When you build your own Docker Image with a Dockerfile, your process inside this container will typically run as the root user per default. This can be a security issue for productive environments in case your process becomes vulnerable. Continue reading
In this short tutorial I will show how to setup a private Docker registry. A private registry can be helpful if you want to distribute docker images in a large developer team or provide docker images to your customers. The tutorial assumes that you have a server with a docker daemon running in your network environment or internet. The goal is to push locally build docker images to the docker registry, so that other team members or customers can pull those images without the need to build the images from a Docker file. In the Imixs-Workflow Project we use such a private registry to support our customers with custom docker images. Continue reading
When trying to deploy the Gitbucket project into wildfly I go tthe following error message:
WARN [org.jboss.modules] (ServerService Thread Pool -- 81) Failed to define class liquibase.serializer.core.yaml.YamlSerializer$LiquibaseRepresenter in Module "deployment.gitbucket.war:main" from Service Module Loader: java.lang.NoClassDefFoundError: Failed to link liquibase/serializer/core/yaml/YamlSerializer$LiquibaseRepresenter (Module "deployment.gitbucket.war:main" from Service Module Loader): org/yaml/snakeyaml/representer/Representer ...
This is a known issue and discussed here.
You can fix it if you add the file ‘jboss-deployment-structure.xml’ into the WEB-INF/ folder with the following content:
<jboss-deployment-structure> <deployment> <dependencies> <system export="true"> <paths> <path name="com/sun/net/ssl/internal/ssl" /> <path name="com/sun/net/ssl" /> </paths> </system> <!-- add snakeyaml dependency --> <module name="org.yaml.snakeyaml"/> </dependencies> </deployment> </jboss-deployment-structure>
How to install:
The following is a short install guide how to modify the gitbucket.war downloaded form the project release page:
1.) Download latest version from release page:
change the version if needed
2.) unzip the war file
unzip gitbucket.war -d tmp/gitbucket.war
3.) create the ‘jboss-deployment-structure.xml’ file and add the content as explained above. Than copy the file into the WEB-INF folder
cp jboss-deployment-structure.xml /tmp/gitbucket.war/WEB-INF/
4.) create the doDeploy file
5.) start deployment by moving the folder to the wildfly deploy directory
cd tmp/ mv gitbucket.war /opt/wildfly/standalone/deployments/
You can use also my install script from here to install gitbucket on Wildfly 9.x & 10.x under Linux.
/bin/bash wildfly-install.sh [INSTALLDIR] [GITBUCKET-VERSION]
You can specify the install directory of your wilfly installation and the gitbucket version.
/bin/bash wildfly-install.sh [INSTALLDIR] [GITBUCKET-VERSION]
Note: The script must be run as root. The script assumes that wildfly is running with the user ‘wildfly’. You can change this in your script if needed.
If you need to debug the request headers send to Wildfly application server you can configure a Request-Dumper. There for change the standalone.xml file and add a filter-ref and filter configuration into the subsystem section of undertow. See the following example:
... <subsystem xmlns="urn:jboss:domain:undertow:2.0"> .... <server name="default-server"> ... <host name="default-host" alias="localhost"> ..... <filter-ref name="request-dumper"/> </host> </server> .... <filters> ..... <filter name="request-dumper" class-name="io.undertow.server.handlers.RequestDumpingHandler" module="io.undertow.core" /> </filters
This will print out all the request information send by a browser.
After downloading the new Eclipse IDE Mars I was disappointed of the corrupted design. Several dialog pages did not work as expected or were empty until the dialog window was resized.
As Eclipse release 4.5 (Mars) is based on GTK 3, the problem in my case was the missing library “gtk3-engines-oxygen”. This it the so called Oxygen widget theme for GTK3-based applications like the Eclipse Mars release.
After installing the missing library with apt:
apt-get install gtk3-engines-oxygen
the Eclipse Mars Release works perfect!
Customize Eclipse them Jeeeyul’s Eclipse Themes
A very nice plug-in for Eclipse is the ‘Jeeeyul’s Eclipse Themes‘. This plug-in provides a set of cool themes for eclipse and also a cool editor to customize the theme individually.
Adjusting the window margins
Another annoying thing in Eclipse GTK with Gnome is the small margin between to windows so you cant grasp the space with the mouse to resize the view.This problem can also be solved directly with the Jeeeyul’s plug-in:
In the ‘General’ section of the Jeeeyul’s Themes section you can change the “Winddow Pacing”. Disable the option ‘Cast Shadow’ and set ‘Part Stack Spacing’ to 5 and ‘Margins’ to 0. After that you need to restart Eclipse.
Alternative: Disable GTK3
An alternative is to simply deactivate GTK3 for Eclipse Mars. You need to set the environment variable ‘SWT_GTK3’ to ‘0’.
I am using the following bash start script to launch Eclipse Mars:
#!/bin/bash cd /opt/eclipse-jee-mars/ export SWT_GTK3=0 ./eclipse
See also the comments below.
The command line tool ‘curl’ is useful in cases when you just want to check some REST APIs from a console. You can find a lot of information about how to use curl on curl.haxx.se.
If you want to test the Imixs Rest API you need in most cases a basic authentification against the Workflow Server. This is an example how to send username/password along with a GET request:
curl --user admin:mypassword http://localhost:8080/imixs-microservice/workflow/worklist
This examples returns the worklist for the User ‘admin’ from a Imixs-Workflow Rest Service running on localhost port 8080.
If you don’t specify the media type Imixs-Workflow will return an HTML output. You can see this also in your Browser. But Imixs-Workflow also supports the media types JSON and XML. To request the same URL in JSON you can add a Header parameter like this:
curl --user admin:mypassword -H "Accept: application/json" http://localhost:8080/imixs-microservice/workflow/worklist
or if you want to get the same response in XML format:
curl --user admin:mypassword -H "Accept: application/xml" http://localhost:8080/imixs-microservice/workflow/worklist
If you know the UniqueID of a workitem, which is included in the worklist result you can also request a single Workitem from the Imixs-Workflow. See the following curl example to request a workitem in JSON format:
curl --user admin:adminadmin -H "Accept: application/json" http://localhost:8080/imixs-microservice/workflow/workitem/14b65352f58-259f4f9b
This example returns the content of the Workitem with the UniqueID ’14b65352f58-259f4f9b’. You can also restrict the result to a subset of properties when you add the query parameter ‘items’:
curl --user admin:adminadmin -H "Accept: application/json" http://localhost:8080/imixs-microservice/workflow/workitem/14b65352f58-259f4f9b?items=txtname;$processid
See the Imixs-Workflow RestAPI for more information.
If you want to test what is possible with Imixs-Workflow REST API and curl you can try the Imixs-Microservice. Imixs-Microservice provides a full featured Workflow System based on a REST API. Imixs-Microservice also supports Docker so you do not need to install a Application Server by your self.
With the latest release of Gnome Shell (3.8) you possible can run in a situation where your system did not shutdown correctly if you select shutdown from the system menu or try to shutdown with the hardware power-off switch. In this case just check if you have the new package ‘systemd-shim’ installed. This will possible solve a missing dependency in gnome.
Since about one year I own a ultrabook ‘Wortmann Terra Mobile 1450 II’ which I run on Linux. The system contains a Intel Core i7-351U chip set and 8GB RAM. But this system shows a very strange problem on Linux (and as I guess maybe also on other operating systems): randomly the system freezes.
When the system freezes no mouse , no keyboard, no REISUB was possible. The screen is corrupted and did not update. The only key board functionality which is still possible is Fn+F9 (switch display on/off). So the only possibility was to to switch off the system hard.
The freeze occurs when the system runs on battery as also when it is plugged. It looked as if the errors occurs more frequently at high memory usage.
A memory check (with memtest86+) indicates no problem. Therefore, I thought it had to do something with the kernel. See also the discussion here. But updating every week a new kernel version and playing around with several kernel boot options the problem still occurs.
Back to the idea that the problem comes from the RAM I installed the tool ‘memtester’. With this tool you can test memory when linux is running. For Example I started a test to check 7GB RAM with the following command:
memtester 7G 1
And now I was able to force the freeze. During such a test each time my system freezes. Also when I booted in kernel recovery mode the same situation – system freezes! So this indicated to me that the problem is with the memory.
If the memory seems to be ok in general (memtest86+ indicates no errors) but the system freezes in situations with heavy memory usage (memtester) then it may have something to do with overclocking the memory?
In my BIOS settings () I found the following setting:
-> System Agent (SA) Configuration
-> Memory Configuration
-> Memory Frequency Limiter
This was defined as ‘AUTO’. What ever this means I changed the value to lowest available setting of ‘1067’ (other values where 1600, 1867, … up to 2667). With this setting I can not see any substantial impairment of the speed. But from now on my system runs without any more freezes!
So if you are also faced with the problem of random freezes, first try to control the overclocking of your memory. I hope this will help you too.
After all the last question is: Is my hardware to fast for linux or is linux to fast for my hardware 😉
WordPress is really a nice software. I use it for websites and blogs. The problem is that WordPress is so common used in the net that hackers aggressive try to enter your site and inject eval php code. This is really terrible and I suffered some times ago because such a hackers attach against main own web sites.
After all I think two things can help to lock out hackers from wordpress.
1) Wordfence Plugin
The Wordfence Plugin is – in my eyes – really good software. You should install this plugin to understand if your wordpress is under attack.
2) Protect your directories
The important thing running WordPress is to protect your directories. Never allow the apache server to write into the WordPress instalation directory. I know this is for most people an essential feature because this allows to easily update WordPress, install Plugins and Themes. But this also allows hackers to inject bad php code into your installation. And the most secure way to protect your wordpress installation is to disallow the apache server to write into the installation code.
For Linux servers this means:
In your apache web directory create a folder for your WordPress installation and reduce the directory access to a minimum which means only your own linux user account should be the owner and allowed to change content.
ls -l /var/www/ drwxr-xr-x 5 youraccount youraccount 4096 Apr 16 21:12 wordpress
As you can see the apache user (e.g. www-data) can only read but not change directories. Any changes on the wp-config.php or the installation of plugins or themes can still be made by direct ssh access (in this example) from the user ‘youraccount’.
The only exception could be the wp-content/uploads folder which need to be writable from apache when you try to upload an image.
There are a lot of additional tipps and tricks how to protect your WordPress. But I think protecting the WordPress installation from modification by the apache server is the best way.
Ich hatte das Problem das mein kern.log file mit Meldungen dieser Art geflutet wurde:
Sep 27 18:07:48 r-ultrabook kernel: [ 380.012332] evbug: Event. Dev: input6, Type: 0, Code: 0, Value: 0 Sep 27 18:07:48 r-ultrabook kernel: [ 380.028334] evbug: Event. Dev: input6, Type: 2, Code: 1, Value: -1 Sep 27 18:07:48 r-ultrabook kernel: [ 380.028343] evbug: Event. Dev: input6, Type: 0, Code: 0, Value: 0 Sep 27 18:07:48 r-ultrabook kernel: [ 380.044419] evbug: Event. Dev: input6, Type: 2, Code: 1, Value: -1 Sep 27 18:07:48 r-ultrabook kernel: [ 380.044430] evbug: Event. Dev: input6, Type: 0, Code: 0, Value: 0
Diese Meldungen werden wohl vom Modul ‘evbug’ erzeugt und dienen als Debug Information. Das Modul sollte im Normalfall eigentlicht im Kernel geladen werden.
Um nun das Modul abzuschalten kann man es auf die blacklist setzen.
Dazu habe ich die (bei mir noch nicht vorhandene) Datei /etc/modprobe.d/blacklist.conf erstellt und folgenden Inhalt eingetragen:
# This file lists those modules which we don't want to be loaded by # alias expansion, usually so some other driver will be loaded for the # device instead. # evbug is a debug tool that should be loaded explicitly blacklist evbug
Dies führt dazu das das Modul beim nächsten booten nicht mehr geladen wird und die Meldungen verschwinden.