Nginx custom headers for a Unicorn Rails app

Recently I had to implement an API for a Rails app running on Unicorn being proxied in from Nginx. The problem I had was that my custom header wasn’t being passed through from Nginx.

I had already gone ahead and added to my location directive

proxy_set_header        X_SESSION_KEY $http_x_session_key;

But alas I still had problems. Turns out there’s little thing called “underscores_in_headers” which needs to be turned on for my custom (with underscores) API header to work.

Simply add it to your main nginx.conf after the http {

underscores_in_headers on;

The Ultimate Acer Aspire One Linux Tweak Guide

So I managed to get my hands on one of these sexy little device and I must say, I’m damn impressed. What’s rather amusing is holding up the laptop in its leather case to a few friends and saying; what do you think this is? By far the most amusing comment so far was “Is it a mans handbag?”.

Being the Linux fanboy that I am, I set to work tweaking my Acer Aspire One, which by default comes with the Linux distro Linplus. My first reaction was to be gone with the default OS and whack Ubuntu on, however I came to love Linplus and its fast bootup time. And by fast .. I mean fast. If I wanted to find out the weather, I could probably boot this laptop and hit weather.smh.com.au faster than my Blackberry could load the site :)

One of the first things you’ll need to do is get your Linplus working like an actual Linux operating system, and we can do this by turning on the advanced menu, which allows you to right click the desktop for a traditional menu.

1) Hit Alt + F12 and type xfce-setting-show
2) Find Desktop preferences, then the behavior tab and click “Show desktop menu on right-click”.

Some interesting and useful Tweaks

Installing Skype on the Acer Aspire One
One of the reasons why I wanted one of these tiny notebooks was for traveling purposes. And what better way to communicate with home than over Skype.

1) From the advanced menu (right click desktop) click terminal
2) Type: sudo yum install skype

This will install Skype and the necessary dependencies.
To add Skype to the infamous Acer Aspire Linplus background menu .. do the following

1) (Hopefully you’ve enabled the advanced menu as per above) Right click the deskop, select command prompt
2) Type: mousepad /home/user/.config/xfce4/desktop/group-app.xml

As you can see, there are the 4 sections, Fun, work etc..
Under Fun, add a line similar to the others and use this as the path;

/usr/share/applications/skype.desktop

Reboot your laptop and the lovely Skype icon should appear!

More tweaks than you can poke a stick at

(Please let me know of any articles that you know of that you think should be listed here!)

More tweaks coming soon, stay tuned!

How To: Configure IPSec with Sonicwall

A few months ago, I had the pleasure of installing and configuring a VPN link between an outdated Linux box and a Sonicwall TZ170. Oh the joys I had in getting this to work ..

The Sonicwall device was located in a data center, whilst the Linux machine was located in an office protecting a 192.168.0.0/24 network, and my task was to join the two devices using IPSec. The best way to illustrate this setup is by displaying the configuration files. As an example, the following are the IP addresses used in the config samples.

Sonicwall TZ170 = 111.111.111.111
Linux machine = 222.222.222.222

The Linux IPSec Server

The Linux server is running Debian so a simple “apt-get install ipsec” had IPSec installed in no time.
Initially, I decided to use a simple preshared password for authentication. PLEASE NOTE the order that my ipsec.secrets file is displayed, there are many articles on Google which flip the left and right sides around.

My /etc/ipsec.secrets file

222.222.222.222 111.111.111.111 : PSK “test”

My /etc/ipsec.conf file

conn sonicwall
auth=esp
authby=secret
auto=add
esp=3des-sha1
ike=3des-sha1
keyexchange=ike
keyingtries=1
pfs=no
type=tunnel
left=111.111.111.111
leftsubnet=111.111.111.111/32
leftnexthop=%defaultroute
right=222.222.222.222
rightsubnet=192.168.0.0/24

The Sonicwall TZ170

Please note, even one incorrect setting will render your IPSec connection useless so triple check everything. Once logged into the Sonicwall TZ170 device, click the VPN menu then click the “Add” button.

To get this point-to-point VPN working with a Linux server using IPSec, you MUST use the exact details in the following diagrams. Simply substitute 111.111.111.11 with the Public IP of the Sonicwall device and substitute 222.222.222.222 with the Public IP of the Linux server.

Where it has “Choose Local network from list”, you’ll need to create a network object which represents the local network your protecting. In my example it was 192.168.0.0/24. Where it says Choose destination network, you’ll need to create a network object that represents the Linux server, so for this example it would be a single internet host with an IP of: 222.222.222.222

Once both sides have been configured, switch back to your Linux machine and from the console (be sure your logged in as root) simpy type;

ipsec auto –up sonicwall

Hopefully you see something like; (The main part to look for is the “established” part.

Oct 23 20:54:06 localhost pluto[18968]: “sonicwall” #2411: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}

If you run into troubles look through the logs on the Sonicwall to see why the connection failed. Another good place to look is on the Linux machine under /var/log/secure

Ubuntu Virtual Machine

One of the biggest problems I faced when I made the switch to Ubuntu was my workplace. You see, I’m often assigned to projects that require me to work on websites and online systems using ASP.NET and C#. It’s these projects that require me to have access to Visual Studio 2005 and mSQL on my laptop. So the problem? These are all Windows applications. At first I was going to setup a dual boot system on my laptop, but first I told myself I’d give Sun’s VirtualBox a whirl, and I’m sure glad I did.

If you’re an Ubuntu user who needs access to Windows applications for work or university like myself, VirtualBox is certainty the way to go and I’ll briefly tell you why.

  • It’s free
  • It’s fast
  • I can store files on my Ubuntu system and access them from Windows
  • Once the VirtualBox tools addon had been installed within Windows, it made switching between Windows and Ubuntu a dream.
  • VirtualBox’s networking features are superb. Setup a virtual interface to allow your Virtualbox to be its own networking device, or use the inbuilt Network Address Translation (NAT) feature to streamline network connectivity to your VirtualBox OS.
  • Because VirtualBoxes are stored in a single .VDI file, its never been easier to backup your entire virtual operating system. Simply burn the VDI file to disc and in case of an emergency you can simply restore your entire Virtualbox operating system.

So How Do you Go About Installing VirtualBox?

Lucky for you, its dead simple.

Simply download the .DEB package that suits your Ubuntu operating system (depending on whether you have Hardy, Gusty or Drapper) and install.

Download VirtualBox .DEB Packages here

Once downloaded, use

dpkg -i VirtualBox_1.3.8_Ubuntu_yourubuntuversion.deb

You may get asked a question telling you to accept the terms and conditions so simply select yes. Once installed, you should see VirtualBox under Accessories > System Tools > Sun xVM VirtualBox.

Enjoy!

Meebo Crashes Firefox on Ubuntu

So I felt like some instant messaging action and my favorite IM client at the moment is web based Meebo, which allows you to log into multiple IM networks using the one sexy, Ajax client otherwise known as Meebo. But BAM, Firefox closed without a hint of what the problem was. So I tried again, typed in http://www.meebo.com and BAM again – Firefox closed again. Hmm.

So I did a bit of Googling and it seems that I’m not the only problem that has this Meebo crashing firefox bug. Some people have stated that it only crashes whenever they visit the secure version of meebo (https://).

I managed to fix the problem simply by doing the first thing that came to my head; and that was to clear the private data (aka session cache etc). In Firefox 3 you can do this by holding ctrl + shift + delete. I’m not sure why this fixed the problem but if it works for you, then I’ve done my job :). If you found a different solution to fix this issue, use the comment section below to share your solution.

How To Install Twhirl on Ubuntu

Whoa. I didn’t think this was possible.. BUT If you’re a twitter addict, there there’s no better client like Twhirl. Twhirl uses the Adobe Air platform which is currently supported on Windows and Mac, and I found out today that there is an Alpha version which runs on Linux!

My man Seth Yates has a wicked guide on how to get it working, here’s the basic steps. (slighly modified to make it easier)

cd ~/Desktop

wget http://download.macromedia.com/pub/labs/air/linux/adobeair_linux_a1_033108.bin

wget http://www.twhirl.org/files/twhirl-0.8.air

chmod +x adobeair_linux_a1_033108.bin

sudo ./adobeair_linux_a1_033108.bin

/opt/Adobe\ AIR/Versions/1.0/airappinstaller (when prompted, browse to your desktop and select the twhirl-0.8.air package)

And that was in! You should now see a Twhirl icon on your desktop!
Ubuntu > Windows.

Resize Photos with ease in Ubuntu

Okay I just stumbled upon the coolest Unbuntu feature (gnome..) yet. Nautilus image resizer allows you to quickly “highlight” multiple image files, right click, select Image Resize and wham – all your images get resized in a batch process. It’s the quickest and easiest way to resize your photos.

To install, type the following from a terminal prompt.

sudo aptitude install nautilus-image-converter

Installing Google Chrome on Ubuntu Hardy

With the release of Google Chrome last week, it was interesting to see all the articles that popped up with Linux users installing Google Chrome (Which is a windows product at present) on Linux. The biggest problem I found was that you need the latest version of WINE to get this working, and no amount of “apt-get update | apt-get install wine” will work.

Updating WINE

The first step is to update your WINE version to 1.1.4.

wget -q http://wine.budgetdedicated.com/apt/387EE263.gpg -O- | sudo apt-key add -

sudo wget http://wine.budgetdedicated.com/apt/sources.list.d/hardy.list -O /etc/apt/sources.list.d/winehq.list

sudo apt-get update

Installing prerequisites

There’s a few software packages you need in order to get Chrome up and running. Winetricks is a script which allows you to quickly download necessary windows components.

Note: The last command below will install FIREFOX in WINE, you’ll see why in a second.

wget http://www.kegel.com/wine/winetricks

mv winetricks /usr/sbin/

winetricks riched20 riched30 flash msxml3 corefonts firefox

Installing Chrome

During the above process, you’ll be prompted to install FireFox 3. Proceed with the WINE installation of Firefox.
Note: Yes I know you can get around this step by not installing FireFox, but this way seems to the be the easiest way to do it.

Once Firefox is installed in Wine, RUN Firefox in WINE and visit

http://www.google.com/chrome/

Download Chrome and run the Chrome setup. It will proceed to download and install the Google Chrome browser. Once it’s complete, use the following command to run Chrome.

Running Google Chrome

wine “$HOME/.wine/drive_c/windows/profiles/$USER/Local Settings/Application Data/Google/Chrome/Application/chrome.exe” –no-sandbox –new-http

And there you have it. A fairly simple way to get Chrome up and running on Ubuntu Hardy.

Sources: Ubuntu Forums

How to tar gzip a folder

Need to quickly tar and gzip an entire folder? Try the command below!

tar -cvzpf filename.tar.gz /path/to/folder

How To: Kaspersky Anti-Spam

Every network administrator at some stage in their career will come into trouble with the influx of spam during their career because, quite simply, spammers are smart. If you did a Google search for “Linux Anti-Spam”, you’ll be bombarded with tutorials using the infamous, free, SpamAssassin software. However if spamassassin isn’t quite cutting it, you may want to give Kaspersky Anti-Spam 3.0 a whirl. (Please note, Kaspersky Anti-Spam 3 isn’t free and requires a per mailbox licensing fee)

The name Kaspersky is gaining quite a name globally, originally an Anti-Virus engine; Kaspersky Labs has developed tools to help assist network managers fight malicious attacks in all forms of life; spam, viruses, spy-ware and phis-hing attempts. Kaspersky’s anti-spam product, titled appropriately, Kaspersky Anti-Spam 3.0, is able to integrate with your existing Linux smtp engine to filter spam for your users. Kaspersky Anti-Spam (and from now on known as KAS) is able to integrate with;

- Qmail
- Sendmail
- Exim
- Postfix

Getting started

The first step is to obtain the package which suits your Linux distribution. For the sake of simplicity, we’ll install KAS using the debian packaged file.

Grab Kaspersky Anti-Spam here

wget http://dnl-eu8.kaspersky-labs.com/products/english/antispam/deb/kas-3-3.0.284-1.i386.deb
dpkg -i kas-3-3.0.284-1.i386.deb

Once KAS has been installed, it will show on the screen a number of steps you must perform to complete the installation. This includes installing the license key, enabling automatic updates and integrating KAS with your SMTP engine.

Configuring

You’ll need to transfer your kaspersky anti-spam license key file (.key) to the server so you can perform the following task;

/usr/local/ap-mailfilter3/bin/install-key /path/to/your/keyfile.key

The great thing about KAS3 over KAS2 is the web interface. Kaspersky Labs has developed a web interface, allowing you to configure various components of the software.

To access the web interface from a computer other than the one KAS is installed on, you’ll need to make a change to this file;

nano /usr/local/ap-mailfilter3/etc/kas-thttpd.conf

and uncomment the line

#host=0.0.0.0

Finishing up

Once that’s done, you can simply type in your browser; http://ip-of-kas-server:3080 and whola! You’re away. I won’t delve into how to configure the application as its pretty self explanatory. Simply hit the policy page and configure the action rules, which state what should happen to SPAM once detected (whether it should be deleted, redirected etc).

Screenshots

Dealing with Duplicate emails in Postfix

If you’re receiving duplicate emails on your postfix engine, check the mailq and you will probably see error messages which relate to “trace service failed”. It most likely means that your Postfix engine is using an older config file.

Give the following a whirl.

postfix upgrade-configuration

then

/etc/init.d/postfix restart

Debian (apt-get) Public keys

“The following signatures couldn’t be verified because the public key is not available”

Try

apt-key add /usr/share/keyrings/debian-archive-keyring.gpg

Then

apt-get update
apt-get install package-name

If that doesn’t work, check that you have the debian-archive-keyring package.

apt-get install debian-archive-keyring

« Previous Entries