Solavei APN settings for Android Phones

For my cell phones, I switched from T-Mobile to Solavei, a new T-Mobile's MVNO.
Basically it uses T-Mobile network, but offers a better service plan and very interesting referral compensation plan.
Most of T-Mobile phones will work with Solavei sim card, but to use MMS, you need to adjust APN settings.

Here is what I did for HTC, Samsung, and Huawey phones.


Name: Solavei
APN: solavei
mmsc: http://solavei.mmsmvno.com/mms/wapenc
APN Type: default,admin,fota,mms,supl,hipri,internet

Other default settings:
MMC:310
MNC:260
APN Protocol: IPV4

Except these, leave as blank for other fields.
Samsung phones may choose internet+mms for APN type.

For more info about Solavei,
http://www.solavei.com/brianc

MySQL SandBox on Ubuntu

With Sandbox, you can install multiple instances or versions of mysql on a single server.

$ sudo s-
# apt-get install build-essential libaio1 libaio-dev
# cpan MySQL::Sandbox

Gitweb & git-http-backend on Ubuntu apache2

I just began to learn git, and the web interface looked pretty good, but it was quite confusing to set up a git web host.
The main confusion was between gitweb and git-http-backend script. They are completely different scripts. If you need only to browse the git contents without pushing by http/https, then you do not need git-http-backend script, and it is really simple to setup.
Another main issue is the git package itself does not have an access control system. So a lot of tutorials on how to setup gitweb are dealing with gitolite together, and it creates more complication. For small projects, apache's auth tools should be good enough to start with.

Let's install git-core, gitweb, highlight (syntax highlight package). My Ubuntu is 12.04 server.

sudo apt-get install git-core gitweb highlight

git-core installs its package at /usr/lib/git-core/
and gitweb installs at /usr/share/gitweb. It also creates gitweb configuration at /etc/apache2/conf.d/gitweb. But we don't want this to be loaded on all apache2 hosts automatically, so let's delete this file.

sudo rm /etc/apache2/conf.d/gitweb

Depending on how to setup the apache host, the configuration may be different. Here is what we want to use

GIT repo location: /srv/git
GIT HTTP URL: git.mydomain.com
clone example from this url: clone http://git.mydomain.com/myrepo.git

First, create a GIT repo.

mkdir /srv/git
cd /srv/git
git init --bare --shared myrepo.git

Now we need to edit /etc/gitweb.conf to update the git repo location and add the highlight option at the end of the file.

sudo vim /etc/gitweb.conf
#projectroot to /srv/git
$projectroot = "/srv/git";

# Add Highlighting at the end
$feature{'highlight'}{'default'} = [1];

Ok, the first goal is setting up a simple git repo browsing host without push and access control.

sudo vi /etc/apache2/sites-available/git

<virtualhost *:80>
  ServerName git.mydomain.com
  DocumentRoot /usr/share/gitweb
  <Directory /usr/share/gitweb>
    Options FollowSymLinks +ExecCGI
    AddHandler cgi-script .cgi
    DirectoryIndex gitweb.cgi
  </directory>
</virtualhost>

#After saving the file, make it enabled
sudo a2ensite git

Now reload apache, and see it works. The next step is allowing pushing back to host and add an access control on it. We will use auth_digest apache module, but depending on cases, other mods can be used.

a2enmod auth_digest

Here is the apache host config for that.

<VirtualHost *:80>
  ServerName git.mydomain.com
  DocumentRoot /usr/share/gitweb

  ScriptAliasMatch \
        "(?x)^/(.*/(HEAD | \
                        info/refs | \
                        objects/(info/[^/]+ | \
                                 [0-9a-f]{2}/[0-9a-f]{38} | \
                                 pack/pack-[0-9a-f]{40}\.(pack|idx)) | \
                        git-(upload|receive)-pack))$" \
        /usr/lib/git-core/git-http-backend/$1

  SetEnv GIT_PROJECT_ROOT /srv/git
  SetEnv GIT_HTTP_EXPORT_ALL
  SetEnv REMOTE_USER=$REDIRECT_REMOTE_USER 
  <Directory /usr/share/gitweb>
    Options FollowSymLinks +ExecCGI
    AddHandler cgi-script .cgi
    DirectoryIndex gitweb.cgi
  </Directory>

  <Location />
    AuthType Digest
    AuthName "Private Git Repository Access"
    AuthUserFile /srv/git/.htpasswd
    Require valid-user
  </Location>
</VirtualHost>

Create .htpasswd and add users

touch /srv/git/.htpasswd
htdigest /srv/git/.htpasswd "Private Git Repository Access" username

Allow apache user, www-data to access /srv/git directory

sudo chown -R www-data:www-data /srv/git

If you use https, make sure you have installed a valid certificate, otherwise you will get https validation error. If you want to skip this, run this on the client side.

git config --global http.sslVerify false

To enable anonymous read access but authenticated write access, replace the <Location /> directive to this.

<LocationMatch "^/.*/git-receive-pack$">
    AuthType Digest
    AuthName "Private Git Repository Access"
    AuthUserFile /srv/git/.htpasswd
    Require valid-user
</LocationMatch>

Also make sure that the git repo's name should end with ".git"

Further References

git-http-backend Manual

gitweb-theme by kogakure

Good VI / VIM guides

Vim is a must for who needs to do something on linux servers. While the editor is so powerful, I am always lazy to learn or memorize most of important commands. I found a simple, but very interesting guide here.

Learn Vim Progressively

http://yannesposito.com/Scratch/en/blog/Learn-Vim-Progressively/

iptables on Ubuntu

Last week, I got one of OpenVZ based VPS at really cheap price, and have tried to install ufw with no success. There is fix for that. But it did not work at least for me. It seemed working, but no individual rules worked. Also I am not much comfortable with 'fixing' several system modules.

So I began to touch iptables directly. It is not that much complicated, and it is even cleaner than using other front-end utilities such as ufw. For a basic firewall setting for web server, I don't think we need any other tools at all even for a beginner like me.

Install

apt-get install iptables
apt-get install iptables-persistent

Basic Setup

#local loop and allowing established sessions
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

#open ssh & web ports
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT

#apply default policy
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

#if you have a safe ip to be allowed everything
iptables -A INPUT -s 123.123.123.123 -j ACCEPT

Making auto-start at boot

iptables-save > /etc/iptables/rules
update-rc.d iptables-persistent defaults

Reset iptables & reload from a file

Ubuntu has no script files to start/stop iptables. You may create a shell script based on following commands.

#reset iptables
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X

#reload rules from a file
iptables-restore < /etc/iptables/rules
 

Delete a rule

iptables -L INPUT -n --line-numbers

#You'll get the list of all blocked IP. Look at the number on the left, then :
iptables -D INPUT "line-number"

#Or
iptables -D rule
iptables -D INPUT -s 202.100.85.0/24 -j DROP
 

Insert a rule at line number x

iptables -I INPUT 3 -p tcp --dport 22 -j ACCEPT

Add log

iptables -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7

Some more guides

• https://help.ubuntu.com/community/IptablesHowTo