Category: Code snippets

Book Review: Instant Mock testing with PowerMock

By , Sunday 5th January 2014 7:23 pm

I was recently asked to review “Instant Mock testing with PowerMock” by PacktPub. Part of their “instant” series which aims to get you up and running with a project quickly. My review follows.

Continue reading 'Book Review: Instant Mock testing with PowerMock'»

NGINX configuration for proxing to websocket/nodejs processs

By , Friday 29th November 2013 11:06 am

Here’s a simple configuration to allow nginx to proxy through to another process including forwarding websocket traffic.

A simple set up currently in use to proxy to a nodejs process which is also serving HTML. I’d like to improve the config so that nginx serves static content, but will look to do that later.

Improvements, suggestions please add to the comments (…and thanks).

server {
    listen 80;
    server_name example.com;
    return 301 https://example.com$request_uri;
}

server {
    listen       443;
    server_name  example.com;

    root /var/www/html/public;

    ssl                  on;
    ssl_certificate      /etc/ssl/private/ssl.cert;
    ssl_certificate_key  /etc/ssl/private/ssl.key;

    ssl_protocols  SSLv2 SSLv3 TLSv1;
    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers   on;

    proxy_connect_timeout 43200000;
    proxy_read_timeout 43200000;
    proxy_send_timeout 43200000;

    if ($ssl_protocol = "") {
        rewrite ^ https://$host$request_uri? permanent;
    }
    try_files $uri @proxysocket;

    location / {
        proxy_pass http://127.0.0.1:3000/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

Protecting node.js from BEAST TLS attack

By , Friday 7th June 2013 6:56 pm
Copyright Disney, I don't think they'll sue me. Thanks for the image.

Copyright Disney, I don’t think they’ll sue me. Thanks for the image.

After reading Eric Martindale‘s very useful blog post on “Mitigating TLS BEAST attack in node.js” I decided to implement this for pinitto.me in order to increase security of the site.

After implementing the suggested code I then attempted to test the SSL setup via SSLLabs.  Sadly the report came back showing that pinitto.me was still vulnerable to BEAST attacks.

A BEAST (or Browser Exploit Against SSL/TSL) attack is an attack where a third party can silently decrypt communications between a browser and a server. This is performed by attacking a weakness in CBC (cipher block chaining) discovered back in 2006 but with a practical exploit not found until late 2011.

BEAST attacks are not possible on TLS versions greater than 1.0 but as this version is currently the most predominant on the internet such attacks are possible on most unprotected servers.

The documentation on SSLLabs.com suggested a different set of ciphers to those suggested by Eric and so after implementing these pinitto.me is now reported to not be vunerable to these attacks, yey!

The code for setting up a HTTPS server on node.js therefore becomes:

var https = require('https')
  , fs = require('fs')

var options = {
   key: fs.readFileSync(config.ssl.key, 'utf8'),
   cert: fs.readFileSync(config.ssl.cert, 'utf8'),
   ca: fs.readFileSync(config.ssl.ca, 'utf8'),
   ciphers: 'ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH',
   honorCipherOrder: true
}

https.createServer(options, function (req, res) {
  res.writeHead(200)
  res.end("Hello World!")
}).listen(443)

Notes

Generate a self-signed certificate

By , Monday 20th May 2013 9:21 am

Quickly generate a self-signed certificate on the command line. Noting this information as the original source has disappeared and its handy to have around.

mkdir -p /etc/certs
openssl req -new \
            -x509 \
            -days 3650 \
            -nodes \
            -out    "/etc/certs/EXAMPLE.COM.pem" \
            -keyout "/etc/certs/EXAMPLE.COM.key" \
            -batch -subj "/CN=EXAMPLE.COM"

# ensure that the files are readable 
chmod o+r /etc/certs/EXAMPLE.COM.*

Move a file to a subdirectory of the same name

comments Comments Off on Move a file to a subdirectory of the same name
By , Tuesday 30th October 2012 1:15 pm

A quick bash one liner to create and move a set of files in a directory to a sub-directory of the same name:


IFS=$'\n'; for i in `find . -maxdepth 1 -type f`; do echo "$i"; dir=${i%.*}; \
echo "$dir"; mkdir "./$dir"; mv "./$i" ./"$dir"/; done;

If you know a better way please post in the comments :)

Panorama Theme by Themocracy

1 visitors online now
0 guests, 1 bots, 0 members
Max visitors today: 16 at 08:14 am UTC
This month: 17 at 19-09-2017 09:35 pm UTC
This year: 45 at 02-01-2017 10:28 pm UTC
All time: 130 at 28-03-2011 10:40 pm UTC