Let’s consider a case where you have limited disk space available in your database server. In addition, you need a database backup quickly. However, you estimate that, the space available in the server for the backup is not enough.
Continue readingMySQL Utility – mysql_config_editor
These days most applications use some kind of database service to store data. Also, It’s important that this data is accessed securely. In that regard, this article focuses on MySQL database service and more specifically on the mysql_config_editor tool.
Continue readingAdd EC2 Linux user using Cloud init user data in AWS
Consider a scenario where a customer has provided you with an access to a AWS console and needs you to recover a running EC2 linux instance for him. Let’s assume that the customer is not very tech savy and not in possession of any private keys to the instance.
You got two options at this point in gaining access to the instance and working on restoring the system.
Continue readingDesigning Scalable Web Apps
The rapid growth of the world of information has made applications which handles that information to be large, complex, slow and resource hungry. Therefore, the main focus of today’s age of application developers is to find a way to tackle many or all of these issues. One of the popular approaches currently used is making applications scalable.
Figure 1: Scalable Application Design
Scalability is in essence, the capability of a system, network or process to handle a growing amount of work or its potential to be enlarged in order to accommodate that growth. Therefore, any good system design must inculcate most of the below points to be a scalable application. Continue reading
Convert Subcontext of a Web URL to lowercase using Apache Mod_Rewrite
This article focus on a requirement from a customer who wants to alter a Web URL to his website. He wanted to convert a section in the request URL to lowercase. In a nutshell, below show his requirement.
Original: http://www.example.org/App/dosomething.php
Alterd: http://www.example.org/app/dosomething.phpRemoving Pre-Routing NAT Rules in IPtables
To remove specific iptables rule from Pre-Routing chains, first display all Pre-Routing chains using a following iptables command:
iptables -t nat --line-numbers -L
This will display all Pre-Routing chains with relevant line numbers. To remove a specific Pre-Routing rule, you can use the corresponding line number. For example below command will remove Pre-Routing NAT chain with line number 1.
iptables -t nat -D PREROUTING 1
ipsec VPN tunnel between local private network (pfSense) to AWS private network (Openswan)
Scenario: A local private network and a private network in Amazon Web Service (AWS) needs to be connected securely over the internet through an ipsec VPN. In order to cover an expanded scope, VPN tunnel will be established between Openswan ipsec VPN from AWS to pfSense ipsec VPN in local network.
Main AWS VPC in this scenario “172.31.0.0/16” has 2 subnets, Backend (172.31.1.0/24) and Frontend (172.31.2.0/24) respectively. Application servers are hosted in Backend subnet while Openswan VPN server is hosted in Frontend. All traffic between these 2 subnets are allowed.
Continue reading
Apache 2.4.16 installation with SSL manually on RHEL 7.0/CentOS 7.0
In this article, we are going to build Apache service (2.4.16) with custom settings and install it on RHEL 7.0 from scratch with SSL support. Before we start, let’s install dependencies required.
Post build packages required,
yum groupinstall “Development Tools”
yum install openssl-devel
yum install pcre-devel
Adding bulk DHCP reservations
As a System Admin you deploy DHCP server to give out IP addresses to client computers dynamically. While this eliminate boring routine work and overheads, you still need to control the IP assignment process to manage who get access to the network. This can be easily achieved by reserving an IP address for each client as opposed to letting them acquire a lease dynamically. In a large organization, it’s not easy task to assign a long list of IP address manually.
To accomplish above requirement, we can use DHCP PowerShell (introduced after Windows Server 2012) to manage DHCP reservations. Below are few of the cmdlets that can be used in DHCP Powershell. Continue reading
Apache access to Network Database on Custom port
If you have an Apache (httpd) application that needs to access a remote Database, you will have to change the SELinux policy as described bellow to allow Apache access to network databases. You have to edit the SELinux boolian settings for this.
First, check if the “httpd_can_network_connect_db” boolian set to “on”.
[root@testsrv ~]# getsebool -a | grep httpd_can_network_connect_db
httpd_can_network_connect_db --> off
By default, this is set to off. To enable network database access for Apache, execute bellow command.
setsebool -P httpd_can_network_connect_db on
Note, that “-P” is added to permanently change this setting therefore on system reboot this setting will be preserved.
If the database that the application is trying to reach is other than the default port (eg. mysql: 3306), you have to edit the SELinux Policy as described bellow.
Assume the application trying to connect to a mysql database and custom port is 1234. To get the current settings for mysql in SELinux policy,
semanage port -l | grep mysqld_port_t
To add new custom port to this mysql port group,
semanage port -a -t mysqld_port_t -p tcp 1234
Later on if you need to remove any custom port that entered in a port group, (eg: mysql:1234)
semanage port -d -t mysqld_port_t -p tcp 12345