
	mkdir sqlite3-2.2.7
	cd sqlite3-2.2.7
	cp ../sqlite3-2.2.7.tgz .
	tar xvzf ./sqlite3-2.2.7.tgz
	rm sqlite3-2.2.7.tgz
	find . -type f -exec sed -i s/"\/usr\/bin\/bash"/"\/ffp\/bin\/bash"/ {} \;
	find . -type f -exec sed -i s/"\/usr\/bin\/sh"/"\/ffp\/bin\/sh"/ {} \;
	find . -type f -exec sed -i s/"\/usr\/bin\/env"/"\/ffp\/bin\/env"/ {} \;
	find . -type f -exec sed -i s/"\/bin\/bash"/"\/ffp\/bin\/bash"/ {} \;
	find . -type f -exec sed -i s/"\/bin\/sh"/"\/ffp\/bin\/sh"/ {} \;
	find . -type f -exec sed -i s/"\/bin\/env"/"\/ffp\/bin\/env"/ {} \;
	find . -type f -exec sed -i s/"\/ffp\/ffp\/"/"\/ffp\/"/ {} \;
	tar czf sqlite3-2.2.7.tgz package
	npm install sqlite3-2.2.7.tgz

cd /ffp/opt/ghost
/ffp/opt/nodejs/bin/npm install --production
npm install forever -g
npm install mysql -g
cd /ffp/opt/nodejs/lib/node_modules
find . -type f -exec sed -i s/"\/usr\/bin\/bash"/"\/ffp\/bin\/bash"/ {} \;
find . -type f -exec sed -i s/"\/usr\/bin\/sh"/"\/ffp\/bin\/sh"/ {} \;
find . -type f -exec sed -i s/"\/usr\/bin\/env"/"\/ffp\/bin\/env"/ {} \;
find . -type f -exec sed -i s/"\/bin\/bash"/"\/ffp\/bin\/bash"/ {} \;
find . -type f -exec sed -i s/"\/bin\/sh"/"\/ffp\/bin\/sh"/ {} \;
find . -type f -exec sed -i s/"\/bin\/env"/"\/ffp\/bin\/env"/ {} \;
find . -type f -exec sed -i s/"\/ffp\/ffp\/"/"\/ffp\/"/ {} \;

#Create mysql DB for ghost
mysql -p

sed -i s#\"\/shared\/img#\"\/blog\/shared\/img# /ffp/opt/ghost/core/built/scripts/ghost-dev.js	 	 
sed -i s#\"\/shared\/img#\"\/blog\/shared\/img# /ffp/opt/ghost/core/built/scripts/templates-dev.js	 	 
sed -i s#\"\/shared\/img#\"\/blog\/shared\/img# /ffp/opt/ghost/core/built/scripts/ghost.min.js

	url: '',
	database: {
		client: 'mysql',
		connection: {
			host: 'localhost',
			user: 'ghost',
			password: 'ghost',
			database: 'ghost',
			charset: 'utf8'

#Apache config:
#	ProxyPass			/blog/
#	ProxyPassReverse	/blog/

#Running ghost in production mode:
cd /ffp/opt/ghost
NODE_ENV=production npm start
#Running ghost in development mode:
cd /ffp/opt/ghost
npm start
#Running ghost in production mode (first put export NODE_ENV=production in ~/.profile):
cd /ffp/opt/ghost
/bin/nice --8 npm start
#Running ghost in production mode (first put export NODE_ENV=production in ~/.profile):
cd /ffp/opt/ghost && /bin/nice --8 forever -o /ffp/var/log/ghost.log start index.js
#cd /ffp/opt/ghost && forever stop index.js

posts page
login page

How to configure Stunnel

stunnel /ffp/etc/stunnel/stunnel.conf
cat /ffp/var/lib/stunnel/
cat /ffp/var/lib/stunnel/stunnel.log
#Generate cert file necesar a fi specificat in stunnel.conf (varianta cu windows - preferata):
openssl.exe req -newkey rsa:2048 -x509 -days 3660 -out stunnel-pub.pem -keyout stunnel-key.pem
openssl.exe rsa -in stunnel-key.pem -out stunnel-key-no-pwd.pem -> stergere parola
openssl.exe dhparam 2048 >> stunnel-pub.pem (dhparam -> versiunea noua pt. vechiul parametru gendh)
openssl.exe dhparam 2048 >> stunnel-key-no-pwd.pem
# openssl.exe pkcs12 -export -in stunnel-pub.pem -inkey stunnel-key-no-pwd.pem -name "stunnel" -out stunnel-pwd.p12
cat stunnel-key-no-pwd.pem >> stunnel.cer (stunnel.conf:cert = stunnel.cer)
cat stunnel-pub.pem >> stunnel.cer (stunnel.conf:cert = stunnel.cer)
stunnel /ffp/etc/stunnel/stunnel.conf
Nu e necesar importul stunnel-pub.pem in authorized_keys !
Nu e necesara generarea lui stunnel-pwd.p12 !
#Aplica c_hash fisierelor din /certs (stunnel.conf:CApath = /.../certs) -> alternativa la stunnel.conf:CAfile:
cd /ffp/var/lib/stunnel
/ffp/var/lib/stunnelc_rehash /certs

How to create a certificate

# see
# Create a certificate
del adr-*.pem
openssl req -newkey rsa:2048 -x509 -days 3660 -out adr-pub.pem -keyout adr-key.pem
#bug: openssl req -newkey rsa:2048 -x509 -days 3660 -out adr-bitvise-pub.pem -keyout adr-bitvise-key.pem
#bug: openssl req -new -x509 -days 3660 -out adr-bitvise.pem -keyout adr-bitvise.pem
openssl rsa -in adr-key.pem -out adr-key-no-pwd.pem -> stergere parola
#openssl rsa -des3 -in adr-key.pem -out adr-key-new-pwd.pem -> setare parola
openssl dhparam 2048 >> adr-pub.pem (dhparam -> versiunea noua pt. vechiul param gendh)
openssl dhparam 2048 >> adr-key-no-pwd.pem
openssl pkcs12 -export -in adr-pub.pem -inkey adr-key-no-pwd.pem -name "adr" -out adr-pwd.p12
#Pune adr-pub.pem in /home/root/.ssh/ (backup keys folder).
cat adr-pub.pem >> /home/root/.ssh/authorized_keys (ssh server)
#cat adr-pub.pem >> /ffp/var/lib/stunnel/authorized_keys.pem (stunnel)
#cat adr-pub.pem >> /etc/service_conf/authorized_keys.crt (NSA310 web console)

# Certificat pt. invitati:
openssl req -newkey rsa:2048 -x509 -days 3660 -out gigi-pub.pem -keyout gigi-key.pem
openssl rsa -in gigi-key.pem -out gigi-key-no-pwd.pem
openssl dhparam 2048 >> gigi-pub.pem
openssl dhparam 2048 >> gigi-key.pem
openssl dhparam 2048 >> gigi-key-no-pwd.pem
openssl pkcs12 -export -in gigi-pub.pem -inkey gigi-key-no-pwd.pem -name "gigi" -out gigi-pwd.p12
cat gigi-pub.pem >> /home/root/.ssh/authorized_keys

# Encrypt a private key using triple DES (from
# Key generation for bitvise:
openssl rsa -des3 -in adr-key.pem -out adr-key.pem.des3.bitvise -> requested by "User keypair manager"

# see
# Extract the public key to openssh format:
ssh-keygen -y -f adr-key.pem > adr-pub.openssh
cat adr-pub.openssh >> /home/root/.ssh/authorized_keys

# convert p12 to pem
openssl pkcs12 -in xxx.p12 -nocerts -out xxx_key.pem
openssl pkcs12 -in xxx.p12 -clcerts -nokeys -out xxx_pub.pem

# debug ssl connection
openssl s_client -cert xxx_pub.pem -key xxx_key.pem -connect -debug

# request protected https resource
wget --certificate=xxx_pub.pem --private-key=xxx_key.pem
	ERROR: certificate common name ‘svn-ubuntu’ doesn't match requested host name ‘’.
	To connect to insecurely, use `--no-check-certificate'.
	wget --no-hsts --certificate=xxx_pub.pem --private-key=xxx_key.pem
	     Wget supports HSTS (HTTP Strict Transport Security, RFC 6797) by default.  Use --no-hsts to make Wget act as a non-HSTS-compliant UA. As a
	     consequence, Wget would ignore all the "Strict-Transport-Security" headers, and would not enforce any existing HSTS policy.
	This might not work:
	wget --no-hsts --no-check-certificate --certificate=xxx_pub.pem --private-key=xxx_key.pem
	This should work:
	Append svn-ubuntu to /etc/hosts.
	wget --no-hsts --no-check-certificate --certificate=xxx_pub.pem --private-key=xxx_key.pem https://svn-ubuntu/zzz

# DER format
View the complete certificate information (private + public key also):
openssl x509 -inform der -in temp/jetty-certificate.der -text -noout
openssl x509 -in CA.cer -noout -text
openssl x509 -in adr-pub.pem -noout -text | grep -P "Issuer|Subject"
Saves the public key only:
openssl x509 -inform der -in temp/jetty-certificate.der -pubkey -noout > temp/
Converts the certificate to pem:
openssl x509 -inform der -outform PEM -in temp/jetty-certificate.der -out temp/jetty-certificate.pem
Displays the certificate in PEM format and also it's alias:
openssl x509 -inform der -outform PEM -in temp/jetty-certificate.der -alias
Output the complete certificate information (valid only PEM with -----BEGIN CERTIFICATE----- content):
openssl x509 -inform PEM -in temp/jetty-certificate.pem -text -noout

# see jre\lib\security\ for keystore.type (default jks)
# jre\lib\security\cacerts -> JDK trusted certificates from a variety of Certificate Authorities (CA's)
# jre\lib\security\cacerts -> default password is changeit
# listing a keystore
keytool -v -list -storetype JKS -keystore jetty_keystore.jks
keytool -v -list -storetype JKS -keystore jetty_keystore.jks | grep "Alias name:"
keytool -v -list -storetype PKCS12 -keystore jetty.p12

ERROR failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded
	It might be the case of a p12 file with the "Export Password" empty while you try to import it in a jks keystore.
	Import the p12 using -srcstorepass "" option:
	keytool -importkeystore -srckeystore $PKCS12_FILE -destkeystore "$KEYSTORE_FILE_NAME" -srcstoretype PKCS12 -deststoretype JKS -srcstorepass ""

# show a certificate from url
openssl s_client -connect -showcerts </dev/null 2>/dev/null
openssl s_client -connect -showcerts </dev/null 2>/dev/null | openssl x509 -outform PEM

# see also
# key pair generation with multiple formats
openssl req -newkey rsa:2048 -x509 -days 3660 -out adr1-pub.pem -keyout adr1-key.pem
openssl rsa -des3 -in adr1-key.pem -out adr1-key.pem.des3.bitvise
ssh-keygen -y -f adr1-key.pem > adr1-pub.openssh
openssl rsa -in adr1-key.pem -out adr1-key-no-pwd.rsa.pem
openssl pkcs12 -info -nokeys -export -in adr1-pub.pem -name "adr1-pub" -out adr1-pub.p12
openssl pkcs12 -info -export -in adr1-pub.pem -inkey adr1-key.pem -name "adr1 private key and public key" -out adr1.p12
cat adr1-pub.openssh > /********/.ssh/authorized_keys
# putty-tools ubuntu package (command-line tools for SSH, SCP, and SFTP)
# To convert a key from another format (puttygen will automatically detect the input key type):
puttygen adr1-key.pem.des3.bitvise -C 'adr1-key.pem.des3.bitvise' -o adr1-key.putty.ppk