megacolorboy

Abdush Shakoor's Weblog

Writings, experiments & ideas.

Temporarily disable IPV6 protocol on Ubuntu

Few days ago, I resolved an issue that I faced on an Ubuntu server that was related to SMTP not working, as a result, the server was always throwing a 504 Gateway Timeout error.

During troubleshooting, I found out that telnet smtp.office365.com 587 was not giving any response and thought that the port was blocked on the client's network but no, it wasn't.

I did a little digging and learnt that it could be due to the fact that SMTP traffic over IPV6 might be blocked on the client's network.

So, I tried executing the following commands to disable IPV6 temporarily:

sudo sysctl -w net.ipv6.conf.all.disable_ipv6=1
sudo sysctl -w net.ipv6.conf.default.disable_ipv6=1

And voila, the mails were going and SMTP traffic was working over IPV4.

If you want to enable it again, try the following:

sudo sysctl -w net.ipv6.conf.all.disable_ipv6=0
sudo sysctl -w net.ipv6.conf.default.disable_ipv6=0

Hope you found this tip useful!

View list of services in Linux

If you wanted to see a list of services available on your Linux server/desktop, try the following command:

systemctl list-unit-files --type=service

Upon executing this command, you'll be able to see a list of services along with their statuses i.e whether the service is enabled or disabled.

This can come in handy if you want to know the status of a specific service like nginx:

systemctl list-unit-files --type=service | grep "nginx"

Hope you found this tip useful.

Install Docker on Fedora 35/36

Recently, I started to play around with Docker and I thought of installing on my personal laptop which runs Fedora 36 workstation.

If you have Fedora and want to know how to install it, here it is:

Install Docker Engine

First, add the official Docker repositories to your Fedora OS:

sudo dnf install dnf-plugins-core -y
sudo dnf config-manager --add-repo https://download.docker.com/linux/fedora/docker-ce.repo

Then, you can run the following command to install Docker and it's dependencies:

sudo dnf install docker-ce docker-ce-cli containerd.io

During installation, you'll be prompted to import the GPG key in order to install Docker on your system. So, press Y to proceed with the installation.

Next, enable and start the docker service:

sudo systemctl enable docker
sudo systemctl start docker

That's it you are done. You can try running the following command to see if it's installed properly on your system:

sudo docker run hello-world

If it works fine, you should be seeing a "Hello from Docker!" message which means that the installation appears to be working fine.

Hope you found this tutorial useful!

Resolve permission error while SSH-ing to AWS EC2 instance from a Linux machine

If you are someone who's trying to access a AWS EC2 instance via SSH using a private key from a linux machine, you might have or will come across this error:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for 'your-aws-private-key.pem' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: your-aws-private-key.pem
Permission denied (publickey).

Why am I getting this?

From what I have read, EC2 instances will simply not accept a private key that are publicly visible to others especially if it's somewhere stored in your Desktop or Downloads folder.

So basically, your private key should be accessible to others.

Oh, how can I fix it?

It's pretty straightforward, you just have to make sure that the private key is read-only like this:

chmod 400 your-aws-private-key.pem

After that, try connecting again and it should work fine!

Hope you found this tip useful!

Install PFX certificate on a Linux server

I would consider this as an extended post to my previous post that I had written six months ago.

A PFX Certificate usually contains the following in PKCS#12 format:

  • The actual certificate.
  • The private key to the certificate.
  • The Intermediate authority certificate that ensures the trustworthiness of the certificate.

To extract all those files, here are the steps that I have documented:

Note

If the .PFX file prompts you for a passphrase, please check with your project manager or client regarding this information.

Extract the Encrypted Private Key

openssl pkcs12 -in <filename.pfx> -nocerts -out encrypted.key

Extract RSA Private Key

openssl rsa -in encrypted.key -out private.key

Extract Certificate

openssl pkcs12 -in <filename.pfx> -clcerts -nokeys -out certificate.crt

Extract Combined Chain Certificate (Optional)

openssl pkcs12 -in <filename.pfx> -cacerts -nokeys -chain | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > combined_chain_certificate.crt

Once you are done extracting all the required files, you can add the certificates like this:

Apache configuration:

SSLCertificateFile /path/to/certificate.crt
SSLCertificateKeyFile /path/to/private.key

# Optional, if you have it, else skip.
SSLCertificateChainFile /path/to/combined_chain_certificate.crt

Test if it works:

apachectl configtest
systemctl restart httpd

Nginx configuration:

# If you don't have a combined chain certificate:
ssl_certificate /path/to/certificate.crt;
ssl_certificate_key /path/to/private.key;

# If you have a combined chain certificate:
ssl_certificate /path/to/combined_chain_certificate.crt
ssl_certificate_key /path/to/private.key;

Test if it works:

nginx -t
systemctl restart nginx

Hope you found this tip useful.

Install Microsoft SQL Server Driver for PHP on Amazon Linux 2

Recently, I tried to install Microsoft SQL Server driver for PHP on Amazon Linux and searching on how-to do was really annoying.

I read a few articles on StackOverflow and found some samples on GitHub Gists and thought of sharing on how I installed it.

Prerequisites

  1. Amazon Linux 2 installed.
  2. Ensure the ports 80 and 443 are open on your instance.
  3. PHP >= v5.6 and the following extensions: php-devel, php-pear, php-pdo, and php-xml.
  4. Know-how on using the terminal.

Installation steps

These are the commands used to install the SQL Server driver:

sudo su
sudo yum-config-manager --add-repo https://packages.microsoft.com/config/rhel/7/prod.repo
sudo yum update
sudo ACCEPT_EULA=Y yum install -y msodbcsql mssql-tools unixODBC-devel re2c gcc-c++ gcc
sudo pecl install sqlsrv
sudo pecl install pdo_sqlsrv

Modify php.ini

You can either to go to your php.ini file and add the extension=sqlsrv extension or add it like this:

echo "extension=sqlsrv" >> `php --ini | grep "Loaded Configuration" | sed -e "s|.*:\s*||"`
echo "extension=pdo_sqlsrv" >> /etc/php.d/30-pdo_sqlsrv.ini

Restart the service

Ensure that the server can connect and restart the service:

sudo setsebool -P httpd_can_network_connect_db 1
sudo systemctl restart httpd && sudo apachectl restart

Next, run the following the command to see that both pdo_sqlsrv and sqlsrv are installed:

php -m | grep "sqlsrv"`

Test if the driver works

Create a test.php file in your root directory and copy-paste this snippet to test if it works:

<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);

$serverName = "YOUR_DB_HOST";
$connectionOptions = array(
    "Database" => "YOUR_DB_NAME",
    "Uid" => "YOUR_DB_USER",
    "PWD" => "YOUR_DB_PASSWORD"
);

$conn = sqlsrv_connect($serverName, $connectionOptions);

if($conn === false ) {
    print "Connected successfully."; 
} else {
    print "Error while connecting to server.";
}
?>

Hope you found this tip useful!

Logging client IP addresses on Apache server

If you want to log the actual client IP address, you need to extract the X-Forward-For header from the request and in order to do that, you need to make a tiny edit in your httpd.conf file.

  1. Go to /etc/apache2/conf or /etc/httpd/conf and open httpd.conf file.
  2. Search for the string that starts with: LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined.
  3. Modify the %h to %{X-Forwarded-For}i. Now, it should look like this: LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined.
  4. Test the config to ensure that there are no typos by typing: apachectl configtest.
  5. Save and restart the service by typing: systemctl restart httpd or systemctl restart apache2.
  6. In your terminal, type tail -f /var/log/httpd/access.log and you'll be seeing the client IP being logged in your logs.

Hope you found this tip useful!

Using IIFE in JavaScript

IIFE a.k.a Immediately-Invoked Function Expression — is a way to execute functions as soon as the function is created.

Using IIFE, you can easily isolate declared variables away from the global scope.

This is how the syntax would look like:

// ES5 Standard
let foo = (function(){
    let message = "Hello world"
    console.log(message);
})();

They can be defined with arrow functions as well:

// ES6 Standard
let foo = (() => {
    let message = "Hello world"
    console.log(message);
})();

According to MDN Docs, it's a design pattern a.k.a Self-Executing Anonymous Function. There are two parts to this:

  1. The function that's enclosed within the Grouping Operator (), which would prevent it from polluting the global space and access to the variables within it's scope.

  2. The (); will create the Immediately Invoked Function Expression on-the-fly.

When to use it?

There are many interesting cases such as if you are following the Module Pattern especially if you want to avoid polluting the global namespace or just that you don't want your code to interfere with other code thus ensures code safety.

Readings