Monday, December 16, 2013

Using self signed certificates and enabling SSL on nginx

Note: Only recommended for development environment. Not for production. 

Assuming that your nginx installation is located at
/etc/nginx 
create a directory
/etc/nginx/ssl
. We are going to host our certificates in the above directory. Step 1: Create a key, enter passphrase when asked
sudo openssl genrsa -des3 -out server.key 1024 
Step 2: Use the key generated in step 1 to generate a CSR(certificate signing request)
sudo openssl req -new -key server.key -out server.csr
Enter the required information. Make sure you enter the FQDN when asked. Step 3: Remove the passphrase as we don't want to enter it each time we want to start nginx. (Useful when daemonizing)
sudo cp server.key server.key.org
sudo openssl rsa -in server.key.org -out server.key
Step 4: Use the CSR and the Key generated in the above steps to create a Certificate.
sudo openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Here is the sample nginx configuration to get your site up and running.
server{
  listen                443 ssl; # default;
  server_name           example.com;
  root                  /var/www/approot/public;

  ssl on;
  ssl_certificate         /etc/nginx/ssl/server.crt;
  ssl_certificate_key     /etc/nginx/ssl/server.key;

  location / {
    access_log          off;
    include proxy_params;
    proxy_redirect off;
    proxy_set_header X-Forwarded-Proto https;
    proxy_pass    http://upstream;
  }
}

Wednesday, September 18, 2013

Deploying multiple Rails apps to same domain using sub URI's, nginx and passenger.

I recently had a requirement where I had to run two different Rails app's on the same domain with different sub URI's. The following was what I wanted to achieve:
www.example.com - Load Rails App1
www.example.com/app2 - Load Rails App2
This is very easy to achieve provided you are using Passenger Phusion + nginx. I made the following changes to the server block in nginx.conf
server {
  listen 80; 
  server_name www.example.com;
  root /var/www/app1/public;
  passenger_enabled on;
  passenger_base_uri /app2;
}
Look at how the
root
is pointing to app1's public folder. And look at the new addition
passenger_base_uri
directive. Now, we need to carry out the final step - symlink app2's public folder to /var/www/app1/public/app2.
ln -s /var/www/app2/public /var/www/app1/public/app2 
Once the symlink is created, restart nginx and you are ready to serve different Rails apps on the same domain.

References:

Wednesday, September 11, 2013

Configuring FTP access on Ubuntu 12.04 LTS server

Configuring FTP on Ubuntu is fairly trivial, but securing it requires some learning. Here's what I had to do configure FTP and allow users to access it.

1. Install the FTP server

 sudo apt-get install vsftpd

2. Create a new user

You can additionally disable shell access to the ftpuser., in my case I needed shell access.
 sudo useradd ftpuser
You can skip the step 2 and use the "ftp" user that gets created when you install vsftpd. In my case I needed a new user.

3. Restrict the ftpuser's access to file system and jail them to their home dir

Edit the /etc/vsftpd.conf and make the following change
 chroot_local_user = Yes

4. Restart vsftpd 

 sudo /etc/init.d/vsftpd restart 
You should be able to access and write to ftpuser's home directory now.

Additional Details:


Change default FTP upload directory for the ftp user created by vsftpd:

 sudo mkdir /srv/file_dir/ftp
 sudo usermod -d /srv/file_dir/ftp ftp 
The -d option to usermod changes the home directory of ftp user to /srv/file_dir/ftp

Allow ftpuser to access a specific folder outside home directory when chroot is enabled.

Lets assume you need FTP access to /var/www/files, then we need to do something like this:
 mkdir /home/ftpuser/www_files
 mount --bind /var/www/files /home/ftpuser/www_files 
Now, the /var/www/files directory is bound to your /home/ftpuser/www_files and is visible in your home directory listing. In case you get permission errors , make sure the ftpuser has enough access to -/var/www/files

To make the changes permanent add the following configuration to /etc/fstab
 /var/www/files /home/ftpuser/www_files none bind 0 0

Enable Anonymous downloads

If you wish to enable anonymous downloads edit /etc/vsftpd.conf and change.
 anonymous_enable=Yes 
It is recommended to turn off this feature unless you are absolutely certain you need this.

References:

https://help.ubuntu.com/12.04/serverguide/ftp-server.html
http://www.ducea.com/2006/07/27/allowing-ftp-access-to-files-outside-the-home-directory-chroot/
http://linux.about.com/od/commands/l/blcmdl8_usermod.htm

Friday, May 10, 2013

Things I miss on my WP8

I recently moved to WP8. I have used WP7 in the past and I certainly like what Microsoft did with WP8. With that said I just wish the following things just worked on my new phone.

  • Powerful  email client. I love the email experience on Android, I love it more than on my iPhone. The windows email client gets the job done, but I think it's very basic. 
  • Messaging app - WP8 doesn't support searching messages! Can you believe that? Better Facebook integration. Possibly support for WhatsApp.
  • If WhatsApp integration is not possible - then a better client.
  • Pocket, Instapaper
  • Flipboard, Feedly. There used to be a native Pulse app, but now it's web only. And, I couldn't get it to work.
  • Google Maps. Honestly, IMO nobody can beat Google at maps when it comes to accuracy. At least, in my country.
  • Option to change default search provider. I will use bing when it gets the job done for me. At the moment it doesn't.

Sunday, April 14, 2013

How I chose my python framework

I always wanted to learn Python. Even though I never coded in Python, I kept in touch with the community. So, from that experience I can tell you that Python lacked a robust web framework until recently. Django was under development and things were not so easy if you wanted to code for the web in Python.

Fast-forward today, I'm surprised at the number of frameworks that have come up for Python. And honestly, when I started this exercise of learning Python all I wanted to do was,

 sudo apt-get install python-django 
 gedit hello.py   

But now, with so many choices I can no longer think of Django as the Python framework of choice. So, as any good programmer, I did a lot of research, read a lot of opinions and finally settled upon Flask.


I have my own reasons for choosing Flask,

  • I wanted to learn Python, and wanted the journey to be fun. For that I needed a framework without lot of conventions.
  • I did not want to build anything big. I wanted to start small and start quick.
  • I wanted good support from the community.

Flask is a micro-framework. To put it the developer's own words - "Flask can be everything you need and nothing you don’t". 

And, that's exactly what I need. It's minimal, light, comes with a light weight web server for testing and has very good documentation and community. I was able to install flask, write a Hello World application and serve a web page in less than 5 minutes. So, that definitely says something.

One more framework I did a lot of research on was Web2Py. Though I don't agree with some of their design decisions I still think its a great framework for beginners and experts alike. But, as I stated above my goals are different and at the moment Flask does the job for me.

Saturday, April 6, 2013

It's not always about the response.

This is about my recent experience with the Android app - Cleartrip.

The earlier week Cleartrip released an update to their Android app. And, oddly enough they added a mysterious permission "Retrieve running apps". When I saw the permission my emotions ranged from anger to hatred to giving up. Because, for me it made no sense that a travel app would require such a permission.

I felt angry because I thought Cleartrip was misusing my trust. Just because I like their app and use it for my booking, it doesn't give them the right know what apps I use. 

I hated them because it was only after a lot of search, installing/un-installing other apps, I finally settled with them. I'm very particular about user experience and this was the only app that matched my expectations. And now, they do this and leave me no choice but to move on to another app.

Under normal circumstances, I would have ranted or would have just uninstalled and settled with another app with subpar user experience. But, my recent experiences with the open source community, +xda-developers  and WebileApps taught me ranting or giving up doesn't help anybody. Maybe, it was an honest mistake by the developers.

I wanted to constructively let the developers of Cleartrip know how I felt about the new update. And this is what I did.


Couple of hours later the developers release two updates and here's what they had to say:


While I don't believe everything they said, removing the permission and releasing an update was the correct thing to do.  This could have gone in an entirely different direction, the developers could have just ignored my review or worse I would have never bothered to post the review. But, in the end I did voice out my opinion and for a change this time, people cared.

Tuesday, June 29, 2010

the most intersting thing than my girl

Ubuntu,Android, Facebook, My ex-gf all are very interesting, but I want to talk bout something more interesting :))

WebileApps

No, I did not get a job there. Its not famous than Google or Microsoft. The only reason why I want to talk bout it is, its the company and I started along with my friends Rajiv, Sandeep and Satya

We now need all your support more than ever.

Thursday, July 9, 2009

Guess whats this about!!

I wonder why I didn't write this blog earlier, I wanted to write this right after the blog on Google chrome, some how it did not happen and I just cost myself a "I told you so" moment.

In case you are wondering what's this about - Lets get to the point. This post is about the Google Chrome OS. I guessed some time ago when Google released chrome something like this was coming.

It is a light weight OS meant to be run on netbooks

  • which boots in a few seconds, 
  • has Google chrome as its primary browser,but not restricted to it
  • built on top of a Linux kernel
  • and most importantly Open Source.


It is not build using Android as previously rumored. Google has clarified that the domain of Android and Chrome OS is entirely different even though both share some ideologies.

One observation from my side is that even though chrome was released long time ago the reason why Google took some time to release the OS might be of the fact that it was waiting for the Linux version of Chrome to be released

For more information visit the official google blog

Monday, September 1, 2008

Chrome - Google's own browser.

Google the web giant is planning to launch its own browser in to the market. It has already made an announcement and discussed with users the features that will differentiate it from others. It is christened Chrome. While I am quite content with my FF 3, I would still love to see and use the google's browser. Google said in its blog that its browser's main features will be...

1. Reliability
2. Speed
3. Simplicity(ease of use)
4. Security
Google said that their browser is multi-process(not multi-threaded) based. So, separate processes render separate tabs. It solves the current problem where a single tab crashing due to some notorious javascript takes the whole browser instance with it. IE 8 I think is trying to implement the same feature too(my guess). Also chrome features a task manager which gives you an idea on which tab(website opened in that tab) is using how much memory and u can always close the hungry guy. Also, web kit(android too uses web kit) the open source rendering engine is used in chrome. Plus many more features never heard of before are being implemented in it.
Also, there are many other new very innovative features in chrome that I can't explain all of them in this single post (sorry for my haste as I am in my office and need to post it before my boss catches me posting). For more information see this and this.

Oh!! I almost forgot to say Chrome is Open Source.
Here's a screenshot on how chrome may look like(this isn't exactly how its going to look like but posts with images are always better).


Wednesday, August 20, 2008

How to boot an existing Linux or XP installation from virtual box

If you find the post below to be from mars then please read this article first.

The easiest way to run an OS is to install it from the virtual machine. But this is not the case always. In my case I came to know about virtualization only after I had installed all my operating systems.

My system config was something like this, I had three operating systems installed.
1. Windows XP
2. Ubuntu 8.04
3. Custom Built Linux.

My case was that I needed to boot into my custom built linux through Ubuntu using virtualization. Now I had to choose a Virtualization kit. I had three choices before me:
1. VmWare
2. Virtualbox
3. Qemu

I did not try VmWare at all. But between Virtualbox and Qemu, Virtualbox seemed to be way better. I downloaded the virtualbox from the SUN's website. It had a binary for my Ubuntu 8.04. Two double clicks and it was installed. Now my problem is how to make virtualbox boot into my custom built linux or my existing windows xp installation.

To achieve this you have two ways.
1. Create separate entries for each OS you want to boot or
2. Let virtualbox point to your MBR.

In the first case you will be booted into the OS os your choice, whereas in the second case when you start virtualbox you will be greeted with your own grub menu which you see every day when you start your system. It is dangerous to start your system in this way as the guest os(os you are going to boot from virtualbox) has all access to your hard disk and you may potentially damage your Host OS(OS on which Virtualbox is installed.)

I found these methods from the following post: http://ubuntuforums.org/showthread.php?t=769883 - any credit goes to the author. IMO this is the best post for running an existing XP installation. Caution:These methods require you reactivate your copy of windows. so please decide whether you want to really boot into existing windows installation using virtualbox. Installing Guest Additions(tools that make the guest os run faster and smoother on virtualbox) for XP will not let you boot into your existing windows install any more. so proceed with caution.

Method 1 -- pointing to existing linux install. 

FIrsrtly, we need to download and install a package called mbr.  Run the following code in your linux terminal:
sudo apt-get install mbr && mkdir ~/.VirtualBox && install-mbr ~/.VirtualBox/myboot.mbr --force 
the above command mirrors a copy of your MBR onto a file called as myboot.mbr. We will be using this myboot.mbr in our virtualbox. Then run the following command to create a virtual disk that fakes your current hard disk state - partition status, grub everything.
VBoxManage internalcommands createrawvmdk -filename ~/.VirtualBox/linux.vmdk -rawdisk /dev/sda -partitions 2 -mbr ~/.VirtualBox/myboot.mbr -relative -register 
/dev/sda -- should be replaced with the corresponding disk. The number 2 -should be replaced by the partition number where your linux is residing. To know what is your existing setup from the terminal type:
fdisk -l.
Then replace the entries. If it is /dev/sda1 where you want to boot to then your command should be:
VBoxManage internalcommands createrawvmdk -filename ~/.VirtualBox/linux.vmdk -rawdisk /dev/sda -partitions 1 -mbr ~/.VirtualBox/myboot.mbr -relative -register 
This method may fail in some cases and you just cant boot into the existing installation. In such cases you need to follow the second method, FYI - the second method worked for me.

Method 2 - point virtualbox to your hard disk.

VBoxManage internalcommands createrawvmdk -filename ~/.VirtualBox/SystemHD.vmdk -rawdisk /dev/sda -register 
This creates a virtual disk called as SystemHD. Just create a virtual machine that uses this HD. Your work is done start the VM and run the OS of choice.