Setting up IPv6 on Linode with nginx

So Linode has gotten onto the IPv6 bandwagon. In addition to each Linode getting an IPv6 address, they will also gladly assign an entire /64 netblock to your specific node on request. That gives you all sorts of flexibility for bringing up IPv6 services. And this blog post is going to be all about how to make use of multiple IPv6 addresses.

As of this writing, everything I mention will work on a Linode running Ubuntu 12.04 LTS and Nginx 1.1. There's no reason that these instructions shouldn't work on other distros or versions of Ubuntu with some modifications.

Setting An IPv6 Address

Warning: You're playing around with networking settings. If something goes wrong, your Linode could find itself unreachable from the network and you'll need to reboot it. And that's not fun. I strongly recommend proceeding through the LISH console so that you can undo any mistakes you make.

To start with, send a support request to Linde and get your /64 assigned. For the purposes of this post, let's assume you get the subnet 2600:3000:4000:1000/64. That will give you a range of 2^64 addresses from 2600:3000:4000:1000:0:0:0:0 to 2600:3000:4000:1000:ffff:ffff:ffff:ffff. That should be plenty of addresses to work with. Eye-wink

To bring up one of those addresses, run this command:

ip -6 addr add 2600:3000:4000:1000::100/64 dev eth0

The address should now show up when you run ip -6 addr show eth0, and you should be able to use the ping6 utility to ping 2600:3000:4000:1000::100. If ping6 is not working, then something is wrong.

$ ip -6 addr show eth0
3: eth0:  mtu 1500 qlen 1000
    inet6 2600:3000:4000:1000::100/64 scope global 
       valid_lft forever preferred_lft forever

2.6
Average: 2.6 (15 votes)
Your rating: None

R.I.P. Casey

Casey Sitting on a Chair
The guilty cat, himself!

Casey
We know you killed those mice, dude.

My parents' cat Casey passed away early last week. He managed to live to be 20. That's not so bad for a cat that grew up on the streets and was eventually rescued by Forgotten Felines and Fidos. My parents adopted him when he was just a few years old, and gave him a loving home for the rest of his life.

That's not to say that Casey wasn't a jerk from time to time. Later in life, he took on the "grumpy old man" persona, and would eat pretty much anything he could get his paws on, just because he could. He'd even catch mice. That cat just did not care.

Anyway, here's a video that we shot sometime last year--in which Casey tries to steal food while we are seated at the table:

2.75
Average: 2.8 (8 votes)
Your rating: None

Scaling Anthrocon's Website to Handle 1,400 Simultaneous Connections

FUR_0306

The Challenge

When hotel reservations open, that is the single busiest time of the year for Anthrocon's webserver. In fact, it even caused us performance problems last year. That was not so good.

So this year, I decided to try something different. Instead of leaving the regular website up and running, which involves using Drupal, I instead decided to replace the entire page with a relatively static "countdown" page, which displayed a countdown timer and automatically started displaying the hotel link at 11 AM on the opening day.

First, some stats for the Anthrocon website:

  • Peak bandwidth: 1.6 Megabits/sec
  • Peak connections: 1,400 concurrent connections

And now some status for Passkey, who handled most of the traffic:

  • Peak bandwidth: 190 Megabits/sec
  • Peak connections: 4,000 concurrent connections

Lightening the Load on the Webserver

3
Average: 3 (11 votes)
Your rating: None

Web Development on Port 80 and 443 in Vagrant

In this post I'm going to talk about using port 80 and 443 for web development on a Mac running 1 or more virtual machines under Vagrant.

Why use port 80 and port 443?

Port 80 is the standard port for HTTP and 443 is the standard port for HTTPS. While other ports can be used, they're non-standard, and some (if not most) webapps make assumptions about those port numbers. You can really get burned on matters of HTTP redirection, such as when a form is submitted or when redirection from HTTP to HTTPS happens. While applications can certainly be built to take the port numbers into account, many are not.

Unfortunately, it's not a simple matter of telling configuring your Vagrant instance to listen on ports 80 and 443. Any port under 1024 requires the program to be running as root. And running an app as the root user is generall y never a good idea.

Can I forward ports from the Vagrant instance?

Why yes, you can! It's as simple as putting these lines in your Vagrantfile:

config.vm.forward_port 80, 8080
config.vm.forward_port 443, 8443

Wait, those are ports 8080 and 8443!

Yes, they are. Remember what I said about needing to be the root user? But, under Mac OS/X we can forward ports 80 and 443 to ports 8080 and 8433. The trick is to use the ipfw utility which comes with OS/X and is used to manage its built in firewall.

Here's a "quick and dirty" way to do it from the command line:

sudo ipfw add 100 fwd 127.0.0.1,8080 tcp from any to me 80
sudo ipfw add 101 fwd 127.0.0.1,8443 tcp from any to me 443
4.25
Average: 4.3 (20 votes)
Your rating: None

A Foggy Night in Ardmore

It was a bit foggy last night, and I couldn't sleep last night. So I did the only sensible thing. I wandered around town and took pictures.

The Apple Store in Suburban Square Suburban Square Parking Lot (not really full) Under the Anderson Ave Bridge Lancaster Ave at 3 AM Lancaster Ave at 3 AM Foggy Wawa

There's a few more such pictures. The full set can be found on Flickr:

http://www.flickr.com/photos/dmuth/sets/72157632512138031/

Enjoy!

3.642855
Average: 3.6 (14 votes)
Your rating: None

Logging non-proxy IP addresses in Heroku and Express for node.js

Back when I built the Is Septa Fucked? website, I decided to use Heroku seeing how they supported node.js and I wouldn't have to worry about sysadmin tasks. Heroku proved to be a great choice, but along the way I noticed some strange log entries like these:

2013-01-05T03:26:41+00:00 app[web.1]: 10.44.130.226 - - 
   [Sat, 05 Jan 2013 03:26:41 GMT] "GET /favicon.ico HTTP/1.1" 200 
   - "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8)"

Net 10.0.0.0/8 is normally non-routable, so it shouldn't be showing up in server logs like that. It turns out that Heroku uses reverse HTTP proxies to handling incoming traffic for their customer apps. That proxy then forwards the traffic to your application after storing the original client's IP address in the HTTP "X-Forwarded-For:" header.

To change how logfiles are written in Express, you have to mess around with the logger module, which is part of the connect library, and available within express as express.logger.

The first thing to do in node.js is to create a new "token" in the logger module which will extract the IP address from the X-Forwarded-For header:


//
// Create an IP token for the logging system that lists the original IP, 
// if there was a proxy involved.
//
express.logger.token("ip", function(request) {

   var retval = "";

   if (request["headers"] && request["headers"]["x-forwarded-for"]) {
      //
      // Proxied request
      //
      retval = request["headers"]["x-forwarded-for"];

   } else if (request["socket"] && request["socket"]["remoteAddress"]) {
      //
      // Direct request
      //
      retval = request["socket"]["remoteAddress"];

   } else if (request["socket"] && request["socket"]["socket"]
      && request["socket"]["socket"]["remoteAddress"]) {
      //
      // God only knows what happened here...
      //
      retval = request["socket"]["socket"]["remoteAddress"];

   }

   return(retval);

});
3
Average: 3 (4 votes)
Your rating: None

Midwest FurFest 2012 Con Report

Impatient? You can view all of the photos over here!

Midwest FurFest was a furry convention held in Chicago from November 16th-18th, 2012. It was held at the Hyatt Regency O'Hare which was a rather nice venue, with plenty of public space for socializing and gathering. I worked in Convention Operations (Con Ops) again under Puma again, and when I wasn't working, I did what I normally did: I took pictures.

I tried to do more closeup fursuit muzzle pictures with Nikon D3000, and the results came out pretty well:

Shia Moorhen Closeup Fox Muzzle Manik Wolf
Tzup Closeup Cat at the Charity
Fursuit Photoshoot after the Parade
Shia Moorhen and Keenora Yawni Husky and Tzup

Of course, no convention could be complete without Raptor Jesus, Master Splinter, and The Drama Llama seen in that order:

Raptor Jesus Master Splinter The Drama Llama

Way too much fun was had at Midwest FurFest. (Want the full set of pictures? They're over here!)

At this time, my next furry convention will be Furry Connection North, to be held in April up in Michigan. Have a good Christmas, and I hope I see you all there!

3.166665
Average: 3.2 (12 votes)
Your rating: None

Vagrant 101: Simple Linux VMs


"I would totally trust this guy to run my apps!"

What is Vagrant?

Vagrant is command line utility that is used for setting up virtual Linux boxes with Oracle's VirtualBox

Vagrant is useful if:

  • You are a freelancer who works in many different development environments, and doesn't want a bajillion different services running on your machine.
  • You are a sysadmin who want to test out new machine configurations without the expense of provisioning a new EC2 instance (and possibly forgetting to turn it off, whoops!)
  • You work in a company where every developer needs their own development machine. Make some recipes in Chef, and now each member of the team can have an identically configured machine.

Wait, doesn't VirtualBox have a GUI?

Why yes, it does. However, using it is optional. Vagrant is simply another way to use VirtualBox. It also makes it easy to install different flavors of Linux, as we will see shortly.

How do I get started with Vagrant?

Go to the Vagrant website and download the latest version. Make sure you have VirtualBox, too. Once you've done those things, type these commands:

vagrant box add base http://files.vagrantup.com/lucid32.box
vagrant init
vagrant up
3.76923
Average: 3.8 (13 votes)
Your rating: None

Chef 101: An Introduction to Chef

Find this code on GitHub
Here
Related Articles:
Vagrant 101: Simple Linux VMs

I've been using Chef for awhile at work, and seeing how complicated parts of it can be, I wanted to take the time to write a blog post about it, and give an introduction on how to be up and running with Chef. Hopefully it will save others some the aggravation I dealt with early on. Also, I tested these recipes out on an Ubuntu 12.04 box. (If you aren't running Ubuntu, no problem! Just install Vagrant)

Different Parts of Chef

There are a few different parts of chef:

  • Chef-server - The software that runs on a server and holds "cookbooks", "recipes", and "data bags". We won't be covering that here.
  • Chef-client - The software that runs on machines managed by Chef. It talks to the machine running Chef-server, downloads cookbooks from it, and runs the recipes in those cookbooks locally. We won't be covering that here, either.
  • Knife - A tool used to manage machines with chef-client on remotely. We definitely won't be covering that here.
  • Chef-solo - A tool used to run recipes out of cookbooks in the absence of a server. That will be the focus of this article.

Chef Configuration

If we try and run chef-solo right away, it will freak out because it doesn't have a configuration. So the very first thing we need to is create a configuration file, which we'll call config.rb:

base_dir Dir.pwd + "/"
file_cache_path base_dir + "cache/"
cookbook_path base_dir + "cookbooks/"
4.125
Average: 4.1 (16 votes)
Your rating: None

Creating Self-signed X.509 SSL Certificates the Easy Way

Find this code on GitHub
Here

If you're even a small-time sysadmin, chances are that you've had to create SSL certificates more than once. Creating a certificate signing request is generally easy enough--you create the .key and the .csr files, and send the .csr file off to your Certificate Authority (CA), pay them a ton of money, and they send you back your signed public key (usually a file ending in .crt).

But what if you don't want to go through all of that trouble? What if you just want to have a self-signed SSL certificate for a small project? Or for submitting to Amazon Web Services (AWS) so that you can access their API?

I wrote a script to help automate that:

#!/bin/sh
#
# This is a wrapper script for making self-signed certificates
#

#
# Make errors be fatal.
#
set -e

if test ! "$1"
then
	echo "Syntax: $0 basename"
	exit 1
fi

BASENAME=$1

#
# Our secret key
#
KEY="${BASENAME}.key"

#
3.375
Average: 3.4 (8 votes)
Your rating: None