UFW with Docker

Posted: 2018-09-21 | ufw | docker | iptables | firewall

Having recently moved a server from one machine to another - I wanted a simpler firewall to deal with than directly playing with iptables.

So I googled, found and installed UFW - I'm using debian so I used this wiki link

I opened just the ports I wanted and made sure that the default was to deny.

All seemed fine - until I found that all my docker ports were directly available over the net. I don't want this - these are supposed to be proxied behind https.

This is due to the fact that docker...

Read full article

Find process on port for OSX with lsof

Posted: 2018-05-31 | osx | mac | linux

It's often quite useful to know what running process is holding a port open. Doing this on linux has long been an easy case of running netstat with the -p option which shows the PID and name for each socket - for example:

# netstat -lnp | grep :80
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      14897/nginx.conf
...

But the mac version of netstat doesn't support this option. I recently came across this post on stackoverflow that points out that you can use lsof...

Read full article

Too many open files on OSX/macOS

Posted: 2016-10-01 | osx | mac | ulimit

I use my macs for development. That means that there's a lot of things running and I usually have a lot of heavy apps open. So I quite often hit the error "Too many open files". On linux - this is fixed using sysctl - but on later OSX/macOS it is done using launchd. Earlier OSX versions could use a /etc/launchd.conf file - but - for the latest versions I've found that this post from basho docs for riak works fine.

Read full article

Docker for mac eating disk space

Posted: 2016-09-11 | docker | mac | osx

I've recently been struggling with my mac laptop not having any disk space left. Each time I've deleted whatever large files I had in Download or any other out of date stuff - thinking that I was just being a heavy disk user.

But - it kept happening - so I actually dug into it with du.

It turns out I had gigabytes and gigabytes in

~/Library/Containers/com.docker.docker/Data/com.docker.driver.amd64-linux/Docker.qcow2

So I deleted all images and containers - but this file didn't get any smaller...

Read full article

Migrating to chruby

Posted: 2016-03-09 | ruby | rvm | rbenv | chruby | ruby-build | ruby-install | bundler

Migration

Up until recently I have been using rbenv as my ruby install manager (along with ruby-build).

I switched to this a long time back from rvm - with rvm I was having a number of issues with library versions of iconv, xml etc that rbenv didn't seem to have.

Yesterday I heard about chruby - which does not rely on shimmed binaries - it simply changes the environment (PATH etc) to point to the ruby you want. This seems a lot simpler/cleaner conceptually.

Since ruby-build is written alongside...

Read full article

Connecting to heroku postgres with DataGrip (and other jetbrains apps)

Posted: 2016-02-08 | heroku | postgresql | datagrip | jetbrains | intellij

DataGrip (and the other jetbrains apps) were refusing to connect to heroku postgresql databases even though the connection was correct.

Turns out that you must have SSL enabled but can't validate the certificate.

Add the following properties to the datasource advanced settings:

Name Value
ssltrue
sslfactoryorg.postgresql.ssl.NonValidatingFactory

Or to the url

?ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory
Read full article

iOS Game Center blank screen/settings hang

Posted: 2016-02-05 | ios | apple | game center

I occasionally see that games using game center for data sync etc stop being able to log in. If I head to the settings app > game center - it can't open the page for the game center settings.

This was originally a problem in iOS 9.0, thought to be fixed in iOS 9.1 but still being experienced (my last was in iOS 9.2.1).

The trick is to sign out of game center then back in - but how to do so when you can't open the settings?

The solution at the end of this article on appletoolbox.com worked for...

Read full article

Upgrading homebrew postgres

Posted: 2016-01-11 | postgresql | pg_upgrade | homebrew

Homebrew postgresql updated from 9.4.x to 9.5.x today.

This meant that after update it wouldn't start because the database needed upgrading.

I started with this article - which in summary would be:

pg_upgrade method

Stop and upgrade

launchctl unload ~/Library/LaunchAgents/homebrew.mxcl.postgresql.plist
brew update && brew upgrade postgresql

Create empty db

initdb /usr/local/var/postgres9.5 -E utf8

Upgrade db

pg_upgrade \
  -d /usr/local/var/postgres \
  -D /usr/local/var/postgres9.5 \...
Read full article

Cisco SB SG200-08 Gigabit Smart Switch

Posted: 2015-10-30 | cisco | networking | switch | snmp

One of my switches died recently - an 8 port unmanaged gigabit switch.

I thought that this time I'd get one that supports link aggregation (the synology NAS behind it could use it) and settled for Cisco's SG200-08 - since I could get that by the next day.

It's a managed switch (first time for me) and it works fine.

Only one thing that wasn't expected - it appears that nearly all of Cisco's SG200 range support SNMP (some might need a firmware update) but not this one. It even has a different...

Read full article

Replacing denyhosts with fail2ban for debian

Posted: 2015-06-16 | debian | ssh | denyhosts | fail2ban

Preparing for migration from debian wheezy to debian jessie and one of the packages I use is no longer supported.

Denyhosts is something that I used to block incoming ssh attacks (it adds IP addresses to /etc/hosts.deny). But it is not available in Jessie. The security team had the following comments:

  • There are unaddressed security issues (e.g. #692229).
  • The tool is dead upstream (last release 2008).
  • There is a viable alternative, fail2ban, that provides the same or increased feature set.

So - time to look at fail2ban.

Read full article