Code, Security and Server Stuff

Views are my own and not my employer's.

Personal Development Blog...

Coding for fun since 1996, Learn by doing and sharing.

Buy a domain name, then create your own server (get $25 free credit)

"If you're not still learning, you're already dying."
- Ryan Holiday - Ego is the Enemy

Follow me on Twitter: @FearbySoftware

View All Posts.

Block

Setting up additional server storage on cloud servers (block storage on Vultr)

by

Vultr has a generous disk quota with the cloud servers you can set up. But what do you do when you want more space than the default allocation (for backup or application data)?

Advertisement:



I have blogged before about setting up an Ubuntu server on the cloud on Vultr and configuring it if you do not already have a cloud server.

Vultr allows you to set up a server in minutes.

Server

A Vultr $2.5 a month server comes with 20GB storage, a $20 a month server comes with 60GB of SSD storage.

Vultr does offer more storage for about 0.10c per GB. At this time or writing Vultr allows you to add more storage to serves in NY/NJ (only). Read my guide on moving data between servers with RSync. And cond forget yo secure your server with a free SSL certificate and secure it (read more here and here).

An additional 10GB of storage would cost $1/m.

10GB

An additional 50GB of storage would cost $5/m.

50GB

An additional 100GB of storage would cost $10/m.

100GB

An additional 250 GB of storage would cost $25/m

250GB

View the Vultr pricing calculator hereVultr does say that you can resize your block storage volume but there are manual actions and risks involved so get the space you need early on and prevent resizing later.

Read the Vultr Block Storage FAQ here: https://www.vultr.com/docs/block-storage

Vultr did offer early customers in (limited location’s) a free 50GB storage (read more on these limits here).

I am going to spin up a Block storage and attach to my server in Sydney.

fyi: Read the official guide on Attacking Block Storage to a Vultr server.

1. Login to your Vultr admin panel ( https://my.vultr.com/ ) and click Block Storagehttps://my.vultr.com/blockstorage/ ).

2. Click Add Block Storage

Add Block Storage

3. Choose the size of your block storage volume.

New Block Storage

Darn, I can’t choose Syndey yet as a location to create a block storage volume (I have asked Vultr when we can) so I’ll continue this guide with my existing (free) 50GB volume in New Jersey) and mount it in a server in NY/NJ (and also Syndey).

It appears I can’t connect to a  Block Storage volume outside the block storages location (data centre).

Manage Block Storage

 

You will need to attach the block storage volume to the server at that data centre location or you will get this error when you try and connect to it later.

Error

 

In my case, the server did not automatically restart so I manually restarted it.

 

Connecting the Block Storage to your VM

From the Vultr admin panel ( https://my.vultr.com ), Block Storage ( https://my.vultr.com/blockstorage/ ) you can manage individual Block Storage volumes and see the mounting information.

e.g

FYI: You can only connect to a  block storage from the same location (one server at a time I’d imagine).

4. From he Vultr Admin panel SSH into the server (in the same location).  See my guide here on setting up a Vultr server and configuring it.

Vultr say’s “Block storage is connected to your server as /dev/vdb. We do not create any filesystems on it by default.” Official Block storage documentation is located here.

5. Run the commands listed in the Block Storage screen (above)

Mount

Error: In my case, the echo command failed  add to configuration to the /etc/fstab file (even with sudo) and the mount command failed?

I checked the /etc/fstab file contents

I manually edited the /etc/fstab file and added the mount point configuration as suggested by Vultr.

Contents

6. I re-ran the mount command

sudo mount /mnt/blockstorage
#

Success

I can now directory list in the block storage volume.

ls /dev/vdb1 -al
brw-rw---- 1 username disk 253, 17 Nov  7 21:18 /dev/vdb1

 

Now let’s attach it to another folder in the root folder (e.g /data)

First, unmount the volume

Edit the /etc/fstab file with sudo nano

Change the mount point somewhere else (e.g /data)

Make a folder in the new path (/data), If you don’t do this the mount will fail.

Remount the volume (but use the new path)

sudo mount /data

You can now use the path and new storage.

cd /data
mkdir /data/test
cd /data/test
pwd
# /data/test/
sudo nano /data/test/test.txt

Nice

 

Disposing of Block Storage

TIP: Move or backup any data before you destroy or detach the volume.

First, you will need to unmount the volume (SSH session with your server).

Then remove the entry from the /etc/fstab file

Then you can navigate to the https://my.vultr.com/blockstorage/ and edit the said block storage volume and detach the volume (this will cause the server to reboot).

Detatch

After a few minutes you can delete the volume from the edited Block Storage Volume page  (click the Trashcan up the upper right).

Detatch

Done, You can now add and remove Block Storage volumes on Vultr.

 

How to check the disk usage of the block storage volume

You may need to remind yourself of the block storage volume (cat the /etc/fstab file and view the drive information on the mount line).

cat /etc/fstab
# .. /dev/vdb1 ..

How much space is used/free

df -h /dev/vdb1
Filesystem      Size  Used Avail Use% Mounted on
/dev/vdb1        50G   52M   47G   1% /data

You can also show the usage information in that mounted folder

du -xsch /data
10G     /folder1
10G     /folder2
20G     total

Use the pydf tool to view mounted partitions

Install pydf

Use pydf

 

Troubleshooting

  • You need to attach the block storage volume and reboot in the Vultr admin panel before mounting.
  • The echo command (as documented by Vultr) may not add information to the /etc/fstab file (a manual edit will work).

 

 

How to Resize a Block Storage Volume on Vultr.

Coming soon (if requested below).

 

Donate and make this blog better


Ask a question or recommend an article

Your Name (required)

Your Email (required)

Your Question

v1.2 added disk usage information

Blocking XCode iOS Simulator App traffic with the help of Little Snitch firewall

by

Backend Considerations

I have been developing a mobile app using XCode and Swift 3 for a while now, I have been very focused on developing a scalable and robust back ends on multiple servers using different services. Loads of experts say you only have two chances to keep users engaged before they leave your app because of speed or silly error messages or slow apps.  Part of having a trustworthy app is giving users true error messages when errors pop up.  This involves testing and developing for each error scenario.

Advertisement:



I have tried to guess every possible failure point and use HTTP status codes in my app API to inform the user of reasons why something has failed (not just a success/fail).

A typical API’s for my app return these possible HTTP status error codes.

  • 400 – No Body.
  • 401 – Invalid payload (automatically validated multiple ways using node modules like validator).
  • 402 – Invalid input payload (manually validated by my code).
  • 403 – Backend NoSQL database down.
  • 404 – Invalid User
  • 405 – Query returned no results from back end NoSQL database
  • 406 – Invalid Output Payload (from various sources).
  • 407 – User has reached max queries in xx minutes.
  • 408 – Invalid Request
  • etc

I use http://keymetrics.io to monitor my node processes, custom code to notify me when things go down and I use the node package winston to log anything for later review.  I am happy with the throughput, even with the excessive logging and access controls and I am now moving onto the front end of my application.

Front End

I decided to use Swift 3 in XCode 8.2.1 to talk to my JSON API, I am using the Alamofire Networking module in Xcode to handle the network stack (as pure Swift 3 networking code was horrid).

Tip: I had issues with CocoPods to manage the installation of Alamofire so I ended up dropping it and installing it manually.

Once I setup my API setup the code below to query my API (‘/appname/api/v1/login/’) and process the data returned.

let parameters: Parameters = [
    "email": "\(sUsername)",
    "password": "\(sEncryptedHashedPassword)"
]
let headers: HTTPHeaders = [
    "x-access-token": "\(sSingleUseUserAccessToken)",
    "Content-Type": "application/json",
    "Accept": "application/json",
    "DNT": "1 (Do Not Track Enabled)"
]
let theAPIURL = globalSettings.API_LOGIN_PAGE

Alamofire.request("\(theAPIURL!)", method: .post, parameters: parameters, encoding: JSONEncoding.default, headers: headers)
    .validate(statusCode: 200..<201)
    .validate(contentType: ["application/json"])
    .responseData { response in
        switch response.result {
        case .success(let data):
            
            # Debug 
            print("Login Success (200)")
            print("response.request: \(response.request)")  // original URL request
            print("response.response: \(response.response)") // HTTP URL response
            print("reposnse.data: \(response.data)")        // server data
            print("result: \(response.result)")   // result of response serialization
            print("Login Time: \(response.timeline)")  // time
            
            // Processing Successful Login.
            
            let json = try! JSONSerialization.jsonObject(with: data)
            
            // Debug Return Payload
            print(json)
                        
            // Unwraping Payload Preferences

        
            // Assume the App Loads OK (Checks below)
            var local_LoadedOk = "Yes"
                local_LoadedOk = "Yes"
            var local_LoadedNotOKMessage = "Unknown Error"
                local_LoadedNotOKMessage = "Unknown Error"
            
            // API Payload Validation
            
            var local_LoginChecksPassingOK = true
                local_LoginChecksPassingOK = true
            
            // Get the users guid from the API Payload ( simple validation )
            var local_f_guid = (json as! NSDictionary)["f_guid"] as! String
            print("local_f_guid: \(local_f_guid)")
            if local_f_guid != "" {
                // Is the guis the right length?
                if local_f_guid.characters.count == 36 {
                    // ok
                    print(" - guid ok")
                } else {
                    local_f_guid = ""
                    // login guid too short
                    local_LoginChecksPassingOK = false
                    local_LoadedOk = "No"
                    local_LoadedNotOKMessage = "There was an error with your account (login guid error). Please contact support (LoginError_001)"
                }
            } else {
                local_f_guid = ""
                // Error Login Guid Missing
                local_LoginChecksPassingOK = false
                local_LoadedOk = "No"
                local_LoadedNotOKMessage = "There was an error with your account (login guid error). Please contact support (LoginError_002)"
            }
            
        // Get Username from API Payload
            var local_Username = (json as! NSDictionary)["Username"] as! String
            print("local_Username: \(local_Username)")
            if (local_LoginChecksPassingOK == true) {
                print("login validation ok so far")
                // Get Username
                if local_Username != "" {
                    // Check Email for @ symbol
                    if local_Username.characters.count > 0 {
                        // ok
                        print(" - username ok")
                    } else {
                        local_Username = ""
                        // Username Empty
                        local_LoginChecksPassingOK = false
                        local_LoadedOk = "No"
                        local_LoadedNotOKMessage = "There was an error with your account (email invalid). Please contact support (LoginError_003)"
                    }
                    
                } else {
                    local_Username = ""
                    // Username Empty
                    local_LoginChecksPassingOK = false
                    local_LoadedOk = "No"
                    local_LoadedNotOKMessage = "There was an error with your account (email invalid). Please contact support (LoginError_004)"
                }
            }

            
        // Get Email from API Payload
            var local_Email = (json as! NSDictionary)["Email"] as! String
            print("local_Email: \(local_Email)")
            if (local_LoginChecksPassingOK == true) {
                if (local_LoginChecksPassingOK == true) {
                    if local_Email != "" {
                        // Check Email for @ symbol
                        if local_Email.contains("@") == true {
                            print(" - email ok")
                        } else {
                            local_Email = ""
                            // Username Empty
                            local_LoginChecksPassingOK = false
                            local_LoadedOk = "No"
                            local_LoadedNotOKMessage = "There was an error with your account (email invalid). Please contact support (LoginError_005)"
                        }
                    } else {
                        local_Email = ""
                        // Username Empty
                        local_LoginChecksPassingOK = false
                        local_LoadedOk = "No"
                        local_LoadedNotOKMessage = "There was an error with your account (email invalid). Please contact support (LoginError_006)"
                    }
                }
            }
            
            
            // Was there and Error Loading or Saving
            // ... Code Removed

            // Unload other values
            // ... Code Removed
            
            // Save Preferences
            // ... Code Removed
            
            self.loginActivityIndicator.stopAnimating()
            
            // Redirect Back to Main View
            self.lblLoginProcessing.text = "Returning to the Main Screen........."
            let vc = ( self.storyboard?.instantiateViewController( withIdentifier: "mainViewController") )!
            //vc.view.backgroundColor = UIColor.orange()
            vc.modalTransitionStyle = .crossDissolve
            self.present(vc, animated: true, completion: nil)
            
        case .failure(let error):
            
            var sErrorTitle = ""
            var sErrorBody = ""
            print(" - Login Error")
            print(" - - \(error._code)")
            print(" - - \(error)")
            
            if error._code == NSURLErrorTimedOut {
                //timeout
                print("Error: Server Timeout (NSURLErrorTimedOut)")
                sErrorTitle = "Server Timeout"
                sErrorBody = "The login server timed out.\r\n\r\n Error: \(error)"
            }
            
            if (response.response?.statusCode == 402) {
                print("Error: Invalid Password (402)")
                sErrorTitle = "Invalid Password"
                sErrorBody = "The password you entered was invalid.\r\n\r\n Error: \(error)"
                
            } else if response.response?.statusCode == 403 {
                print("Error: Unknown Account (403)")
                sErrorTitle = "Unknown Account"
                sErrorBody = "The account you entered was not found.\r\n\r\n Error: \(error)"
           
            } else if response.response?.statusCode == 408 {
                print("Error: Server Timeout2 (NSURLErrorTimedOut)")
                sErrorTitle = "Server Timeout2"
                sErrorBody = "The login server timed out.\r\n\r\n Error: \(error)"
                
            } else if response.response?.statusCode == 499 {
                print("Error: Invalid or missing token, please update your app (499) ")
                sErrorTitle = "Invalid Version"
                sErrorBody = "The app token was invalid (or outdated), plaase update your app and try again.\r\n\r\n Error: \(error)"
                
            } else if response.response?.statusCode == 503 {
                print("Error: Database Read Error")
                sErrorTitle = "Sever Error (503)"
                sErrorBody = "The server cannot process your login at this time (Error 503).\r\n\r\n Error: \(error)"
                
            } else if response.response?.statusCode == 504 {
                print("Error: Database Write Error (504)")
                sErrorTitle = "Sever Error"
                sErrorBody = "The server cannot process your login at this time (Error 504).\r\n\r\n Error: \(error)"
                
            } else  {
                print("Unknwon Error (\(response.response?.statusCode)")
                sErrorTitle = "Unable to login"
                
                sErrorBody = "The App was unable to login. Please check your mobile and or wifi settings and try again."
                //sErrorBody = "There was an unknown error loging in (Error (\(response.response?.statusCode))\r\n\r\n Error: \(error)"
                self.resignFirstResponder()
            }

            
            self.loginActivityIndicator.stopAnimating()
            self.resignFirstResponder()
            
            // Show Loading Alert
            let alert = UIAlertController(title: "\(sErrorTitle)", message: "\(sErrorBody)", preferredStyle: .alert)
            self.present(alert, animated: true, completion: nil)
            let when = DispatchTime.now() + 5
            DispatchQueue.main.asyncAfter(deadline: when){
                alert.dismiss(animated: true, completion: nil)
            }
            
        }
}

Everything is working like a real app.  If I enter valid credentials my app logs me in.

If I enter incorrect credentials I get an error.

LittleSnitch001

If I stop my Node login service and try and login I get an appropriate error message.

LittleSnitch002

Simulating full or partial network request failures on different endpoints

I checked the iOS Simulator (10.0 running iOS 10.2) that comes with XCode 8.2.1 to find a way to turn off the network to the simulator and I coudl not find an option???

The iOS Simulator lacks the usual Wifi and Mobile configuration options found on iOS devices.

LittleSnitch003

XCode Simulator is lacking network control features.

LittleSnitch004

LittleSnitch005

XCode allows me to see the network stats within my app but not adjust the network layer status.

LittleSnitch007

Like all good developers I opened google and typed “Is it possible to disable the network in iOS Simulator? and found many solutions on how to disable the network in the simulator like:

  • Close the simulator, disconnect from the internet, start XCode and your project and simulator and then connect to the network (that way the simulator stays disconnected until the simulator reboots). – This does not work.
  • “Build a simple Faraday cage to block or limit the external RF signal level”.

w6ehv

  • “Create a walk-in Faraday cage with a desk inside, the Mac will be much easier to work with”.

I did not want to spend minutes disconnecting and reconnecting to the internet or build a faraday cage so I took Felix advice and downloaded an application for OSX called Little Snitch from Objective Development.

Little Snitch

Reading the Little Snitch website the software reminds me of the good old days of controlling everything before Operating System Vendors buried these features.

Snip: “Whenever an application attempts to connect to a server on the Internet, Little Snitch shows a connection alert, allowing you to decide whether to allow or deny the connection. Your decision gets stored as a rule which will automatically be applied to future, similar connection attempts from the same application.

Time to give Little Snitch a go, $34.95 is a bargain if it works as good as it says it does.

Little Snitch

Little Snitch took 5 mins to install (low level).  After it rebooted the Little Snitch Configuration program popped up.

LittleSnitch008

Little Snitch – System Tray Options were available too.

LittleSnitch009

Default Configuration (will take a number of minutes).

Little Snitch was now prompting me to approve many network connections for background apps.  Currently as we speak MongoDB and AWS Elasticsearch servers are being hit with ransomware. I might be patient and manually approve every process wanting to use my network with Little Snitch.

I opened many apps and responded to the network access prompts when the apps tried to talk to the network.

LittleSnitch0010d

Manually invoking an application to use the network (software update) results in an approval pop-up.

LittleSnitch0010c

After a number of minutes reviewing app network permissions, I loaded up the Little Snitch Network Monitor. Nice.

LittleSnitch0011

The Network Monitor is handy for reviewing in real-time what is happening on your Network/Machine.

Note: My BitDefender is rather busy.

LittleSnitch0012

I have digressed,  let’s see if Little Snitch can block my iOS App to assist with debugging API’s.

Blocking iOS Simulator Traffic with Little Snitch

XCode itself wanted access to the internet before I opened my project.

As soon as I started the XCode iOS Simulator I blocked all simulator related processes (I can turn it back on later).

LittleSnitch0013

Tip” I just found out if you move the mouse above the forever button in the dark grey area you can view more information.

I blocked the following iOS Simulator related processes from making any connection forever.

LittleSnitch0014

LittleSnitch0015

LittleSnitch0016

LittleSnitch0017

Now to start my app on the simulator from XCode and invoke a network call and see if we can block it to trigger my error pop-up.  Yes, I was able to block the iOS Simulated app with Little Snitch 🙂

LittleSnitch0019

I received this “correct” error in my app, Excellent, now I can customize the error messages in my app.

LittleSnitch0020

🙂

The eagle eyes will notice that the error message above is the same as when I turned off the Node Server that handles the login.  Now I need to add some XCode code in to detect “Is Wifi Network Up”,”Is Mobile Network Up”Can Access Network” and “Can Ping Server” etc. This would provide true error messages and not give the user any doubt to what the problem was.

If it was their device blocking my app they need a different message to one that reports a general data connection error or server down error.

Now how do I enable the blocked network traffic in Little Snitch?

Open the Little Snitch Configuration app.

LittleSnitch008

You can easily see what processes are allowed/blocked and change the setting (double click then change the connection to/from to Allow/Deny).

LittleSnitch0022

Summary

As it turns out I did not need to block the other iOS processes (just my app) so in future, I will just Deny or Allow for my app (until quite).

LittleSnitch0019

Little Snitch from Objective Development is an awesome app and allows me to block traffic where XCode would not.  As a bonus it will secure your machine and help keep it safe.

I will update this guide when I learn more about Little Snitch.

 

Donate and make this blog better





Ask a question or recommend an article

Your Name (required)

Your Email (required)

Your Question