tutorials

A Chroot environment is usually a folder on your filesystem that contains the entire base system for an operating system.

This tutorial will assume you are installing debian squeeze into a folder /chroot/squeeze

You can create a chroot environment itself using debootstrap.

richard@vpceh:~$ debootstrap squeeze /chroot/squeeze http://ftp.uk.debian.org/debian

That sets up the base packages, and then you need to mount the extra filesystems, and create the list of mounted systems.

The /dev filesystem contains all the device nodes for your system. I find it easiest to bind-mount this from the host operating system.

richard@vpceh:~$ sudo mount -o bind /dev /chroot/squeeze/dev

The /proc filesystem contains information about current running processes. This is mounted using the following command

richard@vpceh:~$ sudo mount -t proc none /chroot/squeeze/proc

you can then chroot into the system using the command

richard@vpceh:~$ sudo chroot /chroot/squeeze /bin/bash

Finally, just read the mounted filesystems into /etc/mtab by running

root@vpceh:/# cat /proc/mounts > /etc/mtab

and then you can perform operations as if you were on your own base system :)

get_iplayer is a nifty little tool that allows you to download iPlayer programmes (either radio or TV) to your computer.

Installation on Debian is very easy. Just fire up a terminal, and use apt-get.
You can, of course, use synaptic or any other package management tool that interfaces with apt, but I use apt-get

apt-get will ask you to confirm that you want to install the dependencies, which is fine.

Once it is installed, you can browse available programmes, download specific programmes, or download any programme that matches a string. Examples are below:

Browse Programmes

Download Specific Programme

This will then go on to download the programme.

Download all programmes matching a string

Downloading a programme from a URL
If you've found the programme you want on the iPlayer website, then you can download from a specific URL. To do this:

Note the quotation marks around the URL. These are required

It is worth noting that get_iplayer will default to downloading as an FLV file (which won't play on everything) unless it can find ffmpeg on the system. To install ffmpeg, just run
richard@eee:~$ apt-get install ffmpeg
then get_iplayer will convert it to a nice mp4 for you

SSH and SCP are wonderful tools. I use them all the time for moving files, managing servers, and anything else I need to do on a remote system.

One thing that gets me though is the way I have to type my password every time. Enter SSH Keys...

SSH keys are a private/public keypair system for authenticating you when logging into a remote machine by SSH. The private key sits on the client, and the public key can sit on as many servers as you wish.

Setting up SSH keys is easy. On your client machine, you need to generate the keypair. Fire up a shell, and run
richard@eee:~$ ssh-keygen

There are options for ssh-keygen, such as setting the encryption type, and number of bits, but I'm happy with the defaults.

The program will prompt you for where to save the file (the default ~/.ssh/id_rsa is fine), and then for a passphrase. It isn't good form to leave an empty passphrase, as then anyone who gets your private key would be able to use it to get into any of your servers. I know, it means that you have to enter a password when you're using SSH, but at least you can have a shorter password than the 41 character alpha-numeric password your sysadmin forces you to use!

ssh-keygen will then show you what your key looks like (as a randomart picture), and write the keypair to the file you specified.

So now you have a keypair, you need to copy the public part to your server.

richard@eee:~$ scp .ssh/id_rsa.pub remoteserver:~/

This will copy the id_rsa.pub file (the public part of your key) to your remote server, into your home directory.
Then, ssh to your server, and run
richard@remoteserver:~$ cat id_rsa.pub >> .ssh/authorized_keys2

This will append your public key to the authorized keys for this account.

Note, you can have more than one key for a single account. So, if you have a laptop, and a desktop, then you might have the key that is on your laptop able to log into some servers, and the key from your desktop able to log into more servers (because your desktop is less likely to be stolen!).

Terminate the SSH session, and then try logging in with your new SSH keys. It should drop you straight in!

OK, so I was doing some work on my site, and wanting to redirect everyone but me to a separate version of the site (so I could play around as much as I wanted with the main version, and nobody would notice).

This is really easy, it turns out, using mod_rewrite in apache.

First, you need to know what IP address (or addresses) you want to exclude. This is fairly easy, just use a site like whatismyip to find out your external address.

Then comes the mod_rewrite magic.

RewriteEngine on
RewriteCond %{HTTP_HOST} ^www.rf152.co.uk$ [NC]
RewriteCond %{REMOTE_ADDR} !^10\.20\.30\.40$
RewriteRule ^(.*)$ http://www2.rf152.co.uk/$1 [L,QSA]


The first line turns the rewrite engine on (you don't need to do this if it's already turned on further up)
The second line specifies the site you are directing away from (in my case, my main www site). This ensures that if, like me, the www2 is in a subsite of the www, then it doesn't create a redirection loop.
The third line is specifying the ip address to exclude. I have used 10.20.30.40, but if it was a live site, it would be an external one.
The final line is the line that actually does the rewriting. It says to redirect anything to www2.rf152.co.uk. The [L,QSA] part means that this will be the last rule applied, and it will attach the QueryString from the first request