Category Archives: Linux

pptpd on Raspbian

Leave a reply

I wanted VPN running on my RaspberryPi 2, so I could WoL my PC and also see my network.
Initially I was going for OpenVPN, but it is a pain to use on all devices and also can be fiddly to set up.

pptp is known to be very insecure, and you shouldn’t really use it.

Setting pptpd on raspbian is pretty easy
Before we begin we need to run to usual update/upgrade

sudo apt-get update
sudo apt-get upgrade

Then install pptpd

sudo apt-get install pptpd

We will need to tell pptpd on which ip is installed and also what IP addresses to give to our clients:

sudo nano /etc/pptpd.conf

Find the line

#localip 192.168.0.1

uncomment it(remove the #) and change the IP address to the IP of the Pi.

If you want the clients to be given specific IP addresses, you will need to uncomment:

#remoteip 192.168.1.234-238,192.168.1.245

Add DNS servers (I used google ones),
open

sudo nano /etc/ppp/pptpd-options

and at the end of the file add this:

ms-dns 8.8.8.8
noipx
mtu 1490
mru 1490

Enable port forwarding, open

sudo nano /etc/sysctl.conf

and ucomment

#net.ipv4.ip_forward=1

Iptables will have to allow connections and routing, and also to make iptables riles permanent(after restart) we will add them to the crontab:

sudo crontab -e

add this:

@reboot sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

The final thing is to populate the table with the users and their passwords, yoi can do this by opening

sudo nano /etc/ppp/chap-secrets

and add you user/s like that

user[TAB]*[TAB]password[TAB]*

The file should look something like that:

# Secrets for authentication using CHAP
# client        server  secret                  IP addresses
user   *       password       *

Of course change user and password with your own, and if you want add more users.

Restart the pptp server and you should be good to go:

sudo systemctl restart pptpd.service

If you are having problems to connect you might need to forward tcp port 1723 to the same port on your RPi IP.

Postfix allow only localhost outgoing emails.

Leave a reply

A lot of servers don’t need to receive mail, as people nowadays use services like Gmail.

It is simple as changing the inet_interfaces directive in main.cnf from all to 127.0.0.1

vim /etc/postfix/main.cf
inet_interfaces = 127.0.0.1

You can verify it by testing with nmap, it should say it is a closed port

nmap -p 25 domain.com

Starting Nmap 6.40 ( http://nmap.org ) at 2016-01-28 22:55 EET
Nmap scan report for embodyactive.net.au (128.199.108.77)
Host is up (0.37s latency).
PORT   STATE  SERVICE
25/tcp closed smtp

Nmap done: 1 IP address (1 host up) scanned in 0.79 seconds

Nginx simple load balancing.

Leave a reply

Nginx is amazing and load balancing with it is so easy, since it is a proxy too we can have everything working perfectly on the same domain.
First you will need few application servers that are listening to some ports, and the might be different like 81, 82, 83 etc. But that is not necessarily.

Then you need something like this on the load balancer, and voila – 

server {

  listen 80;
  server_name balancer;

  location / {
     proxy_pass  http://balancer;
     include /etc/nginx/proxy_params;
  }

}
    
upstream balancer {
   ip_hash;
   server ha1.com;
   server ha2.com:82;
   server ha3.com:83;
}

ip_hash is important for sessions and logins, if you don’t want to have users logged out from your site, as the default behavior is round-robin which mean the users will cycle on the next node after every request.

There is other configuration options, but this is just quick syntax reference, you can check the documentation here – http://nginx.org/en/docs/http/load_balancing.html

Convert AWS .ppk key to .pem openSSH

Leave a reply

I had to deal recently with AWS instance, and I was provided only with .ppk key, which is not not exaclty compatible with openSSH.
You can use PuTTY under Linux, but this thing looks really awful, if you think I am being pretentious just take a look at this garbage:

So what you need to do is to use 

puttygen

which comes with PuTTY.

You will have to install with your package manager PuTTY, it should be available in yout repos, as it is fairly popular package.

I am using Ubuntu so for me that would be:

sudo apt-get install putty

Navigate to the folder where your .ppk key is and generate .pem key:

puttygen aws.ppk -O private-openssh -o aws.pem

Move it to your .ssh filder where all the other keys are and change key permissions:

sudo chown 400 .ssh/aws.pem

And then connect specifying that you want to use your with the -i option:

ssh -i .ssh/aws.pem ubuntu@ec2-21-000-12-37.compute-1.amazonaws.com

Just be careful about the key path, and typos and it should be fine.

Install PHP 7 on Ubuntu

5 Replies

Note: This “guide” was meant for Ubuntu 14.04, I haven’t tested it on 16.04 and it most probably will not work, so please do not attempt to use it at all. I doubt that it would even work on 14.04 fallowing this guide.

You can refer to this guide for php7 with apache2 – Ubuntu 16.04 – Install Apache2 and php7

If you want to try the new php7 which GA release (General availability) is about to be finished in mid October, you can fallow these instructions.

I have done this little experiment on a virtual machine, and I strongly advice for you to do the same. But if you have balls go and do it on a production server.

Usually you will need to download and compile the packages on your system, but since I am lazy I searched for a ppa, and seems Ondřej Surý was kind enough to compile them, put them on ppa, and update them regularly.
This is the ppa – https://launchpad.net/~ondrej/+archive/ubuntu/php

I actually had php5 and apache running on this virtual instance, so even before adding the ppa, you need to remove everything php5 related, otherwise you might have conflicts and problems like me:

sudo apt-get remove php5*

Then add the php7 ppa:

sudo add-apt-repository ppa:ondrej/php

run update:

sudo apt-get update

and install php7:

sudo apt-get install php7.0

For apache you will need to enable php7 mod with:

sudo a2enmod php7.0

disable php5 mod (if you had php5 in the first place):

sudo a2dismod php5

Restart apache:

sudo service apache2 restart

and you are good to go.

You can put a file with 

<!--?php phpinfo(); ?-->

and take a look at your brand new php7 install.

After that I decided to run a simple test to see if php7 is really that much faster than php5, and run on two identical VM’s the script from http://www.php-benchmark-script.com/.

PHP 5

--------------------------------------
| PHP BENCHMARK SCRIPT |
--------------------------------------
Start : 2015-09-20 01:24:52
Server : localhost@192.168.1.139
PHP version : 5.5.9-1ubuntu4.11
Platform : Linux
--------------------------------------
test_math : 0.856 sec.
test_stringmanipulation : 0.923 sec.
test_loops : 0.540 sec.
test_ifelse : 0.427 sec.
--------------------------------------
Total time: : 2.746 sec.

PHP 7

--------------------------------------
| PHP BENCHMARK SCRIPT |
--------------------------------------
Start : 2015-09-20 01:24:55
Server : ubuntu-server@192.168.1.109
PHP version : 7.0.0RC3
Platform : Linux
--------------------------------------
test_math : 0.225 sec.
test_stringmanipulation : 0.338 sec.
test_loops : 0.224 sec.
test_ifelse : 0.267 sec.
--------------------------------------
Total time: : 1.054 sec.

Change loopback interface IP address

Leave a reply

First of all – I know that is not a good idea, and the world will end if for some reason I want to change our beloved home address.
But for a second there, just think that there is situations when you need this.

In my case I wanted to test some different IP’s against database – and that is the easiest way to give myself any IP address I want, from any country I want, while running the script on the same machine.

Actually it is pretty straight forward solution – but everywhere on the internet when someone ask this a bunch of people are starting to suggest some other solutions – adding another interface, telling them they don’t need to do that etc.
Here is how to assign any IP address to the loopback interface in linux.

You will need root permissions, or just run the commands with sudo. Also this is tested on Ubuntu

For example we gonna use the IP address 46.10.11.185
First we need to change hosts file with:

sudo nano /etc/hosts

Just change your home(127.0.0.1) with 46.10.11.185 in the beginning of the file, so it is going to look something like this:

46.10.11.185 localhost
127.0.0.1 ivan-T430

Then just use ifconfig to change the lo interface IP address with:

sudo ifconfig lo 46.10.11.185

That’s all. Now your local web server will see you as the IP you want.

This is potentially dangerous, and might even make your system unstable.
Make sure you revert all changes and you put back the correct lo IP!

Find and debug slow PHP scripts.

Leave a reply

This is very useful trick when you are having site/script that is loading slow, but you are not sure what is the issue. In my case that was leading to extremely slow TTFB(Time to first byte) – around 15 seconds.

To do this we will have to enable slowlog, in my case I am using php5-fpm on Ubuntu, so I need to look for this config file – 

 /etc/php5/fpm/pool.d/www.conf

And look for something like this:

; The log file for slow requests
; Default Value: not set
; Note: slowlog is mandatory if request_slowlog_timeout is set
;slowlog = log/$pool.log.slow

I want to log the slow request in 

/var/log/php5/slow.log

So first of all I need to create that file, and the parent dir php5, if it doesn’t exists with 

mkdir /var/log/php5
touch /var/log/php5/slow.log

And then add the fallowing values to our fpm config file – 

slowlog = /var/log/php5/slow.log
request_slowlog_timeout = 8s

request_slowlog_timeout

Will determine how long before script will be logged. In my case anything that takes more than 8 seconds will be logged, of course you can use any other value.

Restart php5-fpm so the changes take effect 

service php5-fpm restart

And then you can monitor the log in real time while browsing the site:

tail -f /var/log/php5/slow.log

For me the problem was malware injected in footer.php in one of the WordPress sites:

root@linuxvps:~# tail -f /var/log/php5/slow.log 
script_filename = /var/www/site.info/public_html/index.php
[0x00007f9bcb861fe0] curl_exec() /var/www/site.info/public_html/wp-content/themes/2014/footer.php(23) : assert code(1) : eval()'d code(1) : eval()'d code:14
[0x00007f9bcb861ed8] getContents() /var/www/site.info/public_html/wp-content/themes/2014/footer.php(23) : assert code(1) : eval()'d code(1) : eval()'d code:36
[0x00007f9bcb861df0] +++ dump failed

Count the visitors from the access log

Leave a reply

Sometimes is handy to see what number of visitors you had on you site/server based on the access log – in this case Nginx access log. This will count every different IP, so a chunk of these visitors will be bots.


grep "\[13/Jul/2015" /var/log/nginx/access.log | cut -d" " -f1 | sort | uniq | wc -l

Another slightly different variation

cat access_log | awk '{print $1}' | sort | uniq -c | sort -n | tail

Thinkpad T430 fan control – Ubuntu 14.04

Leave a reply

After researching for a few hours online to find a guide on how to control my Thinkpad’s fan speed I realized that the new models have some differences from previous models and the guides available are not complete if not wrong. So, I am making this tutorial for anyone that has a new Thinkpad ( x30/x20 models ) and needs to control his fan in order to keep the noise down and get more battery life.

Every step below uses the terminal so open an instance with the combination CRTL + ALT + T

The first thing we will do is to install a program that will provide us information about the sensors of the laptop and their temperatures

sudo apt-get install lm-sensors

Configure the application in order to find every available sensor

sudo sensors-detect

Answer Yes to every question and the last confirmation for saving the changes made.
Install thinkfan which is our main program

sudo apt-get install thinkfan

Add the coretemp module to the startup list. It will provide us the temperature inputs.

echo coretemp >> /etc/modules

Load the coretemp module

sudo modprobe coretemp

The next step is to find your temperature inputs so take note the results of the following command

sudo find /sys/devices -type f -name "temp*_input"

If you don’t get any outputs ( similar to the next step ) please Reboot and continue from this step.

It’s time to edit our thinkfan configuration

sudo gedit /etc/thinkfan.conf

Go to the line where it says #sensor /proc/acpi/ibm/thermal … and below that line ( which should be commented since thermal is not supported in the new thinkpads ) insert something like the following:

sensor /sys/devices/platform/coretemp.0/temp1_input
sensor /sys/devices/platform/coretemp.0/temp2_input
sensor /sys/devices/platform/coretemp.0/temp3_input
sensor /sys/devices/virtual/hwmon/hwmon0/temp1_input

The above lines are the results from Step 5 prefixed with ‘sensor ‘.

Time to set the temperature rules. The format is: ( FAN_LEVEL, LOW_TEMP, HIGH_TEMP ) meaning that each FAN_LEVEL will start when the highest temperature reported by all the sensors meets its LOW_TEMP and if it surpasses its HIGH_TEMP it will go to the next FAN_LEVEL rule. If it goes below the LOW_TEMP it will fallback to the previous FAN_LEVEL rule. Please take notice that the HIGH_TEMP of a rule must be between the LOW_TEMP & HIGH_TEMP of the rule that follows.
My settings are:

#(FAN_LEVEL, LOW, HIGH)
(0, 0, 60)
(1, 57, 63)
(2, 60, 66)
(3, 64, 68)
(4, 66, 72)
(5, 70, 74)
(7, 72, 32767)

NOTE: I am not responsible for any problems you encounter with these rules. They are fine as per my configuration so please test them before using them and if necessary adjust them to your needs.

Now, we must add a configuration file into the modprobe.d

sudo echo "options thinkpad_acpi fan_control=1" >> /etc/modprobe.d/thinkpad.conf

If you want to start thinkfan automatically at boot-time please type the following

sudo gedit /etc/default/thinkfan

Change the line START=no to START=yes. If the line does not exist add it yourself.

RESTART your laptop and everything should work as expected. Test your laptop’s temperatures ( using sensors command ) under different workloads and verify that the fan speed is as per the rules you defined.

If you encounter a typing mistake or a step not working for you please comment below. On the contrary if everything works then comment below verifying the guide.

 

This information was taken from here – http://mastergenius.net/wordpress/2012/07/20/control-your-thinkpad-t430-fan-speed-in-ubuntu-12-04/

The time I need it the site was trowing Nginx errors, so I had to use time machine to get it.
The fallowing was tested on ThinkPad T430 with Ubuntu Mate, and it still works without any problems.