Recent Posts

September 2011

How to: Install Proctools (pkill, pgrep, etc) On OSX Using Homebrew

I had a lot of zombie processes running while writing a small application recently. Made me wish that pkill was available for OSX. Turns out, Homebrew has a package for it. This post is more of a reminder that this powerful tool actually exists in homebrew. PROCTOOLS I AM IN YOU! WIN!

jared@localhost:$ brew install proctools

How to: Deny Hosts Using Nginx

I was noticing my nginx log file fill up with requests for a site who had misconfigured their DNS. Normally I wouldn’t worry about it, but it became quickly evident that the domain was used for an image server for a parent site. There were thousands of RPS that I really didn’t need.

All I did was add the following expression to my nginx.conf file.

Server {
 
   ...snip...
 
     ## Deny illegal Host headers
      if ($host !~* ^(mydomain.com|www.mydomain.com)$ ) {
        return 444;
      }
 
  ...snip...
 
}

Now if you look at the code, you may be thinking “But Jared, what is a 444 error? That is totally not valid bro.” And indeed, you are correct. But here is what the nginx documentation has to say about it.

“Furthermore, nonstandard code 444 closes the connection without sending any headers.”

So basically, my expression above, in plain english, is saying.

“If you are not making a request using the valid hostname of my server, then I’m just going to close the connection and return you nothing. nada. zip.”

For the record, I got a lot of value out of this article over @ calomel.org, but the site seems to have issues so I copy/pasted their nginx.conf file here for historical purposes.

## Compression
  gzip              on;
  gzip_static       on;
  gzip_buffers      16 8k;
  gzip_comp_level   9;
  gzip_http_version 1.0;
  gzip_min_length   0;
  gzip_types        text/plain text/html text/css image/x-icon image/bmp;
  gzip_vary         on;
 
 ## Log Format
  log_format  main  '$remote_addr $host $remote_user [$time_local] "$request"
                     $status $body_bytes_sent "$http_referer" "$http_user_agent" $ssl_cipher $request_time';
 
 ## Deny access to any host other than (www.)mydomain.com
    server {
         server_name  _;  #default
         return 444;
     }
 
 ## Server (www.)mydomain.com
  server {
      add_header  Cache-Control public;
      access_log  /var/log/nginx/access.log main buffer=32k;
      error_log   /var/log/nginx/error.log info;
      expires     31d;
      limit_conn  gulag 5;
      listen      127.0.0.1:8080 rcvbuf=64k backlog=128;
      root        /htdocs;
      server_name mydomain.com www.mydomain;
 
     ## Only allow GET and HEAD request methods
      if ($request_method !~ ^(GET|HEAD)$ ) {
         return 444;
      }
 
     ## Deny illegal Host headers
      if ($host !~* ^(mydomain.com|www.mydomain.com)$ ) {
        return 444;
      }
 
     ## Deny certain User-Agents (case insensitive)
     ## The ~* makes it case insensitive as opposed to just a ~
     if ($http_user_agent ~* (Baiduspider|Jullo) ) {
        return 444;
     }
 
     ## Deny certain Referers (case insensitive)
     ## The ~* makes it case insensitive as opposed to just a ~
     if ($http_referer ~* (babes|click|diamond|forsale|girl|jewelry|love|nudit|organic|poker|porn|poweroversoftware|sex|teen|video|webcam|zippo) ) {
        return 444;
     }
 
     ## Redirect from www to non-www
      if ($host = 'www.mydomain.com' ) {
        rewrite  ^/(.*)$  http://mydomain.com/$1  permanent;
      }
 
     ## Stop Image and Document Hijacking
      location ~* (\.jpg|\.png|\.css)$ {
        if ($http_referer !~ ^(http://mydomain.com) ) {
          return 444;
        }
      }
 
     ## Restricted Access directory
      location ^~ /secure/ {
            allow 127.0.0.1/32;
            allow 10.10.10.0/24;
            deny all;
            auth_basic "RESTRICTED ACCESS";
            auth_basic_user_file /var/www/htdocs/secure/access_list;
        }
 
     ## Only allow these full URI paths relative to document root. If you only want
     ## to reference the filename use $request_filename instead of $request_uri
      location / {
        if ($request_uri ~* (^\/|\.html|\.jpg|\.org|\.png|\.css|favicon\.ico|robots\.txt)$ ) {
          break;
        }
        return 444;
      }
 
     ## Serve an empty 1x1 gif _OR_ an error 204 (No Content) for favicon.ico
      location = /favicon.ico {
       #empty_gif;
        return 204;
      }
 
      ## System Maintenance (Service Unavailable)
      if (-f $document_root/system_maintenance.html ) {
        error_page 503 /system_maintenance.html;
        return 503;
      }
 
     ## All other errors get the generic error page
      error_page 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 495 496 497
                 500 501 502 503 504 505 506 507 /error_page.html;
      location  /error_page.html {
          internal;
      }
  }
}
#
#######################################################
###  Calomel.org  /etc/nginx.conf  END
#######################################################

Ruby, Rails 3.1, and the dreaded “Could not find a JavaScript runtime” error

While deploying a custom Rails 3.1 application I came across the following error.

Could not find a JavaScript runtime. See https://github.com/sstephenson/execjs for a list of available runtimes.

The fix was simple.

Add these gems to your application Gemfile

gem 'execjs'
gem 'therubyracer'

And run bundler.

$ bundle install