System Engineering

AWS CodeDeploy 설정 (S3)

Posted on
AWS CodeDeploy

The flow of a typical AWS CodeDeploy deployment 설정 목록 EC2 On-Premises(EC2가 아닌 물리서버) CodeDeploy 서비스용 IAM 권한 생성 서버용  IAM 권한 생성 CodeDeploy Application 생성 EC2 설정 CodeDeploy Agent 설치/설정 On-Premise 서버 설정 배포 파일 준비, appspec.yml 설정 [반복] 배포 [반복] CodeDeploy 서비스용 IAM 권한 생성 [AWS-Console] IAM > Roles : Create New Role Role Type :  AWS […]

System Engineering

rsyslog + MySQL + LogAnalyzer on OpenSUSE

Posted on
rsyslog Features Map

1. Install requirements zypper install rsyslog rsyslog-module-relp rsyslog-module-mysql rsyslog-module-snmp rsyslog-module-mmnormalize 2. Create RuleBase for PHP log vi /etc/rsyslog.d/phplog.rulebase # PHP Logs rule=: %server:char-to:\x3a%\x3a PHP %priority:char-to:\x3a%\x3a%message:rest% rule=: PHP %priority:char-to:\x3a%\x3a%message:rest% 3. Prepare MySQL CREATE DATABASE `syslog`; USE `syslog`; CREATE USER ‘syslog’@’localhost’ IDENTIFIED BY ‘my_password’; GRANT EXECUTE, INSERT, LOCK TABLES, SELECT, SHOW VIEW, UPDATE ON syslog.* TO ‘syslog’@’localhost’; […]

System Engineering

Upload PKCS#12 Server Certificates to AWS

Posted on
AWS IAM Certificate Manager

1. Extract RSA Private key openssl pkcs12 -in CERTIFICATE.PFX -nocerts -nodes -out private.key openssl rsa -in private.key -out private-rsa.key 2. Extract Certificate openssl pkcs12 -in CERTIFICATE.PFX -clcerts -nokeys -out certificate.crt 3. Extract Certificate Chains openssl pkcs12 -in CERTIFICATE.PFX -cacerts -nokeys -out certificate-chain.crt 4. Trimming  Certificates for AWS sed -ne ‘/—–BEGIN CERTIFICATE—–/,/—–END CERTIFICATE—–/ p’ certificate.crt > certificate-trim.crt […]

Developments

Using request of JSON Payload in Slim framework

Posted on
Slim Framework

How to enable JSON-Payload input in Slim Framework… SlimMiddlewareContentTypes.php <?php /** * Middleware SlimMiddlewareContentTypes (for JSON Payload requests) * 2015/03/12 * Aiden Kim */ class SlimMiddlewareContentTypes extends \Slim\Middleware\ContentTypes { public function call() { $mediaType = $this->app->request->getMediaType(); if ( isset($this->contentTypes[$mediaType]) && !$this->app->request->isGet() && !$this->app->request->isHead() ) { $env = $this->app->environment(); // Parse request data $form_hash = $this->parse($env[‘slim.input’], […]

Developments

MySQL Procedure Pattern for Nested Transaction

Posted on
MySQL

The MySQL dose not supports ‘Nested Transaction’. Transactions cannot be nested. This is a consequence of the implicit commit performed for any current transaction when you issue a START TRANSACTION statement or one of its synonyms. (https://dev.mysql.com/doc/refman/5.7/en/implicit-commit.html) But I want to use ‘Stored Procedure’ what work well with a transaction independently and with nested calling. […]

System Engineering

Install OpenVPN on openSUSE

Posted on
OpenVPN

0. Plan Public IF : eth1 (210.1.1.1) Private IF : eth0 (10.1.0.0/16) Virtual Tunneling IF : tun0 (172.16.1.0/24) 1. Download and install packages zypper install openvpn openvpn-auth-pam-plugin 2. Install EasyRSA and create server ertificates cd /usr/local/src wget -O easy-rsa-2.x.tar.gz https://github.com/OpenVPN/easy-rsa/archive/release/2.x.tar.gz tar xvf easy-rsa-2.x.tar.gz cp -r easy-rsa-release-2.x/easy-rsa /etc/openvpn/ cd /etc/openvpn/easy-rsa/2.0/ vi /etc/openvpn/easy-rsa/2.0/vars # Fill KEY_COUNTRY, KEY_PROVINCE, KEY_CITY, KEY_ORG, […]

System Engineering

Enable SFTP Logging on OpenSUSE

Posted on

1. Update rsyslog(syslog) configuration vi /etc/rsyslog.conf #sftp logging local5.* -/var/log/sftpd.log service rsyslog restart 2. SSHD Configuration file vi /etc/ssh/sshd_config Subsystem sftp /usr/lib/ssh/sftp-server -f LOCAL5 -l INFO service sshd restart  

System Engineering

Chroot for SFTP on OpenSUSE

Posted on

1. Add chroot to SSHD Configuration file vi /etc/ssh/sshd_config Match Group uploaders,!admin X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp ChrootDirectory /home/uploaders Match User cacti Address *,!10.10.1.0/24 ForceCommand /bin/false 2. Mount directory to home directory vi /etc/fstab /home/www/www.mysite.com /home/uploaders/www.mysite.com none bind 0 0  

Developments

MySQL, Checking the IP address in a range

Posted on

fn_ipv4_match( needle, haystack ) Returns 1 if haystack contains needle. needle : IPv4 address haystack : IPv4 address, IPv4 address with subnet mask, IPv4 address with netmask bits DELIMITER $$ DROP FUNCTION IF EXISTS `fn_ipv4_match`$$ CREATE FUNCTION `fn_ipv4_match`( needle VARCHAR(15), haystack VARCHAR(31) ) RETURNS TINYINT BEGIN /* * Checking the IP address in the range * 2014-09-30 * Aiden Kim */ DECLARE start_ip […]

System Engineering

Install DKIMproxy on OpenSUSE

Posted on

1. Install requirements zypper install dkimproxy 2. Create keys cd /usr/share/dkimproxy/etc openssl genrsa -out dkim-private.key 1024 openssl rsa -in dkim-private.key -pubout -out dkim-public.key chown dkim dkim-private.key chmod 400 dkim-private.key 3. Configuration file cp dkimproxy_in.conf.example dkimproxy_in.conf cp dkimproxy_out.conf.example dkimproxy_out.conf vi dkimproxy_out.conf # add your domain of sender … domain domain1.com,domain2.com # locate private-key file … keyfile /usr/share/dkimproxy/etc/dkim-private.key […]