Jelastic: how to contribute to Certified App source code? - jelastic

while setting up a basic 1 x NGINX load-balancer in front of 2 backends, I ended up in what it is clear to me to be a bug: the cron of this Certified App cannot be edited:
As you can see, in this particular App the cron file is owned by root:root and doesn't have the extended attribute (the plus on the right of permissions) necessary for the file to be edited also by the logged in user (nginx in this case).
All other certified apps allow instead the main login user to have crontabs, even though I found the permissions of each file vary a lot.
I've stumbled on https://github.com/jelastic/jem/blob/master/etc/jelastic/export.conf and it seems the file to go for proposing a bugfix, but it's last update if Aug-2016, so I guess Jelastic had closed much of its source code.
How can we contribute to Certified App source code?

indeed it is a bug as cron file of nginx user isn't editable in a balancer template, by design in has to be.
As for exports.conf - this file left for backwards comparability, but no more used.
The problem will be definitely fixed in latest templates, as for existing containers - we would like to apply a patch to fix them, if you provide us more details about hosting service provider you are using - we will help with that.
As for contribution to certified templates, all the images are publicly available on Docker Hub, you can create your own version of template based on existing one if you build a docker image and in your Dockerfile you specify
"from jelastic/nginxbalancer" as a base, then you can do any modifications to the filesystem. Next step will be just to replace existing balancer with your custom one.
Anyway, let's start with fix of existing containers.
Many thanks for finding out the bug!

Related

Automatically set up new Digital Ocean server for Laravel app

I know that https://forge.laravel.com/auth/register is available for $12/month*, but I'd like to understand how to accomplish the same thing myself.
What I assume is possible (and what I'm looking for): I create a server that has only Ubuntu 18.04.3 installed and nothing else, and I upload a script that installs all the appropriate software and sets up MySQL with the correct passwords, etc (without manual intervention).
I've tried Laradock and had tons of problems with Docker and don't want to do that anymore.
I see that https://cloud.digitalocean.com/droplets/new lets me create a LEMP droplet (Ubuntu, Nginx, MySQL, PHP-FPM) with one click. But it lacks Redis, and its versions are outdated (e.g. PHP 7.2).
I've heard people mention Chef (maybe this?), but that seems to be more complicated than what I'm imagining.
Unfortunately I'm not even sure how to search for what I'm trying to do (or how to tag this question); is this called "server provisioning"? I've been searching phrases like "automatic install script redis mysql server for laravel".
Thanks in advance for pointing me in the right direction.
* I also just found https://getcleaver.com/ and https://runcloud.io/server-management, which each look like Forge + Envoyer (and RunCloud offers a free plan).
It is called server provisioning and Chef would be a good fit for this, check out Ansible too - another thing you could do is setup the server yourself and create an image from that server and then base your new servers out of that image, that way you'll have all your services installed from the start.
This sounds like a job or something like Puppet (or Chef/Ansible), however Laravel Envoy may be another tool to look at if you haven't already for the second part of your problem.
I highly recommend Heroku (or similar service), as this is all done out of the box, and has a ton of other great features that make developing a pipeline a breeze.

Move OctoberCMS website from Ubuntu VM to a CentOS 7 VM

Our web developer picked OctoberCMS to develop our new website (his skill). Unfortunately before completion he rapidly left us due to health reasons and is no longer available. His Ubuntu environment has some problems and we need it on CentOS 7 anyway. The rest of us are OctoberCMS newbies, but want to learn it.
We built a CentOS 7 VM and installed OctoberCMS and want to move his work over.
We can not find any instructions on how to "export" the work he has done thus far and import it into our new OctoberCMS.
He is using 10 plugins and 3 he developed. (I don't know if that is relevant)
Is there an easy way to do this or at least instructions?
We have been googling, youtubing, IRC'ing for a week and still at a loss.
Any help would be most appreciated.
There really isn't anything special you need to know about moving an OctoberCMS install to a new server compared to moving over any other PHP application.
I am assuming you know how to do the basics of setting up a LAMP stack, such as setting up a virtual host for the domain you want to host the site on and setting up a MySQL database and user/password to access the database. There are of course many variants on how you could accomplish this such as using a management tool like Plesk or cPanel, or just configuring the services manually via the command line.
1) Ensure your new server is running at least roughly the same version of Apache, MySQL, and PHP.
2) Copy over the directory that contains all of the web files from the old server into the document root for your domain on the new server.
3) Do a database dump from the old server and copy it to the new server. If possible, use the same database name and username and password as the old server. This way you don't have to worry about updating the configuration of the website.
4) Pull up the site and troubleshoot any errors that come up. It is helpful if OctoberCMS debug mode is on.
Following the above method will ensure that you have the exact same setup on your new server that the old server had. This will copy over all of the plugins, data, etc.
There are of course many complexities that can come up during a switch over like this, but this should at least get you started and you can come back to StackOverflow with some more specific hurdles.
Hope that helps.

Secure first time setup of nextcloud

I want to setup a Nextcloud on my personal VPS. To do the first time setup, I have to access the webserver via my browser and it says I should do it over http://localhost/nextcloud/ (Nextcloud Installation Wizard (Right in the beginning), but this does not work for my because the VPS is not my local machine. So I have to open up the setup website to the public web and everybody who would know the IP of my VPS could do it first time setup.
I read other tutorials from web applications (for example Confluence Confluence Installation Documentation (Point 4.2)) where this is the common way of setting things up the first time.
Is there another secure way to do this in general for setting up an webapp for the first time? Firewall? VPN? How do you guys do it?
Thank you for your help
Yes - this is the common way on how to set it up. In the unlikely case that somebody else sets it up in the short time between placing the files and running the installer, you could also remove the config/config.php and do the setup again.
If you want to not do the web based setup you could use the CLI tool to run the installation. It also asks in an interactive way to set up Nextcloud or all the parameters can be provided via CLI options.
See https://docs.nextcloud.com/server/12/admin_manual/installation/command_line_installation.html for more details on the CLI installation method.

Running TurboGears2 in Amazon EC2

I would just like to ask if anybody here has run Turbogears2 from an Amazon EC2 instance. I've been looking for a way to do it, but so far searching the Web hasn't given me anything I could use as an example. I did see one here:
http://codersbuffet.blogspot.com/2010/05/announcing-turbpgears-ec2-images.html
Though I think the person used an earlier version of TG in his post.
I thought it would be as simple as changing the host parameter in the development.ini, but that did not work. I've also tried connecting to the instance with the -L option for ssh, but it did not work as well (I did this approach for web2py way back, and it worked).
I'm wondering if I need to configure some file somewhere in the TG2 application. I've also tried searching the TG2 documentation. Either I'm not using the right keywords, or I'm just not getting the right results.
Thanks in advance for any help!
DM
By itself EC2 doesn't provide a platform, you can freely choose a deploy environment from mod_wsgi, circus, gunicorn or whatever your prefer. It's not strictly a TurboGears problem, it can be deployed like any other WSGI application.
There are some tutorial for a step by step deploy on Apache+mod_wsgi and Circus+chausette on the TurboGears documentation, you can find them here: http://turbogears.readthedocs.org/en/latest/cookbook/deploy/index.html
Avoid deploying on gearbox+wsgiref because it is not meant for production usage, if you want to use gearbox I suggest you give a try to waitress

Joomla! 2.5.4 Hacked: Having trouble with diagnosis

My Joomla 2.5.4 site was cracked last night. Moreover, the Joomla forum is currently down, and I can't even run Joomla's diagnostic utility. (fpa-en.php)
I have followed Joomla's instructions for diagnosis with no success. (See below) I have also emailed my webhost (I am on a shared server, but I use a host recommended by Joomla that is a specialist in Joomla sites). So, my question is what do I do next?
Here is the info that I have so far.
Using Joomla 2.54 (the latest). All extension were updated to most recent release, and none are on the Joomla vulnerable extensions list.
Passwords of other administrators were changed but not mine fortunately.
User_notes table deleted, which renders the User Manager in the admin section useless.
According to logs the attack hit the following files in this sequence:
/administrator/index.php
/index.php (Root)
/plugins/authentication/joomla/joomla.php
/plugins/user/joomla/joomla.php
and then the changes to the users and user_notes tables.
There is no junk in either index.php
Attack ip was 199.15.234.216, which is from a Fort Worth server of supremetelecom.com
Fortunately, I have backups and there was no defacement, but until I can't get fpa-en.php to work and access to the Joomla forums, I am not sure what to d0 other than change all passwords and block the ip.
Thanks in advance for any help!
Firstly, reset the passwords of all the administrators, including yours, then change them and ensure they include letters and numbers. Then change the password for the host control panel using the password generator if they provide one. If not, use a password generator online. Once this is done change the password for your database username and don't forget to also update the configuration.php with your new password.
Secondly, download and install Admin Tools which will add more security to your site for the future. Admin Tools also comes with an Emergency Offline button which is useful.
Then download and install Saxum IP Logger which will trace all the registered users, giving you their IP address, country and so on and you can also block IP addresses using the plugin that comes with it.
Next, go to the host control panel and look at the logs to see which IP addresses have entered your website and while files they have accessed. The IP address that coresponds to the files edited, you can then block using the plugin I mentioned before. Joomla 2.5 is very hard to hack so it is rather likely you have an extension that is badly developed and allows SQL injection. Therefore you should always choose popular extensions to install on your website when they are database related.
Hope this helps you in the future. Regards
EDIT : You can also password protect your folders in the FTP for additional security.
You may also find this extension quite useful
After you recover from this, make sure you place a password on the /administrator directory with .htaccess, assuming this is a Linux based server.
Couple of steps that will help you identify the point of access.
Also depends on if you have access to some server side tools.
Contact host and ask them if they run Mod_Sec if so ask them for the Mod_sec flag for that IP.
Ask the host if they run any type of maldet tools - if so ask for a scan of your account.
If you have shell access run a check on what were the most recent files changes... Side from tmp and cache files.
Fixing the hack
1. Change all your passwords -
2. Install project honey pot.
3. Admin tools install is good but you need the pro version to really gain access to the security tools.
4. Migrate to a host that specializes in Joomla platforms, in most cases they already have the accounts configured for common security issues in Joomla.
Getting hacked really sucks... Good luck!
Relocate your administrator page by editing the config.php files .. and edit your FTP permission settings. If your administration login url was the standard location. (www.site.com/administrator ) change this location and block access using your hosting control panel to only certain ip address (and even restrict access by hours of availability.
How many administrator user accounts do you have. There really should be only one person with super user access . It is really not productive or safe to have other users that do minor edits of the website with administrator privileges; and they could accidentally cause issues. These are basic steps and there is a lot more you can do. Send an email if you need help/step by step instructions. Hope all goes well.

Resources