bwizzy - Developer IT

How to subnet hosted VMs

- by bwizzy

I have a network of VMs each having a LAN IP address and a public IP address. They each have a 1:1 NAT map for public access via the public IP for HTTP, SSH etc. I'm trying to figure out a way to restrict the LAN IPs from talking to each other, but there are some cases where a group of LAN IPs will need to communicate. I'm using pfSense as a firewall / router on a 192.168.0.0/24 configuration. It seems like I could assign each VM it's own subnet and add a static route to the firewall for that VM to get back to the firewall for internet access / other fw rules. Is that right? I assigned 1 VM with: address 192.168.1.2 netmask 255.255.255.254 gateway 192.168.1.1 Then added a static route on the FW's LAN interface using 192.168.1.0/30 as the destination network and 192.168.1.1 as the gateway. Nothing appears to be working, anyone have any ideas? Please be aware I'm not that familiar with subnets. Thanks!

Read the article

How to use nginx to proxy to a host requiring authentication?

- by bwizzy

How can I setup an nginx proxy_pass directive that will also include HTTP Basic authentication information sent to the proxy host? This is an example of the URL I need to proxy to: http://username:[email protected]/export?uuid=1234567890 The end goal is to allow 1 server present files from another server (the one we're proxying to) without exposing the URI of the proxy server. I have this working 90% correct now from following the Nginx config found here: http://kovyrin.net/2010/07/24/nginx-fu-x-accel-redirect-remote/ I just need to add in the HTTP Basic authentication to send to the proxy server

Read the article

Can you create ACLs with open vSwitch on XenServer 5.6FP1 without using the DVS appliance?

- by bwizzy

I have a pool of XenServer hosts running the Free version of XenServer 5.6 FP1. I was wondering if I change the network backend to use Open vSwitch if I can specify ACLs on individual network VIFs without needing to use the DVS appliance (distributed virtual switch) which requires an Advanced License or higher. Basically I'm looking for a way to isolate VMs on my network so that if a user had root access on the command line they couldn't access other servers they should not be able to (without using a VLAN).

Read the article

How to convert non key, value java arguments to applet params? (args like -Xmx64m)

- by bwizzy

I'm trying to use xvpviewer (based on TightVNC) to VNC into my VMs running on Citirx XenServer. There are a couple of caveats required with trusting the certificate from XenServer which I've got working. Essentially I'm trying to convert the java command below (which works on the command line to launch VncViewer) for use in an applet that can be accessed via HTML page. java -Djavax.net.ssl.trustStore=/tmp/kimo.jks -Xmx64m -jar VncViewer.jar HOST "/console?ref=OpaqueRef:141f4204-2240-4627-69c6-a0c7d9898e6a&session_id=OpaqueRef:91a483c4-bc40-3bb0-121c-93f2f89acc3c" PORT 443 PROXYHOST1 192.168.0.5 PROXYPORT1 443 SocketFactory "HTTPSConnectSocketFactory" I know I can put the HOST, PORT etc arguments into param tags for the applet but I'm not sure how to apply the two initial argments.

Read the article

How to log nginx vhost bandwidth?

- by bwizzy

I'm looking for a way to be able to track the bandwidth of multiple vhosts on an nginx web server. I'm guessing there is a way that I can set up the log files to output this information and then I can write a script to parse through the log files and add up the file sizes. If that is the case does anyone know the correct log format, and if there is already a script out there that does this?

Read the article

How to validate selects / inserts are hitting the right server with MySQL Master/Slave

- by bwizzy

I've got a rails app using the master_slave_adapter plugin (http://github.com/mauricio/master_slave_adapter/tree/master) to send all selects to a slave, and all other statements to the master. Replication is setup using Mysql master / slave. I'm trying to validate that all the SQL statements are indeed going to the right place. Selects to the slave (db2), inserts to the master (db1) but I'm not sure how to do it. I've tried using tcpdump on the webservers: sudo /usr/sbin/tcpdump -q -i eth0 dst port 3306 and this is the output for a page request with a ton of selects: 10:32:36.570930 IP web2.mydomain.com.57524 > db1.mydomain.com.mysql: tcp 0 10:32:36.576805 IP web2.mydomain.com.57524 > db1.mydomain.com.mysql: tcp 0 10:32:36.577201 IP web2.mydomain.com.57524 > db1.mydomain.com.mysql: tcp 0 10:32:36.577980 IP web2.mydomain.com.57524 > db1.mydomain.com.mysql: tcp 86 10:32:36.578186 IP web2.mydomain.com.57524 > db1.mydomain.com.mysql: tcp 21 10:32:36.578359 IP web2.mydomain.com.57524 > db1.mydomain.com.mysql: tcp 27 10:32:36.578522 IP web2.mydomain.com.57524 > db1.mydomain.com.mysql: tcp 5 10:32:36.578741 IP web2.mydomain.com.57524 > db1.mydomain.com.mysql: tcp 13 10:32:36.579611 IP web2.mydomain.com.57524 > db1.mydomain.com.mysql: tcp 29 10:32:36.588201 IP web2.mydomain.com.45978 > db2.mydomain.com.mysql: tcp 0 10:32:36.588323 IP web2.mydomain.com.45978 > db2.mydomain.com.mysql: tcp 0 10:32:36.588677 IP web2.mydomain.com.45978 > db2.mydomain.com.mysql: tcp 0 10:32:36.588784 IP web2.mydomain.com.45978 > db2.mydomain.com.mysql: tcp 86 It doesn't look like all the selects are going to the slave. Maybe this isn't the right way to test, anyone know a better way?

Read the article

Rails session cookie not getting set

- by bwizzy

I have a rails app that is a CMS that uses dynamic subdomains for each site. For some reason when I deployed to production the session cookie is not getting set. I'm thinking this is leading to the "Invalid Authenticity Token" errors that are being thrown everywhere. I have my production.rb setup so that I can share sessions across subdomains. What could be going wrong that the cookie isn't being set at all? #production.rb config.action_controller.session[:domain] = '.domain.com' #environment.rb config.action_controller.session = { :session_key => '_app_session', :secret => '.... nums and chars .....' }

Read the article

Invalid AuthenticityToken everywhere

- by bwizzy

I have a rails app that I just deployed which is generating Invalid AuthenticityToken errors anywhere a form is submitted. The app uses subdomains as account names and will also eventually allow for a custom domain to be entered. I have an entry in production.rb to allow for cross-domain session handling. The problem is that you can't login / or submit any form because everything raises an Invalid AuthenticityToken error. The issue looks similar but not the same as http://stackoverflow.com/questions/1201901/rails-invalid-authenticity-token-after-deploy plus I'm not using mongrel. I've tried clearing cookies in the browser, and restarting passenger but no luck. Anyone have any ideas? The server is running nginx + passenger 2.3.11, and Rails 2.3.5. #production.rb config.action_controller.session[:domain] = '.domain.com' #environment.rb config.action_controller.session = { :session_key => '_app_session', :secret => '.... nums and chars .....' }

Read the article

how to setup rails Authenticity Token to work with multiple domains?

- by bwizzy

I'm building an app that uses subdomains as account handles (myaccount.domain.com) and I have my sessions configured to work across the sub-domains like so: config.action_controller.session = {:domain => '.domain.com'} In addition to the subdomain a user can input a real domain name when they are creating their account. My Nginx config is setup to watch for *.com *.net etc, and this is working to serve out the pages. The problem comes when a site visitor submits a comment form on a custom domain that was input by the user. The code is throwing an "Invalid AuthenticityToken" exception. I'm 99% sure this is because the domain the user is on isn't specified as the domain in the config.action_controller.session. Thus the authenticity token isn't getting matched up because Rails can't find their session. So, the question is: Can you set config.action_controller.session to more than 1 domain, and if so can you add / remove from that value at runtime without restarting the app?

Read the article

problems getting HTTPRiot working

- by bwizzy

I've got an iphone app where I'm trying to use HTTPRiot to make some API calls to a web app. Problem is I can't see that none of the HTTPRiot delegate methods are being called. I've got a log in all the delegate methods, and I'm also looking at the webserver log. I see that the URL is being hit. //API.h #import <Foundation/Foundation.h> #include <HTTPRiot/HTTPRiot.h> @interface API : HRRestModel { } +(void)runTest; @end //API.m #import "API.h" @implementation API + (void)initialize { NSLog(@"api initialize"); [self setDelegate:self]; [self setBaseURL:[NSURL URLWithString:@"http://localhost:3000/api"]]; [self setBasicAuthWithUsername:@"demo" password:@"123456"]; NSDictionary *params = [NSDictionary dictionaryWithObject:@"1234567" forKey:@"api_key"]; [self setDefaultParams:params]; }//end initialize +(void)runTest { NSLog(@"api run test"); // Would send a request to http://localhost:1234/api/people/1?api_key=1234567 [self getPath:@"/save_diet" withOptions:nil object:nil]; } +(void)restConnection:(NSURLConnection *)connection didReturnResource:(id)resource object:(id)object { NSLog(@"didReturnResource"); } +(void)restConnection:(NSURLConnection *)connection didReceiveResponse:(NSHTTPURLResponse *)response object:(id)object { NSLog(@"didReceiveResponse"); } +(void)restConnection:(NSURLConnection *)connection didReceiveParseError:(NSError *)error responseBody:(NSString *)body object:(id)object { NSLog(@"didReceiveParseError"); } +(void)restConnection:(NSURLConnection *)connection didReceiveError:(NSError *)error response:(NSHTTPURLResponse *)response object:(id)object { NSLog(@"didReceiveError"); } +(void)restConnection:(NSURLConnection *)connection didFailWithError:(NSError *)error object:(id)object { NSLog(@"didFailWithError"); } @end //test code [API runTest]; //log output

Developer IT