Friday, 20 August 2021

[Tips] How to use Cloudflare Free SSL for Socket.io Server

Free SSL is a very interesting feature of Cloudflare. Cloudflare SSL has full support for WebSocket protocol. However, if you are using the web in conjunction with a socket.io server on the same server, you may encounter problems with the ssl port. Because the default port for ssl is always 443 but it is already used by the web server.

There are many ways to handle this problem, here I will guide you in a very simple way. That's how to configure Socket.io SSL through a proxy using Apache or Nginx.


Prepare:

NodeJs SocketIO server is listen on port 8088

Webserver (Apache or Nginx) is listen on port 80 and 443

Step 1: SocketServer config

Configure NodeJs SocketIO server to run in long polling mode without ssl on a certain port, eg port 8088.

Eg:

var app = require('express')(); //npm install express
var http = require('http').createServer(app);
var socketServer = require('socket.io')(http, { //npm install socketio
cors: {
origin: "*",
methods: ["GET", "POST"]
},
  transports: ['polling']
});
http.listen(8088, () => {
console.log('listening on port 8088');
});

Configure socket.io client to use 'polling' mode

Eg:

var socket = io('https://subdomain.yourdomain.com', { });
socket.on('connect', function () {
console.log('connected');
});

Step 2: Configure virtualhost proxy for Socket Server

Configure virtual host proxy to forward port 80 from cloudflare to the actual port of our Socket Server (I listen on port 80 because I am using Cloudflare flexible ssl, if you use Cloudflare full ssl or full strict ssl then listen on port 443 like your other virtualhost)

Apache:

<VirtualHost *:80>
    ServerAdmin admin@yourdomain.com
    ProxyPreserveHost On
    ServerName subdomain.yourdomain.com
    ProxyPass / http://127.0.0.1:8088/
    ProxyPassReverse / http://127.0.0.1:8088/
</VirtualHost>

Nginx:

server {
    listen 80;
    server_name subdomain.yourdomain.com;
    location / {
        proxy_set_header   X-Forwarded-For $remote_addr;
        proxy_set_header   Host $http_host;
        proxy_pass         http://127.0.0.1:8088;
    }
}

Done !

Remember to reload your web server 

Now your NodeJs Socket Server is working perfectly with free ssl from CLoudflare

 

Tuesday, 3 August 2021

Ubuntu - MySQL Can't set password for root account, even though all command are successful

After a fresh install of MySQL or MariaDB on an Ubuntu server, you can run the "mysql" command line without being asked for your password, even if you have successfully changed the password. While you still cannot access root account from other software like Navicat, php ... the error encountered is "Access denied for user 'root'@'localhost' (using password: YES)"

What happened ?

you can run the "mysql" command without any password because by default, the root account is configured to login via the AUTH_SOCKET plugin. So MySQL Command-Line Client can always connect successfully without being asked for a password while other software can't connect even if the correct password is entered.

Security issue?

In a way, the mysql root account should only be accessed from the server, and a person who already has root privileges with Ubuntu can obviously optionally reset the mysql root account password. So this default configuration should not be a problem.
However, if you are a strict person or are familiar with other operating systems like Centos, you will be very uncomfortable with this configuration. If so, bring it back to the same as mysql on Centos by following the steps below.

Solving problems

Access the MySQL command-line. 
mysql
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 8
Server version: 8.0.21-0ubuntu20.0 (Ubuntu)

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>
Switch to the 'mysql' database
use mysql;
Verify current status
select Host,User,authentication_string,plugin from mysql.user;
You can see: The MySQL ROOT account has no password configured and using the authentication plugin named auth_socket.
Now configure the ROOT account to use mysql_native_password plugin
ALTER USER root@localhost IDENTIFIED WITH mysql_native_password;
Set new password for root account
ALTER USER root@localhost IDENTIFIED BY 'newpassword';
Flush privileges
FLUSH PRIVILEGES;
exit;
Done

Problem solved !

Tuesday, 29 December 2020

Gitlab Error: couldn't deduce an advertise address: no private IP found, explicit advertise addr not provided

Gitlab log view:

gitlab-ctl tail

Something error:

cluster.go:154 component=cluster err="couldn't deduce an advertise address: no private IP found, explicit advertise addr not provided"

How to fix !

edit file gitlab.rb

vi /etc/gitlab/gitlab.rb

Add the following code

alertmanager['flags'] = {

  'cluster.advertise-address' => "127.0.0.1:9093",

}

Then

gitlab-ctl reconfigure

gitlab-ctl restart

Done ! now recheck gitlab log

gitlab-ctl tail alertmanager

Check alertmanager service

netstat -tulpn | grep LISTEN

output 

tcp        0      0 127.0.0.1:9093              0.0.0.0:*                   LISTEN      30633/alertmanager


Monday, 28 December 2020

Centos 6 - Yum Error: Cannot find a valid baseurl for repo base

When using the commands "yum install/update" on Centos 6 you will get an error:

Loaded plugins: fastestmirror, replace
Setting up Update Process
Determining fastest mirrors
YumRepo Error: All mirror URLs are not using ftp, http[s] or file.
 Eg. Invalid release/repo/arch combination/
removing mirrorlist with no valid mirrors: /var/cache/yum/x86_64/6/base/mirrorlist.txt
Error: Cannot find a valid baseurl for repo: base (base/updates/contrib)

Reason: Centos 6 is out of date and is no longer officially supported.

Solution: Manual change CentOS-Base.repo

Step 1:

Open the following files one by one:

/var/cache/yum/x86_64/6/base/mirrorlist.txt
/var/cache/yum/x86_64/6/extras/mirrorlist.txt
/var/cache/yum/x86_64/6/updates/mirrorlist.txt

Add the following line at the end of the files:

https://vault.centos.org/6.10/

Step 2:

Open file "CentOS-Base.repo" and modify all blocks according to the form below 

vi /etc/yum.repos.d/Centos-Base.repo

 [base]
name=CentOS-$releasever - Base
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra
baseurl=http://vault.centos.org/6.10/centosplus/$basearch/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
gpgcheck=1

 

#released updates
[updates]
name=CentOS-$releasever - Base
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra
baseurl=http://vault.centos.org/6.10/centosplus/$basearch/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
gpgcheck=1

 

#additional packages that may be useful
[extras]
name=CentOS-$releasever - Base
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra
baseurl=http://vault.centos.org/6.10/centosplus/$basearch/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
gpgcheck=1

 

#contrib - packages by Centos Users
[contrib]
name=CentOS-$releasever - Base
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra
baseurl=http://vault.centos.org/6.10/centosplus/$basearch/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
gpgcheck=1

Step 3: Done ! Solved !

Now on you can continue to use yum normally

Tuesday, 6 October 2020

Laravel: Force to use HTTPS for all routes and url (Support Cloudflare Flexible SSL)

Laravel - In some special cases but especially when you are using Cloudflare Flexible SSL. We need a solution so that all URL on our website (created by url, route function) must be https even though our server currently doesn't support ssl.

Solution:

Edit App\Providers\AppServiceProvider.php in the boot() method

public function boot()
{
       
// custom for cloudflase flexible ssl
        if($this->checkHTTPSStatus()){
            URL::forceScheme('https');
        }
/*...some other code...*/
}
private function checkHTTPSStatus()
{
/*Select code in an option below*/
}

Option 1: Switch to https according to the configuration in the env file

private function checkHTTPSStatus()
{
return env('APP_HTTPS',false) === true;
}

In .env file you must to declare APP_HTTPS parameter

APP_HTTPS=true

Option 2: Automatically switch to https if the user comes from Cloudflare Flexible SSL

private function checkHTTPSStatus()
{
return (isset($_SERVER['HTTP_X_FORWARDED_PROTO'])&&$_SERVER['HTTP_X_FORWARDED_PROTO']==='https');
}

Option 3: Full SSL

private function checkHTTPSStatus()
{
return !empty($_SERVER['HTTPS']);
}

Solved !

Monday, 10 August 2020

Laravel Error "$errors is undefined"

Case: In a Laravel project, when you try to get the form validation error object but it fail. 
    $errors is undefined

Reason: Laravel passes the errors variable from the controller to the view file via session. The $errors variable is bound to the view by the Illuminate\View\Middleware\ShareErrorsFromSession middleware, which is provided by the web middleware group. So when you do not declare the web middleware group (containing middleware \Illuminate\View\Middleware\ShareErrorsFromSession) for your route, you will get the error as seen.

Solution: Check your route to make sure you added ShareErrorsFromSession Middleware



Solved !


Sunday, 26 July 2020

Laravel Fix Error : Function name must be a string by Illuminate\Pipeline\Pipeline.php


Laravel

Issue: Laravel encountered error "Function name should be a string" or "Function name must be a string" in Api or somewhere. Error reported from file "Illuminate\Pipeline\Pipeline.php"
$carry = method_exists($pipe, $this->method)
                                    ? $pipe->{$this->method}(...$parameters)
                                    : $pipe(...$parameters);
Reason: You have used some middleware by name that has not been previously declared.
Debug: Check all middleware used, make sure it is already declared in the file Kernel.php. The most common scenario is that you have not declared 'auth' middleware yet.

protected $routeMiddleware = [
        'auth' => \Illuminate\Auth\Middleware\Authenticate::class,
        ...
}
Done ! 

Wednesday, 8 July 2020

Fix PHP Mongodb Error: connection refused calling ismaster on 'localhost:27017'


Step by step, Debug and fix PHP Mongodb error "No suitable servers found". This tutorial works with pure php and also popular php frameworks today such as: Laravel, Yii, CodeIgniter ...

Raw Error:
No suitable servers found (`serverSelectionTryOnce` set): 
[connection refused calling ismaster on 'localhost:27017']
[connection refused calling ismaster on '127.0.0.1:27017']
Debug Step by Step !

1. Check if mongodb is working or not:
netstat -tulpn | grep LISTEN
Please check if the mongodb process is working or not, the correct port or not. If the mongodb server is not working properly please resolve that issue.

2. Check that the php-mongodb extension is installed correctly (Unrelated, but I think it is useful)
Create a php file with content:
<?php
phpinfo();
?>
If no Mongodb found in the results page means you are missing this ext. Please install it according to the following tutorial: https://www.codesiri.com/2020/07/install-php-mongodb-extension-for-php7.html

3. Can you connect to the mongodb server via the Command line (CLI)?
mongo
4. Check SELinux Permission (Very important)
If you've debugged through steps 1 - 3 and haven't found the problem yet, SELinux is probably the problem that caused your error.
For added security, SELinux is enabled by default on newer server versions. By default SELinux will not allow apache, PHP is automatically opened to the new socket to connect out (or local). Meanwhile, php-mongodb ext needs to initialize the socket to connect to the mongodb server. So you will encounter the error as seen.
To fix this issue grant SELinux permission to apache to freely open the socket.
setsebool -P httpd_can_network_connect 1
Note: Some other php libraries that use sockets may have similar problems with SELinux, for example: php-redis, curl ...

Done !

Tuesday, 7 July 2020

Fix Laravel Error - Please provide a valid cache path


Error when install new Laravel project in server.

InvalidArgumentException
Please provide a valid cache path.

This error can be caused by

…/vendor/laravel/framework/src/Illuminate/View/Compilers/Compiler.php line 36

* Reason: 
To increase performance, the default laravel will need to be configured in a directory to store the cache files of views, sessions ...., so you need a cache directory in your project. Normally this directory will be created automatically, but in some situations such as the user who does not have much experience in the installation of the project git, this cache directory may be lost or incorrect.

* Solve:
Declare the cache directory for Laravel and make sure php needs write permissions in that directory

- create 4 folder for cache:

.../bootstrap/cache
.../storage/framework
.../storage/framework/views
.../storage/framework/cache
.../storage/framework/sessions
(... is the path to your project folder)

- grant write permissions to these directories (777 is not a good choice for security)

chmod 777 .../bootstrap/cache -R
chmod 777 .../storage/framework -R

- To keep these directories empty in the git project, you can add a .gitignore file to those directories with the content:

*
!.gitignore

- If your server is using selinux remember to give write permission to php

sudo chcon -t httpd_sys_rw_content_t .../bootstrap/cache -R
sudo chcon -t httpd_sys_rw_content_t .../storage/framework -R
Done !

Saturday, 4 July 2020

[Linux] Install PHP mongodb extension for PHP 7.2 and higher

This article will guide you to install php mongodb extension for PHP7 on linux operating system platform. The operating system we use is Centos, but it is also true for other linux distributions like Ubuntu, Redhat, Fedora ....

When upgrading to PHP7 we often encounter problems when we cannot install the php-mongo extension. You may encounter the following error message:

Package: php-pecl-mongo-1.6.14-1.el7.remi.5.4.x86_64 (remi)
Requires: php(zend-abi) = 20100525-64
* Reason: 
We have 2 mongo extensions for PHP: php-mongo and php-mongodb. Php-mongo only supports php 5.6, but php-mongodb supports the latest version 7.4. That's why you have an error when trying to install php-mongo for PHP7.
php-mongo is older and has been discontinued, but it is currently available as a library in remi repos. And php-mongodb is Pecl's latest library but it is not available and you have to install it yourself via php-pear.

* Solving problems: install php-mongodb extension for PHP7 

Step 1: Install apache(httpd) and php 7
Step 2: Install php-pear
install gcc php-pear php-devel
Step 3: Install mongodb extension 
pecl install mongodb
Step 4: Enable php-mongodb extension 
open php.ini file, then add the following line
;;;;;;;;;;;;;;;;;;;;;;
; Dynamic Extensions ;
;;;;;;;;;;;;;;;;;;;;;;
extension=mongodb

Step 5: Verify PHP Mongodb extension is enabled
php -m
Done !

* Note: The syntax used in previous PHP versions ('extension=<ext>.so' and 'extension='php_<ext>.dll') is supported for legacy reasons and may be deprecated in a future PHP major version. So, when it is possible, please move to the new ('extension=<ext>) syntax.

* Refer: https://blog.remirepo.net/pages/PECL-extensions-RPM-status