I’m migrating a few web apps from a shared web server to a Digital Ocean droplet. Since I’m going to be hosting more than one application in the same machine I need a proxy that will direct traffic to the correct application based on the domain name.

I decided to use HAProxy because I have never used it and because in the future I can extend it to also do load balancing if necessary.

Since I’m moving a domain that I already own from one shared server to a Digital Ocean droplet, the process I’m going to follow is going to be something like this:

1. Set up my application in the droplet so it runs in a port different to port 80
2. Set up HAProxy so it runs on port 80 and routes all traffic coming from the correct domain name to my application
3. Change DNS configuration so traffic from my application domain is now sent to the droplet

I’ve been doing a few algorithm exercises that deal with binary numbers lately. Since my language of choice for algorithm problems is JavaScript and I had in the past read a little about how JavaScript numbers work, I was really confused to find out that binary operations actually work, since JavaScript numbers are represented with an exponent-fraction notation.

A quick search gave me the answer to this question. When you do binary operations against a number this will be converted to an integer in two’s complement. Another interesting thing is that even though JavaScript numbers are built using 64 bits, they will be converted to 32 bits when doing binary operations. Lets see how these two factors affect our operations.

I have a server that I can SSH to by using a username and password. This works fine, but I need to automate some things and now I have the need to SSH into my server without being prompted for a password. Using SSH keys is a very natural way of doing this so I decided to go ahead.

The first thing to do is generate an SSH key pair. This command should be run on the client (the computer that will SSH into the server):

1
ssh-keygen -t rsa

I named my key server_key_rsa. I also decided to use no passphrase because I don’t want to be prompted for it every time I SSH into my server.

Now, we need to copy this generated key to the server:

1
ssh-copy-id -i /home/myself/.ssh/server_key_rsa user@myhost

From now on I won’t be prompted for a password when I try to log into my server.

I have found SSH tunneling very useful for two main scenarios:

– I want to access something that can’t be accessed from my local computer

– I want someone to access something in my computer

Lets look first at accessing something that can’t be accessed from my local computer. The easiest way to explain is with an example. I’m sitting at my desk with my laptop and I want to connect to my production database to run some queries. For security reasons, I can’t access my production database directly from my desk. As a matter of fact, for security reasons there is only one way you can access my production database, and this is from my application server. I have specifically denied all access to my database from all IP addresses except from the IP address where I’m running an application that uses the database.

So, what do I do when I want to run queries in my database? I SSH into my application server and connect to my database from there. This works, but there are scenarios where it would be easier if I could just connect directly from my laptop (e.g. I want to use a graphical client for connecting to my DB). We can solve this by creating an SSH tunnel.

I was looking for a simple recipe to install Glide into one of my Docker images and I couldn’t find it so I created my own:

1
2
3
4
5
6
7
# Install glide
RUN mkdir /tools
WORKDIR /tools
RUN wget https://github.com/Masterminds/glide/releases/download/0.10.2/glide-0.10.2-linux-386.tar.gz
RUN tar -zxvf glide-0.10.2-linux-386.tar.gz
RUN mv linux-386/ glide/
ENV PATH /tools/glide:$PATH

It is pretty simple. The only part that caught me by surprise was adding a path to the $PATH. The best way to do it is by using the ENV instruction:

1
ENV PATH /tools/glide:$PATH

Now, all containers created from this image will have glide available in their path.

I’m starting a web project and I decided to save some money by hosting my MySQL database in a cheap instance in Digital Ocean. I was a little concerned about security so I did some research and found some ways to make my installation a little safer.

The first thing any installation must do is run:

1
sudo mysql_secure_installation

This step will allow you to set a root password if you haven’t already done so. This of course is something you must do if you want any kind of security. The script will also remove the default anonymous account, only allow root connections from localhost and remove the test database.

If you expect connections to your mysql database to come from a single host you can restrict this inside /etc/my.cnf by adding something like this:

1
bind-address = 127.0.0.1

This can be any valid IP address. If you want to allow connections from more than one IP addresses then you will have to do this at the network level.

MySQL allows you to load data from the local file system using a LOAD statement. If you are not using this statement, the best thing is to remove the access to local files altogether. You can do this by adding a line to your /etc/my.cnf file:

1
local-infile = 0

I have gotten tired of my SSH connections timing out when connecting to my servers, so I found out how to fix it. Edit this file /etc/ssh/ssh_config in the computer you are using as a client. Then add these lines at the end:

1
2
ServerAliveInterval 15
ServerAliveCountMax 3

ServerAliveInterval – The number of seconds the client(your computer) will wait before it sends a null package to the server. Sending a null package to the server will keep the connection alive.

ServerAliveCountMax – How many times the client will try to send a message to the server if it doesn’t respond.

With the configuration above, the client will send a null package every 15 seconds. If the server doesn’t respond to one of those packages then after 15 seconds the clients will try again and then one more time. After three failures the client will disconnect.

In a previous article I wrote an article explaining how to do dependency management wrong by following Go’s recommendations. This week I’m going to explore a better way to manage your dependencies.

Last year the Go community decided to try to fix the dependency management problem they had. Since this problem came from the root, the solution had to come from the same place. The big problem came from the fact that dependencies were pulled from GOPATH. This gave go users no way to have two versions of the same library or application installed in the same computer.

To fix this the vendor folder was created. This allows projects to store dependencies in a folder named vendor inside the project folder. This can be done recursively, so dependencies can store their own dependencies and so on. This allows each project to have it’s own dependencies without affecting other projects.

This resembles same dependency management systems, like npm. The problem is that the community didn’t provide any tooling to help you manage the dependencies. It is your responsibility to download the dependencies and put them in the vendor folder. Luckily other projects were born to help make this easier.

I like to use spaces instead of tabs so I have this line in my .vimrc file:

1
set expandtab

This line will write spaces instead of tabs every time I hit the tab key.

Lately I’ve been working a little with Go. The standard in Go is to use tabs instead of spaces so I needed to change this preference for Go projects. The only thing that I needed to do is to add this line to my project .vimrc file:

1
set expandtab!

I have just begun my journey in the Go universe and so far I have found a few things that I don’t really like. I consider this natural because as I get familiar with a way of working I find it hard to accept other ways without questioning them very heavily first.

I’m not an expert in doing dependency management, but when a friend told me how Go decided to do it, it really hurt my soul. Before I begin telling you why it did and why I believe it is the wrong way to do dependency management let me add a disclaimer:

The Go team realized that the out of the box way of doing dependency management was not ideal so they came up with a solution. If you are going to start a project that has dependencies in other projects you should use Golang’s new proposal for package management.