java.desktop/sun.awt.FontConfiguration.getVersion with NullPointerException

 Ref: https://stackoverflow.com/questions/65509533/npe-from-sun-awt-fontconfiguration-getversion-using-apache-fop-jdk-11-on-linux-s

Error:

Caused by: java.lang.NullPointerException
        at java.desktop/sun.awt.FontConfiguration.getVersion(FontConfiguration.java:1262)
        at java.desktop/sun.awt.FontConfiguration.readFontConfigFile(FontConfiguration.java:225)
        at java.desktop/sun.awt.FontConfiguration.init(FontConfiguration.java:107)
        at java.desktop/sun.awt.X11FontManager.createFontConfiguration(X11FontManager.java:719)

Solution:

Turns out the issue was not that I didn't have access to the fonts, the Linux OS required me to install fontconfig via yum.
yum install fontconfig
I am not sure why Oracle JDK 11 plus the missing Linux utility was the issue since this works now in my production environment with Oracle JDK 1.8 and without fontconfig being installed.

Adding trusted root certificates to the server

 Ref: https://manuals.gfi.com/en/kerio/connect/content/server-configuration/ssl-certificates/adding-trusted-root-certificates-to-the-server-1605.html

If you want to send or receive messages signed by root authorities and these authorities are not installed on the server, you must add a trusted root certificate manually.

Use the following steps to add or remove trusted root certificates to/from a server.

Mac OS X

Function	Method
Add	Use command: sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ~/new-root-certificate.crt
Remove	Use command: sudo security delete-certificate -c "<name of existing certificate>"

Windows

Function	Method
Add	Use command: certutil -addstore -f "ROOT" new-root-certificate.crt
Remove	Use command: certutil -delstore "ROOT" serial-number-hex

Linux (Ubuntu, Debian)

Function	Method
Add	Copy your CA to dir /usr/local/share/ca-certificates/ Use command: sudo cp foo.crt /usr/local/share/ca-certificates/foo.crt Update the CA store: sudo update-ca-certificates
Remove	Remove your CA. Update the CA store: sudo update-ca-certificates --fresh

NOTE

Restart Kerio Connect to reload the certificates in the 32-bit versions or Debian 7.

Linux (CentOs 6)

Function	Method
Add	Install the ca-certificates package: yum install ca-certificates Enable the dynamic CA configuration feature: update-ca-trust force-enable Add it as a new file to /etc/pki/ca-trust/source/anchors/: cp foo.crt /etc/pki/ca-trust/source/anchors/ Use command: update-ca-trust extract

NOTE

Restart Kerio Connect to reload the certificates in the 32-bit version.

Linux (CentOs 5)

Function	Method
Add	Append your trusted certificate to file /etc/pki/tls/certs/ca-bundle.crt cat foo.crt >>/etc/pki/tls/certs/ca-bundle.crt

NOTE

Restart Kerio Connect to reload the certificates in the 32-bit version.

Linux shell restricting access and disable shell with nologin

Ref: https://www.cyberciti.biz/tips/howto-linux-shell-restricting-access.html

To block shell access for the user named ‘vivek’. Please note that an account named ‘vivek’ must exist on your system. Run the usermod command or chsh command:
# usermod -s /sbin/nologin vivek
Debain or Linux Linux user modify above command as follows:
# usermod -s /usr/sbin/nologin vivek

 

How to do the port forwarding from one ip to another ip in same network?

 

Ref: https://serverfault.com/questions/586486/how-to-do-the-port-forwarding-from-one-ip-to-another-ip-in-same-network

These rules should work, assuming that iptables is running on server 192.168.12.87 :

#!/bin/sh

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -F
iptables -t nat -F
iptables -X

iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.12.77:80
iptables -t nat -A POSTROUTING -p tcp -d 192.168.12.77 --dport 80 -j SNAT --to-source 192.168.12.87

You have to DNAT incoming traffic on port 80, but you will also need to SNAT the traffic back.

---

Alternative (and best approach IMHO) :

Depending on what your Web Server is (Apache, NGinx) you should consider an HTTP Proxy on your front-end server (192.168.12.87) :

• mod_proxy (Apache)

• proxy_pass (NGinx)

How to change the RHEL 8 server hostname without a system restart

 

Ref: https://www.cyberciti.biz/faq/rhel-8-change-hostname-computer-name-command/

Type the following commands:
$ sudo hostname nixcraft-rhel8
Next edit the /etc/hostname file and update hostname:
$ sudo vi /etc/hostname
Finally, edit the /etc/hosts file and update the lines that reads your old-host-name:
$ sudo vi /etc/hosts
From:
127.0.1.1 localhost
To:
127.0.1.1 nixcraft-rhel8
Save and close the file.