Tarotoast’s Stuff

GDM over VNC was great, until I discovered FreeNX. FreeNX was based on NX technologies by NoMachine. Quoted from Wikipedia:

NX technology is a computer program that handles remote X Window System connections, and attempts to greatly improve on the performance of the native X11 protocol to the point that it can be usable over a slow link such as a dial-up modem.

You see that right, dial-up modem. It’s been three days now since I’ve installed FreeNX on the Hardy VPS on SliceHost. Result? Impressive. Not only there’s barely anything you have to configure, it also tunnels connections through ssh by default to give better security. What makes it a winning choice is that it does not get disconnected :) In the previous VNC setup, if I’m disconnected and server did not realize, I have to log in and do a kill-all-pid-by-user script to finish off all processes related to the dead x-session. Maybe there’s workaround (I’m pretty sure there is), but I didn’t bother looking it up. With NX, say byebye to disconnections and hello to the sweet working x-session. Installation instruction for Ubuntu Gusty and Hardy is availble here: Installing FreeNX in Ubuntu 7.10 Gutsy. Summary:

1. Add apt-source and key:
   deb http://www.datakeylive.com/ubuntu hardy main
   deb-src http://www.datakeylive.com/ubuntu hardy main

   wget http://www.datakeylive.com/ubuntu/dists/gutsy/wjeremy.key -O - | sudo apt-key add -
   sudo apt-get update

2. Install all necessary packages (seperately install X if you haven’t):

   sudo apt-get install expect openssh-server tcl8.4 dbus-x11 libxcomp3 libxcompext3 libxcompshad nxlibs nxagent nxproxy nxclient freenx-server

3. Make sure font path in /etc/X11/xorg.conf is set correctly like the following:

   Section "Files"
   
   # path to defoma fonts
         FontPath     "/usr/share/fonts/X11/misc"
         FontPath     "/usr/share/fonts/X11/100dpi/:unscaled"
         FontPath     "/usr/share/fonts/X11/75dpi/:unscaled"
         FontPath     "/usr/share/fonts/X11/Type1"
         FontPath     "/usr/share/fonts/X11/100dpi"
         FontPath     "/usr/share/fonts/X11/75dpi"
         FontPath     "/var/lib/defoma/x-ttcidfont-conf.d/dirs/TrueType"
   EndSection

4. Add user:

   sudo nxserver --adduser xxxx

5. Download Client

總之，很好用就是了 XD

警告，這很惡搞 XD

Why would you do that? Because you can! And the fact that it’s a VPS/Dedicated Server, chances are its Internet connection is a lot faster than yours. As root, the following steps are tested working for Ubuntu 7.10 Gutsy.

1) Install Gnome, vnc4server, inetd
apt-get install gnome compiz vnc4server openbsd-inetd

2) Enable XDMCP
Edit /etc/gdm/gdm.conf
Look for:
[xdmcp]
Enable=false

Change it to:
Enable=true


3) Configure inetd:
Edit /etc/inetd.conf, add (one line):
5901 stream tcp nowait root /usr/bin/Xvnc Xvnc -inetd :1 -query localhost -geometry 800x600 -once -fp /usr/share/fonts/X11/misc -DisconnectClients=0 -NeverShared securitytypes=none -extension XFIXES
Now restart inetd with service restart openbsd-inetd

4) Restart GDM
service restart gdm

DONE. Now you can access your VPS as a GNOME desktop with with any vnc client at serveraddress:1, :1 being the display. You can add multiple displays for multiple desktops at the same time ;)

好孩子不要嘗試喔 XD

On my 1&1 VPS II server, it comes with only 256MB of dedicated memory, which is pathetic. If I run a separate mysqld, it’s going to take 1xxMB away from this super limit memory pool. It makes sense to me to make use of MySQL databases on another shared hosting account. BlueHost and HostMonster both comes with firewall enabled by default for their MySQL servers. Going about white listing server’s IP can be done via:

1. Launching remote firefox session, which takes your patient and the hassle of all those x window configs.
2. Setup VPN on the server, and use server’s IP to to whitelist itself.

But the connection between the VPS server and Shared Host’s MySQL database is insecure. It’s natural to come to this conclusion as the best option: ssh tunnel.

Assuming you have shell access to both VPS and Shared Host, and both are running OpsnSSH.

Setup Public Key Authentication

1. Login to VPS with account you want to create the tunnel

2. cd ~/.ssh

   (create it if not exist)

3. ssh-keygen -t dsa

4. Securely transfer id_dsa.pub to the Shared Hosting’s home directly, something like this:

   scp id_dsa.pub sharedhost:/home/username/.ssh/server_id_psa.pub

5. Login to Shared Host

6. cd ~/.ssh
   cat server_id_psa.pub >> authorized_keys

7. Switch back to VPS, try logging into Shared Host using public key authentication:

   ssh username@sharedhost

   If everything is setup properly, no password is prompted.

If in doubt, [this] is a good place to consult about Public Key Authentication.

Setting up a host name

When MySQL is connecting to localhost, it will try to use socket, regardless of the efforts trying to tell it the service is actually not running on localhost, but rather a tunnel to a remote host. To overcome this issue, create an entry in /etc/hosts:

127.0.0.1 localhost mysqlhost

This points the host name ‘mysqlhost’ to 127.0.0.1 which essentially is also localhost, but mysql is too dumb to understand.

Create the tunnel

1. First, stop the local mysqld. As root:

   service stop mysqld

2. Login to VPS with username previously configured with public key authentication to Shared Host
3. create tunnel:

   ssh -f username@sharedhost -N -L 3306:localhost:3306

   This creates a ssh tunnel in background and forward connection to port 3306 on localhost to port 3306 on sharedhost.

4. Make change in php to reflect the database names, users, password on Shared Host, and most importantly, instead of localhost, use mysqlhost in configuration files.

Automate the process

What if the ssh tunnel died? What if the VPS restarts? How to make sure the connection stays live? The answer is to use autossh.

1. As root:

   yum install autossh

2. Edit /etc/rc.d/rc.local, add this line at the bottom:

   su VPSusername -c 'autossh -M 5307 -f SHAREDHOSTusername@sharedhost -N -L 3306:*:3306' &

   This tells the server to execute the command in ‘ ‘ as VPSusername and put the process into background at startup. autossh will use port 5307 to monitor the ssh tunnel to sharedhost, and reconnect if it drops. Also make sure to disable the local MySQL daemon from starting automatically, or the tunnel cannot be created.