Posts

Showing posts from February, 2015

mod_remoteip backport for Apache HTTPD 2.2

Image
Apache HTTPD 2.4 has a very useful new feature for large deployments: Replacing the remote IP of a request from a request header , e.g. set by a load balancer or reverse proxy. Users of Apache HTTPD 2.2 as found on RHEL6 can now use the backport found on  https://github.com/ImmobilienScout24/mod_remoteip-httpd22 . I pulled this backport together from various sources found on the Internet and "it seems to work". Working with C code ( which I did not do for 14 years !) tought me again the value of test driven development and modern programming languages. Unfortunately I still can't explain a change like this without a lot of thinking: You can easily build an RPM from the code on GitHub. The commit history shows the steps I had to undertake to get there.  Configuration is as simple as this: LoadModule remoteip_module modules/mod_remoteip.so RemoteIPHeader X-Forwarded-For RemoteIPInternalProxy 10.100.15.33 with the result that a reverse proxy on 10.100.15.33 can s

Simplified DEB Repository

Image
2 years ago I wrote about creating a repository for DEB packages with the help of reprepro . And since then I suffer from the complexity of the process and cumbersome reprepro usage: Complicated to add support for new Ubuntu version which happens every 6 months Need to specifically handle new architectures I actually don't need most of the features that reprepro supports, e.g. managing multiple repos in one or package staging This week I realized that for there is a much simpler solution for my needs: apt-ftparchive . This tool creates a trivial repo with just enough information to make apt happy. For my purposes that is enough. All what I want from a DEB repo is actually Work well with 50-500 packages Easy to add new Debian/Ubuntu/Raspbian versions or architectures Simple enough for me to understand GPG signatures It turns out that the trivial repo format is enough for that, it makes it even simpler to add new distro versions because the repo does not contain a

Ubuntu Guest Session Lockdown

Image
The guest session  is a very important feature of Ubuntu Linux . It makes it very simple to give other people temporary computer or Internet access without compromising the permanent users of the computer. Unfortunately the separation is not perfect, the guest user can actually modify critical configuration settings on the computer and even access the files of the other users, if they don't take precautions. The following scripts and files help to lock down the guest session so that no harm can be done. How It Works The guest session is actually a feature of the LightDM Display Manager that is used in Ubuntu and in Xubuntu . The guest session is enabled by default. When a user chooses a guest session the following happens: LightDM uses the  /usr/sbin/guest-account script to setup a temporary guest account. The home directory is created in memory (via tmpfs ) and can occupy at most half the RAM of the computer. Optionally, /etc/guest-session/prefs.sh is includ