Multiple Web Hosting across many VMs on a Single Server (1 IP address but many URLs)

 

It is easy enough to host many sites on IIS or Apache using virtual host (or binding) on a single machine. However I have a need to run several VMs on single machine, each VM being accessible to different colleagues. Using Virtual Box (ver 5) it is easy enough to enable the Remote Desktop option, whereby you can remote desktop (eg mstsc / remote desktop app) to a VM directly.

However what was so apparent was how each VMs IIS could share a single ‘real’ world facing IP address (eg 1.2.3.4) while each VM had its own subnet (eg 10.0.2.15). The VMs could not be in the same subnet range as only 1 external IP address was available.

To achieve this goal a few things need to happen:

1) Install URL Rewrite (ver 2.0 was used) on IIS – this requires additional packages to be installed via Web Platform Installer (Application Request Routing)

2) Set up NAT on each VM virtual box setting – so that data can be sent between subnets

eg VM1 – NAT HOST port 8081 mapped to GUEST (VM) 8081
             NAT  HOST port 8082 mapped to GUEST (VM) 8082

VM2 – NAT HOST port 8083 mapped to GUEST (VM) 8083

3)Configure the IIS on the HOST with a new website for each website URL hosted on this server

eg website:  www.testsite1.com

4) Create a URL Rewrite rule
For each website on the host (as created above) add a URL Rewrite rule…

The top box is the INTERNAL web address (in this case 1.2.3.4:8081)
.. and the lowest box of the 3 is the URL (eg www.testsite1.com)

One further step (needed for gzipped compressed websites) is to add HTTP_ACCEPT_ENCODING to the Server variables. This is done in the URL_REWRITE rule (set value to 0 as GUI needs an entry).

… and then again you need to set this again from a drop down list (start typing for list to appear) of server variables.

5) Configure the IIS on the VM

The VM IIS running the website needs to be listening on the specified port (eg 8081), and not be bound to a given URL (ie binding is left blank). Also ensure the Windows Firewall on the VM is open for the port you are using (eg 8081).

Repeat using a different port for each website, and adding the details to the Firewall, Host URL Rewrite, VM NAT Port forwarding, and VM IIS website (port).

Block IP addresses on Windows server

Windows Server - block IP addresses of DoS / hacking attempts


Powershell  (as Admin) - one time only 

Set-ExecutionPolicy RemoteSigned


then save this script... (.ps1)

PS1 Script:

$DT = [DateTime]::Now.AddDays(-1) # check only last 24 hours

$l = Get-EventLog -LogName 'Security' -InstanceId 4625 -After $DT | Select-Object @{n='IpAddress';e={$_.ReplacementStrings[-2]} } # select Ip addresses that has audit failure 
$g = $l | group-object -property IpAddress  | where {$_.Count -gt 9} | Select -property Name # get ip adresses, that have more than 9 wrong logins

$fw = New-Object -ComObject hnetcfg.fwpolicy2 # get firewall object

$ar = $fw.rules | where {$_.name -eq 'Block IP addresses'} # get firewall rule named 'Block IP Addresses' (must be created manually)

$arRemote = $ar.RemoteAddresses -split(',') #split the existing IPs into an array so we can easily search for existing IPs

$w = $g | where {$_.Name.Length -gt 1 -and  !($arRemote -contains $_.Name + '/255.255.255.255') } # get ip addresses that are not already in firewal rule. Include the subnet mask which is automatically added to the firewall remote IP declaration.

$w| %{$ar.remoteaddresses += ',' + $_.Name} # add IPs to firewall rule

Source: http://serverfault.com/questions/233222/ban-ip-address-based-on-x-number-of-unsuccessful-login-attempts

Set up a Scheduled task to run this script every day... or whenever you wish.

RPi - auto start application on boot

There are a number of ways to get a Raspberry Pi to start an application on boot... making it good for IoT type applications...

You could use a cron job (crontab).... or edit the /etc/rc.local file

sudo nano /etc/rc.local

eg. add a line
python myscript.py

Mac OSX - can't use SUDO with some folders anymore in El Capitan - solution

This works - from here -   http://stackoverflow.com/questions/32590053/copying-file-under-root-got-failed-in-os-x-el-capitan-10-11/32590885#32590885 

_____

El Capitan now protects certain system directories in "rootless" mode (a.k.a. System Integrity Protection). If you run the command ls -lO /System/Library/LaunchDaemons you'll see that the directories and files under there are now marked as "restricted."

You can disable rootless mode like this:

1. Reboot into recovery mode (reboot and hold down Cmd-R)
2. Open a terminal
3. Use this command: csrutil disable
4. Reboot and run the command that worked prior to El Capitan

When you're done, it is highly recommended that you re-enable SIP by following the same steps, but using csrutil enable in step 3.

Making my Raspberry PI into a Print Server (inc AirPrint for iPad)

It's useful to print from any device wirelessly... with a cheaper non-wireless printer (in this case a Brother laser).... here's how to make a Raspberry Pi into a useful print server.

Source: http://www.raspberry-pi-geek.com/Archive/2013/01/Converting-the-Raspberry-Pi-to-a-wireless-print-server

Set up the IP address on the PI

Listing 1



/etc/network/interfaces

#/etc/network/interfaces
auto lo
iface lo inet loopback
iface eth0 inet static
address 192.168.0.3
netmask 255.255.255.0
gateway 192.168.0.1
allow-hotplug wlan0
iface wlan0 inet manual
wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
iface default inet dhcp

Upgrade ready for install CUPS
sudo apt-get update
sudo apt-get upgrade

Installing CUPS

CUPS (Common Unix Printing System) manages printers connected via USB or the network and provides a management interface. You can install CUPS on your system by running:
sudo apt-get install cups

You will want to add the pi user to the lpadmin group, so it can access the administrative functions of CUPS:
sudo usermod -a -G lpadmin pi

After the install, CUPS runs as a system service and provides a management interface on the local system. If the network on which the Rasp Pi resides is trustworthy – and that is the case with your home LAN – just run
sudo cupsctl --remote-any
sudo /etc/init.d/cups restart

Adding AirPrint for Apple i* devices

sudo apt-get install avahi-discover

Source:
http://www.makeuseof.com/tag/add-airprint-support-raspberry-pi-print-server/

Ubuntu on Mac Air

 

Installed Ubuntu on to my Mac Air…. had a few issues with the WiFi (Broadcom BCM4360 Wireless Network Adapter)

This post by Eneko Chan sorted it… many thanks to Eneko!!

http://tech.enekochan.com/en/2015/03/16/install-bcm4360-wi-fi-drivers-in-ubuntu-for-macbook-pro-13-retina-display-mid-2014/ 

But in case you don’t have one, it’s posible to download all the deb packages (from another computer and copy them to an USB drive) and install them manually. The version numbers will differ from one distribution version to another so check them. For Ubuntu 14.04 I installed those:

• libfakeroot_1.20-3ubuntu2_amd64.deb
• fakeroot_1.20-3ubuntu2_amd64.deb
• dkms_2.2.0.3-1.1ubuntu5.14.04_all.deb
• bcmwl-kernel-source_6.30.223.248+bdcom-0ubuntu0.1_amd64.deb

The installation process is quite simple, just follow this order:

$ sudo dpkg -i libfakeroot_1.20-3ubuntu2_amd64.deb
$ sudo dpkg -i fakeroot_1.20-3ubuntu2_amd64.deb
$ sudo dpkg -i dkms_2.2.0.3-1.1ubuntu5.14.04_all.deb
$ sudo dpkg -i bcmwl-kernel-source_6.30.223.248+bdcom-0ubuntu0.1_amd64.deb

Garmin ANT – using a Raspberry PI to sync Garmin Data from a Forerunnuer 401

 

I’ve a spare original Raspberry PI that wasn’t doing very much. I’ve also a Garmin GPS watch that can sync data over ANT (wireless) to the likes of Strava. So I set about searching for a way to do this… to find it’s already been done!

Once the PI has Raspbian running you need to follow these instructions.

https://github.com/braiden/python-ant-downloader 

(mainly copied from URL above with additional steps added)

> SSH to the PI

sudo apt-get update

sudo apt-get install python-pip

sudo apt-get install python-pip libusb-1.0-0

sudo apt-get install python-lxml

sudo pip install python-ant-downloader

apt-get install python python-lxml python-pkg-resources python-requests python-serial

 

Make sure you have permission to access the USB device. Add a text file with one of the following to /etc/udev/rules.d/99-garmin.rules.

On Ubuntu 10.04 (or other other older distros):

SUBSYSTEM=="usb", SYSFS{idVendor}=="0fcf", SYSFS{idProduct}=="1008", MODE:="666"

The first time you run the program it will need to pair with your GPS device. Make sure the the GPS unit is awake (press a button), and make sure pairing is enabled. Then just run ant-downloader. When prompted accept the pairing request on your GPS device. Once request is accepted a key is saved and you should not need to pair again.

You may also choose to enable "Force Downloads" on your device. This will cause all old data to be downloaded. WARNING, It will also upload all data to Garmin Connect.

Configuration

See antd.cfg from configuration options including where files are saved, and Garmin Connect login details. The file will be created in ~/.antd the first time you run the program.   (Note: check root folder after running the data download first time, if not showing using ls then just use vi to edit the file and it’ll load)

Twitter API – Error 401

 

I have a Raspberry PI2 running a PostgreSQL database (+PostGIS)…. and a python script to grab GeoTweets. It works surprisingly well.

However one thing to consider is that the Pi clock resets to 1970 after power has been disconnected!

If you don’t do this and try to connect to the Twitter API then you get error 401 – unauthorised. Also need to remember to set the clock without adding an hour for BST!!