This rule will make no-unused-vars rule ignore all function parameters starting with underscore.
"rules": {
"no-unused-vars": [2, {"args": "all", "argsIgnorePattern": "^_"}]
}
Author Archives: Adam Zolo
Deploying React to Linux Server with Git Push
Selected VPS: Linode, 1GB Ram, 20 GB SSD, 1 TB transfer
OS: Ubuntu 17.04
Web Server: Ngnix
If you’d like to try Linode, I would greatly appreciate using this referral link – Linode: SSD Cloud Hosting & Linux Servers
Start with regular updates
apt-get update && apt-get upgrade
Set up fail2ban and Firewall
I’m installing fail2ban 0.10 since it supports ipv6. At the time of this post, it is not available as a regular package.
wget https://github.com/fail2ban/fail2ban/archive/0.10.0.tar.gz
tar -xvzf 0.10.0.tar.gz
python3 setup.py install
#To enable fail2ban as an automatic service, copy the script for your distro from the files directory to /etc/init.d.
cp files/debian-initd /etc/init.d/fail2ban
update-rc.d fail2ban defaults
service fail2ban start
#Add local jail
awk '{ printf "# "; print; }' /etc/fail2ban/jail.conf | sudo tee /etc/fail2ban/jail.local
vim /etc/fail2ban/jail.local
uncomment sshd section and add
enabled = true
sudo apt-get install sendmail iptables-persistent sudo service fail2ban start
Firewall ( allow established connections, traffic generated by the server itself, traffic destined for our SSH and web server ports. We will drop all other traffic):
sudo service fail2ban stop sudo iptables -A INPUT -i lo -j ACCEPT sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT sudo iptables -A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT sudo iptables -A INPUT -j DROP # easy way to rate-limit ssh with ufw: # technically, we could do all of the iptables stuff with ufw ufw enable ufw limit ssh
If using IPv6:
ip6tables -A INPUT -p tcp --dport 80 -j ACCEPT ip6tables -A INPUT -p tcp --dport 443 -j ACCEPT ip6tables -A INPUT -p tcp --dport 22 -j ACCEPT # (replace with your undisclosed port) ip6tables -A INPUT -p icmpv6 -j ACCEPT ip6tables -A INPUT -j REJECT ip6tables -A FORWARD -j REJECT
View iptables rules:
sudo iptables -S
Save iptables rules:
sudo dpkg-reconfigure iptables-persistent sudo service fail2ban start
SSH
vim /etc/ssh/sshd_config #Add or uncomment (if using Ubuntu < 17.04) protocol 2 #Add allowed ciphers Ciphers aes128-ctr,aes192-ctr,aes256-ctr KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256 MACs hmac-sha2-256,hmac-sha2-512
Restart and test ssh config:
service sshd restart #returns nothing if everything configured properly sshd -t
NGINX
sudo apt-get install software-properties-common sudo add-apt-repository ppa:nginx/stable sudo apt-get install nginx service nginx status
Update /etc/nginx/sites-enabled/default
root /var/www/html/your_site;
location / {
# Some comments...
try_files $uri /index.html; # ADD THIS
}
sudo service nginx restart
Installing React Dependencies
# install yarn curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add - echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list sudo apt-get update && sudo apt-get install yarn #install node (apt-get repo has an older version of Node) curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash - sudo apt-get install -y nodejs sudo apt-get install -y build-essential
GIT Push Deploy
Let’s set up git on the server
apt-get install git-core mkdir repos && cd repos mkdir your_site.git cd your_site.git git init --bare
Set up a post-push hook
cd /repos/your_app.git/hooks
touch post-receive
#!/bin/bash -l GIT_REPO=$HOME/repos/your_app.git TMP_GIT_CLONE=$HOME/tmp/git/your_app PUBLIC_WWW=/var/www/html git clone $GIT_REPO $TMP_GIT_CLONE cd $TMP_GIT_CLONE yarn install yarn build rm -rf $PUBLIC_WWW/your_app_bup mv $PUBLIC_WWW/your_app $PUBLIC_WWW/your_app_bup cp -a build/. $PUBLIC_WWW/your_app rm -Rf $TMP_GIT_CLONE exit
Run on post-receiv:
chmod +x post-receive
On your local machine:
git remote add linode root@remote_server_address:repos/your_app.git git push linode master
Agile Estimation Tools
What’s the best online story estimation tool you ask? Well, Story Estimate sounds like one of the best options out there. Sure, I may be a little biased, since I wrote it, but still, it’s pretty good.
Nonetheless, I’ll pretend to be impartial and give a “fair” overview of several options.
- Story Estimate – free, presents a modern UI, has no known vulnerabilities. It allows to use multiple estimation techniques (planning poker, T-shirt sizes…), including custom ones (specify whatever you want for your votes). Registered users can see additional statistics, including how their vote compare to the rest of the team. Simple to use. Best of all, it is written by me. What not to like?
- Pointing Poker – a little outdated UI, but a pretty nice tool, also free. Unfortunately, it is open to JavaScript injection. Which, in a way, can be thought of as a feature (you can inject some fun JavaScript scripts), as long as you can trust your teammates not to inject any harmful scripts.
- Planning Poker – the original planning poker. Free tier is limited (up to 5 players), paid version has some nice integrations with other tools (JIRA, TFS…). It’s a little more complicated, takes a little longer to setup, requires a user account.
- PlanITPoker – Doesn’t require an account, although you can create one. It is a little more involved to setup, but not bad in terms of functionality.
- Firepoker – Another free and open source tool. Extra points for being open source on GitHub. It’s a little limited in terms of the points you can select (offers two presets – powers of 2 and a slightly modified Fibonacci sequence). Also open to JavaScript injection.
RSpec, Action Cable, and Capybara (As of Rails 5.1.2)
Gems in Gemfile:
group :test, :development do gem 'database_cleaner' gem "rspec-rails", "~> 3.6.0" gem 'selenium-webdriver' end group :test do gem "capybara", "~> 2.14.0" end
rails_helper:
config.use_transactional_fixtures = false
config.before(:suite) do
DatabaseCleaner.clean_with(:truncation)
end
config.before(:each) do
DatabaseCleaner.strategy = :transaction
end
config.before(:each, js: true) do
DatabaseCleaner.strategy = :truncation
end
config.before(:each) do
DatabaseCleaner.start
end
config.after(:each) do
DatabaseCleaner.clean
end
#Puma makes it possible to run RSpec with ActionCable
Capybara.server = :puma
Capybara.register_driver :selenium_chrome do |app|
Capybara::Selenium::Driver.new(app, browser: :chrome)
end
Capybara.javascript_driver = :selenium_chrome
And, the driver:
brew install chromedriver
Setting up a cron job on Mac
In this example, we’re setting up a job, which will run at 08:00 am daily and clean rails logs
Step 1 – create a file with what we want to run (delete_logs.sh):
#!/bin/(shell) cd ~/code/rails_project /Users/username/.rbenv/shims/bundle exec rake log:clear
Setp 2 – set up the cron scheduler:
$ env EDITOR=vim crontab -e # Add the line to run the script at 8am daily: 0 8 * * * sh ~/scripts/delete_logs.sh >/tmp/stdout.log 2>/tmp/stderr.log
Configuring ESLint and Prettier in Atom
Install eslint and optional plugins:
npm install -g eslint eslint-plugin-react
Install atom plugins:
linter-eslint prettier-atom
Create .eslintrc either in the root of your application (or your root path if you want it to be global)
Add simple configuration rules:
{
"plugins": [
"react"
],
"parserOptions": {
"ecmaVersion": 6,
"sourceType": "module",
"ecmaFeatures": {
"jsx": true
}
},
"env": {
"es6": true,
"browser": true,
"node": true,
"mocha": true
},
"extends": [
"eslint:recommended",
"plugin:react/recommended"
],
"rules": {
}
}
Optionally, update atom prettier-atom to format on save (in plugin settings)
Deploying Rails Action Cable to Linux
Selected VPS: Linode, 1GB Ram, 20 GB SSD, 1 TB transfer
OS: Ubuntu 18.04 LTS
App server: Passenger
Web Server: Ngnix
If you’d like to try Linode, I would greatly appreciate using this referral link – Linode: SSD Cloud Hosting & Linux Servers
Guide
First step – boot your server from Linode Manager Dashboard and ssh into it
General Server Updates
apt-get update && apt-get upgrade #If desired to run auto-updates apt-get install unattended-upgrades dpkg-reconfigure --priority=low unattended-upgrades
Set timezone:
dpkg-reconfigure tzdata sudo service rsyslog restart
Security:
fail2ban
sudo apt-get install fail2ban
awk '{ printf "# "; print; }' /etc/fail2ban/jail.conf | sudo tee /etc/fail2ban/jail.local
vim /etc/fail2ban/jail.conf
uncomment sshd section and add
enabled = true
sudo apt-get install sendmail iptables-persistent sudo service fail2ban start
Firewall ( allow established connections, traffic generated by the server itself, traffic destined for our SSH and web server ports. We will drop all other traffic):
sudo service fail2ban stop sudo iptables -A INPUT -i lo -j ACCEPT sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT sudo iptables -A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT sudo iptables -A INPUT -j DROP #easy way to rate-limit ssh with ufw: # technically, we could do all of the iptables stuff with ufw ufw enable ufw limit ssh
If using IPv6:
ip6tables -A INPUT -p tcp --dport 80 -j ACCEPT ip6tables -A INPUT -p tcp --dport 443 -j ACCEPT ip6tables -A INPUT -p tcp --dport 22 -j ACCEPT # (replace with your undisclosed port) ip6tables -A INPUT -p icmpv6 -j ACCEPT ip6tables -A INPUT -j REJECT ip6tables -A FORWARD -j REJECT
View iptables rules:
sudo iptables -S
Save iptables rules:
sudo dpkg-reconfigure iptables-persistent sudo service fail2ban start
Create a deploy user
sudo adduser deploy sudo adduser deploy sudo su deploy
Installing Ruby (2.4)
Prereq’s:
sudo apt-get install git-core curl zlib1g-dev build-essential libssl-dev libreadline-dev libyaml-dev libsqlite3-dev sqlite3 libxml2-dev libxslt1-dev libcurl4-openssl-dev python-software-properties libffi-dev nodejs cd git clone https://github.com/rbenv/rbenv.git ~/.rbenv echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bashrc echo 'eval "$(rbenv init -)"' >> ~/.bashrc exec $SHELL git clone https://github.com/rbenv/ruby-build.git ~/.rbenv/plugins/ruby-build echo 'export PATH="$HOME/.rbenv/plugins/ruby-build/bin:$PATH"' >> ~/.bashrc exec $SHELL rbenv install 2.4.0 rbenv global 2.4.0 ruby -v gem install bundler
Nginx
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 561F9B9CAC40B2F7 sudo apt-get install -y apt-transport-https ca-certificates # Add Passenger APT repository sudo sh -c 'echo deb https://oss-binaries.phusionpassenger.com/apt/passenger xenial main > /etc/apt/sources.list.d/passenger.list' sudo apt-get update # Install Passenger & Nginx sudo apt-get install -y nginx-extras passenger
Nginx update for Ubuntu 17.10 zesty
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 561F9B9CAC40B2F7 sudo apt-get install -y apt-transport-https ca-certificates # Add our APT repository sudo sh -c 'echo deb https://oss-binaries.phusionpassenger.com/apt/passenger zesty main > /etc/apt/sources.list.d/passenger.list' sudo apt-get update # Install Passenger + Nginx module sudo apt-get install -y libnginx-mod-http-passenger libnginx-mod-http-headers-more-filter nginx
Nginx update for Ubuntu 18.04 bionic
sudo sh -c 'echo deb https://oss-binaries.phusionpassenger.com/apt/passenger bionic main > /etc/apt/sources.list.d/passenger.list' sudo apt-get update sudo apt-get install -y libnginx-mod-http-passenger
Block anything you don’t want in Nginx
vim /etc/nginx/sites-enabled/default
location ~ ^/(wp-admin|wp-content|wp-login) {
deny all;
}
Set Cache headers
location ^~ /assets/ {
gzip_static on;
expires 1d;
add_header Cache-Control "public";
}
location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
expires 30d;
access_log off;
add_header Cache-Control "public";
}
Prevent access by IP
vim /etc/nginx/sites-enabled/default
server {
listen 80;
listen 443;
server_name _put_server_ip_here;
return 404;
}
Start Nginx:
sudo service nginx start
Nginx config:
sudo vim /etc/nginx/nginx.conf
Uncomment Phusion config – include /etc/nginx/passenger.conf;
Update passenger config:
sudo vim /etc/nginx/passenger.conf
passenger_ruby /home/deploy/.rbenv/shims/ruby;
passenger_root /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini;
#passenger_ruby /usr/bin/passenger_free_ruby;
Restart Nginx
sudo service nginx restart
Test Nginx Config with gixy
We will need python-pip in order to install gixy:
apt-get install python-pip pip install --upgrade pip pip -V pip install gixy gixy
Postgres
sudo apt-get install postgresql postgresql-contrib libpq-dev
Postgres update for Ubuntu 17.10
sudo apt-get install postgresql-9.6 sudo apt-get install python-psycopg2 sudo apt-get install libpq-dev
Postgres update for Ubuntu 18.04
touch /etc/apt/sources.list.d/pgdg.list sudo sh -c 'echo deb http://apt.postgresql.org/pub/repos/apt/ bionic-pgdg main > /etc/apt/sources.list.d/pgdg.list' wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add - sudo apt-get update apt-get install postgresql-10 #Migrate Postresql from 9.6 to 10 sudo pg_dropcluster 10 main --stop sudo systemctl stop postgresql sudo pg_upgradecluster 9.6 main sudo pg_dropcluster 9.6 main --stop
Ensure UTF-8 support before creating a new database
vim /etc/profile.d/lang.sh
Add the following if not already there:
export LANGUAGE="en_US.UTF-8" export LANG="en_US.UTF-8" export LC_ALL="en_US.UTF-8"
Create a Database with a user (Make sure to change the app name):
sudo su - postgres createuser --pwprompt deploy sudo su - deploy psql create database your_db_name_production_new with owner=deploy encoding='UTF-8'; exit
Creating dumps
pg_dump db_name_production -U deploy -h localhost > db_name_production_backup # To restore: psql -d db_name_production -f db_name_production_backup #if you want to scp it from somewhere else(assuming dumps are in ~/dumps): scp -r root@server_ip:~/dumps ~/destination_dumps
Capistrano
On your local machine add to your Gemfile:
gem 'capistrano', '~> 3.7', '>= 3.7.1' gem 'capistrano-passenger', '~> 0.2.0' gem 'capistrano-rails', '~> 1.2' group :production do gem 'capistrano-rbenv', '~> 2.1' end
Generate configs:
cap install STAGES=production
Update Capfile:
# If you are using rbenv add these lines: # require 'capistrano/rbenv' # set :rbenv_type, :user # set :rbenv_ruby, '2.4.0'
Update deploy.rb:
set :application, "my_app_name" set :repo_url, "[email protected]:me/my_repo.git" set :deploy_to, '/home/deploy/my_app_name' append :linked_files, "config/database.yml", "config/secrets.yml" append :linked_dirs, "log", "tmp/pids", "tmp/cache", "tmp/sockets", "vendor/bundle", "public/system", "public/uploads"
Update production.rb with the server IP:
server ‘127.0.0.1’, user: ‘deploy’, roles: %w{app db web}
Had to manually create database.yml and secrets.yml for now in /home/deploy/my_app_name/shared/config and copy connection data. This should be automated later
Update /etc/nginx/sites-enabled/default
server {
listen 80;
listen [::]:80 ipv6only=on;
server_name mydomain.com;
passenger_enabled on;
rails_env production;
root /home/deploy/my_app_name/current/public;
#action cable config:
location /cable {
passenger_app_group_name app_name_websocket;
passenger_force_max_concurrent_requests_per_process 0;
}
}
Redis
sudo apt-get install redis-server
sudo service nginx restart
Time Synchronization
sudo apt-get update sudo apt-get install ntp systemctl start ntp.service sudo ntpq -p
Let’s Encrypt (optional step)
Install certbot
apt-get install software-properties-common add-apt-repository ppa:certbot/certbot apt-get update apt-get install certbot
Add to /etc/nginx/sites-available/default (this may be necessary for the Webroot plugin, which we’ll use to generate the certs)
location ^~ /.well-known/acme-challenge {
root /var/www/html;
default_type "text/plain";
try_files $uri =404;
}
Verify config and restart:
nginx -t systemctl restart nginx
Get your webroot path from /etc/nginx/sites-available/default
Generate certs(replace domain an dweb-root-path):
certbot certonly --webroot --webroot-path=/var/www/html -d example.com -d www.example.com
Add a snippet:
vim /etc/nginx/snippets/ssl-example.com.conf
Paste the following:
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
And another one for ssl params:
vim /etc/nginx/snippets/ssl-params.conf
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; ssl_ecdh_curve secp384r1; ssl_session_cache shared:SSL:10m; ssl_session_tickets off; ssl_stapling on; ssl_stapling_verify on; resolver 8.8.8.8 8.8.4.4 valid=300s; resolver_timeout 5s; add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff;
Update nginx config (this will allow both http and https):
vim /etc/nginx/sites-available/default
server {
listen 80 default_server;
listen [::]:80 default_server;
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name example.com www.example.com;
include snippets/ssl-example.com.conf;
include snippets/ssl-params.conf;
...
Automate certificate renewal:
crontab -e
15 1 * * * /usr/bin/certbot renew --quiet --renew-hook "/bin/systemctl reload nginx" 20 1 * * * nginx -s reloadv
The above will run at 1:15 am every day, then reloads nginx config at 1:20 am.
To view certs expiration dates:
apt-get install ssl-cert-check ssl-cert-check -c /etc/letsencrypt/live/example.com/cert.pem
Additional Mac Setup
brew install ssh-copy-id
ssh-copy-id deploy@IPADDRESS
This will allow you to ssh without a password the next time you ssh.
Useful logs
cat /var/log/redis/redis-server.log
sudo cat /var/log/fail2ban.log
sudo cat /var/log/nginx/error.log
fail2ban grouped by IP:
awk '($(NF-1) = /Ban/){print $NF}' /var/log/fail2ban.log | sort | uniq -c | sort -n
Useful monitoring commands
Ram usage:
free -m
top
Space:
df -ah
du -hs * | sort -h
Another way to get space info
apt-get install ncdu
ncdu /
Network activity:
netstat -tulpn
Linode ipv6 issue
If you can’t get apt-get to work, try to update /etc/gai.conf and uncomment line 54: precedence ::ffff:0:0/96 100
Linode Monitoring – Longview
Linode also provides Longview – web UI to access your server stats. The free version is limited to the last 24 hours.
Here is the official guide
I had to update iptables rules and restart the longview service:
iptables -I INPUT -s longview.linode.com -j ACCEPT iptables -I OUTPUT -d longview.linode.com -j ACCEPT sudo service longview restart
Useful links:
- Deploy ActionCable in production
- Deploy Ruby On Rails on Ubuntu 16.04 Xenial Xerus
- Capistrano Github
- Pagespeed – The tool and optimization guide
- Nifty Nginx config generator
Now, while it’s fun figuring these things out, git push heroku master sounds a lot easier.
Setting up Personal VPN Server
This is my second attempt at setting up a VPN service. This this time with lessons learned.
Server provider: RamNode
Price: $3/month
Virtualization: KVM
Specs: 512 GB RAM, 10 GB Storage, 1000 GB Bandwidth
Chosen OS: CentOS 7
After you set up your server, ssh into it.
Optionally, install and enable firewall for better security. Better to do before you run the vpn script. Otherwise, will have to manually update firewall rules.
yum update # If you want vim: yum search vim yum install vim-enhanced.x86_64 yum install firewalld systemctl enable firewalld systemctl start firewalld #Show configuration for the given zone: firewall-cmd --zone=public --list-all # add a port for your ssh console. Recommended to change from default 12 firewall-cmd --add-port 1234/tcp firewall-cmd --add-port 1234/tcp --permanent vim /etc/ssh/sshd_config # update Port to 1234 (or whatever you picked above) # Uncomment Protocol 2 - it provides better security service sshd restart # this retrieves the vpn script - see https://github.com/Nyr/openvpn-install wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh # if you plan to run VPN on port 443 firewall-cmd --zone=public --add-port=443/udp firewall-cmd --permanent --zone=public --add-port=443/udp vim /etc/openvpn/server.conf #add "port 443" or change to 443 if there is already an entry #in the generated .ovpn file make the same change for the port # should look something like this: remote your_server_ip 443 # additional security feature (not necessary for VPN) yum install epel-release yum install fail2ban yum install fail2ban-systemd cp -pf /etc/fail2ban/jail.conf /etc/fail2ban/jail.local systemctl enable fail2ban vim /etc/fail2ban/jail.local #set to somehting like this ------------------------ [DEFAULT] # ban hosts for 300 seconds: bantime = 300 maxretry = 2 [sshd] port = your_ssh_port enabled = true #Override /etc/fail2ban/jail.d/00-firewalld.conf: banaction = iptables-multiport #if SELinux is enabled (check with sestatus) [selinux-ssh] port = ssh logpath = %(auditd_log)s enabled = true #Check logs: /var/log/fail2ban.log ------------------------ systemctl restart fail2ban # if you need more users, just execute the script again sh openvpn-install.sh
This generates a single some_name.ovpn file that you can download and use with an OpenVPN client. Hopefully, you now have a personal VPN server for roughly $30 a year.
Disabling ipv6
If you’re not planning on using ipv6, may as well disable it. Unfortunately fail2ban doesn’t support it yet.
sysctl -w net.ipv6.conf.all.disable_ipv6=1 sysctl -w net.ipv6.conf.default.disable_ipv6=1
Multiple instances of OpenVPN
If you want to run multiple instances of vpn (say a typical 1194 udp and another one on 443 tcp to avoid blocking)
Add a new config in /etc/openvpn
For simplicity, you can copy existing server.conf and lets name it server2.conf.
Update server2.conf to use a different port and change the server ip (let’s say if original server.conf has ip of 10.8.0.0, let’s give the new config
10.8.2.0:
port 443 proto tcp server 10.8.2.0 255.255.255.0
Start your new openvpn instance:
systemctl start openvpn@server_443_tcp
If using firewalld, add new rules:
firewall-cmd --zone=trusted --add-source=10.8.2.0/24 firewall-cmd --permanent --zone=trusted --add-source=10.8.2.0/24 firewall-cmd --direct --add-rule ipv4 nat POSTROUTING 0 -s 10.8.2.0/24 -j SNAT --to your_server_ip firewall-cmd --permanent --direct --add-rule ipv4 nat POSTROUTING 0 -s 10.8.2.0/24 -j SNAT --to your_server_ip
Restart your new openvpn server:
systemctl restart openvpn@server_443_tcp
If you’d like to use the same .ovpn config on the client side to connect to both ports, add this to client config:
server-poll-timeout 4 remote your_ip 1194 udp remote your_ip 443 tcp remote your_ip 1194 udp remote your_ip 1194 udp
This will try to connect to 1194 udp first, then if unsuccessful, it’ll try 443 tcp, then 1194
In order for this to work, both configs on the server must have the same settings (except for IP’s of course)
OpenDNS
If using OpenDNS head to https://dashboard.opendns.com/ and set it up
Auto-update all CentOS packages
yum -y install yum-cron vim /etc/yum/yum-cron.conf # set: # download_updates = yes # apply_updates = yes sudo systemctl enable yum-cron.service systemctl start yum-cron
Harden SSH
vim /etc/ssh/sshd_config
Ciphers aes128-ctr,aes192-ctr,aes256-ctr KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256 MACs hmac-sha2-256,hmac-sha2-512
A nice resource to test the speed: https://speedof.me/.
Phoenix and Ecto. First Steps
Valid as of Phoenix 1.2
Show routes:
mix phoenix.routes
Generating resources:
mix phoenix.gen.html Post posts –no-model
mix phoenix.gen.json Post posts
Ecto
Types
- :string
- :integer
- :map
- :binary_id
- :float
- :boolean
Writing Queries
Two ways
- Query
import Ecto.Query from p in context.Posts where p.Title.Contains("Stuff") select p; - Expression
MyApp.Post |> where(titlle: "Stuff") |> limit(1)
Making changes – https://hexdocs.pm/ecto/Ecto.Changeset.html
changeset = Post.changeset(post, %{title: “updated”})
Repo.update(changeset)
Repo.delete(post)
Migrations
Generate migration:
mix ecto.gen.migration [migration_name] -r [repo]
Generate schema:
mix phoenix.gen.model [Schema] [table] [fields] -r [repo]
Run/Rollback migration
mix ecto.migrate -r [repo]
mix ecto.rollback -r [repo]
Generate migration:
Does not generate schema module:
mix ecto.gen.migration [migration_name] -r [repo]
Generates both schema model and a migration:
mix phoenix.gen.model [Schema] [table] [fields] -r [repo]
To avoid specifying repo all the time:
config :my_app, ecto_repos: [MyApp.Repo]
Starting with Phoenix. Installation.
Prerequisites (valid as of Phoenix 1.2)
Mac
- Elixir – brew install elixir
- node – brew install node
- Postgres – Postgres.app
Windows
For Windows, can use Chocolatey to install node and Elixir. Postgres seems to be outdated as of time of this post. Or download from source and install:
Add to Windows path PostgreSQL (dependent on PostgreSQL version), so we can use psql on command line –
C:\Program Files\PostgreSQL\9.6\bin
C:\Program Files\PostgreSQL\9.6\lib
Install phoenix:
$ mix archive.install https://github.com/phoenixframework/archives/raw/master/phoenix_new.ez
Alternatively, download a specific version from https://github.com/phoenixframework/archives.
Generate and run a new project:
$ mix phoenix.new my_first_app $ mix ecto.create $ npm install $ iex -S mix phoenix.server iex> :observer.start