Running PHP-FPM in a Docker container with Apache on the host

Running multiple PHP versions on the same server can be a pain, and not the best security-wise.

I was pondering on containerizing the thing and decided to try running each PHP into its own PHP-FPM container, while using Apache on the host for ease of use.

It turns out it’s pretty simple, with a few gotchas.

I put everything into a Github project so I can share it to the world. But most importantly, so I don’t forget how it works 6 months from now.

The github project – LouWii/apache-on-host-php-fpm-container

XD87 TKL Keyboard kit – QMK firmware

I already went through the customization of the XD87 (HS) keyboard via TMK using a layout from KLE in this blog post (along with general information about keyboard layout customization). The XD87 now has QMK support. That firmware is based on TMK, so it has the same principles but is a bit different in multiple aspects. Let’s look at them and see how to flash QMK on the XD87 (HS).

Continue reading XD87 TKL Keyboard kit – QMK firmware

XD87 TKL Keyboard kit – how to customize the layout/firmware and flash the keyboard

One of the best feature of the XD87 PCB is that its firmware is fully customizable. Although this might sound complex and probably way too much, customizing the firmware allows you to create your own layout for the keyboard. Let’s dive in. Don’t know what I’m talking about? See this article first.

Continue reading XD87 TKL Keyboard kit – how to customize the layout/firmware and flash the keyboard

Split your Redux actions into several files

I’m currently working on a React project using Redux. I was putting all my actions into one file, but it quickly became unmanageable. Weirdly, I’ve had a hard time to find a nice example showing up how to split all your actions into different files. So I’m sharing how I’ve set it up, as it might help a few people out there.

I’ve divided my actions into several files:

  • authActions.js
  • postActions.js
  • userActions.js

My actions look like this

I then have a actionCreators.js files that export all actions at once.

And then, I can import all actions at once:

But you can also import only the actions needed, of course 😉

 

 

Check an SSL certificate against the server private key and CSR

When working with SSL certificates, it can be handy to check that the certificate you got (.crt file) properly corresponds to the private key (.key file) and the certificate request (.csr file).

Just use those commands :

They will output a string composed of numbers. All 3 of them need to be the same in order for your certificate to work properly on your server.

It’s as simple as that.

 

Secure phpMyAdmin install with Fail2ban

First, let’s change the address to access phpMyAdmin. By Default, it’s ser.ver.ip/phpmyadmin.

I’ve copied the original phpmyadmin apache config file so I can customize it as I want, and still have the original one in case mine is broken. sudo cp /etc/phpmyadmin/apache.conf /etc/phpmyadmin/apache-custom.conf

At the top of the custom file, change the 3 line Alias /phpmyadmin /usr/share/phpmyadmin to something else, like Alias /phpthisismine /usr/share/phpmyadmin

Now, I don’t know how your apache is setup to take into account the phpmyadmin configuration file. On my server, it wasn’t added automatically, so I’ve added it myself in /etc/apache2/apache2.conf. At the bottom, just add Include /etc/phpmyadmin/apache-custom.conf.

Now, in order to deal with those stupid bots, if they ever find the URL, it would be nice to have fail2ban take care of those f*ckers. The problem is, phpMyAdmin doesn’t log any failed login attempt (bummer !).

Well actually, this is what I found:

phpMyAdmin uses php’s apache_note function to make this work. AFAIK this function is only available in mod_php mode. This will not work with mod_fcgi & co.

And I’m using php-fpm so I need to modify phpMyAdmin to log failed attempts. Let’s edit /usr/share/phpmyadmin/libraries/plugins/auth/AuthenticationCookie.class.php (I know, that’s bad, but what can I do ?).

Find the authFails() function and inside, right after the last header() call, add error_log(‘phpmyadmin: authentification failed’);

 

Hell yeah.

Now let’s setup fail2ban. Create a file /etc/fail2ban/filter.d/apache-phpmyadmin.conf and place that inside

Now edit your local fail2ban configuration file. Mine is /etc/fail2ban/jail.local and add

Reload fail2ban sudo service fail2ban reload and you’re all set !

Sources (source 1, source 2, source 3).

Configuring an email server on Ubuntu 16.04

DigitalOcean has made a great guide to configure an email server that only sends email. If your email inbox are stored somewhere else, your server don’t need to receive and store any email. Configuring it to only send email is making it easier to maintain and less subject to hack/viruses.

Before reading the guide, I’ve created 2 subdomains that points to my server and I will use them in the tutorial.

Well in fact I created one twice, with an A type and AAA type to be sure both ipv4 and ipv6 are working. The A type must point to your server IPv4, the AAA type to your server IPv6. Let’s call it serv.site.com.

Once that’s done, I had to configure my reverse server IP. I found that in my server IP settings. For both IPv4 and IPv6, I’ve set the reverse to my previously created subdomain, serv.site.com. That will make Google and probably other email services happy. More on that on Google Documentation.

Next step, go and follow the tutorial. When entering the domain, I entered the subdomain I created, serv.site.com, not just site.com.

Go read the guide there

 

PHP7 FPM configuration with Apache 2.4

After struggling a bit to find a working configuration for my PHP server setup based on PHP 7 FPM and Apache 2.4, here’s my working config.

Activate Apache actions mod: sudo a2enmod actions

Edit /etc/apache2/mods-available/fastcgi.conf

Basically, that’s telling apache to use PHP executable when someone is requesting a .php file.

Be sure php7.0-fpm service is running sudo service php7.0-fpm status. If not, start it sudo service php7.0-fpm start.

Here’s an example of a virtual host config file