2010-12-14

utf-8 on LAMP

If you manage LAMP applications you will run into character encoding issues soon or later.
You better stick to utf-8 at all layers: database, webserver, webframework.

While working with coppermine photo galery, after upgrading the framework, sometimes i get
badly encoded character. The DB is ok as the old and the new versions are running parallel and
the old delivers i18n characters just fine. the same apache is serving them so the last possibility
is to check the webframework. Which is unfortunately php, and I don't even know the syntax of it.

So here is a small reminder what should be changed:


function cpg_db_connect()
{
...
mysql_query('SET NAMES "utf8"', $result);
return $result;
}


this function is in include/functions.inc.php for coppermine.

2010-12-06

Installing perl modules

I was playing with the new Amazon service Amazon Route 53. It's using some perl scripts to call the webservice. After downloading the perl tools, and trying to use them i saw the following error message:

Can't locate Data/GUID.pm


I'm not a perl expert so first i tried to install the modules manually, but quickly i ended up in the perl dependency hell. So figured out that one of the tools which make installing perl modules easier is CPAN

so here is a quick reminder how i did the install


sudo perl5.10.0 -MCPAN -e 'shell'

cpan[1]> install Data::GUID

2010-11-04

mustache

By playing with couchapp I run into a yet another templating language/tool: mustache
its a ruby tool and installing is easy as:


sudo gem install mustache


this the data represented as YAML (test.yml)

---
"names": [ {name: chris}, {"name": "mark"}, {name: scott} ]
---


A template can be a text file containing special tags marked with {{ and }}

{{#names}}
Hi {{name}}!
{{/names}}



> mustache test.yml templ.mustache

Hi chris!
Hi mark!
Hi scott!



for a detailed description about the mustache syntax see the docs

There is also a javascript api for it

Mustache.to_html(ddoc.templates.restaurant, {"rests":rests})

where the first parameter the template, and the second is the 'model'.

syntax highlighted code in html

There is a nice tool called Pygment

installation is easy as:

sudo easy_install Pygments


this is how you can generate


pygmentize -O full -o delme.html -f html markdown.js

2010-10-12

gzip for tomcat

If you want to add compressing to tomcat, edit TOMCAT_HOME/conf/server.xml and add the following properties to Connector element:

compression="on" compressionMinSize="2048" noCompressionUserAgents="gozilla, traviata" compressableMimeType="text/html,text/xml"


so it will lokk somethng similar as:


connectionTimeout="20000"
redirectPort="8443"
compression="on"
compressionMinSize="2048"
noCompressionUserAgents="gozilla, traviata"
compressableMimeType="text/html,text/xml" />

2010-10-11

starting tomcat in debug mode from maven

If you want to start tomcat from maven you just simply run:


mvn tomcat:run


if you want to run it in debug mode, in order to be able to remote debug it, set the MAVEN_OPTS to:


export MAVEN_OPTS="-Xdebug -Xnoagent -Djava.compiler=NONE -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=9000"


to connect to this process from eclipse/sts open the debug/debug configurations dialog, and choose: Remore Java Application (even if its running on localhost)

2010-04-16

ssh tunneling tips

A lot of times i use ssh with port forwarding instead of various VPN software. The reason is than VPN solutions might mess up your network settings, im unable to read corporate mails, can't access the internal resources, and so on.

Lets say you have 3 host in the scenario:

corp-server
a host inside of the target network, which can reach a public host via ssh
public-host
this is the hub of the backdoor connections, the targeted corp-server and your home laptop both connects to here. it can be even a desktop in your home just make sure the firewall/router allow access to ssh. or you can start up an amazon ec2 instance for this reason
home-laptop
your personal laptop at home (or everywhere, like in an internet cafe) where you want to have access to corp-server


Punch the hole in corp network


The main trick is that you punch a hole of the target system by opening an ssh connection from inside to a public available host.


# you do this on corp-server
ssh -i my_key -R 2222:localhost:22 myself@public-host


Note that to be able to connect to public-host:2222 you need to be root on public-host and make sure that /etc/ssh/sshd_config


...
# No ListenAddress is defined
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
...
# this allows remote hosts to connect to remoteForwarded ports
GatewayPorts yes


If you made changes in sshd_conf, you have to restart the ssh daemon:

sudo /etc/init.d/ssh restart


to check that public-host:2222 accept connection run netstat:

> netstat -na|grep 22
tcp 0 0 0.0.0.0:2222 0.0.0.0:* LISTEN


now you have a socket listening on public-host:2222 which is in reality corp-server:22

connect to the backdoor



the other part of trick is to connect to this backdoor from any computer, let's say from your home laptop:

# you do this from home-laptop
ssh -i corp_key -L 8080:corp-confluence:80 -p 2222 corp-user@public-host


Tada! Now if you open up a browser at http://localhost:8080 it will be equivalent to http://corp-confluence:80

playing with ports and hostnames



now if you want to use the same privileged port (ie 80) on your laptop, you will need to do it as root:

# you do this from home-laptop
sudo ssh -i /fullpath/to/corp_key -L 80:corp-confluence:80 -p 2222 corp-user@public-host


Now if you want to use the exact same url http://corp-confluence at home, all you need is to add this line to your /etc/hosts

127.0.0.1 corp-confluence


multiple forward to the same port?



How about if you want to froward several service which are using the same ports. Let say you want to be able to use http://corp-confluence and http://corp-jira at home?

the first trick is to add an alias to the loopback address.

sudo ifconfig lo0 alias 127.0.0.2/32

now you have 127.0.02 additionally to 127.0.0.1. So we will use:
  • 127.0.0.1:80 for confluence as before
  • 127.0.0.2:80 for jira

    The new ssh line will be:

    # you do this from home-laptop
    sudo ssh -i /fullpath/to/corp_key -L 127.0.0.1:80:corp-confluence:80 -L 127.0.0.2:80:corp-jira:80 -p 2222 corp-user@public-host


    and you need a new line in /etc/hosts as well:

    127.0.0.1 corp-confluence
    127.0.0.2 corp-jira


    Tada! now you can reach both http://corp-confluence and http://corp-jira from home. all your bookmarks, saved passwords will work just like at work.

    Back at work


    if you are doing all this on your laptop and next time you want work from inside,
    make sure you comment out those 127.0.0.x lines in /etc/hosts
  •