• Allowing File Uploads direct from Dropbox

    It's been over 3 months since Dropbox announced the availability of 'Chooser', a simple way to allow users to upload files to your site direct from their Dropbox, but I've not seen it in use anywhere. That's a little dissapointing really, partially because it's incredibly simple to use and implement, but also because I was really hoping it might prompt some of Dropbox's competitors to create something similar.

    It makes life a lot easier for your users (especially those who want to upload from a *cough iOS* device with file uploads disabled ) and the hassle of setting it up is minimal.

    In this post, I'll be showing how to implement the Dropbox chooser into a simple PHP site

  • CentOS: Using NGinx as an SSL Reverse Proxy for Apache

    A little while ago, I published a guide to configuring NGinx to act as a Reverse Proxy for Apache. Although it was briefly mentioned, we never went through the steps necessary to configure NGinx to work in this manner for SSL connections - we simply left Apache listening on port 443.

    This documentation details how to go about configuring NGinx to handle your SSL stuff as well. It assumes you've already generated CSR's and got the SSL certificate to use (presumably because they're already being used by Apache).

  • Communicating with HomePlugAV Devices using Python

    I've got a couple of pairs of ON Networks' PL 500 HomePlugAV Powerline Adapters and have been playing around with them to see how they compare to the Computrend 902 devices I played around with 5 years ago.

    I'm still playing around with the kit, but thought I'd document a very basic example of how to send commands to the devices using Python - the instructions should work for any kit based on Qualcomm's INT6x00 and AR7x00 chipsets (mine use the AR7420/QCA7420) - we'll be changing one of the encryption keys (the NMK) that the devices use

  • Configuring LetsEncrypt on a CentOS 6 NGinx Reverse Proxy

    For those who haven't come across it, LetsEncrypt allows you to obtain free DV SSL Certificates but requires a server side script to be run periodically in order to renew the certificates (for better or worse, a 90 day expiration period has been used).

    Although the provided script has plugins to allow support for automatically generating SSL certs based on NGinx and Apache configurations, the script assumes that the server is the origin and that the relevant docroot is available for writing to.

    In the case of a reverse proxy - this won't be the case. We want the certificate on the Reverse Proxy (being the endpoint the client connects to) but the websites files are hosted on another server.

    This documentation details a simple way to work around that on a NGinx reverse proxy (it should be possible to adjust the config for Apache's mod_proxy if needed).

  • Configuring Postfix to block outgoing mail to all but one domain

    This is so simple to do, but I have to look it up every time I need it (not something that comes up regularly!);

    When configuring a development server, you may find you have a need to ensure that emails will not be sent to any domain except those you explicitly permit (for example if you're using real-world data to do some testing, do you want to send all those users irrelevant emails?).

    This documentation details how to configure Postfix on a Linux server to disregard any mail sent to domains that are not explicitly permitted.

  • Copying a Linux Kernel From One System to Another

    There may be occasions where, for testing purposes, you want to copy a kernel from one machine to another.

    There are some fairly self-explanatory caveats:

    • The donor and target system must be running on the same architecture
    • The target machine shouldn't have any (important) hardware that's unsupported by your donor kernel

    Obviously, you'll ideally want to make sure that the hardware is as close to identical as possible (otherwise your testing may be invalid) so the above should be considered a minimum

  • Creating a virtual Network Interface in CentOS 6

    Sometimes you need to assign more than one IP to a server, even if it only has one NIC. To do so, you create a virtual interface, attached to the physical NIC.

    This documentation details how to do this in CentOS 6

  • Creating a Virtual Network Interface in Debian

    There are times when you might want to assign more than one IP to a system, even if it only has a single physical NIC. This documentation details how to create a virtual network interface (known as aliasing) under Debian (see here for how to alias in Centos 6).

  • Hosting TOR Hidden Services (.onions)

    The level of effort required to set up a TOR Hidden Service (known as a .onion) largely relates to the amount of paranoia you need to exercise regarding your anonymity.

    Whilst the ins and outs of Operational Security (Op-Sec) are a little too intricate for a single post, this documentation will take you through the steps required to configure a Debian server to host a .onion site with reasonable protections in place.

  • Keeping Hitcounts accurate when using an NGinx Caching Proxy

    In previous documentation, we've configured sites to use NGinx as a Reverse Caching Proxy, leading to hugely improved response times on popular content. We've also implemented a custom configuration so that we can refresh the cache periodically, ensuring that dynamic content (such as Twitter modules) updates.

    One thing we haven't done as yet, though, is to address the issue of internal hitcounts. We've looked specifically at using NGinx with Joomla, and noted that a side effect would be inaccurate hitcounts displayed within Joomla (which remains true even when using the internal page caching).

    In this documentation, we'll be implementing a small script to ensure that hits served from the cache are still recorded within Joomla (or Wordpress, Drupal - whatever you happen to be using), albeit a little while after they happen.

  • Linking a Git Repo with Pivotal Tracker

    Everyone seems to use GitHub nowadays, but occasionally you want a private repo (without paying), so you set up a local Git repo instead. The problem being, you often lose the integration with the other tools that you use to manage projects. Git has the ability, but it is somewhat reliant on you having the relevant scripts available (such as post-receive).

    This documentation details how to configure your Git repo to link up with Pivotal Tracker.

  • Making your Joomla Site Fly with NGinx Reverse Proxy Caching

    I've written previously about configuring NGinx to act as a reverse proxy for Apache, as well as some of the specific tweaks you need to make if you're serving a Joomla! based site. In this documentation, we're going to look at how to use NGinx's Reverse Proxy caching feature to make your site really fly.

    There are a small number of technical hurdles which we'll overcome to ensure that the user is experience is fast and smooth without losing interactivity on those sites which demand it. 

  • OpenVPN on CentOS 6 (Updated) - With HMAC

    I've previously documented how to install and configure OpenVPN on CentOS 6, but the steps appear to be outdated.

    In this documentation, we'll (very quickly) detail how to configure OpenVPN on CentOS 6. We're also going to enable TLS Authentication so that OpenVPN won't even respond unless the connecting client provides the right pre-shared key.

    You'll need the EPEL repos installed and enabled.

  • Recovering from corrupted InnoDB Pages

    I recently encountered an issue with various InnoDB pages becoming corrupted on the database that plays host to my JIRA install. It was - to some extent - a mess of my own making for mixing production and development databases (or more precisely, for hosting that production database on a dev machine).

    Lesson learnt, sure, but I still needed to address the issue so that I could get JIRA up and running again.

    This documentation details the steps to follow - it won't resolve every case of corruption, but it resolved the issues I was seeing

  • Removing index.php from SEF URLs

    So you set up your Joomla! site, made it live, and later realised that you'd forgotten to enable the HTAccess file for SEF URL's.

    The end result being that all your URLs contain /index.php/ What to do?

    You could just enable the HTAccess file, but all the old URL's will then return a 404. Not great if your site has already been indexed by search engines, even worse if others have linked to you too.

    In fact, on newer sites, it might even be worse - the old link will still be valid, but there'll be a 'new' link too, so you'll end up with two URLs for the same content.

    It's actually incredibly simple to resolve, and this documentation details the two steps you need to take to resolve it, without breaking the old URLs.

  • Resetting MySQL Admin Users Password when Forgotten

    It happens to the best of us, you set a password a long time ago and just cannot remember what it was!. This Documentation will talk you through the process of resetting the admin users password on MySQL

     

  • Usurping the BTHomeHub with a Raspberry Pi: Part 2 - DNS, DHCP and NTP

    In Part One, we configured our RaspberryPi to act as a Wireless access point and bridged the wireless and wired interfaces so that WLAN client's were easily accessible from the LAN.

    As part of that setup, we configured a DHCP server, however we haven't yet made it the DHCP server for the LAN - our tired old BTHomeHub is still the authoritative server for the network.

    In this part, we'll be reconfiguring our DHCP server so that it takes responsibility for the entire LAN, configuring DNS services, and making our Pi the LANs central NTP (Network Time Protocol) Server

    Step by step, we'll be configuring our Raspberry Pi to take over nearly all of the duties performed by the BTHomeHub.

  • Usurping the BTHomeHub with a Raspberry Pi: Part 3 - Routing, Remote Administration and Utilities

    In Part One we configured a RaspberryPi to act as a Wireless Access point, providing DHCP services to wireless clients. In Part Two we then configured our Pi to provide DHCP, DNS and NTP services to the entire LAN.

    In this part, we'll be taking some more responsibility away from the BTHomeHub, as well as configuring a few conveniences, such as Remote administration and useful utilities, including

    • Wake On Lan
    • Network Troubleshooting Tools
    • Dynamic DNS Update Client (No-Ip.com)

     

  • Usurping the BTHomeHub with a Raspberry Pi: Part 5 - Inbound OpenVPN

    In Part 4 we configured our Raspberry Pi router to maintain a number of OpenVPN tunnels and to route through them selectively. Now we'll look at the steps needed to allow connection to our LAN via OpenVPN. Although helpful, as the HomeHub doesn't provide VPN connectivity, this stage doesn't really count as Usurping the BTHomeHub.

    The steps are almost completely identical to those performed when Installing Open VPN on Debian. We're going to have to NAT connections though, as the HomeHub is a little stupid and we can't add static routes to it (so if we're connected to the VPN and accessing the Internet, it won't know where to route the response packets).

    What we'll do, though, is only NAT if the connection isn't to something on the LAN.

  • Volvo S60: Headlight Unit Replacement

    My 2003 S60 had a chip in the headlight lens, which over time, expectedly, developed into a crack.

    This documentation details how to replace a headlight unit on Volvo S60's up to 2003 (there are some slightly different mountings on models from 2004 onwards). The procedure is more or less the same for both sides

    The entire process doesn't take long, at most it should take a couple of hours