Setup Cygwin CRON service on Windows platform

Assuming we are going to run a Batch File containing those scripts for daily operations, Windows Scheduled Tasks feature offers useful scheduling capability for backup and cleaning operations on Windows server. However, you never get what you want when you want it on Windows platform.

It takes extra steps in configuring Local Policy to allow the user to have a permission of "Log on as Batch Job" in order to add a scheduled task successfully. That might not always happen in a SysAdmin point of view. This always remind me of the useful tools Cygwin which run linux program within Windows. Of course, you can also call Windows program from there. Combined with Cron in Cygwin, you can schedule daily tasks from Cygwin like Windows Scheduled Tasks.


To install cygwin, please refer to the following article:
http://docs.oracle.com/cd/E24628_01/install.121/e22624/preinstall_req_cygwin_ssh.htm

*Reminder:

• You might need to install extra package for cron within cygwin setup.
• During Cygwin setup, please make sure you have also selected cron by entering 'cron' in search field and mark it as INSTALL.
• Please install Cygwin to the root directory of local drive to get rid of those annoying restrictions.

Once you've got Cygwin setup properly on Windows, you can start installing Cron service on Windows.

Here's the command to install new cron service:

#
#Within Command Prompt Terminal
C:\>cd c:\cygwin\bin
C:\cygwin\bin>cygrunsrv -I Cygwin_CRON_JOBS -p /usr/sbin/cron -a -n
#

On Windows desktop, open Control Panel -> Administrative tasks -> Services.
Then look up a service name "Cygwin_CRON_JOBS" which we specified as above.
Make sure this service is started and running properly.

For local user, we might just define the scheduled tasks like this:

#
# Within normal opening Cygwin Terminal
$ crontab -e
# Minute   Hour   Day of Month       Month          Day of Week        Command  
# (0-59)  (0-23)     (1-31)    (1-12 or Jan-Dec)  (0-6 or Sun-Sat)              
    0        2          12             *               0,6           /cygdrive/c/somewhere/something.bat
#

However, this doesn't work in most cases whereas we haven't got sufficient permissions to run CRON tasks in Windows.
For domain user, some extra work needs to be done:

#
# Open Cygwin Terminal by right clicking the icon and selecting [run as Administrator]
# Within Cygwin Terminal ~
$ touch /etc/crontab
# Take ownership for SYSTEM user on this file
$ chown SYSTEM /etc/crontab
# To avoid famous BAD FILE MODE error in Cygwin, try chmod command
# Cron stops working on world editable file due to security reason
# To stop error message, let's make it editable ONLY to the file owner
$ chmod 0644 /etc/crontab
$ crontab -e
# Minute   Hour   Day of Month       Month          Day of Week        Command  
# (0-59)  (0-23)     (1-31)    (1-12 or Jan-Dec)  (0-6 or Sun-Sat)              
    0        2          12             *               0,6           /cygdrive/c/somewhere/something.bat
#

To run Windows program within crontab, you can start from the following path:
/cygdrive/c/...
/cygdrive/d/...

which points to the root directory of the local drives where your favourite commands and batch files are locating.
Make sure the path is correct by listing them like:

#
# Within Cygwin Terminal
$ ls -l /cygdrive/c/Windows
#

For additional information about user account created for cron Windows service, please read here:
http://www.davidjnice.com/articles/cygwin_cron-service.html

Hope you can run your favourite tasks in Cron now.

Convert .p12 bundle to server certificate and key files for Nginx

SSL certificate is a must for nowadays e-commerce site whereas newly emerged web server like Nginx has gained so much attention due to its performance when dealing with heavy traffic to the web site. Why do those people choose Nginx?

Nginx's unique architecture makes it easy to handle large number of concurrent connections at one time with low CPU and memory consumption, compared with IIS and Apache.

Nginx has also taken the place as the front-end proxy server for traditional web servers like IIS and Apache.

Now, back to the topic we are facing today.

Assuming you have received .p12 file from your trust provider, you might need to know more about what a .p12 file is.

According to wiki, PKCS #12 defines an archive file format for storing many cryptography objects as a single file. It is commonly used to bundle a private key with its X.509 certificate or to bundle all the members of a chain of trust.

This means a .p12/.pfx file contains everything we need to provide SSL services, like server certificates, CA root certificate, intermediate chain certificates and server private key.

Unlike .pem file, .p12/.pfx file is in binary form so we cannot copy and paste those blocks for use in a human readable format. It needs a conversion tool like openssl to extract necessary files for the web server like Nginx.

Nginx is also sensitive to the order of server certificate and other CA root and chain certificates in a bundle .pem file so it may not start up properly with a .pem file which has been tempered with no proper knowledge.

Here're the two commands to generate necessary certificate bundle and server key files from a .p12/.pfx bundle file which is supposed to be directly imported into IIS web erver.

#
#
#Generate certificates bundle file
> openssl pkcs12 -nokeys -in server-cert-key-bundle.p12 -out server-ca-cert-bundle.pem
#
#
#Generate server key file
> openssl pkcs12 -nocerts -nodes -in server-cert-key-bundle.p12 -out server.key
#
#

whereas you might be asked to input the password which was included in .p12 file during the creation.

In Niginx.conf, we can include these two files for SSL connection:

#
#
server {
        listen   443 default ssl;
        server_name  localhost ...;

        ssl                  on;
        ssl_certificate      /some_where/ssl_cert/server-ca-cert-bundle.pem;
        ssl_certificate_key  /some_where/ssl_cert/server.key;

        ssl_session_timeout  5m;

        ssl_protocols  SSLv2 SSLv3 TLSv1;
        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers   on;
    
#...  
#

After that, Nginx should start up properly with HTTPS protocol ready for the web site.