December 19th, 2017
Wytze
The default rule seems to be to return from the chain. I don’t know if I am allowed to remove this entry so for now I’ll keep prepending my own rules.
iptables -I DOCKER-USER 1 -j DROP
iptables -I DOCKER-USER 1 -p tcp -m tcp -m mac --mac-source XX:XX:XX:XX:XX:XX -m state --state NEW -j RETURN -m comment --comment "Johns phone"
iptables -I DOCKER-USER 1 -p tcp -m tcp -s XXX.XXX.XXX.XXX -m state --state NEW -j RETURN -m comment --comment "Johns public ip"
iptables -I DOCKER-USER 1 -p tcp -m state --state RELATED,ESTABLISHED -j RETURN |
iptables -I DOCKER-USER 1 -j DROP
iptables -I DOCKER-USER 1 -p tcp -m tcp -m mac --mac-source XX:XX:XX:XX:XX:XX -m state --state NEW -j RETURN -m comment --comment "Johns phone"
iptables -I DOCKER-USER 1 -p tcp -m tcp -s XXX.XXX.XXX.XXX -m state --state NEW -j RETURN -m comment --comment "Johns public ip"
iptables -I DOCKER-USER 1 -p tcp -m state --state RELATED,ESTABLISHED -j RETURN
I stored these commands in /etc/network/docker-iptables.sh and made it executable.
Next determine what type of startup system your system is using.
In my case this shows systemd.
I then edited the docker.service file in /lib/systemd/system/docker.service
I added the following line behind the ExecStart.
ExecStartPost=/etc/network/docker-iptables.sh |
ExecStartPost=/etc/network/docker-iptables.sh
December 14th, 2017
Wytze
I have a SSH server that needed to bind to a specific IP but apparently it didn’t boot which was quite nasty as it is a headless machine.
The reason was that the network was not ready yet.
sshd: error: Bind to port 22 on x.y.y.z failed: Cannot assign requested address. |
sshd: error: Bind to port 22 on x.y.y.z failed: Cannot assign requested address.
Enabled systemd networkd wait.
systemctl enable systemd-networkd-wait-online.service |
systemctl enable systemd-networkd-wait-online.service
And added this to the /etc/network/interfaces just to be certain
auto eth0
iface eth0 inet dhcp
up service ssh start |
auto eth0
iface eth0 inet dhcp
up service ssh start
At least I can log in again now…
November 25th, 2016
Wytze
Small cheat sheet of git commands I frequently use.
Cloning a repository
Revert changes in working copy
Revert changes in a single file
Revert all local commits
Remove untracked files and directories
Show stash diff
git stash show -p <stash-id> |
git stash show -p <stash-id>
Clear all stashes
Show remotes
Switch branch
Show local unpushed commits
git log origin/master..HEAD |
git log origin/master..HEAD
Show local unpushed commit diff
git diff origin/master..HEAD |
git diff origin/master..HEAD
Undo commit
The trick is to export it to pkcs12 so that it can be imported by the java keytool.
Other ways of importing caused verification failures on the intermediate certificates for me.
openssl pkcs12 -export -out keystore.p12 -inkey certificate.pem -in certificate.pem
keytool -importkeystore -destkeystore keystore.jks -srcstoretype PKCS12 -srckeystore keystore.p12
# Change alias: keytool -changealias -alias 1 -keystore keystore.jks -keypass <pass> -destalias <destalias>
# Add intermediate certificates:
# openssl x509 -in root.crt -outform der -out root.der
# openssl x509 -in intermediate.crt -outform der -out intermediate.der
# keytool -import -trustcacerts -alias root -file root.der -keystore keystore.jks
# keytool -import -trustcacerts -alias root -file intermediate.der -keystore intermediate.jks |
openssl pkcs12 -export -out keystore.p12 -inkey certificate.pem -in certificate.pem
keytool -importkeystore -destkeystore keystore.jks -srcstoretype PKCS12 -srckeystore keystore.p12
# Change alias: keytool -changealias -alias 1 -keystore keystore.jks -keypass <pass> -destalias <destalias>
# Add intermediate certificates:
# openssl x509 -in root.crt -outform der -out root.der
# openssl x509 -in intermediate.crt -outform der -out intermediate.der
# keytool -import -trustcacerts -alias root -file root.der -keystore keystore.jks
# keytool -import -trustcacerts -alias root -file intermediate.der -keystore intermediate.jks
When used in Tomcat this would become something like the following:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/path/to/keystore.jks" keystorePass="<keystorePass>" keyAlias="<alias_for_the_key>" /> |
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/path/to/keystore.jks" keystorePass="<keystorePass>" keyAlias="<alias_for_the_key>" />
Making calls to a server with a self signed certificate might give you the following error:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
To fix this we need to import the certificate of this website into our local keystore.
Default pw for the keystore is ‘changeit’.
openssl s_client -showcerts -connect www.example.com:443 < /dev/null | openssl x509 -outform DER > www.example.com.der
keytool -importcert -trustcacerts -alias www.example.com -file www.example.com.der -keystore <path_to_keystore> |
openssl s_client -showcerts -connect www.example.com:443 < /dev/null | openssl x509 -outform DER > www.example.com.der
keytool -importcert -trustcacerts -alias www.example.com -file www.example.com.der -keystore <path_to_keystore>
By default maven 3 will only allow you to upload files by means of http.
This mean that deploying through scp will not work. My settings.xml contains the servers to which I want to upload through scp.
Settings.xml
<settings>
<servers>
<server>
<id>sample-server-id</id>
<username>myUsername</username>
<password>myPassword</password>
</server>
</servers>
<profiles>
<profile>
<id>default-profile</id>
<activation>
<activeByDefault>true</activeByDefault>
</activation>
<repositories>
<repository>
<id>sample-server-id</id>
<name>A sample repository</name>
<url>scp://builds.example.org/maven</url>
</repository>
</repositories>
</profile>
</profiles>
</settings> |
<settings>
<servers>
<server>
<id>sample-server-id</id>
<username>myUsername</username>
<password>myPassword</password>
</server>
</servers>
<profiles>
<profile>
<id>default-profile</id>
<activation>
<activeByDefault>true</activeByDefault>
</activation>
<repositories>
<repository>
<id>sample-server-id</id>
<name>A sample repository</name>
<url>scp://builds.example.org/maven</url>
</repository>
</repositories>
</profile>
</profiles>
</settings>
Deploying the file with mvn deploy:deploy-file will give an error when using scp as the protocol.
mvn deploy:deploy-file -DgroupId=com.oracle -DartifactId=ojdbc6 -Dversion=11.2.0.4 -DrepositoryId=sample-server-id -Dfile=ojdbc6.jar -Durl=scp://builds.example.org/maven |
mvn deploy:deploy-file -DgroupId=com.oracle -DartifactId=ojdbc6 -Dversion=11.2.0.4 -DrepositoryId=sample-server-id -Dfile=ojdbc6.jar -Durl=scp://builds.example.org/maven
No connector available to access repository |
No connector available to access repository
To fix this we need to create a dummy pom.xml. The most important part is to add the ssh wagon to enable scp.
<project>
<modelVersion>4.0.0</modelVersion>
<groupId>com.oracle</groupId>
<artifactId>jdbc-driver</artifactId>
<version>11.2.0.4</version>
<build>
<extensions>
<extension>
<groupId>org.apache.maven.wagon</groupId>
<artifactId>wagon-ssh</artifactId>
<version>2.6</version>
</extension>
</extensions>
</build>
</project> |
<project>
<modelVersion>4.0.0</modelVersion>
<groupId>com.oracle</groupId>
<artifactId>jdbc-driver</artifactId>
<version>11.2.0.4</version>
<build>
<extensions>
<extension>
<groupId>org.apache.maven.wagon</groupId>
<artifactId>wagon-ssh</artifactId>
<version>2.6</version>
</extension>
</extensions>
</build>
</project>
Now rerun the command:
mvn deploy:deploy-file -DgroupId=com.oracle -DartifactId=ojdbc6 -Dversion=11.2.0.4 -DrepositoryId=sample-server-id -Dfile=ojdbc6.jar -Durl=scp://builds.example.org/maven |
mvn deploy:deploy-file -DgroupId=com.oracle -DartifactId=ojdbc6 -Dversion=11.2.0.4 -DrepositoryId=sample-server-id -Dfile=ojdbc6.jar -Durl=scp://builds.example.org/maven
Hopefully it will now show:
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------ |
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
I wanted a clearable input field. It is supposed to show a close icon when input is typed into the input field. It was inspired by the following discussion on stackoverflow.
It consists of three parts:
1) The image for the close icon. Just take any one you like. I used this one. 
2) The required CSS.
.clearable {
background: url(/images/icons/cross.png) no-repeat right 5px center;
}
.clearable.onX {
cursor: pointer;
} |
.clearable {
background: url(/images/icons/cross.png) no-repeat right 5px center;
}
.clearable.onX {
cursor: pointer;
}
3) The required AngularJS directive
app.directive('clearable', function($parse) {
var link = function link(scope, element, attrs) {
element.on('click', function() {
if (element.hasClass("onX")) {
scope.$apply(function(scope) {
$parse(attrs.clearable).assign(scope, null);
});
}
});
scope.$watch(attrs.clearable, function(val) {
//console.log("Value is now: " + val);
if (val) {
element
.addClass('clearable')
.on('mousemove.clearable', function(event) {
if (this.offsetWidth - 18 < event.clientX - this.getBoundingClientRect().left) {
element.addClass('onX');
} else {
element.removeClass('onX');
}
});
} else {
element
.removeClass('clearable')
.off('mousemove.clearable');
}
});
};
return {
restrict: "A",
replace: false,
transclude: false,
link: link
};
}); |
app.directive('clearable', function($parse) {
var link = function link(scope, element, attrs) {
element.on('click', function() {
if (element.hasClass("onX")) {
scope.$apply(function(scope) {
$parse(attrs.clearable).assign(scope, null);
});
}
});
scope.$watch(attrs.clearable, function(val) {
//console.log("Value is now: " + val);
if (val) {
element
.addClass('clearable')
.on('mousemove.clearable', function(event) {
if (this.offsetWidth - 18 < event.clientX - this.getBoundingClientRect().left) {
element.addClass('onX');
} else {
element.removeClass('onX');
}
});
} else {
element
.removeClass('clearable')
.off('mousemove.clearable');
}
});
};
return {
restrict: "A",
replace: false,
transclude: false,
link: link
};
});
Use it by adding the following attribute to an input element:
<input type="text" ng-model="valueToObserve" clearable="valueToObserve" /> |
<input type="text" ng-model="valueToObserve" clearable="valueToObserve" />
It will look like this.
December 12th, 2011
Wytze
Check out this article over here:
Spring security with the spring-security plugin for grails
Issue the following commands to add spring security to your app.
grails install-plugin spring-security-core
grails s2-quickstart your.package.name SecUser SecRole |
grails install-plugin spring-security-core
grails s2-quickstart your.package.name SecUser SecRole
Add the following two lines to UrlMappings.groovy:
"/login/$action?"(controller: "login")
"/logout/$action?"(controller: "logout") |
"/login/$action?"(controller: "login")
"/logout/$action?"(controller: "logout")
I personally prefer to use annotations.
@Secured(['ROLE_USER'])
class PostController {
@Secured(['ROLE_ADMIN'])
def deletePost = { //...
}
} |
@Secured(['ROLE_USER'])
class PostController {
@Secured(['ROLE_ADMIN'])
def deletePost = { //...
}
}
Keep forgetting stuff. Too much input will cause a bufferoverflow I guess. 🙂 So here it is, some useful twitter stuff. If you won’t forget I will keep updating this post to include more and more twitter stuff.
Twitter GET search API
Twitter GET search – Search properties