Debian

Posted on October 19, 2017 by Thach Van

Install MariaDB (or MySQL) on Raspbian / Debian is pretty easy with the supported package:
sudo apt-get install mariadb-server (or mysql-server)

And you can set password for the root account as well as configure others by one simple command:
sudo mysql_secure_installation (for both MariaDB and MySQL)

But the problem is that you can’t connect to the database from any system. You’ll get the “Access denied” error all the time. The only way to access is from the terminal of that server:
sudo mysql -u root -p

I don’t know why the authors make them to be difficult to use at the first time. To remove the restrictions, it requires many steps:

1. Login from terminal:
sudo mysql -u root -p

2. The plugin of the root account in the mysql.user table is set to ‘unix_socket’, which means you can only access using the terminal. Use the following commands to remove it:
USE mysql;
UPDATE user SET unix_socket = '' WHERE User='root';
FLUSH PRIVILEGES;

3. Now you can use any SQL tool (phpMyAdmin, SQL Workbench…) to access the database. But that tool must be used on the same server because the Host field of root account in mysql.user is ‘localhost’. So you may need to remove it.
UPDATE user SET Host = '' WHERE User='root';
FLUSH PRIVILEGES;

4. Now, try to access again. You still can’t access the database from another machine. Why? Because the database socket doesn’t bind to an IP address. This setting is missing from the config file. Let’s find the config file first:
sudo find / -name my.cnf

The file is usually located at: /etc/mysql/my.cnf. Open it to modify using nano:
sudo nano /etc/mysql/my.cnf

Add to that file a new section:
[mysqld]
bind-address=::

5. That’s it. Restart the services and enjoy it.
sudo service mysqld restart
sudo service mysql restart

Leave a comment or contact me if you have any questions or suggestions

Install PHP 7 from source on Raspbian/Debian

Posted on October 15, 2017 by Thach Van

This tutorial cover Raspbian PHP 7 installation as well as Apache 2 configuration.

Prerequisite: Apache 2 installation exists

1. Download PHP source code from http://php.net/downloads.php and then decompressed it to have a PHP folder contains source code

2. On the terminal, install the libxml2:
sudo apt-get install libxml2-dev

3. Inside the PHP folder at step #1,configure the build:
./configure ––with-apxs2=/usr/local/apache2/bin/apxs ––with-mysqli ––enable-mbstring
Notes:

apxs was installed when installing Apache 2. In this example, the Apache 2 was installed at /usr/local/apache2.
The default location of php.ini is /usr/local/lib/. Use ––with-config-file-path=<path> if you need to put the php.ini file at somewhere else.
––with-mysql was removed, use ––with-mysqli instead (https://github.com/php-build/php-build/issues/348)
––enable-mbstring is required for using phpMyAdmin

4. Install:
sudo make
sudo make install

5. Verify:
php -v

Here are a few more steps to configure Apache 2 to support PHP:

1. Open the httpd.conf to edit:
sudo nano /usr/local/apache2/conf/httpd.conf

2. Make sure the following line exists and not commented:
LoadModule php7_module modules/libphp7.so

3. Add the following lines to let Apache parse PHP files:
<FilesMatch “\.phps$”>
SetHandler application/x-httpd-php-source
</FilesMatch>

4. Enable mod_rewrite:
LoadModule rewrite_module modules/mod_rewrite.so
RewriteEngine On

5. Save and close Nano by pressing Ctrl+X and Y

6. Restart Apache 2:
sudo /usr/local/apache2/bin/apachectl restart

Also, check out Install MariaDB / MySQL on Raspbian / Debian

Install Apache 2 web server from source on Raspbian

Posted on October 15, 2017 by Thach Van

Image credit: http://www.apache.org/

This guideline is for working on Raspbian – a Linux distro for Raspberry Pi, but other Linux operating systems have similar steps.

Download source from https://httpd.apache.org/download.cgi. It should be in a compressed file, e.g.: httpd-2.4.28.tar.bz2. After decompressing it, we have a httpd-<version> folder.
Install PCRE library from the terminal:
sudo apt-get install libpcre3-dev
Download source of APR and APR-util from https://apr.apache.org/download.cgi. They’re all in compressed files, e.g.: apr-1.6.2.tar.gz, apr-util-1.6.0.tar.gz. After decompressing them, we have the following folders: apr-<version>, apr-util-<version>. Rename them accordingly to apr and apr-util and then move them into the folder at step #1 to this path: httpd-<version>/srclib/.
The folder structure should be like this:
Open the terminal and issue the following commands in the httpd-<version> folder to build and install Apache 2:
./configure –prefix=/usr/local/apache2 –with-included-apr –enable-so
sudo make
sudo make install
Check its version:
apache2 -v

Also check out “Install MariaDB / MySQL on Raspbian / Debian” and “Install PHP 7 from source on Raspbian/Debian“

Building a secured Java web server using Spark framework and Nginx

Posted on July 10, 2017 by Thach Van

Spark framework (www.sparkjava.com) is a small Java framework used to build a REST server quickly. You can build a Java web server with only a few lines of code. But adding SSL to your server needs more effort.

Java used its own format for the keystore file which contains keys. First of all, you need to generate your private key. Java key tool will store it in a keystore file .jks. The following command creates a key has 2048 bit length for localhost valid in one year:
keytool -genkey -alias localhost -keyalg RSA -keystore KeyStore.jks -validity 365 -keysize 2048

Now you have your private key in the keystore file. Here is a code snippet to build a web server using Spark framework:

[java]

import spark.Request;
import spark.Response;

import static spark.Spark.*;

public class Server {
private final int port = 12345;

public Server() {
port(port);
secure("KeyStore.jks", "password", null, null);

get("/", (request, response) -> {
return "Hello World";
});
}
}

[/java]

This code load the keystore you’ve recently created to support SSL. Try to access your server with the URL: https://localhost:12345/, you’ll get the text “Hello World”.

Your web server supports SSL, but it’s quite dangerous when you exposing it directly to the world. Enhancing security of your web server by adding a proxy in front of it. Requests will go to your proxy first, then your proxy forward it to your server.

I use Nginx (www.nginx.com) for this purpose. This is a famous web server that solved the C10K problem (https://en.wikipedia.org/wiki/C10k_problem). After installing it, change its configuration file (conf/nginx.conf) to allow forwarding requests to your server:

[sourcecode language=”plain”] # HTTPS server
server {
listen 443 ssl;
server_name localhost;

ssl_certificate "localhost.crt";
ssl_certificate_key "localhost.key";

server_tokens off;

#ssl_session_cache shared:SSL:1m;
#ssl_session_timeout 5m;

#ssl_ciphers HIGH:!aNULL:!MD5;
#ssl_prefer_server_ciphers on;

location / {
proxy_pass https://localhost:12345;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
[/sourcecode]

Please replace ‘localhost’ at ‘server_name’ field by your real domain. This configuration file guides Nginx server to listen at port 443 (SSL port) and forward requests to your web server at port 12345. Please note that you’ll need a private key and a certificate for your Nginx server. They’re different from the keystore of your web server. The OpenSSL tool (www.openssl.org) will help you to generate them easily, or you may want to contact to a CA to get an authorized certificate.

Try to open the URL https://. It’ll return ‘Hello World’. You’ve built a secured java web server successfully!

Self-signed certificate for local HTTPS connection

Posted on April 19, 2017 by Thach Van

When setting up an HTTPS server for development purpose, you probably don’t want to buy a certificate. However you still need to run with HTTPS locally to develop/test if your web application works under HTTPS connections. You can create a self-signed certificate for free using OpenSSL.

Generate a private key

This command is to genetate a 4096-bit private key using SHA512 algorithm:

openssl genrsa -out localhost.key 4096 -sha512

-out <filepath> : path of the output file that will contain private key
-sha[number] : the algorithm applies for private key, it can be sha1, sha256, sha512; default value is sha1 if this parameter is missing. sha1 is not recommended because browsers like Chrome will treat it as unsecured.

Generate a Certificate Signing Request (CSR)

A CSR file will contain information about your organization and needs to use the private key. You can include organization details in only one command line, otherwise it will ask you to input manually for each field. The following command generates a CSR file using SHA512 algorithm:

openssl req -new -key localhost.key -out localhost.csr -sha512 -subj “/C=US/ST=State/L=City/O=Your Organization/CN=localhost”

–out <filepath> : path of the output fle that will contain a Certificate Signing Request
–subj : subject details included in the CSR
/C : two letters of country code
/ST: full name of state
/L: full name of city
/O: full name of your organization
/CN: usually a domain name which you want to install certificate on

Generate the certificate based on the CSR and sign it using the private key

The following commands create a X509 certificate which is valid within 365 days from the creation date and uses SHA-512 algorithm:

openssl x509 -req -days 365 -in localhost.csr -signkey localhost.key -out localhost.crt -fingerprint -sha512

-days <number> : number of days from the creation date that the certificate is still vallid
– in <filepath> : path of the CSR file
– out <filepath> : path of the output certificate file
– fingerprint : to print information of fingerprint to check the algorithm used in this certificate

Now you can install both your private key file and your certificate file to your server.

Notes

OpenSSL needs its configuration file. If you’re using Windows build from GnuWin32, you can set the environment variable ‘OPENSSL_CONF’ to the OpenSSL config file using the following command:

set OPENSSL_CONF=C:\Program Files (x86)\GnuWin32\share\openssl.cnf

The certificate is not signed by a Trusted CA. So it will be treated as not secured by browsers and rejected by Postman. You can import it as a trusted certificate into the certicate store on your machine.

Passing strings between MQL and C++ DLL

Posted on April 1, 2017 by Thach Van

MetaTrader is a popular platform used for forex trading, and other financial products trading (stock, commodity…) It provides to user the ability to add more features to the platform using its own language MQL. You can program your own indicator and your expert advisor to work with MetaTrader. The powerful of MQL is that it can call a Windows DLL library, so that you can add any feature to your program.

Passing strings to exchange data between MQL and Windows DLL is the most difficult problem. How to exchange data buffer without causing MetaTrader crash? This can achieve by allocating buffer memory within MetaTrader, then pass its pointer to DLL. MetaTrader then has the rights to free the allocated memory. If the memory is allocated by DLL, MetaTrader can’t free it and it causes crashing problems or memory leak.

Here is an example about exchange a string using buffer memory:

Passing strings from MQL to C++ DLL

* MQL:

#import “MT4.dll”
void sendText(char&[]);
#import

char buffer[10240];
StringToCharArray(“Hello World”, buffer);
sendText(buffer);

* C++ DLL:

#define MT4EXPORT extern “C” __declspec(dllexport)

MT4EXPORT void sendText(char* buffer){
// do something with ‘buffer’
}

Passing strings from C++ DLL to MQL