Topics

error

Varnish with secure AWS S3 bucket as backend

Serving static contents from S3 is common, but using Varnish in front is a bit tricky. Especially if you want to keep the bucket secure and only serve from Varnish, here is a simple Varnish file to solve this problem.

First secure your bucket via IP policy:

{
  "Version": "2012-10-17",
  "Id": "S3PolicyId1",
  "Statement": [
    {
      "Sid": "IPAllow",
      "Effect": "Allow",
      "Principal": "*",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::example.bucket/*",
      "Condition": {
        "IpAddress": {
          "aws:SourceIp": [
            "5.6.7.8/32"  //varnish ip
          ]
        }
      }
    },
    {
      "Sid": "Explicit deny to ensure requests are allowed only from specific referer.",
      "Effect": "Deny",
      "Principal": "*",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::example.bucket/*",
      "Condition": {
        "StringNotLike": {
          "aws:Referer": [
            "https://example.com/*"
          ]
        }
      }
    }
  ]
}

Setup postgreSQL RDS using Ansible

Setting up PostgreSQL on RDS using ansible is a bit tricky because the main user on RDS is not a SUPERUSER and roles membership is not automatically granted for ex: “ERROR: must be member of role ..” is quite common. Here is a working solution:

Custom validation messages for sails js

//in api/models/User.js
function validationError(invalidAttributes, status, message) {
  var WLValidationError = require('../../node_modules/sails/node_modules/waterline/lib/waterline/error/WLValidationError.js');
  return new WLValidationError({
      invalidAttributes: invalidAttributes,
      status: status,
      message: message
    }
  );
}
var User = {
  attributes: {
    //...
  },
  ownValidate:: function (values, update, cb) {
    //example of not allowed param on update
    //if it is an update then do not allow email param
    if (update && values.email) {
      return cb(validationError({
        email: [
          {
            message: 'Email is not allowed for updates.'
          }
        ]
      }, 400 /*status*/));
    }
    sails.models['user'].findOne(values.email).exec(function (err, user) {
      if (err) return cb(err);
      if (user) {
        return cb(validationError({
          email: [
            {
              value: values.email,
              rule: 'E_UNIQUE'
              /* unique validation message is left for the default one here */
            }
          ]
        }, 409));
      }
    });
  },
  beforeCreate: function (values, cb) {
    return sails.models['user'].ownValidate(values, false, cb);
  },
  beforeUpdate: function (values, cb) {
    return sails.models['user'].ownValidate(values, true, cb);
  }
}

For blueprint custom messages validation

Nginx Error Log Reader

Nginx Error Log Reader is a php reader/parser/analyzer for Nginx error log file. the script is able to read error logs recursively then display them in a user friendly table. Script configuration includes the number of bytes to read per page and allow pagination through the error log . Additionally, table columns are sortable and full description of every error is displayed using MonnaTip.

For banning Ips, please refer to this post Using iptables to block ips that spam or attack your server