Posted on July 16, 2010 by Mikko Ohtamaa Filed Under linux, technology, ubuntuTags: bug tracker, crash, linux, log files, skype
Symptoms: Your Skype crashes on incoming chat message or if you try to open a contact info / chat message – usually this leads to a crash on Skype start-up because there are always incoming chat messages in a queue.
Skype is not really helpful regarding how to get meaningful log information from the client, but it is possible.
Create a log directory
mkdir ~/.Skype/Logs
Run Skype from the command line and open a chat window so that it crashes
moo@murskaamo:~$ skype
Aborted
Now there should be log data available
moo@murskaamo:~$ ls -lh ~/.Skype/Logs/
total 724K
-rw-r--r-- 1 moo moo 607K 2010-07-16 11:10 skype_20100716-1110.log
-rw-r--r-- 1 moo moo 116K 2010-07-16 11:10 skype_20100716-1110.trace.txt
However, those log files are little useful for anybody except Skype developers as they are encrypted. Your only hope is to submit them to a Skype bug tracker and hope that someone answers you something meaningful. The guidelines how to create a bug report and how they are processed is little unclear – there doesn’t seem to be clear announcement from Skype whether they process these reports or not.
The crashes probably are due to incompatible system library versions / bugs in them. Try downloading static Skype versions which does not use system libraries.
Read our blog 
Subscribe mFabrik blog in a reader 
Follow us on Twitter 
Mikko Ohtamaa on LinkedIn
Posted on July 16, 2010 by Mikko Ohtamaa Filed Under linux, technology, ubuntuTags: area, bubbles, corner, location, lucid lynx, notifications, notify-osd, ubunty
Ubuntu notifications, those grey bubbles for incoming instant messages and such, are in the top right corner under the system tray area by default. Many applications, like Google Chrome browser, place lots of controls there and notifications might block them. Also, you might prefer some other corner due to your personal taste. The application for responsible for those bubbles is called notify-osd.
Here are instructions how get a custom notification-osd which can read a config file where you can specify settings for the notifications. Though it requires you to install a custom notify-osd version, the instructions are plain and simple. For less hardcode users, there also exists a version with graphical user interface to configure notify-osd.
Read our blog Subscribe mFabrik blog in a reader Follow us on Twitter Mikko Ohtamaa on LinkedIn
Posted on May 31, 2010 by Mikko Ohtamaa Filed Under apache, linux, technology, ubuntuTags: apache, email. chmod, install, installation, joomla, linux, mysql, permissions, shell, sudo, ubuntu, unix, virtualhost
This how to shorty explains how to set-up a Joomla! hosting on a shared hosting server you own to have basic security. This instructions apply for Debian/Ubuntu based systems, but can be generalized to any Linux based system like Fedora.
In this how to we use the following software versions
- Joomla 1.5
- Apache 2.2
- MySQL 5.1
- Ubuntu 8.04 Hardy Heron server edition
The instructions may apply for other versions too.
Prerequisitements
What you need to have in order to use this how to
- Basic UNIX file permissions knowledge
- Basic UNIX shell knowledge
- You have a Linux server (Ubuntu / Debian) for which you have root user access and you plan to use this server to host one or several Joomla! sites
- Apache and MySQL instaleld on your server
User setup
Set-up an UNIX user on a dedicated server for Joomla! hosting. The user can SSH in the box and write to his home folder, /tmp and /var/www site folder.
We create a user called “user” in this instructions. Replace it with the username you desire. We also use the example site name (www).yoursite.com.
Create new UNIX user and /home/user folder.
sudo adduser user # Asks for the password and created /home/user
Create corresponding /var/www/user folder.
sudo mkdir /var/www/user
sudo chmod -R user:user /var/www/user # Only user has writing access to this folder
Setup MySQL user account
Install MySQL as per Debian/Ubuntu instructions.
Login as MySQL admin user (may vary depending how your MySQL is configured). Note that first you will be asked for sudo password, then for MySQL administrative user password.
sudo mysql -u admin -p
Then create a new database with the same name as new as the UNIX user. Make sure that we use UTF-8 character encoding so we avoid irritating encoding problems in the future.
CREATE DATABASE user DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci;
Create a MySQL user with the same name as the UNIX user. Use a random password and give it all rights for the database. Note that this password should differ from the UNIX username password as this must be stored as plain-text in Joomla PHP files. Also MySQL differs users whether they came from localhost or other IP address. Here we use localhost so that the database is connectable only from the same server as Apache is running.
GRANT ALL ON user.* TO 'user'@'localhost' identified by 'zxc123zxc';
Extract Joomla! installation files
Enter the folder which will contain web site PHP files.
sudo -i -u user # pose yourself as UNIX user who runs the site
cd /var/www/user
wget http://joomlacode.org/gf/download/frsrelease/12350/51111/Joomla_1.5.18-Stable-Full_Package.zip
Unzip it.
unzip Joomla_1.5.18-Stable-Full_Package.zip
Exit posing yourself as user UNIX user.
exit
Set file permission
In order to secure your server
- Configuration files and upload directory must be writable by Apache user (www-data for Ubuntu/Debian, httpd for Fedora/Red Hat)
- Other .php files should be read-only
Note that during Joomla’s browser based installation Apache’s www-data must have write access to folder in order to create configuration.php file. We will later remove this access right.
We will set Joomla! files under UNIX group group www-data so that Apache can read them. Certain files are set to be writable. This must be done as root user.
sudo chown -R user:www-data /var/www/user # Make user group to www-data
sudo chmod g+wrx /var/www/user # Read only access to www-data user. Write access for installation, will be later removed.
Now ls -l command in /var/www/user should give you something like this for fil masks:
drwxr-xr-x 11 user www-data 4096 2010-05-28 10:22 plugins
-rwxr--r-- 1 user www-data 304 2010-05-28 10:21 robots.txt
drwxr-xr-x 6 user www-data 4096 2010-05-28 10:22 templates
Creating Apache configuration
This allows serving Joomla! by Apache and starting the browser based configuration.
First create Apache configuration file under /etc/apache2/sites-enabled as root user. We assume nano terminal base text editor is installed on the server.
sudo nano /etc/apache2/sites-enabled/yoursite.conf
Below is a sample configuration file. You may need to match your server public IP in <virtualhost, so that Apache knows for which IP address sites are served. We use virtual hosting: every site on the server is identified by incoming HTTP request.
<VirtualHost *>
ServerName yoursite.com
ServerAlias www.yoursite.com
ServerAdmin info@yourcompany.com
LogFormat combined
TransferLog /var/log/apache2/yoursite.log
# Make sure this virtual host if capable of executing PHP5
Options +ExecCGI
AddType application/x-httpd-php .php .php5
# Point to www folder where Joomla! is extracted
DocumentRoot /var/www/yoursite
# Do not give illusion of safety
# as PHP safe_mode really is a crap
# and only causes problems
php_admin_flag safe_mode off
#
# This entry will redirect traffic www.yoursite.com -> yoursite.com
# Assume mod_rewrite is installed and enabled on Apache
# 301 is HTTP Permanent Redirect code
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.yoursite\.com [NC]
RewriteRule (.*) http://yoursite.com$1 [L,R=301]
</VirtualHost>
Faking the DNS entry
If you have not yet reserved a domain name for your site, but still want to get the virtual host working, you can add a DNS name entry into a
hosts file on your local computer. The following assumes you are using Ubuntu desktop, but
hosts file is available on Windows and OSX too.
sudo gedit /etc/hosts
Then add the lines like the example below. Do not forget to remove this from hosts file when the actual DNS has been set up.
# Force this hostname to go to your server public IP address from your local computer
123.123.123 yoursite.com www.yoursite.com
Start Joomla! browser based installation
Then enter the URL of your site to the browser:
http://yoursite.com
Joomla! installation page should appear.
- Fill in MySQL database values as created before.
- If you plan to use SSH for file transfer do not enable FTP layer (unsecure).
- Use a random password as Joomla! administrator user and store it somewhere in safe.
- When Joomla! browser based installation goes to the point it asks you to remove the installation directory follow the instructions below.
Secure the configuration
Now remove extra permissions from Apache’s www-data user so that in the case there is a PHP / Joomla security hole, your site files cannot get compromised.
Some folders must remain writable as Joomla! will upload or write files in them.
sudo chmod -R g-w /var/www/user # Remote write permission
sudo rm -rf /var/www/user/installation # Remove installation directory
# Add write permission to folders which contain writable files
sudo chmod -R g+x /var/www/user/logs
sudo chmod -R g+x /var/www/user/images
sudo chmod -R g+x /var/www/user/tmp
sudo chmod -R g+x /var/www/user/images
Setting up htaccess files
Joomla! comes with a sample htaccess file which has some security measurements by having RewriteRules to prevent malformed URL access.
To install this file do the following
sudo -i
cd /var/www/user
cp htaccess.txt .htaccess
chmod user:www-data .htaccess # Set file permission to be readable by Apache and writable by the UNIX user
Then we create a .htaccess file which we will place in all folders with Joomla! write access to prevent execution of PHP files in these folders. First we create htaccess.limited file which we use as a template.
sudo -i
cd /var/www/user
nano htaccess.limited # Open text editor
Use the following htaccess.limited content
# secure directory by disabling script execution
AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi
Options -ExecCGI -Indexes
And put the master template htaccess.limited to proper places
cp htaccess.limited media/.htaccess
chown -R user:www-data media/.htaccess
cp htaccess.limited tmp/.htaccess
chown -R user:www-data tmp/.htaccess
cp htaccess.limited logs/.htaccess
chown -R user:www-data logs/.htaccess
cp htaccess.limited images/.htaccess
chown -R user:www-data images/.htaccess
Start using the site
Now go to your site with the browser again and Joomla! start page should come up.
Login as administration account you gave in Joomla! browser based installation.
Type URL http://yoursite.com in your browser.
Setting outgoing email
This is probably first thing you want to do as Joomla! administrator. You configure the SMTP server which will be used for outgoing email. The server is usually provided by network operator who provides the internet connection for your server.
Login as Joomla! administrator user.
Go to Site -> Global Configuration -> Server.
Choose SMTP mail mode.
Enter SMTP details.
Test outgoing email
Create a new user with an email address you control The user should receive New User Details email message from the site on the moment the user is created.
Maintaining file permission
If you modify or create any files (e.g. upload a new theme) to your server you need to set file permissions for it.
- UNIX user: user (your site username)
- UNIX group: www-data
To make it possible to set the group ownership with user user you first need to add it to www-data group.
sudo usermod -a -G www-data user # Add user to www-data group so that it can set group permissions
Then you can fix the permissions for uploaded files (templates and libraries folders assumed)
sudo -i -u user # Login as your UNIX user
chgrp -R www-data templates libraries # Fix group ownership
chmod -R g+rx libraries templates # Set read access for the group
This way secure file permissions are fixed after files have been changed. Alternatively, if your secure SFTP program supports setting permissions during the file upload, you can use that option
Read our blog Subscribe mFabrik blog in a reader Follow us on Twitter Mikko Ohtamaa on LinkedIn
Posted on April 16, 2010 by Mikko Ohtamaa Filed Under linux, osx, technology, ubuntu
ssh-copy-id is a handy shell script which allows you to easily copy your public key to a remote server, so that you don’t need type in password every time you take SSH connection into that box. Ubuntu and the latest Linux distros ship ssh-copy-id with the ssh client installation. However, for OSX you need to manually drop this little script into your /usr/bin.
The usage is simple. Just run:
ssh-copy-id remotebox.com
to copy your public SSH key to remotebox.com. After that
ssh remotebox.com
shoud ask no password.
Working installation instructions for ssh-copy-id on OSX are in Chris Pitzer’s blog.
Read our blog Subscribe mFabrik blog in a reader Follow us on Twitter Mikko Ohtamaa on LinkedIn
Posted on April 9, 2010 by Mikko Ohtamaa Filed Under git, linux, shell, ssh, technology, ubuntu
I just run into this when tried to enable Github SSH to perform git push.
The workaround is to run command
`eval ssh-agent`
Which sets series on environment variables making ssh-add to work.
I don’t know why this doesn’t work anymore – I am quite sure it worked on earlier Ubuntu versions out of the box.
Related bug report.
Posted on January 2, 2010 by Mikko Ohtamaa Filed Under linux, postgresql, ubuntu
This blog post will have some short notes about monitoring and profiling PostgreSQL databases.
pgtop
pgtop provides UNIX top command like user interface for PostgreSQL. pgtop command is available as Perl CPAN module.
How to install Perl CPAN modules as non-root user on Ubuntu (note: when it prompts to run sudo, answer no).
To install pgtop install following CPAN modules first: Term::ANSIColor, Term::ReadKey, DBD::Pg
perl -MCPAN -Mlocal::lib -e 'CPAN::install(DBD::Pg)'
perl -MCPAN -Mlocal::lib -e 'CPAN::install(Term::ReadKey)'
perl -MCPAN -Mlocal::lib -e 'CPAN::install(Term::ANSIColor)'
pgtop install instructions
pgtop manul
Running pgtop:
perl pgtop -d databasename -u yourdbuser -p yourdbuserpassword
pgfouine
pgfouine is a log analyzer for PostgreSQL.
Posted on October 11, 2009 by Mikko Ohtamaa Filed Under linux, technology, ubuntuTags: asus, eee, fdi, hal, karmic koala, linux, macbook, multi-touch, scroll, synaptics, synclient, touchpad, two-finger, ubuntu, x11, xinput
This post is specific to Asus Eee 1005HA netbook, but the technique explained here can be used on any computer having Synaptics touchpad.
Multi-touch gestures allow you to perform user interface actions by doing two finger gestures on touchpad. Apple introduced this feature on Macbooks and after you get used to it, it greatly enhances your web browsing on mouseless netbook. The most important gesture is scroll text by swiping the touchpad with two fingers.
Apple has also many patents related to the gestures so they are not enabled by default.
The real multi-finger touch support needs multi-finger aware (capacitive) touchpad. Most PC laptops are not equipped with one. Luckily some of the simple gestures, like two finger scrolling, can be emulated on normal pressure point sensitive touchpad via clever calculations and other tricks.
Note: Ubuntu HAL support for Synaptics seem to be broken. Only shell script at the end of the post will work. HAL options in FDI file are being ignored.
Setting up Synaptics driver
Type in terminal
gksudo gedit /etc/hal/fdi/policy/11-x11-synaptics.fdi
Create and save file with this content:
<?xml version="1.0" encoding="ISO-8859-1"?>
<deviceinfo version="0.2">
<device>
<match key="info.capabilities" contains="input.touchpad">
<merge key="input.x11_driver" type="string">synaptics</merge>
<merge key="input.x11_options.SHMConfig" type="string">On</merge>
<merge key="input.x11_options.EmulateTwoFingerMinZ" type="string">40</merge>
<merge key="input.x11_options.VertTwoFingerScroll" type="string">1</merge>
<merge key="input.x11_options.HorizTwoFingerScroll" type="string">1</merge>
<merge key="input.x11_options.TapButton1" type="string">1</merge>
<merge key="input.x11_options.TapButton2" type="string">3</merge> <!--two finger tap -> middle clieck(3) -->
<merge key="input.x11_options.TapButton3" type="string">2</merge> <!--three finger tap -> right click(2). almost impossible to click -->
</match>
</device>
</deviceinfo>
This allows us to use synclient utility to watch touchpad real-time data in console window.
Now restart X
sudo /etc/init.d/gdm restart
And open terminal again.
Type in command
synclient -m 100
And you should see data like this scrolling in the terminal:
129.355 2912 3469 59 1 4 0 0 0 0 0 00000000 0 0 0 0 0
129.455 2952 3529 59 1 4 1 0 0 0 0 00000000 0 0 0 0 0
time x y z f w l r u d m multi gl gm gr gdx gdy
129.555 3283 3516 60 1 4 1 0 0 0 0 00000000 0 0 0 0 0
129.656 3928 3517 60 1 4 1 0 0 0 0 00000000 0 0 0 0 0
129.756 4364 3637 60 1 4 1 0 0 0 0 00000000 0 0 0 0 0
129.856 4020 3329 49 1 4 0 0 0 0 0 00000000 0 0 0 0 0
129.956 3634 3122 58 1 4 0 0 0 0 0 00000000 0 0 0 0 0
130.057 3320 2957 60 1 4 0 0 0 0 0 00000000 0 0 0 0 0
130.157 2779 3312 61 1 4 0 0 0 0 0 00000000 0 0 0 0 0
130.257 2557 3739 61 1 4 0 0 0 0 0 00000000 0 0 0 0 0
130.358 2636 3485 39 1 4 0 0 0 0 0 00000000 0 0 0 0 0
130.458 2659 3104 60 1 4 0 0 0 0 0 00000000 0 0 0 0 0
130.558 2671 2988 60 1 4 0 0 0 0 0 00000000 0 0 0 0 0
f column tells the number of fingers. w is the touched area width. z is the pressure.
If you put two fingers on touchpad and you see value f=2 then your hardware has multi-touch aware touchpad. Unfortunately Asus Eee 1005HA doesn’t seem to have one 
Emulation approach
Synaptics driver can emulate two-finger touch with the following conditions
- Touched area width exceeds certain threshold (min width)
- Touch pressure exceeds certain thresholds
When the conditions are met the driver thinks “Wow looks this guy is pressing us really hard. maybe he is using two fingers?” Note that touchpad values are touchpad specific and values applying for one model don’t work on another computer.
Synaptics driver settings are described here. Synaptic driver settings can be modified run-time using xinput command. Run synclient -m 100 in one terminal window and change threshold values in other until you find correct emulation parameters for your laptop. Below is my xinput tests. Test scrolling on Firefox and any long web page.
moo@huiskuttaja:~$ xinput set-int-prop "SynPS/2 Synaptics TouchPad" "Synaptics Two-Finger Width" 32 7
moo@huiskuttaja:~$ xinput set-int-prop "SynPS/2 Synaptics TouchPad" "Synaptics Two-Finger Pressure" 32 280
moo@huiskuttaja:~$ xinput set-int-prop "SynPS/2 Synaptics TouchPad" "Synaptics Two-Finger Width" 32 11
moo@huiskuttaja:~$ xinput set-int-prop "SynPS/2 Synaptics TouchPad" "Synaptics Two-Finger Pressure" 32 50
moo@huiskuttaja:~$
Looks like the following parameters are good for two finger emulation for Asus Eee 1005HA:
- Width: 8
- Pressure (Z): 10
You can also use command synclient -l to dump the current settings.
Below is the final script you need to run during log-in (see note about broken HAL at the beginning of the post):
#!/bin/sh
#!/bin/sh
#
# Use xinput --list-props "SynPS/2 Synaptics TouchPad" to extract data
#
# Set multi-touch emulation parameters
xinput set-int-prop "SynPS/2 Synaptics TouchPad" "Synaptics Two-Finger Pressure" 32 10
xinput set-int-prop "SynPS/2 Synaptics TouchPad" "Synaptics Two-Finger Width" 32 8
xinput set-int-prop "SynPS/2 Synaptics TouchPad" "Two-Finger Scrolling" 8 1
xinput set-int-prop "SynPS/2 Synaptics TouchPad" "Synaptics Two-Finger Scrolling" 8 1 1
# Disable edge scrolling
xinput set-int-prop "SynPS/2 Synaptics TouchPad" "Synaptics Edge Scrolling" 8 0 0 0
# This will make cursor not to jump if you have two fingers on the touchpad and you list one
# (which you usually do after two-finger scrolling)
xinput set-int-prop "SynPS/2 Synaptics TouchPad" "Synaptics Jumpy Cursor Threshold" 32 110
Jumpy cursor after two finger scroll
When you do a two-finger scroll and lift your one finger before the other the mouse cursor/scrolling may jump. Synaptics driver does not seem to have an option to filter out this bad event. If anyone knows solution for this please comment.
Other resources
Posted on September 30, 2009 by Mikko Ohtamaa Filed Under Business, django, iphone, linux, mobile, pys60, python, technologyTags: analytics, apache, apex vertex, augmented reality, bicycling, bilingual, browser, browsercontrol, capabilities, darwin, django, django-cms, extjs, google maps, gps, handset, html5, iphone, lbs, linux, localhost, location based, map, media, mobile, mobile profile, mod_python, multichannel, multilingual, nokia, oulu, phonegap, premium, print, publishing, python, rtsp, series 40, series 60, sniffing, streaming, symbiansigned, tourism, traffic statistics, twinapex, ubuntu, upnorth, user agent, webkit, xhtml
Recently we created a mobile site for an interactive bicycle tour. oulugo.mobi (you need to use mobile browser to access the site or you’ll get a redirect) is a multimedia enriched bicycle tour through the historic parts of the city of Oulu. All content is provided by OnGo.
The route, which you can bicycle through is drawn on Google Maps. There are nine action points where the user can listen to streaming audio clips, with still images, in his/her mobile phone. This is sort of augmented reality experience: The user sees the real world (where he/she is now bicycling) combined with the historic events (audio playback narrative). For example, at Linnansaari (a location on the route) you’ll see the actual 17th century castle ruins and the narrator tells how the castle exploded when fire, caused by a lighting, reached gunpowder warehouse… boom. The explosion caused stones fly over 400 meters.
Alternatively, the clips are available as podcasts from Oulu Tourism pages. You can download them into your iPod for offline listening and use in conjuction with a paper map. This demostrates interesting mix of multichannel publishing: paper, web, mobile and podcasts.
The tour is bilingual in Finnish and English.
There exists unreleased iPhone application, based on PhoneGap, which allows the user to track his/her location real-time on the web page. We didn’t see it worth of trouble to go through Apple iPhone application review process. When location based service support comes for the browser this feature is indended to be included as the standard HTML5 feature of the service.
There also exists Nokia Series 60 mobile application, based on PyS60 and Series 60 BrowserControl API, which allows the user to track his/her location in real-time. The application provides wrapper around Series 60 WebKit control and allows Javascript to access phone native functions (GPS) over localhost socket communication. Like with Apple, we didn’t see real-time tracking feature interesting enough to go through Symbian Signed process to get our application released. Also, BrowserControl had seriousquality problems and we didn’t consider it stable enough for the end users. Some work is available in PyS60 Community Edition repository.
The service is hosted on Python specific virtual server on Twinapex services server farm.
Features
- Premium content tailored for audio listening
- Dubbed in English and Finnish by a professional voice actor
- Bilingual: English/Finnish
- Adapts for smartphones (WebKit based browsers) and low end phones (XHTML mobile profile browsers)
- Streaming video and audio (RTSP / progressive HTTP download forv iPhone). Different audio quality is provided on depending on the handset features.
- Screen resolution detection based on user agent sniffing. Three different version of images are used.
- Custom Google Maps component for mobile is used. The component adapts for different mobile phones based on sniffing. Features include zoom, show action point, show the current location, search street address name. This component can be published on a request.
- Management interface features include video upload, video transcoding different mobile versions and editing bilingual content
- Apex Vertex handset database is used to detect the user’s mobile phone capabilities
- Apex Vertex logging and traffic analytics capabilities are used for the site statistics
Software stack
Development effort
Development time: Around 100 hours. Three different developers where involved. Used development tools: Eclipse, PyDev, Subclipse, Subversion. There were around five meetings between the content provider and the technology provider. Few beta testing rounds using iPhone application were performed by bicycling in -10 celcius degrees weather (north and so on…). No polar bears were harmed during the creation of this mobile service.
The service is linked in from Oulu Tourism pages and thousands of paper brochures printed for Oulu summer season 2009.
About the author Mikko Ohtamaa
Posted on November 19, 2008 by kipi Filed Under Business, Uncategorized, linux
Tourists and travelers do carry nowadays mobile phones all the time with them, but are not using them only for calls and sending text messages. More and more, because of faster mobile phone networks, they are using mobile phones for chatting, checking emails and using other network based services, like searching for information. And use most likely will increase, especially here in Europe as European Union bureaucrats has taken lately active role for making use of mobile phones more cheaper while traveling in Europe.
Country and city tourist offices, as well as other organizations publishing information for tourists and travelers, traditionally have lots of information available on the internet. Background information, history, practical information like about transportation, sights, restaurants, bars and nightlife, not forgetting maps and other content types like videos and audios. Unfortunately this information is not easily usable, if at all, by mobile phones and mobile phone browsers thus making it practically unusable for tourist after s/he has left home and started her/his travel.
Its actually surprise how little there’s usable tourism and travel information which can be used with mobile phones. Here in Finland Helsinki has its own mobi site but, well, not so attractive service and could have more content. Especially if compared for the mobile service provided by eg. SAS, even their focus is a bit different.
What’s the problem? Most likely that those tourism offices and boards are just so traditional, slowly moving elephants. This have seen already when internet, as term and a “channel”, was new and how slowly tourism and travel communications moved into the net. Now the good sides, more cost effective and up to date communication, has been seen but hopefully value of mobile phones and services for them wont take so much time as it did with web services. Because the tourists and travelers are here, now, and willing to use information if that’s just available.
Posted on September 25, 2008 by Mikko Ohtamaa Filed Under linuxTags: 3306, bind_address, dnat, iptables, localhost, mysql, mysqld, port forward, prerouting, xinetd
MySQL has an ugly design fault preventing it to listen more than one interface in its bind_address my.conf directive. Thus, you usually cannot connect to the same MySQL instance using localhost and external IP sources.
Here is a workaround based on xinetd daemon. These are sample commands for Ubuntu/Debian.
Go to root
sudo -i
Install xinetd
apt-get install xinetd
Add a new xinetd mapping
pico /etc/xinetd.d/mysql
service mysql
{
only_from = localhost mansikki.redinnovation.com 80.75.108.108 server213-171-218-5.livedns.org.uk 213.171.218.5
flags = REUSE
socket_type = stream
wait = no
user = root
redirect = 127.0.0.1 3306
log_on_failure += USERID
interface = 84.34.147.68
}
Restart xinetd
/etc/init.d/xinetd restart
To debug xinetd:
/etc/init.d/xinetd stop
xinetd -d
xinetd only_from directive also gives an access control by allowed source IP addresses. This protects your MySQL against bots and brute force attacks.
Note that iptables DNAT translation doesn’t work (easily). Localhost packets don’t travel PREROUTING and POSTROUTING chains.
Next Page →
