Shahid's Story

Opening a port in Ubuntu VM (OCI - Oracle Cloud Infrastructure)

Shahid Kamal — Wed, 30 Aug 2023 11:44:06 GMT

Whether you're setting up a web server, database, or other services on a virtual machine (VM) in Oracle Cloud Infrastructure (OCI), you'll often need to open specific ports to allow incoming traffic. Opening a port in OCI VM is not as straightforward as other cloud providers. OCI makes use of iptables so there's an additional step involved to make it work.

Assuming you've

Create a VM and have a service running on a port
Opened the port in your security list and security group

SSH to the VM

First, let's ssh to our VM. We need to save our current iptables by running below command in the SSH shell

iptables-save > current-rules.txt

After that, we need to run the below command to allow all traffic to flow.

sudo iptables -I INPUT -j ACCEPT

This will temporarily enable the flow of all traffic. Test everything and make sure it works.

After you've verified everything is fine, we need to persist this rule across reboots.

Run the below command

sudo iptables-save -f /etc/iptables/rules.v4

This will persist the rule across reboot.

Now, for any firewalling, you need to use either a security list or a security group.

Credit goes to https://stackoverflow.com/a/73400079

Happy OCI'ing

Building Your First Virtual Router Using PFSense/OPNSense and Proxmox

Shahid Kamal — Sat, 10 Sep 2022 17:31:05 GMT

I've been thinking about virtualizing my router for a long time now. It gives excellent control over what goes in and out of your network. Plus you can do all sorts of cool things like running a VPN server, a recursive DNS server and more. I had a spare laptop lying around that I rarely use. It got a core i7 9th gen, 32 GB ram and 1 TB of SSD, which is more than enough to run proxmox.

Prerequisite

A pc/laptop with a fresh installation of proxmox
OPNSense/PFSense ISO downloaded and uploaded to proxmox
A switch that supports 802.1q port tagging, I used the TP-Link SG108E switch.

Making Proxmox VLAN Aware

When you set up proxmox the first time, it will automatically create a network bridge and most probably the name will be vmbr0. Go to Your Node > Networks and it will look something like below

To make your NIC VLAN award, just select the bridge vmbr0 and click edit.

Click the VLAN Aware checkbox and click ok. You will see a button "Apply Configuration", click that and wait for some time for network services to reload.

Congratulations, your proxmox can now receive and send VLAN traffic.

Creating PFSense/OPNSense VM

The next step will be to create a VM and configure network interfaces. So go ahead and create VM and once it's complete go to the hardware tab of the VM

You will see there's one network device added to it that you have selected during the creation process. Make sure this device uses vmbr0 as a bridge and there's no VLAN. We will use this device as a WAN interface for our router.

Now, click Add and select a network device

This time everything stays the same as above, the only thing that needs to change is the VLAN tag. Enter a VLAN tag (i.e. 10) that you will use for LAN traffic. It does not matter what you enter but make sure you don't enter a VLAN that switch uses as a Native VLAN ID. Click Add and you're done.

Now, complete the setup of PFSense/OPNSense. Do note that you have to assign the correct WAN and LAN interfaces or else it won't work. In my case, I saw the names vtnet0 and vtnet1 in the setup wizard. So vtnet0 became my WAN as it's the first network device in the hardware tab of the VM and vtnet1 became LAN.

Congratulation, you're almost done.

Configuring Switch

Here the steps will change depending on the switch you use. I will show you how I configured my TP-Link SG108E switch. The basic configuration will stay the same across the switch manufacturer, UI may change.

We are going to pick WAN and LAN ports on our switches. The port that connects to the proxmox machine automatically becomes the WAN port. Now it's up to you to pick LAN ports. In my case -

PORT	PURPOSE
PORT 1	CONNECTS ISP MODEM
PORT 2	EMPTY
PORT 3	PROXMOX WAN PORT
PORT 4-7	EMPTY
PORT 8	LAN PORT - CONNECTS TO WIFI AP

After you've decided on WAN and LAN ports make the below configuration to your switch

Configure proxmox WAN and LAN to be a member of VLAN ID (i.e. which you've entered in proxmox VM above)
Proxmox WAN port is set as TAGGED port, so it accepts LAN traffic on the above VLAN ID
Proxmox WAN port is also part of native VLAN ID, in my case VLAN 1. Here if you have the default configuration of the switch it should work. This needs to make proxmox WAN work.
Set LAN port Primary/Native VLAN ID to the VLAN ID you entered above. This is for the devices that do not support VLAN Tagging.

This is how it looks in my switch -

Primary/Native VLAN ID configuration -

Troubleshooting

In case you can't access PFSense/OPNSense from LAN, make sure you've entered the correct gateway and IP address when configuring LAN. I forgot to set the gateway and it took 1 day to figure that out.
Reboot your proxmox host after VLAN configuration if something is not working.
Wait for some time to switch to process the configuration, for me it took a couple of seconds to re-configure the ports.

That's all. Congratulations, you've virtualized your router.

Run your CI/CD runner with Gitlab Runner in 2 minutes

Shahid Kamal — Sun, 30 Jan 2022 09:39:21 GMT

I really like Gitlab for their CI/CD services. And specially their generous free usage offering. These month I've been running out of CI/CD minutes. So I decided to run my own runner inside a VM which I don't use that much.

Prerequisites

Docker installed

Step 1

Registering our runner to Gitlab. You'll need to get the Runner registration token from the Project Setting > CI/CD page. It'll look something like below

Let's register our runner.

docker run --rm -it --name gitlab-runner      -v /srv/gitlab-runner/config:/etc/gitlab-runner      -v /var/run/docker.sock:/var/run/docker.sock      gitlab/gitlab-runner:latest register

We're doing a few things here.

First we are running gitlab-runner container and asking it to register itself to Gitlab.
We're also mounting docker.sock to the runner container so that it can spin a new docker container for our CI/CD pipeline
We're mount a config directory so our configuration is persisted across the container restart.

Once you run above it will ask you two thing, Gitlab instance URL and your registration token. Just fill in what you obtained from above step.

Once that's done. We need to run the gitlab-runner container.

Let's run it

docker run -d --name gitlab-runner --restart always      -v /srv/gitlab-runner/config:/etc/gitlab-runner      -v /var/run/docker.sock:/var/run/docker.sock      gitlab/gitlab-runner:latest

Remember we are mounting the same config directory, and it is important otherwise gitlab-runner won't run.

And that's all. Now if you refresh the CI/CD settings page you will see your runner listed there.

How to exclude a route from caching in nest.js

Shahid Kamal — Thu, 13 Jan 2022 02:32:21 GMT

I love working with Nest.js, it's such an excellent framework for teams to build a scalable backend server. Recently, I've been working on caching all our routes. It worked well for a few days then I noticed I missed an endpoint that can not be cached, which was to generate a coupon code. Imagine two customers ending up with the same coupon code. I immediately started looking at how to ignore a certain route while using global caching in nest.js but to my surprise, there is no pre-built decorator or config to do that. But there are simple ways to achieve that.

Nest.js uses CacheInterceptor to intercept our HTTP request and decide whether to cache it or not. We can create our own custom interceptor that extends default CacheInterceptor and add some logic to ignore a route.

A suggested way can be found on StackOverflow but I did not want to hard code the route paths in my interceptor.

There's another way we can do it by combining our custom CacheInterceptor and a CustomDecorator.

First, we need to create a custom cache interceptor. Note that this is slightly different from the accepted StackOverflow answer.

my-cache.interceptor.ts

import { CacheInterceptor, ExecutionContext } from '@nestjs/common';

export class MyCacheInterceptor extends CacheInterceptor {
  protected isRequestCacheable(context: ExecutionContext): boolean {
    const http = context.switchToHttp();
    const request = http.getRequest();

    const ignoreCaching: boolean = this.reflector.get(
      'ignoreCaching',
      context.getHandler(),
    );

    return !ignoreCaching || request.method === 'GET';
  }
}

Here, we're overriding a method on default interceptor isRequestCacheable which tells nest.js whether to go ahead and cache it or ignore it. In this method, we are using nest.js Reflector to get the metadata value. If metadata ignoreCaching is set to true, we tell nest.js to ignore it otherwise cache it if the request method is GET. We're going to create a custom decorator to set this metadata value.

Let's create a no-cache.decorator.ts file somewhere -

import { SetMetadata } from '@nestjs/common';

export const NoCache = () => SetMetadata('ignoreCaching', true);

We're almost done. Now let's test it. Let's use this decorator in our controller


@Controller('coupon')
export class CouponController {
  constructor(private readonly couponService: CouponService) {}

  @Get('code')
  @NoCache()
  code() {
    return this.couponService.generateCode();
  }

}

and, that's all. Now any controller which is decorated with NoCache will be ignored from caching. Pretty Neat right?

Setup Redis with TLS using Docker

Shahid Kamal — Fri, 07 Jan 2022 18:12:41 GMT

Recently, I was trying to set up Redis for a production environment and I must say it was a bumpy ride. I ran into a lot of problems while setting up TLS.

If you don't know What is Redis?

Redis is an open-source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. - redis.io

In this guide, I will show you how you can set up Redis w/ TLS using Docker. The TLS part can be used for standalone installation. But bear in mind, you will need to build Redis from the source in order to use TLS in standalone mode.

So, let's get started.

Prerequisites

Docker installed.
Docker Compose Installed.
A client to test the Redis installation. I recommend, https://github.com/ekvedaras/redis-gui. It's simple but feel free to use whatever you like.

Running the Redis container

Let's run the Redis container without TLS first -

Create a file compose.yml and paste the content below.

services:
  redis:
    image: docker.io/bitnami/redis:6.2
    user: "${UID}:${GID}"
    environment:
      - ALLOW_EMPTY_PASSWORD=false 
      - REDIS_PASSWORD=the-stronge-one
      - REDIS_DISABLE_COMMANDS=FLUSHDB,FLUSHALL
    ports:
      - '6379:6379'
    volumes:
      - 'redis_data:/bitnami/redis/data'

volumes:
  redis_data:
    driver: local

In the compose.yml file we are doing

Specifying an image to run. Here I picked binami image instead of the official docker image since it has the ability to run with TLS without needing to be built from the source.
Specifying the port 6379 and a docker volume to persist the data.
Setting some environment variables

Let's run the container

docker-compose up -d

Your container should be up and running. You should be able to connect to your Redis instance by using Redis GUI or any other client. Make sure you do not specify any TLS options as we will come to that later in this guide.

Generating Certificates

In order to run Redis with TLS, we need to supply our own SSL certificate. You can buy one or for this use case we don't need to buy but generate our own self-signed certificate for both our Redis instance and the client connecting to it. This was the part that was most troublesome for me.

This might be confusing but bear with me and it should be fine.

The Script

We can do this step manually but since on the Redis GitHub repository, there is a script that generates some certificates for our use case, we will use that.

wget https://raw.githubusercontent.com/redis/redis/cc0091f0f9fe321948c544911b3ea71837cf86e3/utils/gen-test-certs.sh

Once the script is downloaded, let's run it by

sh gen-test-certs.sh

The script will create a tests/tls folder, which contains all the certificates we will need.

Additionally, you can modify the script to add your organization name, fqdn, and other important parameters for the SSL certificate. Go ahead and take a look at the files in that directory.

We're interested in the below files -

redis.crt
redis.key
ca.crt
client.crt
client.key

Let's go to the next step, which is to update our compose.yml file and include these certificate files to tell Redis to start with TLS.

Configuring TLS

Let's tell Redis container about the above files by specifying them as environment variables. Here, the best part of bitnami image is you can do start the container with TLS without building the original redis image again.

Update your compose.yml file to match below


services:
  redis:
    image: docker.io/bitnami/redis:6.2
    user: "${UID}:${GID}"
    environment:
      - ALLOW_EMPTY_PASSWORD=false
      - REDIS_PASSWORD=the-strong-one
      - REDIS_DISABLE_COMMANDS=FLUSHDB,FLUSHALL
      - REDIS_TLS_CERT_FILE=/tls/redis.crt
      - REDIS_TLS_KEY_FILE=/tls/redis.key
      - REDIS_TLS_CA_FILE=/tls/ca.crt
      - REDIS_TLS_ENABLED=yes
      - REDIS_TLS_PORT=6379
    ports:
      - '6379:6379'
    volumes:
      - 'redis_data:/bitnami/redis/data'
      - ./tests/tls:/tls

volumes:
  redis_data:
    driver: local

Notice that we've specified the environment variable and specified a path (i.e. /tls/*) inside the container for cert files. And we mounted the cert files folder (i.e. ./tests/tls) to the container on the same path (i.e. /tls*).

Phew! That's it. Now we can run our container again and it will start with TLS enabled.

docker-compose up -d

Now, test with your client. You will need to configure your client to use our self-signed client certificate and ca certificate to connect.

Happy Caching.

Feel free to ask if you face any problems on the way.

How to add x minutes to a date in MongoDB aggregation?

Shahid Kamal — Thu, 27 May 2021 03:15:32 GMT

So I needed to know occupied time for an staff from orders they've been assigned. A customer creates an order and one or more staffs are assigned to that order for services that customer has requested. To get the insights of orders and staff schedule time, I needed to write some aggregation.

The MongoDB schema for orders collection is like this -

{
  orderNum: Number,
  scheduledAt: Date,
  services: [{
    staffId: ObjectId,
    averageTimeMinute: Number // time taken to complete the service
    // ....
  }],
  // ...
}

scheduledAt tells when is the service scheduled to be serviced to the customer. And averageTimeMinute tells the average time takes for that service. The problem here is the scheduledAt is a Date while averageTimeMinute is minutes in Number. And I needed to come up with a solution that gives us a range of time when the staff is assigned to do the service. That can be calculated using plain javascript by -

const fromTime = scheduledAt;
const endTime = new Date(scheduledAt);
endTime.setMinutes(endTime.getMinutes() + services[i].averageTimeMinute)

But the better way of doing anything like this, is with the help of MongoDB aggregations. It is very powerful to manipulate data in a way we want. If you don't know what an aggregation is, you can think of it like a pipeline where you input data from one end and it does something with data and outputs from another end.

The thing is aggregations are hard to understand and write. After hours of trial and error, I finally came up with an aggregation which will give me the desired output I need. Here it is

db.getCollection("orders").aggregate([
  { $unwind: { path: "$services" } },
  {
    $group: {
      _id: "$service.staffId",
      services: {
        $push: {
          start: "$scheduledAt",
          end: {
            $toDate: {
              $add: [
                { $toLong: "$scheduledAt" },
                { $multiply: ["$services.averageMinuteTime", 60000.0] },
              ],
            },
          },
        },
      },
    },
  },
]);

So the trick here is, since scheduledAt is a Date and averageMinuteTime is a Number, we need both of these in same unit, Number. So the first step was to convert scheduledAt to a unix timestamp and in mongo we can do like this

{ $toLong: "$scheduledAt" }

Now we have both in same type, Number, we also need to make both numbers in same type. Now scheduledAt is in miliseconds, we also need to make our averageMinuteTime into miliseconds. We can do it by multiplying by 60000. And in MongoDB we can do like this -

 { $multiply: ["$services.averageMinuteTime", 60000.0] },

Now, both our scheduledAt and averageMinuteTime is in same type and unit. Let's add both and we will get our desired endTime for the service.


$add: [
   { $toLong: "$scheduledAt" },
   { $multiply: ["$services.averageMinuteTime", 60000.0] },
],

And the last step is to convert it back to date, which in very easy to do -


$toDate: {
  $add: [
     { $toLong: "$scheduledAt" },
     { $multiply: ["$services.averageMinuteTime", 60000.0] },
  ],
},

and here it is, we got out desired output from the pipeline. Now I can render beautiful charts to see when our staffs are scheduled to work.

I hope you found this interesting. Please let me know if you have any feedback.

Thanks

Basic APIs Testing with JEST and SuperTest

Shahid Kamal — Sun, 09 May 2021 07:20:53 GMT

Testing is a very important part of a developers' career. We often find ourselves testing our code manually, decreasing productivity and introducing ground for nasty bugs to surface. Many developers prefer to test code manually because they find it difficult to set up the test environment. Often I found myself refactoring a large part of code to make it testable.

In this article, we will see how easy it is to set up unit testing by creating a hello world API in node.js.

Creating a basic server

Let's create a folder and init a node.js project.

$> cd hello-world-test
$> npm init --yes

This will create a package.json file to track project dependencies.

We need to install express. If you don't know, express is a web framework. And we will use it to create our hello world API

$> npm i express

Now let's create our main entry point file. Create a file server.js

const express = require('express')
const app = express()

// start the server on port 3000
app.listen(3000)

Let's create our hello world api. Edit your server.js file to match following -

const express = require('express')
const app = express()

// hello world api
app.get('/', (req, res) => {
  res.send({ message: 'hello world' })
})

// start the server on port 3000
app.listen(3000, () => {
  console.log('server started')
})

Let's start our server and see

$> node server.js

You should see server started printed in the console. We are good to go.

Testing our API

To test our hello world API, we need to make few changes to the server.

First, let's create a new file named app.js. This file will export our express app but won't start the server. This is required for the supertest library.

app.js

const express = require('express')
const app = express()

// hello world api
app.get('/', (req, res) => {
  res.send({ message: 'hello world' })
})

// export our express app
module.exports = app;

and let's modify our server.js file to use the express app instance from app.js.

server.js

const app = require('./app');
// start the server on port 3000
app.listen(3000, () => {
  console.log('server started')
})

Now we're ready to set up our API testing. We need our testing and assertion libraries.

Let's install

$> npm install -D jest supertest

Let's create a folder tests and create a file hello-world.spec.ts, and add the following.

const request = require('supertest');
const app = require("../app");


describe("test hello-world", () => {
  it("should return hello world", (done) => {
    request(app)
      .get("/")
      .expect("Content-Type", /json/)
      .expect(200)
      .then((response) => {
        expect(response.body.message).toBe("hello world");
        done();
      })
      .catch((e) => done(e));
  });
});

Finally, let's run our test and see it passing -

$> npx jest

If everything worked as expected, you should see below.

 PASS  tests/hello-world.spec.js
  test hello-world
    ✓ should return hello world (18 ms)

Test Suites: 1 passed, 1 total
Tests:       1 passed, 1 total
Snapshots:   0 total
Time:        0.872 s, estimated 1 s
Ran all test suites.

This means we have created an endpoint and ran a test to verify the response of the endpoint.

If you are still struggling you can see and compare your code from the source code found here.

And you can also connect me on Twitter.

I hope you find this article helpful. Let me know your suggestions in the comment.