Entries from February 2012 ↓

Removing the password from an (open) ssl key

February 22nd, 2012 — development, Linux

PLAIN TEXT
CODE:
  1. openssl rsa -in www_silverpower_nl.key -out www_silverpower_nl.key.unencrypted

No Comments

Securing chromium-browser with apparmor on Ubuntu 11.10

February 19th, 2012 — Linux

I wanted to make chromium (chrome) more secure. Just to be safe. I found out that the package apparmor-profiles on Ubuntu contained an apparmor profile for chromium-browser. I installed it and tried to enforce it without using the aa-enforce binary (which required the apparmor-utils package) but I couln't get that to work. So I installed apparmor-utils anyway.

PLAIN TEXT
CODE:
  1. sudo apt-get install apparmor-profiles apparmor-utils
  2. sudo aa-enforce /usr/bin/chromium-browser /usr/lib/chromium-browser/chromium-browser

When all is done, quit the chromium browser and restart it. Then, when you run aa-status it should list chromium-browser as 'enforced'.

I tried to do the same thing for /usr/sbin/dovecot but that didn't quite work. Dovecot threw errors like:

PLAIN TEXT
CODE:
  1. init: dovecot main process (8738) terminated with status 84

I tried fixing it but I didn't get it to work so I gave up.

No Comments

dump a Varien_Db_Select / Zend_Db_Select query

February 13th, 2012 — development, PHP

PLAIN TEXT
CODE:
  1. $query = $adapter->getProfiler()->getLastQueryProfile()->getQuery(); //print last executed query
  2. foreach ($adapter->getProfiler()->getLastQueryProfile()->getQueryParams() as $k => $v) {
  3. $query = $query = str_replace($k, "'{$v}'", $query);
  4. }
  5. var_dump($query);

A more complete example:

PLAIN TEXT
CODE:
  1. $adapter = Mage::getSingleton('core/resource')->getConnection('core_write');
  2. $adapter->getProfiler()->setEnabled(true); //enable profiler
  3.  
  4. // Do database stuff
  5.  
  6. $number = 10;
  7. $profiles = $adapter->getProfiler()->getQueryProfiles();
  8. $profiles = array_slice($profiles, count($profiles)-$number, $number);
  9.  
  10. foreach ($profiles as $profile) {
  11. $query = $profile->getQuery(); //print last executed query
  12. foreach ($profile->getQueryParams() as $k => $v) {
  13. $query = $query = str_replace($k, "'{$v}'", $query);
  14. $query = preg_replace('/\?/', $v, $query);
  15. }
  16. var_dump($query);
  17. }

No Comments

Nginx + sabnzbd + sickbeard + couchpotato + spotweb on my pandaboard

February 4th, 2012 — Linux, PHP

I got Apache- (mpm-itk), sickbeard, sabnzbd, couchpotato and spotweb running on my pandaboard. But apache really used up a lot of resources. So I decided to replace it with nginx. Nginx would be a reverse proxy and communicate via fastcgi with php.

This post describes how to set up Nginx. Not how to install sabnzbd, sickbeard, couchpotato or spotweb on your machine. I assume you know how to do that.

Step 1: install nginx

PLAIN TEXT
CODE:
  1. leon@panda:~$ sudo apt-get install nginx-light

Step 2: proxy stuff

Add all the important proxy stuff in one file so it can be included later on.

leon@panda:~$ cat /etc/nginx/conf.d/proxy.conf

PLAIN TEXT
CODE:
  1. proxy_redirect off;
  2. proxy_set_header Host $host;
  3. proxy_set_header X-Real-IP $remote_addr;
  4. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  5. client_max_body_size 10m;
  6. client_body_buffer_size 128k;
  7. proxy_connect_timeout 90;
  8. proxy_send_timeout 90;
  9. proxy_read_timeout 90;
  10. proxy_buffers 32 4k;
  11.  
  12. allow 192.168.1.0/24;
  13. deny all;

Step 3: set up all the locations

Set up alle the locations (subdirectories on you http server) for sabnzbdplus, sickbeard, couchpotato and spotweb.

The important part from /etc/nginx/sites-enabled/default:

PLAIN TEXT
CODE:
  1. server {
  2.  
  3. location /sabnzbd {
  4. include /etc/nginx/conf.d/proxy.conf;
  5.  
  6. proxy_pass http://localhost:9090;
  7. }
  8.  
  9. location /sickbeard {
  10. include /etc/nginx/conf.d/proxy.conf;
  11.  
  12. proxy_pass http://localhost:8081;
  13. }
  14.  
  15. location /couchpotato {
  16. include /etc/nginx/conf.d/proxy.conf;
  17.  
  18. proxy_pass http://localhost:5000/;
  19. rewrite ^/couchpotato/?$ /couchpotato/movie/ permanent;
  20. }
  21.  
  22. location /spotweb {
  23. alias /home/leon/src/spotweb/spotweb.git; #not root directive
  24.  
  25. location ~* \.php$ {
  26. fastcgi_pass localhost:9001; #defined in /etc/php5/fpm/pool.d/leon.conf
  27. include fastcgi_params;
  28. fastcgi_index index.php;
  29. }
  30. }
  31.  
  32. }

Sorry about the indentation... Anyone recomend a good code plugin for wordpress?

Step 4: setup php

Now we're going to set up php for nginx with php5-fpm. This is a new module and isn't available on older versions of ubuntu. I think it's only available from ubuntu 10.10 and onwards.

PLAIN TEXT
CODE:
  1. leon@panda:~$ sudo apt-get install php5-fpm

Then edit /etc/php5/fpm/pool.d/leon.conf (in my case). I created another pool for my user ('leon') because I don't want it to run under the user www-data or similar.

cat /etc/php5/fpm/pool.d/leon.conf

PLAIN TEXT
CODE:
  1. ; Start a new pool named 'leon'.
  2. [leon]
  3. listen = 127.0.0.1:9001
  4. user = leon
  5. group = leon
  6.  
  7. pm = dynamic
  8. pm.start_servers = 1
  9. pm.min_spare_servers = 1
  10. pm.max_spare_servers = 4
  11. pm.max_children = 4

Step 5: Restart everything and admire your work

PLAIN TEXT
CODE:
  1. leon@panda:~$ sudo service nginx restart
  2. leon@panda:~$ sudo service php5-fmp restart

Footnotes:
I also tried to get it working with chroot = /home/leon in /etc/php5/fpm/pool.d/leon.conf but I couldn't get spotweb working with mysql on port 3306. When chrooted you can't access /var/run/mysqld/mysqld.sock. I'll have to investigate that a bit more.

Also, you could remove /etc/php5/fpm/pool.d/www.conf if you don't use it (like in my case):

PLAIN TEXT
CODE:
  1. cd /etc/php5/fpm/pool.d/
  2. sudo mv www.conf www.conf.disabled
  3. sudo service php5-fpm restart

No Comments