Disabling IPv6 on Windows 2012 core

one simple powershell command

New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\services\TCPIP6\Parameters -Name DisabledComponents -PropertyType DWord -Value 0xffffffff

Install tt-rss with nginx and Percona on Ubuntu 12.04

Starting with a base install of Ubuntu 12.04 with openssh installed

Install the Percona repo

import the Percona gpg key

sudo gpg --keyserver hkp://keys.gnupg.net --recv-keys 1C4CBDCDCD2EFD2A
sudo gpg -a --export CD2EFD2A | sudo apt-key add -

now edit /etc/apt/sources.list and add these lines

# for percona
deb http://repo.percona.com/apt precise main
deb-src http://repo.percona.com/apt precise main

now install percona

sudo apt-get update
sudo apt-get install percona-server-common-5.5 percona-server-server-5.5 libmysqlclient18 libmysqlclient16

Now install the rest of the pre-reqs

sudo apt-get install nginx php5-mysql php5-xmlrpc php5-curl php5-cli php5-fpm php5-gd php5-mcrypt php-apc git

Stop nginx

sudo service nginx stop

Create the directory for tt-rss

sudo mkdir -p /var/www/tt-rss

Create a suitable config for nginx in sites-available and link it to sites-enabled

server {
        listen [::]:80;
        server_name tt-rss;
        server_name ttrss.domain.com;
        access_log  /var/log/nginx/tt-rss.access.log;
        error_log /var/log/nginx/tt-rss.error.log;
        root   /var/www/tt-rss;
 index index.php;
 client_max_body_size 20M;
 # while setting up I set an allow for the local network and deny all others, this prevents automatic logon to setup pages etc before default passwords have been set
        location / {
               # allow the local net
               allow   192.168.100.0/24;
               # deny everything else
               deny all;
                 }
 # Lock out access to some folders that contains files that should not be world readable (not fully tested)
 location ~* (include/|lock/|utils/|locale/|classes/*) {deny all; }
 location = / { } # Needed for index.* to work
 # location ~* \.(txt|css|js|png|gif|ico|jpg|svg)$ { } # Allow these file endings
        location ~ \.php$ {
                # Filter out arbitrary code execution
 fastcgi_index index.php;
                # location ~ \..*/.*\.php$ {return 404;}
                include fastcgi_params;
                fastcgi_pass  127.0.0.1:9000;
 fastcgi_param SCRIPT_FILENAME /var/www/rss/$fastcgi_script_name;
                }
 location ~* .(?:ico|css|js|gif|inc|txt|gz|xml|png|jpe?g) {
 expires max;
 access_log        off;
 log_not_found     off;
 }
}

Now grab the source and change the owndership

sudo git clone https://github.com/gothfox/Tiny-Tiny-RSS.git /var/www/tt-rss
sudo chown -R www-data:www-data /var/www/tt-rss

Create the database and the user

mysql -u root -p 
CREATE DATABASE tt-rss;
GRANT ALL ON tt-rss.* TO ttrss-user IDENTIFIED BY "Password";
quit

Import the schema

mysql -u root -p tt-rss < /var/www/tt-rss/schema/ttrss_schema_mysql.sql

Now start nginx and browse to the URL to complete the configuration

Once the configuration has been completed, create an executable upstart .conf script in /etc/init to update the feeds

description "tt-rss upstart script"
start on (runlevel [!2345] local-filesystems and net-device-up IFACE!=lo and started mysql)
stop on stopping mysql
respawn
respawn limit 2 1
setuid www-data
setgid www-data
 
exec /var/www/tt-rss/update_daemon2.php

Apple TV 1 and 1080p

Adding a Broadcom BCM70015 has completely revitalized my Apple TV, it goes in the miniPCI slot that previously held the WiFi card, but as my ATV1 was connected over Ethernet anyway, losing the WiFi card wasn’t an issue. As I can now run crystalbuntu and have no need to run the original Apple software I also replaced the 160GB HD with an inexpensive (99p) passive IDE to CF adapter and a 8Gb CF card (£9.97). The CF card is only slightly faster than the original HD, but the heat output should be slightly lower.

hardware maintenance

A while ago, the F3 key on my small laptop (Acer V5-171) went missing. While it would have been possible to just fit a new key cap, from prior experience, it’s much simpler to fit a new keyboard, so a new keyboard was ordered and today I got around to fitting it.

Over 30 screws using six different sizes…

Alternatives for Google Reader – continued

After initially being rather hesitant about moving away from NetNewsWire, I’ve moved completely over to using tt-rss and Reeder. The tipping point was af_feedmod, which by configuring an xpath provides a mechanism to get entire articles instead of just summaries. So now instead of having to click on “read more” links, I have everything stored for offline reading on my iPhone :-)

Alternatives for Google Reader

As a long time Google Reader user, I’ve been looking at alternatives for use on the desktop, laptop and mobile devices.

I’ve had a go with tt-rss which running as a web application on one of my colo servers is perfect for desktop use as I see the same feed (with read/unread and starred) wherever I login to it from, but does require an active internet connection which is not possible on disconnected laptops, granted Google reader has the same issue. For my iPhone, I installed the tt-rss Fever API plugin and installed Reeder on the iPhone to give my offline reading.

I’ll see how it goes…

Installing ownCloud 5 on Ubuntu 12.04 with nginx and percona

Starting with a base install of Ubuntu 12.04 server, install the pre-reqs, these include the reqs for LDAP auth and external storage on a SMB server

sudo apt-get install nginx php5-fpm php5 php5-json php5-gd curl php5-curl\
 libcurl3-gnutls libapr1 libaprutil1 libcurl3 libaprutil1-ldap libcap2\
 libltdl-dev libltdl7 libtool m4 php-pear php-xml-parser php5-cli\
 php5-dev shtool ssl-cert php5-ldap smbclient

stop the nginx and php5-fpm services

sudo service nginx stop
sudo service php5-fpm stop

create a directory for owncloud to exist in

sudo mkdir -p /var/www

get the latest source for owncloud from http://owncloud.org/support/install/

wget http://download.owncloud.org/community/owncloud-5.0.0.tar.bz2

untar the source

tar -xvf owncloud

move the source into place

sudo mv owncloud /var/www/

create a data directory for the data

sudo mkdir -p /var/www/owncloud-data

remove the default nginx config from site-enabled

sudo unlink /etc/nginx/sites-enabled/default

create a new file for sites available, something like this

sudo nano /etc/nginx/sites-available/owncloud

link the file to sites-enabled

sudo ln -s /etc/nginx/sites-available/owncloud /etc/nginx/sites-enabled/owncloud

edit php-fpm to use a unix socket instead of a TCP socket

sudo nano /etc/php5/fpm/pool.d/www.conf

comment out

listen = 127.0.0.1:9000

and add

listen = /var/run/php5-fpm.sock

Uncomment the permissions

listen.owner = www-data
listen.group = www-data
listen.mode = 0660

For the SSL certificate, this might be of use

I usually use Percona instead of the Ubuntu build of MySQL

import the Percona gpg key

sudo gpg --keyserver hkp://keys.gnupg.net --recv-keys 1C4CBDCDCD2EFD2A
sudo gpg -a --export CD2EFD2A | sudo apt-key add -

now edit sources.list

sudo nano /etc/apt/sources.list

add these lines

# for percona
deb http://repo.percona.com/apt precise main
deb-src http://repo.percona.com/apt precise main

now install percona

sudo apt-get update
sudo apt-get install percona-server-common-5.5 percona-server-server-5.5 libmysqlclient18 libmysqlclient16

with the database server installed, now create the database

mysql -uroot -p
CREATE USER 'owncloud'@'localhost' IDENTIFIED BY 'password';
CREATE DATABASE IF NOT EXISTS owncloud;
GRANT ALL PRIVILEGES ON owncloud.* TO 'owncloud'@'localhost' IDENTIFIED BY 'password';

add the components for mysql

sudo apt-get install php5-mysql libaprutil1-dbd-mysql

create the config file to use the mysql server

sudo nano /var/www/owncloud/config/autoconfig.php

add the following lines

<?php
$AUTOCONFIG = array(
  "dbtype"        => "mysql",
  "dbname"        => "owncloud",
  "dbuser"        => "owncloud",
  "dbpass"        => "password",
  "dbhost"        => "localhost",
  "dbtableprefix" => "",
  "adminlogin"    => "Administrator",
  "adminpass"     => "Admin-password",
  "directory"     => "/var/www/owncloud-data",
);

reset the directory permissions

sudo chown -R www-data:www-data /var/www/owncloud
sudo chown -R www-data:www-data /var/www/owncloud-data
sudo chmod 777 /var/www/owncloud-data/

You should now be able to start the services

sudo service php5-fpm start
sudo service nginx start

and login to the application using the username and password from autoconfig.php

Building keepalived from source on Ubuntu 12.04 for HAProxy

Presuming that HAProxy has been built from GIT.

Download the latest source for keepalived

wget http://www.keepalived.org/software/keepalived-1.2.7.tar.gz

untar the archive

tar -zxvf keepalived-1.2.7.tar.gz

now build keepalived

cd keepalived-1.2.7
./configure
make
sudo make install

link it from /usr/local/sbin to /usr/sbin

sudo ln -s /usr/local/sbin/keepalived /usr/sbin/keepalived

now configure keepalived to start automatically

create the init file

sudo nano /etc/init.d/keepalived

as per attached file init.d.keepalived.txt

make it executable

sudo chmod +x /etc/init.d/keepalived

now set the runlevels

sudo sudo update-rc.d keepalived defaults

now enable services to bind to the VRRP address

sudo nano /etc/sysctl.conf

add the line

net.ipv4.ip_nonlocal_bind=1

to test startup, use the supplied sample

sudo mkdir /etc/keepalived
sudo cp /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf

test startup

sudo /etc/init.d/keepalived start

to test that it is working

ip address list

this will show the keepalived addresses on the active server.

Convert pfx to jks

Java keystores use the jks format, this is functionally similar to a pfx file in that you have a store and a password.

To convert from pfx to jks

keytool -importkeystore -srckeystore pfxkeystore.pfx -srcstoretype pkcs12 -destkeystore jkskeystore.jks -deststoretype JKS

IPv4 DDNS on Cisco for dns.he.net

As dyndns.com has reduced the capabilities of their free service, I looked around for other free providers of Dynamic DNS service.

After testing several, I decided to move my DNS hosting to Hurricane Electric as they include Dynamic DNS service with their free service (for up to 50 domains), and it removes the requirement to use CNAMEs as with the dyndns.com free service.

The configuration as below is for IPv4 dynamic addressing as provided by most Internet Service Providers on xDSL or Cable (broadband) connections when using the free DNS and DDNS service as provided by dns.he.net

The below has been tested on a Cisco 1812 running c181x-advipservicesk9-mz.151-4.M4.bin on a BT FTTC connection which uses PPPoE over VDSL where the PPPoE interface has a dynamic address. It has also been tested on a Cisco 877 running c870-advipservicesk9-mz.151-4.M4.bin on several other UK ADSL and ADSL2+ connections

It does not cover changing the IPv4 termination address for a he.net IPv6 Tunnel.

In Global mode

ip ddns update method 
HTTP
 add http://<f.q.d.n>:<password>@ipv4.dyn.dns.he.net/nic/update?hostname=<h>&myip=<a>

Then on the dynamic addressed interface (usually Dialer 1)

 ip ddns update hostname <f.q.d.n>
 ip ddns update <method-name> host ipv4.dyn.dns.he.net

<method-name> This is the name that you want to give the DDNS update, I usually use dyn.he.net
<f.q.d.n> This is fully qualified domain name that is configured for Dynamic DNS on the dns.he.net control panel<password> This is the password for the fully qualified domain name that is configured for Dynamic DNS on the dns.he.net control panel
<h> This is an internal Cisco IOS variable for the hostname that it gets from the configuration on the interface
<a> This is an internal Cisco IOS variable for the dynamic address on the interface

Presuming that the method name is dyn.he.net, the dynamic hostname being used is router.domain.com and the password is SuperSecretPassword the completed configuration commands should look something like this