An example config: CORS + PHP + NGINX

Using this guide from enable-cors.org I was able to cobble together an example wide-open CORS config for php files. This may not be everything your particular setup needs, and there may be a better way to do it, but it’s a place to start.

    location ~* CORSTest.php {
        root           /webs/exampledoma.in;
        fastcgi_pass   unix:/var/run/php5-fpm-edm.sock;
        include        fastcgi_params;
        #fastcgi_intercept_errors on;
        fastcgi_param  SCRIPT_FILENAME /webs/exampledoma.in$fastcgi_script_name;

     if ($request_method = 'OPTIONS') {
        add_header 'Access-Control-Allow-Origin' '*';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
        add_header 'Access-Control-Expose-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
        add_header 'Content-Type' 'text/plain charset=UTF-8';
        add_header 'Content-Length' 0;
        return 204;
     }
     if ($request_method = 'POST') {
        add_header 'Access-Control-Allow-Origin' '*';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
        add_header 'Access-Control-Expose-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
     }
     if ($request_method = 'GET') {
        add_header 'Access-Control-Allow-Origin' '*';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
        add_header 'Access-Control-Expose-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
     }
   }

megaraid on debian

A while back I was presented with a Dell server of uncertain providence and asked to make it go. Everything went okay until I was looking for RAID management tools. The PERC 5/i RAID controller wants to be used with megaraid; the original company involved with the RAID card in the system had changed hands a couple times, so with a half hour of research that consisted of a quick google search, scouring a few resulting websites, and letting out a small amount of profanity owed to poorly designed downloads pages I turned up an URL.

You can get megaraid from http://docs.avagotech.com/docs-and-downloads/raid-controllers/raid-controllers-common-files/8-07-14_MegaCLI.zip ; then use apt-get to install the alien package to convert the .rpm to .deb like so: alien MegaCli-8.07.14-1.noarch.rpm

Then I took a quick look at the resulting .deb (mostly out of curiosity, I’d never had a reason to use alien until now)…

# dpkg-deb -c megacli_8.07.14-2_all.deb
drwxr-xr-x root/root 0 2015-09-18 03:03 ./
drwxr-xr-x root/root 0 2015-09-18 03:03 ./usr/
drwxr-xr-x root/root 0 2015-09-18 03:03 ./usr/share/
drwxr-xr-x root/root 0 2015-09-18 03:03 ./usr/share/doc/
drwxr-xr-x root/root 0 2015-09-18 03:03 ./usr/share/doc/megacli/
-rw-r--r-- root/root 772 2015-09-18 03:03 ./usr/share/doc/megacli/copyright
-rw-r--r-- root/root 163 2015-09-18 03:03 ./usr/share/doc/megacli/changelog.Debian.gz
drwxr-xr-x root/root 0 2015-09-18 03:03 ./opt/
drwxr-xr-x root/root 0 2015-09-18 03:03 ./opt/MegaRAID/
drwxr-xr-x root/root 0 2015-09-18 03:03 ./opt/MegaRAID/MegaCli/
-rwxr-xr-x root/root 2469692 2013-12-16 05:43 ./opt/MegaRAID/MegaCli/MegaCli
-rwxr-xr-x root/root 2720320 2013-12-16 05:43 ./opt/MegaRAID/MegaCli/MegaCli64
-rwx------ root/root 540512 2013-12-16 05:43 ./opt/MegaRAID/MegaCli/libstorelibir-2.so.14.07-0

… before installing it with dpkg -i.

I then checked to make sure that it was actually there and that any shared libs it might want were present:


# file MegaCli64
MegaCli64: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.4.0, stripped
# ldd MegaCli64
linux-vdso.so.1 => (0x00007fffdebfe000)
libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f49684a6000)
libncurses.so.5 => /lib/x86_64-linux-gnu/libncurses.so.5 (0x00007f4968283000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f496807e000)
libstdc++.so.6 => /usr/lib/x86_64-linux-gnu/libstdc++.so.6 (0x00007f4967d7a000)
libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007f4967a74000)
libgcc_s.so.1 => /lib/x86_64-linux-gnu/libgcc_s.so.1 (0x00007f496785d000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f4967498000)
/lib64/ld-linux-x86-64.so.2 (0x00007f49686cd000)
libtinfo.so.5 => /lib/x86_64-linux-gnu/libtinfo.so.5 (0x00007f496726f000)

The last step is to make a quick addition to /root/.profile:

if [ -d "/opt/MegaRAID/MegaCli" ] ; then
PATH="/opt/MegaRAID/MegaCli:$PATH"
fi

One quick source ~/.profile to get it into the running session and everything is ready to rumble!

making iptables more useful

I don’t remember where I got it, but there’s a script called xt_geoip_dl that facilitates downloading IP Geolocation data for use with iptables. I didn’t like some of the things the script did, so I made some modifications, namely to make it more friendly to cron updates.

To set up iptables for Debian Jessie you need to install the following:
apt-get install linux-headers-`uname -r` libtext-csv-xs-perl xtables-addons-common iptables-dev

This should create a /usr/lib/xtables-addions/xt_geoip_dl – back up that file and then replace it with my version:
--snip--

#!/bin/sh

rm -f /root/geo/Geo*
wget -P /root/geo \
http://geolite.maxmind.com/download/geoip/database/GeoIPv6.csv.gz \
http://geolite.maxmind.com/download/geoip/database/GeoIPCountryCSV.zip;
gzip -d /root/geo/GeoIPv6.csv.gz;
unzip /root/geo/GeoIPCountryCSV.zip;

--snip--

After that, all that’s left is to add two lines to your crontab to make sure you always have the up-to-date IP list:

@monthly /usr/lib/xtables-addons/xt_geoip_dl
@monthly /usr/lib/xtables-addons/xt_geoip_build -D /usr/share/xt_geoip /root/geo/*.csv

Then you can issue iptables commands like

iptables -A INPUT -p tcp -m geoip --src-cc XX -j DROP

where ‘XX’ is a country code you want to drop traffic from.

Nagios 4 and NGiNX

I decided to write this post after a weekend of wanting to set up Nagios using NGiNX on my Debian system. There are one or two guides out there which document how this is done but I had to go a little farther than either of them to get it working, and thought I’d make my own blog post to fill in the missing pieces. I’m retracing my steps from memory; I don’t think I missed anything, but if I did let me know. 🙂

Continue reading

one time when file extensions matter

I needed Java JDK on a Debian system as a prerequisite for some other software and wanted to create a .deb for it.   In contrib there is a package to do this called make-jpkg.

So let’s install it and try to use it:

╭─jkl@dev ~ 
╰─$ fakeroot make-jpkg jdk-7u45-linux-x64.gz 
Creating temporary directory: /tmp/make-jpkg.pWb1sEAQde
Loading plugins: /usr/share/java-package/common.sh /usr/share/java-package/j2re.sh /usr/
share/java-package/j2sdk-doc.sh /usr/share/java-package/j2sdk.sh /usr/share/java-package
/j2se.sh /usr/share/java-package/oracle-j2re.sh /usr/share/java-package/oracle-j2sdk-doc
.sh /usr/share/java-package/oracle-j2sdk.sh

Detected Debian build architecture: amd64
Detected Debian GNU type: x86_64-linux-gnu

No matching plugin was found.
Removing temporary directory: done

Hm. Why is this failing? A quick read of the man page provided the answer:

Download a supported Java RE or SDK or API tar.gz or self-extracting archive from http://www.oracle.com/technetwork/java/javase/downloads and execute make-jpkg file with the downloaded file.

“Wait,” says I. “don’t I already have one of those?”

╭─jkl@dev ~ 
╰─$ file jdk-7u45-linux-x64.gz
jdk-7u45-linux-x64.gz: gzip compressed data, from Unix, last modified: Tue Oct 8 09:03:05 2013

I renamed the file to .tar.gz  and lo and behold:

╭─jkl@dev ~/tmp 
╰─$ fakeroot make-jpkg jdk-7u45-linux-x64.tar.gz 
Creating temporary directory: /tmp/make-jpkg.sKqSkUnRVf
Loading plugins: /usr/share/java-package/common.sh /usr/share/java-package/j2re.sh /usr/share/java-package/j2sdk-doc.sh /usr/share/java-package/j2sdk.sh /usr/share/java-package/j2se.sh /usr/share/java-package/oracle-j2re.sh /usr/share/java-package/oracle-j2sdk-doc.sh /usr/share/java-package/oracle-j2sdk.sh

Detected Debian build architecture: amd64
Detected Debian GNU type: x86_64-linux-gnu

Detected product:
 Java(TM) Development Kit (JDK)
 Standard Edition, Version 1.7.0+update45
 Oracle(TM), Inc.
Is this correct [Y/n]:

So the whole entire reason this is failing is because make-jpkg is expecting a file ending in .tar.gz. Oops!