Tuesday, January 31, 2012

iptables NAT port forward 443 (https) to 8443

I recently wanted to setup port forwarding on an Ubuntu Linux server (AWS EC2) to redirect https traffic (port 443) to a Tomcat server listening for SSL connections on port 8443. I really did not want to learn anything about UFW or iptables - I just wanted to setup the forwarding and get on with my day, so I proceeded to Google away and read man pages and finally figured out the following commands after learning more than I wanted to learn - which was a complete waste, because I'll forget it all anyway:

sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 8443

sudo iptables -t nat -A OUTPUT -p tcp --dport 443 -o lo -j REDIRECT --to-port 8443

The first command adds (-A) a rule to iptable's PREROUTING table to redirect incoming packets bound for port 443 over to port 8443. The second rule adds a similar rule to the OUTPUT table that redirects packets outgoing to port 443 on the loopback interface (-o lo).

Of course there's another trick - those rules disappear on reboot unless we save them somewhere. If you're running UFW, then add the rules to /etc/ufw/before.rules. Otherwise one solution is to install the iptables-persistent extension (on Ubunutu: sudo apt-get install iptables-persistent), and save the rules to /etc/iptables/rules.v4.

I hate this sysadmin garbage ...

Wednesday, January 25, 2012

Simple Session Scope with Guice

I've been a big fan of the Guice dependency injection library for a while, but I missed support for session-scoped injection until I figured out a way to achieve the same effect using child injectors. I was inspired by the PicoContainer project that I stumbled upon several months ago. I haven't actually used PicoContainer, but it appears to actually be better thought out than Guice - implementing arbitrary dependency injection scopes and lifecycle management via hierarchies of IOC containers.

I had PicoContainer's hierarchy approach bouncing around in my head when I stumbled up Guice's createChildInjector method - which supports a similar approach to managing object scopes.

Long story short - I introduced the notion of a "SessionModule" that defines session-scoped bindings to littleware's module system in my development repository clone. Littleware's module system also uses OSGi in an unorthodox way to manage the application life cycle. I wish I would have known about PicoContainer earlier - it appears to implement a nice approach for a combined IOC and application life cycle container. At some point I need to take a look at Spring too - to steal ideas if nothing else!

Sunday, January 08, 2012

Youtube to the rescue!

I have this old yellow Kitchenaid blender that has been sitting in the cabinet collecting dust for the past year or so after the rubber coupler that mates the motor base with the pitcher's blade impeller melted when I left hot soup in the pitcher for too long. It was so frustrating to have this appliance with working motor useless from a melted piece of rubber - what a piece of garbage! I tried some ridiculous jerry rigs, tried to remove the part, googled "busted blender", and eventually just stuck the thing in a cabinet disgusted.

Anyway, happy ending, yesterday I was thinking again about the damn blender after watching America's Test Kitchen make some awesome gazpacho - trying to figure out how I could puree without a food processor or blender, when I decided to google "kitchenaid blender coupler" - something like that, and discovered a community of pissed off blender owners and their relief at discovering how to repair the busted rubber coupling! This YouTube video shows how to remove the part, and Amazon sells a replacement.

I'm waiting for my new coupler to arrive in the mail. I can't wait to give the repaired blender a try. It's like I'm getting a new blender for Christmas! I'll probably wind up blending my hand off or something like that now ... blood smoothie!