Category Archives: System Administration

Linux: MySQLdb on virtualenv with –no-site-packages

In the past it was difficult to get MySQL working on virtualenv without using system packages. Now you can have a real separated environment with simple steps:

  1. Follow this guide to install virtualenv using this command:
    virtualenv myproject --no-site-packages

    This command will install a new virtualenv inside a new directory myproject created by the command itself.

  2. Activate virtualenv:
    source myproject/bin/activate
  3. Upgrade setuptools
    pip install pip --upgrade
  4. You can now install MySQLdb, inside the package MySQL-python:
    pip install MySQL-python
  5. Now do a simple test trying to connect to an existing database:
    python
    import MySQLdb
    db = MySQLdb.connect(host="localhost",   # your host, usually localhost
                         user="chirale",         # your username
                         passwd="ITSASECRET",    # your password
                         db="chiraledb")         # name of the database
    cursor = conn.cursor()
    cursor.execute("SELECT VERSION()")
    row = cursor.fetchone()
    print "server version:", row[0]
    cursor.close()
    conn.close()
    

Tested on CentOS 7, Python 2.7

Tip: If you are starting to create a database doing all the dirty work alone you’ve to give SQLAlchemy a try. You can use like an ORM or a lower level as you wish.

See also

The Hitchhiker’s Guide to Python
Simple MySQLdb connection tutorial

About the same topic

Python: MySQLdb on Windows virtualenv (w. figures)

Advertisements
HTTPS, encrypt via SSL / TLS

Free SSL certificates and how to install on nginx in 10 steps

Here how you can get free SSL cerificates using Let’s Encrypt. Forget about the expire of certificates using the auto-renewal script. A complete reference to install a Let’s Encrypt certificate is this Digital Ocean’s howto. Here there’s a quick guide based on it, plus some additional suggestions. Here we go!

The following code download the script and make it executable. (1)

cd /usr/local/sbin
wget https://dl.eff.org/certbot-auto
chmod a+x /usr/local/sbin/certbot-auto

The following code create a path for ssl certificate. Change /usr/local/etc/my/files/path/ssl_cert with a path for where you’ll store certificates, you can select a path not in your document root. (2)

mkdir /usr/local/etc/my/files/path/ssl_cert

Now edit your /etc/nginx/conf.d/mysites.conf and add this into the server {…} directive to make available example.com/.well-known url (3):

        location ^~ /.well-known {
                alias /usr/local/etc/my/files/path/ssl_cert/.well-known;
                allow all;
        }

Now execute the script to install certificates for your domains. Remember to use the command with -d domain-without-www -d www-domain in this order. (4)

  1. Install all needed dependencies for your system (via yum on RedHat based distro and apt on Debian based)
  2. Generate a valid certificate
certbot-auto certonly -a webroot --webroot-path=/usr/local/etc/my/files/path/ssl_cert -d example.com -d www.example.com -d mysite.com -d www.mysite.com

An auto check will be performed and you will get a Congratulation message.

Now generate a strong Diffie-Hellman group with this command (5):

openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

Check syntax and if ok reload the nginx server to apply changes and . (6)

nginx -t
systemctl reload nginx

Auto-renewal

A certificate will be valid for a short period of time, e.g. 3 months.

To auto-renew the certificate for all of your domains, you should add the auto-renewal command to cron (7):

30 2 * * 0 /usr/local/sbin/certbot-auto renew >> /var/log/le-renew.log
35 2 * * 0 /etc/init.d/nginx reload

The command will be executed every sunday night, between 2.30-2.35am, when the certificate will be checked to be renewed if needed.

Enable SSL on nginx

To enable SSL on nginx, if you have already a mysite.conf file mapped for uncrypted connection on port 80. Inside the /etc/nginx/conf.d directory, copy the file as mysite_ssl.conf and:

Change all occurrences of:

listen 80;

to:

listen 443 ssl;

In this way nginx will listen to 443 port on SSL. Ensure you have this port available externally (firewall and/or Selinux audit2allow). (8)

In the original file, mysite.conf, you can delete all entries but you have to keep the well-know part (step 3). This will avoid errors by Let’s Encrypt script.

Add and enable cyphers. Here there’s a good cyphers list, reliable for compatibile but secure using TLS only. (9)

server {
    # the port your site will be served on
    listen      443 ssl;
    # the domain name it will serve for
    server_name example.com; # substitute your machine's IP address or FQDN
    ssl_certificate /etc/letsencrypt/live/mysite.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/mysite.com/privkey.pem;
    ##### Cyphers and SSL fine tuning #####
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_stapling on;
    ssl_stapling_verify on;
    add_header Strict-Transport-Security max-age=15768000;
    ##### END Cyphers and SSL fine tuning #####
    # charset     utf-8; etc...
}

Test nginx syntax with:

nginx -t

and then reload nginx to apply changes (10), on CentOS:

systemctl restart nginx

Transfer files from iPad to Windows wireless w/o cloud in 10 steps

10 steps to transfer files without using iCloud or other cloud services: an iPad and Windows are all you need.

Requirements:

  • Windows (tested on Windows 7)
  • Wi-fi router

Windows

  1. Create a new folder ipadshare on your disk (even removable) to host files
  2. Right click on the folder > Share with... > Specific users…
  3. Click on the bottom arrow on the dropdown > Create a new user > Another account (second to last element) > Create new account
  4. Type the name and the password for the new user (no Administrator)
  5. Back to the Share with…> Specific people… window:
    1. Select the new user from the dropdown
    2. Click on Add
    3. Give her read/write access
    4. Save

Ipad

  1. Connect to the same Wi-fi router your Windows PC is connected to
  2. From home screen go to Settings > Display and Brightness > Auto-Lock > Never
  3. From App Store, Install and open FileExplorer (free)
  4. Enter into Local or Photos
    1. Tap Edit and then Select all on the bottom (or select one element at time)
    2. Tap Copy into
  5. Select Connections > ipadshare. Type user and password and then tap Save.

Do not lock the screen during the transfer process since otherwise FileExplorer free can freeze. After the transfer, check the transferred items before deleting them from the ipad.

Photo by AddictiveTips.com.

No media key buttons on my keyboard: quick fix

How to add media key buttons adding customizable shortcuts on a standard keyboard (working example attached).

Not all keyboards have media keys but you can fix this issue adding a global shortcut for your Windows system:

  1. Download and install AutoHotkey
  2. Download the media keys shortcut zip file  and extract on your Desktop
  3. Double click to add the media shortcut to your systray: the shortcut are added
  4. Open your media player and
    1. Tracks
      1. AltGr+Right arrow: Next
      2. AltGr+Alt+Down arrow: Play / Pause
      3. AltGr+Alt+Left: Previous
    2. Volume
      1. AltGr+Shift+Right: Volume Up
      2. AltGr+Shift+Down: Mute
      3. AltGr+Shift+Left: Volume Down
    3. AltGr+Shift+F1: open this howto with the default browser
  5. Alternatively you can use Ctrl+Alt in place of AltGr

Remember to launch the script each time you start the system or to add on automatic execution on start. To do so, Start > Run paste the following:

%appdata%\Microsoft\Windows\Start Menu\Programs\Startup

And then Enter. In the opened folder Right Click > New > Shortcut and paste:

%UserProfile%\Desktop\media_keys_shortcut.ahk

And Next to add the shortcut every time you login.

Download media_keys_shortcut
MD5:
5595F1686DE184A817A0261297003415

You can also read the file as a simple text file with your file editor to add new shortcuts.

See also

Media Keys on superuser

PuTTY freezes on OpenVPN on Windows

Issue: Opening PuTTY no login information are returned and then the connection is closed.

Solution (Windows 7):

  1. On the taskbar Right click and then Disconnect the VPN
  2. Look for the VPN icon and then Right click on VPN shortcut icon > Properties
  3. Select Compatibility tab and then check Run as administrator
  4. Launch OpenVPN: a message will be prompted to allow the app to run as administrator

Stop to send Microsoft information about your system

These steps will help you to block some of error reporting to Microsoft.

To help you in the task of finding error reporting issues install and run the free Kaspersky Security Scan: you will be notified by a list of issue affecting the PC the other antivirus usually don’t tell.

One of it is the notification to Microsoft of system states in situations like crashes. To stop sending Microsoft information like this you can follow these steps.

  1. On Windows 7, search “Action Center” in Windows > Search (or in your language, e.g. “Centro operativo” in Italian)
  2. Go to the 2nd voice on the left bar “change settings”
  3. Go to 2nd voice of related settings about error notification
  4. Check the very last element (Never check for solutions)
  5. In the previous screen check the first element about software use is disabled

Now take care about Microsoft Internet Explorer:

  1. On Windows 7, Run gpedit.msc
  2. Go to User Configuration > Administrative Templates > Windows Components > Internet Explorer
  3. Double click on Turn off Crash detection and then “Enable”
  4. Under Browser Menu Disable “Turn off the ability to launch report site problems using a menu option”

If you don’t use Internet Explorer as your main browser, disable also this under User Configuration > Administrative Templates > Windows Components > Internet Explorer:

  1. On the starting page option, check disable and set starting page as about:blank
  2. Run Internet Explorer and confirm the dialog about the about:blank as default page
  3. Now standard user cannot change the default starting page

Now go to Internet Explorer:

  1. Go to Gear (top right on IE 11) > Internet Options > Advanced > Security
  2. Select “Do not save crypted pages on disk”

Now go to Kaspersky Security Scan, go to Reports and refresh the list of issue. Note that if you have an antivirus, like Avira, Kaspersky will tell you autorun are active even if Avira block it so you can ignore these warning in this case.

How to find big files on disk

On Windows: WinDirStat

  • Download and install WinDirStat
  • Run WinDirStat on your disks (it will take time)
  • You’ll see a coloured map of file occupation by file type

windirstat

On Linux command line: ncdu

  • On Ubuntu / Debian
    • apt-get install ncdu
    • cd /dir/to/check
    • ncdu
  • On CentOS / Fedora / RedHat
    • yum install ncdu
    • cd /dir/to/check
    • ncdu
ncdu-screenshot

ncdu screenshot by dev.yorhel.nl: Official Website

On Linux with window manager

  • CentOS / Fedora / RedHat
    • apt-get install k4dirstat
  • On Ubuntu / Debian
    • yum install k4dirstat

Again, you’ll see a coloured map of file occupation by file type.

Official website

 

dirstat1-yuenhoe

Screenshot by yuenhoe.com