Category: HowTo

How to run OpenVpn and a webserver (Apache, Nginx, Cherokee, etc) in the same port

HowTosysadmin

http://i2.wp.com/www.hotforsecurity.com/wp-content/uploads/2012/10/The-New-York-Times-Website-Blocked-in-China-1.jpg?w=645

If you have ever used OpenVpn you know that a lot of filtered network do not allow to connect to other ports rather than 80 and 443 TCP. If you have your OpenVpn server in the same machine alongside with a Webserver this may be a problem because you want to use port 80 and 443 for your webserver and also the openvpn.

OpenVpn developers are smart people and they knew that this situation is not so odd so they invented a special option to deal with it. Thanks the article at raniersblog.org I found the port-share option that just redirect all the packets that are not vpn ones to another host:port pair. This allows to run your webserver in a different port, let’s say 8443 and make OpenVpn run on the 443 TCP. If packets are not for the vpn they will get redirected to the 8443.

To do so just configure your webserver to listen to port 8443 and add this configuration to the openvpn configuration file (usually /etc/openvpn/server.conf):

proto tcp
port 443
port-share 127.0.0.1 8443

Then restart openvpn and your webserver and you should be all set.

How to install pymatlab

HowToubuntu

For a university project i had to deal with a web application written in python and some computations that are matlab based. Of course my webapp was in python so I had to find a library to interact with python. I’ve found pymatlab to be a good library for this goal.

Installing pymatlab was a bit tricky. I had to install matlab on Linux, then install the python-numpy package and then install pymatlab with this sets of commands


sudo -s

export LIBRARY_PATH=/usr/local/MATLAB/R2011a/bin/glnxa64/

export PATH=$PATH:/usr/local/MATLAB/R2011a/bin/
 export C_INCLUDE_PATH=/usr/local/MATLAB/R2011a/extern/include/
 apt-get install csh
 pip install pymatlab

Then I was able to run matlab inside my python programs.

How to quickly share a git repository

HowTo

Today I had to simply share a local repository with a collegue. It was pretty easy, just do:


cd MyGitProject
git daemon --reuseaddr --verbose  --base-path=. --export-all ./.git

the reuseaddr option will reuse connection, verbose will let you see what will happen, base-path is for using relative paths and export-all is to export all the repos in the .git folder. Easy, isn’t it?
Tell your friend/collegue to do

git clone git://your-ip-address-here/ MyGitProject

And it will start downloading the new repo 🙂 Amazing, isn’t it ? PS: do not use bad GUIs, they will mess the command line to get the repo. just open a shell, even on windows, and type that command.

How to put aptana launcher on the ubuntu dock

HowTo

Today after using vim for a while for my web development, I decided to give a try to Aptana. So I just downloaded it and… I liked it. I use the Super+N feature of Unity a lot, I think it’s a killer feature of this DE. Well. I wanted to put aptana in the dock too.

Doing so is prety easy. Just unpack the aptana package you just downloaded from aptana.com in whatever folder you like. I usually put this kind of custom apps in ~/Apps . now enter into the newly created aptana folder and create a file named aptana.desktop.

Put this content into that file:


[Desktop Entry]
Type=Application
StartupNotify=True
Name=Aptana
Comment=Aptana Studio 3
Icon=/home/goshawk/Apps/Aptana_Studio_3/icon.xpm <- replace this whit the ABSOLUTE path in which you unpacked aptana
Exec=/home/goshawk/Apps/Aptana_Studio_3/AptanaStudio3 <- the same applies here, replace with the ABSOLUTE path
Terminal=false
Categories=Development;IDE;

Give that file executable permissions. A chmod +x aptana.desktop should be fine. You can also right click on the file from nautilus, go to properties and then flag execute. The icon of the file will change and will be the aptana icon. Your launcher is now ready. Just drag and drop it to the dock and right click on it and select lock to launcher. Well done.

If you want it to be also accessible from the unity text launcher (the one that appears when you press the windows logo on your keyboard) just copy the aptana.desktop file to ~/local/share/applications. Your aptana will be also available from the text launcher now.

how to solve pymongo.errors.AutoReconnect: could not find master/primary

HowToProgramming

If you are coding and you have experienced an error like:

pymongo.errors.AutoReconnect: could not find master/primary

The problem is that your mongodb instance has not been shutdown correctly last time. To solve this just run the following command (it has been tested on a Ubuntu server):

sudo rm /var/lib/mongodb/mongod.lock && sudo /etc/init.d/mongodb restart

Hope this helps. I had to type that a lot of time during my coding time indeed.

How to setup hgwebdir with wsgi on Ubuntu Lucid

HowToLucidubuntu

Today i’ve successfully managed to run a hgwebdir istance which is able to allow pull, push and web browsing of multiple mercurial istances. Here is what i did.
First of all install the mercurial package via aptitude which will give you a working hgwebdir.wsgi file. Grab the hgwebdir.wsgi from /usr/share/doc/mercurial/examples/hgwebdir.wsgi and put it in /var/www/hg (i’ve used /var/www/hg.vincenzo-ampolo.net on in whatever directory you want to expose with apache. Then edit hgwebdir.wsgi and put an absolute pathname for the configuration file. Despite about relative paths, they didn’t work for me in this case. Last line of that file should look like:

application = hgwebdir('/var/www/hg.vincenzo-ampolo.net/hgweb.config')

Now let’s configure hgwebdir using the file /var/www/hg.vincenzo-ampolo.net/hgweb.config:

[web]
allow_archive = gz, zip, bz2
style = coal
allow_push = *
push_ssl = false


[collections]
/var/repositories = /var/repositories

I’m using /var/repositories as a directory for my repositories, using the coal style and allowing push to everyone (allow_push = *) and accept push even without ssl (push_ssl = false). Don’t worry, i’m not opening my repo to anyone, i’ll use apache to handle authentication and to decide who could push and who couldn’t. Last file to modify is the apache configuration which makes a “glue” between hgwebdir and apache. I’ve used virtualhosts which are the common way to host multiple sites in apache.

<VirtualHost *:80>
    ServerName hg.vincenzo-ampolo.net

    WSGIScriptAliasMatch ^(.*)$ /var/www/hg.vincenzo-ampolo.net/hgwebdir.wsgi$1

    # To enable "daemon" mode, uncomment following lines. (Read mod_wsgi docs for more info)
    # WSGIDaemonProcess hg.example.net user=USER group=GROUP threads=15 maximum-requests=1000
    # some more interesting options (tested on mod_wsgi 2.0):
    # processes=2 umask=0007 display-name=wsgi-hg.example.net inactivity-timeout=300
    # WSGIProcessGroup hg.example.net

    <Directory /var/www/hg.vincenzo-ampolo.net/>
        Options ExecCGI FollowSymlinks

        AddHandler wsgi-script .wsgi

        AllowOverride None
        Order allow,deny
        Allow from all
    </Directory>
    <Location />
    AuthType Basic
    AuthName "Mercurial repositories"
    AuthUserFile /var/www/trac.vincenzo-ampolo.net/.htpasswd
    Require valid-user
    </Location>
</VirtualHost>

The Location directive handles the authentication. It’s a quite restrictive configuration which uses the same .htpasswd of my trac istance and needs authentication also to look at the repo. I’m hosting a company’s source code but even if it’s gpl3 there are some keys and passwords hardcoded in it, so for now the code is keept secret. Maybe you don’t want this feature, but you want to be able to make the repo world readable but allow pushing only to some people. To do so you should change the Location:

<Location />
    AuthType Basic
    AuthName "Mercurial repositories"
    AuthUserFile /var/www/trac.vincenzo-ampolo.net/.htpasswd
    <LimitExcept GET>
        Require valid-user
    </LimitExcept>
</Location>

This will request authentication to make a push only. I also suggest you to run this all on port 443 so ssl will be enabled and password will be safe across the network. To so so, configure properly your apache and then modify the virtualhost field so you accept https only. ( instead of ).

How to bypass piratebay.org blocks

HowTo

You may stop this individual,but you can’t stop us all… after all, we’re all alike.

UPDATE: If you want a more valuable and complete method to overcome to any internet block follow this tutorial instead.

Piratebay.org is blocked in some countries like Italy. I’m totally against censorship and when i just realized that piratebay.org was blocked i tried to figure out how do they block it. They are not just giving fake dns responses, they are also blocking the traffic directed to the piratebay.org ip address. The only way to access it is to use a proxy but an active public proxy may be hard to find and it may be boring to configure your browse all the time to switch between free proxy.

Luckily there are services like anonymouse.org that make you able to use a proxy in an easy way without setting up your browser. So just fill the form like this image and click on surf anonymously

And this is what you get

As a quick link you can reproduce the same action i’ve described in this post just clicking on: make me surf piratebay.org even if it’s blocked in my fascist state

You can also use this alternative link: http://www.theslyratebay.com/

How to recover crypted home directory in Ubuntu

HowToubuntu

UPDATE: this topic is also covered in a better way at Dustin Kirkland’s blog
Locked hard drive

From some versions ago, Ubuntu provides the facility of setting up the home folder of his users as cyphered directories. This method secure all the documents of the user from any kind of attacks (once the user is not logged in) but what happens if something goes wrong and… you cannot boot the machine anymore? Well, the pc doesn’t recognize its user, you, and you are unable to get your data if you boot from an external hard drive or cd or usb. If you try to boot using an extern device like those, you will find your home directory empty. So… How do we recover data in this case?

If you try to mount your /home partition and try to recover your data you get this error:


root@ubuntu:/home/goshawk# ecryptfs-mount-private
ERROR: Encrypted private directory is not setup properly

During my everyday use i have been in this kind of problems. Don’t ask me how and why, but i accidentally run a rm -fr /sbin so my system was unable to boot. To recover my cyphered data i did the following:

  1. Boot from cd or usb with a live version of Ubuntu
  2. Mount your home partition in /home
  3. Create an user with the same name as your broken system username (in my case goshawk) and run ecryptfs-mount-private like i did in the following console log.

root@ubuntu:/home/goshawk# adduser --no-create-home goshawk

Adding user `goshawk' ...
Adding new group `goshawk' (1000) ...
Adding new user `goshawk' (1000) with group `goshawk' ...
Not creating home directory `/home/goshawk'.
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for goshawk
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] y
root@ubuntu:/home/goshawk# su goshawk
keyctl_search: Required key not available
Perhaps try the interactive 'ecryptfs-mount-private'
goshawk@ubuntu:~$ ecryptfs-mount-private
Enter your login passphrase:
Inserted auth tok with sig [50a77c517a0463e0] into the user session keyring

INFO: Your private directory has been mounted.
INFO: To see this change in your current shell:
cd /home/goshawk

goshawk@ubuntu:~$ cd /home/goshawk/
goshawk@ubuntu:~$ ls
Amule				  Music
Aptana Studio Workspace		  n900
bin				  Piano.pdf
Desktop				  Pictures
DeusSito_2010_03_26.zip_[lZ4293]  plecno2
Documents			  Public
Downloads			  Random Exercises.pdf
GrayHatPython.epub		  RegDid0809-509-CLSINFMi.pdf
GrayHatPython.mobi		  specialistica poli
GrayHatPython.pdf		  Templates
Immagine 1.png			  TimeShift-20100327T003250.m2t
Jocart.png			  Videos
jupiter
goshawk@ubuntu:~$

Et Voilà. As you can see i was finally able to run an ls and see all my data correctly there. Mission Accomplished. 🙂

%d bloggers like this: