Category Archives: IT

Preserving Remote IP/Host while proxying

You host your web application with a hosting provider. Your application log/access IP address of your users and you get 127.0.0.1 or some other private IP. Deja Vu? Most likely reason for the above scenario is your hosting provider is using a proxy and the proxy server sits in the same machine or in the same network. Under a such situation we end up using X-Forwarded-For header.

I am aware of two solutions to be used in such a proxy setup so the developer doesn’t have to end up using X-Forwarded-For header.

1.) When the proxy server is an Apache, using ProxyPreserveHost directive in mod_proxy.
This can be used to preserve the remote host not the remote ip. This is useful for situations where name based virtual hosting is used and the backend server needs to know the virtual name of host.
Open mod_proxy configuration file of your proxy server and enter directive, ProxyPreserveHost On, and restart your apache instance.

2.) When backend server is apache, use mod_rpaf
This apache module can be used to preserve both remote IP/HOST. Internally it uses X-Forwarded-For header to detect a proxy in it’s list of known proxies and reset the headers accordingly. This works with any proxy server in the front end provided that the proxy server sets X-Forwarded-For header. To use mod_rpaf, install and enable it in the backend server and add following directives in the module’s configuration.
RPAFenable On
RPAFsethostname On
RPAFproxy_ips 127.0.0.1

Remote IP is automatically preserved when RPAFenable On directive is used. RPAFsethostname On directive should be used to preserve host and RPAFproxy_ips is the list of known proxy ips.

Restart backend apache server and you are good to go.

Git over http(s)

Traditionally git used to work only over ssh or git protocols while there was only a dumb version of git over http which was slow and inefficient. While this was ok for most of the time sometimes git needs to be able to work over http. Now starting from git 1.7 both git servers and clients have support for smart http which works over http(s) and is supposed to be as efficient as the ssh version.

This functionality is made available by a cgi script called git-http-backend provided with git-core. So for git to work over http(s) there should be a web server already configured and as a result there won’t be any conflicts by both the web server and git trying acquire port 80.

The manual for the git-http-backend can be found here.

The following steps can be used to configure git to work over http(s) with Apache.

1) First configure Apache

Make sure mod_cgi, mod_alias, and mod_env are enabled.

Open the Apache config file and append the following. Debian based system should have it under /etc/apache2/apache2.conf by default

SetEnv GIT_PROJECT_ROOT /home/user/git_pub
SetEnv GIT_HTTP_EXPORT_ALL
ScriptAlias /git/ /usr/lib/git-core/git-http-backend/

The GIT_PROJECT_ROOT should point to the root folder where git repositories would be hosted. Set this away from the document root of the web server. What the above do is direct any requests with /git/ to the git-http-backend and tell the script that the root of git repositories is GIT_PROJECT_ROOT.

That is all that needs to be done that is specific to git over http(s). The manual for for the git-http-backend explains these steps pretty thoroughly.

Now for some tit-bits that are not explained in the manual. Those who are experienced with Apache and Git would find the following very boring.

2) For authentication for both read and write accesses append the following to theApache config file

<Location /git>
AuthType Basic
AuthName “Private Git Access”
AuthUserFile /etc/apache2/authusers
Require valid-user
</Location>

What the above do is make requests to /git only accessible to valid users and tell valid users are listed on the file /etc/apache2/authusers. Make sure the file authusers is accessible by Apache.

If there is no AuthUserFile in your system the following command can be used to create the user list at /etc/apache2/authusers and add the user ‘username’ to it. The command will prompt for a password for the user.

htpasswd -c /etc/apache2/authusers username

3) Restart Apache

On debian most probably, sudo /etc/init.d/apache2 restart

4) Create an empy bare git repository under the specified GIT_PROJECT_ROOT (/home/user/git_pub in our example)

cd to GIT_PROJECT_ROOT

mkdir project

cd project

git init –bare

5) Make the folder ‘project’ and it’s children owned by the user which the web server is run from. This should be done for push requests by clients to work or otherwise the web server won’t be able to merge files. On debian based systems this user is usually www-data and is defined in a file called envvars under apache2 installation.

sudo chown -R www-data project/
sudo chgrp -R www-data project/

Now the bare git repository should be pull-able and pushable by authorized users.

6) Clone the git repository over http(s) from another location

git clone http://username@host/git/project

7) Do the first commit

cd project
touch readme
git add readme
git commit -m “first commit”
git push origin master

It is as easy as that. From here the setuped git repository should work as normal.

Introducing Reegion

Finally it is time to go public on a project I had been working on. Enter Reegion, a social platform for localized content.

In the ocean of Information it is hard to find content with a regional significance. The content could be in the form of News articles, images, videos or just opinion of a person. The best way for this content to be unearthed is to let users share, rank and discuss content they discover. We are here with tools and solutions to facilitate this process.

Reegion is still on beta and works only for Sri Lanka for the time been. We want Reegion to be more featureful and our algorithms to be perfect, until then Reegion would remain on beta. Some features to be anticipated in the near future are popular contents made so by the interaction of the users, joining regions and support for more content types.

Our mission is to localize the Internet experience. We hope we be able to make social discovering and sharing much more fun and there by make the Internet much more useful in the local context. Try out Reegion, flock to your region, promote it and help us localize the Internet.

The best way to follow the progress of Reegion would be to use it (just kidding) or alternatively you can follow us through our twitter updates.

For the technically interested, the Reegion code is written in Python/Django and runs on a Apache/Nginx server.

University of Moratuwa tops GSOC 2009

University of Moratuwa has been able to top the Google Summer of Code program, yet again. With 22 participating students university of Moratuwa was far ahead from the second place, University of Campinas Brazil which had 12 participating students. I’m glad i was a part of this success. Here are some stats of GSOC 2009.

When Linux crashes

Yes Linux been another piece of software, gets crashed once in a while. Once I used to work with a Ubuntu machine that after 10 hours of work would always get stuck when trying to shutdown. Luckily for Linux users there are some options before reaching for the power button.

You can use a sequence of <alt + sysreq(Prnt Scrn) + key> to issue commands straight into the kernel even when the system is in a total non responsive state.

For example the following sequence of commands can rescue you from a crash and would execute a safe reboot.

ALT + SysReq + r
ALT + SysReq + s
ALT + SysReq + e
ALT + SysReq + i
ALT + SysReq + u
ALT + SysReq + b

Here you can find what each command actually does.

For the easiness of remembering the commands, the idiom, ‘Raising Skinny Elephant Is Utterly Boring’ is used.

Remember that the above commands would only work when the system is in a non-responsive state. Otherwise it would just throw a bunch of print screen windows at you.

I am on GitHub

Github is a web based project hosting service based on git that has social networking concepts embedded into it. They call it Social Coding. Apart from standard version control facilities github includes social networking features like RSS feeds and followers. Currently I have the GSOC 2009 project hosted in github and hopefully many more in the future.

You can follow my social codings at http://github.com/kasun.

I am selected for summer of code 2009

I am so happy to announce that I am selected for Google Summer of Code 2009. Over the next 4 months close to 1000 students from over 70 countries would work with close to 150 open source projects to make the world a little better place.

I am selected to work with Maemo and will be using Python. After programming all this time with Java I was planning to move to Python. This will be a great chance for me to learn Python while contributing to an open source project and on the process getting paid by Google.

Thank you very much Google for this wonderful program.