This very first post of my new blog post series about useless use of some commands when writing shell scripts.

Let's start with find and grep. When I started with shell scriptig, I used to use find /path/to/dir | grep -E '\.ext$' in order to exclude files with .ext.

But, did you know find offers better way to exclude files? Try find /path/to/file ! -name '*.ext, the result will be the same, without spanning a new process.

How about exluding multiple extensions? One may ask. Just repeat ! -name ext like this: find /path/to/file ! -name '*.ext1' ! -name '*.ext2' ! -name '*.extN'. And depending on number files types/names to exlude, this may become unreadble. In this case, take advantage of operators offered by find: find /path/to/dir ! \( -name '*.ext1' -or -name '*.ext2' -or -name '*.extN' \)

I installed varnish as a cache frontend for my apache web server few weeks ago. In this process, I changed apache's listening address from my public ip to localhost. But, I was still using apache for my https sites (webmail and few other virtual hosts). Today, I setup pound as a SSL reverse proxy for apache and completly removed mod_ssl from my apache's configuration.

Even if pound is easy to set up, there is a pain point on this type of migration: in fact, apache is able to run an external command to get the passphrase in order to unlock the ssl private key, which pound is not capabale of.

Pound won't start if the SSL key is protected by a passphrase. Thus, on the migration process, one need to remove the pass phrase from the private key before starting pound. Needless to say, the private key must be properly protected.

If you're using tinyca for managing your certificates, follow how to get rid of the passphrase:

  • Do not forget to backup tinyCA data before doing any changes!

  • Find the private key file. It should be located in ~/.tinyCA/SITE/keys directory. Filenames are encoded using base64. ls | perl -MMIME::Base64 -ne 'print decode_base64($_)' ; echo will display them in an human readable format.

  • Remove the passphrase by openssl rsa -in INPUT_FILE -o OUTPUT

  • Check the new file with openssl rsa -check -in OUTPUT

  • Replace the old file with by the newly key.
  • Start tinyca2 and reexport the certificate and the private key.