Vagrant is a tool for easily creating shareable development environments for your team. It consists of a configuration file with instructions for creating a virtual machine. This virtual machine should contain everything a developer might need to work in a specific project. This configuration file is then committed to the repo and shared with the team. All developers work inside this machine, preventing problems or inconsistencies setting up their development environment.

Now-a-days the same thing can be achieved using Docker(and it is my preferred way of doing it), but the company where I work has some projects using Vagrant, so I decided to learn about it.

Installation

The installation is pretty straight forward. Just head to Vagrant’s downloads page, get the binary for your OS and install it.

I have a digital ocean machine that runs a lonely server on it. This server is just a hobby project so I can afford it to go down every now and then. Nevertheless I want to minimize the time it goes down and be able to identify the cause when it happens.

My initial effort in this direction will be to setup some monitoring on the machine that runs my server. More specifically, I want to see the memory, network, disk, and CPU utilization of the machine graphed over time. This doesn’t solve all my problems but is a first step into getting more insight into what is happening in my server’s environment.

I recently had a friend who lost an external hard drive where she stored private information. This hard drive can now be read by anyone who finds it because there was no protection on it. To prevent that from happening to me I decided I will start encrypting my external drives (My computer drives are already encrypted by the OS).

The first thing you should do is temporarily backup your data in another drive. In order to encrypt the external drive we will need to remove all the data first.

This post was written in 2016. I wrote an updated version on 2018. Android development with Docker 2018

I’ve been using Docker for developing servers and other web applications for a few months and I find it very comfortable. When I want to work on one of my projects I just need to clone the git repository and run a Docker command and everything is ready to start developing. The environment and all dependencies are installed inside the Docker container automatically and the developer doesn’t need to worry about a thing.

Today I decided to try to expand this concept to one of my Android projects. With Android development there are a few challenges to overcome. We need to get the correct development tools to build the project as well as a way to easily install the build into a device for testing. A few people have already done a lot of work on this subject so I’m going to use as much of their work as I can.

I’m migrating a few web apps from a shared web server to a Digital Ocean droplet. Since I’m going to be hosting more than one application in the same machine I need a proxy that will direct traffic to the correct application based on the domain name.

I decided to use HAProxy because I have never used it and because in the future I can extend it to also do load balancing if necessary.

Since I’m moving a domain that I already own from one shared server to a Digital Ocean droplet, the process I’m going to follow is going to be something like this:

1. Set up my application in the droplet so it runs in a port different to port 80
2. Set up HAProxy so it runs on port 80 and routes all traffic coming from the correct domain name to my application
3. Change DNS configuration so traffic from my application domain is now sent to the droplet

I’ve been doing a few algorithm exercises that deal with binary numbers lately. Since my language of choice for algorithm problems is JavaScript and I had in the past read a little about how JavaScript numbers work, I was really confused to find out that binary operations actually work, since JavaScript numbers are represented with an exponent-fraction notation.

A quick search gave me the answer to this question. When you do binary operations against a number this will be converted to an integer in two’s complement. Another interesting thing is that even though JavaScript numbers are built using 64 bits, they will be converted to 32 bits when doing binary operations. Lets see how these two factors affect our operations.

I have a server that I can SSH to by using a username and password. This works fine, but I need to automate some things and now I have the need to SSH into my server without being prompted for a password. Using SSH keys is a very natural way of doing this so I decided to go ahead.

The first thing to do is generate an SSH key pair. This command should be run on the client (the computer that will SSH into the server):

1
ssh-keygen -t rsa

I named my key server_key_rsa. I also decided to use no passphrase because I don’t want to be prompted for it every time I SSH into my server.

Now, we need to copy this generated key to the server:

1
ssh-copy-id -i /home/myself/.ssh/server_key_rsa user@myhost

From now on I won’t be prompted for a password when I try to log into my server.

I have found SSH tunneling very useful for two main scenarios:

– I want to access something that can’t be accessed from my local computer

– I want someone to access something in my computer

Lets look first at accessing something that can’t be accessed from my local computer. The easiest way to explain is with an example. I’m sitting at my desk with my laptop and I want to connect to my production database to run some queries. For security reasons, I can’t access my production database directly from my desk. As a matter of fact, for security reasons there is only one way you can access my production database, and this is from my application server. I have specifically denied all access to my database from all IP addresses except from the IP address where I’m running an application that uses the database.

So, what do I do when I want to run queries in my database? I SSH into my application server and connect to my database from there. This works, but there are scenarios where it would be easier if I could just connect directly from my laptop (e.g. I want to use a graphical client for connecting to my DB). We can solve this by creating an SSH tunnel.

I was looking for a simple recipe to install Glide into one of my Docker images and I couldn’t find it so I created my own:

1
2
3
4
5
6
7
# Install glide
RUN mkdir /tools
WORKDIR /tools
RUN wget https://github.com/Masterminds/glide/releases/download/0.10.2/glide-0.10.2-linux-386.tar.gz
RUN tar -zxvf glide-0.10.2-linux-386.tar.gz
RUN mv linux-386/ glide/
ENV PATH /tools/glide:$PATH

It is pretty simple. The only part that caught me by surprise was adding a path to the $PATH. The best way to do it is by using the ENV instruction:

1
ENV PATH /tools/glide:$PATH

Now, all containers created from this image will have glide available in their path.

I’m starting a web project and I decided to save some money by hosting my MySQL database in a cheap instance in Digital Ocean. I was a little concerned about security so I did some research and found some ways to make my installation a little safer.

The first thing any installation must do is run:

1
sudo mysql_secure_installation

This step will allow you to set a root password if you haven’t already done so. This of course is something you must do if you want any kind of security. The script will also remove the default anonymous account, only allow root connections from localhost and remove the test database.

If you expect connections to your mysql database to come from a single host you can restrict this inside /etc/my.cnf by adding something like this:

1
bind-address = 127.0.0.1

This can be any valid IP address. If you want to allow connections from more than one IP addresses then you will have to do this at the network level.

MySQL allows you to load data from the local file system using a LOAD statement. If you are not using this statement, the best thing is to remove the access to local files altogether. You can do this by adding a line to your /etc/my.cnf file:

1
local-infile = 0