Apache reverse-proxy to Nginx

I had a Nginx webserver that was behind a firewall, at the same time some external developers needed to access the website. I already had an Apache webserver exposed to Internet, so I thought I could just easily set up a reverse-proxy on the Apache server towards the Nginx webserver.

My first vhost was like this:

<VirtualHost my-apache.server.no:443>
    ServerName my-apache.server.no
    SSLProxyEngine on
    ProxyPass / https://nginx-server.no/
    ProxyPassReverse / https://nginx-server.no/
    Include conf.d/ssl.inc
</VirtualHost>

But this just ended with the following error:

SSL Proxy requested for my-apache.server.no:443 but not enabled
Error during SSL Handshake with remote server

I looked into error log files both on the Apache and Nginx server, but couldn’t really find anything. After searching online and some help from ChatGPT, I found the solution. Adding some few lines to the vhost solved it:

<VirtualHost my-apache.server.no:443>
    ServerName my-apache.server.no
    SSLProxyEngine on

    ProxyPreserveHost Off
    SSLProxyVerify none
    SSLProxyCheckPeerName off
    ProxyRequests Off

    ProxyPass / https://nginx-server.no/
    ProxyPassReverse / https://nginx-server.no/
    Include conf.d/ssl.inc
</VirtualHost>

And it breaks down to this explanation:

  • .SSLProxyEngine on: Enables SSL proxy support for the virtual host.
  • ProxyPreserveHost Off: Disables preserving the original host header in proxied requests. This is useful when the backend server expects requests to have its own host header.
  • SSLProxyVerify none: Disables SSL certificate verification for the upstream server. Use with caution as it disables SSL security checks.
  • SSLProxyCheckPeerName off: Disables checking the peer’s SSL certificate name against the hostname being requested. Use with caution as it can potentially expose you to security risks.
  • ProxyRequests Off: Disables the ability to forward requests using the proxy.

Upgrading mariadb 5.5 to mariadb 10.6 to support moodle 3.11

First you need to stop the running 5.5. version:

service mariadb stop;

Make a backup of your mariadb datafolder:

cd /var/lib/mysql; tar -cf mysql.tar; gzip mysql.tar; mv mysql.tar.gz /backup-folder;

Then remove the 5.5 version:

yum erase mariadb*

Download the MariaDB Package Repository Setup Script:

curl -LO https://downloads.mariadb.com/MariaDB/mariadb_repo_setup

Then make it executable and run it:

chown 750  mariadb_repo_setup 
./mariadb_repo_setup

It will then create a /etc/yum.repos.d/mariadb.repo file with content adjusted for your system. In our system it look like this:

[mariadb-main]
name = MariaDB Server
baseurl = https://dlm.mariadb.com/repo/mariadb-server/10.6/yum/rhel/7/x86_64
gpgkey = file:///etc/pki/rpm-gpg/MariaDB-Server-GPG-KEY
gpgcheck = 1
enabled = 1


[mariadb-maxscale]
# To use the latest stable release of MaxScale, use "latest" as the version
# To use the latest beta (or stable if no current beta) release of MaxScale, use "beta" as the version
name = MariaDB MaxScale
baseurl = https://dlm.mariadb.com/repo/maxscale/latest/yum/rhel/7/x86_64
gpgkey = file:///etc/pki/rpm-gpg/MariaDB-MaxScale-GPG-KEY
gpgcheck = 1
enabled = 1

[mariadb-tools]
name = MariaDB Tools
baseurl = https://downloads.mariadb.com/Tools/rhel/7/x86_64
gpgkey = file:///etc/pki/rpm-gpg/MariaDB-Enterprise-GPG-KEY
gpgcheck = 1
enabled = 1

Now you can install the newer version of MariaDB server:

yum install mariadb-server; yum install mariadb-client;

If you want to check that MariaDB is installed, you can run this:

yum list installed | egrep -i mariadb

Then start the MariaDB server:

service mariadb start

Then upgrade the MariaDB server:

mysql_upgrade

Troubleshooting:

In our case he connection to the MariaDB-server failed with: Error writing to database

From the /var/log/mariadb.log file:

2021-09-24  9:35:32 0 &#91;ERROR] mariadbd: Can't create/write to file '/var/run/mariadb/mariadb.pid' (Errcode: 2 "No such file or directory")
2021-09-24  9:35:32 0 &#91;ERROR] Can't start server: can't create PID file: No such file or directory

Solution:

service mariadb stop;
mkdir -p /var/run/mariadb
chown -R mysql:mysql /var/run/mariadb
service mariadb start;

And then in the mariadb log file:

2021-09-24  9:39:09 0 [Note] /usr/sbin/mariadbd: ready for connections.

Next problem was that Moodle didn’t start and responded with:

Error writing to database

The solution to this was to first add debugging to the moodle config.php file:

@ini_set('display_errors', '1');    // NOT FOR PRODUCTION SERVERS!
$CFG->debug = 32767;
$CFG->debugdisplay = true;

Then accessing the webpage once more. This time the error message was explained in detail:

Debug info: InnoDB refuses to write tables with ROW_FORMAT=COMPRESSED or KEY_BLOCK_SIZE.
UPDATE mdl_sessions SET timemodified = ? WHERE id=?
[array (
0 => 1632469425,
1 => '1126',
)]
Error code: dmlwriteexception
Stack trace:
line 489 of /lib/dml/moodle_database.php: dml_write_exception thrown
line 1587 of /lib/dml/mysqli_native_moodle_database.php: call to moodle_database->query_end()
line 1619 of /lib/dml/mysqli_native_moodle_database.php: call to mysqli_native_moodle_database->update_record_raw()
line 476 of /lib/classes/session/manager.php: call to mysqli_native_moodle_database->update_record()
line 137 of /lib/classes/session/manager.php: call to core\session\manager::initialise_user_session()
line 111 of /lib/classes/session/manager.php: call to core\session\manager::start_session()
line 808 of /lib/setup.php: call to core\session\manager::start()
line 1158 of /config.php: call to require_once()
line 30 of /index.php: call to require_once()

The solution to this is to:

Add innodb_read_only_compressed=OFF to the MariaDB configuration file and restart MariaDB, or run SET GLOBAL innodb_read_only_compressed=OFF.

So:

vi /etc/my.cnf

Add the line:

 innodb_read_only_compressed=OFF

And finally:

service mariadb restart;

Then the Moodle 3.11 upgrade started with no errors.

Reference:
* https://mariadb.com/kb/en/upgrading-from-mariadb-55-to-mariadb-100/
* https://tracker.moodle.org/browse/MDL-72131

Couldn’t connect remotely with mysql client (command line and phpMyAdmin) to the MariaDB server

I had a MariaDB server running on port 3306.

I created a local MariaDB account ‘tommy’ with:

CREATE USER ‘tommy’@’localhost’ IDENTIFIED BY ‘somepassword’

and granted all rights with:

GRANT ALL PRIVILEGES ON *.* TO ‘tommy’@’%’ WITH GRANT OPTION; flush privileges;

so that ‘tommy’ should be able to log on to the MariaDB server remotely.

But, no luck! I could log on to the MariaDB server locally with:

mysql -u tommy -p

But not from elsewhere. When trying to connect, the error message was:

ERROR 1045 (28000): Access denied for user 'tommy'@'clienthostname' (using password: YES)

I checked that the firewall was open on the MariaDB server with:

iptables -nL | grep 3306

which gave:

ACCEPT tcp — 192.168.1.1.0/0 multiport dports 3306 /* 030 allow mysql from double7 */

Showing that incoming TCP connections to the MariaDB server 3306 are open.

The solution was finally to set the password for the user once more with:

select password (‘secretpassword’);

which will give the password hash should be a 41-digit hexadecimal number from the ‘secretpassword’, and finally setting the password with the 41-digit hexadecimal from the command above:

set password for ‘tommy’@’clienthostname’ = ‘*F89FFE84BFC48A876BC682C4C23ABA4BF64711A4’;

and voila:

[tommy@clienthostname ~]$ mysql -u tommy -h mariadbserverhostname -p
Enter password: secretpassword
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 3039
Server version: 5.5.68-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

 

Connect to windows remote desktop from linux mint

When I tried to connect to my Windows server with rdesktop from Linux mint with:

rdesktop -u username -d uib -k no -f -z -p- windowsserver.uib.no

I got this error message:

Failed to initialize NLA, do you have correct Kerberos TGT initialized ?
Failed to connect, CredSSP required by server (check if server has disabled old TLS versions, if yes use -V option).

Solution:

sudo apt-get install freerdp2-x11

Then

xfreerdp /u:"username" /v:windowsserver.uib.no:3389

and with smart-sizing:

xfreerdp /u:"username" /v:windowsserver.uib.no:3389 /smart-sizing:1920×1200

Or:

xfreerdp /u:"username" -v:windowsserver.uib.no /w:1920 /h:1200

Get more details about an ip address

If you are interested in more information behind an IP adresse, you can run this command:

curl http://ipinfo.io/2a06:981:d00:3c00:3192:9a75:45ce:ef73

which will give a result something like this:

{
“ip”: “2a06:981:d00:3c00:3192:9a55:45ce:ef73”,
“city”: “Sandsli”,
“region”: “Vestland”,
“country”: “NO”,
“loc”: “60.2972,5.2847”,
“org”: “AS15659 NextGenTel AS”,
“postal”: “5254”,
“timezone”: “Europe/Oslo”,
“readme”: “https://ipinfo.io/missingauth”
}

Useful ๐Ÿ™‚

Make music for your YouTube videos

I’ve used sometimes YouTube music library to add music to my YouTube videos.

Today I found two alternatives where you can make your own music fast and easy:

https://www.incredibox.com/demo/v3

and

https://intro.novationmusic.com/viral-hiphop

So I just start playing, and use a screen recorder software to record the systemย  sound. Then with Movavi, I can add the video with the music, and then just hide the clip. Then I will have my own music ๐Ÿ™‚

Here is one song made by me in Incredibox.

And here is one with Launchpad: