Super Simple Server Backups

While setting up a new development server recently, I needed to implement an automated backup of files and database tables to a local hard drive.

My first instinct was to write a cron job using rsync. This worked fine, except that file permissions got messed up. rsync will preserve ownership and permissions if I store the backup locally or on another server via SSH, but it falls down when storing to an attached hard drive by changing ownership and setting permissions on everything to 777. It also resorts to copying files in full, instead of actually syncing changes. In other words, this was not a viable solution.

After a quick search, I found a new service that can help: Setup literally takes only a few seconds, and the app will handle both file and database backups. I chose to store my files on a local disk attached to the server, however BackupBird also supports storing to numerous cloud providers.

Best of all, a single-server account is free!

Fwiw, there is one shortcoming: it copies entire files rather than only syncing the changes. I can overlook this for now since I’m on a dev server, but this might be a concern for a production server.

Update An SSL Certificate

Once every year, I need to update the SSL certificate for one my domains. Somehow, I’ve never written down the instructions until now:

Step 1: Initiate the Certificate Renewal

Start by purchasing a certificate renewal from the vendor. (I use Thawte.) They’ll send an email asking for purchase approval.

Step 2: Generate a Certificate Signing Request (CSR)

At the command line, navigate to the folder where certs and keys are stored. Mine is /etc/pki/tls/, and contains folders certs, misc, and private. In my setup, it also contains the .conf file for openssl.

Type the following command:

sudo openssl genrsa -des3 -out private/your-keyname-here.key 2048

This creates a private key owned by root and stores it in the file, /etc/pki/tls/private/your-keyname-here.key.

Next, working from within the same folder as before, use this private key to create a CSR. Type:

sudo openssl req -new -key private/your-keyname-here.key -out your-keyname-here.csr

The openssl process will now ask for certain details to be included in the CSR. When requested, do not enter an email address, challenge password or an optional company name. The process creates a CSR file owned by root and stores it in, /etc/pki/tls/your-keyname-here.csr.

Now validate the CLR on this testing site. For more details about generating the CSR, check here.

Step 3: Submit the CSR

Navigate to the certificate provider’s website, sign in, then submit the CSR for approval. On success, the provider will send download and installation instructions via email.

Step 4: Install the certificate

Follow the instructions in the email to download the certificate, unzip it, and move the contained files into the appropriate target directory or directories for your setup. My latest certificate included two files, namely, ssl_certificate.crt and IntermediateCA.crt. In my setup, both files went into the /etc/pki/tls/certs/ folder. Make sure to be logged as root when creating these files, and set file permissions to 644.

For more details, visit this page.

Step 5: Update the SSL config file

Back at the command line, navigate to /etc/httpd/conf.d/ and open ssl.conf. Find the lines for the following settings:


… and make sure they point to correct files and locations for each of these settings. My setup looks like this:

SSLCertificateFile /etc/pki/tls/certs/ssl_certificate.crt
SSLCertificateKeyFile /etc/pki/tls/private/
SSLCertificateChainFile /etc/pki/tls/certs/IntermediateCA.crt

Step 6: Reboot the server

Follow the instructions in the earlier article, Rebooting the MSA Server on Digital Ocean, to restart the server.

Step 7: Verify success

Once the server is back up, verify the certificate is working properly using this testing tool.

@Note on passphrases for SSL certs: if you opt for a passphrase when creating a CSR, you’ll need to provide this passphrase each time the server is rebooted. This is okay for a stable environment but becomes a pain when server restarts are frequent.

I opted to remove the passphrase on my dev server using the instructions outlined here. However, my production server still requires the passphrase.


Accessing the Boot Screen in Windows 10

I recently needed to install Linux alongside Windows 10, and discovered that accessing the boot screen has become a bit more involved that just punching the F1 key on startup. There are two ways to get there as described by Microsoft.

From the settings screen:

  1. Select the Start button, then choose Settings .
  2. Select Update & security > Recovery.
  3. Under Advanced startup select Restart now.
  4. After your PC restarts to the Choose an option screen, select Troubleshoot > Advanced options > Startup Settings > Restart.
  5. After your PC restarts, select a startup setting by pressing the corresponding number.

From the sign-in screen:

  1. On the sign-in screen, hold the Shift key down while you select Power > Restart (in the lower-right corner of the screen).
  2. After your PC restarts to the Choose an option screen, select Troubleshoot > Advanced options > Startup Settings > Restart.
  3. After your PC restarts, select a startup setting from the list of options by pressing the corresponding number on your keyboard.

Creating a SubDomain in Apache

I recently needed to create a subDomain for one of my websites. This subdomain points to a separate WordPress installation that is linked to from the parent domain. Here’s a quick overview of how to do this.

The directory structure on my server is similar to the following:


Start by navigating to the /etc/apache2/sites-available directory, then create a configuration file for the new subDomain using a command structured as follows – just switch ‘example’ and ‘blog’ with your target domain and subDomain names:

$ sudo cp 000-default

Now open in an editor and make the following changes:

ServerAdmin <your admin's email address goes here>
DocumentRoot /var/www/html/blog

If it’s been set, remove or comment out ServerAlias.

Next, enable the new subDomain as follows:

sudo a2ensite

Now reload and restart the server:

$ sudo service reload apache2
$ sudo service restart apache2

And finally, set up a CNAME record for the subdomain in the parent domain’s DNS zone file.

That’s all! Go to blog.example.html to view the contents of the subdirectory.

Installing WordPress

Here’s a simple guide to getting a manual installation of WordPress up and running on a personal server.

1) Create a MySQL database for the installation

2) Download the latest version of WordPress at

3) Create a new folder on your desktop and unzip WordPress in it

4) Look for wp-config-sample.php and copy it to wp-config.php

5) Open wp-config.php and set the database access credentials as follows:

 	define(‘DB_HOST’, ‘127.0.0,1’)
 	define(‘DB_NAME’, ‘database_name’)
 	define(‘DB_USER’, ‘username’)
 	define(‘DB_PASSWORD’, ‘password’)

6) Next, scroll down and set the keys and salts to something unique, as shown here, then save the file:

define('AUTH_KEY', 'Put something unique here');
define('SECURE_AUTH_KEY', 'Put something unique here');
define('LOGGED_IN_KEY', 'Put something unique here');
define('NONCE_KEY', 'Put something unique here');
define('AUTH_SALT', 'Put something unique here');
define('SECURE_AUTH_SALT', 'Put something unique here');
define('LOGGED_IN_SALT', 'Put something unique here');
define('NONCE_SALT', 'Put something unique here');

7) Upload the entire contents of the folder to the hosting server

8) Make sure the host’s server is set to recognize the target domain, and that the domain points to the server

9) Go to to customize and start using WordPress

Because this is being installed manually on a personal server (and not by a proprietary install script) the installation directory and files will be owned by the logged user. WordPress doesn’t like this when it comes to adding content or uploading images, or when installing plugins. To fix this permissions problem, make sure the logged user is included in the www-data group.