venerdì 23 settembre 2016

Two path to run http server as non-root user

When you install and configure your HTTP server on linux and you need to run it with a non-root user,
you can't bind your service on port 80 or 443, because non-root user can't use port lower then 1024.

in this case if you have ipTables active in your server you can redirect your http/s traffic to another ports, in my case i choose ports 1080 and 1443.

you can configure a specific NAT rule to redirect it like:

iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 1080
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 1043

if you need use localhost you must add following rules

iptables -t nat -I OUTPUT -p tcp -d --dport 80 -j REDIRECT --to-ports 1080
iptables -t nat -I OUTPUT -p tcp -d --dport 443 -j REDIRECT --to-ports 1443

to check your configuration

iptables -t nat --line-numbers -n -L

Chain PREROUTING (policy ACCEPT)                                                   
num  target     prot opt source     destination                                    
1    REDIRECT   tcp  --          tcp dpt:80 redir ports 1080 2 
 REDIRECT   tcp  --          tcp dpt:443 redir ports 1443

In other case if you have not iptables, you can add your user as "sudoers" in your linux machine.

1. 'Touch' the log files:
   touch /opt/IBM/HTTPServer/logs/access_log
   touch /opt/IBM/HTTPServer/logs/error_log
2. Make the following changes in httpd.conf (ensure user 'was run' and group 'was runners' has been created already)
         User wasrun
         Group wasrunners

3. Change ownership of IHS files:
   chown -R wasadmin:wasadmin /opt/IBM/HTTPServer

4. Edit sudoers file (visudo), add the following line:

%wasrunners ALL = (root) NOPASSWD: /opt/IBM/HTTPServer/bin/apachectl *

This means any user in the 'wasrunners' group (prefixed with %) can control (start/stop) the IHS instance as root 
without needing to enter password. If you only want to allow the user 'wasadmin' to perform this, then remove the '%'
 to denote a user.

venerdì 16 settembre 2016

dockerize it

Using doker environment you can deploy and shipped in a very short time your applcation.

Docker containers wrap a piece of software in a complete filesystem that contains everything needed to run: code, runtime, system tools, system libraries – anything that can be installed on a server. This guarantees that the software will always run the same, regardless of its environment.

You can:

  • Stop wasting hours setting up developer environments, spinning up new instances, and making copies of production code to run locally. With Docker, you simply take copies of your live environment and run them on any new endpoint running a Docker engine.
    Store, distribute, and manage Docker images in Docker Hub with your team. Image updates, changes, and history are automatically shared across your organization.
    Docker containers spin up and down in seconds, making it easy to scale application services to satisfy peak customer demand, and then reduce running containers when demand ebbs.

and now IBM how doing?

IBM announces zSystem for Docker

IBM and Docker offer integrated container solutions that can meet the diverse needs of enterprises.

Supporting the creation and deployment of multi-platform, multi-container workloads across hybrid infrastructures,
IBM and Docker accelerate application delivery and enable application lifecycle management for Dockerized containers.

IBM announces Docker on IBM PureApplication System
 The good news is that Docker is now supported on IBM PureApplication v2.1! You can now use Docker containers in the virtual system patterns that you create and you can reference Docker images that are stored on Docker Hub or in a private Docker registry that runs inside PureApplication. Taking advantage of the Docker containers on PureApplication is as easy as building patterns.

if you need more information follow me on slideshare