Odoo 9 Apache2 Reverse Proxy SSL

Prerequisite: Apache2 enabled
Enabling Apache2 module
# a2enmod proxy_http headers remoteip rewrite
To enable Apache2 cache to disk
# a2enmod cache cache_disk
Edit Default Virtual Host for SSL
# vi /etc/apache2/sites-available/default-ssl.conf
...
ProxyRequests off
SSLProxyEngine on
SSLEngine on
RequestHeader set "X-Forwarded-Proto" "https"
SetEnv proxy-nokeepalive 1
Proxypass "/" "http://localhost:8069/" # 127.0.0.1
ProxyPassReverse "/" "http://localhost:8069/" # 127.0.0.1
ProxyErrorOverride off
...
Restart Apache2
# /etc/init.d/apache2 restart
Run Odoo for localhost only
# vi /etc/odoo/openerp-server.conf
...
proxy_mode = true
xmlrpc_interface = 127.0.0.1
...
Restart Odoo
# /etc/init.d/odoo restart
References:

• https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html 
• https://httpd.apache.org/docs/2.4/mod/mod_proxy.html 
• http://www.wirasoenaryo.com/how-to-use-apache-as-reverse-proxy-on-odoo/ 
• https://www.leaseweb.com/labs/2014/12/tutorial-apache-2-4-transparent-reverse-proxy/ 
• https://www.odoo.com/forum/help-1/question/how-to-set-up-odoo-8-with-ssl-and-apache2-61282 
• https://www.digitalocean.com/community/tutorials/how-to-configure-apache-content-caching-on-ubuntu-14-04

Debian Jessie: enabling Apache2 SSL using self sign key

Install apache2

# apt-get install apache2 openssl

Create self sign key

# mkdir -p /etc/ssl/localcerts
# openssl req -new -x509 -days 365 -nodes -out /etc/ssl/localcerts/apache.pem -keyout /etc/ssl/localcerts/apache.key
# chmod 600 /etc/ssl/localcerts/apache*

Edit Apache default SSL

# vi /etc/apache2/sites-available/default-ssl.conf
...
#SSLCertificateFile     /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateFile      /etc/ssl/localcerts/apache.pem
#SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
SSLCertificateKeyFile /etc/ssl/localcerts/apache.key
...

Create link to enable default-ssl.conf

# ln -s /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-enabled/default-ssl.conf

Enabling Apacle SSL

# a2enmod ssl

Redirect all http request to https

# vi /etc/apache2/sites-available/000-default.conf 
...
#DocumentRoot /var/www/html # we don't need root document
...
Redirect permanent / https://www.example.com # redirect all request can replace with ip address
...

Restart Apache2

# /etc/init.d/apache2 restart

References:

• https://wiki.debian.org/Self-Signed_Certificate
• https://wiki.apache.org/httpd/RedirectSSL

Android Studio 2.1.3: failed to find Build Tools revision 24.0.1

Software

• Android SDK Manager 25.1.7 (Stand Alone)
• Android Studio 2.13
• Oracle JDK 1.8.0_102
• Windows 10 x64

If you change/upgrade Android SDK Build-tools into latest, in my case from 24.0.1 to 24.0.2, your previous project may not compile nor run properly. The error may like this:

Error:A problem occurred configuring project ':app'.

> failed to find Build Tools revision 24.0.1

To fix it, do these:

1. in 1: Project change view to Android
2. Go to Grandle Scripts and open Grandle Script (Module:app) 
3. change buildToolsVersion "24.0.1"  ->    buildToolsVersion "24.0.2" 
   • ...
   • android {
   •     compileSdkVersion 24
   •     buildToolsVersion "24.0.1" 
   • ...
4. Sync your project

Fail2ban: optional regex filter

Optional regex filter:

SSH, edit or replace /etc/fail2ban/filter.d/sshd.conf or /etc/fail2ban/filter.d/sshd-ddos.conf

^%(__prefix_line)s(?:error: PAM: )?[aA]uthentication (?:failure|error|failed) for .* from <HOST>( via \S+)?\s*$
^%(__prefix_line)s(?:error: PAM: )?User not known to the underlying authentication module for .* from <HOST>\s*$
^%(__prefix_line)sFailed \S+ for .*? from <HOST>(?: port \d*)?(?: ssh\d*)?(: (ruser .*|(\S+ ID \S+ \(serial \d+\) CA )?\S+ %(__md5hex)s(, client user ".*", client host ".*")?))?\s*$
^%(__prefix_line)sROOT LOGIN REFUSED.* FROM <HOST>\s*$
^%(__prefix_line)s[iI](?:llegal|nvalid) user .* from <HOST>\s*$
^%(__prefix_line)sUser .+ from <HOST> not allowed because not listed in AllowUsers\s*$
^%(__prefix_line)sUser .+ from <HOST> not allowed because listed in DenyUsers\s*$
^%(__prefix_line)sUser .+ from <HOST> not allowed because not in any group\s*$
^%(__prefix_line)srefused connect from \S+ \(<HOST>\)\s*$
^%(__prefix_line)s(?:error: )?Received disconnect from <HOST>: 3: .*: Auth fail(?: \[preauth\])?$
^%(__prefix_line)sUser .+ from <HOST> not allowed because a group is listed in DenyGroups\s*$
^%(__prefix_line)sUser .+ from <HOST> not allowed because none of user's groups are listed in AllowGroups\s*$
^(?P<__prefix>%(__prefix_line)s)User .+ not allowed because account is locked<SKIPLINES>(?P=__prefix)(?:error: )?Received disconnect from <HOST>: 11: .+ \[preauth\]$
^(?P<__prefix>%(__prefix_line)s)Disconnecting: Too many authentication failures for .+? \[preauth\]<SKIPLINES>(?P=__prefix)(?:error: )?Connection closed by <HOST> \[preauth\]$
^(?P<__prefix>%(__prefix_line)s)Connection from <HOST> port \d+(?: on \S+ port \d+)?<SKIPLINES>(?P=__prefix)Disconnecting: Too many authentication failures for .+? \[preauth\]$
^%(__prefix_line)s(error: )?maximum authentication attempts exceeded for .* from <HOST>(?: port \d*)?(?: ssh\d*)? \[preauth\]$
^%(__prefix_line)spam_unix\(sshd:auth\):\s+authentication failure;\s*logname=\S*\s*uid=\d*\s*euid=\d*\s*tty=\S*\s*ruser=\S*\s*rhost=<HOST>\s.*$
^%(__prefix_line)sConnection closed by <HOST> \[preauth\]$
^%(__prefix_line)sReceived disconnect from <HOST>: 11: (Bye Bye)? \[preauth\]$
^%(__prefix_line)sReceived disconnect from <HOST>: 3: \S+: Auth fail$

Postfix-sasl, edit or replace /etc/fail2ban/filter.d/postfix-sasl.conf

^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL ((?i)LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(:[ A-Za-z0-9+/:]*={0,2})?\s*$
lost connection after AUTH from (.*)\[<HOST>\] 

Postfix, edit or replace /etc/fail2ban/filter.d/postfix.conf

^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 554 5\.7\.1 .*$
^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 450 4\.7\.1 Client host rejected: cannot find your hostname, (\[\S*\]); from=<\S*> to=<\S+> proto=ESMTP helo=<\S*>$
^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 450 4\.7\.1 : Helo command rejected: Host not found; from=<> to=<> proto=ESMTP helo= *$
^%(__prefix_line)sNOQUEUE: reject: EHLO from \S+\[<HOST>\]: 504 5\.5\.2 <\S+>: Helo command rejected: need fully-qualified hostname;
^%(__prefix_line)sNOQUEUE: reject: VRFY from \S+\[<HOST>\]: 550 5\.1\.1 .*$
^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 450 4\.1\.8 <\S*>: Sender address rejected: Domain not found; from=<\S*> to=<\S+> proto=ESMTP helo=<\S*>$
^%(__prefix_line)simproper command pipelining after \S+ from [^[]*\[<HOST>\]:?$
lost connection after (AUTH|UNKNOWN|EHLO) from (.*)\[<HOST>\]
connect from unknown\[<HOST>\]
disconnect from unknown\[<HOST>\]?$
statistics: max connection rate 1/60s for (smtp:<HOST>)?$
statistics: max connection rate 1 for (smtp:<HOST>)?$

ProFTP, edit or replace /etc/fail2ban/filter.d/proftpd.conf 

^%(__prefix_line)s%(__hostname)s \(\S+\[<HOST>\]\)[: -]+ USER .*: no such user found from \S+ \[\S+\] to \S+:\S+ *$
^%(__prefix_line)s%(__hostname)s \(\S+\[<HOST>\]\)[: -]+ USER .* \(Login failed\): %(__suffix_failed_login)s\s*$
^%(__prefix_line)s%(__hostname)s \(\S+\[<HOST>\]\)[: -]+ SECURITY VIOLATION: .* login attempted\. *$
^%(__prefix_line)s%(__hostname)s \(\S+\[<HOST>\]\)[: -]+ Maximum login attempts \(\d+\) exceeded *$
USER \S+: no such user found from \S* ?\[<HOST>\] to \S+\s*$
\(\S+\[<HOST>\]\)[: -]+ USER \S+: no such user found from \S+ \[[0-9.]+\] to \S+:\S+.*$
\(\S+\[<HOST>\]\)[: -]+ USER \S+ \(Login failed\): Incorrect password.*$
\(\S+\[<HOST>\]\)[: -]+ SSH2 session closed.

References:

• http://www.fail2ban.org/wiki/index.php/MANUAL_0_8
• http://serverfault.com/questions/686422/modify-fail2ban-failregex-to-match-failed-public-key-authentications-via-ssh
• http://security.stackexchange.com/questions/10869/fail2ban-does-not-ban-failed-root-login-attempt
• http://serverfault.com/questions/681703/regex-for-multiple-sshd-received-disconnect-from-preauth
• https://github.com/fail2ban/fail2ban/pull/1206/files 
• http://serverfault.com/questions/335983/postfix-connection-lost-after-auth 

Install Google Play Store into Genymotion Android 6

THIS PAGE IS OUT OF DATE. Genymotion does not provide free anymore

Software:

• VirtualBox 5.1.4
• Genymotion 2.7.2 
• Windows 10 build 10586

I need to build PrintService application for non branded printer. I need to install some Printer plugins from Google Play Store to test how they work.

1. Flash Genymotion-ARM-Translation_v1.1.zip and restart. Download: http://www.mirrorcreator.com/files/0ZIO8PME/Genymotion-ARM-Translation_v1.1.zip_links 
2. Flash gapps-L-4-21-15.zip and reboot. Download: https://www.androidfilehost.com/?fid=96042739161891406 
3. Configure genymotion virtual device: Network -> NAT (Default) and google sign in.
4. Flash benzo-gapps-M-20151011-signed-chroma-r3.zip and reboot. Download https://www.androidfilehost.com/?fid=24052804347835438 or http://opengapps.org/?download=true&arch=arm&api=6.0&variant=nano  (choose pico for minimal package). 

References:

• https://z3ntu.github.io/2015/12/10/play-services-with-genymotion.html