Proxying with Apache2 on Ubuntu

Filed under: tinkering,ubuntu,webcam — jaydublu @ 4:01 pm

Further to earlier problems with using Apache2 on Ubuntu to proxy web requests to devices inside my local network, I think I’ve now sussed it.

Specifically, I’m trying to get Apache to enable external access to a webcam inside my network, where for some reason I can’t enable access to it directly using my router.

I’m now relatively confident that the appropriate way to do it is to enable mod_proxy and mod_proxy_http with sudo a2enmod proxy_http, this then allows use of ProxyPass directive within a vhost for example:

ProxyPass /webcam

Ubuntu’s Subversion

Filed under: tinkering,ubuntu — jaydublu @ 5:41 pm

I’ve a minor gripe about Ubuntu – only ‘cos it’s caught me out a couple of times.

My local dev server is runnung Unbuntu Gutsy, and I do run apt-get upgrade etc. every now and then to keep things current.

I tend to keep most of the sites I’m working on checked out out of the repository somewhere that Apache can get to them so I can see the rendered output easily, and to make life easier I also access the server’s webroot over an SMB share from my laptop.

Life was great until I upgraded my laptop’s TortoiseSVN to 1.5.0-something-or-other as it keeps nagging to do – but if I’m careless enough to do an update on a remote working copy using Tortoise, it upgrades it to the new 1.5 format, which means it can’t be used by subversion on the boxes own command line as the Gutsy Subversion package is not up to 1.5 yet.

Twice now I’ve had to check out a fresh working copy to overcome this problem, and to save any future accidents, I’m downgrading my Tortoise to a pre-1.5 version – I looked at trying to get an ‘experimental’ Debian package installed but it looked far too risky.

A little knowledge is a dangerous thing

Filed under: tinkering,trundle,ubuntu — jaydublu @ 1:32 pm

I like to think I know a little bit about most things surrounding the Internet, and whilst not claiming to be an expert I like to think I’m at least competent in most things I turn my hand to.

But every now and then I get caught out, and reminded how dangerous it can be to tinker with things you don’t fully understand – there are some people out there with far too much time on their hands.

As part of my Trundle project, I attempted to make a webserver running on the beast’s eventual operating system available to the public Internet – not for public consumption mind, but so I can see it when I’m out and about. Now I didn’t want to put the whole thing on a public IP address, just a little bit of it – and apart from anything else I’ve already got an externally available webserver on my Internet connection.

So my idea was to use mod_rewrite to proxy a set of urls to the internal server’s private IP address. I’m sure it’s something I’ve done before in other Apache instances, and it sounded feasible, but for once Ubuntu fought back a bit. Still, I felt I’d prevailed.

Now it turns out I’d opened up a vulnerability to someone, somewhere, to do something with my network. It was cunningly disguised in that the traffic wasn’t enough to be hugely obvious, but I was playing with awstats and got curious about some odd traffic.

It turns out I’d unintentionally configured my webserver to allow anyone to use it to proxy requests to anywhere else. Short of cloaking the eventual source (or destination?) of the traffic I can’t see what was gained – the requests seem mostly to have been for banners or clickthrus in flash game sites. I wasn’t hosting the files so nothing was gained in terms of bandwidth, and it doesn’t seem like a ddos attack.

Anyway, I’ve disabled the proxying functionality now, and checking the logs although I’m still getting the requests they now get a 403 response. I hope they’ll die out eventually, or will I have to get my fixed IP address changed do you think?

Guffawing Giraffe

Filed under: ubuntu — jaydublu @ 3:57 pm

Flushed with my success at home with Ubuntu, and needing a clean reliable SVN/Trac install at work, taking courage in both hands I go to install Ubuntu on a brand spanking new Dell Dual Core Xeon beasty.

Using an install CD that had been previously (recently) used by our sys admin – reportedly Fiesty Fawn – off I went. All seemed to go well, apart from a long pause at the php/MySQL install stage, until I came to put OpenSSH on – I swear blind when I was doing it at home the package was openssh, but this machine wasn’t recognising it. Onwards – install ssh seemed to work and I got shell access.

Further on and I’ve got svn working, not yet authenticating with LDAP but that’s not a show stopper yet, but it is when apt-get install trac says there a corruption in a package index or something. A fair amount of updating, upgrading and googling doesn’t do anything until eventually I give up.

Two options – use the installer CD from home which was working well for me, or download the spangly Giggling Goat. What the hell, if it doesn’t work I can always go back to plan A…

So I download it, burn it, reboot the machine and start the process again – and it sails through.

The only discernable differences so far (other than the install was by far the smoothest Linux install ever!) are the addition of Mail, Database, Samba, OpenSSH and a couple of others I can’t remember in the choices for pre-installed packages, and it prompts for a MySQL root password.

Anyway, I’m about to try putting svn and trac on this virgin Giggly Goose machine so fingers crossed!

Postscript – everything else went well – apart from a tiny bit of fun as the way Apache config was split into smaller files – it’s very neat with all the mods_available and mods_enabled linking to them, but if you’ve not seen it before it’s a tad confusing. In any case, Gutsy Gibbon rocks!

Loving Ubuntu

Filed under: tinkering,ubuntu — jaydublu @ 6:31 pm

I’ve been off on holiday for almost two weeks now – last week was ‘real’ holiday – totally disconnected. I didn’t even have my phone on! This week I had to succumb and have been tinkering.

I’ve got some plans coming up that need me to have my Linux skills a bit more polished than they are currently so I thought I’d take the opportunity of some playtime to get back in practice.I dug out my various old boxes to see if I could get one or two working, and then started thinking about what flavour Linux to go for.

Historically, I’ve always used whatever I’ve been using in production environments. Firstly FreeBSD many (many) moons ago when I was hosted with Donhost, more recently Red Hat Fedora as most boxes I look after are with Rackspace (love them!) and run Red Hat ES3. But neither distro has really clicked with me as they’re both a bit of a pain.

In my own tinkerings I got heavily into Debian based distros when I was trying to set up a wireless network mesh before it was announced that my village would get Broadband in a sensible period of time (hence all the boxes I have kicking around) and I’ve blogged previously about trials with Gentoo. This time, I thought I’d give Ubuntu a go and so downloaded the 7.04 Server CD (I thought support would be better than Gutsy Gibbon) .

I’ve got two systems installed fine – one to play with as a dev box and one as something more stable. I want another one as I want to play with clustering, but I’m running out of decent spec hardware – I’m currently fighting to install on a K6-2 machine with 96MB RAM (all I can scrounge!) but it keeps constantly rebooting after the install but I know why – I’m writing this while I wait for ‘sudo apt-get install linux-image-386’ to finish whirring. [Postscript – can’t do this with only 96MB RAM – but 128MB is enough! Oh, I wish I knew where all those SIMMs I’d been keeping are!]

What else is new – thanks to Mat’s suggestion in a comment on an earlier posting I tried installing Xubuntu on a retired laptop, but I fear the spec is a bit too lowly – again I can only scrape 96MB of RAM together and even trying to install off the Alternate CD it ends up stalling. I did get a command line install running (took a couple of hours to install!) but it’s not much fun. Back to Win Me methinks.

And one of the reasons for all this – my realisation that as good as the NSLU2 might be for acting as a backup filesystem, it’s not up to much for network services – it’s sooooo slooooow!

Anyway, I can see why many people who’s opinion I trust rave about Ubuntu – it’s slick, straightforward, and … works!

Ubuntu this time

Filed under: mythtv,tinkering,ubuntu — jaydublu @ 8:54 pm

I ‘borrowed’ a suspect AGP graphics card from work to see if it would make a difference to my MythTV setup – I quickly dropped it in and ran KnoppMyth installer – and yes it has managed to produce almost jump-free playback. However, MythTV still isn’t quite … happy with this install method – time for some tinkering I think.

This time I download Ubuntu 6.1.10 Edgy Eft on which it’s apparently quite easy to install MythTV. It’s not without hiccups though – I’ve a PVR-250 instead of a Nova-T – I miss the vital step of apt-get update after modifying /etc/apr/sources.list so it can’t find mythtv to install.

Next, when I run mythtv-setup it can’t see my tuner card – a bit of investigating and I uncover I need to install ivtv which I’m working through now.

I now realise why the graphics card wasn’t being used – it doesn’t like booting. I also now realise that a Radeon 9700 is not the best for this anyway – turns out ATi cards don’t play well with Linux.

Wouldn’t it be easier to get a Sky+ box?