00:00:09.762 --> 00:00:10.702 That record didn't work.
00:00:10.712 --> 00:00:12.122 That's why we had thought recording.
00:00:12.132 --> 00:00:15.442 Because because Ben actually filled up the hard drive.
00:00:16.272 --> 00:00:16.642 I don't know.
00:00:16.652 --> 00:00:17.162 We'll try again.
00:00:17.172 --> 00:00:18.642 Let's it happens and go.
00:00:20.182 --> 00:00:22.673 OK, so I will leave and following that that in Postgres
00:00:22.673 --> 00:00:23.962 as an exercise to the reader.
00:00:24.692 --> 00:00:28.948 Like just search how to install X on the X and they'll find
00:00:28.948 --> 00:00:33.345 actually get the right versions next for running connect as a
00:00:33.345 --> 00:00:33.912 service.
00:00:34.642 --> 00:00:36.707 So First off, you'll want to make sure that you have a
00:00:36.707 --> 00:00:37.232 separate user.
00:00:37.242 --> 00:00:40.327 Just for clarity, I'd rather just for this instance of
00:00:40.327 --> 00:00:43.749 Kinect, so if you're going to deploy uacm problem, same box,
00:00:43.749 --> 00:00:47.395 have two separate users, kind of that network service crap where
00:00:47.395 --> 00:00:48.292 everything goes.
00:00:48.302 --> 00:00:48.812 That one thing.
00:00:52.062 --> 00:00:56.599 So pseudo user ad M means create the home folder and Dash RI
00:00:56.599 --> 00:01:01.136 believe it was maybe as a side note that the blush help will
00:01:01.136 --> 00:01:05.672 work on most commands to be able to see what you need and to
00:01:05.672 --> 00:01:09.837 remember that might be a debating thing I'm thinking of
00:01:09.837 --> 00:01:14.150 was poor watches of the video are going to get the debate
00:01:14.150 --> 00:01:14.522 joke.
00:01:16.422 --> 00:01:17.452 Uh, there we are.
00:01:17.842 --> 00:01:19.312 Yes, Dash R for system.
00:01:19.582 --> 00:01:23.124 Basically that means like it allocates in a separate range of
00:01:23.124 --> 00:01:26.322 uids so that it doesn't look like it's an actual login.
00:01:26.332 --> 00:01:30.202 Double user doesn't ask you for a password or anything like
00:01:30.202 --> 00:01:30.782 that. Uh.
00:01:30.792 --> 00:01:34.349 So let's just call this one cortisol, since that's what I'm
00:01:34.349 --> 00:01:34.882 gonna be.
00:01:35.612 --> 00:01:39.679 Or that's the test project from that to be deploying is use that
00:01:39.252 --> 00:01:41.102 Should this have like a dash prod or dash stage?
00:01:39.679 --> 00:01:39.992 done.
00:01:41.112 --> 00:01:42.362 If you're saying she just differently.
00:01:42.352 --> 00:01:45.319 Yes, if you're doing a normal deployments, you'll probably
00:01:45.319 --> 00:01:47.632 just want to do like dash, UT or N dash prod.
00:01:48.972 --> 00:01:52.161 So now we can see that created my cortisol Home directory as
00:01:52.161 --> 00:01:52.422 well.
00:01:54.352 --> 00:01:57.255 As a side note, if you want to figure out what the home
00:01:57.255 --> 00:02:00.468 directory for a particular user is, get Ant password and then
00:02:00.468 --> 00:02:03.838 the username that will grab the line from the Etsy password file
00:02:03.838 --> 00:02:06.844 that gives you that just one user and you have your home,
00:02:06.844 --> 00:02:08.502 your home directory right there.
00:02:10.602 --> 00:02:13.252 So I already have Cordell published over here.
00:02:13.372 --> 00:02:16.632 I'm just going to quickly move that over to actually copy it.
00:02:18.592 --> 00:02:18.952 Let's see.
00:02:24.032 --> 00:02:27.450 Make sure it's owned by Corozal, so you might have to use some
00:02:27.450 --> 00:02:29.402 CHL, which we'll get into a second.
00:02:29.602 --> 00:02:30.722 Yeah, that's probably a good idea.
00:02:32.152 --> 00:02:36.353 So we're going to copy that over to home Corozal Pub or whatever
00:02:36.353 --> 00:02:39.972 folder name instructs you want to use for these things.
00:02:41.882 --> 00:02:46.214 Alright and now sudo as the user personal I want to run bash or
00:02:46.214 --> 00:02:48.582 whatever shall you have installed.
00:02:48.952 --> 00:02:51.822 Go to Home directory so we have this thing.
00:02:52.032 --> 00:02:53.781 Now, if you were to take a look at this, we see it's owned by
00:02:53.781 --> 00:02:53.922 root.
00:02:54.292 --> 00:02:55.102 We don't want that.
00:02:55.692 --> 00:03:00.093 Cortisol obviously does not have brick permissions to run sudo
00:03:00.093 --> 00:03:04.493 because we are good developers who do not make the one user do
00:03:04.493 --> 00:03:08.824 everything, so it's going to be pseudo Chon, cortisol, colon,
00:03:08.824 --> 00:03:09.452 cortisol.
00:03:09.522 --> 00:03:13.782 So that's the user colon group and then the path to that.
00:03:14.152 --> 00:03:16.162 Really we can just specify the home directory through.
00:03:16.402 --> 00:03:19.843 Can't really be anything and it's not owned by the user dash
00:03:19.843 --> 00:03:20.802 big R4 recursive.
00:03:21.212 --> 00:03:24.138 No, it's big R other things might use a little R, so each
00:03:24.138 --> 00:03:25.702 one uses big R then that's why.
00:03:28.012 --> 00:03:30.492 Go back in here, never published directory.
00:03:31.362 --> 00:03:34.713 Uh, we can try running this thing real quick just to see
00:03:34.713 --> 00:03:36.182 that, you know, it works.
00:03:38.932 --> 00:03:39.092 That.
00:03:43.202 --> 00:03:45.032 Right now we're going to set up a system.
00:03:45.042 --> 00:03:49.687 The service for it, so this may or may not be in the connected
00:03:49.687 --> 00:03:51.382 version 5 repo or wiki.
00:03:51.452 --> 00:03:54.676 If you look over the C4 wiki though, and the C4 docs dev dev
00:03:54.676 --> 00:03:58.006 docs for deployment, this system here file will basically work
00:03:58.006 --> 00:04:00.542 for really any service you ever have to set up.
00:04:01.772 --> 00:04:05.772 So it's going to take that now as roots.
00:04:06.022 --> 00:04:09.720 So pseudo user editor edit a file under the ETC systemd
00:04:09.720 --> 00:04:13.682 system folder name for whatever you want the service to be.
00:04:13.692 --> 00:04:16.270 So this would probably most likely be the same as what you
00:04:16.270 --> 00:04:17.012 set your user to.
00:04:17.562 --> 00:04:20.036 It's not that it has to be the same as the user, it's just like
00:04:20.036 --> 00:04:21.582 you probably going to name it the same.
00:04:22.912 --> 00:04:26.432 So going to here, paste it in health file to match.
00:04:29.822 --> 00:04:34.059 We have a user by default just to really as a convention, every
00:04:34.059 --> 00:04:36.772 user gets a group name the same as them.
00:04:36.822 --> 00:04:39.022 So we want to make sure that they also runs with that group.
00:04:40.852 --> 00:04:45.922 That's change that, so I'll home console pub clarity.
00:04:45.932 --> 00:04:51.844 Connect clients dot cortisol and this could be the direct
00:04:51.844 --> 00:04:54.392 executable if it's there.
00:04:54.402 --> 00:04:58.887 If you publish in Windows, you probably don't have that, so you
00:04:58.887 --> 00:05:03.302 might have to do this and you net and then give it the path to
00:05:03.302 --> 00:05:03.862 the DLL.
00:05:04.362 --> 00:05:05.512 Either one doesn't matter.
00:05:05.522 --> 00:05:09.085 The same thing, or rather effectively the same thing for
00:05:09.085 --> 00:05:09.272 us.
00:05:13.552 --> 00:05:15.712 Oops, sorry, I actually messed up there.
00:05:16.172 --> 00:05:18.032 That is the working directory.
00:05:18.042 --> 00:05:21.282 We want the working directory to just be some folder under the.
00:05:24.882 --> 00:05:27.542 Like just in the users home directory.
00:05:31.912 --> 00:05:32.872 So let's go in here.
00:05:32.882 --> 00:05:37.043 We're just next one named working, so we'll set that
00:05:37.043 --> 00:05:37.592 select.
00:05:37.602 --> 00:05:41.492 So yeah, I've shortcuts and sudo.
00:05:49.822 --> 00:05:50.072 Got it.
00:05:50.082 --> 00:05:50.702 All that stuff.
00:05:53.932 --> 00:05:56.152 So working directory will be our slash working.
00:05:57.312 --> 00:05:58.312 Let's start right there.
00:06:02.852 --> 00:06:05.092 Press the stuff can probably just stay the same.
00:06:08.572 --> 00:06:12.172 Right now, so that thing is up and there.
00:06:13.852 --> 00:06:18.228 So I need a copy of my app settings over, so that should
00:06:18.228 --> 00:06:21.222 probably just live in the same folder.
00:06:21.232 --> 00:06:26.270 Here are there may not be a patch and connect P5 yet to rule
00:06:26.270 --> 00:06:28.912 that from the correct directory.
00:06:29.172 --> 00:06:31.572 So might still talking have to live in the pub, but hopefully
00:06:31.572 --> 00:06:33.972 by the time somebody watches this video, we should have that.
00:06:35.632 --> 00:06:38.812 So now pseudo system control, we can check the status.
00:06:41.352 --> 00:06:45.252 It's disabled, not running, blah blah blah initial start.
00:06:45.262 --> 00:06:46.522 We can do enable the wash now.
00:06:47.032 --> 00:06:48.322 I'll show without that for the moment.
00:06:50.102 --> 00:06:53.692 So now we can see it's enabled but not running and then if we
00:06:53.692 --> 00:06:57.513 had not done the double hash now like we did not do here, we were
00:06:57.513 --> 00:07:01.161 just do start to see status and it failed because of course it
00:07:01.161 --> 00:07:01.392 did.
00:07:01.522 --> 00:07:04.662 It's a very accurate depiction of what will happen.
00:07:04.672 --> 00:07:09.911 The first thing to do, and this might be actually an issue some
00:07:09.911 --> 00:07:14.823 systems will have an issue trying to run an executable file
00:07:14.823 --> 00:07:19.243 that's not in like a proper location in the path as a
00:07:19.243 --> 00:07:20.962 security enhancement.
00:07:22.672 --> 00:07:24.472 So what you can also do here.
00:07:26.552 --> 00:07:32.897 In the user local bin you can make like like start, dash,
00:07:32.897 --> 00:07:39.788 cortisol that SH harder shebang line CD into our cortisol home
00:07:39.788 --> 00:07:40.882 directory.
00:07:43.402 --> 00:07:49.009 As working and then just say like that message pub slash
00:07:49.009 --> 00:07:52.452 whatever our the name of this was.
00:07:54.752 --> 00:07:56.532 Sorry, it's probably gonna be all uppercases in it.
00:07:57.372 --> 00:07:59.502 That was probably actually the issue, but still showed this.
00:08:00.832 --> 00:08:02.192 Make sure we set that as executable.
00:08:07.232 --> 00:08:09.362 And we can edit the oops.
00:08:12.672 --> 00:08:13.092 Service.
00:08:14.532 --> 00:08:17.976 So this point, it doesn't really matter what our Working
00:08:17.976 --> 00:08:21.722 directory is set to up here, because we're just gonna do user
00:08:21.722 --> 00:08:23.232 local bin start cortisol.
00:08:26.532 --> 00:08:29.942 Now notes if anytime you change the service file, you have to
00:08:29.942 --> 00:08:31.262 tell the data to reload.
00:08:35.312 --> 00:08:38.222 Let me check status be restart it, see if that works.
00:08:42.292 --> 00:08:42.812 That's running.
00:08:46.582 --> 00:08:46.932 That's it.
00:08:49.022 --> 00:08:50.322 By hand was up because I didn't.
00:08:49.082 --> 00:08:49.642 And even that was.
00:08:49.342 --> 00:08:49.782 Now is this.
00:08:50.672 --> 00:08:55.572 I didn't see it do the tamad executable there.
00:08:55.582 --> 00:08:56.602 I think that may have been the issue.
00:08:59.272 --> 00:09:00.532 And as you did do it, night didn't see it.
00:08:59.362 --> 00:09:01.502 Is this bound to in a port now?
00:08:59.442 --> 00:09:00.282 Oh, you mean for the?
00:09:03.232 --> 00:09:05.122 Yeah, just by default it'll pick a port.
00:09:05.492 --> 00:09:08.802 If you want to give it something so like in this case we gave it
00:09:08.802 --> 00:09:12.060 that script that we have, so we would just do the last URLs and
00:09:12.060 --> 00:09:13.842 this is just normal asked on that.
00:09:13.852 --> 00:09:14.962 It's not specific.
00:09:15.862 --> 00:09:17.362 Equals whatever.
00:09:18.882 --> 00:09:23.351 Like for example, this means listening on any interface port
00:09:23.351 --> 00:09:25.842 5001 for HTTP or PowerPoint 5000.
00:09:28.102 --> 00:09:31.492 So now we could go that all loops.
00:09:31.502 --> 00:09:32.882 Actually mess something up in there.
00:09:33.672 --> 00:09:37.292 So in this thing, you will actually probably want to do X
00:09:37.292 --> 00:09:41.223 and basically that means replace the current process with that
00:09:41.223 --> 00:09:41.722 process.
00:09:43.322 --> 00:09:46.422 You don't have to go too deep into the system calls work
00:09:46.422 --> 00:09:49.685 there, but on the Unix like systems you can actually become
00:09:49.685 --> 00:09:53.165 another process rather than like forking another one that has a
00:09:53.165 --> 00:09:53.872 separate PID.
00:09:54.562 --> 00:09:58.027 So in this instance the like running this script will be the
00:09:58.027 --> 00:10:01.434 exact same PID as this thing that's running here at the end
00:10:01.434 --> 00:10:03.592 once it actually gets past this step.
00:10:07.502 --> 00:10:10.429 So it's somewhat important, especially if your system D
00:10:10.429 --> 00:10:13.670 here, because now when system D would restart, which this may
00:10:13.670 --> 00:10:16.022 have just left the zombie somewhere picture.
00:10:21.612 --> 00:10:25.252 Not 24, no.
00:10:25.262 --> 00:10:26.312 I think it worked OK good.
00:10:30.072 --> 00:10:30.382 Yeah.
00:10:30.392 --> 00:10:34.112 So now if you were to go look in here.
00:10:39.082 --> 00:10:45.782 The so then also some other notes here.
00:10:46.432 --> 00:10:50.668 So Postgres I set up on that, you'd want to probably run like
00:10:50.668 --> 00:10:54.563 this so pseudo as the user Postgres which is just like a
00:10:54.563 --> 00:10:58.730 default user that most distros are going to create when they
00:10:58.730 --> 00:11:02.761 create the Postgres installation as PS equal, and then you
00:11:02.761 --> 00:11:05.972 probably want to do like create user cortisol.
00:11:06.302 --> 00:11:08.635 I probably have my local set that just trust local
00:11:08.635 --> 00:11:10.372 connections for development purposes.
00:11:11.682 --> 00:11:15.882 You you want to do this and then actually create the entire
00:11:15.882 --> 00:11:17.492 schema under that user.
00:11:18.252 --> 00:11:21.132 So like it would be creates database cortisol.
00:11:23.672 --> 00:11:28.616 And then what we would do in order to have EDB loaded into
00:11:28.616 --> 00:11:33.727 there we go in Sukkur and you can just copy this one file up
00:11:33.727 --> 00:11:35.402 and run it directly.
00:11:35.412 --> 00:11:40.021 You don't have to actually bring all the source files over from
00:11:40.021 --> 00:11:43.622 here and then use the less than or one base Cuba.
00:11:44.892 --> 00:11:47.989 That means take the file and make that be our standard input
00:11:47.989 --> 00:11:48.852 for that command.
00:11:49.682 --> 00:11:52.252 So P equal as far as PC can tell can tell.
00:11:52.262 --> 00:11:54.562 We really just typed out that entire file rapid fire.
00:11:57.782 --> 00:11:59.312 So that just created that one.
00:11:59.322 --> 00:12:04.710 So now over here in cortisol we can edit our app settings, make
00:12:04.710 --> 00:12:09.845 sure we have this thing set to colossal and just to show you
00:12:09.845 --> 00:12:11.192 guys real quick.
00:12:11.382 --> 00:12:12.352 It's how you going to cortisol.
00:12:15.822 --> 00:12:17.132 No. So.
00:12:19.942 --> 00:12:27.642 I not ohh now on I'm I'm a dumb dumb.
00:12:20.842 --> 00:12:23.795 Did you set the cortisol database to be the default for
00:12:23.795 --> 00:12:24.322 that user?
00:12:28.112 --> 00:12:29.952 I just create that into the post database.
00:12:31.952 --> 00:12:32.202 OK.
00:12:32.212 --> 00:12:32.762 There we are.
00:12:32.832 --> 00:12:34.122 That's something better.
00:12:34.602 --> 00:12:35.062 Why did it fail?
00:12:36.892 --> 00:12:37.252 Commission.
00:12:37.742 --> 00:12:40.732 Ohh the cause yeah, because I'm trying to.
00:12:41.002 --> 00:12:41.412 Yeah.
00:12:41.422 --> 00:12:44.872 On the other way, you can do that there is if you just
00:12:44.872 --> 00:12:47.632 directly count the file like so into there.
00:12:49.162 --> 00:12:51.142 And why is your bow?
00:12:53.132 --> 00:12:54.082 Because it is not like that.
00:12:54.092 --> 00:12:55.402 I'm in the other directory.
00:13:20.102 --> 00:13:21.522 You don't want to work today, do you?
00:13:25.552 --> 00:13:30.058 Ohh whoops, so here's actually a good instance of something you
00:13:30.058 --> 00:13:30.902 can mess up.
00:13:31.232 --> 00:13:32.602 So I create a database.
00:13:32.612 --> 00:13:35.495 I did not create as cortisol I create as Postgres, so by
00:13:35.495 --> 00:13:38.429 default it's going to be owned by Postgres like the Super
00:13:38.429 --> 00:13:38.732 admin.
00:13:39.572 --> 00:13:40.532 That's gonna drop the Davis.
00:13:44.282 --> 00:13:45.632 Now when we create the database.
00:13:49.022 --> 00:13:52.422 Cortisol with owner cortisol.
00:13:55.082 --> 00:13:55.662 Make sure you do that.
00:13:56.482 --> 00:13:56.952 Don't be me.
00:13:58.752 --> 00:14:01.212 Now we can run it, it works.
00:14:04.092 --> 00:14:05.722 This thing is set up whoops already.
00:14:08.242 --> 00:14:10.262 Think do we have two places?
00:14:10.272 --> 00:14:10.972 So that should be good.
00:14:14.452 --> 00:14:17.070 And so in Postgres by default the database that it opens will
00:14:17.070 --> 00:14:18.252 be the same as the username.
00:14:18.412 --> 00:14:20.682 That's just default no matter what.
00:14:22.142 --> 00:14:24.222 So now we can go pseudo system control.
00:14:24.232 --> 00:14:24.982 We start cordial.
00:14:27.202 --> 00:14:29.662 And now if you go P equal into cortisol.
00:14:37.832 --> 00:14:38.902 No, that was fast.
00:14:39.472 --> 00:14:41.912 Oh yeah, because we already have jobs running inside there.
00:14:45.002 --> 00:14:48.464 So in summary on that part, make sure that you make a user name
00:14:48.464 --> 00:14:51.871 the same as the OR they make it Postgres user name the same as
00:14:51.871 --> 00:14:52.682 the Linux user.
00:14:53.432 --> 00:14:58.231 Make sure the database is owned by that user and and also that
00:14:58.231 --> 00:15:02.192 you create it like create all the stuff as it user.
00:15:02.202 --> 00:15:04.610 Otherwise you would have to like manually specify the owner for
00:15:04.610 --> 00:15:06.002 everything that that script creates.
00:15:06.692 --> 00:15:08.692 So make sure you run that script as cortisol.
00:15:09.952 --> 00:15:10.372 Uh.
00:15:12.732 --> 00:15:15.473 And then, yeah, once you do that, you don't even need a
00:15:15.473 --> 00:15:18.410 password anymore because the local system will see that you
00:15:18.410 --> 00:15:21.347 are connecting to the socket as the user cortisol, and that
00:15:21.347 --> 00:15:24.382 you're trying to connect as the user, like the Postgres user,
00:15:24.382 --> 00:15:24.822 cortisol.
00:15:26.532 --> 00:15:29.232 So you don't have to worry about passwords.
00:15:29.242 --> 00:15:30.752 The system self would just authenticate you.
00:15:36.122 --> 00:15:38.712 Yeah, that's really it for the Postgres side of things.
00:15:38.722 --> 00:15:43.453 There and then really, if you're using, you're probably going to
00:15:43.453 --> 00:15:46.582 be using Postgres as well for job storage.
00:15:47.432 --> 00:15:49.774 The connection string would just be exactly the same as you have
00:15:49.774 --> 00:15:50.062 for EDB.
00:15:52.952 --> 00:15:55.342 So that's nice and simple.
00:15:58.922 --> 00:16:02.304 So now on a Windows deployment, you'd have to set up IIS to get
00:16:02.304 --> 00:16:03.202 the site exposed.
00:16:04.242 --> 00:16:06.552 Yeah, you should probably set up as the Windows service, but.
00:16:04.472 --> 00:16:05.442 Well, how does that work?
00:16:09.622 --> 00:16:14.892 Yeah, we need to figure out the MIS proxying part of that.
00:16:14.902 --> 00:16:16.782 So we just do as Windows service and stuff.
00:16:16.912 --> 00:16:19.552 Trying to use web apps to deploy something long running.
00:16:20.242 --> 00:16:20.632 Sure.
00:16:21.182 --> 00:16:24.107 So I'm I'm relating this back to my Windows experience to say OK
00:16:24.107 --> 00:16:25.502 Now I have an IIS site running.
00:16:25.712 --> 00:16:27.842 Uh that, I mean.
00:16:27.072 --> 00:16:29.242 I need to add it to my host file to be able to do all this stuff.
00:16:29.252 --> 00:16:30.312 How does that work on Linux?
00:16:30.382 --> 00:16:31.952 Really, it's already there.
00:16:30.382 --> 00:16:30.572 This.
00:16:31.962 --> 00:16:35.296 Like you already saw, like we can already get to it just off
00:16:35.296 --> 00:16:38.412 of I like locals for 5000 because that's what we told it
00:16:38.412 --> 00:16:39.122 to listen on.
00:16:39.702 --> 00:16:39.842 Yep.
00:16:40.292 --> 00:16:44.612 Exactly how you expose it outside is going to vary.
00:16:45.622 --> 00:16:50.298 Uh, there is a capability you can give the service to allow it
00:16:50.298 --> 00:16:55.122 to, uh, like have what you call that, like the ability to listen
00:16:55.122 --> 00:16:59.724 on a low numbered part like port 80 and port 443 or more than
00:16:59.724 --> 00:17:04.474 likely you would end up having something sitting in front of it
00:17:04.474 --> 00:17:06.552 like either NGINX or Apache.
00:17:07.602 --> 00:17:11.262 Uh, so actually here I can show you guys an example of proxy.
00:17:12.112 --> 00:17:14.102 So this is my personal machine.
00:17:14.292 --> 00:17:16.932 I like personal cloud box. Uh.
00:17:22.612 --> 00:17:23.362 That's a good example.
00:17:31.872 --> 00:17:33.672 I think this thing is set up that should work for you.
00:17:39.122 --> 00:17:40.312 Should not work.
00:17:48.672 --> 00:17:51.522 Here we are proxy pass.
00:17:51.982 --> 00:17:56.089 So you basically something along these lines only if that the
00:17:56.089 --> 00:18:00.328 location here probably just be the location because you need to
00:18:00.328 --> 00:18:04.567 map a particular path and they would proxy pass each P then you
00:18:04.567 --> 00:18:06.222 like Localhost port 5000.
00:18:07.792 --> 00:18:11.360 Probably the I need this other stuff I think really just proxy
00:18:11.360 --> 00:18:13.342 pass would probably get you there.
00:18:14.532 --> 00:18:18.495 However, if the client already has something running on their
00:18:18.495 --> 00:18:21.882 server, like for example in farm, they already had a
00:18:21.882 --> 00:18:24.502 production site running off of Engine X.
00:18:24.732 --> 00:18:28.684 You should probably just leave it at that, and any time we're
00:18:28.684 --> 00:18:32.763 doing this sort of proxying like net never needs to see any SSL
00:18:32.763 --> 00:18:35.312 certs and should not see any SSL certs.
00:18:36.042 --> 00:18:38.972 Nginx or Apache should be the one who terminates SSL.
00:18:42.662 --> 00:18:42.882 OK.
00:18:42.732 --> 00:18:45.012 Yeah, that's basically what you would do.
00:18:51.012 --> 00:18:54.376 So it will vary based on which box you're on, what they have
00:18:54.376 --> 00:18:54.762 set up.
00:18:55.932 --> 00:19:00.442 So there's no one answer, but I mean the Apache version isn't
00:19:00.442 --> 00:19:02.042 really much different.
00:19:02.052 --> 00:19:05.502 So just different context context.
00:19:04.192 --> 00:19:06.442 So how would I know if I went into a box?
00:19:06.712 --> 00:19:09.374 Let's say I went to go maintain a legacy project that was set up
00:19:09.374 --> 00:19:09.742 this way.
00:19:09.872 --> 00:19:12.962 How would I know if it was a running and BF post?
00:19:12.972 --> 00:19:15.572 Chris was running and go from there.
00:19:17.212 --> 00:19:18.672 Well, first you just check the status.
00:19:21.892 --> 00:19:23.692 Then B check the status.
00:19:28.152 --> 00:19:29.472 And then what was the 3rd part?
00:19:30.692 --> 00:19:32.542 Let's say I didn't know the name of this.
00:19:32.652 --> 00:19:34.172 Say it wasn't named appropriately, right?
00:19:34.182 --> 00:19:35.102 Didn't follow convention.
00:19:35.292 --> 00:19:37.419 How would I be able to look through the services that are
00:19:37.419 --> 00:19:38.922 running in and find out if it was there?
00:19:49.022 --> 00:19:49.142 Yeah.
00:19:52.362 --> 00:19:57.028 And these don't have umm, I guess I missed that on the right
00:19:57.028 --> 00:19:57.792 hand side.
00:19:57.932 --> 00:20:00.912 Does it have a description for what the service is like?
00:20:00.922 --> 00:20:02.002 Would it say clarity connect?
00:20:00.952 --> 00:20:01.202 Yep.
00:20:02.782 --> 00:20:06.193 Well, if they had clarity connecting to unifile, I mean,
00:20:06.193 --> 00:20:09.783 if we're really assuming that this was deployed by moron, I
00:20:09.783 --> 00:20:10.142 guess.
00:20:12.592 --> 00:20:14.452 There's really nothing that can protect you here.
00:20:14.652 --> 00:20:17.882 Like thank you away.
00:20:20.942 --> 00:20:23.972 But overall, we'll probably deploy as a separate users.
00:20:23.982 --> 00:20:25.302 You can probably just tell us home.
00:20:26.032 --> 00:20:28.977 There's a good chance that you'll be able to find one that
00:20:26.222 --> 00:20:26.462 OK.
00:20:28.977 --> 00:20:31.672 just stands out as probably where it was deployed to.
00:20:33.222 --> 00:20:33.442 OK.
00:20:33.402 --> 00:20:38.492 Otherwise, if you happen to know like let's say back on here.
00:20:38.982 --> 00:20:40.602 So if I go back into my server.
00:20:43.672 --> 00:20:47.322 And then I go take a look at my sites.
00:20:48.012 --> 00:20:52.702 So I think what we're had proxies, so I can see here that
00:20:52.702 --> 00:20:55.612 this is proxy passing to port 8000.
00:20:55.882 --> 00:21:00.279 There's a command you can use Fuser 8 part number and either
00:21:00.279 --> 00:21:01.072 TCP or UDP.
00:21:01.972 --> 00:21:06.047 Uh, I guess I don't have something else in there, but you
00:21:06.047 --> 00:21:07.452 may have to sudo it.
00:21:08.332 --> 00:21:11.082 Uh, one second password.
00:21:17.352 --> 00:21:19.970 Alright, you you have to see that because obviously like you
00:21:19.970 --> 00:21:22.545 can't just arbitrarily check to see what some other user is
00:21:22.545 --> 00:21:22.802 doing.
00:21:23.212 --> 00:21:23.702 That would be bad.
00:21:24.732 --> 00:21:24.962 Umm.
00:21:25.612 --> 00:21:27.642 Uh, so yeah, that'll give us the PID.
00:21:27.652 --> 00:21:29.582 So we see us PRD 80 or 380.
00:21:31.212 --> 00:21:32.902 Now we can just go find 380.
00:21:33.432 --> 00:21:35.382 Oops, there are 380.
00:21:35.392 --> 00:21:38.764 I can see what user it's money has, which this right here is
00:21:38.764 --> 00:21:40.422 actually an excellent example.
00:21:40.432 --> 00:21:43.192 So I did say you can't just arbitrarily see when our user is
00:21:43.192 --> 00:21:44.232 doing a lot of systems.
00:21:44.242 --> 00:21:46.492 You can see their processes and the command line.
00:21:47.312 --> 00:21:51.231 This is why you do not pass passwords on the command line,
00:21:51.122 --> 00:21:51.332 Hmm.
00:21:51.231 --> 00:21:55.150 because unless the system is explicitly configured not to,
00:21:55.150 --> 00:21:58.737 you can probably just arbitrarily open up top and see
00:21:58.737 --> 00:22:03.054 the like the other users process with the password sitting right
00:22:03.054 --> 00:22:03.452 there.
00:22:04.352 --> 00:22:04.522 Hmm.
00:22:05.182 --> 00:22:09.240 So which you can see here, like the process itself can actually
00:22:09.240 --> 00:22:13.171 change its own name like this isn't the ultimate command that
00:22:13.171 --> 00:22:14.312 always spawned it.
00:22:14.702 --> 00:22:17.595 It can set itself as much as it wants, but a lot of the time
00:22:17.595 --> 00:22:19.302 it's probably going to be the same.
00:22:19.992 --> 00:22:23.005 So do not pass passwords directly on the command line or
00:22:23.005 --> 00:22:25.172 I should say as a command line argument.
00:22:25.182 --> 00:22:31.364 So someone like uh, I think my sequel had it like Dash P dollar
00:22:31.364 --> 00:22:36.772 blah, don't do that and pass it through somewhere else.
00:22:34.642 --> 00:22:34.912 Umm.
00:22:36.782 --> 00:22:39.893 For example, my sequel actually has a an argument to read a
00:22:39.893 --> 00:22:40.982 password from a file.
00:22:41.232 --> 00:22:42.342 I think PSQL does as well.
00:22:46.442 --> 00:22:46.992 Where is that?
00:22:50.362 --> 00:22:53.750 Somewhere I thought they had it, but either way, even if they
00:22:53.750 --> 00:22:56.865 don't, if they do just support like reading the password
00:22:56.865 --> 00:22:59.652 directly from the command line as in like I press.
00:23:00.062 --> 00:23:03.068 Well, this example right here won't do it because I don't need
00:23:03.068 --> 00:23:04.022 a password for that.
00:23:05.002 --> 00:23:08.331 But let's say we were logging us to the user and PC equal just
00:23:08.331 --> 00:23:10.392 prompts me for user or for a password.
00:23:10.902 --> 00:23:15.656 Just put the password in a file and then cat file type in PSQL
00:23:15.656 --> 00:23:17.542 and it'll just beat that.
00:23:18.172 --> 00:23:18.372 Hmm.
00:23:20.652 --> 00:23:24.148 Obviously PC equals a bad example, but yeah, now of course
00:23:24.148 --> 00:23:27.762 saying that most of the time it's probably not gonna matter,
00:23:27.762 --> 00:23:31.139 because if they're already on your system, they of their
00:23:31.139 --> 00:23:32.442 harder on your system.
00:23:34.042 --> 00:23:36.647 But at least for the long running stuff, make sure you do
00:23:36.647 --> 00:23:39.163 not pass passwords on the command line, because then if
00:23:39.163 --> 00:23:42.037 somebody does manage to get in there at 3:00 AM or whatever and
00:23:42.037 --> 00:23:44.552 see you're running service, they can see your password.
00:23:44.562 --> 00:23:44.882 Probably.
00:23:46.262 --> 00:23:46.822 So don't do that.
00:23:52.152 --> 00:23:52.352 Nice.
00:23:54.412 --> 00:23:55.072 Any other questions?
00:24:01.092 --> 00:24:03.732 Good, because you're all good to be deploying it starting by day.
00:24:06.932 --> 00:24:07.832 So I'll stop the recording.