FMud is a simple web based Flash mud client.

A running demo, feature list and installation instructions are available on the FMud project page.

Download

Version 0.3

Released on 27th May 2008.

1. Bold colours replaced by bright versions.
2. Both bright and normal versions of ANSI colours are now fully configurable.
3. Colour parsing improved to eliminate several display bugs.
4. Removed options to display bold and coloured text.
5. Cosmetic changes to text in About window.
5. Fixed a telnet negotiation bug that was causing the first letters of words to drop on some servers.

Getting WordPress set up with pretty urls on nginx is fairly straightforward. First thing we need to do is create a database for WordPress in MySQL and a user for this database.

mysql -u root -p
CREATE DATABASE wordpress;
GRANT ALL PRIVILEGES ON wordpress.* TO "user"@"localhost"
       IDENTIFIED BY "pass";
FLUSH PRIVILEGES;
EXIT

Enter your MySQL root password when prompted and fill in your own values for user and pass.

Now that we have the database ready we can download and install WordPress.

wget http://wordpress.org/latest.tar.gz
tar zxvf latest.tar.gz
sudo cp -R /home/matt/wordpress/* /var/www/nginx-default/

Next we need to complete some configuration options for WordPress.

sudo cp wp-config-sample.php wp-config.php
sudo nano wp-config.php

Fill in the details for DB_NAME, DB_USER and DB_PASSWORD that you created earlier (wordpress, user and pass in this example).

In order to get pretty urls to work in WordPress we have to set some rewrite rules in nginx. Edit the configuration file:

sudo nano /etc/nginx/sites-available/default

Edit the first location block so it looks like the following:

    location / {
        root   /var/www/nginx-default;
        index  index.php index.html index.htm;
        if (-f $request_filename) {
            expires 30d;
            break;
        }
        if (!-e $request_filename) {
            rewrite ^(.+)$ /index.php?q=$1 last;
        }
    }

The first ‘if’ condition checks for static files and prevents their urls being rewritten. The second ‘if’ condition sends all urls to index.php. This allows you to set your own url scheme in WordPress under settings -> permalinks. Now restart nginx for the changes to take effect.

sudo /etc/init.d/nginx stop
sudo /etc/init.d/nginx start

Finally browse to http://yourdomain.com/wp-admin/install.php and complete the WordPress install.

References:
http://elasticdog.com/2008/02/howto-install-wordpress-on-nginx/

The latest security update to Adobe Flash player now makes it compulsory to have a socket policy file even if the application and the server are on the exact same domain. According to Adobe a crossdomain.xml file will no longer apply to socket requests, instead a separate socket policy file needs to be provided to the application. By default the application will first look for the policy file on port 843 and then on the port that the application is trying to open a socket to (the mud port in this case).

The following is the policy file that is used for the FMud demo server.

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only"/>
   <allow-access-from domain="bc-dev.net" to-ports="4000" />
</cross-domain-policy>

The FMud package has been updated to include a sample policy.xml file as well as a python script that will serve this file.

Use the following command to start the server.

./flashpolicyd.py --file=/path/to/flashpolicy.xml --port=843

Remember to allow a TCP server on port 843 in your server firewall.

Further details on the new security model can be found on the Adobe website. There are also more details on serving policy files as well as some more server scripts for download.

FMud is a simple web based Flash mud client.

A running demo, feature list and installation instructions are available on the FMud project page.

Download

Version 0.2

Released on 13th May 2008.

1. Added dark grey colour (ANSI black) configurable from settings window.
2. Example HTML file modified to resolve compatibility problem with Firefox.
3. README file updated.

The nginx webserver is a lightweight alternative to apache and is perfect for running on a vps where resources are scarce. First we need to install our packages.

sudo apt-get install mysql-server mysql-client libmysqlclient15-dev

I am using apt-get instead of aptitude here so we don’t get a lot of unwanted dependencies installed. The MySQL install will prompt you for a password for the root user. Remember this is not the same as the root login for your server and is just for master access to the MySQL databases.

sudo aptitude install php5-cli php5-cgi php5-mysql php5-xcache
sudo aptitude install nginx

Configure fastcgi

To enable php with nginx we need to edit the nginx configuration file to use fastcgi.

sudo nano /etc/nginx/sites-available/default

On my install the necessary lines were already present and just needed to be uncommented.

location ~ \.php$ {
    fastcgi_pass 127.0.0.1:9000;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME /var/www/nginx-default$fastcgi_script_name;
    include /etc/nginx/fastcgi_params;
}

While you are editing the config file you should change the server name to match your domain. The file fastcgi_params was installed as part of nginx.

Spawn-fcgi

Next we need a way to spawn our fastcgi processes as needed. The webserver Lighttpd comes with a script to do that which we can use. Download the source and build it to get the binary that we need.

mkdir ~/sources
cd ~/sources
wget http://www.lighttpd.net/download/lighttpd-1.4.19.tar.bz2
tar jxvf lighttpd-1.4.19.tar.bz2

I found that the configure script complained about some missing dependencies so install those first.

sudo aptitude install libpcre3-dev libbz2-dev

You can probably make it without them but having development headers is useful if you plan to do much building from source. Change to the directory you just unpacked and build the binary with configure and then make.

lighttpd-1.4.19
./configure
make

All we need is the spawn-fcgi binary.

sudo cp src/spawn-fcgi /usr/bin/spawn-fcgi

Now we need a simple script to run it.

sudo nano /usr/bin/php-fastcgi

Copy the following into that file.

#!/bin/sh
/usr/bin/spawn-fcgi -a 127.0.0.1 -p 9000 -u www-data -f /usr/bin/php5-cgi

We can also use another script to control the startup.

sudo nano /etc/init.d/init-fastcgi

Copy the following into that file.

#!/bin/bash
    PHP_SCRIPT=/usr/bin/php-fastcgi
    RETVAL=0
    case "$1" in
     start)
      $PHP_SCRIPT
      RETVAL=$?
    ;;
     stop)
      killall -9 php
      RETVAL=$?
    ;;
     restart)
      killall -9 php
      $PHP_SCRIPT
      RETVAL=$?
    ;;
     *)
      echo "Usage: php-fastcgi {start|stop|restart}"
      exit 1
    ;;
    esac
    exit $RETVAL

We need to change the permissions on these two scripts so they are executable.

sudo chmod 755 /usr/bin/php-fastcgi
sudo chmod 755 /etc/init.d/init-fastcgi

Startup our scripts

Now we can start our fastcgi script and add it to our init script so it starts automatically on boot.

sudo /etc/init.d/init-fastcgi start
sudo update-rc.d init-fastcgi defaults

Don’t forget to start the webserver.

sudo /etc/init.d/nginx start

If you want to test php is working, just create a simple php file.

sudo nano /var/www/nginx-default/test.php

Just one line should do it.

<?php echo phpinfo(); ?>

Open this page in your browser and check that php is working as it should.

Now that we have a working ‘LEMP’ stack we can put up some content. My next post will describe how I installed Wordpress.

References:
http://jit.nuance9.com/2008/01/serving-php5-with-nginx-on-ubuntu-710.html
http://articles.slicehost.com/2007/9/10/ubuntu-lts-mysql-and-ror

FMud is a simple web based Flash mud client.

A running demo, feature list and installation instructions are available on the FMud project page.

Download

Version 0.1

Released on 1st May 2008.

1. Initial release.

Following on from my previous article on setting up a vps server running Ubuntu 8.04 I am now going to configure a simple firewall.

Linux uses a rules based firewall system known as iptables. To check your current rules use the following command.

sudo iptables -L

As it’s a new install we don’t have many rules, infact we are allowing pretty much everything. The output should look something like this.

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

As you can see there are three main sections; input, forward and output. For each section you can create rules that specify how you handle different kinds of traffic. As a general principle we want to block all ports and traffic that we don’t explicitly require. These ports will probably be blocked by default, but an extra layer of security can’t hurt. Using iptables directly can be complex as the syntax is not particularly intuitive, however there are several ‘frontends’ that can generate iptables rules using a much simpler syntax. I am going to use FireHOL but alternatives do exist.

sudo aptitude install firehol

There are two files we need to edit to configure our firewall.

nano /etc/default/firehol

Edit the line to enable firehol.

START_FIREHOL=YES

Now we need to create our firewall rules.

nano /etc/firehol/firehol.conf

Essentially we want to allow all outgoing connections but only allow incoming connections necessary for the services we want to run. Edit the file so it looks like this.

    version 5
    # Accept all client traffic on any interface
    interface any world
        protection strong
        server custom ssh tcp/23456 default accept
        server "icmp ping ICMP http" accept
        client all accept

Change the port number for ssh to the one you set earlier. This will only allow incoming ssh and http connections (we will be setting up a webserver on this box) as well as ping and icmp. You can probably safely block these last two as well, but being able to ping and traceroute to your box can help to diagnose any problems you may have down the road. Opinions vary.

Now we have our rules we just need to start firehol.

sudo /etc/init.d/firehol start

You may get some warnings about not being able to detect kernel modules but they can be safely ignored. Here is a possible workaround if seeing the warnings offends you. Now if we check our iptables there should be much more to see.

sudo iptables -L

This is just a basic firewall configuration. There is much more you can do with iptables and firehol. In my next post I am going to show the steps to set up a webserver with nginx.

References:
http://howtoforge.com/setting-up-an-iptables-firewall-with-firehol-on-ubuntu
http://firehol.sourceforge.net/

These are the steps I took to setup a fresh vps at linode.com running Ubuntu 8.04. Hopefully this will serve as a basic tutorial to configuring and securing a linux server.

Once you’ve deployed your distribution in the linode account manager and waited for the server to build your vps you need to connect to it using an ssh client. I am using Windows XP on my home box so the obvious choice is putty. Download the putty.exe binary and grab puttygen.exe while you are there as we’ll need that later. Use the default settings for putty and enter the ip of your vps. It’s normal the first time you connect to get a warning about the remote site’s security certificate so just accept it. Login as root with the password you set when building your linode.

Set hostname

The first thing I do is set the correct hostname. My domain is bc-dev.net and I’ve decided to name the vps as host, but you should come up with your own imaginative name.

echo yourname > /etc/hostname
hostname yourname
nano /etc/hosts

This brings up the /etc/hosts file in the nano text editor. Change the second line to match your ip, domain name and hostname. In nano use CTRL+o to save and then CTRL+x to exit.

12.34.56.78 yourname.yourdomain.com yourname

You should also create an A record for yourname.yourdomain.com in your DNS manager.

Add a non root account

The next step is to add a non root user account. We will use this account to access our box as logging in as root is an increased security risk.

adduser notroot

Create a password and just accept the defaults for the personal information. In Ubuntu non root users can gain temporary root privileges with the sudo command. We need to enable this for our new user.

visudo

This uses another text editor, vi. It’s not as friendly as nano but is much more powerful. Somewhere near the end of the file add a line for your new user.

notroot ALL=(ALL) ALL

In vi you need to press the i key for interactive mode to enter the text. When you are done press ESC and then :wq to write and quit.

Configure ssh

Now we need to configure ssh access for our new user. We want it so we can connect without a password using an encryped key instead. Our server needs to have a public key that we can match our private key against. First create a directory and a public key file.

mkdir /home/notroot/.ssh
nano /home/notroot/.ssh/authorized_keys

We can now use puttygen to generate our keys. Copy and paste the public key from puttygen into your terminal window and save the file. You should also save your private key on your home machine somewhere. We now need to give our new user access to these files.

chown -R notroot:notroot /home/notroot/.ssh
chmod 700 /home/notroot/.ssh
chmod 600 /home/notroot/.ssh/authorized_keys

The final step is to change the server’s ssh configuration to make it more secure and use our new settings.

nano /etc/ssh/sshd_config

We want to set it so only our user can login and only with our private key. You should also change the default port to something random and high.

Port 23456
PermitRootLogin no
PasswordAuthentication no
AllowUsers notroot

Restart ssh so the new settings take effect.

/etc/init.d/ssh reload

Don’t close your current terminal window (incase you are locked out and need to fix it!) but instead open a new putty session and try connecting with your new user name and private key. You can select your key file in putty under Connection > SSH > Auth. If all goes well you should be connected. Now you can log out your route console and save your connection profile in putty. That’s it, next post will cover some more basic setup as well as firewall and iptables settings.

References:
http://wiki.opengarden.org/Deki_Wiki/Installation_and_Upgrade/
1.8_Hayes_Official_Install_and_Upgrade_Guide/Linode_VPS
http://articles.slicehost.com/2008/4/25/ubuntu-hardy-setup-page-1
http://articles.slicehost.com/2008/4/25/ubuntu-hardy-setup-page-2