Stuff I'm Up To

Technical Ramblings

Mobility Printing from a Guest Network — January 4, 2018

Mobility Printing from a Guest Network

Today I have been mostly fumbling around in DNS trying to get untrusted devices on our Guest network to print to our PaperCut Pull Printing system using NAT.

All our WiFi users connect to the Guest VLAN which is isolated from the main production network. There are very few services that need to come from the Guest network into the Trusted zone, but this pull printing is one of them.

untitled_page

Continue reading

Advertisements
Vue.js, Vuetify and Laravel — December 24, 2017

Vue.js, Vuetify and Laravel

I’m really new to playing with Vue.js but thought I’d use it with Laravel and Vuetify rather than bootstrap. I couldn’t even get it off the ground due to this error:

app.js:442 [Vue warn]: Unknown custom element:  - did you register the component correctly? For recursive components, make sure to provide the "name" option.

(found in )

I’d tried to webpack the JS and this seems to be where the trouble lies. Something not loading quite right separating Vuetify out into the “vendor” script. Put simply the not being registered is because the vuetify.js script hasn’t loaded.

So going from this in my webpack.mix.js:

mix.js('resources/assets/js/app.js', 'public/js')
    .extract(['vue','vuetify'])
    .sass('resources/assets/sass/app.scss', 'public/css');

To this:

mix.js('resources/assets/js/app.js', 'public/js')
    .extract(['vue'])
    .sass('resources/assets/sass/app.scss', 'public/css');

resolved the problem for me.

PHP7.0, Microsoft SQL Driver & Debian (stretch) — December 12, 2017

PHP7.0, Microsoft SQL Driver & Debian (stretch)

What a mission today has been. I think I’ll ultimately roll back to using Debian Jessie as Stretch isn’t a supported system, yet.

To get the MS SQL ODBC driver working even in Jessie appears to be a challenge. In Stretch I almost surrendered. It is working, but I do think it’s a bit of a hack as I’ve had to install an older libssl1.0.0 and enable the locale en_US.UTF-8.

PHP development voted out the inclusion of MS SQL to the project so now you must compile and install it yourself. There are some very good instructions out there to help you – even from Microsoft.

https://docs.microsoft.com/en-gb/sql/connect/odbc/linux-mac/installing-the-microsoft-odbc-driver-for-sql-server

Continue reading

Laravel & PHP Minimum Requirements — December 11, 2017

Laravel & PHP Minimum Requirements

Make sure you’ve installed php and the necessary modules before trying to create a new Laravel project.

$ sudo apt-get install php-fpm php php-mbstring php-zip

The order of php-fpm and php is important as putting them the other way around you’ll find you get apache2 installed when you probably don’t want that.

Then you should be able to create your empty project using composer without any complaints.

$ cd /var/www
$ composer create-project --prefer-dist laravel/laravel [project]

 

Google Home and Kodi — November 29, 2017

Google Home and Kodi

I thought I’d take the opportunity to add a Google Home to my gadget collection. After all it’s on a £50 off same this week, so comes in at £79 delivered.

What I really want from it above all is to control my Kodi setup. Being able to voice control what movie or TV show to play would make the wife’s life a lot easier – and when she’s happy, I’m happy.

This is where I came across the GoogleHomeKodi project on GitHub and referenced on the Kodi forum here.

Continue reading

PaperCut Certificate — November 21, 2017

PaperCut Certificate

Time to replace the PaperCut web server certificate. So pleased I ran into Keystore Explorer previously as this made changing the web server certificate a breeze.

Put simply you create a new keystore file, in the Program Files\PaperCut MF\server\custom folder, and import your certificate that you obtain from your internal CA. We did this using MMC and the Certificate snap-in on the print server. Then export the certificate with private key to a .pfx file. Then just import the .pfx into the new keystore in Keystore Explorer.

Edit the server.properties file in Program Files\PaperCut MF\server and add the relevant keystore and password details.:

### SSL/HTTPS Configuration (Default: 9192) ###
server.ssl.port=9192

# Custom SSL keystore example (recommend placing in the custom directory)
server.ssl.keystore=custom/my-ssl-keystore
server.ssl.keystore-password=myPassword
server.ssl.key-password=myPassword

Restart the PaperCut services, give it a minute and the user and admin portal should now be using the new certificate.

https://printserver.domain.local:9192/admin

Now every printer that has an embedded PaperCut app will need to be updated to accept the new certificate. This means you have to visit each PaperCut admin console on every device – yes, that’s the painful bit if you have a lot of printers. Then you login to the console and click apply, even though you’ve made no change. This will then ask you to accept and trust the new certificate.

Selection_002

References

https://warlord0blog.wordpress.com/2017/11/14/java-keystore-management/

https://www.papercut.com/products/ng/manual/common/topics/tools-ssl-key-generation-certificate-authority-import-new.html

Git – Version Control — October 13, 2017

Git – Version Control

We have a distinct lack of version control in the relatively small development team that manages one of our business applications. One of the main challenges isn’t really related to the developers, but to the vendor that connects remotely and “fixes” things without leaving any clue as to what has been changed.

So I came up with a sneaky plan to deploy Git onto the servers and manage the versions of configuration files used by the application. I can then capture any changes and roll back as necessary.

Continue reading

Tomcat log4j Errors — October 12, 2017

Tomcat log4j Errors

As I’ve been spending a lot of time with Tomcat these days I’ve tried to clear out the stderr log of error messages. One of the frustrating warnings I had to deal with was this:

log4j:WARN Continuable parsing error 208 and column 23
log4j:WARN The content of element type "log4j:configuration" must match "(renderer*,throwableRenderer?,appender*,plugin*,(category|logger)*,root?,(categoryFactory|loggerFactory)?)".

The log4j.xml file parsed correctly and was obviously working as we were seeing log output. But this error had me baffled for a while. I checked the syntax of the xml file, ensured it was sound structurally and couldn’t for the life of me spot the problem.

Turns out the order of the elements in the file is important and must match the order of the string listed above. We’d got some logger elements after the root element. A move of the root element below the logger elements and the error message went away.

 

Forcing Tomcat to HTTPS — September 28, 2017

Forcing Tomcat to HTTPS

As our environment needs change more and more of our internal services are being forced to change to HTTPS.

Tomcat supports the deployment of services using HTTPS, but many of our vendors have taken the easy route and just use HTTP on the standard port 8080. This is now going to become a bit of a hurdle as we now need to advise clients of the change to HTTPS and the port change involved.

Securing Tomcat with valid certificates is the start of the journey and adding a connector using HTTPS is the first step. Then we need to make calls to the non-secure HTTP site redirect over to the HTTPS version.

Continue reading

Windows, Apache 2.4 and OpenSSL — September 22, 2017

Windows, Apache 2.4 and OpenSSL

In order to make Apache 2.4.27 compliant it needs the later version of OpenSSL v1.1.0. To get this you need to install the VC15 version. The VC11 etc. do not include the later OpenSSL and fail because they are compiled with v1.0.2

  Banner           : Apache/2.4.27 (Win64) OpenSSL/1.0.2l
  Reported version : 1.0.2l
  Fixed version    : 1.1.0

This is detailed in the 16 June 2017 change log, but is repeated here as a reminder to install vcredist_x64 for VC++ 2017 which is linked on the downloads page on Apache Lounge.

References

https://www.apachelounge.com/download/

https://www.apachelounge.com/Changelog-2.4.html

Apache 2.4 TRACE – Nessus plugin 11213 — September 21, 2017

Apache 2.4 TRACE – Nessus plugin 11213

Googling for how to close the vulnerability for the TRACE method on Apache 2.4 results in lots of responses that just use a rewrite rule to respond with a permission denied message.  Even the Nessus plugin output lists the rewrite fix. Nessus doesn’t use this for it’s scans, it carries out a HTTP call for OPTIONS and relies on the server telling it what methods are available.

RewriteEngine On 
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]

Whilst the rewrite rule may be a valid mitigation on Apache servers, the actual vulnerability warning won’t be removed from Nessus’ results.

If you’re using Apache 2.4 then there is a config TraceEnable directive that you should use to simply turn off the TRACE method.

Continue reading

OwnCloud, php7.0-fpm and Memcache — September 19, 2017

OwnCloud, php7.0-fpm and Memcache

When checking out the setup for our OwnCloud system it came up with a few cautionary problems that needed to be resolved.

The problems related to environment variables and file locking.

php does not seem to be setup properly to query system environment variables. The test with getenv(“PATH”) only returns an empty response. Please check the installation documentation ↗ for php configuration notes and the php configuration of your server, especially when using php-fpm.

and

Transactional file locking is using the database as locking backend, for best performance it’s advised to configure a memcache for locking. See the documentation ↗ for more information.

Continue reading