2011 – Page 3 – KutuKupret colorful website

Nginx, Simple Http Authentication Using ngx_http_auth_pam_module Module

I already have a list of users in a mysql database that I use for postfix smtp authentication/sasl.

I wonder, whether the list can be used for http authentication 😀 . Well, let’s find out.

First of all, of course we must compile nginx to support http_auth_pam_module module.
download ngx_http_auth_pam_module-1.2.tar.gz

When compiling from source build as usual adding the -add-module option:

./configure --add-module=$PATH_TO_MODULE

My pam_mysql for postfix smtp authentication /etc/pam.d/smtp

auth required pam_mysql.so user=user passwd=pass host=localhost db=db table=mailbox usercolumn=username passwdcolumn=password crypt=1 md5=1 sqlLog=0
account sufficient pam_mysql.so user=user passwd=pass host=localhost db=db table=mailbox usercolumn=username passwdcolumn=password crypt=1 md5=1 sqllog=0

admin June 6, 2011nginx, ngx_http_auth_pam_module1

nginx

Nginx, Strip All Newlines Using nginx-nonewlines Module

Nginx

Another Nginx module i’ve tested today, nginx-nonewlines , basically, this module same as Evan Miller’s nginx mod_strip module , Evan Miller’s mod_strip module removes unnecessary whitespace (spaces, tabs, and newlines) from HTML documents and automatically leaves comments as well as <pre></pre> tags untouched. while using using nginx-nonewlines we should define <!–SC_OFF–> and <!–SC_ON–> within the html code area that we’re intend to leaves them intact.

Here’s quick and dirty compiling nginx-nonewlines module

download the module

https://github.com/vedang/nginx-nonewlines/archives/master

add this line to ./configure step, compile and install

  # ./configure \
  ....
  ....
  --add-module=/path/to/vedang-nginx-nonewlines-ba02b59
  ....
  ....
  # make && make install

add folowwing directive to nginx’s config.

admin June 6, 2011nginx, nginx-nonewlines Module2

postfix

postfix-2.9.20110605 rpm source

postfix-2.9.20110605.src.rpm Changelog 20110516 Update the warning when permit_naked_ip_address is used, and add permit_sasl_authenticated to the list of suggested alternatives. File: smtpd/smtpd_check.c. 20110601 Bugfix (introduced Postfix 2.6 with master_service_disable) loop control error when parsing a malformed master.cf file. Found by Coverity. File: master/master_ent.c. 20110602 Bugfix (introduced: Postfix 2.7): "sendmail -t" reported…

admin June 6, 2011postfix, postfix-2.9.20110605No Comments

nginx

Nginx Blocking Spoofed Google Bot

Nginx

I’ve found something interesting in the nginx mailing list today http://forum.nginx.org/read.php?2,202715,202715#msg-202715 . someone asked whether it is possible to block fake user agent such as google bot. sometimes, a lot of bots flood our servers disguise as google bot or other legal bot. Most likely, to scrape our website’s contents. Original google bot always uses the ip address which is owned by Google Inc. Many website owners complained, bad bots only drain their bandwidth usage. 🙂

The first option to use “if” directive in nginx.

if ($http_user_agent ~* "Google Bot") {
	allow 66.x;
	allow 70.x;
	deny all;
}

However, “if” directive considered to be a bad practice when use for anything rather than “return” or “rewrite”. Here’s an example from Igor Sysoev:

admin June 1, 2011nginx, Spoofed Google BotNo Comments

memcache perl

How To Graph Nginx Statistics

Sometimes, we prefer to view statistics in graphical form rather than numerical values, which is not too attractive to be displayed. Nginx supports stub_status directive module, which we can use to print:

Active connections
Server accepts handled requests
Reading
Writing
Waiting

For example:

Active connections: 6
server accepts handled requests
 15561 15561 26602
Reading: 4 Writing: 2 Waiting: 0

However, This module is not compiled by default and must be specified using this argument when compiling nginx.

--with-http_stub_status_module

First, to get statistics like the above example, you should modify nginx config file and add location directive this

server {
....
....
	location /nginx_status {
		stub_status on;
		access_log   off;
		allow 1.2.3.4;
		allow 5.6.7.8;
		deny all;
	}
}

perl scripts used to generate statistical images can be downloaded here:

http://kovyrin.net/files/mrtg/rrd_nginx.pl.txt

Rename rrd_nginx.pl.txt to rrd_nginx.pl and make it executable

admin May 31, 2011memcache, nginx statistic, perlNo Comments

geoip postfix

Postfix GeoIP Based Rejections

If you intend to be able to reject connections from remote IP addresses if they’re from certain countries. This is how you do it. This method will reject ip address that has been mapped in GeoIP at smtp conversation stage. However, This tutorial has never been tested. nothing more than a prototype that i created in leisure time.

Software required:

postfix (tcp_table)
Perl
Perl Geo::IP module

main.cf:

127.0.0.1:2528_time_limit = 3600s
smtpd_client_restrictions =
	check_client_access tcp:[127.0.0.1]:2528

master.cf

127.0.0.1:2528 inet  n       n       n       -       0      spawn
	user=nobody argv=/etc/postfix/geo-reject.pl

admin May 29, 2011geoip, postfix7

geoip postfix

Postfix Bind Sender Outgoing IP, Based On GeoIP Location

This morning, when I took my daughter to school, I got the idea to experiment with postfix and GeoIP location. the idea is, if mx emails are in a geo targeted a specific location, mail delivery will be done with a certain ip address.

Ie:

Every emails with the mx hosts that have IP addresses/host mapped to the US country code, will be bind to ip 1.2.3.4.
Every emails with the mx hosts that have IP addresses/host mapped to the HK country code, will be bind to ip 5.6.7.8.

Every emails with the mx hosts that have IP addresses/host mapped to the CN country code, will be relay to our smtp nexthop in china.

And so on..

what is geolocation?

Geolocation is used to deduce the geolocation (geographic location) of another party. For example, on the Internet, one geolocation approach is to identify the subject party’s IP address, then determine what country (including down to the city and post/ZIP code level), organization, or user the IP address has been assigned to, and finally, determine that party’s location. Other methods include examination of a MAC address, image metadata, or credit card information.

But, in this experiment we just need ip/host to country code map and perl script.

Perl module required:

Net::DNS
Geo::IP
Sys::Syslog

Basic Usage perl geoip

#!/usr/bin/perl
use Geo::IP;
my $gi = Geo::IP->new(GEOIP_STANDARD);
print $gi->country_name_by_name("amazon.com");

I would still be using transport_maps and tcp_table to interact with Perl scripts. so here’s the prototype.

In Postfix part, we have custom transport like this in master.cf:

smtp-JP  unix -       -       n       -       -       smtp
	-o syslog_name=postfix-smtp-JP
	-o smtp_helo_name=smtp-JP.example.com
	-o smtp_bind_address=1.2.3.1
smtp-US  unix -       -       n       -       -       smtp
	-o syslog_name=postfix-smtp-US
	-o smtp_helo_name=smtp-US.example.com
	-o smtp_bind_address=1.2.3.2
smtp-ID  unix -       -       n       -       -       smtp
	-o syslog_name=postfix-smtp-ID
	-o smtp_helo_name=smtp-ID.example.com
	-o smtp_bind_address=1.2.3.3
smtp-CN  unix -       -       n       -       -       smtp
	-o syslog_name=postfix-smtp-CN
	-o smtp_helo_name=smtp-CN.example.com
	-o smtp_bind_address=1.2.3.4
smtp-HK  unix -       -       n       -       -       smtp
	-o syslog_name=postfix-smtp-HK
	-o smtp_helo_name=smtp-HK.example.com
	-o smtp_bind_address=1.2.3.5

admin May 28, 2011geoip, postfix3

Uncategorized

Kutukupret New Layout / Themes

Today, I will not talk about the technical, tutorial or howto. yesterday I was speaking with friends about the layout of my website. she said my website is too "messy", hard to find the main content. indeed, from the first time since making these blogs, I only use themes that…

admin May 27, 2011No Comments

nginx

Nginx And Simple Permalink

What is permalink?

permalink definition on a wiki website:

A permalink, or permanent link, is a URL that points to a specific blog or forum entry after it has passed from the front page to the archives. Because a permalink remains unchanged indefinitely, it is less susceptible to link rot. Most modern weblogging and content-syndication software systems support such links. Other types of websites use the term permanent links, but the term permalink is most common within the blogosphere. Permalink is a portmanteau word made from permanent link. Permalinks are often simply stated so as to be human-readable.

How’s the shape of permalink structure?

Generally, dynamic page’s url will look like this:

http://www.example.com/index.php?page=10

become:

http://www.example.com/what-is-permalink,10.html

admin May 26, 2011nginx, permalinkNo Comments

array programing

Sort an integer array, What language do you use?

Array data type, used in a programming language to specify a variable that can be indexed

During my experiment with array / hash variable, i’ve found this interesting website. The wiki explains how to sort the integers in the array by using a variety of languages. even some programming languages that I do not know at all.

I’ll pick a few examples of sorting functions described in the wiki

Sort an integer array using C language:

#include <stdlib.h>  /* qsort() */
#include <stdio.h>   /* printf() */

int intcmp(const void *aa, const void *bb)
{
	const int *a = aa; *b = bb;
	return (*a < *b) ? -1 : (*a > *b);
}

int main()
{
	int nums[5] = {2,4,3,1,2};
	qsort(nums, 5, sizeof(int), intcmp);
	printf("result: %d %d %d %d %d\n",
		nums[0], nums[1], nums[2], nums[3], nums[4]);
	return 0;
}

admin May 25, 2011array, c, programingNo Comments