Margus Pala is fixing IT!

What to do if there is problem with IT

Archive for category apache

But really, why java is enterprise and PHP is not.

Jan 21

Posted by smartman in apache, java, Laravel | No Comments

I have a lot of experience with Java and until this was only language I knew well I could not say out the real answer. Now recently I have been working with PHP + Laravel and finally I know the answer.

PHP by itself is not bad. Programmer can quickly hack all kinds of great things, deploy it just by copying new files to webroot and done. In that sence PHP is easy to learn and use, it is flexible and in that sense great tool for beginners.

Java, however, is more cumbersome. It requires more setup and compiling. All the data types must be strict, all kinds of places have to try catch Exceptions. It feel like a lot of extra work for nothing.

Now when we look how enterprise projects looks like. There are thousands or even millions lines of code, huge number of files, classes etc. Stack traces traces are tens and hundreds of rows. Maintaining such a projects must not leave any room for error. Making simple typecasting mistake or typing method for object that is not supported is not an option.

So the answer is:  Java is more refained, it forces you to think harder and make it more right on first try. IDE-s allow you to traverse code much more easily, leaving out all possible confusion with data types in inheritance.

Share on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit

Application code deployment from SVN with fast and simple rollback

Nov 28

Posted by smartman in apache, Linux, tips & tricks, ubuntu | No Comments

Most important thing in every new release is the rollback procedure. Once you discover issues in new version then you need to be able to swithc back to previous version until you work on a fix. I have developed shell script to handle the automated deployment process and which allows quick and simple rollbacks if there are no database changes that dont allow easy rollback. Main idea is to

  • download code from SVN, GIT or similar
  • copy all code to new folder
  • replace all configuration with environment related conf
  • use symlink to switch between code versions

Here is example script that handles the automated deployment for you  Read the rest of this entry »

Share on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit

Run Apache2 as specific user, non-root

Nov 13

Posted by smartman in apache | No Comments

It is very easy but hard to find exact syntax. None of the current google top searches bring it out. You have to use mpm_itk module and exact example of syntax is here, enjoy!

<VirtualHost *:80>
    ServerName website.com
    DocumentRoot /var/www/website.com
    <IfModule mpm_itk_module>
        AssignUserId username groupname
    </IfModule>
</VirtualHost>
Share on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit

Error: redirect_uri_mismatch – Reset google authentication oauth api secret

Oct 28

Posted by smartman in apache, tips & tricks | No Comments

I have a few webapps where I am using google login.  When you are running the app in different domain then you will get error like

Error:redirect_uri_mismatch
The redirect URI in request: http://mywebsite.com/ did not match registered redirect URI.

Also  you might want to create new app for google oauth2 login. Anyway it is for some reason very difficult to find the correct url, I always tend to end up in google apps page.

Here is the secret link  that solves all of your troubles

https://code.google.com/apis/console/b/0/

Share on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit

Observations of Roboo usability and effectiveness agains DDOS

Oct 20

Posted by smartman in apache, Linux, Roboo, security, tips & tricks, ubuntu | 3 Comments

Before taking Roboo into use for protection against DDOS it is needed to take a look into cons and pros of it.

Firstly nothing comes without drawbacks and sideeffects. Here are some that you need to consider.

  • Searchengine crawlers have trouble indexing site. You never want that.
  • Webservice clients have issues. Api calls might breaks and SVN server over https does not work well.
  • Developers http://www.ecl-labs.org website by itself is not using the Roboo.

Good whitelisting plan must be developed to combat valid non-browser interactions.

I did some quick bruteforce analysis of performance  with 3 virtualmachines on vmware. Target was simple vulnerable web application WackoPicko used to test web application vulnerability scanners 1 core 1GB RAM. Roboo machine was ubuntu server 1 core, 1GB RAM. Third was more powerful server where httperf was run. All of these machines were run inside one physical server on vmware ESXi.

Here are the testing results: Read the rest of this entry »

Share on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit

Configure Apache to support multiple SSL sites on a single IP

Sep 14

Posted by smartman in apache, Linux, ssh, ubuntu | 7 Comments

You can host unlimited NameVirtualHost-s with http protocol. But how can you have many virtual hosts in vhost file over https? Not possible ????

Most of websites have some sort of CMS which has admin passwords and these must not be sent over plaintext, little security warning for admins is not a big problem. When using apache default conf and defining many VirtualHost-s for port *:443 you still see only one when you open any of these sites.

Problem can be located from error_log like this.

[Wed Sep 14 10:05:28 2011] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Wed Sep 14 16:06:28 2011] [warn] _default_ VirtualHost overlap on port 443, the first has precedence

Solution is to explicitly tell apache to host NameVirutalHost also for port 443 in addition to 80 which is default. Make sure you have something like htis in ports.conf or similar httpd configuration file.

<IfModule mod_ssl.c>
    NameVirtualHost *:443
    Listen 443
</IfModule>
Share on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit