Practical Web Programming

Saturday, December 09, 2017

Turn Off/On Ubuntu Server at Specified Time

If you are running a headless ubuntu server as a media server that is on 24/7, you could be wasting several hours of energy - especially at night when no one is using it. To solve this problem, you can automatically shut it down and turn it on at certain time using rtcwake. See below for step by step:
  1. Login as root and open `crontab`.
  2. $ sudo su
    $ crontab -e
    
  3. Add the command to crontab.
  4. # Shutdown at 12 AM and awake afer 8 hours (8:00 AM)
    0 0 * * * sudo /usr/sbin/rtcwake -m disk -s 28800 > /var/log/crontab.log
    

Friday, December 23, 2016

How to Install and Configure Samba in Ubuntu 16.04

  1. Install Samba
      sudo apt-get update
      sudo apt-get install samba
    
  2. Set a password for your user in Samba
      sudo smbpasswd -a <user_name>
    
    Note: Samba uses a separate set of passwords than the standard Linux system accounts (stored in /etc/samba/smbpasswd). Having said that, I always use here whatever username I use for my Linux account.
  3. Create a directory to be shared
      
    mkdir /home/<user_name>/<folder_name>
    
  4. Edit the file "/etc/samba/smb.conf"
      
      sudo vim /etc/samba/smb.conf
    
    And add the following:
      
    [global]
      workgroup = HOME_NETWORK
    
    #(Set this to the name you want the shared folder to have)
    [share]
       comment = File server share folder
       path = /home/<user_name>/share/
       browsable = yes
       read only = no
       guest ok = yes
       writable = yes
       valid users = <samba_user_name>
       create mask = 0755
    
  5. If you setup a firewall, allow port 445
      ufw allow 445
    
  6. Restart the samba:
        sudo service smbd restart
    
  7. Once Samba has restarted, use this command to check your smb.conf for any syntax errors
        testparm  
    

Sunday, August 07, 2016

Install Latest MySQL in Ubuntu Server

This assumes that you already have a running Ubuntu server with Apache installed. To install basic security in Ubuntu, see Basic Security Installs for Ubuntu. This instructions was extracted from here.

1. Update the package index on your server
sudo apt-get update

2. Install the package
sudo apt-get install mysql-server 

3. Run the included security script. This changes some of the less secure default options for things like remote root logins and sample users.
sudo mysql_secure_installation

4. If you're using a version of MySQL earlier than 5.7.6, you should initialize the data directory by running command below.
sudo mysql_install_db

Sunday, July 10, 2016

How to Debug Rails Application Using Pry Remote

1. Add pry remote in gemfile

gem 'pry-remote', '~> 0.1.8' 
gem 'pry-nav', '~> 0.2.4' 


2. Run bundle install in the terminal 


3. Add the following line in application.rb:

require 'pry-remote'
 
 
4. Add the following in the code where you want to stop executing and debug:

binding.remote_pry


 5. Load the application in the browser. The application will stop execution once it encounters the binding.remote_pry line


6. Open up a new terminal and run the following code:

pry-remote


7. To navigate in the terminal, use the following command:

step
next
continue
exit
 

Saturday, January 09, 2016

Deploying Rails Application for the First Time

I always forget these steps when deploying a Rails app for the first time. So I'm finally writing this in as a guide for the future.

This assumes that you already have a running Ubuntu server with Apache and Passenger installed (see Basic Security Installs for Ubuntu and How to Install Passenger + Apache in Ubuntu).
  1. Clone the git repo.
    git clone git@bitbucket.org:kabalweg/app_name.git
    cd app_name
    bundle install
    
    If you get a "bundle not yet installed" error, run the following comment:
    gem install bundle
    
  2. Go to /var/www/ type and this command to create a symbolic link.
    sudo ln -s /home/kabalweg/app_name/ ./app_name
    
  3. Go to /etc/apache2/sites-available and create a virtualhost file, app_name.conf, or copy and existing one and edit the appropriate values in that file and save.
    <VirtualHost *:80>
        ServerName app_name.net
        Redirect permanent / http://www.app_name.net/
    </VirtualHost>
    
    <VirtualHost *:80>
      ServerName www.app_name.net
      ServerAdmin kabalweg@gmail.com
    
      # Set the environment to production
      RailsEnv production
    
      <IfModule mod_passenger.c>
          # Set to on when debugging errors
          PassengerFriendlyErrorPages off
    
          #PassengerRoot /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini
          #PassengerDefaultRuby /home/kabalweg/.rvm/gems/ruby-2.2.1@rails4.2/wrappers/ruby
          PassengerMaxPoolSize 2
          PassengerPoolIdleTime 0
          PassengerMaxRequests 1000
        </IfModule>
    
        DocumentRoot /var/www/app_name/public
        <Directory /var/www/app_name/public>
          AllowOverride all
          Options -MultiViews
          #Require all granted
          Order deny,allow
          Allow from all
        </Directory>
    
        ErrorLog ${APACHE_LOG_DIR}/error.log
    
        CustomLog ${APACHE_LOG_DIR}/access.log combined
    </VirtualHost>
    
  4. Disable the default virtualhost and enable the new virtualhost file and activate it.
    sudo a2dissite 000-default.conf
    
    sudo a2ensite app_name.conf
    sudo apachectl -k graceful
    
  5. Generate secret key and put the resulting key in the secret.yml file.
    rake secret RAILS_ENV=production
    
    Note: It's not a good and safe practice to put production config values in the repo. A good way is to ignore config files (*.yml) using git so it don't get save in the repo, then just manually create this files, with the correct values, in the production server.
  6. Pre-compile assets.
    rake assets:precompile RAILS_ENV=production
    
  7. Restart application by typing below in your application's root directory.
    touch tmp/restart.txt
    
    Create this folder (tmp) if you don't have this.

How to Install Passenger + Apache in Ubuntu 16.04 LTS

Note: This assumes that you already have a running Ubuntu server. To install basic security in Ubuntu, see Basic Security Installs for Ubuntu. This instructions was extracted from here.
  1. Install Apache Server
      sudo apt-get update
      sudo apt-get install apache2
      
  2. Set Global ServerName to Suppress Syntax Warnings: "AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message"
      sudo vim /etc/apache2/apache2.conf
      
    and enter at the end of the file:
      ServerName server_domain_or_IP
      
  3. Test config so far
      sudo apache2ctl configtest
      
  4. Restart Apache for the changes to take effect
      sudo systemctl restart apache2
      
  5. Install Passenger packages.
    # Install our PGP key and add HTTPS support for APT
    sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 561F9B9CAC40B2F7
    sudo apt-get install -y apt-transport-https ca-certificates
    
    # Add our APT repository
    sudo sh -c 'echo deb https://oss-binaries.phusionpassenger.com/apt/passenger xenial main > /etc/apt/sources.list.d/passenger.list'
    sudo apt-get update
    
    # Install Passenger + Apache module
    sudo apt-get install -y libapache2-mod-passenger
    
    These commands will install Passenger + Apache module through Phusion's APT repository.
  6. Enable the Passenger Apache module and restart Apache
    sudo a2enmod passenger
    sudo apache2ctl restart
    
  7. Check installation
    sudo passenger-config validate-install
    
    All checks should pass. If any of the checks do not pass, please follow the suggestions on screen.
  8. Check whether Apache has started the Passenger core processes by running the following:
    sudo passenger-memory-stats
    

Friday, January 08, 2016

Creating a Skeleton Rails Application without Database and Test Unit

  1. 1. Create application without database access and test unit
        $ rails new [app_name] --skip-active-record --skip-test-unit
    
  2. Include Bootstrap
    • Download Bootstrap and extract content
    • Copy bootstrap.min.css and bootstrap.css to /app/assets/css folder
    • Copy bootstrap.min.js and bootstrap.js to /app/assets/js folder
    • Copy fonts folder to /app/assets folder
    Note: The reason why I put bootstrap.css in the main root of asset folder is so I can create a file (ex: custom.css) that will over ride the Bootstrap.css rules in case I want to.
  3. Create main controller that will serve as root file.
  4.     $ rails generate controller main_controller index --no-assets --no-helper
    
  5. Set the root route to main_controller#index
        root 'main_controller#index'
    

Monday, January 04, 2016

Basic Security Installs for Ubuntu

The original idea of this post was taken from My First 5 Minutes On A Server; Or, Essential Security for Linux Servers. As I build my server, I follow it but some of it's recommendation does not fit my requirements (ex: connecting via SSH only on certains IPs, which locked me out on several occasions). This post is my own "concoction". This assumes that you already have a fresh server running with only root as user.
  1. Login as root and set root password
    passwd
    
    It's always good to use a strong root password. I recommend Random Password Generator for this.
  2. Update Ubuntu
    apt-get update
    apt-get upgrade
    
  3. Install Fail2ban
    apt-get install fail2ban
    
    Fail2ban is a daemon that monitors login attempts to a server and blocks suspicious activity as it occurs. It’s well configured out of the box.
  4. Create user and set-up user folders
    useradd deploy
    mkdir /home/deploy
    mkdir /home/deploy/.ssh
    chmod 700 /home/deploy/.ssh
    
  5. Change deploy user's login shell with the 'chsh' command. This will make sure that deploy user will have a more interactive shell.
    sudo chsh -s /bin/bash deploy
    
  6. Require public key authentication for logging in
    vim /home/deploy/.ssh/authorized_keys
    
    Copy and paste the contents of the id_rsa.pub on your local machine and any other public keys that you want to have access to this server to the /home/deploy/.ssh/authorized_keys file. Save and close the file.
  7. Lock down authorized_keys file and change owner of user folder
    chmod 400 /home/deploy/.ssh/authorized_keys
    chown deploy:deploy /home/deploy -R
    
  8. Test the new user (deploy) in a new terminal window
    ssh deploy@<IP_OF_DROPLET>
    
  9. While connected as deploy, generate SSH key. This will be used when connecting to github or bitbucket
    ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
    
  10. Logout user (deploy), close the the terminal and go back to the terminal where you are logged as root.
    exit
    
  11. Change deploy user password. This password will be used when doing sudo commands
    passwd deploy
    
  12. Change default text editor to your preference (I like Vim)
    update-alternatives --config editor
    
  13. Comment all existing user/group grant lines
    visudo
    
    Add the following line:
    root    ALL=(ALL:ALL) ALL
    deploy  ALL=(ALL:ALL) ALL
    
    This will grant sudo access to the deploy user when they enter the proper password.
  14. Set up a firewall to further secure the server using ufw.
    ufw allow 22
    ufw allow 80
    ufw allow 443
    ufw enable
    
  15. Enable automatic security updates
    apt-get install unattended-upgrades
    
    vim /etc/apt/apt.conf.d/10periodic
    
    Update the file to look like this:
    APT::Periodic::Update-Package-Lists "1";
    APT::Periodic::Download-Upgradeable-Packages "1";
    APT::Periodic::AutocleanInterval "7";
    APT::Periodic::Unattended-Upgrade "1";
    
    One more config file to edit:
    vim /etc/apt/apt.conf.d/50unattended-upgrades
    
    Update the file to look like below. This will enable security updates only:
    Unattended-Upgrade::Allowed-Origins {
            "Ubuntu lucid-security";
    //      "Ubuntu lucid-updates";
    };
    
    or
    Unattended-Upgrade::Allowed-Origins {
            "${distro_id}:${distro_codename}";
            "${distro_id}:${distro_codename}-security";
    //      "${distro_id}:${distro_codename}-updates";
    //      "${distro_id}:${distro_codename}-proposed";
    //      "${distro_id}:${distro_codename}-backports";
    };
    
  16. Restart server and you're done!
    reboot
    

Recent Post