How to use Action Cable with Devise

The websocket server is running in a separate process from the Rails application so to authenticate the user we need cookies.

  1. Set up cookies in Devise
    # app/config/initializers/warden_hooks.rb
    Warden::Manager.after_set_user do |user,auth,opts|
      scope = opts[:scope]
      auth.cookies.signed["#{scope}.id"] = user.id
      auth.cookies.signed["#{scope}.expires_at"] = 30.minutes.from_now
    end
    
    # app/config/initializers/warden_hooks.rb
    ...
    
    Warden::Manager.before_logout do |user, auth, opts|
      scope = opts[:scope]
      auth.cookies.signed["#{scope}.id"] = nil
      auth.cookies.signed["#{scope}.expires_at"] = nil
    end
    ...
  2. Configure AC connection
    # app/channels/application_cable/connection.rb
    module ApplicationCable
      class Connection < ActionCable::Connection::Base
        identified_by :current_user
    
        def connect
          self.current_user = find_verified_user
          logger.add_tags 'ActionCable', current_user.name
        end
    
    protected
      def find_verified_user
        verified_user = User.find_by(id: cookies.signed['user.id'])
        if verified_user && cookies.signed['user.expires_at'] > Time.now
          verified_user
        else
          reject_unauthorized_connection
        end
      end
      end
    end
    

     

How to deal with mysqldump error 23: out of resources when opening file

So earlier today I was doing a mysql dump of a large database. And I got this error:

mysqldump: Got error: 23: "Out of resources when opening file './xxxx/xxxx' (Errcode: 24)" when using LOCK TABLE

A quick google reveals that it’s because the number of files that MySQL is permitted to open has been exceeded.

So I counted how many files our database has:

ls /var/lib/mysql/dbname/ -l|wc -l

The result is 8350 files.

Then checked the limit by executing this in phpmyadmin:

SHOW VARIABLES LIKE 'open%'

It gives me a result of 1024, so I opened /etc/my.cnf and added

[mysqld]
open_files_limit = 10000

Unfortunately this didn’t do the job!

Some further digging landed me on this stackexchange post: http://dba.stackexchange.com/questions/86987/mysql-open-files-limit-cannot-change-this-variable

Looks like the issue is systemd related.

Edit /usr/lib/systemd/system/mysqld.service  and add

LimitNOFILE=10000
LimitMEMLOCK=10000

Then run systemctl daemon-reload  and systemctl restart mysql.service .

Now with all that sorted, finally, the real deal:

mysqldump -u username -p dbname | gzip > ./dbexport.sql.gz

 

Configure iptables for PPTPD on CentOS 6

Rules in bold are essential.

#!/bin/bash

# Set defaults. Be careful with -F and -X they will reset your iptable rules.
# iptables -F
# iptables -X
iptables -A OUTPUT -j ACCEPT
iptables -A FORWARD -j ACCEPT
iptables -A INPUT -j DROP
iptables -A INPUT -i lo -j ACCEPT

# Accept established sessions
iptables -A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT

# Allow Pings.
# iptables -A INPUT -p icmp -j ACCEPT

# Allow SSH
# iptables -A INPUT -p tcp –dport 22 -j ACCEPT

# Allow PPTP Control connection
iptables -A INPUT -p tcp –dport 1723 -j ACCEPT

# Allow GRE
iptables -A INPUT -p gre -j ACCEPT

# NAT for PPTP clients connectivity
iptables -t nat -A POSTROUTING -j SNAT –to-source 192.168.0.1
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE

PPTPD VPN server installation and configuration

This howto describes the steps in how to setup a PPTP VPN on Centos, Fedora, Debian, and Ubuntu with basic RSA authentication.

Before the installation make sure to have your Yum repos updated with the Epel repos.

CentOS and Red Hat Enterprise Linux 5.x

CentOS and Red Hat Enterprise Linux 6.x

wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm && sudo rpm -Uvh epel-release-6*.rpm

CentOS and Red Hat Enterprise Linux 7.x

Step 1. Install PPTPD

CentOS/RedHat 5:

yum install pptpd.x86_64 -y

CentOS/RedHat 6:

yum install pptpd.x86_64 -y

Fedora 20:

yum install pptpd.x86_64 -y

Ubuntu/Debian:

apt-get install pptpd

Step 2. Edit IP setttings in /etc/pptpd.conf

echo > /etc/pptpd.conf

paste the following content into the pptpd.conf file

 

#start of custom file
#logwtmp
option /etc/ppp/options.pptpd
localip 192.168.0.1   # local vpn IP 
remoteip 192.168.0.100-200  # ip range for connections
listen 23.216.x.x # eth0 my example public IP and network interface
#end of custom file

Step 3. Add user account in/etc/ppp/chap-secrets (assign username and password)

vi /etc/ppp/chap-secrets

usernameForuser1 *  setpassword1here  *

usernameForuser2 *  setpassword2here  *

Step 4. Optional settings in /etc/ppp/options.pptpd

echo > /etc/ppp/options.pptpd

Paste the following to your options.pptp

 

#custom settings for a simple fast pptp server
ms-dns 8.8.8.8
ms-dns 4.2.2.2
lock
name pptpd
require-mschap-v2
# Require MPPE 128-bit encryption
# (note that MPPE requires the use of MSCHAP-V2 during authentication)
 require-mppe-128

 

Step 5. Enable network forwarding in /etc/sysctl.conf

vi /etc/sysctl.conf

net.ipv4.ip_forward = 1

use the following command to apply the change:

sysctl -p

Step 6. Configure firewall (don’t skip this step even if you have firewall disabled.)

# sudo nano /etc/rc.local
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE
iptables -A FORWARD -p tcp –syn -s 192.168.0.0/24 -j TCPMSS –set-mss 1356

Step 7. Start PPTP VPN server

Fedora/Debian:

service pptpd restart

Centos/Fedora:
/etc/init.d/pptpd restart-kill && /etc/init.d/pptpd start

Note: To avoid starting pptp on every reboot you can automated by running chkconfig pptp on

 

The log of the VPN server, by default, is combined with system log located at /var/log/messages.

Source: https://www.photonvps.com/billing/knowledgebase.php?action=displayarticle&id=58

SSH tunnelling – TCP port forward from local dev to public facing ssh server

A little bg story: I’m writing a rails app, which is hosted inside the corporate network, and no incoming traffic is permitted. I need to expose the internal port 3000 to the public.

Short answer: SSH forwarding.

$ ssh -R 3000:localhost:3000 [email protected]

For some reason, the forwarding only works when I set both the local and remote port as 3000.

There is one more thing you need to do to enable this. SSH doesn’t by default allow remote hosts to forwarded ports. To enable this open /etc/ssh/sshd_config and add the following line somewhere in that config file.

GatewayPorts yes

Make sure you add it only once!

$ sudo vim /etc/ssh/sshd_config

And restart SSH

$ sudo service ssh restart

Source:
http://blog.trackets.com/2014/05/17/ssh-tunnel-local-and-remote-port-forwarding-explained-with-examples.html
https://help.ubuntu.com/community/SSH/OpenSSH/PortForwarding

Enable apt-X on OSX Yosomite for bluetooth headphones

So I noticed that my Sony MDR-1RBT is not working on aptX codec, did some searches and here are the steps to get aptX codec capability.

1. Download the io tool:

https://developer.apple.com/downloads/index.action?name=bluetooth%20explorer

2. Bluetooth Explorer -> Tool -> Audio Options: Force use of aptX

3. Reconnect your bluetooth headphone

To enable aptX on the headphone, press volume + and power for two seconds when powering on. The blue indicator will blink 3 times when on aptX mode.

PHP can not connect RDS MySQL on an Amazon EC2 RHEL box

So I decided to use Amazon RDS for my blog. It’s fairly simple to set up RDS, but somehow I couldn’t get PHP to connect to RDS. WordPress kept throwing this error: “Error establishing a database connection”.

So I thought maybe my RDS security group settings are not correct? I opened the RDS instance to 0.0.0.0/0 and I was able to connect using mysql cli anywhere, including the RHEL box, but WP still gave me the same error. I then tried php mysql connection to RDS on another linux box and it worked!

OK, so that means somehow php mysql connection is not working on the RHEL box, what can be causing the problem? After a few Google searches, one post drew my attention, SELinux!! Of course!! How did I forget this thing…

So I went to /etc/selinux/config and set SELinux = disabled, after reboot, problem solved!

Of course you can add an exception rule but to avoid future headaches, better leave it disabled.

Git – How to avoid typing your password repeatedly

There are at least three ways to avoid typing your password repeatedly when using git. First solution requires to use KDE wallet, second solution doesn’t require additional tools and third is not the safest one.
First way – use KDE wallet

To store passwords in the KDE wallet you need to install ksshaskpass package:

$ sudo apt-get install ksshaskpass

Then configure git to use it:

$ git config –global core.askpass /usr/bin/ksshaskpass

Alternatively you can use GIT_ASKPASS environmental variable:

$ export GIT_ASKPASS=`which ksshaskpass`

Use secure protocol:

$ git clone –verbose https://[email protected]/git/personal_repo.git

Second way – temporarily store passwords in memory (recommended)

You can temporarily store passwords in memory by using credential helper:

$ git config credential.helper ‘cache’

By default credentials are stored for 15 minutes, to change number of seconds to cache credentials use timeout parameter (30 minutes in this example):

$ git config credential.helper ‘cache –timeout=1800’

Use secure protocol:

$ git clone https://[email protected]/git/personal_repo.git

To clear credentials cache before time out execute command:

$ git credential-cache exit

Checkout manual pages:

$ man git-credential-cache
$ man gitcredentials

Third way – use ~/.netrc file

You can also store credentials (per host) using plain text in ~/.netrc file:

machine source.sleeplessbeastie.eu login USERNAME password PASSWORD

Make sure that anyone else cannot read file:

$ chmod 0600 ~/.netrc

Use secure protocol:

$ git clone https://source.sleeplessbeastie.eu/git/personal_repo.git

reference: http://blog.sleeplessbeastie.eu/2012/08/12/git-how-to-avoid-typing-your-password-repeatedly/