Using iptables to Configure HTTP and HTTPS to redirect to Glassfish 4.1 Defaults

This guide can also be used if you are not using Glassfish 4.1 . In that situation you may want to know Glassfish’s default ports and what they are used for.

  • Port 8080 is for HTTP protocol
  • Port 8181 is for HTTPS protocol
  • Port 4848 is for the Admin Console

Now obviously you can see the problem here. By default when I user accesses a website using HTTP they are using port 80, 443 for HTTPS.

Also, you may potentially not want the admin console to be available at all, or at certain times. In that case you would want to have two version of this file. Ensure you use chmod so that it is executable by the right person/people and not by everyone.

Warning:
This does not allow you to, for example, redirect from ports using HTTP protocol to ones using HTTPS protocols. So in this situation for example, I cannot configure port 80 to redirect to 443 or 8181 because HTTP and HTTPS protocols are different.

This example file from Nabisoft illustrates what you would do.

#!/bin/bash

# ATTENTION: flush/delete all existing rules
iptables -F

################################################################
# set the default policy for each of the pre-defined chains
################################################################
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP

# allow establishment of connections initialised by my outgoing packets
iptables -A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT

# accept anything on localhost
iptables -A INPUT -i lo -j ACCEPT

################################################################
#individual ports tcp
################################################################
iptables -A INPUT -p tcp –dport 80 -j ACCEPT
iptables -A INPUT -p tcp –dport 22 -j ACCEPT
iptables -A INPUT -p tcp –dport 8080 -j ACCEPT
iptables -A INPUT -p tcp –dport 8181 -j ACCEPT
iptables -A INPUT -p tcp –dport 443 -j ACCEPT
#uncomment next line to enable AdminGUI on port 4848:
iptables -A INPUT -p tcp –dport 4848 -j ACCEPT

################################################################
#slow down the amount of ssh connections by the same ip address:
#wait 60 seconds if 3 times failed to connect
################################################################
iptables -I INPUT -p tcp -i eth0 –dport 22 -m state –state NEW -m recent –name sshprobe –set -j ACCEPT
iptables -I INPUT -p tcp -i eth0 –dport 22 -m state –state NEW -m recent –name sshprobe –update –seconds 60 –hitcount 3 –rttl -j DROP

#drop everything else
iptables -A INPUT -j DROP

################################################################
#Redirection Rules
################################################################
#1. redirection rules (allowing forwarding from localhost)
iptables -t nat -A OUTPUT -o lo -p tcp –dport 80 -j REDIRECT –to-port 8080
iptables -t nat -A OUTPUT -o lo -p tcp –dport 443 -j REDIRECT –to-port 8181

#2. redirection http
iptables -t nat -A PREROUTING -p tcp -m tcp –dport 80 -j REDIRECT –to-ports 8080
iptables -t nat -A PREROUTING -p tcp -m tcp –dport 8080 -j REDIRECT –to-ports 8181

#3. redirection https
iptables -t nat -A PREROUTING -p tcp -m tcp –dport 443 -j REDIRECT –to-ports 8181

################################################################
#save the rules somewhere and make sure
#our rules get loaded if the ubuntu server is restarted
################################################################
iptables-save > /etc/my-iptables.rules
iptables-restore < /etc/my-iptables.rules

#List Rules to see what we have now
iptables -L

How to install SSL/TLS certificate on Glassfish

Introduction
It seems that build isn’t that important, as long as you are using a recent version of Glassfish and Ubuntu it should be fine. I will setup a guide on how to setup glassfish server soon. In the meantime, check the reference for nabisoft at the end of the article, it was my best reference for that part.

This tutorial is mainly directed to StartSSL user’s in the file naming convention but can work for anyone.

My Build

  • Ubuntu 16.04 Server (64 bits)
  • Glassfish 4.1
  • StartSSL certificate

You will have 3 public keys after correctly filing your certificate signing request (.csr) file to your certificate authority (CA). They will be named as such:

  • 1_Intermediate.crt
  • 2_yourdomainname.com.crt
  • root.crt

You would have had a private key which you used when you generated your CSR file. For the sake of this tutorial we will call this yourdomain.com.key .

Move to your glassfish domain’s config directory and store all your files there. I am assuming you are using the default domain, domain1.
cd /path_to_glassfish_directory/glassfish/domains/domain1/config

Step 1
Mash up our three certificated into one file using this command. Remember: don’t forget to change the values!
cat 2_yourdomainname.com.crt 1_Intermediate.crt root.crt > all.crt

Step 2
Now we import these certificates into our cacerts keystore. The keystore names I am going to assume are those shipped by default with glassfish 4.1 . Fill in ‘yourAlias’ with any non-conflicting name you wish but keep note of it for later.
keytool -import -trustcacerts -alias yourAlias -file all.crt -keystore cacerts.jks

Step 3
We are now going to decrypt the (.key) file and make a (.p12) file which will be installed into the server. The default password is ‘changeit’ and I shouldn’t have to mention… you should change it!
openssl pkcs12 -export -in all.crt -inkey yourdomain.com.key -out yourdomain.com.p12 -name yourAlias -CAfile 1_Intermediate.crt -caname immed
keytool -importkeystore -deststorepass changeit -destkeypass changeit -destkeystore keystore.jks -srckeystore yourdomain.com.p12 -srcstoretype PKCS12 -srcstorepass changeit -alias yourAlias

Step 4
Ensure that all the certificates installed correctly. Check both keystores using the following two commands:
keytool -list -keystore keystore.jks
keytool -list -keystore cacerts.jks

You should see a listing of your alias in one of them in both with the text ‘trustedCaCert’ in the cacerts.jks keystore.
In the keystore.jks file you should see your private key the alias you gave it listed in one of the entries.

Step 5
In order to use these keys on the domain you will need to configure domain.xml there are two ways to do this. BACKUP domains.xml before proceeding.

Method 1: terminal / command line
Replace every instance of the default s1asin the domain.xml file with yourAlias.

Method 2: Glassfish Admin Console
(Will be added later with pictures)

Step 5
Restart the domain

asadmin restart-domain domain1

If you haven’t loaded asadmin to your environment path then
/path_to_glassfish_directory/bin/asadmin restart-domain domain

References:

Advice to Undergraduate Students

Having gone through a five year engineering and management program, I have learned and advised many things to newcomers. In this article I provide advice for those entering, or are in the process of completing, an undergraduate degree.

Biases
Before diving into my advice I feel its good to know where I come from. Somethings may feel exaggerated or may not affect you.

  • Completed a five year engineering and management program
  • I never did coop/internship
  • I did work part time as either a self-employed tutor, or a teaching assistant since the beginning of my third year, up till my last semester of undergrad
  • I was fortunate to not have OSAP (student loan in Canada), though I had to struggle a bit to get into that position
  • I always lived off-campus while studying, LIKE OFF (1 hour bus)
  • My parents separated at the end of my second year and later divorced

And now for the advice…

Sleep Early and Well when you can
In many scheduled years of many programs this may seem impossible. It was not until about fourth year that I started to sleep well (on most days). I found that my productivity increased significantly. I also found it was necessary to do exceptionally well in presentations. Once you get yourself out of sleeping late for a few days (and managing time), it will become easier to adjust to the habit.

Avoid Driving the Car, use the Bus
I know it sounds ridiculous at first but hear me out. It seems like cars would be more beneficial because it usually gets you from A to B faster. If you are the one driving the car you are spending your cognitive resources while driving; you will likely need to rest sooner rather than later. On the bus on the other hand, I found it was nice to take a nap on the bus to prepare myself to do work when I arrive to my destination. It was incredibly helpful to take the bus when I had a test to write. Of course it was incredibly helpful to get dropped off at school when you had to study last minute for a test too.

And hinted in the previous one…

Sleep well before writing a test/exam
Believe me, every time you pickup your test after writing it with 30 minutes of sleep, you realize how stupid your mistakes were. I literally got 65% on a midterm where after picking it up I know I knew 90% of what was on it. You tend to read questions wrong and make goofy mistakes when you are not well rested entering a test.

Sometimes you have to make Sacrifices
2% quiz or 20% midterm? If you can do both and still do well on the midterm, good. If you don’t have enough time then its best to forget the quiz. In many programs you take at university you will likely run into this issue a couple of times.

Attend Test Review
Most of the time it does help when it is run by the one who prepared the test. I have had professors accidentally hint questions during sessions. Sometimes you will only get a breakdown of a test in the review session. I had one situation where the professor had already submitted the exam for us to write but realized a few days prior that most of the class did not understand how to solve one of the questions on the exam. He held a review session where about 1/12 of the class showed up. Guess who got the 12? If review session is not provided by the instructor it may still be useful but often times I found it wasn’t.

Don’t be Afraid to Approach (Most) Instructors
Before jumping to conclusions about how your instructor might be if you approach them. Try a few times and see what happens. I managed to convince a few instructors to extend assignment deadlines by sending genuine emails explaining a situation that likely exists for many people in the class. Also, I have received very helpful information from a number of instructors when I would ask questions about assignments. Some instructors will intentionally ignore emails and students. You should always make an effort to try before you jump to conclusions.

Make Genuine Relationship
There is always advice telling you to make connections. People often take this advice the wrong way and try to make friendships and acquaintances without any sincerity. It’s usually pretty obvious, and most of the time it doesn’t go well. When you make genuine relationships with people, you can make solid connections. I have received freelance offers as well as other benefits without expecting it most of the time due to genuine friendships I have with many people I met as a student.

Advice I took too late
One thing I was advised to do when it was too late was to ensure that when you select a group for graded assessments, you should make sure you communicate to the other members what your mark expectations are before you set it in stone. This is obviously not useful to those who “just want to pass” more so it is useful for those who want a mark of B+ and higher.

MySQL access remote database through command line Linux

This guide assumes you already have mysql command line binaries installed. If you are lazy then you can install it in one line:
sudo apt-get install mysql-server

Now for the purpose of this article

mysql -u username -h my.application.com -ppassword

If your password is Ellis then the last parameter would look like -pEllis

Ubuntu14 Redirected back to login screen after entering correct credentials

I wanted to discuss one issue I ran into today and how I fixed it, in case someone runs across the same issue.

The Problem
I was prompted to do an update after logging in. In the middle of the update I was prompted whether to update various configuration files for fglrx, I accidently pressed ‘no’ for the first option and ‘yes’ for all subsequent options. That ruined my configuration. After starting the computer later, I tried to login with the correct credentials and it would just return to the login page (playing the same sound you would hear once you land on the login page).

The Solution
Options:

  • Reinstall your graphics driver
  • Return to default setup when you install ubuntu desktop

To reinstall your graphics driver:
You can access terminal as if you are running the server addition by pressing ctrl+alt+f4.

If you ever need to go back (though you shouldn’t for these instructions) you would press ctrl+alt+f7.

My video card is from AMD so that is what I will talk about for this article. First you had to remove everything pertaining to fglrx with the following command:
sudo apt-get purge "fglrx.*"

Then install it again as you would have the first time
sudo apt-get install fglrx

Then what I did (which I’m not sure if its necessary or not) is remove the .XAuthority file found in /home/username using the following command
rm .XAuthority

Then reboot Ubuntu, which I’m pretty sure is the following command
sudo reboot

Ubuntu14: Install PyCharm Pro

First we need to install some dependencies.

Install JRE
Pycharm requires Java Runtime Environment (JRE) to work. You may want to consider getting Java Development Kit (JDK) as it contains the JRE and development tools in case you need to install it in the future. To install Oracle JDK I have written a guide here.

Install Python tools
The instructions for this depend on which version of python you intend to support in your application. Installing the following packages should ensure you have the necessary python tools.
sudo apt-get install python-setuptools

Optionally if you are using pip requirements in your project, or planning to deploy it you will most likely want to consider using PIP. It is a package installation tool.
sudo easy_install pip

Install Virtual Env
I’m pretty sure that virtual env is required to run pycharm. If not, it is a good option to help manage different environments for each project and I would recommend it regardless.
sudo pip install --upgrade pip virtualenv virtualenvwrapper

Install PyCharm (finally)
Download PyCharm Professional from this link. Students, there is an option to get a 1 year student license for the professional edition. You should read the details of the license (as I don’t know its details).
https://www.jetbrains.com/pycharm/download/#section=linux

PyCharm should download as a tar.gz file. Once downloaded, open the terminal and move the the directory containing the tar.gz file.

To unpackage the tar.gz file:
tar -xzf pycharm*.gz

Optionally, you may want to extract the tar.gz file at a different location where you intend to use it.

To run pycharm you need to run pycharm.sh in the bin folder of the installation. Make sure to fill in the correct version number by replacing the Xs.
cd /pathtoinstallation/pycharm-5.X.X/bin

When you want to run, run the pycharm.sh file. But ensure you run with sudo privileges.
sudo ./pycharm.sh

Ubuntu 14 : Setup Oracle JDK

Get the latest tar.gz version for Linux from:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

Open the terminal and move to the directory containing the tar.gz file

The filename will look something like jdk1.8.0_XX where XX will change because of updates. From 1.8 we know this is Java 8.

Once downloaded, decompress the tar.gz using the following command
tar -xzf jdk1.8.0_*
You will see the folder in the directory where you ran this command if it is successful.

Move it to a suitable location.. I used /usr/java as the folder for this. You probably wont have this folder on a fresh installation so
sudo mkdir /usr/java

Next if you are currently in the folder containing the decompressed jdk, we will move both the tar.gz and the folder you decompressed into the /usr/java directory.
mv jdk* /usr/java

Next in order for applications to know where the jdk is you need to have the value available to JAVA_HOME. I will tell you the steps to permanently set this variable.

We want the system to know where our java javac and javaws executables are
sudo update-alternatives --install "/usr/bin/java" "java" "/usr/java/jdk1.8.0_XX/bin/java" 1
sudo update-alternatives --install "/usr/bin/javac" "javac" "/usr/java/jdk1.8.0_XX/bin/javac" 1
sudo update-alternatives --install "/usr/bin/javaws" "javaws" "/usr/java/jdk1.8.0_XX/bin/javaws" 1
Again, don’t forget to replace the XXs with the update number.

We want to make sure the jdk is accessible to all user and application for execution so for each executable you find in the bin folder that you plan to use the following command as an example of what you need to execute. Again don’t forget to replace the XXs with the update number.
sudo chmod a+x /usr/java/jdk1.8.0_XX/bin/java
sudo chmod a+x /usr/java/jdk1.8.0_XX/bin/javac
sudo chmod a+x /usr/java/jdk1.8.0_XX/bin/javaws

How to setup a persistent Ubuntu Trusty on USB Drive

Both of these articles are clearly outdated but I found them successful after I did minor adjustments

Part 1:
From PenDriveLinux.Com

Follow the instructions here except one modification.
When it says “Navigate to System > Administration > Startup Disk Creator: ” you instead press the start (I think its called super on linux) button and search Startup Disk Creator instead.

This is not sufficient because you won’t have a ‘persistent’ installation. Pretty much nothing you do when you start-up on the USB drive will be saved for the next session. Don’t try installing from this USB!

Part 2:
From: UsbUbuntu.wordpress.com

No need to read the guide. The only takeaway needed was the addition of the following bolded code in the specified file.

/boot/grub/grub.cfg

if loadfont /boot/grub/font.pf2 ; then
set gfxmode=auto
insmod efi_gop
insmod efi_uga
insmod gfxterm
terminal_output gfxterm
fi

set menu_color_normal=white/black
set menu_color_highlight=black/light-gray

menuentry "Ubuntu persistent" {
set gfxpayload=keep
linux /casper/vmlinuz.efi file=/cdrom/preseed/ubuntu.seed boot=casper persistent quiet splash --
initrd /casper/initrd.lz
}

menuentry "Try Ubuntu without installing" {
set gfxpayload=keep
linux /casper/vmlinuz.efi file=/cdrom/preseed/ubuntu.seed boot=casper quiet splash --
initrd /casper/initrd.lz
}
menuentry "Install Ubuntu" {
set gfxpayload=keep
linux /casper/vmlinuz.efi file=/cdrom/preseed/ubuntu.seed boot=casper only-ubiquity quiet splash --
initrd /casper/initrd.lz
}
menuentry "Check disc for defects" {
set gfxpayload=keep
linux /casper/vmlinuz.efi boot=casper integrity-check quiet splash --
initrd /casper/initrd.lz
}

You will notice if you reboot from your USB that you will see a new menu entry called “Ubuntu persistent” at the top and that’s the one you click.

The remaining problem for me is the speed. It may be just because we are using a USB stick I don’t know! It seems that USB 3.0 ports should transfer much faster than what I’m getting. One measure I took which may just be a coincidence is I setup an administrative user system settings> user accounts, you will need to set a password to use sudo. If the strong password thing was bothersome for you as it was for me try passwd in terminal once you restart and are logged in as that user.

Django 1.9 How to Setup ORM Models (Pycharm)

In this tutorial I will assume that you are using the Django module you created when you started the project (though it can be modified slightly if its a different module)

myapp
– models.py
– settings.py

I will assume that myapp is that original module you created and model.py is where your ORM models are.

Step 1:
Ensure that you list myapp under INSTALLED_APPS list in settings.py. It is not there by default!

Step 2:
Ensure that on top of models.py you have the following import
from django.db import models

Also as part of step 2 you may need other imports to use some of the default tables that come with Django. For example, I always use the auth_user table which requires:
from django.contrib.auth.models import User

Table Generation (Made Easy?)
Step 1:
In settings.py ensure you have the following code snippet present since it is defaulted as false
migrated = True

Step 2:
Run the following in command line from the project’s directory. You may need sudo privileges. Remember to change myapp to your app’s name.
./manage.py makemigrations
You may be required to specify myapp after makemigrations

Step 3:
You will have noticed that the above command would have made a directory migrations with file(s) in it.

The directory should have changed to look like this

myapp
– models.py
– settings.py
– migrations
– – 0001_initial.py

A file similar to the above will be generated, there is an option to name the file which can be found in the references.

Finally, run the following to have your tables generated in the database
./manage.py migrate

References:
Model Meta Options – Discusses managed option
Django Models – Contains instructions for using models
Using migration to generate your tables

MySQL List all Databases, List all Tables in a Database, List all columns in a Table (Ubuntu 14.04)

Running MySQL with super user privileges
mysql -u root -p

List all databases
SHOW DATABASES;

List Tables in a Specified Database
SHOW TABLES FROM databasename;

List Columns in a Specified Table from a Specified Database
SHOW COLUMNS FROM dbname.tablename;