My Cheat Sheets: November 2022

Command	Description
cd ..	Move up one level to upper directory.
cd /root	Move /root directory.
pwd	Show working directory (your current position).
ls -lah	Show all files and directory in working dir with format as list, all (show hidden files) and human readable size (eg. with Mb). I use it as general listing.
ls -ltr	ls with order by date.
ls \| wc -l	Count files on a directory.
ls -lahS	ls with order by file size.
df -h	Check disk space.
du -hd 1 /root	Check disk usage for every directories under /root directory. Useful for tracking disk space eater. Add \| sort -h to sort the result.
wget -c -url-	Use -c option to resume download.
grep -Rnw '/path/to/search' -e 'pattern'	find in files, use --include=\.{c,h} or --exclude=\.o param to include or exclude spesific file extensions. Use --exclude-dir={dir1,dir2,*.dst} param to exclude dirs.

Command

Description

cd ..

Move up one level to upper directory.

cd /root

Move /root directory.

pwd

Show working directory (your current position).

ls -lah

Show all files and directory in working dir with format as list, all (show hidden files) and human readable size (eg. with Mb). I use it as general listing.

ls -ltr

ls with order by date.

ls | wc -l

Count files on a directory.

ls -lahS

ls with order by file size.

df -h

Check disk space.

du -hd 1 /root

Check disk usage for every directories under /root directory. Useful for tracking disk space eater. Add | sort -h to sort the result.

wget -c -url-

Use -c option to resume download.

grep -Rnw '/path/to/search' -e 'pattern'

find in files, use --include=\*.{c,h} or --exclude=\*.o param to include or exclude spesific file extensions. Use --exclude-dir={dir1,dir2,*.dst} param to exclude dirs.

source: https://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html#Configuration

Self Signed Certificate means we create ourselves the certificate, and must tell the browser to accept it. It already serve the purpose to secure connection between browser and Tomcat but you can import certificate from a Certificate Authority later on if deemed as necessary.

1. Create a local Certificate Signing Request (CSR) using keytool which is located in Java's bin directory (keytool.exe on Windows). Change \path\to\my\keystore below as needed, in my case i change it to Tomcat's conf directory (/opt/tomcat/latest/conf/.keystore)

keytool -genkey -alias tomcat -keyalg RSA -validity 1095 -keystore \path\to\my\keystore

Before we run keytool, we make sure it is accessible using which command.

then run:

keytool -genkey -alias tomcat -keyalg RSA -validity 1095 -keystore /opt/tomcat/latest/conf/.keystore

Then provide all the information that the keytool asks and don't forget to write down the password (keypass) for later use.

2. Edit conf/server.xml file, add following lines into config right after the first Connector tag (port 8080). Don't forget to change 'changeIt' word with your certificate password.

<Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
           port="8443" maxThreads="200"
           scheme="https" secure="true" SSLEnabled="true"
           keystoreFile="conf/.keystore" keystorePass="changeIt"
           clientAuth="false" sslProtocol="TLS"/>

3. Open incoming port 8443 on firewall:

firewall-cmd --permanent --zone=public --add-port=8443/tcp
firewall-cmd --reload

4. Restart Tomcat, then test by accessing with https://localhost:8443/ there will be a security warning from the browser, we should add exception for this.

Below are examples add security exception on Mozilla Firefox:


(1) Click on 'Advanced' button.

(2) Click on 'View Certificate' to verify that it has the right certificate. (3) Click on 'Accept the Risk and Continue' to make exception.

My Cheat Sheets

Linux Commad Quick Reference

Enabling HTTPS on Tomcat9 (using Self Signed Certificate)

Report Abuse