Tuesday, September 20, 2016

Remove iptables rule

I recently had to fool around with IP tables in one of our web instances, and I found this SO link useful. So here it is for everyone (read: myself).

 This happened because Ubuntu had updated some packages and there was a message telling me to restart the instance when I logged in last week. So I foolishly did. As a result, PostgreSQL was broken (/var/run/something was deleted and it took my colleague a good 30 minutes to find that out). And suddenly our Tomcat application wasn't working.

  1. https://my.application.com was timing out.
  2. so was http://my.application.com
  3. But the our direct IP was working. 
  4. BUT the direct IP wasn't!
  5. Nginx logs were not logging anything at all.
  6. Checking Amazon AWS, I confirmed that both 80 and 8080 were "allowed".

So there's got to be something between AWS and nginx that was blocking port 80, and allowing port 8080. Which was something no human would do.

So I did something I've never had to do before: check iptables. And sure enough I found the below:

So here's the steps I took to wipe out all those rules.
iptables -L INPUT --line-numbers
iptables -D INPUT 5
iptables-save > /etc/iptables/rules.v4

The 2nd line was done a couple of times to remove all the iptables lines.
The last line was so that each time the instance was restarted, the rules would be the same. The rules might be stored in a different file. Check your local distro for details.

Wednesday, September 23, 2015

Resistance Avalon role "assigner"

First select number of players:

  • Merlin
  • Percival
  • Mordred
  • Oberon
  • Morgana (requires Percival)

Number of players

Next shuffle the deck

Then reveal the secret role to 1 player at a time.

Percival - good
Percival's special power is knowledge of Merlin at the start of the game. Using Percival's knowledge wisely is key to protecting Merlin's identity. Adding Percival into the game will make the Good side more powerful.

Mordred - Evil
Mordred's special power is that identity is not revealed to Merlin at the start of the game. Adding Mordred will make the Evil side more powerful.

Oberon - Evil
Oberon's power is that he does not reveal himself to other evil players, and he doesn't know of the other evil players. Merlin does know who Oberon is. Adding Oberon will make the Good side more powerful.

Morgana - Evil
Morgana's special power is she appears to be Merlin. She reveals herself to Percival as Merlin (Percival must be in play). Adding Morgana will make the Evil side more powerful.

Friday, September 11, 2015

The Resistance Reference card

The Resistance board game voting application

The Resistance board game can be played without buying the actual game itself. You just need some cards, and you specify which cards are the resistance and which are the traitors. I wrote a little Javascript here to keep a secret count of the votes. Everyone just goes around voting. And after everyone votes, you just click Show Results, and you see if the mission passes or fails.
Number of votes =

Tuesday, July 28, 2015

Maven Resources Filtering

I can never remember what its called. So I better make a blog post of it:


Basically allows us to copy strings from the POM, to any text based resources (e.g. XML, .properties files).

Thursday, July 16, 2015

Configuring Glassfish with Virtual servers behind nginx

I recently had to configure a virtual server on Glassfish behind nginx. I had to configure the virtual server to serve up a default application. Furthermore, I had to configure nginx to only accept HTTPS (SSL) requests to this virtual server.

I recorded quite a bit what I did. So I added in some fancy Powerpoint slides and uploaded the result to Youtube here.

The summary of steps I list here:

1. Install Glassfish and Nginx

(self explanatory)

2. Create a virtual server

To do this we do the following:

  1. Create a thread pool
  2. Create HTTP protocol (ignore the default virtual server setting for now)
  3. Create listener (ignore the default virtual server setting for now)
  4. Create virtual server
  5. Edit the listener (step #3) and protocol (step #2)

3. Create a self signed certificate

For development purposes, we create a self signed certificate. Of course for an actual production site, you'd need to buy it from a provider.

sudo openssl req -x509 -nodes -days 36500 -newkey rsa:2048 -keyout /Users/gerard/my_domain.key -out /Users/gerard/my_domain.crt

The above command will prompt for a common name. We then type the domain name that the certificate will be tied to.

4. Configure nginx

We tell Nginx to listen on the standard SSL port and to use the certificate for those connections.

server {
    listen       443 ssl;
        server_name  cas.gerardsetho.net;
        access_log  var/log/nginx/cas.access.log;

    ssl_certificate      /Users/gerard/my_domain.crt;
    ssl_certificate_key  /Users/gerard/my_domain.key;

    location / {
        proxy_pass http://localhost:28090;