Archive

Archive for the ‘Uncategorized’ Category

Docker custom iptables in docker-user chain

December 19th, 2017 No comments

The default rule seems to be to return from the chain. I don’t know if I am allowed to remove this entry so for now I’ll keep prepending my own rules.

iptables -I DOCKER-USER 1 -j DROP
iptables -I DOCKER-USER 1 -p tcp -m tcp -m mac --mac-source XX:XX:XX:XX:XX:XX -m state --state NEW -j RETURN -m comment --comment "Johns phone"
iptables -I DOCKER-USER 1 -p tcp -m tcp -s XXX.XXX.XXX.XXX -m state --state NEW -j RETURN -m comment --comment "Johns public ip"
iptables -I DOCKER-USER 1 -p tcp -m state --state RELATED,ESTABLISHED -j RETURN

I stored these commands in /etc/network/docker-iptables.sh and made it executable.
Next determine what type of startup system your system is using.

sudo stat /proc/1/exe

In my case this shows systemd.
I then edited the docker.service file in /lib/systemd/system/docker.service
I added the following line behind the ExecStart.

  ExecStartPost=/etc/network/docker-iptables.sh
Categories: Uncategorized Tags:

Waiting for network

December 14th, 2017 No comments

I have a SSH server that needed to bind to a specific IP but apparently it didn’t boot which was quite nasty as it is a headless machine.
The reason was that the network was not ready yet.

sshd: error: Bind to port 22 on x.y.y.z failed: Cannot assign requested address.

Enabled systemd networkd wait.

systemctl enable systemd-networkd-wait-online.service

And added this to the /etc/network/interfaces just to be certain

auto eth0
iface eth0 inet dhcp
  up service ssh start

At least I can log in again now…

Categories: Uncategorized Tags:

Git Cheat Sheet

November 25th, 2016 No comments

Small cheat sheet of git commands I frequently use.

Cloning a repository

git clone <remote-url>

Revert changes in working copy

git checkout .

Revert changes in a single file

git checkout <file>

Revert all local commits

git reset

Remove untracked files and directories

git clean -fd

Show stash diff

git stash show -p <stash-id>

Clear all stashes

git stash clear

Show remotes

git remote -v

Switch branch

git checkout <branch>

Show local unpushed commits

git log origin/master..HEAD

Show local unpushed commit diff

git diff origin/master..HEAD

Undo commit

git reset HEAD~
Categories: Linux, Uncategorized Tags:

Import pem certificate into jks

June 30th, 2016 No comments

The trick is to export it to pkcs12 so that it can be imported by the java keytool.
Other ways of importing caused verification failures on the intermediate certificates for me.

openssl pkcs12 -export -out keystore.p12 -inkey certificate.pem -in certificate.pem
keytool -importkeystore -destkeystore keystore.jks -srcstoretype PKCS12 -srckeystore keystore.p12
# Change alias: keytool -changealias -alias 1 -keystore keystore.jks -keypass <pass> -destalias <destalias>
# Add intermediate certificates:
# openssl x509 -in root.crt -outform der -out root.der
# openssl x509 -in intermediate.crt -outform der -out intermediate.der
# keytool -import -trustcacerts -alias root -file root.der -keystore keystore.jks
# keytool -import -trustcacerts -alias root -file intermediate.der -keystore intermediate.jks

When used in Tomcat this would become something like the following:

    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS"
               keystoreFile="/path/to/keystore.jks" keystorePass="<keystorePass>" keyAlias="<alias_for_the_key>" />
Categories: Uncategorized Tags:

Java import certificate from website

April 9th, 2015 No comments

Making calls to a server with a self signed certificate might give you the following error:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

To fix this we need to import the certificate of this website into our local keystore.

Default pw for the keystore is ‘changeit’.

openssl s_client -showcerts -connect www.example.com:443 < /dev/null | openssl x509 -outform DER > www.example.com.der
keytool -importcert -trustcacerts -alias www.example.com -file www.example.com.der -keystore <path_to_keystore>
Categories: Uncategorized Tags:

Maven 3, deploy file with scp

March 7th, 2014 No comments

By default maven 3 will only allow you to upload files by means of http.

This mean that deploying through scp will not work. My settings.xml contains the servers to which I want to upload through scp.

Settings.xml

<settings>
    <servers>
        <server>
            <id>sample-server-id</id>
            <username>myUsername</username>
            <password>myPassword</password>
        </server>
    </servers>
    <profiles>
	<profile>
            <id>default-profile</id>
            <activation>
                <activeByDefault>true</activeByDefault>
            </activation>
	    <repositories>
		<repository>
			<id>sample-server-id</id>
			<name>A sample repository</name>
			<url>scp://builds.example.org/maven</url>
		</repository>
	    </repositories>
	</profile>
    </profiles>
</settings>

Deploying the file with mvn deploy:deploy-file will give an error when using scp as the protocol.

mvn deploy:deploy-file -DgroupId=com.oracle -DartifactId=ojdbc6 -Dversion=11.2.0.4 -DrepositoryId=sample-server-id -Dfile=ojdbc6.jar -Durl=scp://builds.example.org/maven
No connector available to access repository

To fix this we need to create a dummy pom.xml. The most important part is to add the ssh wagon to enable scp.

<project> 
	<modelVersion>4.0.0</modelVersion> 
	<groupId>com.oracle</groupId> 
	<artifactId>jdbc-driver</artifactId> 
	<version>11.2.0.4</version> 
	<build>
		<extensions>
			<extension>
				<groupId>org.apache.maven.wagon</groupId>
				<artifactId>wagon-ssh</artifactId>
				<version>2.6</version>
			</extension>
		</extensions>
	</build>
</project>

Now rerun the command:

mvn deploy:deploy-file -DgroupId=com.oracle -DartifactId=ojdbc6 -Dversion=11.2.0.4 -DrepositoryId=sample-server-id -Dfile=ojdbc6.jar -Durl=scp://builds.example.org/maven

Hopefully it will now show:

[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
Categories: Uncategorized Tags:

AngularJS Clearable Input Directive

March 2nd, 2014 No comments

I wanted a clearable input field. It is supposed to show a close icon when input is typed into the input field. It was inspired by the following discussion on stackoverflow.

It consists of three parts:

1) The image for the close icon. Just take any one you like. I used this one. cross
2) The required CSS.

.clearable {
    background: url(/images/icons/cross.png) no-repeat right 5px center;
}
 
.clearable.onX {
    cursor: pointer;
}

3) The required AngularJS directive

app.directive('clearable', function($parse) {
    var link = function link(scope, element, attrs) {
        element.on('click', function() {
            if (element.hasClass("onX")) {
                scope.$apply(function(scope) {
                    $parse(attrs.clearable).assign(scope, null);
                });
            }
        });
 
        scope.$watch(attrs.clearable, function(val) {
            //console.log("Value is now: " + val);
            if (val) {
                element
                    .addClass('clearable')
                    .on('mousemove.clearable', function(event) {
                        if (this.offsetWidth - 18 < event.clientX - this.getBoundingClientRect().left) {
                            element.addClass('onX');
                        } else {
                            element.removeClass('onX');
                        }
                    });
            } else {
                element
                    .removeClass('clearable')
                    .off('mousemove.clearable');
            }
        });
    };
 
    return {
        restrict: "A",
        replace: false,
        transclude: false,
        link: link
    };
});

Use it by adding the following attribute to an input element:

<input type="text" ng-model="valueToObserve" clearable="valueToObserve" />

It will look like this.
clearable_input

Categories: Uncategorized Tags:

Adding spring security to your grails app

December 12th, 2011 No comments

Check out this article over here:

Spring security with the spring-security plugin for grails

Issue the following commands to add spring security to your app.

grails install-plugin spring-security-core
 
grails s2-quickstart your.package.name SecUser SecRole

Add the following two lines to UrlMappings.groovy:

"/login/$action?"(controller: "login")
"/logout/$action?"(controller: "logout")

I personally prefer to use annotations.

@Secured(['ROLE_USER'])
class PostController {
    @Secured(['ROLE_ADMIN'])
    def deletePost = { //...
    }
}
Categories: Uncategorized Tags:

Some useful twitter stuff

October 21st, 2011 No comments

Keep forgetting stuff. Too much input will cause a bufferoverflow I guess. 🙂 So here it is, some useful twitter stuff. If you won’t forget I will keep updating this post to include more and more twitter stuff.

Twitter GET search API
Twitter GET search – Search properties

Categories: Uncategorized Tags: