daangemist Blog

Apache .htaccess authorization with both IP check and password authentication

Feb 28, 2013 daan

Have you ever been struggling to secure a website domain by both IP address whitelist and a password file? This means the user has to have a specific IP address to even be allowed, and after allowance the user must enter his/her password for access.

The solution to do this in a Apache .htaccess file is listed below.

Important things to notice are:

A password file is created using htpasswd in /home/domains/www.example.com/secure.passwd. This file can be located anywhere you like, as long as the user Apache runs as can read it
The line with Satisfy All is the key to the solution. If you want the user to only have to fulfill one of the two requirements (has whitelisted IP or enters password) set this to Satisfy Any.

AuthType Basic
AuthName "Secure site"
AuthUserFile /home/domains/www.example.com/secure.passwd
Require valid-user
Order deny,allow
Deny from all
#Repeat the line below for all allowed IP addresses.
Allow from 127.0.0.1
Satisfy All

Leave a Comment

Set Git user information

Feb 14, 2013 daan

Tags: git, manual

When starting to use git, you should set your username and emailaddress, which is stored for every commit. The git website contains a great guide on getting started. Execute the following two commands to set your commit information globally for every project.

$ git config --global user.name "John Doe"
$ git config --global user.email johndoe@example.com

If you want to set the information for a specific project, execute this command without the –global flag in the repositories folder. This will only locally change the information.

On another note, GitHub also has a great guide on getting started with the git basics.

Leave a Comment

Installing Android SDK on Centos 6

Feb 8, 2013 daan

Tags: centos, howto, linux

Attempting to installing the Android SDK on a Linux server, for example your buildserver? This is an excellent guide on how to accomplish that. Following all the steps in this guides results in the SDK installing each and every SDK version available.

This webpage explains how to install only specific parts of the SDK. In short:

cd <your sdk folder>/tools
./android list sdk
./android update sdk -u -n -t 5,21

Where the numbers at the end of the last command are the numbers of the list in the output of the second command. The -n argument simulates the install, so you don’t actually download a few gigabytes of data accidentally. Run the command without -n to do the actual install.

Leave a Comment

Browse your personal Git repository online

Feb 2, 2013 daan

Tags: git, howto, ubuntu

After installing a Git repository on a webserver I’d also like to browse it using my webbrowser. We can do this via the gitweb package and some additional configuration in Apache. The assumption is that this is done on a Ubuntu system.

The result will be that repositories can be cloned via /git/repos/[name].git and browsed via /git/, within the same VirtualHost. It is assumed that your VirtualHost is set up similar to the previous blog post on git on this blog.

First install gitweb via the apt-get package manager:

apt-get install gitweb

The configuration for gitweb is located at _/etc/gitweb.conf. _Only one line needs to be changed, at the beginning of the file; change the $projectroot value to the root of your git repository.:

# path to git projects (<project>.git)
$projectroot = "/var/git/repository";

The installation of the gitweb packace has placed a configuration file in /etc/apache2/conf.d/gitweb:

Alias /gitweb /usr/share/gitweb
<Directory /usr/share/gitweb>
	Options FollowSymLinks +ExecCGI
	AddHandler cgi-script .cgi
</Directory>

This causes the URL /gitweb/ to be mapped to the gitweb script, causing it to show up on every VirtualHost. We want it to show up only on the git.example.com VirtualHost. In order to do so, remove this configuration file. Modify the git.example.com (or any VirtualHost you have configured for git access) and add the following lines:

Alias /git /usr/share/gitweb
<Directory /usr/share/gitweb>
	Options FollowSymLinks +ExecCGI
	AddHandler cgi-script .cgi
</Directory>

Also remove the line

#ScriptAlias /git/ /usr/lib/git-core/git-http-backend/

and replace it with:

ScriptAliasMatch \
	"(?x)^/git/(.\*/(HEAD | \
	info/refs | \
	objects/(info/\[^/\]+ | \
	\[0-9a-f\]{2}/\[0-9a-f\]{38} | \
	pack/pack-\[0-9a-f\]{40}\\.(pack|idx)) | \
	git-(upload|receive)-pack))$" \
	/usr/lib/git-core/git-http-backend/$1

This causes all requests from the git commandline (push, pull, clone, etc) to be forwarded to the git-http-backend script, while all other requests are handled by gitweb.

Leave a Comment

Install private Git server under Apache and Debian

Feb 1, 2013 daan

Tags: debian, git, howto

This guide lists all the step you need to take to install a git server which is accessible via http. If you have no need for https you can skip this part in the tutorial. After following all the steps it did not work immediately, I did have to tweak the apache configuration a little and install additional packages, the end result can be found below.

The git-core package was also installed using apt-get install git-core.

This VirtualHost configuration also limits access to only IP addresses in the subnet 192.168.*.* and requires a password, stored in the htpasswd file located at /var/www/git.example.com/git.passwd

Pay special attention to this line: ScriptAlias /git/ /usr/lib/git-core/git-http-backend/ and verify that the location of the git-core directory is correct. On some installations the path might be /usr/libexec/git-core/git-http-backend or something similar.

<VirtualHost>
    ServerAdmin webmaster@localhost
    ServerName git.example.com
    DocumentRoot /var/www/git.example.com/htdocs
<Directory>
        Options FollowSymLinks
        AllowOverride None
    </Directory>
    SetEnv GIT\_PROJECT\_ROOT /var/git/repository
    SetEnv GIT\_HTTP\_EXPORT\_ALL
    SetEnv REMOTE\_USER=$REDIRECT\_REMOTE\_USER
    ScriptAlias /git/ /usr/lib/git-core/git-http-backend/
    <Location>
        Deny from all
        Allow from 127.0.0.1
        Allow from 192.168
    </Location>
    <Location /git>
        AuthType Basic
        AuthName "Git Repository"
        AuthUserFile /var/www/git.example.com/git.passwd
        Require valid-user
    </Location>

    ErrorLog ${APACHE\_LOG\_DIR}/error.log
    # Possible values include: debug, info, notice, warn, error, crit, alert, emerg.
    LogLevel warn
    CustomLog ${APACHE\_LOG\_DIR}/access.log combined
</VirtualHost>

Read the next git blog post to learn how to also browse the git repositories using your webbrowser.

Create new git repository

To create a new git repository execute:

git init <span class="hljs-comment">--bare name_of_project.git</span>

On a remote machine you can checkout this project by executing:

git <span class="hljs-keyword">clone</span> <span class="hljs-title">http</span>://git.example.com/git/name_of_project.git

On the first push command to send the changes to the server, you need to specify that you were working on the master. The original repository was bare, so git does not know that yet. The command below takes care of that:

git <span class="hljs-built_in">push</span> <span class="hljs-built_in">origin</span> master

Leave a Comment

Install SVN server under Apache on Debian

Jan 31, 2013 daan

Tags: debian, howto, svn

A very good and readable howto is available at http://www.howtoforge.com/debian_subversion_websvn. I have made some additional changes after following this guide. The guide requires you to manually add each repository manually to the dav_svn.conf file. It is possible to do this differently, in a VirtualHost configuration. Do not enable the lines in dav_svn.conf but add the following lines to your desired VirtualHost configuration, in this example with ServerName svn.example.com:

<Location>
    Deny from all
    Allow from 192.168
</Location>
<Location /svn>
    DAV svn
    SVNParentPath /var/svn/repository/
    SVNListParentPath on
    AuthType Basic
    AuthName "Subversion Repository"
    AuthUserFile /var/www/svn.example.com/dav_svn.passwd
    Require valid-user
</Location>

In this configuration there are the following things to keep in mind:

The parent folder of my SVN repository is different than the mentioned guide, /var/svn-repos is changed to /var/svn/repository
Access to this repository is restricted to only a specific subnet (192.168.*.* which is my own local network) by the first Location directive
All repositories are accessible via _http://svn.example.com/svn/\[name of repository] . _The usernames and passwords are configured in the dav_svn.passwd file, generated with htpasswd -c _/var/www/svn.example.com/dav_svn.passwd _(do not forget to create the folder in /var/www).

Leave a Comment

Run MPD as Windows service

Nov 26, 2012 daan

Tags: mpd

We can use a Windows tool to install MusicPlayerDaemon as a Windows Service. The tool to use is the Service Controller Query Tool, which is part of the Microsoft Windows 2000 Resource Kit. Windows 2000 is long past its due date and the Resource Kit is no longer available for download on the Microsoft website. But it is still available on other websites. Download sc.zip and extract it to a folder where you can find it later, for example C:\Apps\. Execute the following command to install MPD as a service, the following assumptions are made:

sc.exe has been extract to C:\Apps
MPD has been extracted to C:\Apps\mpd
mpd.conf is located at C:\Apps\mpd\mpd.conf sc create musicpd binpath= “C:\Apps\mpd\mpd.exe C:\Apps\mpd\mpd.conf” displayname=”Music Player Daemon”

This has been tested and confirmed to work on Windows 7. To test and configure the newly created service, run the command services.msc. A list of running services should be displayed, as in the image below (screenshot is in Dutch). From here you can start and stop the service. In the properties of the service it is possible to configure the service to be auto-starting, so that it starts when Windows starts:

This post is based on a post in the MPD Mailing List.

Leave a Comment

Decrease video file size using ffmpeg

Nov 19, 2012 daan

Tags: howto

Ever felt the need to decrease a video in size? Here’s how, using ffmpeg.
This blog post is explained using Windows, but can be performed under any OS using ffmpeg. First, download ffmpeg using the ffmpeg website. For Windows I’d recommend download the static 32 or 64 bit downloaded, depending on your computer.
Store it somewhere on your computer where you will be able to find it, let’s store it at C:\Apps\ffmpeg.

Getting information on the file

In this example we will use a video file and attempt to decrease its size by lowering the bitrate. All other parameters (resolution, audio, video format) we’ll leave intact.
First, we get the information on the video file using ffprobe. Open a command windows, cd to the folder where the video resides and execute the following command, where video.mpg is the filename of the video:

C:\apps\ffmpeg\bin\ffprobe video.mpg

C:\Apps\ffmpeg\bin\ffmpeg -i video.mpg -s 720x576 -b:v 2000k -vcodec mpeg2video -acodec copy video_smaller.mpg

Leave a Comment

Installing MPD on Windows

Nov 16, 2012 daan

MPD is a music player which works a bit different than other music players. It uses a server – client architecture; which means that the music is played as an application, while another application (the client) is used to control the playback. This allows a user to use different clients to play the same music.
An example setup would be to have the server component running on a computer near your stereo, hooked up to it via a jack cable, and you can install a client on your phone, tablet or a different computer to control the playback. The only requirement is for the computers to be able to reach each other via the local network.

Downloading and installing the server component

Download the latest zip file from the mpd homepage, select the win32 binary for the windows version
Open the downloaded file and extract its contents to your desired location. I used the folder C:\apps\mpd, so that is what I will be using in this post. Simply replace this path with the path you extraced mpd to. I do not recommend installing in your Program Files folder, because you might run into windows UAC (User Account Control) problems.

Configuration

MPD requires a configuration file to work. Create the file mpd.conf in the folder where the mpd file was extracted. The following attributes are important:

music_directory: The location where your mp3 files can be found. All backslashes in paths must be replaced by forward slashes
log_file: File where mpd output is logged
db_file: MPD stores the meta information retrieved from the MP3 files in this database file
playlist_directory: folder where the playlists are stored by MPD

music_directory "C:/Music"
log_file "C:/Apps/mpd/mpd.log"
db_file "C:/Apps/mpd/mpd.db"
playlist_directory "C:/Apps/mpd/playlists"
audio_output {
    type "winmm"
    name "Speakers"
    device "Speakers (Realtek High Definition Audio)"
}
audio_output {
    type "httpd"
    name "My HTTP Stream"
    encoder "vorbis" # optional, vorbis or lame
    port "8000"
    # quality "5.0" # do not define if bitrate is defined
    bitrate "128" # do not define if quality is defined
    format "44100:16:1"
}

In order to make this configuration work do the following:

Create the playlist folder (C:\Apps\mpd\playlists)
Create the empty file C:\Apps\mpd\mpd.db, on the first start mpd will display an error, and replace the contents with the collected metadata
Create the file C:\Apps\mpd\mpd.log and save it as an empty file

Starting MPD

You can start the MPD server with the following command:

C:\Apps\mpd\>mpd mpd.conf

This will start the mpd server and allow you to connect to it using an MPD client. In order to connect to the server in a client you need the IP address and the portnumber. The IP address is the local address on your computer running the server, the port number is the default, number 6600. If you have trouble accessing the server, check that the port is not blocked by your local firewall.
My preferred client is MPDroid, an excellent app for Android phones, which allows me the access my music from anywhere in my house.
In the example configuration file the MPD music is also accessible via http audio stream on port 8000; the url is http://[ip adress]:8000/stream.m3u.

Next steps

MPD is now running in a console window. Running it as a service on your windows PC is explained in this post.

Leave a Comment

Unfreezing Putty after pressing Ctrl+S

Nov 1, 2012 daan

Tags: putty, tips-and-tricks

Pressing the key combination Ctrl-S seems to freeze the Putty Terminal. Ctrl-S is interpreted as a special command which causes the terminal to not send any output, but it is still working. Pressing Ctrl-Q reverts this effect and allows you to use the terminal window again.

Leave a Comment

Newer posts
1
…
7
8
9