Tuesday, November 22, 2016

[Tutorial] Installing Taiga Opensource Project Manager / Kanban on Linux Centos 7.x

I was looking for a Kanban platform to organize my notes and place reminders for my tasks that I found Trello. Trello is very user-friendly but it's not opensource and you have to rely on their website so I looked for an open-source alternative of that and found Taiga!

Taiga is much more than a Kanban platform, it's infact a project management system and a GTD (Get Things Done) framework!

They have a tutorial on how installing Taiga on Ubuntu here. Installing Taiga on Centos 7.x follows the same commands with the following exceptions:

To install prerequisiste packages:

yum install -y libfreetype6-devel zlib1g-devel libzmq3-devel libgdbm-devel libncurses5-devel


To install postgresql 9.5 package:

rpm -Uvh https://download.postgresql.org/pub/repos/yum/9.6/redhat/rhel-7-x86_64/pgdg-centos96-9.6-3.noarch.rpm

yum install -y libpqxx-devel postgresql95-devel postgresql95-server postgresql95-contrib postgresql95-docs

/usr/pgsql-9.5/bin/postgresql95-setup initdb
export PATH=$PATH:/usr/pgsql-9.5/bin

systemctl start postgresql-9.5
systemctl enable postgresql-9.5


su postgres -c "createuser taiga"
su postgres -c "createdb taiga -O taiga"







To install rabbitmq:


yum install rabbitmq-server

 
To install python 3.5 on centos use IUS repo:

rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm https://centos7.iuscommunity.org/ius-release.rpm  

yum install python35u-pip python35u python35u-devel
 

To install circus:

pip2 install circus

cat > /usr/lib/systemd/system/circusd.service << EOF
[Unit]
Description=circus

[Service]
ExecStart=/usr/bin/circusd /etc/circus.ini
EOF


ln -s '/usr/lib/systemd/system/circusd.service' '/etc/systemd/system/circusd.service'


cat > /etc/circus.ini << EOF
[circus]
check_delay = 5
endpoint = tcp://127.0.0.1:5555
pubsub_endpoint = tcp://127.0.0.1:5556
stats_endpoint = tcp://127.0.0.1:5557
include_dir = /etc/circus.d
logoutput = /var/log/circusd.log
;debug = True
;; requires circus-web to be able to start the http dashboard
;httpd = True

[plugin:flapping]
use = circus.plugins.flapping.Flapping
retry_in = 3
max_retry = 2
EOF

mkdir /etc/circus.d/
mkdir -p /home/taiga/logs/

cat > /etc/circus.d/taiga-celery.ini << EOF
[watcher:taiga-celery]
working_dir = /home/taiga/taiga-back
cmd = celery
args = -A taiga worker -c 4
uid = taiga
numprocesses = 1
autostart = true
send_hup = true
stdout_stream.class = FileStream
stdout_stream.filename = /home/taiga/logs/celery.stdout.log
stdout_stream.max_bytes = 10485760
stdout_stream.backup_count = 4
stderr_stream.class = FileStream
stderr_stream.filename = /home/taiga/logs/celery.stderr.log
stderr_stream.max_bytes = 10485760
stderr_stream.backup_count = 4

[env:taiga-celery]
PATH = /home/taiga/.virtualenvs/taiga/bin:$PATH
TERM=rxvt-256color
SHELL=/bin/bash
USER=taiga
LANG=en_US.UTF-8
HOME=/home/taiga
PYTHONPATH=/home/taiga/.virtualenvs/taiga/lib/python3.5/site-packages
EOF

cat > /etc/circus.d/taiga.ini << EOF
[watcher:taiga]
working_dir = /home/taiga/taiga-back
cmd = gunicorn
args = -w 3 -t 60 --pythonpath=. -b 127.0.0.1:8001 taiga.wsgi
uid = taiga
numprocesses = 1
autostart = true
send_hup = true
stdout_stream.class = FileStream
stdout_stream.filename = /home/taiga/logs/gunicorn.stdout.log
stdout_stream.max_bytes = 10485760
stdout_stream.backup_count = 4
stderr_stream.class = FileStream
stderr_stream.filename = /home/taiga/logs/gunicorn.stderr.log
stderr_stream.max_bytes = 10485760
stderr_stream.backup_count = 4

[env:taiga]
PATH = /home/taiga/.virtualenvs/taiga/bin:$PATH
TERM=rxvt-256color
SHELL=/bin/bash
USER=taiga
LANG=en_US.UTF-8
HOME=/home/taiga
PYTHONPATH=/home/taiga/.virtualenvs/taiga/lib/python3.5/site-packages
EOF


cat > /etc/circus.d/taiga-events.ini << EOF
[watcher:taiga-events]
working_dir = /home/taiga/taiga-events
cmd = /usr/bin/coffee
args = index.coffee
uid = taiga
numprocesses = 1
autostart = true
send_hup = true
stdout_stream.class = FileStream
stdout_stream.filename = /home/taiga/logs/taigaevents.stdout.log
stdout_stream.max_bytes = 10485760
stdout_stream.backup_count = 12
stderr_stream.class = FileStream
stderr_stream.filename = /home/taiga/logs/taigaevents.stderr.log
stderr_stream.max_bytes = 10485760
stderr_stream.backup_count = 12
EOF



Monit config file for postgresql and rabbitmq:

check process postgresql with pidfile /var/lib/pgsql/9.5/data/postmaster.pid
    group postgres
    start program = "/usr/sbin/service postgresql-9.5 start"
    stop  program = "/usr/sbin/service postgresql-9.5 stop"
 if failed host localhost port 5432 protocol pgsql then restart
 if 5 restarts within 5 cycles then timeout
 

CHECK PROCESS rabbitmq-server WITH PIDFILE "/var/lib/rabbitmq/mnesia/rabbit@cl.pid"
  GROUP rabbitmq
  START PROGRAM "/usr/sbin/service rabbitmq-server start"
  STOP PROGRAM "/usr/sbin/service rabbitmq-server stop"
  IF DOES NOT EXIST FOR 3 CYCLES THEN RESTART
IF FAILED PORT 5672 4 TIMES WITHIN 6 CYCLES THEN RESTART
 

Wednesday, November 9, 2016

Install the latest versions of qpdfview/evince on Ubuntu / Debian

I was looking for a better PDF Viewer rather than Evince for my Ubuntu installation and I found the best one that can replace Evince is qpdfview. You can install it from Ubuntu repositories however you would miss the features available in the most recent version so I recommend compiling and installing the latest available version from source:

sudo apt-get remove evince qpdfview -y
sudo apt-get autoremove -y
sudo apt-get install qttools5-dev-tools libpoppler-qt5-dev libspectre-dev libdjvulibre-dev  libcups2-dev 
mkdir ~/src
cd ~/src
wget https://launchpad.net/qpdfview/trunk/0.4.16/+download/qpdfview-0.4.16.tar.gz
lrelease qpdfview.pro
qmake qpdfview.pro
make
sudo make install



You can also install the latest version of evince using the following commands as well:

cd ~/src
sudo apt-get install intltool libglib2.0-dev libgtk-3-dev libxml2-dev libxml2-utils libsecret-1-dev libnautilus-extension-dev libpoppler-glib-dev itstool libkpathsea-dev libgxps-dev libtiff5-dev libgirepository1.0-dev

wget http://ftp.gnome.org/pub/GNOME/sources/evince/3.22/evince-3.22.1.tar.xz
tar -xf evince-3.22.1.tar.xz
cd evince-3.22.1
./configure --prefix=/usr --enable-compile-warnings=minimum --enable-introspection --disable-static
make
sudo make install

Wednesday, October 26, 2016

Installing private GIT and CGIT (git web frontend) on Centos 7.x / 6.x

 TLDR;

Install Prerequisite packages first:
yum install fcgi-devel highlight -y

Install fcgiwrap

cd /usr/src/
git clone git://github.com/gnosek/fcgiwrap.git
cd fcgiwrap
autoreconf -i
./configure --prefix=/usr
make
make install


Add cgitwrap and fcgiwrap scripts: /etc/init.d/fcgiwrap

#!/usr/bin/perl

use strict;
use warnings FATAL => qw( all );

use IO::Socket::UNIX;

my $bin_path = '/usr/sbin/fcgiwrap -p /usr/libexec/git-core/git-http-backend';
my $socket_path = $ARGV[0] || '/var/run/cgit-fastcgi/git-fastcgi.socket';
my $num_children = $ARGV[1] || 1;

close STDIN;

unlink $socket_path;
my $socket = IO::Socket::UNIX->new(
    Local => $socket_path,
    Listen => 100,
);

die "Cannot create socket at $socket_path: $!\n" unless $socket;

for (1 .. $num_children) {
    my $pid = fork;
    die "Cannot fork: $!" unless defined $pid;
    next if $pid;

    exec $bin_path;
    die "Failed to exec $bin_path: $!\n";
}


And /etc/init.d/cgitwrap

#!/usr/bin/perl

use strict;
use warnings FATAL => qw( all );

use IO::Socket::UNIX;

my $bin_path = '/usr/sbin/fcgiwrap -p /var/www/htdocs/cgit/cgit.cgi';
my $socket_path = $ARGV[0] || '/var/run/cgit-fastcgi/cgit-fastcgi.socket';
my $num_children = $ARGV[1] || 1;

close STDIN;

unlink $socket_path;
my $socket = IO::Socket::UNIX->new(
    Local => $socket_path,
    Listen => 100,
);

die "Cannot create socket at $socket_path: $!\n" unless $socket;

for (1 .. $num_children) {
    my $pid = fork;
    die "Cannot fork: $!" unless defined $pid;
    next if $pid;

    exec $bin_path;
    die "Failed to exec $bin_path: $!\n";
}



Install cgit

cd /usr/src
git clone https://git.zx2c4.com/cgit
cd cgit
git submodule init
git submodule update
make
make install


Configure cgit

mkdir /var/www/htdocs/cgit-css
cp /var/www/htdocs/cgit/cgit.css /var/www/htdocs/cgit-css
cp /var/www/htdocs/cgit/cgit.png /var/www/htdocs/cgit-css

Edit /usr/local/lib/cgit/filters/syntax-highlighting.sh and enable version 3 at the end of the file and save it as syntax-highlighting-edited.sh


Add /etc/cgitrc

source-filter=/usr/local/lib/cgit/filters/syntax-highlighting.sh
about-filter=/usr/local/lib/cgit/filters/about-formatting.sh
css=/cgit-css/cgit.css
logo=/cgit-css/cgit.png
robots=noindex, nofollow
virtual-root=/cgit
scan-path=/opt/projects/git


Correct permissions

chown -R nginx:nginx /opt/projects/git
mkdir /var/run/cgit-fastcgi/
chown nginx:nginx /var/run/cgit-fastcgi/
chmod +x /etc/init.d/cgitwrap
chmod +x /etc/init.d/fcgiwrap
sudo -u nginx /etc/init.d/cgitwrap
sudo -u nginx /etc/init.d/fcgiwrap
echo "mkdir -p /var/run/cgit-fastcgi/" >> /etc/rc.local
echo "chown nginx:nginx /var/run/cgit-fastcgi/" >> /etc/rc.local
echo "sudo -u nginx /etc/init.d/cgitwrap" >> /etc/rc.local
echo "sudo -u nginx /etc/init.d/fcgiwrap" >> /etc/rc.local

chmod +x /etc/rc.local

Check if they're running properly

ls -l /var/run/cgit-fastcgi/

Configure nginx

location ~ /git(/.*) {
        include /etc/nginx/fastcgi_params;
        client_max_body_size 0;
        fastcgi_param SCRIPT_FILENAME /usr/libexec/git-core/git-http-backend;
        include fastcgi_params;
        fastcgi_param GIT_HTTP_EXPORT_ALL "";
        fastcgi_param GIT_PROJECT_ROOT /opt/projects/git;
        fastcgi_param PATH_INFO $1;
        fastcgi_pass      unix:/var/run/cgit-fastcgi/git-fastcgi.socket;
        auth_basic "Restricted";
        auth_basic_user_file conf.d/.htpasswd.mghadam;

}

location ~ /cgit(/.*) {
        include fastcgi_params;
        fastcgi_param       SCRIPT_FILENAME /var/www/htdocs/cgit/cgit.cgi;
        fastcgi_pass        unix:/var/run/cgit-fastcgi/cgit-fastcgi.socket;
        fastcgi_param HTTP_HOST $server_name;
        fastcgi_param PATH_INFO $1;
        fastcgi_param QUERY_INFO $1;
        auth_basic "Restricted";
        auth_basic_user_file conf.d/.htpasswd.mghadam;
}

location ~ /cgit-css(/.*) {
        root /var/www/htdocs;
        if ($request_uri ~* \.(js|css|png|jpg|jpeg|gif|ico|swf|xml|txt)$) {
                expires 15d;
                break;
        }
}

Sunday, October 2, 2016

Tutorial: HLS/RTMP streaming server on Linux with Windows/Linux/OSX streaming source

This tutorial is on necessary steps needed to run your own streaming server on a Linux dedicated server / VPS. It consists of three parts: Streaming Server, Streaming Source, Streaming Client. A good tutorial has been posted here before by peer5, I just try to improve peer5's tutorial in this blog post.


Part 1 - Configuring HLS/RTMP streaming server on a Linux server

We need to compile nginx rtmp module from source as it's not available in nginx default rpm packages. I'd prefer to modify the last version of nginx SRPM and add the last release version of the module there. The following commands are for Centos 7, based on a tutorial posted here.


# su rpmbuilder

$ rpm -Uvh http://nginx.org/packages/mainline/centos/7/SRPMS/nginx-1.11.5-1.el7.ngx.src.rpm

$ cd ~ 
$ vi nginx-rtmp.patch


--- rpmbuild/SPECS/nginx.spec.orig    2016-11-09 06:50:17.297394889 -0500
+++ rpmbuild/SPECS/nginx.spec    2016-11-09 06:55:49.313116369 -0500
@@ -3,6 +3,7 @@
 %define nginx_user nginx
 %define nginx_group nginx
 %define nginx_loggroup adm
+%define rtmp_version                 1.1.10

 # distribution specific definitions
 %define use_systemd (0%{?fedora} && 0%{?fedora} >= 18) || (0%{?rhel} && 0%{?rhel} >= 7) || (0%{?suse_version} == 1315)
@@ -54,7 +55,7 @@

 %define WITH_CC_OPT $(echo %{optflags} $(pcre-config --cflags))

-%define BASE_CONFIGURE_ARGS $(echo "--prefix=%{_sysconfdir}/nginx --sbin-path=%{_sbindir}/nginx --modules-path=%{_libdir}/nginx/modules --conf-path=%{_sysconfdir}/nginx/nginx.conf --error-log-path=%{_localstatedir}/log/nginx/error.log --http-log-path=%{_localstatedir}/log/nginx/access.log --pid-path=%{_localstatedir}/run/nginx.pid --lock-path=%{_localstatedir}/run/nginx.lock --http-client-body-temp-path=%{_localstatedir}/cache/nginx/client_temp --http-proxy-temp-path=%{_localstatedir}/cache/nginx/proxy_temp --http-fastcgi-temp-path=%{_localstatedir}/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=%{_localstatedir}/cache/nginx/uwsgi_temp --http-scgi-temp-path=%{_localstatedir}/cache/nginx/scgi_temp --user=%{nginx_user} --group=%{nginx_group} --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module")
+%define BASE_CONFIGURE_ARGS $(echo "--prefix=%{_sysconfdir}/nginx --sbin-path=%{_sbindir}/nginx --modules-path=%{_libdir}/nginx/modules --conf-path=%{_sysconfdir}/nginx/nginx.conf --error-log-path=%{_localstatedir}/log/nginx/error.log --http-log-path=%{_localstatedir}/log/nginx/access.log --pid-path=%{_localstatedir}/run/nginx.pid --lock-path=%{_localstatedir}/run/nginx.lock --http-client-body-temp-path=%{_localstatedir}/cache/nginx/client_temp --http-proxy-temp-path=%{_localstatedir}/cache/nginx/proxy_temp --http-fastcgi-temp-path=%{_localstatedir}/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=%{_localstatedir}/cache/nginx/uwsgi_temp --http-scgi-temp-path=%{_localstatedir}/cache/nginx/scgi_temp --user=%{nginx_user} --group=%{nginx_group} --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --add-module=nginx-rtmp-module-%{rtmp_version}")

 Summary: High performance web server
 Name: nginx
@@ -65,6 +66,7 @@
 Group: %{_group}

 Source0: http://nginx.org/download/%{name}-%{version}.tar.gz
+Source100: v%{rtmp_version}.tar.gz
 Source1: logrotate
 Source2: nginx.init.in
 Source3: nginx.sysconf
@@ -95,6 +97,8 @@

 %prep
 %setup -q
+wget http://github.com/arut/nginx-rtmp-module/archive/v%{rtmp_version}.tar.gz -O ~/rpmbuild/SOURCES/v%{rtmp_version}.tar.gz
+tar xvzf %SOURCE100
 cp %{SOURCE2} .
 sed -e 's|%%DEFAULTSTART%%|2 3 4 5|g' -e 's|%%DEFAULTSTOP%%|0 1 6|g' \
     -e 's|%%PROVIDES%%|nginx|g' < %{SOURCE2} > nginx.init

 




$ patch rpmbuild/SPECS/nginx.spec nginx-rtmp.patch
$ rpmbuild -ba ~/rpmbuild/SPECS/nginx.spec

$ exit
# service nginx stop
# rpm -Uvh /home/rpmbuilder/rpmbuild/RPMS/x86_64/nginx-1.11.4-1.el7.centos.ngx.x86_64.rpm

Now add the following directives to the /etc/nginx/nginx.conf file:

rtmp {
        server {
                listen 1935;
                chunk_size 4096;
                allow publish 127.0.0.1; # Source rtmp sender IP address                deny publish all;                allow play all;
                application live {
                        live on;
                        record off;
                        # Turn on HLS
                        hls on;
                        hls_path /home/stream/hls/;
                        hls_fragment 3;
                        hls_playlist_length 60;
                        # disable consuming the stream from nginx as rtmp
                        #deny play all;

                }
        }
}



You need to replace the 127.0.0.1 IP address above with the IP address of the computer you want to send the stream to this server (streaming source)

Now add the virtualhost to host the hls playlist file:
# vi /etc/nginx/conf.d/stream.conf

server {
    listen       80;
    server_name  live.yourdomainname.com;

    #charset koi8-r;
    #access_log  /var/log/nginx/log/host.access.log  main;
    error_log /home/stream/logs/error_log;
    location /hls {
        # Disable cache
        add_header Cache-Control no-cache;

        # CORS setup
        add_header 'Access-Control-Allow-Origin' '*' always;
        add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
        add_header 'Access-Control-Allow-Headers' 'Range';

        # allow CORS preflight requests
        if ($request_method = 'OPTIONS') {
            add_header 'Access-Control-Allow-Origin' '*';
            add_header 'Access-Control-Allow-Headers' 'Range';
            add_header 'Access-Control-Max-Age' 1728000;
            add_header 'Content-Type' 'text/plain charset=UTF-8';
            add_header 'Content-Length' 0;
            return 204;
        }

        types {
            application/vnd.apple.mpegurl m3u8;
            video/mp2t ts;
        }

        root /home/stream;
    }

    location /{
            root /home/stream/public_html;
    }
}


You should also increase worker_connections in nginx configuration
/etc/nginx/nginx.conf:

worker_processes  4;
worker_rlimit_nofile 65535;


and increase maximum number of open files for the user :

# grep "^Max open files" /proc/`cat /var/run/nginx.pid `/limits
Max open files            1024                 4096                 files 
 
# mkdir /etc/systemd/system/nginx.service.d
# vi /etc/systemd/system/nginx.service.d/limits.conf

[Service]
LimitNOFILE=65536
 
# systemctl daemon-reload
# systemctl restart nginx                                                                                                    



Part 2 - Preparing the streaming media ( Camera / Desktop screencast / Movie / ... ) and sending it to the streaming server you've configured in Part 1

Our nginx server is now ready to accept input from our stream source. There're several softwares to generate stream source but I'd prefer the Open Broadcaster Software. Download and install the software, add your stream source from the list. Then go to settings and set the stream. You need to tune the video stream parameters as well according to your upload connection speed (Instructions here).
The following settings worked well for me on even slow internet connections:
Output:



 Audio:


Video:


Stream:


Save the settings and click on Start streaming.

Note that you need to have port 1935 enabled on the firewall of the server as well as the streaming source PC

Part 3 - Configuring a HLS player to display the streaming content on your website

I recommend Momovi HLS placomputer.yer. By using momovi, you can watch your online stream on apple devices including iPhone, iPad, Safari, ... devices without having any 3rd party plugins such as Adobe flash player installed. It also supports Android and Chrome without Flash player and Firefox with Flash player (at the moment).

You can download the player from their website. Just edit the player.html file and update the following lines to your hls server address :

newplayer({"stream_url": "http://live.yourdomainname.com/hls/channel1.m3u8","poster":"http://live.yourdomainname.com/banner.jpg"});
 
 
Note that we had set the *channel1* in the above URL as the *Stream key* of OBS streaming settings.

Thursday, September 22, 2016

Compile Zulip desktop client on Ubuntu xenial

You can install Zulip client on a fresh Ubuntu Xenial installation by the following commands:


sudo apt-get install git cmake qt5-default libqt5svg5-dev libqt5webkit5-dev qtmultimedia5-dev libjson0-dev phonon-backend-gstreamer  phonon4qt5-backend-gstreamer

wget https://github.com/zulip/zulip-desktop/archive/0.5.1.tar.gz
tar -zxf 0.5.1
cd zulip-desktop-0.5.1
mkdir build
cd build
cmake .. -DBUILD_WITH_QT5=On
make
sudo make install
cd /usr/share/applications
sudo ln -s /usr/local/share/applications/Zulip.desktop

Friday, September 16, 2016

FIXED: DomainKey signature breaks when sending emails with PHP mail

I experienced a very strange issue with php mail() function on one of my servers yesterday. The story goes like this:

PHP mail() uses /usr/sbin/sendmail to send emails by default. I had a ded server with Plesk panel. I had configured the postfix mail server there to have valid DomainKey / DKIM / SPF authentications. DomainKey/DKIM signatures would work fine when clients sent emails using Outlook or Thunderbird, but DomainKey signatures got broken when emails were sent through PHP mail() function.

The reason was the wrong d=$DOMAIN variable used in DomainKey signature when emails were sent through php mail() function. Strangely enough, I found that it only happens when "FROM" header is set in $additional_headers of php mail() function. Therefore:

mail($dest_email, $subject, $message, "FROM: Mos GH mos@holding.com");


breaks DomainKey signatures. The workaround is to remove FROM header and put the sender in $additional_parameters variable:
mail($dest_email, $subject, $message, "", "-f mos@holding.com");

However  you can't give your full name like this.

Alternatively one can use PHPMailer to send emails directly through  SMTP instead of sendmail to avoid the issue.

p.s. You can send a test email message to check-auth@verifier.port25.com to see how well your emails are authenticated. It's a robot and usually replies back to you with your authentication results in seconds.

Wednesday, September 14, 2016

FIXED: warning: SASL authentication failure: realm changed: authentication aborted, PLESK

Yesterday I found that outlook couldnt connect to the mail server while I was working on installing Postfix with STARTTLS on a Plesk server. I could see the following errors in the error log file:

postfix/smtpd[1929]: warning: SASL authentication failure: realm changed: authentication aborted
postfix/smtpd[1929]: warning: SASL DIGEST-MD5 authentication failed: authentication failure

This is while Thunderbird was working fine. The error appears to be from outlook that couldnt send the account credentials using DIGEST-MD5 encryption. The following workaround could be applied:

Edit /usr/lib64/sasl2/smtpd.conf and update:
mech_list: CRAM-MD5 PLAIN LOGIN

Edit /etc/postfix/main.cf and update:
smtpd_sasl_security_options = noanonymous

and finally run:
service postfix restart
service saslauthd restart

Tuesday, September 13, 2016

VIM and Python :: Ubuntu Xenial

Yesterday I read about making VIM to a powerful IDE for Python here:  VIM and Python - a Match Made in Heaven

The above post is almost complete and covers everything. I tried to run the configuration on Ubuntu Xenial and noticed that the following updates apply to the article:


1- Use the following code in PEP8 Python indentation instead of the default one of the blog post:

au BufNewFile,BufRead *.py
    \ set tabstop=4 |
    \ set softtabstop=4 |
    \ set shiftwidth=4 |
    \ set textwidth=79 |
    \ set expandtab |
    \ set autoindent |
    \ set fileformat=unix |

au BufNewFile,BufRead *.js,*.html,*.css
    \ set tabstop=2 |
    \ set softtabstop=2 |
    \ set shiftwidth=2 |


2- Add the following line before the code provided in Flagging Unnecessary Whitespace of the blog post:

highlight BadWhitespace ctermbg=red guibg=darkred


3- Use py3 << EOF instead of py << EOF in Virtualenv Support of the blog post.


4- Assign F6 key to toggle NERDTree:

nnoremap <F6> :NERDTreeToggle<CR>

and add the following lines to have powerline and NERDTree activated at startup:

autocmd vimenter * NERDTree
set laststatus=2
set t_Co=256



Happy developing!

Saturday, August 6, 2016

How to Fix ESXi 6.0 root account lockout

ESXi 6.0 introduces root account lockout. There're bunch of bots out there trying to brute-force attack your ssh/ESXi root password, making your root account easily vulnerable to be locked out. A good security practice to amend the issue is to enable SSH server on ESXi with KEY-BASED authentication ('PasswordAuthentication no' in /etc/ssh/sshd_config) then to enable ESXi firewall and restrict the ESXi vSpehere client to your static IP addresses as mentioned here:

esxcli network firewall set --enabled true
esxcli network firewall ruleset set -a=false -r=vSphereClient
esxcli network firewall ruleset allowedip add -i=Your.Static.IP.Address -r=vSphereClient


You need to limit your SSH port as well:

esxcli network firewall set --enabled false
esxcli network firewall ruleset set -a=false -r=sshServer
esxcli network firewall ruleset allowedip add -i=Your.Static.IP.Address -r=sshServer

esxcli network firewall set --enabled true

Thursday, August 4, 2016

Protect yourself against browser tracking

Private browsing is a part of today browsers. When you use private browsing, you expect to be anonymous and put no trace in the computer you're using, and also the websites you're browsing don't realize that its you browsing their website.

You can see how anonymous your web browser is using Panopticlick website. If you have Flash player or Java installed, you most probably have a unique browser which can lead to your identification. 'List of plugins', 'List of system fonts', 'Java version', 'Timezone' together make your browser unique.

You can use the following sources to improve your browser tracking protection:

Disable font enumeration for firefox
Disable font enumeration for Chrome

Disable Plugin enumeration

Update 1: A dear friend mentioned the following privacy leaks:

- WebRTC, How to disable them in Firefox
- Disable WebGL
- Canvas Fingerprinting ( Canvas Blocker for firefox -> Install and set the block mode to : Block readout API)

With the above configurations, Panopticlick now says "Yes! You have strong protection against Web tracking."

Tuesday, July 19, 2016

Install docker with btrfs filesystem on Centos 7

If you're using docker inside a virtual machine, it's a good idea create a virtual hard disk and set it as docker storage. For this purpose, you should use format the disk as Btrfs.

A great tutorial is posted on this topic here.

Instructions to make a btrfs partition is available here.

Tuesday, March 8, 2016

Zotero citation/reference numbers in Persian


Zotero inserts citation numbers in word documents in English numbers (even when "Context" numeral is selected from File -> Options -> Advanced):
I had to change it to Persian numbers in my master thesis:


My colleagues modified their theses files manually! I tried to find a more convenient way and here it is:
This can be done by using REGEX expressions in Office Word 2013 Find and replace:
Find what: \[([0-9]*)\]
Replace with: [\1]
Then select [\1] in the replace box and then click on "More >>", set:
- Format -> Language -> Persian
- Format -> Font -> Comlpex font: B Nazanin, Size 12


Tuesday, February 2, 2016

Install ShareLaTex on Centos/Ubuntu/Debian server with CSF Firewall enabled

Today I spent a couple of hours to install ShareLaTex on a CentOS server so that I can collaborate with some other people on publishing papers...

The best way to install ShareLaTex on any platform is to use their Docker image (Instructions here).

docker run -d \
  -v ~/sharelatex_data:/var/lib/sharelatex \
  --name=sharelatex \
  -p 3000:80 \
  sharelatex/sharelatex

The above command installs SharedLaTex docker image, shares Host's ~/sharelatex_data folder to save data inside and forwards port 3000 of the host machine to the docker so that ShareLaTex can be accessible from host external IP address. (IP:3000)

If you have CSF firewall installed, docker0 interface won't work correctly and the host machine will not be accessible from the container. This can be fixed by adding the following entries to /etc/csf/csfpost.sh

iptables -t nat -N DOCKER
iptables -t nat -A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
iptables -t nat -A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
iptables -t nat -A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE

iptables -t filter -N DOCKER
iptables -t filter -A FORWARD -o docker0 -j DOCKER
iptables -t filter -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -t filter -A FORWARD -i docker0 ! -o docker0 -j ACCEPT
iptables -t filter -A FORWARD -i docker0 -o docker0 -j ACCEPT

iptables -A -A FORWARD -i docker0 -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o docker0 -j ACCEPT
iptables -A INPUT -i docker0 -j ACCEPT

csfpost.sh ought to be executable (+x).
Also we should whitelist local IP address of the container by adding the following line to /etc/csf/csf.allow:
172.17.0.0/16

Now restart CSF and enjoy your ShareLaTex installation:
csf -r

That's it!

Wednesday, January 6, 2016

[Tutorial] Install zerofree on CentOS 6, 7, Redhat, Fedora, ...

You might need zerofree when you want to compact your VM's hard disk. There's no RPM package of this application for Centos 6 or 7 (rhel 6 & rhel 7) so the only way is to compile it from the source. It goes like this:

yum install e2fsprogs-devel -y
wget http://frippery.org/uml/zerofree-1.0.3.tgz
tar -zxf zerofree-1.0.3.tgz
cd zerofree-1.0.3

make


after successfully building the application, copy it to /usr/bin

cp zerofree /usr/bin

Now you can remount the destination partition as read-only and zerofree it!

You can also use dd instead of zerofree:

dd if=/dev/zero of=test.file
 
...wait for the virtual disk to fill, then
 
rm test.file

and shut the VM down. Then on your VirtualBox host do:
 
VBoxManage modifyhd --compact yourImage.vdi

How to disable Debian 12 sleep on production servers

 Debian 12 has power saver enabled by default which causes your server to go to sleep if there is no mouse / keyboard interaction. To resolv...