General

My Parents

By Jay Lagare on Saturday, June 18, 2022

It’s post-Mother’s Day and Father’s Day is almost here. The events of the past two years of pandemic have been a reminder to me that life is short and that you shouldn’t put off until tomorrow what you can do today. So here I am writing something to somehow honor my mother and my father.

I’ll start with the usual, they’re the best parents ever. I could just stop there and that’d be typical of me. But for this time, I’ll go ahead and crunch out some more words than my usual.

Probably the most important lesson my siblings and I got from my parents is faith. Not religiosity but more of spirituality. Growing up, we we’re pretty non-denominational. We were either Catholic and/or Born Again.

In any case, we were raised with solid Christian values. Proverbs 22:6 says “Start children off on the way they should go, and even when they are old they will not turn from it.” And that pretty much sums up how my parents are to me and my siblings, in faith and in everything else. Because of this, I’m glad to say, we had a quite trouble-free childhood, youth, and even adulthood.

They also taught us the value of learning. Both my parents were teachers and they are two of the smartest people I know. They are very passionate about learning so school was very important. We had to study and study and study some more.

We did have an advantage at school because they taught Mathematics and Biology, two of the tougher subjects. We got unlimited tutoring on those though sometimes the sessions did end in tears. But by and large they were successful and I’m left with only Filipino and Araling Panlipunan as my biggest challenges. Until now they’re challenges… in homeschooling the kids.

They also taught us the value of working with our hands. We didn’t do it too much because we were blessed with some help at the house. But I think we did enough to learn and appreciate it.

Inside the house, we made our own beds, folded our own clothes, put to order our own lockers, cleaned the floor, cooked, set the table, and washed the dishes. Even bathroom and toilet cleanup.

Outside on the yard, we dug holes, watered the hedge (with a pail and dipper, no hose), cleaned the yard, cleaned the roof, gathered and split wood. One summer I even did some carpentry: I installed the walls of the greenhouse after the carpenters set up the frame and roof.

Beyond being great parents day to day, I witnessed them do heroic stuff. There are a few that I vividly remember.

Once, we were in a passenger jeep waiting for it to fill. There was this baby/toddler being carried by his mother and he was staring with glassy eyes at me. I stared back and was contemplating the possible reasons when I was startled by the mother hysterically screaming something about convulsion. I was scared and confused but my mom wasn’t. She leapt into action putting a wet cloth on the baby’s forehead and directing the driver to go to the campus infirmary. I was pretty much convinced she saved that baby’s life.

She’s got healing powers, my mom. All of us siblings, never ever spent a day confined in a hospital. We do get sick, especially sickly me. But she’s both our doctor and nurse and was always there till we get better.

It doesn’t stop with healing powers.

There’s this time when a student who failed a course went to the house of his teacher, our neighbor across the street. He was drunk and he had a lead pipe (or was it something else?) with him. The hapless teacher tearfully went across the street to our house with the guy shouting and holding the pipe menacingly following her. My mom met them at the gate and placated the guy and successfully defused the situation.

We lived in a university town, the main campus of one of the country’s best universities. As I mentioned earlier, both my mom and dad were teachers. Like our neighbor across the street, they had to deal with disgruntled students and bad people threatening bodily harm.

At least twice, armed men visited the house as we were having dinner. As soon as we hear them coming, we would quickly turn off the lights. The men outside would ask for my dad and either my mom or one of my aunts would tell them he’s not around. They would then leave after several tense minutes.

Some teachers were injured or even killed.

One foggy evening, we heard a commotion in the alley beside our house. Suddenly there were two shots and then a blood-curdling scream for help. Then more shots. My mom and dad ran outside and helped the victims, a couple. My dad on his own carried the guy who was shot to the bench of the store in front of our house. My mom helped the lady into our house and waited for transportation to the hospital. Unfortunately, the guy later died.

But despite these dangers, my mom and dad continued teaching and working at the university. By the time they retired, they had taught thousands of students. These students went on to help build the country, even the world, as engineers, doctors, nurses, lawyers, and, of course, teachers who went on and taught the next generation. That’s the exponential superpower of teachers, and of my parents.

Speaking of superpowers, my dad was in the reserve officer training corps and there’s this photo of him doing a commando crawl rope traverse. There were no videos back then but I could just imagine him gliding over trees, cliffs, and rivers as Superman would… only with a rope.

And another time, the family was strolling around the campus and passed by the university library. It’s a unique building shaped like a fort with steep sloping walls. My dad decided to try scaling the wall. As we waited atop the wall, he tried and crawled up the wall like Spiderman would. I was in awe!

The truth is both of them are my heroes, my role models, my mom, my dad. I am ever grateful to our Father in heaven for them.

Mom, Dad, Belated happy Mother’s Day and advanced happy Father’s Day! I love you.

General

Dovecot: Missing dh.pem

By Jay Lagare on Friday, May 7, 2021

Yesterday, I upgraded my mail server’s operating system. After upgrading, I encountered the following error in dovecot:

config: Warning: please set ssl_dh=</etc/dovecot/dh.pem

What’s dh.pem? I found the answer in the Dovecot 2.3 upgrade documentation. Apparently, the ssl-parameters.dat file is now obsolete. You should use ssl_dh setting instead by adding: ssl_dh=</etc/dovecot/dh.pem to the configuration.

But how do you get dh.pem?

One way is to can convert an existing/old ssl-parameters.dat to dh.pem:

dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dhparam -inform der > /etc/dovecot/dh.pem

Another way, which I found here, is to generate a new dh.pem:

openssl dhparam -out /etc/dovecot/dh.pem 4096 -days 3650

It takes a LOOONG time. But once the file is ready, just add it to /etc/dovecot/conf.d/10-ssl.conf

ssl_cert = </etc/letsencrypt/live/myserver.xyz/fullchain.pem
ssl_key = </etc/letsencrypt/live/myserver.xyz/privkey.pem
ssl_dh = </etc/dovecot/dh.pem

Restart dovecot and you’re back in business.

General

Enabling HTTPS On Tomcat Using Let’s Encrypt

By Jay Lagare on Saturday, March 13, 2021

I’ve previously written on enabling HTTPS on your website using Let’s Encrypt. I showed that, with Let’s Encrypt, it’s quite easy to secure your Apache web server and, as a bonus, also showed how to secure your Dovecot mail server. But what if you are using Apache Tomcat? That’s quite easy, too!

General

How To Make Simple Gnocchi

By Jay Lagare on Sunday, September 6, 2020

General

Enable HTTPS On Your Website With Let’s Encrypt

By Jay Lagare on Friday, May 3, 2019

There’s no question that secure communications is critical. On the web, this is done using HTTPS. HTTPS is secure extension of the HTTP. In HTTPS, communications is encrypted using Transport Layer Security (TLS), or its deprecated predecessor, Secure Sockets Layer (SSL).

TLS uses a public key encryption scheme where you have a public and private key pair. The web server provides they public key which the web browser can use to encrypt communications with. The public key is signed to certify the identity of the web server owning the key. This gives you the public key certificate or just simply certificate.

You can self-sign (or self-certify) just so you can encrypt communications and that’s fine if your dealing with yourself or parties who trust you and your self-signed certificate (e.g. your own systems or employees). But if you deal with other parties (e.g. other systems or customers) you need a certificate from a certificate authority (CA), a trusted entity that signs keys and issues certificates.

Let’s Encrypt is a free, automated, and open certificate authority brought to you by the non-profit Internet Security Research Group (ISRG). They provide certificates absolutely free. The certificates expire in 90 days, but they can be automatically renewed using Certbot. There’s simply no excuse not to have a secure site. And it’s so easy to boot. There are step-by-step instructions for almost every web server and operating system combination at the Certbot page.

Here are the steps for getting certificates using Ubuntu and Apache:

Add the Certbot apt repository
- sudo add-apt-repository ppa:certbot/certbot
Update the repository
- sudo apt-get update
Install Certbot from the new repository with apt-get:
- sudo apt-get install python-certbot-apache
Obtain a certificate for your domain
- sudo certbot –apache -d example.com

This give your certificates for your new files and configures Apache automatically. But you should be able to find the certificate files for other purposes (see below) at /etc/letsencrypt/live/example.com

The certificate only last for 90 days. However, Certbot takes care of this problem by running certbot renew twice a day via a systemd timer or cron. We can also manually test renewal:

sudo certbot renew –dry-run

BONUS: If you’re using Dovecot https://www.dovecot.org/, you can also use the certificate:

Edit /etc/dovecot/conf.d/10-ssl.conf:
- ssl_cert = /etc/letsencrypt/live/example.com/fullchain.pem
- ssl_key = /etc/letsencrypt/live/example.com/privkey.pem
Restart dovecot:
- sudo service dovecot restart

That’s it! You now have a secure website and email server.