He once said: “Being the richest man in the cemetery doesn’t matter to me … Going to bed at night saying we’ve done something wonderful… that’s what matters to me.”
And I think he was just right.

Rest in Peace, Mr. Jobs.

Services installed

• dovecot IMAP/IMAPS Mail Server
• dovecot POP3/POP3S Mail Server
• postfix SMTP TLS MTA
• Apache HTTP/HTTPs Webserver
• Subversion Repository
• WebDAV online Disk
• BIND DNS

Preparations and basic setup

1. Take the server off-line and make sure no mail arrives. The emails will be queued on the alternate MX and delivered later.
2. Do the backup (rsync including all deletions)
3. Dump the installed packes to an XML using yast2 Software Management
4. Install base software from boot ISO over the network
5. Setup Networking
6. Restore /etc/passwd
7. Restore /etc/shadow
8. Restore /home in the background

Setup Mail Server

1. Setup postfix (check possibility to restore /etc/sysconfig/postfix from backup), but do not start
2. Setup dovecot (restore /etc/dovecot/dovecot.conf), but do not start
3. Check certificate values in /etc/sysconfig/postfix (or restore from backup)
4. Create postfix certificates and SSL CA using mkpostfixcert
5. Edit the config file /usr/share/doc/packages/dovecot/dovecot-openssl.cnf (attention, will be overwritten when upgrading dovecot)
6. Run /usr/share/doc/packages/dovecot/mkcert.sh
7. Download and install roundcube mail in /srv/www/htdocs

Setup Apache Webserver

1. Setup apache2 (check possibility to restore /etc/sysconfig/apache2)
2. Restore /etc/apache2/vhost.d from backup
3. Restore /etc/apache2/conf.d/subversion.conf from backup
4. Generate the following certificates for apache using yast2 (mail, svn, disk)
5. Export the PEM encoded certificates to /etc/apache/ssl.crt|key/

Setup BIND Name Server

1. Restore /etc/named.conf from backup
2. Restore /etc/named.d from backup
3. Restore /var/lib/named/master from backup

Setup MySQL

1. Restore /etc/my.cnf from backup
2. Restore /var/lib/mysql from backup

Setup Subversion

1. If subversion is the same version (or compatible) just restore /srv/svn from backup
2. If subversion is not compatible anymore use svnadmin load to load the dump from the backup

There’s noting to do for the WebDAV disk

After all the configuration files etc. have been restored and the settings in /etc/sysconfig have been checked, run SuSEconfig for the last time and test the mail server.
Unplug from the internet and start postfix and dovecot.
Check if a locally created mail is correctly handled by postfix, amavis and successfully delivered with dovecot.
Also check if the IMAP mbox is created in /var/spool/mail.

If this test succeeds we can restore /var/spool/mail from backup and connect to the internet again.

Now use yast2 to edit the runlevel configuration and make sure all the services are started at boot-time.
Also start them now.

Stored e-mails should no be delivered and correctly handled by the mail server.

Test all the virtual apache servers, webmail, subversion and WebDAV.

Your Mac OS X has all the capabilities built-in to setup a secure VPN:

• racoon (ipsec)
• vpnd (l2tp/pptp tunnelling)
• pppd (connection)

The only difference to Mac OS X Server is that there’s no GUI for a simple configuration.

VPN Server Set-up

There’s where iVPN comes handy.
It’s straight forward to use and self-explaining. iVPN maintains a valid configuration file for vpnd (/Library/Preferences/SystemConfiguration/com.apple.RemoteAccessServers.plist) and takes care of your chap.secrets and user.plist (both in /etc/ppp).
Versions above 2.4 cost something — but you can use the old 2.4 release (Download here)
because you only need it for the initial set-up.

The only thing to do after you created your config with iVPN 2.4 is to chmod 600 /etc/ppp/* to protect the plain text passwords.

To start your vpn, you can use either iVPN or simply call vpnd from your terminal.

Client Set-up

Now configure your iPhone to use L2TP/IPsec and run a local test on your wireless LAN. Use the same values like before… Works? Good, then proceed.

Netopia Router/Firewall/NAT Config

Put your netopia to ‘expert mode’. Goto configuration->NAT/Games.

The Netopia box needs to have the following ports forwarded to your VPN server:

Netopia Port Forwards

“L2TP” is a manual UDP Port 4500 forward
“L2TP Traffic” is a manual UDP Port 1701 forward

Now configure your iPhone to use your public IP address and try to connect.

On your VPN server you should see all activity in the log file /var/log/ppp/vpnd.log

I’ve chosen to use L2TP/IPsec because it is more secure.
PPTP is basically supported as well, but I did not get it to run and I didn’t want to spend more time on this.

Despite the fact that facebook directly competes OpenId with it’s facebook connect product, they’re even going a step further than most of the other sites featuring OpenId logins.
Facebook seems to become not only an issuing party (make your accounts compatible with OpenId) but also a relying party (accept login credentials from other OpenId sites).

Hopefully this will help OpenId to increase popularity…

(via TechCrunch)

The problem was that when adding the webDAV-wagon to your build as an extension, you also get the commons-httpclient dependency to the maven runtime classpath. This wouldn’t be too bad, but the 1.0-beta2 version of the webDAV-wagon depends on commons-httpclient version 2.0.2. That’s way too old for canoo webtest and is also deprecated for almost a year now.

I found out that starting with maven 2.0.9 you don’t need to have an explicit reference to the webDAV-wagon as extension anymore.

E voilà! Suddenly it worked. Maven 2.0.9 also seems to work with version 3.1 of commons-httpclient, the same version canoo webtest depends on.

So, if you get a ‘NoSuchMethodFound’ for HttpConnectionManager.getParams() first check if you’re using the webDAV-wagon extension first.

I use the following parameters in my sysctl.conf:

kern.ipc.maxsockbuf=2500000
net.inet.tcp.sendspace=1000000
net.inet.tcp.recvspace=1000000
net.inet.tcp.mssdflt=7936
net.inet.tcp.delayed_ack=0
The buffers are probably too high, I know.