Set up a MySQL user dedicated to backups

It is not a good idea to use the root MySQL account to do backups.

So, let’s create a user dedicated exclusively to doing backups.

Log on to MySQL as root:

mysql -u root -p

Then create the new user and grant it the necessary permissions:


CREATE USER 'backup_user_name'@'localhost' IDENTIFIED BY 'my_pass';
GRANT SELECT, SHOW VIEW, RELOAD, EVENT, TRIGGER, LOCK TABLES ON *.* TO 'backup_user_name'@'localhost';

Now that we are all set up, you can do backups with that new dedicated user:

mysqldump -u backup_user_name -pmy_pass db_name | gzip > /home/ddarazha/backups/ninelets/ninelets_`date '+%Y%m%d'`.sql.gz

Tags: , ,

Tuesday, January 19th, 2016 IT Security, Linux, MySQL, SQL, Ubuntu No Comments

Batch scale images to a particular size

First install imagemagick:

sudo apt-get install imagemagick

Then CD into the directory containing the images and make a new directory that will hold all the re-sized images. In this case I called it resized:

mkdir resized

Then run the command (from the directory holding the original images):

find . -iname \*.jpg -exec convert -verbose -quality 80 -resize 1600x1200 "{}" "resized/{}" \;

The above command will find (recursively) all the jpg files in the current directory and all directories in it, then it will execute the covert command on each image and finally store the scaled image in the resized directory. You can adjust the size parameters, file extensions and target directory as you desire.

Tags: , ,

Thursday, November 19th, 2015 Linux, Ubuntu No Comments

Upgrading to Apache 2.4 will prevent WebDAV listing of directories containing index files

I recently upgraded Apache from 2.2 to 2.4 and among all the expected changes that had to be made to the existing sites-available config files, I encountered an unexpected issue with the WebDAV sites.

I could connect to the sites via DAV but weirdly enough I could not open some directories with them. I would get a “405 Method Not Allowed error”.

It turns out that if a collection in a WebDAV-enabled area contains an index.html (or whatever filename is specified in DirectoryIndex – index.php, default.html, etc.) then it becomes impossible to use WebDAV methods on that collection. See bug report.

In order to fix this, you need to disable directory indexing for the WebDAV site(s).

If you still want to have directory indexing when serving regular http requests, I recommend having WebDAV configured on a different port.

I normally have development sites, server reqular requests on port 80 and have the WebDAV configured on port 443.

So, in your sites-available/site.conf file, in the corresponding VirtualHost declaration add DirectoryIndex disabled to the Directory declaration, like so:


    <Directory /path/to/my/webdav/dir>
                    Options Indexes FollowSymLinks MultiViews
                    AllowOverride all
                    Require all granted

                    DirectoryIndex disabled
   </Directory>

Here is an example config file:


DavLockDB /webdav/DavLock/DavLock

<VirtualHost 111.1.1.1:80>
	ServerAdmin webmaster@localhost
	ServerName my.domain.com
	DocumentRoot /var/www/my.domian.com/

	Alias /web /path/to/my/webdav/dir

	<Directory /path/to/my/webdav/dir>
		Options Indexes FollowSymLinks MultiViews
		AllowOverride None
		Require all granted
 	</Directory>

</VirtualHost>

<VirtualHost 111.1.1.1:443>

    DocumentRoot /var/www/my.domian.com/
    ServerName my.domian.com
    ServerAlias my.domian.com 111.1.1.1.my.domian.com

	Alias /web /path/to/my/webdav/dir

	<Directory /path/to/my/webdav/dir>
		Options Indexes FollowSymLinks MultiViews
		AllowOverride None
		Require all granted

		DirectoryIndex disabled
 	</Directory>

	<Location /web>
		DAV On
		AuthType Digest
		AuthName "the_auth_name"
		AuthUserFile /the/digest.dav
		Require valid-user

		php_value engine off 
		RewriteEngine off	
	</Location>

    SSLEngine on
    SSLOptions +StrictRequire

    SSLCertificateFile /etc/ssl/certs/mydomain.com.crt
    SSLCertificateKeyFile /etc/ssl/private/mydomain.com.key
    SSLCACertificateFile /etc/ssl/certs/mydomain.com.cabundle.crt
</VirtualHost>

Then just reload Apache and you will no longer have that issue:

sudo service apache2 reload

Tags: , ,

Wednesday, July 22nd, 2015 Apache, Linux, Ubuntu No Comments

Force all HTTP traffic to HTTPS

If you have SSL installed and configured on your site, there is a little need to continue serving http traffic over port 80. Performance is no longer a big issue and now Google would reward with better ranking sites that serve all content over https.

It is very easy to achieve that on an Apache server.

1. Make sure that you have enabled mod_rewrite
2. Add the following to your .conf file for the site:


<IfModule mod_rewrite.c>
	RewriteEngine On
	RewriteCond %{HTTPS} off
	RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</IfModule> 

The above code goes in the VirtualHost defininition for port 80. Make sure that you also have a VirtualHost definition for port 443.

In order for this to take affect, don’t forget to:

sudo service apache2 reload
Friday, June 12th, 2015 Apache, Linux, Ubuntu No Comments

Unable to create new directories or files (write access) in WebDAV with Apache2

It turns out that if you have enabled mod_rewrite on the server and you are actually doing any url re-writing for the site under which WebDAV is running, then you will not be able to create new directories or files via WebDAV.

To fix this, all you have to do is disable the mod_rewrite when connected via the dav protocol. The mod_rewrite will still be active when browsing the site.

Just add RewriteEngine off to the Location node of the sites-available file and then reload Apache. Here is an example:


<Location /webdav/prj>
                DAV On
                AuthType Digest
                AuthName "prj@my.domain.com"
                AuthUserFile /webdav/digestpasswd.dav
                Require valid-user
                php_value engine off 
                RewriteEngine off
</Location>

Then reload apache:

sudo service apache2 reload

Provided that your directory permissions of the WebDAV directory is set correctly (the user under which Apache is running needs to be the owner and have write permissions) you should now be able to create new directories and files.

Monday, December 15th, 2014 Apache, IT Security, Linux, Networking, Ubuntu No Comments

Search

 

Archive

February 2016
M T W T F S S
« Jan    
1234567
891011121314
15161718192021
22232425262728
29  

Other