Tuesday, December 14, 2010

ssh tunneling is powerful

To work from home, we have to use a "svi" service, with dynamic changing password and ssh to a dedicated company server. It's a bit inconvenience at the beginning, until I found the power of ssh tunneling.


In short, if you have ssh connection, you may setup localforward and then your ssh server is working like a proxy to access the other network.


As we have proxy server to access company intranet, I can then setup my local proxy script to use the proxy if I need to access intranet, and no proxy to access other internet.


For example, my .ssh/config file.

Host svi0
HostName svi_server_name
User your_user_id

LocalForward 2001 internal_host_1:22
LocalForward 2002 internal_host_2:22

Host svi1
HostName localhost
Port 2001
User your_user_id
LocalForward 3128 proxy_server:3128

Host svi2
HostName localhost
Port 2001
User your_user_id

Host svi2
HostName localhost
Port 2002
User your_user_id



Then you can just do "ssh -f svi0 -N".

The tunnel is established.


Then "ssh svi1", you may login to internal_host_1 using your own password, instead of the one-time password.



The proxy script: myproxy.pac. You need to set your proxy manually in the browser.

function FindProxyForURL(url, host) {
   if (isPlainHostName(host) ||
      dnsDomainIs(host, "intranet_domain1") ||
      dnsDomainIs(host, "intranet_domain2") || 
      isInNet(host, "intranet_ip_addr", "255.255.255.255")) {
      return "PROXY localhost:3128"; }
   else
      return "DIRECT";
}


In this case, I have a very similar Linux working environment at home as I have in company.

Sunday, December 12, 2010

web hosting with nginx and Amazon EC2

I am doing some test recently on using Amazon's EC2 for website hosting. The EC2 is a cloud service offered by Amazon. You have total control, ie, root access to the virtual server hosted by Amazon. Their current promotion can give you free use for the first year. That's why I decided to do a trial. Even after the 1st year, if you buy reserved instance from Amazon, it is not expensive compared to other virtual dedicated server plan offered by companies such as godaddy.

I am also using nginx as my web server. It is a very powerful and fast web server, faster and simpler than apache. I used fastcgi to handle my php script. Right now, all my websites are hosted with a new virtual dedicated server from godaddy, using nginx. I haven't yet tested perl support.

Most of my website is using wordpress framework. I've learned the basic configuration using "try_files" to replace the rewrite rules required by wordpress.

The following is an example of my configuration for a virtual host.

server {
    listen       80;
    server_name  example.com;

    error_log /var/log/nginx/example.error.log error;
    access_log  /var/log/nginx/example.access.log  main;

    root   /var/www/example;
    index  index.php;
    try_files $uri $uri/ /index.php;

    location ~ \.php$ {
 include    /etc/nginx/fastcgi.conf;
        fastcgi_pass   127.0.0.1:9000;
    }
}