Moving the default Bitnami AWS Lightsail document root

When you set up an Apache or LAMP Lightsail instance on Amazon Web Services, the default document root is /home/bitnami/htdocs/

If you are migrating to Lightsail already use something other than htdocs as your root folder, for example public_html, then you might want to update this.

Although you could creating a new app on the server to hand it, here is a simpler option which leaves the default folders and setup in place:

In /opt/bitnami/apache2/conf/bitnami/bitnami.conf add your own document root to the end of every location that htdocs is mentioned.

Then

sudo chown -R bitnami:daemon /home/bitnami/htdocs/*
sudo chmod -R g+w /home/bitnami/htdocs
sudo /opt/bitnami/ctlscript.sh restart apache

And you should be good to go.

Remote connection to AWS bitnami lightsail LAMP Mysql

I’m using Sequal Pro here, but this should work for almost any connection. I’m also going to lock to a single IP for security. You could us ‘%’ for any IP, but I wouldn’t recommend it if you are on a static ip at home of at work.

Log into ssh for the relevant LAMP instance using the browser tool on the Lightsail dashboard.

cat bitnami_application_password to get your application password. Copy it somewhere as you’ll need it shortly.

Run nano /opt/bitnami/mysql/my.cnf
Comment out the line that starts with bind-address. So #bind-address...
Exit and save the file.

Update mysql permissions for root remote access with

/opt/bitnami/mysql/bin/mysql -u root -p -e "grant all privileges on *.* to 'root'@'1.2.3.4' identified by 'PASSWORD' with grant option";

Replace 1.2.3.4 with internet connection IP address. Replace PASSWORD with the password you copied above.

Restart mysql with sudo /opt/bitnami/ctlscript.sh restart mysql

Copy the IP address of your Lightsail instance. You may want to add a free static IP address, else the IP will change on restart and all this work will need doing again.

In Sequal Pro choose to add a new connection. Select the SSH tab. In both hosts, put the IP of your Lightsail server.

In mysql username put root and in password, put your password from above.

In ssh username put bitnami and in password, put your password from above.

Click to test your connection. All should connect as expected.

You’ll now need to add a database etc. Enjoy.

Android App URL Schemes

This is a functioning AndroidManifest.xml for linking via a local url scheme. In this case appname:// with any (*) following path

To test this you have to redirect to it. Chromium at this time does not understand or process app url schemes. So a 302 redirect from a trusted publicly available url is the best method for testing.

Note how the second intent-filter here is still inside the .MainActivity <activity>

Different categories and an additional <data> tag are used.

<manifest xmlns:android="http://schemas.android.com/apk/res/android"
    package="com.appname">

    <uses-permission android:name="android.permission.INTERNET" />
    <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" /> 
    <uses-permission android:name="android.permission.SYSTEM_ALERT_WINDOW"/>

    <application
      android:name=".MainApplication"
      android:label="@string/app_name"
      android:icon="@mipmap/ic_launcher"
      android:allowBackup="false"
      android:theme="@style/AppTheme">
      <activity
        android:name=".MainActivity"
        android:label="@string/app_name"
        android:configChanges="keyboard|keyboardHidden|orientation|screenSize"
        android:windowSoftInputMode="adjustResize">
        <intent-filter>
            <action android:name="android.intent.action.MAIN" />
            <action android:name="android.intent.action.DOWNLOAD_COMPLETE"/>
            <category android:name="android.intent.category.LAUNCHER" />
        </intent-filter>
          <intent-filter android:label="@string/app_name">
              <action android:name="android.intent.action.VIEW" />
              <category android:name="android.intent.category.DEFAULT" />
              <category android:name="android.intent.category.BROWSABLE" />
              <data android:scheme="appname" android:host="*" />
          </intent-filter>
      </activity>
      <activity android:name="com.facebook.react.devsupport.DevSettingsActivity" />
    </application>

</manifest>

Two Factor Authentication on Twitter is Broken

The online security of you and your friends and family is more at risk now than it’s ever been. People are still regularly using the same username and password across most, if not all their online accounts. Any leak of one set of access details is a leak of all their access details.

When two factor authentication was launched it became a saviour for these people. You would need physical hardware to generate or receive a one time code, as well as your username and password.

Twitter implemented this initially as SMS only one time code sending. You added your mobile number to your Twitter account and it would start sending codes at the point of login and requiring the code to login successfully.

The first version would only allow your mobile number to be connected to a single account, so if you wanted to secure multiple accounts you were out of luck.

There is also a flaw in the SMS system though which can allow hackers to redirect the security code to any number they choose. It’s not widely used, but still exists.

More recently Twitter added the ability to use other methods of two factor authentication. Apps like Last Pass, 1Password and Authy allow you to store all your access details behind a single master password.

Sounds great right? No more relying on mobile phones. Well, no. The trouble is, that to use a password manager with Twitter, you first have to add your mobile number to your Twitter account. You then have to manually disable the SMS option to stop Twitter always sending the SMS codes.

The kicker here is that if you remove your mobile phone number from your Twitter account, it also removes any other two factor authentication you’ve set up.

You cannot have two factor authentication on your Twitter account if you don’t have a mobile phone linked to the account.

This is an astonishing requirement, and one many security experts are calling short-sighted and even a dark pattern.

You would hope that Twitter would put security before all else, but in this case that doesn’t seem to be so.


You can find me on twitter via @HarryBailey