How-to

Articles On Single HOW-TO Tutorial

Mac Fix for Java 8+ & iDRAC 6 Connection Failed

If you are using iDrac6 with your Mac. Good luck to you my friend as you will mostly keep getting connection failed on your Java application and this is VERY scary since you can't talk to your machine anymore! But there is a solution! (at least i figure one) so let's get started

Java Setup

Firstly, you need to go to your Java Control Panel and do a few things and here are what you need to do on your Mac Java Control Panel as show below,

Once you've added to the exception site list and set your connection to direct. You'll need to go to your terminal to edit Java Security located at 

sudo vi /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/security/java.security

open it up with vim and look for SSLv3 and comment it out

#jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \
#    EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC

i need to remove both lines in this case. Once you're done. save it and we are done with Java security tweak!

iDrac Changes

Firstly you need to head over to Console/Media and disable Video Encryption

and change 'Plug-in Type' to 'Native'

Click on apply and you are done. Now try again.

Docker link expose MySQL/MariaDB root password on phpinfo() via MYSQLIP_ENV_MYSQL_ROOT_PASSWORD

alright. today I'm on a verbal puking spree! This is another scary security risk with the official docker MariaDB container if you are using a docker link. And if you are wondering what the heck is a docker link, it's basically the command you use to link one docker container to another. for example,

docker run -it --restart=always --name phpfpm \
--link mariadb:ip \
-v /root/www:/home \
-w /home claylua/phpfpm:7.0.29-fpm-alpine3.4

where I am linking MariaDB to my PHP-fpm container.

This is practically what everyone does without noticing that your PHP application actually exposes MariaDB root password for everyone to see with the variable "MYSQLIP_ENV_MYSQL_ROOT_PASSWORD".

As you can see, my root password is visible for all to see. And this is NOT good at all.

Solution

In order to resolve this issue, we need to wrap all our containers into their own private network. We can create a private network in docker with the following command,

docker network create hungred

Now, we have a new network called 'hungred'. And in order for every container to talk in secret, we need them to all use this network. Anyone outside of this network will not be able to communicate with other dockerscontainer. Thus, throwing a 502 error or Nginx error or anything that you'll not expect.

Now, for our example, we will join the hungred network with the following command,

docker run -it --restart=always --name phpfpm \
--net=hungred \
--link mariadb:ip \
-v /root/www:/home \
-w /home claylua/phpfpm:7.0.29-fpm-alpine3.4

where our phpfpm container now runs in the hungred network.

And if you try to run phpinfo() on your application, you won't be able to find the variable "MYSQLIP_ENV_MYSQL_ROOT_PASSWORD" anymore!

P.S: Do take note that ALL your dockers will have to join the same network or else you'll get a lot of unnecessary hiccups.

Setting correct permission for Docker PHP-FPM on mounted folder

Now, if you have followed my guide on setting up Docker with PHP-FPM then you'll most likely face this issue where your files and directories permission will have to set to 777 in order for docker to write files to your mounted folder.

In order to resolve this, you'll need to reset your 777 mistakes using the command given in my reset files/directories permission article.

Once you've done that, you'll be back to your square one where your application can't write to your mounted folder.

Now, in your mounted folder assuming its in /root/www you'll need to look for the user that exec your php script in your php-fpm docker. By default its www-data (dahhh). So let's find out what this user id is on the parent machine by firing the following docker command

docker exec phpfpm id www-data

where phpfpm is the docker name of your PHP-FPM container. If you are not using PHP-FPM on a separate container, you can easily just replace phpfpm to your LEMP/LAMP docker container name.

and the above will show you something like this

root@php:~# docker exec phpfpm id www-data
uid=82(www-data) gid=82(www-data) groups=82(www-data),82(www-data)

the above means that on the parent machine, the user id for www-data is 82. Now, go ahead and change the user permission on your mounted folder to 82 with the following command

chown 82:82 -r /root/www

where /root/www is the example mounted folder used in this article.

Now, with the correct user permission, your application should be able to write correctly without the need to set your directories permissions to 777 which is pretty insecure.

Hope this helps.

Set Default Secure Files / Directories Permission on cPanel / Linux

In cPanel, if you accidentally alter the wrong files or directories' permission, you'll most likely get a 500 error. This is mainly due to the usage of SuPHP in your cPanel setup. Now, the below, snippets are pretty useful to reset or secure the permissions needed for both files and directories.

In order to reset your directories' permission. You'll need to fire the below command. 

find . -type d -exec chmod 755 {} \;

where the above find all the directory on your current directory and exec permission 755 on it

In order to reset your files' permission. You'll need to fire the below command.

find . -type f -exec chmod 755 {} \;

where the above find all the files on your current directory and exec permission 755 on it.

In order to fix your cPanel account file permission issue. All you need to do is to fire the above 2 commands on the directory on your user account lets say hungred as shown below,

cd /home/hungred/public_html/

where hungred is your user account. Hope this helps.

getting  infront of json api call

After i migrated a server from apache to docker nginx, i notice that all the request coming from this nginx setup has a  infront that is not visible to the browser but when you do a script call, your script will complain about invalid json format.

What is 

Well, first of all, this characters that we can't see is actually UTF-8 BOM or Byte order mark with the byte sequence 0xEF,0xBB,0xBF at the front of the file.

What to do

Lucky, There is 2 solutions for you. You can either change all the file format to UTF-8 and i meant all of it in the folder since any file included with UTF-8 BOM will cause this problem. Hence, all the file will need to be convert to UTF-8 or remove the byte sequence 0xEF,0xBB,0xBF

You can use the following script to run recursively on your root folder which will convert all the file from utf8 BOM to utf8.

find . -type f -exec sed -i.bak -e '1s/^\xEF\xBB\xBF//' {} \; -exec rm '{}.bak' \;

Personally, this works best but you'll need to work a little bit before its completed depending on how big your folder is.

The other solution is to remove BOM on the receiving end. so once you've grab your api content, remove the BOM with the following script,

        function remove_utf8_bom($text)
        {
                $bom = pack('H*','EFBBBF');
                $text = preg_replace("/^$bom/", '', $text);
                return $text;
        }

or you can just do this

                $raw_body = str_replace("\xEF\xBB\xBF",'',$raw_body);

both works pretty much the same. Then you should be able to parse your json_decode normally.

For more details file replacement you can visit muzso blog. Hope it helps!