Directory structure for a Flask project

Flask does not impose a strict directory structure, in fact, Flask does not impose anything at all – your whole project can be just a single .py file! This was slightly worrying me when I was just starting out with Flask. What goes where? Will I shoot myself in the leg if I do XYZ? These and many more questions were occupying my mind. Continue reading “Directory structure for a Flask project”

Directory structure for a Flask project

How to split tar file and then reassemble it on Windows

Today I was presented with an interesting task – copy a large ISO file onto a USB stick that is formatted with FAT file system, meaning that only <4GB files can be copied onto it. I immediately thought of tar (can archive files without actually compressing them) and split, but how do I reassemble it on Windows?

Turns out it’s easy! Continue reading “How to split tar file and then reassemble it on Windows”

How to split tar file and then reassemble it on Windows

How to install StarCraft on OSX

Last week me and my friend decided to play StarCraft, I didn’t had it installed so I went on Blizzard’s website to get it, but unfortunately OSX support is only up to 10.6.X (I run 10.11.X) so that was out of the question. I still bought it though, because I’ve heard of Wine – a way to run some of the Windows games on Mac. Continue reading “How to install StarCraft on OSX”

How to install StarCraft on OSX

Basic iptables firewall

iptables is a firewall installed by default  in Debian. This is the template I usually use:

*filter

#  Allow all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
-A INPUT -i lo -j ACCEPT
-A INPUT -d 127.0.0.0/8 -j REJECT

#  Accept all established inbound connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

#  Allow all outbound traffic - you can modify this to only allow certain traffic
-A OUTPUT -j ACCEPT

#  Allow HTTP and HTTPS connections from anywhere (the normal ports for websites and SSL).
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT

#  Allow SSH connections
#  The -dport number should be the same port number you set in sshd_config
-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT

#  Allow ping
-A INPUT -p icmp -j ACCEPT

#  Allow VPN
# -A INPUT -p udp -m state --state NEW -m udp --dport 1194 -j ACCEPT
# -A FORWARD -s 192.168.88.0/24 -j ACCEPT
# -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

# Allow DNS requests
# -A INPUT -p udp --dport 53 -j ACCEPT
# -A INPUT -p tcp --dport 53 -j ACCEPT

# Allow SMTP
# -A INPUT -p tcp --dport 25 -j ACCEPT

#  Log iptables denied calls
# -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7

#  Drop all other inbound - default deny unless explicitly allowed policy
-A INPUT -j DROP
-A FORWARD -j DROP

COMMIT

*nat

# VPN related
# -A POSTROUTING -s 192.168.88.0/24 -o eth0 -j MASQUERADE
# in openvz/vservers you may need the following instead
# -A POSTROUTING -s 192.168.88.0/24 -j SNAT --to-source 178.62.115.60

COMMIT

Continue reading “Basic iptables firewall”

Basic iptables firewall

Django, OSX and firewall exceptions

I don’t even think I can count how many times have I got the popup window that says, Do you want the application ‘python’ to accept incoming network connections? I have always clicked Allow only to find out later that it has been added to firewall exceptions and is set to Allow incoming connections, yet I still get this popup. Every. God. Damn. Time. So how do we cure this? Fortunately, very easy!

Now, that popup is there for a reason, but since I use python for development, I trust it. In real life you should always be careful when allowing incoming connections!

Signing python binary

Fortunately, I have an iPhone developer code signing identity, so for me it was as easy as activating virtual environment and running:

codesign -s "iPhone Developer" -f $(which python)

A dialog will appear, click Allow. Done!

Now, those of you who don’t have a code signing identity should head here and scroll down to To use the Certificate Assistant to create a self-signed signing identity section and follow the steps there. Once you have obtained a code signing identity run the aforementioned command .

Django, OSX and firewall exceptions

Using Let’s Encrypt with NGINX

Let’s Encrypt is a free, automated, and open certificate authority (CA),  that provides an easy way to obtain and install free TLS/SSL certificates!

In this tutorial I will show you how to use Let’s Encrypt to obtain a free SSL certificate and use it with NGINX running on Debian 8.5 aka Jessie.

Goal of this tutorial is to have a HTTP server that will serve Let’s Encrypt domain validation files through HTTP and redirect everything else to HTTPS.

Continue reading “Using Let’s Encrypt with NGINX”

Using Let’s Encrypt with NGINX

Testing file uploads with Django REST Framework

Currently I’m working on a REST backend and I needed a way to test file uploads through the REST API. Turns out, it’s quite easy:

def temporary_image():
    """
    Returns a new temporary image file
    """
    import tempfile
    from PIL import Image

    image = Image.new('RGB', (100, 100))
    tmp_file = tempfile.NamedTemporaryFile(suffix='.jpg')
    image.save(tmp_file, 'jpeg')
    tmp_file.seek(0)  # important because after save(), the fp is already at the end of the file
    return tmp_file

Then in your unittest:

data = {
    'title': 'How to tame the T-rex',
    'owner': 1,
    'cover_image': temporary_image(),
}
response = self.client.post("/v1/pages/", data, format='multipart')
self.assertEqual(response.status_code, status.HTTP_201_CREATED)

That’s it!

Testing file uploads with Django REST Framework

Generating Django secrets

I found this excellent Gist that I’d like to share with you:

"""
Pseudo-random django secret key generator.
– Does print SECRET key to terminal which can be seen as unsafe.
"""
import string
import random
from __future__ import print_function
# Get ascii Characters numbers and punctuation (minus quote characters as they could terminate string).
chars = ''.join([string.ascii_letters, string.digits, string.punctuation]).replace('\'', '').replace('"', '').replace('\\', '')
SECRET_KEY = ''.join([random.SystemRandom().choice(chars) for i in range(50)])
print(SECRET_KEY)

Continue reading “Generating Django secrets”

Generating Django secrets

Deploying Flask (NGINX, Gunicorn, Supervisor) for the first time

I’ve been working with Django for almost six months now and I am enjoying every minute of writing python code. During that time I gained a lot of experience and yet I never went through full deployment cycle – from setting up the environment, to actual deployment. This weekend I decided to change that. I picked URL shortening service as my test project, it would not only allow me to gain experience in deploying python code, but it would also allow me to explore Flask microframework!

This article is more of a mental note to myself rather than a tutorial, but I think anyone can learn from this, as I found it quite difficult to find a good tutorial that explains every step of deployment (I will later post another article similar to this but for Django). Most of the tutorials focus on general steps, but I wanted something that I can turn to in a year and still be able to deploying without googling for some specifics. At the end of this tutorial you will have NGINX serving static files and Gunicorn handling dynamic requests via unix socket. Gunicorn is supervised, well, by supervisor (pun intended). Finished product can bee seen at mor3.at. Continue reading “Deploying Flask (NGINX, Gunicorn, Supervisor) for the first time”

Deploying Flask (NGINX, Gunicorn, Supervisor) for the first time