lighttpd, allow “Access-Control-Allow-Origin:*” headers on the server status page

Maybe there’s someone out there who needs to read the output of lighttpd’s status for monitoring purpose like me tonight, and also, like me, you want to do this using JavaScript, but your browser gives you this nasty error:

XMLHttpRequest cannot load http://otherSubdomain.server.com/lighttpd-status-url-you-have-configured. Origin http://requestingSubdomain.server.com is not allowed by Access-Control-Allow-Origin.

lighttpd allows you to add a custom header for all requests by adding this in a given context:

[perl]setenv.add-response-header = ( "Access-Control-Allow-Origin" => "*" )[/perl]

For this to work, you must enable the mod_setenv.

But if you don’t enable this module, before you enable your mod_status module, you will never see the custom headers come out of your lighttpd HTTP response header output.

So make sure you enable mod_setenv like this:

[perl]
server.modules = (
"mod_fastcgi",
"mod_auth",
"mod_access",
"mod_alias",
"mod_accesslog",
# "mod_simple_vhost",
"mod_rewrite",
"mod_redirect",
"mod_setenv", #before mod_status, very important!
"mod_status",
# "mod_evhost",
"mod_compress",

[/perl]

The header output of your lighttpd status page should look like this now:

[bash]
Access-Control-Allow-Origin:*
Content-Length:5952
Content-Type:text/html
Date:Wed, 30 Nov 2011 01:27:04 GMT
Server:lighttpd/1.4.28
[/bash]

Hope this helps you.

[SOLVED] Updated to Ubuntu 11.10 on VirtualBox and now you get a blank screen when you reboot?

So you used the update manager to upgrade to the new Ubuntu 11.10 that came out a couple days ago and when you’re finished with the process, next time it boots you get a blank screen.

Do this:

1. Switch to a terminal.
Press “Ctrl+Alt+F1” if you’re on Windows.
or
Press “Cmd + F1” or “Ctrl + Alt_option + F1” if you on MacOSX.

You will now be on a text based terminal (TTY1), and you will see that your VM has booted fine, you just didn’t have a graphical environment, therefore the blank screen.

2. Login in with your account on this text based terminal by entering your credentials.

3. Install virtualbox-ose-guest-utils.
(Yes, I also had my virtual guest additions installed before so that I could have full screen resolution, but the problem seems to be related to this and now ubuntu has a package on their repos that you need.)

sudo apt-get install virtualbox-ose-guest-utils [enter]

4. Reboot
sudo reboot

You’re done.

Have the latest HAProxy as a Ubuntu Service

So you need to use HAProxy and you love the convenience of binary packages on repos, but when you install the version HAProxy available in the repos you realize that it is way too old for what you need.

Then you download the latest HAProxy, compile it, configure it, but it’s a bit of a pain in the ass to not have the convenience of having haproxy be automatically restarted as a service like those available on /etc/init.d

This post teaches you how to have haproxy as a Ubuntu/Debian service.

First copy or symlink this script to your /etc/init.d/ folder (you’ll need root permissions to do this)

[bash]
#!/usr/bin/env bash
# haproxyd
# Script to start|stop|restart haproxy from /etc/init.d/
# By Gubatron.

HAPROXY_PATH=/path/to/haproxy-X.Y.Z
HAPROXY_DAEMON=$HAPROXY_PATH/haproxy

test -x $HAPROXY_DAEMON || exit 0

set -e

function getHaproxyPID() {
PID=`ps aux | grep ‘haproxy -f’ | grep -v "grep" | awk ‘{ print $2 }’`
}

case $1 in
start)
echo "Starting haproxy…"
$HAPROXY_DAEMON -f $HAPROXY_PATH/haproxy.cfg
;;
restart)
echo "Hot restart of haproxy"
getHaproxyPID
COMMAND="$HAPROXY_DAEMON -f $HAPROXY_PATH/haproxy.cfg -sf $PID"
echo $COMMAND
`$COMMAND`
;;
stop)
echo "Stopping haproxy"
getHaproxyPID
COMMAND="kill -9 $PID"
echo $COMMAND
`$COMMAND`
;;
*)
echo "Usage: haproxyd {start|restart|stop}" >&2
exit 1
;;
esac

exit 0
[/bash]

This script, on it’s own can be used as
[bash]
./haproxyd start
./haproxyd restart
./haproxyd stop
[/bash]

But you want this script registered on all the right runlevels of the operating system.

With Ubuntu/Debian there’s a utility called update-rc.d to register /etc/init.d/ scripts very easily.

Once the script above is available on /etc/init.d do the following

[bash]
cd /etc/init.d
sudo update-rc.d haproxyd defaults
[/bash]

The script should now be registered on all the right runlevels and you should be able to invoke it as a service like

[bash]
sudo service haproxyd <command>
[/bash]

Ubuntu: WiCD Network Manager “Connection Failed: Bad Password” [SOLVED]

If you’re familiar with correctly entering your WPA2 password after an Ubuntu update and now your Netbook won’t connect using WiCD, I got the solution that worked for me.

Uninstall network-manager and restart WiCD

Open a terminal and type:
[shell]
$ sudo apt-get remove network-manager

$ sudo /etc/init.d/wicd restart
[/shell]

You may have to restart wicd daemon twice in case you don’t see the wireless networks right away.

startKeychain – bash utility to start ssh-agent

For my (and your) future reference, here’s a function to put on your .bashrc or .bash_profile, you can invoke it later at any time to start/re-start your ssh-agent.


[bash]
function startKeychain {
killall ssh-agent
rm ~/.keychain/*
keychain id_rsa
HOSTNAME=`hostname`
source ~/.keychain/${HOSTNAME}-sh
}
[/bash]

Then at any time, the “command” startKeychain will be available on your command line.

Output should look something like this:
[bash]

gubatron@gubatron-desktop:~$ startKeychain

KeyChain 2.6.8; http://www.gentoo.org/proj/en/keychain/
Copyright 2002-2004 Gentoo Foundation; Distributed under the GPL

* Initializing /home/gubatron/.keychain/gubatron-desktop-sh file…
* Initializing /home/gubatron/.keychain/gubatron-desktop-csh file…
* Initializing /home/gubatron/.keychain/gubatron-desktop-fish file…
* Starting ssh-agent
* Initializing /home/gubatron/.keychain/gubatron-desktop-sh-gpg file…
* Initializing /home/gubatron/.keychain/gubatron-desktop-csh-gpg file…
* Initializing /home/gubatron/.keychain/gubatron-desktop-fish-gpg file…
* Starting gpg-agent
* Adding 1 ssh key(s)…
Identity added: /home/gubatron/.ssh/id_rsa (/home/gubatron/.ssh/id_rsa)

[/bash]

Comments are welcome to improve it, I’m not an ssh-agent expert, but this seems to do the work.

[SOLVED] Issue with KDE 4.4.2 and Dolphin always asking my ssh passwords whenever I browsed folder I checked out from a remote subversion repository.

[SOLVED] Eclipse can’t see my Android Device on Ubuntu

Are you seeing this on eclipse when you plug your Android device to your Ubuntu box?

Serial Number: ??????????
AVD Name: N/A
Target: unknown
State: ??

Here’s the solution:

1. Create a script to fix this next time it happens, let’s call it “android_device_reset” and save it on a folder contained on your $PATH environment variable.

[bash]
#!/bin/bash
# android_device_reset script
sudo adb kill-server
sudo service udev stop
sudo adb start-server
sudo adb devices
[/bash]

Save it and make it executable
[bash]chmod +x android_device_reset[/bash]

2. Open this file /etc/udev/rules.d/51-android.rules

Make sure it looks something like this
[bash]
SUBSYSTEMS=="usb", SYSFS{idVendor}=="0bb4", MODE=="0666"
SUBSYSTEMS=="usb", SYSFS{idVendor}=="22b8", MODE=="0666"
[/bash]

Each line represents a different android device. If you have just one, the file should be one line long.

On that example I’ve configured the rules for a Motorola Droid and a Nexus One.
If you need to know the idVendor numbers for your Android device go here
developer.android.com/guide/developing/device.html#VendorIds

3. Whenever the problem happens, just open a terminal and type
[bash]android_device_reset[/bash]

It’ll ask you for your password, only administrative users will be able to execute the script.

Hope this helps.

Quick N Dirty way to Map Commands to remote servers via ssh

You may be running several independent but similar servers at the same time and wasting time by executing commands in all of them one by one.

Wouldn’t it be nice to send a command to all of them at once? or to monitor all of them at once.

The following script can be used as a building block to more complex automation tasks for a small size set of servers. (If you’re managing over 50 servers, I’d probably consider looking a different way to arrange servers (map/reduce cluster), but if you’re doing something below that number this might suffice)

[code lang=”python”]
#!/usr/bin/python

#########################################################
# Author: Angel Leon (gubatron@gmail.com) – October 2009
#
# Invokes a command locally and invokes the same command
# in all machines under the specified username, servers
#
# Requirement: Have a public ssh_key for that user on all
# the other machines so you don’t have to authenticate
# on all the other machines.
#########################################################
import sys
import os

# set the username that has access to all the machines here
user=’safeuser’

# add all your server names here
servers=[‘server1.mydomain.com’,’server2.mydomain.com’,’server3.mydomain.com’]

if __name__ == "__main__":
if len(sys.argv) < 2:
print "Usage: ssh_map_command <cmd>"
sys.exit(0)

cmd= ‘ ‘.join(sys.argv[1:])

#Execute locally first
print cmd
os.system(cmd)

#Execute for all the servers in the list
for server in servers:
remote_cmd="ssh %s@%s %s" % (user,server,cmd)
print remote_cmd
os.system(remote_cmd)
print
[/code]

Save as ssh_map_command and chmod +x it.

Sample uses
Check the average load of all machines at once (then use output to mitigate high load issues)
[code lang=”shell”]$ ssh_map_command uptime[/code]

Send HUP signal to all your web servers (put it in an alias or other script… and that’s how you start building more complex scripts)
[code lang=”shell”]$ ssh_map_command ps aux | grep [l]ighttpd | kill -HUP `awk {‘print $2’}`[/code]

Check if processes are alive, check memory usage on processes across different machines, grep remote all logs at once, svn up on all machines, rsync from one to many, hey, you can even tail -f and grep all the logs at once, you can go nuts with this thing. Depends on what you need to do.

Requirements

Security Advisory
Make sure only the desired user has read/write/execute access to it and keep your private ssh keys safe (preferably only read and execute for the owner, and no permissions whatsoever to anybody else chmod 500 ssh_mod_map), if possible change them as often as possible, for it may become a big security whole if an attacker can manage to write code on this script, specially if you have cronjobs invoking it. Your attacker would only need to change code here to mess up all of your machines.

Disclaimer and Call for Knowledge
Please, if someone knows of a standard way to map commands to multiple servers, please let me know in the comment section, in my case I needed a solution and I wrote a quick and dirty python script and tried to secure it as best as I could, by no means I’m saying that this is the best solution to mapping commands, in fact I believe it might be the least efficient way, however it works good enough for my personal needs.

Ubuntu/Debian Quick Reference: How To Change Your Server’s UTC Timezone on the command line

Just Type…
sudo dpkg-reconfigure tzdata

…and follow the instructions on screen.

The process should look something like the following:


Select your Region


Select a city on your time zone


You’re done.

Tip
You can always check the status of your configuration using
sudo debconf-show tzdata

You could for example map that command via ssh to several machines and grep for “*”, that way you could easily spot servers with wrong timezones very quickly.

Reference: Linux Network/Bandwidth Monitoring CLI Tools

I often want to see how much bandwidth is consumed by my network interfaces and how this is happening. There’s plenty of tools available in the linux world to monitor your network activity.

If you’re a Ubuntu or Debian user you can try the ones I use by installing the following packages.

sudo apt-get install iptraf ethstatus dstat iftop ifstat nload bwm-ng

Then try each one of those on your command line and have fun exploring what they can do.

If they’re not on the path of your user account, then try them using sudo.
eg. sudo iftop

If this short list of the tools I use does not satisfy you, I suggest you read this more comprehensive list of monitoring tools