Tar and gzip reference

For some reason I can never remember the tar and gzip command switches. Perhaps I’m just too used to double clicking to expand. Anyway as and aid memoir:

Create a tar gzipped archive parameters (c: create v: verbose z: zip f: following filename):

$ tar cvzf archive_name.tar.gz dirname/

And to extract it again (x: extract v: verbose f: filename follows z: gzipped archive):

$ tar xvfz archive_name.tar.gz

There’s a good overview here http://www.thegeekstuff.com/2010/04/unix-tar-command-examples/ including viewing the archive or extracting a single file.

Delete files older than X days

Tags

delete files older than days, Linux

I recently needed to clear out a load of automysql backup files that hadn’t been rotated, and had to dig out this handy one liner:

find /path/to/files* -mtime +90 -exec rm {} \;

It’ll delete everything older than 90 days that matches the pattern /path/to/files*. Remember to use it with caution and double check the files this will affect.

Laravel – A really nice php framework

I’ve been using Laravel for a few months now and am really enjoying it. Perviously I was using Kohana as my PHP framework. But after a little time with Laravel I just didn’t feel like going back to Kohana for new stuff. I can’t put my finger on it exactly but Laravel just feels good to work with.

Admittedly I have a rather bland title but the Laravel site blows it’s own trumpet quite loudly by itself:

A Framework For Web Artisans

Laravel is a clean and classy framework for PHP web development. Freeing you from spaghetti code, Laravel helps you
create wonderful applications using simple, expressive syntax. Development should be a creative experience
that you enjoy, not something that is painful. Enjoy the fresh air.

Actually this put me off at first – I was expecting overly simplistic features in the name of ‘clean’ code and a lot of mmm our cool aid is tasty. But once I started using it I found it to be a well thought out, well documented php framework with a lot of nice features and a decent community around it.

One of the things that really put me off of Kohana was it’s appalling documentation. The forums were full of comments like look at the source and the documentation on the site was often hidden behind old versions, if it was there at all.

Laravel is really built for the ‘newer’ versions of PHP 5.3 and up. It makes heavy use of anonymous functions and namespaces. I think this is a positive – it’s not littered with code to make it compatible with old versions of PHP or hacky workarounds. It’s built for 5.3 and up and that’s that.

There’s all the usual stuff in there like MVC routing, clean URLS, an ORM, database abstraction. But there’s also some nice additions like database migrations so you DB changes can by checked into source control, built in support for Redis, convenient caching methods, sql and code profiler, a command line client for running either inbuilt tasks of ones that you write – using PHP on the command line has always annoyed me but using the Artisan CLI you can quickly run php from cron or a job queue.

There’s also a template engine. I know another one! But I actually find myself using this one. I’ve always steered clear of php template engines. After all PHP was originally designed to just be written into HTML files. But the blade template engine is pretty handy. It’s got a few helper bits for slightly neater loops, control statements, and a nice short hand for in the form of {{}}. If you use the layout feature you can also define sections that you fill in later from your views. It reminded me of templates in Django. It’s said that the templates are compiled but in fact the shorthand elements are just swapped for their PHP equivalents and cached for use.

So far I haven’t hit any major walls with regards to its flexibility. There seems to be enough scope in its implementation to allow you to just get on with writing your application while providing you with those little helpful pieces that you just don’t want to reinvent. Out of the box it’s pretty much ready to run and you don’t need to spend an age configuring it or building stuff up – it’s just ready to go. I do miss the cascading file system of Kohana – that made it easy to keep customisations and config settings out of bundles. (I think the bundle config issue is being dealt with). Anyway go and have a look at it.

Chaining SSL certificates for Nginx

Tags

nginx, ssl, ssl chaining, startssl

I’ve found myself using Nginx more and more for web-server duties. It’s solid, flexible and can handle highly concurrent loads without much fuss. A while ago I also found startSSL – who offer free basic SSL certificate signing. I haven’t purchased one from them yet but their rates look pretty good. The one hurdle to overcome, is you need to chain your certificate to their Root CA and Class 1 Intermediate Server CA certificates. To do that with Nginx you need to place your site certificate in the same file as the pem files StartSSL provide. In the directory where you’re keeping your certificate, download the StartSSL Root and Intermediate cert:

wget http://www.startssl.com/certs/ca.pem
wget http://www.startssl.com/certs/sub.class1.server.ca.pem

Then chain/concatenate/stick them all in the same file as the certificate for your host:

cat your-domain.crt sub.class1.server.ca.pem ca.pem > ssl-chained.crt

Which will give you one file containing all three certificates. The last step is to let Nginx know about your certificate and private key file. In your Nginx config/vhost config file add this:

ssl  on;
ssl_certificate  /etc/nginx/ssl/ssl-chained.crt;
ssl_certificate_key  /etc/nginx/ssl/private.key;

Reload your Nginx config and you should be ready to go. Before you start using SSL certificates/https on your website I urge you to do some reading up about what you’re doing and what ‘security’ you’re getting. It’s more about trust than encryption. Also make sure your private key remains private, with proper access restrictions and handling.

SSH Match Syntax

Tags

ssh

Sometimes you want SSH rules to just apply to a single user or group. For example allowing password login from a single user account while forcing other users to use certificates. The sytax is simple, at the bottom of your /etc/ssh/sshd_config file put:

Match User user1
PasswordAuthentication yes

Where user is the username you want to target and

PasswordAuthentication no is the command you want to apply to that user. You can target groups with:

Match Group users

or invert the selection with !:

Match User !root
 

Source serverfault.com

Remove Passphrase from SSH Key

Tags

ssh privatekey passphrase password

If you have a private key for your SSH login with a passphrase attached and you need to remove the password you can use this:

openssl rsa -in private_key_with_pass_phrase -out private_key_without_pass_phrase

WARNING: a passphrase is an added layer of security in case you loose control of your private key. Think carefully about removing the password.

Common reasons for removing a passphrase are when you want to automate a login. You may be better off setting up a new user with heavily restricted access permissions.

Debian Webserver Setup Checklist

Tags

fail2ban, iptables, MySQL, nginx, PHP, postfix, setup

Here’s my “software shopping list” for when I set up a general purpose web server (nginx, mysql, php-fpm). This isn’t a complete perfect server/indepth set up guide but more of a checklist for what the steps I take:

• Debian 6 minimal install
• check/set up networking
• check/setup date and time (dpkg-reconfigure tzdata)
• add a limited user account (adduser)
• add my public key to /home/<user>/.ssh/authorized_keys
• apt-get update
• apt-get upgrade
• setup ssh to deny password login for most users
• setup ssh to deny root login on public interfaces
• set up base iptables rules (e.g.)
• set up autoload of iptable rules
• add dotdeb repositories www.dotdeb.org/instructions/
• apt-get update
• apt-get upgrade
• apt-get install postfix
• apt-get install mysql-server mysql-client
• apt-get install nginx
• apt-get install php5-fpm
• apt-get install php5-mysql php5-curl php5-gd php5-imagick php5-mcrypt  php5-xmlrpc
• apt-get install php5-apc
• apt-get install fail2ban
• apt-get install monit (process monitor)
• config packages

NB all the apt-get installs can go in all at once. It’s just easier to read if they are listed like that here. I also usually config packages as they get installed so I don’t forget about one.

Most of the time using apt-get you get a package that will run out of the box and you can just set it to your needs. Postfix is usually the one that throws me off. Normally because I muck-up the host name and or the domains/networks it can relay for. /var/log/ is your friend.

Maintain your iptables rules after a reboot

Tags

Debian, iptables

I always seem to forget about this. At least on Debian systems, iptables rules won’t automatically persist  after a reboot. In order to get your carefully crafted firewall rules to stick you need to load them up at boot time. Here’s one way of doing it:

Once you have your rules defined the way you want, save them to a file –

iptables-save > /etc/firewall.conf

Then create the file “iptables” in

/etc/network/if-up.d/

And fill it with this content:

#!/bin/sh
iptables-restore < /etc/firewall.conf

Make it executable:

chmod +x /etc/network/if-up.d/iptables

Cross your fingers and you should have your iptables back as you left them even after a reboot.

Source debian-administration.org/articles/445

PHP equality testing

One of the things that you’ll quickly learn if you use PHP for anything substantial is that its dynamic (free and easy) type casting and general attitude towards variables often means you have to write more code to check things are as you expect they should be to actually make your code stable.

A case in point, when you want to test for equality you usually use double equals signs (==) but php also reports the int 0 as false if you test for it, an empty array as false, empty string. This might be the behaviour you want. But if you want to test for a zero test for it don’t rely on type casting for it. My recommendation is to try and use equality testing with type matching too. This can be achieved with a triple equals sign (===) or for a negative test !== .

Visual RegEx checker

Tags

handy tools, in browser, regex, regular expression builder, regular expressions, visual

I don’t know about you but I’m constantly tripped up when I need to write regular expressions. More often than not I ends up with many stabs in the dark until I hit Regex gold. Part of the problem is often you can’t really get a visual grasp on what your expression is picking up and ignoring. Luckily there’s this gem. It’ll let you build a regular expression and see its actions on the sample text you provide. I still end up flailing away but at least with this it’s not quite so dark.

Visual Regex builder: http://gskinner.com/RegExr/

(Remember different regular expression implementations will have their own syntax and quirks so you might need to do a little translation to get it working in your language)