Ross's Shared News Items

Wednesday, July 30, 2014

Linux users - Upgrade skype to 4.3 now

I've recently found that skype for Linux versions prior to 4.3 are having problems with chat, and other things that made using skype between my Ubuntu desktop, Macbook, and my iPhone make me scratch my head and wonder what's wrong with linux Skype. It almost felt like something of a skype split brain problem. Anyway... if you use Linux, you probably want to/ need to upgrade to Skype 4.3 or greater and you're going to need to do it manually.

Background: Linux users have been trained over many years to just be thankful that Skype for Linux EXISTS, that Microsoft didn't kill the port, and that an occasional update for Linux still gets pushed out. Somehow... over time... someone produces proper 3rd party packages with proper dependency tracking and puts them in a repository, and life has been mostly good.


I run Ubuntu, and I've gotten used to installing Skype from the partner repository as described here in the official Ubuntu Skype guide.

To install the latest version of Skype, I agree with the recommendations here:

  1. If skype is not already installed, install the packaged version of skype from the Canonical partners repository to get proper dependencies installed first
  2. uninstall skype
  3. download and install the new skype from skype.com

The 4.3 version has solved my Skype 'split brain' problems, random weirdness, and issues with Skype chat.
Posted by at No comments:

Friday, July 18, 2014

HOWTO: Enable SSL, notifications, and auto-updates in Phabricator install

Phabricator on Ubuntu 14.04 - post-install server configuration: SSL, notifications, auto-update, auto-start

I searched around for agile development and code review tools and was very pleasantly surprised with Phabricator. Used heavily at Facebook, it's got just about everything a development team could want or need.

I followed this setup guide to get up and running quickly. Nothing I've added below is particularly complex or difficult. I did deviate from this guide in two areas:

  1. I used Ubuntu 14.04 -- it's solid. No reason to use 12.04 for this.
  2. I did NOT install phpMyAdmin -- It's a nice tool, but it's also one of the most popular attack vectors for internet facing servers. I don't need it, so I follow the rule of occam's razor - "Everything should be as simple as possible - and no simpler"

Follow above guide and you've got a default phabricator instance up and running. Cool, Huh?

Here's what I think is missing from the above guide:

Enable SSL and force all traffic to SSL

If you have a wildcard SSL cert... you probably want to use it to protect sites containing your source code. If you don't have an SSL certificate, you might want consider getting one.

Deploy your ssl certs in the OS instance:
mkdir -p /etc/nginx/ssl
copy yoursite.com.crt and yoursite.com.key to /etc/nginx/ssl

Update nginx webserver config

edit /etc/nginx/sites-enabled/phabricator

Add a section that rewrites port 80 (http) traffic to port 443 (https) at the top:
server {
    root /opt/phabricator/phabricator/webroot;
    location / {
        rewrite ^ https://$http_host$request_uri? permanent;
    }
}

Add or Modify the second, original server secton below to be rules for our new default port 443 server to look like this:
server {
  set $fqdn phabricator.vettersoftware.com;
  set $phabWebRoot /opt/phabricator/phabricator/webroot;

   listen 443 ssl;

   server_name $fqdn;

   root      $phabWebRoot;
  ssl on;
  ssl_certificate /etc/nginx/ssl/yoursite.com.crt;
  ssl_certificate_key /etc/nginx/ssl/yoursite.com.key;
  ssl_session_timeout 30m;

 ...

Update the internal phabricator settings for base-uri

/opt/phabricator/phabricator/bin/config set phabricator.base-uri 'https://phabricator.yoursite.com/'

Restart nginx
service nginx restart


Enable Phabricator's aphlict notifications

See: https://secure.phabricator.com/book/phabricator/article/notifications/

Install pre-requestites for aphlict
sudo apt-get install nodejs

Set notification config option
/opt/phabricator/phabricator/bin/config set notification.enabled true

Start notification service
/opt/phabricator/phabricator/bin/aphlict start

Start all services on instance boot

This is not included in the guide I used. It's not complex. I include it here in hopes it helps others who haven't been building UNIX systems for decades.

edit /etc/rc.local and add the following lines:

#start phabricator daemons
/opt/phabricator/phabricator/bin/phd start
#start aphlict notification server
/opt/phabricator/phabricator/bin/aphlict start

Automate phabricator upgrades

Phabricator code gets updated frequently. You want those new features and bug fixes, right? You believe in continuous integration, right? Right!

cd /opt/phabricator
wget http://www.phabricator.com/rsrc/install/update_phabricator.sh
chmod a+x update_phabricator.sh

edit /opt/phabricator/update_phabricator.sh

change line 14: ROOT=`pwd` to:
ROOT='/opt/phabricator'

change all references to /etc/init.d/httpd to /etc/init.d/nginx since we're using nginx
uncomment the notification server stop and start lines

Add '--force' option and end of '$ROOT/phabricator/bin/storage upgrade' line so it looks like this"

$ROOT/phabricator/bin/storage upgrade --force

save

Test the upgrade script.

./update_phabricator.sh

Add cronjob to run upgrade script weekly.

crontab -e

add following lines, season to taste, and save:

# update phabricator every Saturday at 9:35AM
35 9 * * Sat /opt/phabricator/update_phabricator.sh


You're done!
Posted by at No comments:

Thursday, July 17, 2014

HOWTO: Configure Gitlab 7 Omnibus install on Ubuntu to use SSL

Gitlab is a great tool for managing source code. Gitlab's omnibus install on Ubuntu is great too -- an easy install, and a clearly documented, simple upgrade path. I wanted to make gitlab use SSL, but I found the documentation for what I thought was the most common install to be sparse, outdated, and confusing. (Then again, I've found many things about SSL certificates in general to be poorly documented and confusing... maybe it's just me)

This guide assumes that you have a running gitlab instance on Linux installed via above Gitlab omnibus install. It is also assumed that you already have either a specific SSL certificate for your site (ex: gitlab-foo.yourdomain.com) or wildcard SSL certificates for your site (ex: *.yourdomain.com).

Below is a summary of what I did to convert my Gitlab instance to use SSL. I hope this is helpful to others:

My server: Ubuntu 12.04 x64 HVM - running in Amazon Web services on a C3.Large instance. At the time I installed this, there were some issues that prevented me from deploying Ubuntu 14.04, but I expect everything below should work exactly the same for Ubuntu 14.04

Put your ssl certificates on gitlab server

mkdir -p /etc/nginx/ssl

put your ssl certificates in this directory as:
   server.crt <-- public key
   server.key <-- private key in .pem format (first line contains something like BEGIN ___ PRIVATE KEY = .pem format)

Edit gitlab.rb template config file

edit /etc/gitlab/gitlab.rb and add or modify following lines:

  external_url 'https://your.domain.com'
  nginx['redirect_http_to_https'] = true
  nginx['ssl_certificate'] = "/etc/nginx/ssl/server.crt"
  nginx['ssl_certificate_key'] = "/etc/nginx/ssl/server.key"

Edit gitlab.yml config file

edit /var/opt/gitlab/gitlab-rails/etc/gitlab.yml

  port: 443
  https=true

Edit gitlab-shell/config.yml

edit /var/opt/gitlab/gitlab-shell/config.yml

  ca_file: /etc/nginx/ssl/server.crt 
  ca_path: /etc/nginx/ssl
  gitlab_url: "https://127.0.0.1:8080"

Reconfigure with chef and restart

sudo gitlab-ctl reconfigure
sudo gitlab-ctl restart

.... and that should do it!
Posted by at 4 comments:

Long time, no blog...

Hello, there blog. It's been a few years... I have 2 kids now and changed jobs. Maybe I'll start posting more here again.
Posted by at No comments:
Subscribe to: Posts (Atom)