Category Archives: Tips

Securing Graylog behind a Caddy reverse proxy

Posted on by
Reply

It’s been a while since my last post, but I just finished putting a Graylog container behind a Caddy reverse proxy, and because I found the existing documentation to be pretty sparse I thought I would quickly share my Caddy docker-compose.yml and my Graylog docker-compose.yml, and other tidbits that might help others out.

Caddy docker-compose.yml file

https://gist.github.com/rbocchinfuso/75a8421574367e02f78b53023b18c671

Graylog docker-compose.yml file

https://gist.github.com/rbocchinfuso/5a0cf6492b96edef23309db78df6d11c

Also, thanks to Guido Diepen, for his docker-convenience-scripts, which saved me some time by allowing me to quickly clone my persistent volumes.


https://github.com/gdiepen/docker-convenience-scripts
132 forks.
618 stars.
11 open issues.

Recent commits:

 

Verizon Actiontec Router and Local DNS

Posted on by
Reply

I have been really busy and not posting much, but I have my home lab pretty much built out and have a bunch of new projects in the hopper, more on that in future posts.  If you have FIOS like I do you probably have a Actiontec router provided by Verizon.  When building out my home lab I wanted to use my Actiontec router as my DNS server, for obvious reasons, the web interface became frustrating pretty quickly.  So many clicks and the ability to only enter a single host registration at a time:

image

The ability to edit DNS from telnet is actually really nice on the Action tech router.  Commands are petty simple.

1) Enable Telnet on the router (Advanced –> Local Administration)

image

2) Once telnet is enabled, you can now telnet to your router using the same credentials used with the web interface.

image

3) After the telnet session is established there are basically three commands you need to be familiar with:

  • dns_get:  lists all DNS server entries
  • dns_set:  adds a DNS entry
  • dns_del:  deletes a dns entry

The syntax is pretty simple:

  • dns_get:  used by itself to list all DNS entries
  • dns_set: dns_set ID HOSTNAME IP_ADDRESS (e.g. – dns_set 1 host1 192.168.1.100)
  • dns_del:  dns_del ID (e.g. – dns_del 1)

This method of adding and removing DNS entries from the Actiontec router is significantly faster than using the web interface.

I use a Google Doc spreadsheet to track my IPs and build the command to add and remove DNS entries.  I have shared my template here:  https://docs.google.com/spreadsheet/ccc?key=0Alfr2Qqx-moWdE43YTFZLVRtRWM1X3VsdXY2UmFBVUE

WordPress mime types

Posted on by
1

I wanted to expand the type of files that wordpress would allow me to upload and attach to a post.  I used a plugin called pjw-mime-config here are a few things that I figured out beyond just using this plugin to add mime types.

I originally wanted to upload and attach a powershell script to a post when wordpress responded with the following error:  File type does not meet security guidelines. Try another.  I googled the error and found that I needed to add additional mime types to be accepted by wordpress, pjw-mime-config was suggested to easily add mime types, I installed the plugin and fat fingered the mime type, I tried to remove the mime type but it failed to delete it…  I uninstalled the plugin and reinstalled thinking that would remove the mime type, no luck.  My thought at this point was that the mime types must be stored in the wordpress database  by the pjw-mime-config plugin, I worked with a test wordpress installation and exported the DB (db1.sql) installed jpw-mime-config, added a mime type (foo, text/plain) and exported the DB again (db2.sql) I then did a diff on the two SQL exports.  Sure enough there jpw-mime-config row in the wordpress DB table wp_options, I uninstalled jpw-mime-config, deleted the row and reinstalled jpw-mine-config and all was good.

After installing jpw-mime-config the wordpress uploader accepted the file but gave an error from the upload dialog that referenced functions.php @ line 2258.  To resolve the error I edited ./wp-includes/functions.php and added the ps1 mime type to the get_allowed_mime_types function (starts at appox line 2275).

Windows and mount points…

Posted on by
4

Those of us who used CP/M and DOS in the early days became accustomed to drive letters which BTW was a good design when most systems has two maybe three devices. The same computer enthusiasts who used CP/M and DOS most likely through education or professional experience were introduced to UNIX at some point. If you are like me this was probably during your college years, we began to realize how much more elegant the UNIX operating system was with novel ideas such as “mount points”, well Microsoft sorta figured this out a few years ago and integrated mount points into Windows. To me there is absolutely no reason that anyone in the server space should be using drive letters (Excluding A:,B:,C: and D: of course) unless legacy applications are hard coded to use drive letters and the move to mount points is just too painful (unfortunately in the past drive letters were the only way to address storage devices, if you are still doing this for new applications shame, shame!). One issue with mount points is an inability to easily determine total, used, and free space for a physical device from Windows Explorer. While I use mount points almost exclusively, many of my customers complain of the need to drop to the CLI (only a complaint you would hear in the Windows world…. although I agree it is nice to have a single view of all physical devices, like that provided by Windows Explorer). They could open Disk Management but that too is kind of cumbersome to just view available space. Here is a small VB script that I wrote that will provide total, used and free space for physical devices by enumerating the devices that match a specific drive label:

——— SCRIPT STARTS HERE ———

WScript.Echo “B2D Capactiy Reporter – ” & Date
Wscript.Echo “RJB – 1/2/2008”
Wscript.Echo “———————————–”
Wscript.Echo “———————————–”

Dim totalB2D, totalUSED, totalFREE
totalB2D = 0
totalUSED = 0
totalFREE = 0

strComputer = “.”
Set objWMIService = GetObject(“winmgmts:” _
& “{impersonationLevel=impersonate}!\\” & strComputer & “\root\cimv2”)

Set colItems = objWMIService.ExecQuery(“Select * from Win32_Volume where label like ‘b2d%‘”)

For Each objItem In colItems
WScript.Echo “Label: ” & objItem.Label
WScript.Echo “Mount Point: ” & objItem.Name
WScript.Echo “Block Size: ” & (objItem.BlockSize / 1024) & “K”
WScript.Echo “File System: ” & objItem.FileSystem
WScript.Echo “Capacity: ” & round(objItem.Capacity / 1048576 / 1024,2) & ” GB”
WScript.Echo “Used Space: ” & round((objItem.Capacity – objItem.FreeSpace) / 1048576 / 1024,2) & ” GB”
WScript.Echo “Free Space: ” & round(objItem.FreeSpace / 1048576 / 1024,2) & ” GB”
WScript.Echo “Percent Free: ” & round(objItem.FreeSpace / objItem.Capacity,2) * 100 & ” %”
totalB2D = totalB2D + (objItem.Capacity / 1048576 / 1024)
totalFREE = totalFREE + (objItem.FreeSpace / 1048576 / 1024)
totalUSED = totalUSED + ((objItem.Capacity – objItem.FreeSpace)/ 1048576 / 1024)
Wscript.Echo “———————————–”
Next

WScript.Echo “———————————–”
WScript.Echo “Total B2D Capacity: ” & round(totalB2D / 1024,2) & ” TB”
WScript.Echo “Total Used Capacity: ” & round(totalUSED / 1024,2) & ” TB”
WScript.Echo “Total Free Capacity: ” & round(totalFREE / 1024,2) & ” TB”
WScript.Echo “Total Percent Free: ” & round(totalFREE / totalB2D,2) * 100 & ” %”

——— SCRIPT ENDS HERE ———

This script was originally written to report the utilization of devices that were being used as Backup-to-Disk targets, hence the name B2D Capacity Reporter. The scripts keys on the disk label so it is important to label the disks properly so that it will report accurately (this can be done from Disk Management or the Command line). I have bolded above the only change that really needs to be made to make the script function properly. This script could easily be modified to report across multiple systems which could be useful if you are looking to tally all the space across multiple servers.

I have only tested this on Windows 2003 so I am not sure how it will function on other versions of Windows. Enjoy!

Oh, one more thing. When you save the script be sure to run it with cscript not wscript (e.g. – cscript diskspace.vbs).

Sharing the Windows Console

Posted on by
2

Ever have the need to share a Windows Remote Desktop session? Of course you have, WebEx, LogMeIn, GoToMyPC and other Web based collaboration suites are quite popular for this purpose. What many don’t know is that Windows Terminal Services actually has some functionality built-in to enable this. Here is how a user can “shadow” a console session being controlled by another user:

  • The primary user opens a remote console session [START->RUN->] the following command:
    • mstsc -v:servername /F -console
      • This opens a remote desktop session console session to a specified servername in full screen mode
  • The second user opens a remote session [START->RUN->] the following command:
    • mstsc -v:servername /F
      • This opens a remote desktop session to a specified servername in full screen mode
    • Next open a command window
      • START->RUN->cmd.exe
      • type “shadow 0” (omit the quotes)

This will prompt the primary user stating that you would like to connect to their console session, once they accept the connection you will be sharing the same session. For more information refer to this (http://support.microsoft.com/kb/278845) Microsoft knowledge base article.

Bare Metal Recovery

Posted on by
1

I recently received a comment on my demontration on W2K3 Rocovery using EMC Legato Networker. The question raised was does Legato support true bare metal recovery (BMR) for both Windows and UNIX – this implies that a system can be restored without actually reinstalling a basic operating system as I demonstrate in the video tutorial. This is a multi-part answer and I will do my best to answer each question, provide some insight and make some recommendations. For Windows 2003 and XP Microsoft and EMC Networker support something called an Automated System Recovery (ASR). Unfortunately this is the supported BMR process for EMC Networker on Windows. IMO this is not a production viable bare metal recovery process due to the need to use a floppy – this is contrary to Microsoft’s opinion… floppies? What are they thinking? For UNIX there is not a supported Networker BMR process. The process of installing a base OS and the Networker client then initiating a full system restore actually works better on UNIX then it does on Windows. Most Unix distributions have rich support for network OS boot and installation (i.e. – PXE boot, Solaris JumpStart, etc…), for this reason I do not see many UNIX environments investing in BMR technologies, with that said if BMR is a concern for a heterogeneous UNIX and Windows I would recommend investigating a products such as EMC Homebase or Unitrends (assuming you are looking for commercial products – there are good OpenSource alternatives which I will touch on later in the post). In an all Windows environment the options dramatically increase. EMC recently acquired a company called Indigo Stone and a product called HomeBase to facilitate true BMR. There are a number of other products in the market, personally I have used Acronis True Image, Unitrends, Ghost and a few others. Depending on your goal all of these products have pluses and minuses. The problems with traditional BMR products are usually HAL related. I have not consistently moved to disparate hardware platforms with BMR. BMR products attempt to alter the HAL to make a W2K3 image taken from a AMD box with 4 GB of RAM which can be restored on an Intel box with 8 GB of RAM. While BMR has improved tremendously over the years, IMO it is far from perfect. Many organizations looking for a quick recovery method in the event of a host failure are looking at virtualization technology. A process called P2V (physical-to-virtual) can be performed to create virtual images of physical servers. These virtual images abstract the physical hardware and are highly portable and easy to maintain. My personal preference for facilitating this process is a product

called PlateSpin PowerConvert with this said I am also investigating how HomeBase would facilitate this process. If you just need an image backup of a system to speed time to recovery without the need for hardware independence I would look at a couple of OpenSource options. The Personal Backup Appliance is a virtual appliance that will get you imaging your systems as quickly as possible. I have also used Partition Image for Linux successfully. If you are looking for other options you can find a comprehensive list here http://www.thefreecountry.com/utilities/backupandimage.shtml . Hope this post was helpful, I did not want to bury it as a comment.

Troubleshooting slow page loads

Posted on by
Reply

I am sure those of you who visit frequently have noticed that the site has gotten pretty slow.? The traffic is fairly high these days and I have some serious site optimization to do. The content I have been posting is media rich and that is causing some problems.

I came across a nice little tool that analyzes a web site and makes recommendations (check it out at http://www.websiteoptimization.com/services/analyze/).

Another tool that really helps you understand what is taking so damn long is the OctaGate SiteTimer and invaluable tool in troubleshooting slow page loads.

Here is another good article which offers some more generic WordPress tuning suggestions.

I will be working over the coming weeks to improve the overall performance of the site.