Forem: Teddy Zugana

Cara Menginstall Wazuh di Ubuntu Server

Teddy Zugana — Fri, 14 Nov 2025 01:58:54 +0000

Pada kesempatan kali ini kita akan menginstall wazuh di ubuntu versi 24.04. Sebelum mulai proses instalasi, ada beberapa hal yang perlu disiapkan.

Requirement

VPS : 2 vCPU, 4 GB RAM, 50 GB Disk
OS : Ubuntu 16.04, 18.04, 20.04, 22.04, 24.04
Port : 443,1514,1515,55000,9200,9300–9400 (TCP)
Infrastruktur : AWS, GCP, Digital Ocean, VPS Lokal, Bare Metal/On-Premise. VirtualBox, VMWare

Baca Juga : Cara Mengamankan Server Ubuntu dari Peretas

Metode Instalasi

Ada beberapa metode instalasi yang ada untuk menginstall wazuh di ubuntu. Tapi untuk tutorial kali ini kita akan menggunakan metode instalasi Wazuh installation assistant.
Langkah #1 : Update Package Server

Langkah wajib yang harus dilakukan sebelum mulai proses instalasi adalah update dan upgrade package di server terlebih dahulu.

sudo apt update && sudo apt upgrade -y

Mengubah Timezone

Atur timezone sesuai dengan lokasi Anda agar waktu di server lebih mudah dibaca, terutama saat membaca log atau mengatur penjadwalan otomatis seperti cronjob. Contohnya, pilih Asia/Jakarta untuk Waktu Indonesia Barat.


sudo dpkg-reconfigure tzdata

Langkah #2 : Jalankan Wazuh Installation Assistant

Jalankan perintah di bawah ini di server yang akan dijadikan wazuh server. Akan tampil proses instalasi Wazuh. Tunggu proses instalasinya sampai selesai.

curl -sO https://packages.wazuh.com/4.9/wazuh-install.sh && sudo bash ./wazuh-install.sh -i -a

4.9 adalah versi dari wazuh yang akan diinstall

Wazuh Installation Assistant

Setelah proses instalasi selesai, akan muncul user dan password untuk mengakses dashboard wazuh. Simpan baik-baik user dan password tersebut.

Note:
Untuk melihat semua password wazuh indexer dan wazuh API, atau lupa password wazuh dashboard, Anda bisa menggunakan perintah berikut :


sudo tar -O -xvf wazuh-install-files.tar wazuh-install-files/wazuh-passwords.txt

Langkah #3 : Mengakses Dashboard Wazuh

Untuk mengakses dashboard wazuh, masukkan ip address server wazuh ke search bar browser seperti chrome, atau firefox. Silahkan login menggunakan user dan password yang tadi sudah digeneratekan oleh wazuh installation assistant.

https://<ip-dashboard-wazuh>

Dan seperti inilah tampilan web dashboard wazuh setelah berhasil login.

Cara Mengatur Blok Server Nginx (Host Virtual) di Ubuntu

Teddy Zugana — Fri, 23 May 2025 09:12:34 +0000

aat menggunakan server web Nginx, blok server (mirip dengan host virtual di Apache) dapat digunakan untuk merangkum detail konfigurasi dan menghosting lebih dari satu domain pada satu server.

Dalam panduan ini, kita akan membahas cara mengonfigurasi blok server di Nginx pada server Ubuntu 16.04.

Terapkan aplikasi Anda dari GitHub menggunakan DigitalOcean App Platform . Biarkan DigitalOcean fokus pada penskalaan aplikasi Anda.
Prasyarat

Kami akan menggunakan pengguna non-root dengan sudohak istimewa di sepanjang tutorial ini. Jika Anda belum mengonfigurasi pengguna seperti ini, Anda dapat membuatnya dengan mengikuti panduan pengaturan server awal Ubuntu 16.04 kami .

Anda juga perlu memasang Nginx di server Anda. Panduan berikut membahas prosedur ini:

Cara Memasang Nginx di Ubuntu 16.04 : Gunakan panduan ini untuk menyiapkan Nginx sendiri.
Cara Menginstal Linux, Nginx, MySQL, PHP (tumpukan LEMP) di Ubuntu 16.04 : Gunakan panduan ini jika Anda akan menggunakan Nginx bersama dengan MySQL dan PHP.

Jika Anda telah memenuhi persyaratan ini, Anda dapat melanjutkan dengan panduan ini.
Contoh Konfigurasi

Untuk keperluan demonstrasi, kita akan menyiapkan dua domain dengan server Nginx kita. Nama domain yang akan kita gunakan dalam panduan ini adalah example.com dan test.com .

Catatan: untuk informasi lebih lanjut tentang menyiapkan domain dengan DigitalOcean, silakan lihat dokumentasi produk Domain dan DNS kami .

Jika Anda tidak memiliki dua nama domain cadangan untuk digunakan, gunakan nama pengganti untuk saat ini dan kami akan menunjukkan kepada Anda nanti cara mengonfigurasi komputer lokal untuk menguji konfigurasi Anda.
Langkah 1 — Menyiapkan Direktori Root Dokumen Baru

Secara default, Nginx pada Ubuntu 16.04 memiliki satu blok server yang diaktifkan. Blok ini dikonfigurasi untuk menyajikan dokumen dari direktori di /var/www/html.

Meskipun ini berfungsi dengan baik untuk satu situs, kita memerlukan direktori tambahan jika kita akan melayani beberapa situs. Kita dapat menganggap /var/www/htmldirektori tersebut sebagai direktori default yang akan dilayani jika permintaan klien tidak cocok dengan situs kita yang lain.

Kami akan membuat struktur direktori /var/wwwuntuk setiap situs kami. Konten web yang sebenarnya akan ditempatkan dalam htmldirektori di dalam direktori khusus situs ini. Ini memberi kami fleksibilitas tambahan untuk membuat direktori lain yang terkait dengan situs kami sebagai saudara dari htmldirektori tersebut jika perlu.

Kita perlu membuat direktori ini untuk setiap situs kita. -pBendera tersebut memberitahu mkdiruntuk membuat direktori induk yang diperlukan di sepanjang jalan:

sudo mkdir -p /var/www/example.com/html
sudo mkdir -p /var/www/test.com/html

Sekarang setelah kita memiliki direktori, kita akan menetapkan kembali kepemilikan direktori web ke akun pengguna normal kita. Ini akan memungkinkan kita menulis ke direktori tersebut tanpa sudo.

Catatan: Bergantung pada kebutuhan Anda, Anda mungkin perlu menyesuaikan izin atau kepemilikan folder lagi untuk mengizinkan akses tertentu bagi www-datapengguna. Misalnya, situs dinamis sering kali memerlukan ini. Persyaratan izin dan kepemilikan khusus sepenuhnya bergantung pada konfigurasi Anda. Ikuti rekomendasi untuk teknologi tertentu yang Anda gunakan.

Kita dapat menggunakan $USERvariabel lingkungan untuk menetapkan kepemilikan pada akun yang saat ini kita gunakan untuk masuk (pastikan Anda tidak masuk sebagai root ). Ini akan memudahkan kita untuk membuat atau mengedit konten dalam direktori ini:

sudo chown -R $USER:$USER /var/www/example.com/html
sudo chown -R $USER:$USER /var/www/test.com/html

Izin root web kita seharusnya sudah benar jika Anda belum mengubah umasknilainya, tetapi kita dapat memastikannya dengan mengetik:

sudo chmod -R 755 /var/www

Struktur direktori kita sekarang telah dikonfigurasikan dan kita dapat melanjutkan.
Langkah 2 — Membuat Halaman Contoh untuk Setiap Situs

Sekarang setelah kita menyiapkan struktur direktori, mari buat halaman default untuk setiap situs kita sehingga kita akan memiliki sesuatu untuk ditampilkan.

Buat index.htmlfile di domain pertama Anda:

nano /var/www/example.com/html/index.html

Di dalam berkas tersebut, kita akan membuat berkas dasar yang menunjukkan situs mana yang sedang kita akses. Tampilannya akan seperti ini:
/var/www/contoh.com/html/index.html

Welcome to Example.com!

Success! The example.com server block is working!

Simpan dan tutup berkas saat Anda selesai. Untuk melakukannya nano, tekan CTRL+ountuk menulis berkas, lalu CTRL+xuntuk keluar.

Karena berkas untuk situs kedua kita pada dasarnya akan sama, kita dapat menyalinnya ke akar dokumen kedua kita seperti ini:

cp /var/www/example.com/html/index.html /var/www/test.com/html/

Sekarang, kita dapat membuka file baru di editor kita:

nano /var/www/test.com/html/index.html

Ubahlah sehingga merujuk ke domain kedua kita:
/var/www/test.com/html/indeks.html

Welcome to Test.com!

Success! The test.com server block is working!

Simpan dan tutup berkas ini setelah selesai. Sekarang kita memiliki beberapa halaman untuk ditampilkan kepada pengunjung kedua domain kita.
Langkah 3 — Membuat File Blok Server untuk Setiap Domain

Sekarang setelah kita memiliki konten yang ingin disajikan, kita perlu membuat blok server yang akan memberi tahu Nginx cara melakukannya.

Secara default, Nginx berisi satu blok server yang disebut defaultyang dapat kita gunakan sebagai templat untuk konfigurasi kita sendiri. Kita akan mulai dengan mendesain blok server domain pertama kita, yang kemudian akan kita salin untuk domain kedua kita dan buat modifikasi yang diperlukan.
Membuat File Blok Server Pertama

Seperti disebutkan di atas, kita akan membuat file konfigurasi blok server pertama kita dengan menyalin file default:

sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/example.com

Sekarang, buka file baru yang Anda buat di editor teks Anda dengan sudohak istimewa:

sudo nano /etc/nginx/sites-available/example.com

Mengabaikan baris yang diberi komentar, berkasnya akan terlihat seperti ini:
/etc/nginx/situs-tersedia/contoh.com

server {
listen 80 default_server;
listen [::]:80 default_server;

    root /var/www/html;
    index index.html index.htm index.nginx-debian.html;

    server_name _;

    location / {
            try_files $uri $uri/ =404;
    }

}

Pertama, kita perlu melihat perintah listen. Hanya satu blok server di server yang dapat default_servermengaktifkan opsi tersebut. Ini menentukan blok mana yang harus melayani permintaan jika yang server_namediminta tidak cocok dengan salah satu blok server yang tersedia. Ini seharusnya tidak sering terjadi dalam skenario dunia nyata karena pengunjung akan mengakses situs Anda melalui nama domain Anda.

Anda dapat memilih untuk menetapkan salah satu situs Anda sebagai "default" dengan menyertakan default_serveropsi tersebut dalam listenarahan, atau Anda dapat membiarkan blok server default diaktifkan, yang akan menyajikan konten direktori /var/www/htmljika host yang diminta tidak dapat ditemukan.

Dalam panduan ini, kami akan membiarkan blok server default tetap digunakan untuk melayani permintaan yang tidak cocok, jadi kami akan menghapus default_serverdari blok server ini dan berikutnya. Anda dapat memilih untuk menambahkan opsi ke blok server mana pun yang menurut Anda masuk akal.
/etc/nginx/situs-tersedia/contoh.com

server {
listen 80;
listen [::]:80;

    . . .

}

Catatan: Anda dapat memeriksa apakah default_serveropsi tersebut hanya diaktifkan dalam satu file aktif dengan mengetik:

grep -R default_server /etc/nginx/sites-enabled/

Jika kecocokan ditemukan tanpa komentar di lebih dari satu file (ditampilkan di kolom paling kiri), Nginx akan mengeluh tentang konfigurasi yang tidak valid.

Hal berikutnya yang harus kita sesuaikan adalah root dokumen, yang ditentukan oleh rootperintah. Arahkan ke root dokumen situs yang Anda buat:
/etc/nginx/situs-tersedia/contoh.com

server {
listen 80;
listen [::]:80;

    root /var/www/example.com/html;

}

Selanjutnya, kita perlu memodifikasi server_nameagar sesuai dengan permintaan untuk domain pertama kita. Kita juga dapat menambahkan alias apa pun yang ingin kita cocokkan. Kita akan menambahkan www.example.comalias untuk menunjukkannya.

Setelah selesai, berkas Anda akan terlihat seperti ini:
/etc/nginx/situs-tersedia/contoh.com

server {
listen 80;
listen [::]:80;

    root /var/www/example.com/html;
    index index.html index.htm index.nginx-debian.html;

    server_name example.com www.example.com;

    location / {
            try_files $uri $uri/ =404;
    }

}

Itu saja yang kita perlukan untuk konfigurasi dasar. Simpan dan tutup berkas untuk keluar.
Membuat File Blok Server Kedua

Sekarang setelah kita memiliki konfigurasi blok server awal, kita dapat menggunakannya sebagai dasar untuk file kedua kita. Salin untuk membuat file baru:

sudo cp /etc/nginx/sites-available/example.com /etc/nginx/sites-available/test.com

Buka file baru dengan sudohak istimewa di editor Anda:

sudo nano /etc/nginx/sites-available/test.com

Sekali lagi, pastikan Anda tidak menggunakan default_serveropsi untuk listenarahan dalam berkas ini jika Anda telah menggunakannya di tempat lain. Sesuaikan rootarahan agar mengarah ke akar dokumen domain kedua Anda dan sesuaikan server_nameagar sesuai dengan nama domain situs kedua Anda (pastikan untuk menyertakan alias apa pun).

Setelah selesai, berkas Anda kemungkinan akan terlihat seperti ini:
/etc/nginx/situs-tersedia/test.com

server {
listen 80;
listen [::]:80;

    root /var/www/test.com/html;
    index index.html index.htm index.nginx-debian.html;

    server_name test.com www.test.com;

    location / {
            try_files $uri $uri/ =404;
    }

}

Setelah selesai, simpan dan tutup berkas.
Langkah 4 — Mengaktifkan Blok Server dan Memulai Ulang Nginx

Sekarang setelah kita memiliki berkas blok server, kita perlu mengaktifkannya. Kita dapat melakukannya dengan membuat tautan simbolik dari berkas-berkas ini ke sites-enableddirektori, yang dibaca Nginx saat memulai.

Kita dapat membuat tautan ini dengan mengetik:

sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/
sudo ln -s /etc/nginx/sites-available/test.com /etc/nginx/sites-enabled/

File-file ini sekarang ditautkan ke direktori yang diaktifkan. Sekarang kita memiliki tiga blok server yang diaktifkan, yang dikonfigurasi untuk merespons berdasarkan listenarahannya dan server_name(Anda dapat membaca lebih lanjut tentang cara Nginx memproses arahan ini di sini ):

example.com:Akan menanggapi permintaan untuk example.comdanwww.example.com
test.com:Akan menanggapi permintaan untuk test.comdanwww.test.com
default: Akan menanggapi permintaan apa pun pada port 80 yang tidak cocok dengan dua blok lainnya.

Untuk menghindari kemungkinan masalah memori hash bucket yang dapat muncul akibat penambahan nama server tambahan, kami juga akan menyesuaikan satu nilai dalam /etc/nginx/nginx.confberkas kami. Buka berkas sekarang:

sudo nano /etc/nginx/nginx.conf

Di dalam berkas, temukan server_names_hash_bucket_sizeperintah tersebut. Hapus #simbol untuk menghapus komentar pada baris:
/etc/nginx/nginx.conf

http {
. . .

server_names_hash_bucket_size 64;

. . .

}

Simpan dan tutup berkas jika Anda sudah selesai.

Berikutnya, uji untuk memastikan tidak ada kesalahan sintaksis di salah satu file Nginx Anda:

sudo nginx -t

Jika tidak ada masalah yang ditemukan, mulai ulang Nginx untuk mengaktifkan perubahan Anda:

sudo systemctl restart nginx

Nginx sekarang seharusnya melayani kedua nama domain Anda.
Langkah 5 — Memodifikasi File Host Lokal Anda untuk Pengujian (Opsional)

Jika Anda belum menggunakan nama domain yang Anda miliki dan malah menggunakan nilai pengganti, Anda dapat mengubah konfigurasi komputer lokal agar Anda dapat menguji konfigurasi blok server Nginx untuk sementara.

Ini tidak akan memungkinkan pengunjung lain melihat situs Anda dengan benar, tetapi akan memberi Anda kemampuan untuk mengakses setiap situs secara independen dan menguji konfigurasi Anda. Ini bekerja dengan cara mencegat permintaan yang biasanya masuk ke DNS untuk menyelesaikan nama domain. Sebagai gantinya, kita dapat mengatur alamat IP yang kita inginkan agar komputer lokal kita tuju saat kita meminta nama domain.

Catatan: Pastikan Anda menjalankannya di komputer lokal selama langkah-langkah ini dan bukan di server jarak jauh. Anda harus memiliki akses root, menjadi anggota grup administratif, atau dapat mengedit file sistem untuk melakukan ini.

Jika Anda menggunakan komputer Mac atau Linux di rumah, Anda dapat mengedit berkas yang diperlukan dengan mengetik:

sudo nano /etc/hosts

Jika Anda menggunakan Windows, Anda dapat menemukan petunjuk untuk mengubah berkas host Anda di sini.

Anda perlu mengetahui alamat IP publik server Anda dan domain yang ingin Anda rutekan ke server. Dengan asumsi bahwa alamat IP publik server saya adalah 203.0.113.5, baris yang akan saya tambahkan ke berkas saya akan terlihat seperti ini:
/dll/host

127.0.0.1 localhost
. . .

203.0.113.5 example.com www.example.com
203.0.113.5 test.com www.test.com

Ini akan mencegat semua permintaan untuk example.comdan test.comdan mengirimkannya ke server Anda, yang merupakan apa yang kita inginkan jika kita tidak benar-benar memiliki domain yang kita gunakan.

Simpan dan tutup berkas jika Anda sudah selesai.
Langkah 6 — Menguji Hasil Anda

Setelah semuanya siap, Anda harus menguji apakah blok server berfungsi dengan benar. Anda dapat melakukannya dengan mengunjungi domain di peramban web Anda:

http://example.com

Anda akan melihat halaman seperti ini:

Blok server pertama Nginx

Jika Anda mengunjungi nama domain kedua Anda, Anda akan melihat situs yang sedikit berbeda:

http://test.com

Blok server kedua Nginx

Jika kedua situs ini berfungsi, Anda telah berhasil mengonfigurasi dua blok server independen dengan Nginx.

Pada titik ini, jika Anda menyesuaikan hostsberkas di komputer lokal untuk pengujian, Anda mungkin ingin menghapus baris yang Anda tambahkan.

Jika Anda memerlukan akses nama domain ke server Anda untuk situs publik, Anda mungkin ingin membeli nama domain untuk setiap situs Anda.
Kesimpulan

Sekarang Anda seharusnya memiliki kemampuan untuk membuat blok server untuk setiap domain yang ingin Anda hosting dari server yang sama. Tidak ada batasan nyata pada jumlah blok server yang dapat Anda buat, selama perangkat keras Anda dapat menangani lalu lintas.

Chrome Dino game cheats

Teddy Zugana — Mon, 28 Apr 2025 07:55:23 +0000

Google Chrome and Make your Dinosaur Immortal

The game can be hacked pretty easily, making your dinosaur not even flinch at the sight of a cactus.

To hack the game, first go the the error message page where your dinosaur is hanging out.

Go ahead and press the space bar to start the game. Once the game starts, right-click and select Inspect” to open up Chrome DevTools, then select the Console tab.

You can also do this by using the Ctrl+Shift+I shortcut, which takes you straight to the Console tab of DevTools.
Open Chrome Console

Make sure you are on the No Internet Connection page.
Right click anywhere on the page and select Inspect.
Go to Console tab. This is where we will enter the commands to tweak the game.

Tweaking Speed

Type the following command in Console and press enter. You can use any other speed in place of 1000.


Runner.instance_.setSpeed(1000)

Immortality

After every command press enter. All the commands are case-sensitive.

We store the original game over function in a variable:

var original = Runner.prototype.gameOver

Then, we make the game over function empty:

Runner.prototype.gameOver = function(){}

Stopping the game after using Immortality

When you want to stop the game, Revert back to the original game over function:

Runner.prototype.gameOver = original

Setting the current score

Let’s set the score to 12345. You can set any other score less than 99999. The current score is reset on game over.

Runner.instance_.distanceRan = 12345 / Runner.instance_.distanceMeter.config.COEFFICIENT

Dino jumping too high?

You can control how high the dino jumps by using the below function. Adjust the value as necessary.

Runner.instance_.tRex.setJumpVelocity(10)

Log : PHPExcel_Reader_Excel2007 Trying to access array offset on value of type null Line 1117

Teddy Zugana — Wed, 19 Feb 2025 10:24:38 +0000

Find the line of the error at the library file, in my case was some array that should not be null $attributes[$t] I've change it.

if ($attributes['t'] == 'array') { //from this
if (isset($attributes['t']) && $attributes['t'] == 'array') { //to this

the error dissapeared.

Obfuscating “Hello world!” obfuscate on Python

Teddy Zugana — Thu, 02 Jan 2025 02:35:42 +0000

create the weirdest obfuscated program that prints the string “Hello world!”. I decided to write up an explanation of how the hell it works. So, here’s the entry, in Python 2.7:

(lambda _, __, ___, ____, _____, ______, _______, ________:
    getattr(
        __import__(True.__class__.__name__[_] + [].__class__.__name__[__]),
        ().__class__.__eq__.__class__.__name__[:__] +
        ().__iter__().__class__.__name__[_____:________]
    )(
        _, (lambda _, __, ___: _(_, __, ___))(
            lambda _, __, ___:
                chr(___ % __) + _(_, __, ___ // __) if ___ else
                (lambda: _).func_code.co_lnotab,
            _ << ________,
            (((_____ << ____) + _) << ((___ << _____) - ___)) + (((((___ << __)
            - _) << ___) + _) << ((_____ << ____) + (_ << _))) + (((_______ <<
            __) - _) << (((((_ << ___) + _)) << ___) + (_ << _))) + (((_______
            << ___) + _) << ((_ << ______) + _)) + (((_______ << ____) - _) <<
            ((_______ << ___))) + (((_ << ____) - _) << ((((___ << __) + _) <<
            __) - _)) - (_______ << ((((___ << __) - _) << __) + _)) + (_______
            << (((((_ << ___) + _)) << __))) - ((((((_ << ___) + _)) << __) +
            _) << ((((___ << __) + _) << _))) + (((_______ << __) - _) <<
            (((((_ << ___) + _)) << _))) + (((___ << ___) + _) << ((_____ <<
            _))) + (_____ << ______) + (_ << ___)
        )
    )
)(
    *(lambda _, __, ___: _(_, __, ___))(
        (lambda _, __, ___:
            [__(___[(lambda: _).func_code.co_nlocals])] +
            _(_, __, ___[(lambda _: _).func_code.co_nlocals:]) if ___ else []
        ),
        lambda _: _.func_code.co_argcount,
        (
            lambda _: _,
            lambda _, __: _,
            lambda _, __, ___: _,
            lambda _, __, ___, ____: _,
            lambda _, __, ___, ____, _____: _,
            lambda _, __, ___, ____, _____, ______: _,
            lambda _, __, ___, ____, _____, ______, _______: _,
            lambda _, __, ___, ____, _____, ______, _______, ________: _
        )
    )
)

String literals weren’t allowed, but I set some other restrictions for fun: it had to be a single expression (so no print statement) with minimal builtin usage and no integer literals.
Getting started

Since we can’t use print, we can write to the stdout file object:

import sys
sys.stdout.write("Hello world!\n")

But let’s use something lower-level: os.write(). We need stdout’s file descriptor, which is 1 (you can check with print sys.stdout.fileno()).

import os
os.write(1, "Hello world!\n")

We want a single expression, so we’ll use import():


__import__("os").write(1, "Hello world!\n")

We also want to be able to obfuscate the write(), so we’ll throw in a getattr():

getattr(__import__("os"), "write")(1, "Hello world!\n")

This is the starting point. Everything from now on will be obfuscating the three strings and the int.
Stringing together strings

"os" and "write" are fairly simple, so we’ll create them by joining parts of the names of various built-in classes. There are many different ways to do this, but I chose the following:

"o" from the second letter of bool: True.__class__.__name__[1]
"s" from the third letter of list: [].__class__.__name__[2]
"wr" from the first two letters of wrapper_descriptor, an implementation detail in CPython found as the type of some builtin classes’ methods (more on that here): ().__class__.__eq__.__class__.__name__[:2]
"ite" from the sixth through eighth letters of tupleiterator, the type of object returned by calling iter() on a tuple: ().__iter__().__class__.__name__[5:8]

We’re starting to make some progress!


getattr(
    __import__(True.__class__.__name__[1] + [].__class__.__name__[2]),
    ().__class__.__eq__.__class__.__name__[:2] +
    ().__iter__().__class__.__name__[5:8]
)(1, "Hello world!\n")

"Hello world!\n" is more complicated. We’re going to encode it as a big integer, which will be formed of the ASCII code of each character multiplied by 256 to the power of the character’s index in the string. In other words, the following sum:
∑n=0L−1cn(256n)

where L
is the length of the string and cn is the ASCII code of the n

th character in the string. To create the number:

>>> codes = [ord(c) for c in "Hello world!\n"]
>>> num = sum(codes[i] * 256 ** i for i in xrange(len(codes)))
>>> print num
802616035175250124568770929992

Now we need the code to convert this number back into a string. We use a simple recursive algorithm:


>>> def convert(num):
...     if num:
...         return chr(num % 256) + convert(num // 256)
...     else:
...         return ""
...
>>> convert(802616035175250124568770929992)
'Hello world!\n'

Rewriting in one line with lambda:

convert = lambda num: chr(num % 256) + convert(num // 256) if num else ""

Now we use anonymous recursion to turn this into a single expression. This requires a combinator. Start with this:

>>> comb = lambda f, n: f(f, n)
>>> convert = lambda f, n: chr(n % 256) + f(f, n // 256) if n else ""
>>> comb(convert, 802616035175250124568770929992)
'Hello world!\n'

Now we just substitute the two definitions into the expression, and we have our function:

>>> (lambda f, n: f(f, n))(
...     lambda f, n: chr(n % 256) + f(f, n // 256) if n else "",
...     802616035175250124568770929992)
'Hello world!\n'

Now we can stick this into our code from before, replacing some variable names along the way (f → , n → _):

getattr(
    __import__(True.__class__.__name__[1] + [].__class__.__name__[2]),
    ().__class__.__eq__.__class__.__name__[:2] +
    ().__iter__().__class__.__name__[5:8]
)(
    1, (lambda _, __: _(_, __))(
        lambda _, __: chr(__ % 256) + _(_, __ // 256) if __ else "",
        802616035175250124568770929992
    )
)

Function internals

We’re left with a "" in the body of our convert function (remember: no string literals!), and a large number that we’ll have to hide somehow. Let’s start with the empty string. We can make one on the fly by examining the internals of some random function:


>>> (lambda: 0).func_code.co_lnotab
''

What we’re really doing here is looking at the line number table of the code object contained within the function. Since it’s anonymous, there are no line numbers, so the string is empty. Replace the 0 with _ to make it more confusing (it doesn’t matter, since the function’s not being called), and stick it in. We’ll also refactor out the 256 into an argument that gets passed to our obfuscated convert() along with the number. This requires adding an argument to the combinator:


getattr(
    __import__(True.__class__.__name__[1] + [].__class__.__name__[2]),
    ().__class__.__eq__.__class__.__name__[:2] +
    ().__iter__().__class__.__name__[5:8]
)(
    1, (lambda _, __, ___: _(_, __, ___))(
        lambda _, __, ___:
            chr(___ % __) + _(_, __, ___ // __) if ___ else
            (lambda: _).func_code.co_lnotab,
        256,
        802616035175250124568770929992
    )
)

A detour

Let’s tackle a different problem for a bit. We want a way to obfuscate the numbers in our code, but it’ll be cumbersome (and not particularly interesting) to recreate them each time they’re used. If we can implement, say, range(1, 9) == [1, 2, 3, 4, 5, 6, 7, 8], then we can wrap our current work in a function that takes variables containing the numbers from 1 to 8, and replace occurrences of integer literals in the body with these variables:

(lambda n1, n2, n3, n4, n5, n6, n7, n8:
    getattr(
        __import__(True.__class__.__name__[n1] + [].__class__.__name__[n2]),
        ...
    )(
        ...
    )
)(*range(1, 9))

Even though we need to form 256 and 802616035175250124568770929992 as well, these can be created using arithmetic operations on these eight “fundamental” numbers. The choice of 1–8 is arbitrary, but seems to be a good middle ground.

We can get the number of arguments a function takes via its code object:

>>> (lambda a, b, c: 0).func_code.co_argcount

Build a tuple of functions with argcounts between 1 and 8:


funcs = (
    lambda _: _,
    lambda _, __: _,
    lambda _, __, ___: _,
    lambda _, __, ___, ____: _,
    lambda _, __, ___, ____, _____: _,
    lambda _, __, ___, ____, _____, ______: _,
    lambda _, __, ___, ____, _____, ______, _______: _,
    lambda _, __, ___, ____, _____, ______, _______, ________: _
)

Using a recursive algorithm, we can turn this into the output of range(1, 9):


>>> def convert(L):
...     if L:
...         return [L[0].func_code.co_argcount] + convert(L[1:])
...     else:
...         return []
...
>>> convert(funcs)
[1, 2, 3, 4, 5, 6, 7, 8]

As before, we convert this into lambda form:


convert = lambda L: [L[0].func_code.co_argcount] + convert(L[1:]) if L else []

Then, into anonymous-recursive form:

>>> (lambda f, L: f(f, L))(
...     lambda f, L: [L[0].func_code.co_argcount] + f(f, L[1:]) if L else [],
...     funcs)
[1, 2, 3, 4, 5, 6, 7, 8]

For fun, we’ll factor out the argcount operation into an additional function argument, and obfuscate some variable names:


(lambda _, __, ___: _(_, __, ___))(
    (lambda _, __, ___:
        [__(___[0])] + _(_, __, ___[1:]) if ___ else []
    ),
    lambda _: _.func_code.co_argcount,
    funcs
)

There’s a new problem now: we still need a way to hide 0 and 1. We can get these by examining the number of local variables within arbitrary functions:

>>> (lambda: _).func_code.co_nlocals
0
>>> (lambda _: _).func_code.co_nlocals
1

Even though the function bodies look the same, _ in the first function is not an argument, nor is it defined in the function, so Python interprets it as a global variable:

>>> import dis
>>> dis.dis(lambda: _)
  1           0 LOAD_GLOBAL              0 (_)
              3 RETURN_VALUE
>>> dis.dis(lambda _: _)
  1           0 LOAD_FAST                0 (_)
              3 RETURN_VALUE

This happens regardless of whether _ is actually defined in the global scope.

Putting this into practice:


(lambda _, __, ___: _(_, __, ___))(
    (lambda _, __, ___:
        [__(___[(lambda: _).func_code.co_nlocals])] +
        _(_, __, ___[(lambda _: _).func_code.co_nlocals:]) if ___ else []
    ),
    lambda _: _.func_code.co_argcount,
    funcs
)

Now we can substitute the value of funcs in, and then using * to pass the resulting list of integers as eight separate variables, we get this:


(lambda n1, n2, n3, n4, n5, n6, n7, n8:
    getattr(
        __import__(True.__class__.__name__[n1] + [].__class__.__name__[n2]),
        ().__class__.__eq__.__class__.__name__[:n2] +
        ().__iter__().__class__.__name__[n5:n8]
    )(
        n1, (lambda _, __, ___: _(_, __, ___))(
            lambda _, __, ___:
                chr(___ % __) + _(_, __, ___ // __) if ___ else
                (lambda: _).func_code.co_lnotab,
            256,
            802616035175250124568770929992
        )
    )
)(
    *(lambda _, __, ___: _(_, __, ___))(
        (lambda _, __, ___:
            [__(___[(lambda: _).func_code.co_nlocals])] +
            _(_, __, ___[(lambda _: _).func_code.co_nlocals:]) if ___ else []
        ),
        lambda _: _.func_code.co_argcount,
        (
            lambda _: _,
            lambda _, __: _,
            lambda _, __, ___: _,
            lambda _, __, ___, ____: _,
            lambda _, __, ___, ____, _____: _,
            lambda _, __, ___, ____, _____, ______: _,
            lambda _, __, ___, ____, _____, ______, _______: _,
            lambda _, __, ___, ____, _____, ______, _______, ________: _
        )
    )
)

Shifting bits

Almost there! We’ll replace the n{1..8} variables with , _, , _, etc., since it creates confusion with the variables used in our inner functions. This doesn’t cause actual problems, since scoping rules mean the right ones will be used. This is also one of the reasons why we refactored 256 out to where _ refers to 1 instead of our obfuscated convert() function. It’s getting long, so I’ll paste only the first half:


(lambda _, __, ___, ____, _____, ______, _______, ________:
    getattr(
        __import__(True.__class__.__name__[_] + [].__class__.__name__[__]),
        ().__class__.__eq__.__class__.__name__[:__] +
        ().__iter__().__class__.__name__[_____:________]
    )(
        _, (lambda _, __, ___: _(_, __, ___))(
            lambda _, __, ___:
                chr(___ % __) + _(_, __, ___ // __) if ___ else
                (lambda: _).func_code.co_lnotab,
            256,
            802616035175250124568770929992
        )
    )
)

Only two more things are left. We’ll start with the easy one: 256. 256=28

, so we can rewrite it as 1 << 8 (using a left bit shift), or _ << ________ with our obfuscated variables.

We’ll use the same idea with 802616035175250124568770929992. A simple divide-and-conquer algorithm can break it up into sums of numbers which are themselves sums of numbers that are shifted together, and so on. For example, if we had 112, we could break it up into 96 + 16 and then (3 << 5) + (2 << 3). I like using bit shifts because the << reminds me of std::cout << "foo" in C++, or print chevron (print >>) in Python, both of which are red herrings involving other ways of doing I/O.

The number can be decomposed in a variety of ways; no one method is correct (after all, we could just break it up into (1 << 0) + (1 << 0) + ..., but that’s not interesting). We should have some substantial amount of nesting, but still use most of our numerical variables. Obviously, doing this by hand isn’t fun, so we’ll come up with an algorithm. In pseudocode:



func encode(num):
    if num <= 8:
        return "_" * num
    else:
        return "(" + convert(num) + ")"

func convert(num):
    base = shift = 0
    diff = num
    span = ...
    for test_base in range(span):
        for test_shift in range(span):
            test_diff = |num| - (test_base << test_shift)
            if |test_diff| < |diff|:
                diff = test_diff
                base = test_base
                shift = test_shift
    encoded = "(" + encode(base) + " << " + encode(shift) + ")"
    if diff == 0:
        return encoded
    else:
        return encoded + " + " + convert(diff)

convert(802616035175250124568770929992)

The basic idea here is that we test various combinations of numbers in a certain range until we come up with two numbers, base and shift, such that base << shift is as closest to num as possible (i.e. we minimize their absolute difference, diff). We then use our divide-and-conquer algorithm to break up best_base and best_shift, and then repeat the procedure on diff until it reaches zero, summing the terms along the way.

The argument to range(), span, represents the width of the search space. This can’t be too large, or we’ll end getting num as our base and 0 as our shift (because diff is zero), and since base can’t be represented as a single variable, it’ll repeat, recursing infinitely. If it’s too small, we’ll end up with something like the (1 << 0) + (1 << 0) + ... mentioned above. In practice, we want span to get smaller as the recursion depth increases. Through trial and error, I found this equation to work well:
span=⌈log1.5|num|⌉+⌊24−depth⌋

Translating the pseudocode into Python and making some tweaks (support for the depth argument, and some caveats involving negative numbers), we get this:

from math import ceil, log

def encode(num, depth):
    if num == 0:
        return "_ - _"
    if num <= 8:
        return "_" * num
    return "(" + convert(num, depth + 1) + ")"

def convert(num, depth=0):
    result = ""
    while num:
        base = shift = 0
        diff = num
        span = int(ceil(log(abs(num), 1.5))) + (16 >> depth)
        for test_base in xrange(span):
            for test_shift in xrange(span):
                test_diff = abs(num) - (test_base << test_shift)
                if abs(test_diff) < abs(diff):
                    diff = test_diff
                    base = test_base
                    shift = test_shift
        if result:
            result += " + " if num > 0 else " - "
        elif num < 0:
            base = -base
        if shift == 0:
            result += encode(base, depth)
        else:
            result += "(%s << %s)" % (encode(base, depth),
                                      encode(shift, depth))
        num = diff if num > 0 else -diff
    return result

Now, when we call convert(802616035175250124568770929992), we get a nice decomposition:


>>> convert(802616035175250124568770929992)
(((_____ << ____) + _) << ((___ << _____) - ___)) + (((((___ << __) - _) << ___) + _) << ((_____ << ____) + (_ << _))) + (((_______ << __) - _) << (((((_ << ___) + _)) << ___) + (_ << _))) + (((_______ << ___) + _) << ((_ << ______) + _)) + (((_______ << ____) - _) << ((_______ << ___))) + (((_ << ____) - _) << ((((___ << __) + _) << __) - _)) - (_______ << ((((___ << __) - _) << __) + _)) + (_______ << (((((_ << ___) + _)) << __))) - ((((((_ << ___) + _)) << __) + _) << ((((___ << __) + _) << _))) + (((_______ << __) - _) << (((((_ << ___) + _)) << _))) + (((___ << ___) + _) << ((_____ << _))) + (_____ << ______) + (_ << ___)

Stick this in as a replacement for 802616035175250124568770929992, and put all the parts together:



(lambda _, __, ___, ____, _____, ______, _______, ________:
    getattr(
        __import__(True.__class__.__name__[_] + [].__class__.__name__[__]),
        ().__class__.__eq__.__class__.__name__[:__] +
        ().__iter__().__class__.__name__[_____:________]
    )(
        _, (lambda _, __, ___: _(_, __, ___))(
            lambda _, __, ___:
                chr(___ % __) + _(_, __, ___ // __) if ___ else
                (lambda: _).func_code.co_lnotab,
            _ << ________,
            (((_____ << ____) + _) << ((___ << _____) - ___)) + (((((___ << __)
            - _) << ___) + _) << ((_____ << ____) + (_ << _))) + (((_______ <<
            __) - _) << (((((_ << ___) + _)) << ___) + (_ << _))) + (((_______
            << ___) + _) << ((_ << ______) + _)) + (((_______ << ____) - _) <<
            ((_______ << ___))) + (((_ << ____) - _) << ((((___ << __) + _) <<
            __) - _)) - (_______ << ((((___ << __) - _) << __) + _)) + (_______
            << (((((_ << ___) + _)) << __))) - ((((((_ << ___) + _)) << __) +
            _) << ((((___ << __) + _) << _))) + (((_______ << __) - _) <<
            (((((_ << ___) + _)) << _))) + (((___ << ___) + _) << ((_____ <<
            _))) + (_____ << ______) + (_ << ___)
        )
    )
)(
    *(lambda _, __, ___: _(_, __, ___))(
        (lambda _, __, ___:
            [__(___[(lambda: _).func_code.co_nlocals])] +
            _(_, __, ___[(lambda _: _).func_code.co_nlocals:]) if ___ else []
        ),
        lambda _: _.func_code.co_argcount,
        (
            lambda _: _,
            lambda _, __: _,
            lambda _, __, ___: _,
            lambda _, __, ___, ____: _,
            lambda _, __, ___, ____, _____: _,
            lambda _, __, ___, ____, _____, ______: _,
            lambda _, __, ___, ____, _____, ______, _______: _,
            lambda _, __, ___, ____, _____, ______, _______, ________: _
        )
    )
)

And there you have it.
Addendum: Python 3 support

Since writing this post, several people have asked about Python 3 support. I didn’t think of it at the time, but as Python 3 continues to gain traction (and thank you for that!), this post is clearly long overdue for an update.

Fortunately, Python 3 (as of writing, 3.6) doesn’t require us to change much:

The func_code function object attribute has been renamed to __code__. Easy fix with a find-and-replace.
The tupleiterator type name has been changed to tuple_iterator. Since we use this to extract the substring "ite", we can get around this by changing our indexing in ().__iter__().__class__.__name__ from [_____:________] to [_:][_____:________].
os.write() requires bytes now instead of a str, so chr(...) needs to be changed to bytes([...]).

Here is the full Python 3 version:


(lambda _, __, ___, ____, _____, ______, _______, ________:
    getattr(
        __import__(True.__class__.__name__[_] + [].__class__.__name__[__]),
        ().__class__.__eq__.__class__.__name__[:__] +
        ().__iter__().__class__.__name__[_:][_____:________]
    )(
        _, (lambda _, __, ___: _(_, __, ___))(
            lambda _, __, ___:
                bytes([___ % __]) + _(_, __, ___ // __) if ___ else
                (lambda: _).__code__.co_lnotab,
            _ << ________,
            (((_____ << ____) + _) << ((___ << _____) - ___)) + (((((___ << __)
            - _) << ___) + _) << ((_____ << ____) + (_ << _))) + (((_______ <<
            __) - _) << (((((_ << ___) + _)) << ___) + (_ << _))) + (((_______
            << ___) + _) << ((_ << ______) + _)) + (((_______ << ____) - _) <<
            ((_______ << ___))) + (((_ << ____) - _) << ((((___ << __) + _) <<
            __) - _)) - (_______ << ((((___ << __) - _) << __) + _)) + (_______
            << (((((_ << ___) + _)) << __))) - ((((((_ << ___) + _)) << __) +
            _) << ((((___ << __) + _) << _))) + (((_______ << __) - _) <<
            (((((_ << ___) + _)) << _))) + (((___ << ___) + _) << ((_____ <<
            _))) + (_____ << ______) + (_ << ___)
        )
    )
)(
    *(lambda _, __, ___: _(_, __, ___))(
        (lambda _, __, ___:
            [__(___[(lambda: _).__code__.co_nlocals])] +
            _(_, __, ___[(lambda _: _).__code__.co_nlocals:]) if ___ else []
        ),
        lambda _: _.__code__.co_argcount,
        (
            lambda _: _,
            lambda _, __: _,
            lambda _, __, ___: _,
            lambda _, __, ___, ____: _,
            lambda _, __, ___, ____, _____: _,
            lambda _, __, ___, ____, _____, ______: _,
            lambda _, __, ___, ____, _____, ______, _______: _,
            lambda _, __, ___, ____, _____, ______, _______, ________: _
        )
    )
)

Thank you for reading! I continue to be amazed by this post’s popularity.

Secure Nginx with Let's Encrypt on Ubuntu

Teddy Zugana — Wed, 04 Dec 2024 08:01:18 +0000

Step 1 — Installing Certbot

The first step to using Let’s Encrypt to obtain an SSL certificate is to install the Certbot software on your server.

Install Certbot and it’s Nginx plugin with apt:

 sudo apt install certbot python3-certbot-nginx

Certbot is now ready to use, but in order for it to automatically configure SSL for Nginx, we need to verify some of Nginx’s configuration.
Step 2 — Confirming Nginx’s Configuration

Certbot needs to be able to find the correct server block in your Nginx configuration for it to be able to automatically configure SSL. Specifically, it does this by looking for a server_name directive that matches the domain you request a certificate for.

If you followed the server block set up step in the Nginx installation tutorial, you should have a server block for your domain at /etc/nginx/sites-available/example.com with the server_name directive already set appropriately.

To check, open the configuration file for your domain using nano or your favorite text editor:

   sudo nano /etc/nginx/sites-available/example.com

Find the existing server_name line. It should look like this:
/etc/nginx/sites-available/example.com

...
server_name example.com www.example.com;
...

If it does, exit your editor and move on to the next step.

If it doesn’t, update it to match. Then save the file, quit your editor, and verify the syntax of your configuration edits:

 sudo nginx -t

If you get an error, reopen the server block file and check for any typos or missing characters. Once your configuration file’s syntax is correct, reload Nginx to load the new configuration:

  sudo systemctl reload nginx

Certbot can now find the correct server block and update it automatically.

Next, let’s update the firewall to allow HTTPS traffic.
Step 3 — Allowing HTTPS Through the Firewall

If you have the ufw firewall enabled, as recommended by the prerequisite guides, you’ll need to adjust the settings to allow for HTTPS traffic. Luckily, Nginx registers a few profiles with ufw upon installation.

You can see the current setting by typing:

  sudo ufw status

It will probably look like this, meaning that only HTTP traffic is allowed to the web server:

Output
Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere                  
Nginx HTTP                 ALLOW       Anywhere                  
OpenSSH (v6)               ALLOW       Anywhere (v6)             
Nginx HTTP (v6)            ALLOW       Anywhere (v6)

To additionally let in HTTPS traffic, allow the Nginx Full profile and delete the redundant Nginx HTTP profile allowance:


    sudo ufw allow 'Nginx Full'
    sudo ufw delete allow 'Nginx HTTP'

Your status should now look like this:

   sudo ufw status

Output
Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere
Nginx Full                 ALLOW       Anywhere
OpenSSH (v6)               ALLOW       Anywhere (v6)
Nginx Full (v6)            ALLOW       Anywhere (v6)

Next, let’s run Certbot and fetch our certificates.
Step 4 — Obtaining an SSL Certificate

Certbot provides a variety of ways to obtain SSL certificates through plugins. The Nginx plugin will take care of reconfiguring Nginx and reloading the config whenever necessary. To use this plugin, type the following:

  sudo certbot --nginx -d example.com -d www.example.com

This runs certbot with the --nginx plugin, using -d to specify the domain names we’d like the certificate to be valid for.

If this is your first time running certbot, you will be prompted to enter an email address and agree to the terms of service. After doing so, certbot will communicate with the Let’s Encrypt server, then run a challenge to verify that you control the domain you’re requesting a certificate for.

If that’s successful, certbot will ask how you’d like to configure your HTTPS settings.

Output
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):

Select your choice then hit ENTER. The configuration will be updated, and Nginx will reload to pick up the new settings. certbot will wrap up with a message telling you the process was successful and where your certificates are stored:

Output
IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/example.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/example.com/privkey.pem
   Your cert will expire on 2020-08-18. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Your certificates are downloaded, installed, and loaded. Try reloading your website using https:// and notice your browser’s security indicator. It should indicate that the site is properly secured, usually with a lock icon. If you test your server using the SSL Labs Server Test, it will get an A grade.

Let’s finish by testing the renewal process.
Step 5 — Verifying Certbot Auto-Renewal

Let’s Encrypt’s certificates are only valid for ninety days. This is to encourage users to automate their certificate renewal process. The certbot package we installed takes care of this for us by adding a systemd timer that will run twice a day and automatically renew any certificate that’s within thirty days of expiration.

You can query the status of the timer with systemctl:

 sudo systemctl status certbot.timer

Output

● certbot.timer - Run certbot twice daily
     Loaded: loaded (/lib/systemd/system/certbot.timer; enabled; vendor preset: enabled)
     Active: active (waiting) since Mon 2020-05-04 20:04:36 UTC; 2 weeks 1 days ago
    Trigger: Thu 2020-05-21 05:22:32 UTC; 9h left
   Triggers: ● certbot.service

To test the renewal process, you can do a dry run with certbot:

sudo certbot renew --dry-run

If you see no errors, you’re all set. When necessary, Certbot will renew your certificates and reload Nginx to pick up the changes. If the automated renewal process ever fails, Let’s Encrypt will send a message to the email you specified, warning you when your certificate is about to expire.

Auto Deploy Laravel with Deployer.yml sample With Github Runner

Teddy Zugana — Wed, 04 Dec 2024 07:45:33 +0000

create a File Deployer.yml sample for github workflow

# This is a basic workflow that is manually triggered

name: Manual workflow

# Controls when the action will run. Workflow runs when manually triggered using the UI
# or API.
on:
  push:
    branches:
      - main
  workflow_dispatch:

# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
  CodeCheckout:
    # The type of runner that the job will run on
    runs-on: self-hosted

    # Steps represent a sequence of tasks that will be executed as part of the job
    steps:
      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
      - uses: actions/checkout@v4

  CodeCheckout2:
    # The type of runner that the job will run on
    runs-on: self-hosted

    # Steps represent a sequence of tasks that will be executed as part of the job
    steps:
      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
      - uses: actions/checkout@v2

  PullProject:
    needs: CodeCheckout
    runs-on: self-hosted
    steps:
      - name: Run project
        run: |
          cd /var/www/html/api_mobile/
          git -c credential.helper='!f() { echo "username=git username"; echo "password= git password(token pass)"; }; f' pull origin main

      # Runs a single command using the runners shell
      - name: Build assets
        run: npm install && npm run build

      - name: Install PHP dependencies
        run: composer install --no-dev --optimize-autoloader

      - name: Clear cache
        run: php artisan clear-compiled

      - name: Recreate cache
        run: php artisan optimize

Download

Create a folder

$ mkdir actions-runner && cd actions-runner

Download the latest runner package

$ curl -o actions-runner-linux-x64-2.320.0.tar.gz -L https://github.com/actions/runner/releases/download/v2.320.0/actions-runner-linux-x64-2.320.0.tar.gz

Optional: Validate the hash

$ echo "93ac1b7ce743ee85b5d386f5c1787385ef07b3d7c728ff66ce0d3813d actions-runner-linux-x64-2.320.0.tar.gz" | shasum -a 256 -c

Extract the installer

$ tar xzf ./actions-runner-linux-x64-2.320.0.tar.gz

Configure

Create the runner and start the configuration experience:

export RUNNER_ALLOW_RUNASROOT="1"

RUNNER_ALLOW_RUNASROOT="1" ./config.sh --url https://github.com/repo --token BLLCPCGOV5JBDIDVTN45333HFM

Last step, run it!:

RUNNER_ALLOW_RUNASROOT="1" ./run.sh &

Managing Docker Containers with Portainer

Teddy Zugana — Wed, 20 Nov 2024 02:36:45 +0000

Portainer is a web-based container management platform that supports Docker, Swarm, Nomad, and Kubernetes. Portainer is available in two versions, Community Edition (CE) and Business Edition (BE).
Tutorial Environment

Environment used in this tutorial:

VPS Ubuntu 20.04
Docker v20.10
Portainer CE v2.13

Install Portainer Server

Before installing Portainer Server, install Docker first.

Create a volume to store the database.

docker volume create portainer_data

Create a container named portainer from the docker volume create portainer_data image.

docker run -d -p 8000:8000 -p 9443:9443 --name portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:latest

Checking whether the Portainer Server container is running.

docker ps

Example of the command results above.


CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
11f1ae8a0d4a portainer/portainer-ce:latest "/portainer" About a minute ago Up About a minute 0.0.0.0:8000->8000/tcp, :::8000->8000/tcp, 0.0.0.0:9443->9443/tcp, :::9443->9443/tcp, 9000/tcp portainer

Initial Setup

Browse Portainer Server at https://ServerIP:9443. Enter Username and Password for administrator.

If Portainer times out when first accessed, restart the Portainer container. Timeouts occur because the wait time runs out, Portainer is not immediately accessed when the container is finished being created.

docker stop portainer
docker start portainer

Portainer dashboard after login.

Nginx force http to https On 443 https Port

Teddy Zugana — Fri, 08 Nov 2024 04:24:55 +0000

sample script nginx :

server 
{

        listen 443 default ssl;
        listen [::]:443 ssl;
        root /var/www/html/api_mobile/public;

        include snippets/ssl-params.conf;

        add_header X-Frame-Options "SAMEORIGIN";
        add_header X-Content-Type-Options "nosniff";
        index index.html index.php index.htm index.nginx-debian.html;

        server_name sitename.com;

        charset utf-8;
        location / {
             if ($scheme ="http") {
                # redirect all non api traffic to https block
                return 301 https://$server_name$request_uri;
             }           

            try_files $uri $uri/ /index.php?$query_string;
        }

        location = /favicon.ico { access_log off; log_not_found off; }
        location = /robots.txt  { access_log off; log_not_found off; }


        error_page 404 /index.php;
        location ~ \.php$ {
            fastcgi_pass unix:/run/php/php8.2-fpm.sock;
            fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
            include fastcgi_params;
        }

    ssl_certificate /etc/letsencrypt/live/sites/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/site/privkey.pem; # managed by Certbot
}

point on scheme condition :

if ($scheme ="http") 
{
                # redirect all non api traffic to https block
                return 301 https://$server_name$request_uri;
}

it core of redirect on one port 443 https force http to https

Java FTPS disabling Certificate Check , FOR FIX FTP SSL certificate expired exception

Teddy Zugana — Tue, 26 Mar 2024 08:00:02 +0000

1)the encryption of the FTPS server will be either TLS explicit encryption or TLS explicit encryption.Use the constructor arg for FTPS accordingly. like

FTPSClient ftpClient = new FTPSClient(false);

2)if your FTPS server security certificate has expired, disable the check from client by

ftpClient.setTrustManager(new X509TrustManager() {
    @Override
    public X509Certificate[] getAcceptedIssuers() {
        return null;
    }

    @Override
    public void checkClientTrusted(X509Certificate[] certs, String authType) {
    }

    @Override
    public void checkServerTrusted(X509Certificate[] certs, String authType) {
    }
});

3)enable file transfer between server and client using this method

ftpClient.enterLocalPassiveMode();

4)use the right port number. Usually for explicit encryption it is 21 and for implicit it is 990

The above four are the common configs required to establish a connection. The end snippet looks something like this


FTPSClient ftpClient = new FTPSClient(false);
        ftpClient.setTrustManager(new X509TrustManager() {
            @Override
            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }

            @Override
            public void checkClientTrusted(X509Certificate[] certs, String authType) {
            }

            @Override
            public void checkServerTrusted(X509Certificate[] certs, String authType) {
            }
        });
        ftpClient.connect("ftps.mydomain.com",21);
        boolean res = ftpClient.login("username", "password");
        if(!res) throw new Exception("unable to connect to ftps");
        int reply=ftpClient.getReplyCode();
        if(FTPReply.isPositiveCompletion(reply)){
            ftpClient.enterLocalPassiveMode();
            FTPFile[] ftpFiles = ftpClient.listFiles("/folder/subfolder");
            System.out.println("complete "+reply+" "+ftpFiles.length);
            for(FTPFile x: ftpFiles){
                System.out.println(x.getName());
            }
            ftpClient.retrieveFile("/folder/subfolder/file.tsv",new FileOutputStream(new File("C:\\Users\\myname\\Desktop\\out.csv")));
        }else{
            throw new RuntimeException("unable to get valid reply from ftp server. Reply code is "+reply);
        }

GIS MAP Leaflet JS with OPENSTREETMAP SAMPLE

Teddy Zugana — Fri, 26 Jan 2024 08:14:06 +0000


<!DOCTYPE html>
<html lang="en">
<head>
    <base target="_top">
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1">

    <title>Quick Start - Leaflet</title>

    <link rel="shortcut icon" type="image/x-icon" href="docs/images/favicon.ico" />

    <link rel="stylesheet" href="https://unpkg.com/leaflet@1.9.4/dist/leaflet.css" integrity="sha256-p4NxAoJBhIIN+hmNHrzRCf9tD/miZyoHS5obTRR9BMY=" crossorigin=""/>
    <script src="https://unpkg.com/leaflet@1.9.4/dist/leaflet.js" integrity="sha256-20nQCchB9co0qIjJZRGuk2/Z9VM+kNiyxNV1lvTlZBo=" crossorigin=""></script>

    <style>
        html, body {
            height: 100%;
            margin: 0;
        }
        .leaflet-container {
            height: 400px;
            width: 600px;
            max-width: 100%;
            max-height: 100%;
        }
    </style>


</head>
<body>



<div id="map" style="width: 600px; height: 400px;"></div>
<script>

    const map = L.map('map').setView([51.505, -0.09], 13);

    const tiles = L.tileLayer('https://tile.openstreetmap.org/{z}/{x}/{y}.png', {
        maxZoom: 19,
        attribution: '&copy; <a href="http://www.openstreetmap.org/copyright">OpenStreetMap</a>'
    }).addTo(map);

    const marker = L.marker([51.5, -0.09]).addTo(map)
        .bindPopup('<b>Hello world!</b><br />I am a popup.').openPopup();

    const circle = L.circle([51.508, -0.11], {
        color: 'red',
        fillColor: '#f03',
        fillOpacity: 0.5,
        radius: 500
    }).addTo(map).bindPopup('I am a circle.');

    const polygon = L.polygon([
        [51.509, -0.08],
        [51.503, -0.06],
        [51.51, -0.047]
    ]).addTo(map).bindPopup('I am a polygon.');


    const popup = L.popup()
        .setLatLng([51.513, -0.09])
        .setContent('I am a standalone popup.')
        .openOn(map);

    function onMapClick(e) {
        popup
            .setLatLng(e.latlng)
            .setContent(`You clicked the map at ${e.latlng.toString()}`)
            .openOn(map);
    }

    map.on('click', onMapClick);

</script>



</body>
</html>

GIS MAP Leaflet JS with API MAPBOX SAMPLE

Teddy Zugana — Fri, 26 Jan 2024 08:05:55 +0000


<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Multiple Marker LeafletJS</title>
    <link rel="stylesheet" href="https://unpkg.com/leaflet@1.6.0/dist/leaflet.css" integrity="sha512-xwE/Az9zrjBIphAcBb3F6JVqxf46+CDLwfLMHloNu6KEQCAWi6HcDUbeOfBIptF7tcCzusKFjFw2yuvEpDL9wQ==" crossorigin="">
    <script src="https://unpkg.com/leaflet@1.6.0/dist/leaflet.js" integrity="sha512-gZwIG9x3wUXg2hdXF6+rVkLF/0Vi9U8D2Ntg4Ga5I5BZpVkVxlJWbSQtXPSiUTtC0TjtGOmxa1AJPuV0CPthew==" crossorigin=""></script>
    <style>
        html, body {
            height: 100%;
            margin: 0;
        }

        #map {
            width: 600px;
            height: 400px;
        }

        body {
            padding: 0; margin: 0;
        }

        #map {
            height: 100%; width: 100vw;
        }
    </style>
</head>
<body>
    <div id="map"></div>
    <script type="text/javascript">
        var mymap = L.map('map', { zoomControl: false }).setView([-6.869544, 109.3948958], 13);

        L.tileLayer('https://api.mapbox.com/styles/v1/{id}/tiles/{z}/{x}/{y}?access_token=sk.eyJ1Ijoia2V2aW5tZWwyMDAwIiwiYSI6ImNscnVjamoyZzA5M20ybXBxODg5ZzB4NnUifQ.YaAZJsy4wgx7bYpnvQFFaw', {
            maxZoom: 18,
            attribution: 'Map data © OpenStreetMap contributors.',
            id: 'mapbox/streets-v11',
            tileSize: 512,
            zoomOffset: -1
        }).addTo(mymap);

        L.marker([-6.859829, 109.378317]).bindPopup('Pantai Widuri').addTo(mymap);
        L.marker([-6.869374, 109.394864]).bindPopup('Nilla Collection').addTo(mymap);
        L.marker([-6.890105, 109.380705]).bindPopup('Alun-Alun Pemalang').addTo(mymap);
        L.marker([-6.888103, 109.386499]).bindPopup('Hotel Kencana Pemalang').addTo(mymap);
    </script>
</body>
</html>