05 Feb

Add SSL (https) to a CPanel Site

After Installing the SSL certificate, (CPanels and LetsEncrypt provides free SSL Certificate), the next step is redirecting the http:// traffic to https://

Using the redirect facility will result in redirect loop, as such add the following code at the end of .htaccess file on the root of the domain

RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]

H/T to http://www.webhostinghub.com/help/learn/website/ssl/force-website-to-use-ssl

03 Oct

SSL/TLS Certificates on Flask Application with Let’s Encrypt and NGINX

Let’s Encrypt is a new certificate authority (CA) offering free and automated SSL/TLS certificates. Certificates issued by Let’s Encrypt are trusted by most browsers in production today, including Internet Explorer on Windows Vista. Simply download and run the Let’s Encrypt client to generate a certificate.

(there are a few more steps than that, of course, though not many)
Step 1: Download LetsEncrypt

Install git if you haven’t done so yet:

# apt-get install git

Use git to get the application and store it somewhere (ie: /opt)

$ sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt

Step 2: Webroot Plugin

The Webroot plugin works by placing a special file in the /.well-known directory within your document root, which can be opened (through your web server) by the Let’s Encrypt service for validation.
Depending on your configuration, you may need to explicitly allow access to the /.well-known directory.

location /.well-known {
alias /home/user/webapps/appname/.well-known;
}

Restart NGNIX

# sudo service nginx status

 

Step 3: Generate your certificate and Strong Diffie-Hellman Group

The first time you run the command below, you will be asked to provide an e-mail address to be associated to the domain or subdomain, in case you should ever need to recover the key or something.
The next time you run the same command (to renew the certificate) it won’t be asked.

So run the following command to generate the certificate:

$ sudo /opt/letsencrypt/letsencrypt-auto certonly -a webroot –agree-tos –renew-by-default \

–webroot-path=/home/user/webapps/appname \

-d website.com [-d sub.website.com] \

–e-mail=email@website.com

Then Generate Strong Diffie-Hellman Group
This may take a few minutes but when it’s done you will have a strong DH group at /etc/ssl/certs/dhparam.pem.
$ sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

Step 4: Configuring Nginx

After running the command that generates the certificates, you should have several files in /etc/letsencrypt/live/website.com/ (replace website.com by your own domain).
We are going to need just two of them for Nginx: fullchain.pem and privkey.pem.
Comment out or delete the lines that configure this server block to listen on port 80.
The beginning of your server block should look like this:

server {

server_name website.com www.website.com;

listen 443 ssl;

ssl_certificate /etc/letsencrypt/live/website.com/fullchain.pem;

ssl_certificate_key /etc/letsencrypt/live/website.com/privkey.pem;

# For Safari and iOS devices

ssl_session_cache shared:SSL:20m;

 

#Diffie-Hellman Group

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

ssl_prefer_server_ciphers on;

ssl_dhparam /etc/ssl/certs/dhparam.pem;

ssl_ciphers ‘ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA’;

ssl_session_timeout 1d;

ssl_stapling on;

ssl_stapling_verify on;

add_header Strict-Transport-Security max-age=15768000;

Lastly, outside of the original server block (that is listening on HTTPS, port 443), add this server block to redirect HTTP (port 80) to HTTPS.

server {
listen 80;
server_name website.com www.website.com;
return 301 https://$host$request_uri;
}

Put the changes into effect by restarting Nginx:

$ sudo service nginx restart

The Let’s Encrypt TLS/SSL certificate is now in place.

At this point, you should test that the TLS/SSL certificate works by visiting your domain via HTTPS in a web browser.
You can use the Qualys SSL Labs Report to see how your server configuration scores:

https://www.ssllabs.com/ssltest/analyze.html?d=website.com

Step 5: Automate the Certificate Renewal

Edit the crontab to create a new job that will run the renewal command every week.

$ sudo crontab –e

30 2 * * 1 /opt/letsencrypt/letsencrypt-auto renew >> /var/log/le-renew.log

35 2 * * 1 /etc/init.d/nginx reload

25 Feb

Migrating from Python 2.7 to Python 3.4

Last year, we made a decision to migrate to python 3.4 in 2016. This was not an easy decision as all our code base in developed using python 2.7 and it has served us very well.

Yesterday, We took the big step. This has already been delayed and was overdue.

First the Python 3.4 has to be installed, using the same process as in previous blog. However, replacing 2.7 with 3.4

the virtualenv has to be recreated for python 3.4.

pyvenv <virtual env>

thunder lock: disabled (you can enable it with --thunder-lock)
 uwsgi socket 0 bound to UNIX address xhod.sock fd 3
 Python version: 2.7.10 (default, Sep 21 2015, 12:21:01) [GCC 4.4.7 20120313 (Red Hat 4.4.7-16)]
 Set PythonHome to /home/uobis/webapps/xhod/venv
 ImportError: No module named site

I had to recompile uwsgi for python 3.4

/usr/local/bin/pip2.7 uninstall uWSGI

/usr/local/bin/pip3.4 install uWSGI

*** Starting uWSGI 2.0.12 (64bit) on [Thu Feb 25 22:31:10 2016] ***
compiled with version: 4.4.7 20120313 (Red Hat 4.4.7-16) on 25 February 2016 22:30:37
os: Linux-2.6.32-042stab108.8 #1 SMP Wed Jul 22 17:23:23 MSK 2015

 

30 May

Install Python on Linux (Centos)

Most installed python on Linux systems are outdated. While python 2.6 is quite good for a project, most are advised to use python 2.7 or 3.4, so the need to upgrade it.

However, for Centos 6, you are strongly advised to avoid upgrading or reinstalling the stock version as some important system programs (notable yum), uses it.
Removing the default version will break the dependent system programs, instead you should install your targeted version and make sure your files are linked to it.

Install Python 2.7

Run the following command to update the system applications:
$ sudo yum -y update

In order to get the necessary development tools, run the following:
$ sudo yum groupinstall -y development

# sudo yum install -y zlib-dev openssl-devel sqlite-devel bzip2-devel

Download, compile and install Python:

$ cd /opt
$ sudo wget --no-check-certificate https://www.python.org/ftp/python/2.7.X/Python-2.7.X.tar.xz
$ sudo tar xf Python-2.7.X.tar.xz
$ sudo cd Python-2.7.X
$ sudo ./configure --prefix=/usr/local
$ sudo make && make altinstall

List all python programs

$ ls -ltr /usr/bin/python*
$ ls -ltr /usr/local/bin/python*

Link Python 2.7 to the default python on local environment

$ ln -s /usr/local/bin/python2.7 /usr/local/bin/python

Install easy tools and pip

$ wget https://bitbucket.org/pypa/setuptools/raw/bootstrap/ez_setup.py
$ sudo /usr/local/bin/python2.7 ez_setup.py
$ sudo /usr/local/bin/easy_install-2.7 pip

Install virtualenv
$ pip2.7 install virtualenv

 

02 Oct

python+virtualenv on Cygwin

I have been trying to make my default environment for development to be

  1. Install Python.
  2. Download and unzip pip.
  3. Install by going into the expanded directory and running python setup.py in a command prompt.
  4. Set the %PYTHONHOME% system variable to the python base directory, (i.e. C:\Python27\) and adding the python base directory and script directory (i.e. C:\Python27\Scripts) to your %PATH% system variable.
  5. Install Cygwin WITHOUT Python. The previous step tells Cygwin to use the Windows binary.
  6. Install Cygwin-Virtualenvwrapper using pip install https://bitbucket.org/cliffxuan/virtualenvwrapper-for-cygwin-windows-python/get/tip.tar.gz
  7. Install virtualenvwrapper-win using pip install virtualenvwrapper-win
  8. Make a symlink between Cygwin’s virtualenvhome directory and Windows’s using ln -s /cygdrive/c/Users/<USER>/Envs/ ~/.virtualenvs
  9. Add the following to Cygwin’s .bashrc file:
      export VIRTUALENVWRAPPER_PYTHON=”/cygdrive/c/Python27/python.exe”
      export VIRTUALENVWRAPPER_VIRTUALENV=”/cygdrive/c/Python27/Scripts/virtualenv.exe”
      source virtualenvwrapper.sh
  10. Go to C:\User\<username>\Env (or other %VIRTUALENV_HOME% location) and use virtualenv to start a new environment. Doing this allows virtualenvwrapper-win‘s workon command to work.
30 Nov

Deploying Flask on lighttpd

Deploying Flask seems a lonely taks, becuase of dearth of articles or blogs that explain in. This is even worse when deploying on a shared server.
Most people seems to treat a python deployment as a django deployment. Since, there are cheap and available Flask hsting site, i went with Django host, but confirmed that we can host any other framework.

The good thing is that, there too many similarities, and most packages are already installed on the host.

1. Open putty and log into the hosts server (s17.wservices.ch)
2. Check that the following following packages are installed

python and python-devel: the Python interpreter and its development package
lighttpd: The Lighty web server and its development package
install postgresql postgresql-contrib: The PostgreSQL database server and its development package
git: source code version control system (we will use it to download and update the application)
gcc: the C/C++ compiler (needed to compile Python extensions)
sudo: a tool that helps users run commands as other users.

If not, install them.

sudo apt-get python python-devel lighttpd httpd-devel mysql-server mysql-devel git gcc

3. Configure passwordless login (if needed)
4. Create a directory for the application, and install the application from BitBucket
mkdir app
cd app
git clone git://bitbucket.org/peppe/peppe-ng.git

5. Check User permissions
chmod -R 777 *

6. Setup the database
Go to https://panel.djangoeurope.com/databases/
Login with a username and password, and then create a database and dump the content of the dev db
pg_dump peppedb > ppdbdump.sql

Transfer the file to live host
sftp outfile.sql peppe@s17.wservices.ch

Load the Db on the live host
psql peppedb < ppdbdump.sql

7. Setup the webserver
Paste at the end of this file ~/lighttpd/lighttpd.conf

#Peppe.com
$HTTP[“host”] =~ “(^|.)peppe.com.ng$” {
fastcgi.server = (
“/flask.fcgi” => (
“main” => (
“socket” => env.HOME + “/mysite_project/mysite.sock”,
“check-local” => “disable”,
)
),
)
alias.url = (
“/media” => env.HOME + “/mysite_project/media”,
)

url.rewrite-once = (
“^(/media.*)$” => “$1”,
“^/favicon.ico$” => “/media/favicon.ico”,
“^(/.*)$” => “/flask.fcgi$1”,
)
}

Replace mydomain.com with the name of your domain. Be sure to escape all dots of your website’s name (put a backslash before it: .). Replace your_django_project/media with the path of you media directory (relative to your home directory). Replace mysite_project/mysite.sock with the path to your fastcgi socket file

Now you can launch your lighttpd:

~/init/lighttpd start

Whenever you make changes to the configuration, you can reload the configuration or restart lighttpd:

~/init/lighttpd reload

~/init/lighttpd restart

9. Configure the db and start
10. Install application updates

02 May

django and virtualenv on Aptana Studio

Create a folder for storing Virtualenv environments

C:Usersamachefe>mkdir env
C:Usersamachefe>cd env

Create a virtual environment VCMS by running the virtualenv command.
C:>powershell
Windows PowerShell
Copyright (C) 2012 Microsoft Corporation. All rights reserved.
PS C:>
PS C:Usersamachefeenv>virtualenv vcms
New python executable in vcmsScriptspython.exe
Installing setuptools…………….done.
Installing pip……………….done.

In Microsoft Windows, before activating the virtual environment, ensure that the new environment is used by setting the Powershell execution policy
PS C:> Set-ExecutionPolicy RemoteSigned
PS C:> exit

Activate the virtualenv environment just created

PS C:Usersamachefeenv>vcmsScriptsactivate
(vcms) C:Usersamachefeenv>
(vcms) C:Usersamachefeenv>pip list

(vcms) C:Usersamachefeenv>pip show
ERROR: Please provide a package name or names.
(vcms) C:Usersamachefeenv>pip install django
Downloading/unpacking django
  Downloading Django-1.5.1.tar.gz (8.0MB): 8.0MB downloaded
   Running setup.py egg_info for package django

    warning: no previously-included files matching ‘__pycache__’ found under directory ‘*’
    warning: no previously-included files matching ‘*.py[co]’ found under directory ‘*’
Installing collected packages: django
  Running setup.py install for django

    warning: no previously-included files matching ‘__pycache__’ found under directory ‘*’
    warning: no previously-included files matching ‘*.py[co]’ found under directory ‘*’
Successfully installed django
Cleaning up…
Storing complete log in C:Usersamachefepippip.log


(vcms) C:Usersamachefeenv>

(vcms) C:Usersamachefeenv>pip list
Django (1.5.1)
(vcms) C:Usersamachefeenv>

Deactivate after installing

(vcms) C:Usersamachefeenv>deactivate
C:Usersamachefeenv>

Setting up Aptana Studio

One of the best (and free) IDEs for is Aptana Studio. Aptana Studio is a complete environment that includes extensive capabilities to build Ruby and Rails, PHP, and Python applications, along with complete HTML, CSS and JavaScript editing. Aptana is based on Eclipse, and has one of the best python plugin, PyDev.
It has gives you two options for download. You can either install Aptana on top of your pre-existing Eclipse installation (Eclipse Plug-in Version), or install a standalone version of Eclipse with Aptana pre-configured. I prefer the stand alone version

To create a new Django project in Aptana, go to File->New -> Other. Select the PyDev folder, and finally, the PyDev Django Project option, and click next. Give the project a name.

Under the Interpreter, click to configure a new interpreter.

Hit New… Add Name for the interpreter, and specify a path to your newly made virtualenv. Click Ok

manually select the C:Python27Lib folder. Click OK

Click OK, to close the Python interpreter selector and return to the New Project box.

Select the Interpreter you just created in the last step, and Click Next. Complete the Requirement to create a project.
To test the project, Click the Aptana Studio RUN bottom

Aptana Studio Run button

Check if the project was successful from the browser

NB: You can also add a new Python Interpreter from Preferences > PyDev > Interpreter – Python settings.

10 Apr

Installing Django Framework using pip

The recommended way to install Django is with pip. pip is a tool for installing and managing Python packages.
Before installing Django, you need to install pip!

1. Install python
First things first – get Python! You can get the Python 2.7.3 (the current Python 2.x version as of this writing) 32-bit installer from http://python.org/download/.
C:>python
Python 2.7.3 (default, Apr 10 2012, 23:24:47) [MSC v.1500 64 bit (AMD64)] on win32
Type “help”, “copyright”, “credits” or “license” for more information.
>>>
Type quit() to close the python interpreter
>>>
>>> quit()

NB: Before punning the command, remember to add the python on the windows environment PATH

2. Install Distribute. Distribute is a pre-requisite for pip
Download the distribute_setup.py file to you computer. Click on the file to install Distribute, or run from the command prompt.
C:>python distribute_setup.py
Extracting in c:usersamache~1appdatalocaltemptmpbjtb6b
Now working in c:usersamache~1appdatalocaltemptmpbjtb6bdistribute-0.6.36
Installing Distribute
Before install bootstrap.
Scanning installed packages
Setuptools installation detected at c:python27libsite-packages
Non-egg installation
Moving elements out of the way…
Already patched.
..
Installed c:python27libsite-packagesdistribute-0.6.36-py2.7.egg
Processing dependencies for distribute==0.6.36
Finished processing dependencies for distribute==0.6.36
After install bootstrap.
C:Python27Libsite-packagessetuptools-0.6c11-py2.7.egg-info already exists

3. Install pip
Now, Download the pip install script from GitHub.
Install by clicking the script or running from python command prompt

C:>python get-pip.py
Downloading/unpacking pip
  Downloading pip-1.3.1.tar.gz (247Kb): 247Kb downloaded
  Running setup.py egg_info for package pip

    warning: no files found matching ‘*.html’ under directory ‘docs’
    warning: no previously-included files matching ‘*.txt’ found under directory
 ‘docs_build’
    no previously-included directories found matching ‘docs_build_sources’
Installing collected packages: pip
  Running setup.py install for pip

    warning: no files found matching ‘*.html’ under directory ‘docs’
    warning: no previously-included files matching ‘*.txt’ found under directory
 ‘docs_build’
    no previously-included directories found matching ‘docs_build_sources’
    Installing pip-script.py script to C:Python27Scripts
    Installing pip.exe script to C:Python27Scripts
    Installing pip-2.7-script.py script to C:Python27Scripts
    Installing pip-2.7.exe script to C:Python27Scripts
Successfully installed pip
Cleaning up…

Test the installation
C:>pip

Usage:
  pip <command> [options]

4. Install virtualenv (Not Compulsory, but very advised)
C:>pip install virtualenv
Install virtualenvwrapper  (for microsoft Windows)
C:>pip install virtualenvwrapper-win

And you are good to go!!

Thanks to tyler butler for his informative procedure