18 Oct 2015

Rails cannot connect to Postgres db

A project that was working on my laptop just fine a few months ago, today throws this error:

PG::ConnectionBad - could not connect to server: No such file or directory Is
the server running locally and accepting connections on Unix domain socket

I’m sure Postgres is running as I can connect directly using psql and other rails projects are using it just fine.

I updated the pg gem but it didn’t work. After some googling, I fixed it by adding the following line to my /config/database.yml:

host: localhost

Not sure why this happened as other projects don’t have this line.

07 Oct 2015

Upgrading to Windows 10 in a Fusion VM

Fusion 7 - Windows 10

I have a VMWare Fusion 7 VM running Windows 8.1 to use Visual Studio.

Today I decided to upgrade it to Windows 10 as I have it on my main PC and it works great.

The upgrade from the little Windows notification taskbar icon didn’t work. It complained about the SVGA driver being incompatible. According to VMWare this is a bug in the Windows verification tool.

The workaround is to manually download the Windows 10 image, mount the ISO file using the Fusion CD/DVD and upgrade from there. Be sure to download the appropriate image.

Upgrading from the ISO worked indeed. However, I wasn’t able to run Windows at full resolution. The workaround for this problem was to uninstall the VMWare Tools and install them again. After that it worked like a charm.

25 Sep 2015

Fortigate 60D WIFI

After my recent Internet speed bump, the Cisco ASA 5505 I was using became inmediately obsolete. It cannot handle more than 100 Mbps or so.

Fortinet 60D WIFI

I’ve replaced it by the Fortigate 60D-WIFI. This is much more than a simple router / firewall, it’s a Full UTM appliance. It combines the usual router/firewall features with Antivirus, Intrusion Prevention System, Data Leak Prevention, Web Filter and much more.

It has a nice web user interface to manage most of its features and the CLI seems a lot easier to grasp than the CISCO.

So far I’m pretty happy with it.

However I found some gotchas:

PPPoE connection is not hardware accelerated

Even being in contact with Fortinet support, this one took a few weeks to diagnose.

Testing the internet speed with speedtest.net or downloading multiple files, I wasn’t able to reach 300 Mbps. In fact, it was aroud 180-190 Mbps.

The CPU in the Fortigate was 100% and became unresponsive while downloading.

It seems that this model doesn’t hardware accelerate PPPoE connections and all the traffic is handled by the CPU.

PPPoE is the only connection type my ISP allows, so changing to something else was not an option.

I solved it by keeping the ISP router and put the 60D in the DMZ of the ISP router with a static IP assigned.

Now I can reach 300 Mbps with no impact on the CPU. However I have to keep using the ISP router which I hoped to get rid of.

AP FAP21D radio 1 country GB (826) ==> US (841) set failed.

I also have an Fortinet Access Point 21D. I was getting this error message on the logs. You are supposed to execute the following on the CLI:

config wireless-controller setting
    set country ES

However I still was getting the same error. To solve it you have to delete all the WIFI profiles, delete the FAP21 from the managed FortiAPs, make the setting change and then add the FAP21 again.

19 Sep 2015

Raspberry Pi WIFI config

Every time I have to setup the WIFI in a Raspberry Pi I google how to do it. I mostly remember what to put on the /etc/network/interfaces config file, but I need to check out what goes on /etc/suplicant/suplicant.conf. There are many options. Instead of setting up all posible options, start with this. Chances are it would just work ok.

File: /etc/network/interfaces.conf

    auto lo
    iface lo inet loopback

    auto eth0
    allow-hotplug eth0
    iface eth0 inet dhcp

    auto wlan0
    allow-hotplug wlan0
    iface wlan0 inet dhcp
    wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
    iface default inet dhcp

File: /etc/wpa_supplicant/wpa_supplicant.conf

    ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev


07 Jul 2015

Movistar 300 Mbps

This was my connection speed yesterday:

Movistar 30 Mbps

And this is my connection speed today:

Movistar 300 Mbps

I still remember my exciment the first time I got my US Robtics 56K connected. At that time, it really felt fast.

US Robotics 56K

27 Mar 2015

Links for the weekend 13 - 2015

Interesting links I’ve bookmarked this week:

23 Mar 2015

Links for the weekend 12 - 2015

Slow week due local holidays.

16 Mar 2015

How to keep your web app logs clean using nginx

I’m sure that if you take a look at your internet exposed web app production logs, you’ll find lots of entries like this one:

I, [2015-03-02T15:43:38.103037 #13610]  INFO -- : Started GET
"/pma/scripts/setup.php" for at 2015-03-02 15:43:38 -0500
F, [2015-03-02T15:43:38.108401 #13610] FATAL -- : ActionController::RoutingError (No route matches [GET] "/pma/scripts/setup.php"):
    actionpack (4.2.0) lib/action_dispatch/middleware/debug_exceptions.rb:21:in `call'
    actionpack (4.2.0) lib/action_dispatch/middleware/show_exceptions.rb:30:in `call'
    railties (4.2.0) lib/rails/rack/logger.rb:38:in `call_app'
    railties (4.2.0) lib/rails/rack/logger.rb:20:in `block in call'
    activesupport (4.2.0) lib/active_support/tagged_logging.rb:68:in `block in tagged'
    activesupport (4.2.0) lib/active_support/tagged_logging.rb:26:in `tagged'
    activesupport (4.2.0) lib/active_support/tagged_logging.rb:68:in `tagged'
    railties (4.2.0) lib/rails/rack/logger.rb:20:in `call'
    request_store (1.1.0) lib/request_store/middleware.rb:8:in `call'
    actionpack (4.2.0)
    lib/action_dispatch/middleware/request_id.rb:21:in `call'
    rack (1.6.0) lib/rack/methodoverride.rb:22:in `call'
    rack (1.6.0) lib/rack/runtime.rb:18:in `call'
    activesupport (4.2.0)
    lib/active_support/cache/strategy/local_cache_middleware.rb:28:in `call'
    rack (1.6.0) lib/rack/sendfile.rb:113:in `call'
    railties (4.2.0) lib/rails/engine.rb:518:in `call'
    railties (4.2.0)
    lib/rails/application.rb:164:in `call'
    /usr/local/rvm/gems/ruby-2.1.2/gems/passenger-4.0.56/lib/phusion_passenger/rack/thread_handler_extension.rb:74:in `process_request'
    /usr/local/rvm/gems/ruby-2.1.2/gems/passenger-4.0.56/lib/phusion_passenger/request_handler/thread_handler.rb:141:in `accept_and_process_next_request'
    /usr/local/rvm/gems/ruby-2.1.2/gems/passenger-4.0.56/lib/phusion_passenger/request_handler/thread_handler.rb:109:in `main_loop'
    /usr/local/rvm/gems/ruby-2.1.2/gems/passenger-4.0.56/lib/phusion_passenger/request_handler.rb:455:in `block (3 levels) in start_threads'

This is from a Rails app. This is a bot trying to find vulnerabilities in webpages. There are hundreds of attempts like this daily. Usually they don’t cause any harm but they are annoying because they pollute your logs.

Try to run this against your log:

    cat production.log | grep php|cgi | wc -l

It will show you how many requests contains php or cgi (assuming you are not using those technologies). Also, for each one of those requests you get the full call stack.

One way to partially mitigate this entries, is to use nginx location directive.

    location ~ php|cgi { return 444; log_not_found off; }

Put this line on your server section and it will block all requests which contains the strings php or cgi. Returning 444 instead of 404, nginx won’t even respond, it will just drop the connection.

You can reload nginx without stopping the service with:

sudo service nginx reload

You might want to customize the regex to match your scenario or add multiple filters depending on your scenario. I’ve found the following samples on forums to protect a Rails log:

location ~ ^/cgi-bin { return 444; log_not_found off; }
location ~ \.(?:php|aspx|asp)$ { return 444; log_not_found off; }
location ~ php\.cgi$ { return 444; log_not_found off; }
location ~ myadmin { return 444; log_not_found off; }

13 Mar 2015

Links for the weekend 11 - 2015

Interesting links I’ve bookmarked this week:

06 Mar 2015

Links for the weekend 10 - 2015

Just one link this time. Busy week I guess…

Older posts...