$ sudo s- # apt-get install build-essential libaio1 libaio-dev # cpan MySQL::Sandbox
Tuesday, October 23, 2012
MySQL SandBox on Ubuntu
With Sandbox, you can install multiple instances or versions of mysql on a single server.
Friday, October 19, 2012
Gitweb & git-http-backend on Ubuntu apache2
I just began to learn git, and the web interface looked pretty good, but it was quite confusing to set up a git web host.
The main confusion was between gitweb and git-http-backend script. They are completely different scripts. If you need only to browse the git contents without pushing by http/https, then you do not need git-http-backend script, and it is really simple to setup.
Another main issue is the git package itself does not have an access control system. So a lot of tutorials on how to setup gitweb are dealing with gitolite together, and it creates more complication. For small projects, apache's auth tools should be good enough to start with.
Let's install git-core, gitweb, highlight (syntax highlight package). My Ubuntu is 12.04 server.
and gitweb installs at /usr/share/gitweb. It also creates gitweb configuration at /etc/apache2/conf.d/gitweb. But we don't want this to be loaded on all apache2 hosts automatically, so let's delete this file.
git-http-backend Manual
gitweb-theme by kogakure
The main confusion was between gitweb and git-http-backend script. They are completely different scripts. If you need only to browse the git contents without pushing by http/https, then you do not need git-http-backend script, and it is really simple to setup.
Another main issue is the git package itself does not have an access control system. So a lot of tutorials on how to setup gitweb are dealing with gitolite together, and it creates more complication. For small projects, apache's auth tools should be good enough to start with.
Let's install git-core, gitweb, highlight (syntax highlight package). My Ubuntu is 12.04 server.
sudo apt-get install git-core gitweb highlightgit-core installs its package at /usr/lib/git-core/
and gitweb installs at /usr/share/gitweb. It also creates gitweb configuration at /etc/apache2/conf.d/gitweb. But we don't want this to be loaded on all apache2 hosts automatically, so let's delete this file.
sudo rm /etc/apache2/conf.d/gitwebDepending on how to setup the apache host, the configuration may be different. Here is what we want to use
GIT repo location: /srv/git GIT HTTP URL: git.mydomain.com clone example from this url: clone http://git.mydomain.com/myrepo.gitFirst, create a GIT repo.
mkdir /srv/git cd /srv/git git init --bare --shared myrepo.gitNow we need to edit /etc/gitweb.conf to update the git repo location and add the highlight option at the end of the file.
sudo vim /etc/gitweb.conf #projectroot to /srv/git $projectroot = "/srv/git"; # Add Highlighting at the end $feature{'highlight'}{'default'} = [1];Ok, the first goal is setting up a simple git repo browsing host without push and access control.
sudo vi /etc/apache2/sites-available/git <virtualhost *:80> ServerName git.mydomain.com DocumentRoot /usr/share/gitweb <Directory /usr/share/gitweb> Options FollowSymLinks +ExecCGI AddHandler cgi-script .cgi DirectoryIndex gitweb.cgi </directory> </virtualhost> #After saving the file, make it enabled sudo a2ensite gitNow reload apache, and see it works. The next step is allowing pushing back to host and add an access control on it. We will use auth_digest apache module, but depending on cases, other mods can be used.
a2enmod auth_digestHere is the apache host config for that.
<VirtualHost *:80> ServerName git.mydomain.com DocumentRoot /usr/share/gitweb ScriptAliasMatch \ "(?x)^/(.*/(HEAD | \ info/refs | \ objects/(info/[^/]+ | \ [0-9a-f]{2}/[0-9a-f]{38} | \ pack/pack-[0-9a-f]{40}\.(pack|idx)) | \ git-(upload|receive)-pack))$" \ /usr/lib/git-core/git-http-backend/$1 SetEnv GIT_PROJECT_ROOT /srv/git SetEnv GIT_HTTP_EXPORT_ALL SetEnv REMOTE_USER=$REDIRECT_REMOTE_USER <Directory /usr/share/gitweb> Options FollowSymLinks +ExecCGI AddHandler cgi-script .cgi DirectoryIndex gitweb.cgi </Directory> <Location /> AuthType Digest AuthName "Private Git Repository Access" AuthUserFile /srv/git/.htpasswd Require valid-user </Location> </VirtualHost>Create .htpasswd and add users
touch /srv/git/.htpasswd htdigest /srv/git/.htpasswd "Private Git Repository Access" usernameAllow apache user, www-data to access /srv/git directory
sudo chown -R www-data:www-data /srv/gitIf you use https, make sure you have installed a valid certificate, otherwise you will get https validation error. If you want to skip this, run this on the client side.
git config --global http.sslVerify falseTo enable anonymous read access but authenticated write access, replace the <Location /> directive to this.
<LocationMatch "^/.*/git-receive-pack$"> AuthType Digest AuthName "Private Git Repository Access" AuthUserFile /srv/git/.htpasswd Require valid-user </LocationMatch>Also make sure that the git repo's name should end with ".git"
Further References
Good VI / VIM guides
Vim is a must for who needs to do something on linux servers. While the editor is so powerful, I am always lazy to learn or memorize most of important commands. I found a simple, but very interesting guide here.
Learn Vim Progressively
http://yannesposito.com/Scratch/en/blog/Learn-Vim-Progressively/
iptables on Ubuntu
Last week, I got one of OpenVZ based VPS at really cheap price, and have tried to install ufw with no success. There is fix for that. But it did not work at least for me. It seemed working, but no individual rules worked. Also I am not much comfortable with 'fixing' several system modules.
So I began to touch iptables directly. It is not that much complicated, and it is even cleaner than using other front-end utilities such as ufw. For a basic firewall setting for web server, I don't think we need any other tools at all even for a beginner like me.
So I began to touch iptables directly. It is not that much complicated, and it is even cleaner than using other front-end utilities such as ufw. For a basic firewall setting for web server, I don't think we need any other tools at all even for a beginner like me.
Install
apt-get install iptables apt-get install iptables-persistent
Basic Setup
#local loop and allowing established sessions iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT #open ssh & web ports iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp --dport 80 -j ACCEPT iptables -A INPUT -p tcp --dport 443 -j ACCEPT #apply default policy iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT #if you have a safe ip to be allowed everything iptables -A INPUT -s 123.123.123.123 -j ACCEPT
Making auto-start at boot
iptables-save > /etc/iptables/rules update-rc.d iptables-persistent defaults
Reset iptables & reload from a file
Ubuntu has no script files to start/stop iptables. You may create a shell script based on following commands.#reset iptables iptables -P INPUT ACCEPT iptables -P OUTPUT ACCEPT iptables -P FORWARD ACCEPT iptables -F iptables -X iptables -t nat -F iptables -t nat -X iptables -t mangle -F iptables -t mangle -X #reload rules from a file iptables-restore < /etc/iptables/rules
Delete a rule
iptables -L INPUT -n --line-numbers #You'll get the list of all blocked IP. Look at the number on the left, then : iptables -D INPUT "line-number" #Or iptables -D rule iptables -D INPUT -s 202.100.85.0/24 -j DROP
Insert a rule at line number x
iptables -I INPUT 3 -p tcp --dport 22 -j ACCEPT
Add log
iptables -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
Some more guides
Subscribe to:
Posts (Atom)