• Allowing File Uploads direct from Dropbox

    It's been over 3 months since Dropbox announced the availability of 'Chooser', a simple way to allow users to upload files to your site direct from their Dropbox, but I've not seen it in use anywhere. That's a little dissapointing really, partially because it's incredibly simple to use and implement, but also because I was really hoping it might prompt some of Dropbox's competitors to create something similar.

    It makes life a lot easier for your users (especially those who want to upload from a *cough iOS* device with file uploads disabled ) and the hassle of setting it up is minimal.

    In this post, I'll be showing how to implement the Dropbox chooser into a simple PHP site

  • CentOS: Using NGinx as an SSL Reverse Proxy for Apache

    A little while ago, I published a guide to configuring NGinx to act as a Reverse Proxy for Apache. Although it was briefly mentioned, we never went through the steps necessary to configure NGinx to work in this manner for SSL connections - we simply left Apache listening on port 443.

    This documentation details how to go about configuring NGinx to handle your SSL stuff as well. It assumes you've already generated CSR's and got the SSL certificate to use (presumably because they're already being used by Apache).

  • Communicating with HomePlugAV Devices using Python

    I've got a couple of pairs of ON Networks' PL 500 HomePlugAV Powerline Adapters and have been playing around with them to see how they compare to the Computrend 902 devices I played around with 5 years ago.

    I'm still playing around with the kit, but thought I'd document a very basic example of how to send commands to the devices using Python - the instructions should work for any kit based on Qualcomm's INT6x00 and AR7x00 chipsets (mine use the AR7420/QCA7420) - we'll be changing one of the encryption keys (the NMK) that the devices use

  • Configuring LetsEncrypt on a CentOS 6 NGinx Reverse Proxy

    For those who haven't come across it, LetsEncrypt allows you to obtain free DV SSL Certificates but requires a server side script to be run periodically in order to renew the certificates (for better or worse, a 90 day expiration period has been used).

    Although the provided script has plugins to allow support for automatically generating SSL certs based on NGinx and Apache configurations, the script assumes that the server is the origin and that the relevant docroot is available for writing to.

    In the case of a reverse proxy - this won't be the case. We want the certificate on the Reverse Proxy (being the endpoint the client connects to) but the websites files are hosted on another server.

    This documentation details a simple way to work around that on a NGinx reverse proxy (it should be possible to adjust the config for Apache's mod_proxy if needed).

  • Configuring Postfix to block outgoing mail to all but one domain

    This is so simple to do, but I have to look it up every time I need it (not something that comes up regularly!);

    When configuring a development server, you may find you have a need to ensure that emails will not be sent to any domain except those you explicitly permit (for example if you're using real-world data to do some testing, do you want to send all those users irrelevant emails?).

    This documentation details how to configure Postfix on a Linux server to disregard any mail sent to domains that are not explicitly permitted.

  • Copying a Linux Kernel From One System to Another

    There may be occasions where, for testing purposes, you want to copy a kernel from one machine to another.

    There are some fairly self-explanatory caveats:

    • The donor and target system must be running on the same architecture
    • The target machine shouldn't have any (important) hardware that's unsupported by your donor kernel

    Obviously, you'll ideally want to make sure that the hardware is as close to identical as possible (otherwise your testing may be invalid) so the above should be considered a minimum

  • Creating a virtual Network Interface in CentOS 6

    Sometimes you need to assign more than one IP to a server, even if it only has one NIC. To do so, you create a virtual interface, attached to the physical NIC.

    This documentation details how to do this in CentOS 6

  • Creating a Virtual Network Interface in Debian

    There are times when you might want to assign more than one IP to a system, even if it only has a single physical NIC. This documentation details how to create a virtual network interface (known as aliasing) under Debian (see here for how to alias in Centos 6).

  • Honda Civic EGR Valve Replacement

    This documentation details how to remove and replace the EGR Valve on a 2004 Honda Civic 1.6 with a Petrol engine.

    You may need to do this if you're getting an engine management light (MIL) with diagnostic code P0401 (EGR Flow Insufficient). Some people prefer to start by cleaning the valve rather than replacing it - the process is exactly the same as detailed here, just that you'll put the old one back on after cleaning it (remember to order a new EGR gasket though).

    Honda used a variety of engines in different models of the civic though, so your EGR may be different. Before starting, pay close attention to the first picture in this document to check that your EGR location is the same (the EGR valve is the thing within the blue sticker on it in the photo).

  • Hosting TOR Hidden Services (.onions)

    The level of effort required to set up a TOR Hidden Service (known as a .onion) largely relates to the amount of paranoia you need to exercise regarding your anonymity.

    Whilst the ins and outs of Operational Security (Op-Sec) are a little too intricate for a single post, this documentation will take you through the steps required to configure a Debian server to host a .onion site with reasonable protections in place.

  • Keeping Hitcounts accurate when using an NGinx Caching Proxy

    In previous documentation, we've configured sites to use NGinx as a Reverse Caching Proxy, leading to hugely improved response times on popular content. We've also implemented a custom configuration so that we can refresh the cache periodically, ensuring that dynamic content (such as Twitter modules) updates.

    One thing we haven't done as yet, though, is to address the issue of internal hitcounts. We've looked specifically at using NGinx with Joomla, and noted that a side effect would be inaccurate hitcounts displayed within Joomla (which remains true even when using the internal page caching).

    In this documentation, we'll be implementing a small script to ensure that hits served from the cache are still recorded within Joomla (or Wordpress, Drupal - whatever you happen to be using), albeit a little while after they happen.

  • Linking a Git Repo with Pivotal Tracker

    Everyone seems to use GitHub nowadays, but occasionally you want a private repo (without paying), so you set up a local Git repo instead. The problem being, you often lose the integration with the other tools that you use to manage projects. Git has the ability, but it is somewhat reliant on you having the relevant scripts available (such as post-receive).

    This documentation details how to configure your Git repo to link up with Pivotal Tracker.

  • Making your Joomla Site Fly with NGinx Reverse Proxy Caching

    I've written previously about configuring NGinx to act as a reverse proxy for Apache, as well as some of the specific tweaks you need to make if you're serving a Joomla! based site. In this documentation, we're going to look at how to use NGinx's Reverse Proxy caching feature to make your site really fly.

    There are a small number of technical hurdles which we'll overcome to ensure that the user is experience is fast and smooth without losing interactivity on those sites which demand it. 

  • OpenVPN on CentOS 6 (Updated) - With HMAC

    I've previously documented how to install and configure OpenVPN on CentOS 6, but the steps appear to be outdated.

    In this documentation, we'll (very quickly) detail how to configure OpenVPN on CentOS 6. We're also going to enable TLS Authentication so that OpenVPN won't even respond unless the connecting client provides the right pre-shared key.

    You'll need the EPEL repos installed and enabled.

  • Recovering from corrupted InnoDB Pages

    I recently encountered an issue with various InnoDB pages becoming corrupted on the database that plays host to my JIRA install. It was - to some extent - a mess of my own making for mixing production and development databases (or more precisely, for hosting that production database on a dev machine).

    Lesson learnt, sure, but I still needed to address the issue so that I could get JIRA up and running again.

    This documentation details the steps to follow - it won't resolve every case of corruption, but it resolved the issues I was seeing

  • Removing index.php from SEF URLs

    So you set up your Joomla! site, made it live, and later realised that you'd forgotten to enable the HTAccess file for SEF URL's.

    The end result being that all your URLs contain /index.php/ What to do?

    You could just enable the HTAccess file, but all the old URL's will then return a 404. Not great if your site has already been indexed by search engines, even worse if others have linked to you too.

    In fact, on newer sites, it might even be worse - the old link will still be valid, but there'll be a 'new' link too, so you'll end up with two URLs for the same content.

    It's actually incredibly simple to resolve, and this documentation details the two steps you need to take to resolve it, without breaking the old URLs.

  • Resetting MySQL Admin Users Password when Forgotten

    It happens to the best of us, you set a password a long time ago and just cannot remember what it was!. This Documentation will talk you through the process of resetting the admin users password on MySQL

     

  • Saab 9-3 Door Lock Unit Repair

    The central locking door lock mechanisms on Saab 9-3s (and 9-5s) are known to occasionally malfunction/stop working. When you hit the central locking button on the remote, the affected door often won't lock (or won't unlock if it was already locked). The issue tends to start out intermittent and then worsen with time.

    A new unit is currently around £140 (without labour), but they can be obtained second hand on ebay for around £30. Replacing them is incredibly easy.

    It is also possible to strip the unit down to repair it, however, it's not without it's risks. While the door lock unit is removed the door won't latch closed (and certainly won't lock), so if you damage the unit trying to repair it, you're going to be in a tricky position. The route I took was to buy a second hand unit from ebay, fit that and then look at repairing the original (so I've got it on the shelf if the replacement starts exhibiting the same symptoms).

    This documentation details how to dismantle and repair the locking unit mechanism

  • Saab 9-3: Installing a rear facing dashcam

    I've had a front facing dashcam (in various cars) for quite some time. For a good proportion of that time I've thought about also having a rear facing cam, but in previous cars finding a switched live at the back of the car wasn't particularly straight forward.

    The 9-3, though, has an rear electrical centre which includes a rear fusebox, conveniently located in one of the boot side panels.

    This documentation details the simple procedure involved in installing a rear facing dashcam into the Saab 9-3 Saloon.

  • Usurping the BTHomeHub with a Raspberry Pi: Part 2 - DNS, DHCP and NTP

    In Part One, we configured our RaspberryPi to act as a Wireless access point and bridged the wireless and wired interfaces so that WLAN client's were easily accessible from the LAN.

    As part of that setup, we configured a DHCP server, however we haven't yet made it the DHCP server for the LAN - our tired old BTHomeHub is still the authoritative server for the network.

    In this part, we'll be reconfiguring our DHCP server so that it takes responsibility for the entire LAN, configuring DNS services, and making our Pi the LANs central NTP (Network Time Protocol) Server

    Step by step, we'll be configuring our Raspberry Pi to take over nearly all of the duties performed by the BTHomeHub.