MySQL docker container in a host machine which has MySQL server running

Map container to another host port other than 3306

version: '3'
services:

  mysql:
    container_name: docker_mysql_1
    ports:
      - 3307:3306/tcp
    privileged: true
    restart: on-failure
    image: mysql:8.4
    volumes:
      - mysql84:/var/lib/mysql
    network_mode: bridge
    environment:
      MYSQL_ROOT_PASSWORD: test1234
    command:
      - --innodb_file_per_table=0
      - --innodb_checksum_algorithm=INNODB
      - --binlog_checksum=NONE
      - --sql_mode=NO_ENGINE_SUBSTITUTION
      - --slow-query-log=1
      - --slow-query-log-file=/var/log/mysql/my-slow.log
      - --long_query_time=1
      - --log-queries-not-using-indexes
      - --restrict_fk_on_non_standard_key=0
    security_opt:
      - seccomp=unconfined

volumes:
  mysql84:

After container is up, connect to container Mysql Server

#when ask password, type: test1234
mysql -h 127.0.0.1 -P 3307 -u root -p 

#another way using container name
docker exec -it docker_mysql_1 mysql -uroot -p

To connect MySQL running on the host machine. Assume there is MySQL user tester

mysql -u tester -p

How to check who owns 3306 now

#On host:
ss -ltnp | grep 3306
# or
lsof -i :3306

GitHub Copilot

Check vscode version

• Code => About Visual Studio Code (in Mac)
• Help => About

Check which github account is logged in for vscode

Click accounts icon (icon like a person

How to check php package in alpine linux

Go to Alpine Linux

• In Package name field, search php83, php84 or php85
• In Branch field, choose v3.23, v3.23 etc

Add Openai gpt-5.3-codex model into my Openai web application

Here is My Openai Chat Github Repository

To add gpt-5.3-codex model

• Update Dockerfile to use python:3.9 base image.
• Update requirements.txt to use Django 4.2.0 and Python openai sdk 2.26.0
• Use Python openai sdk response api to interact with Openai gpt-5.3-codex model

See affected AWS resources for upcoming events

1. log into aws console
2. go to AWS health Dashboard
3. ckick Scheduled changes
4. click Calendar
5. choose date
6. click Upcomming
7. choose one of events to see affected resourses

SFTP server

#log in
sftp leo@82.992.123.124

#after log in

# upload a file:
put test.txt

# download a file
get test.txt

# delete a file
rm test.txt

Directly copy file between the server and the local machine if can ssh to the server

# find server public ip: 100.31.47.111

# ssh to the server
ssh -i /Users/leo/path/noc.pem ec2-user@100.31.47.111

# copy file to server
scp -i /Users/leo/path/noc.pem /Users/leo/path/test.txt.gpg  ec2-user@100.31.47.111:/home/ec2-user/

# copy file from server to local
scp -i /Users/leo/path/noc.pem  ec2-user@100.31.47.111:/home/ec2-user/test.txt  /Users/leo/path/ 

Decrypt gpg file

# verify have the private key
gpg --list-secret-keys

# decrypt. when prompt, provide private key phrase
gpg --decrypt --output mytest.csv  mytest.csv.gpg

CORS

Error: Access to fetch at .... has been blocked by CORS

CORS stands for cross origin resource share. If use Javascript to fetch a endpoint and endpoin is not the same origin as the current page, may see the above error. Here origin is protocol + domain + port.

//host is https://examplea.com
<script>

 let endpoint = "https://exampleb.com/create-order";
 return fetch(endpoint, {
      method: 'POST',
      headers: { 'Content-Type': 'application/json' },
      body: JSON.stringify(data)
    })
      .then(resp => {
        if (!resp.ok) throw new Error('Network response was not ok');
        return resp.json();
      });
</script>

To solve the issue. For that end point of exampleb.com. the response needs to set headers such as

$response = $response->withHeader('Access-Control-Allow-Origin', "*");
        
return $response->withHeader('Access-Control-Allow-Headers', 'X-Requested-With,x-api-key, Content-Type, Accept, Origin, Authorization, X-Authorization-JWT, X-CSRF-Token')
	->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
    }

Javascript Class

Class in ECMAScript 5

function PersonType(name) {
    this.name = name;
}

PersonType.prototype.sayName = function() {
    console.log("your name:" + this.name);
}

let person = new PersonType("leo");
person.sayName();

Class in ECMAScript 6

class PersonType {
    constructor(name) {
        this.name = name;
    }
    sayName() {
        console.log("your name:" + this.name);
    }
}

let person = new PersonType("leo");
person.sayName();

Use class in web page

index.html

<!DOCTYPE html>
<html lang="en">
<head>
    <script src="person.js"></script>
    <script>
        let p = new Person('leo');
        p.sayName();
    </script>
</head>
</html>

person.js

class Person {
    constructor(name) {
        this.name = name;
    }
    sayName() {
        console.log("your name:" + this.name);
    }
}

// export to global namespace so index.html can see it
window.Person = Person;

Javascript Promise

Create a promise and consume a promise

example one

let p = new Promise((resolve, reject) => {
    let n = Math.floor(Math.random() * 100);
    let good = n % 2 == 0 ? true : false;

    if (good) {
        setTimeout(resolve, 100, { "dd": 1212 });
    } else {
        setTimeout(reject, 200, "bad2");
    }
});

p.then((v) => console.log("suc", v))
    .catch((v) => console.log("failed:", v));

//this is identical as the above
p.then((v) => console.log("suc", v), (v) => console.log("failed:", v));

example two

import { readFile as _readFile } from 'fs';

let p = new Promise((resolve, reject) => {
  _readFile("./test.js", 'utf8', (err, data) => {
    if (err) {
      reject(err);
    } else {
      resolve(data);
    }
  })
});

p.then((data) => console.log("good", data))
  .catch((err) => console.log("err", err))

Use await to consume a function which return a promise

example one

function myCreate() {
    return new Promise((resolve, reject) => {
        let n = Math.floor(Math.random() * 100);
        let good = n % 2 == 0 ? true : false;

        if (good) {
            setTimeout(resolve, 100, { "dd": 1212 });
        } else {
            setTimeout(reject, 200, "bad2");
        }
    });
}

//Any exception thrown in the try block (or any rejected promise when using await) will jump to the catch.
try {
    const ans = await myCreate();
    console.log("ans", ans);
} catch (err) {
    console.log("err:", err);
}

use async function to consume the promise

function myCreate() {
    return new Promise((resolve, reject) => {
        let n = Math.floor(Math.random() * 100);
        let good = n % 2 == 0 ? true : false;

        if (good) {
            setTimeout(resolve, 100, { "dd": 1212 });
        } else {
            setTimeout(reject, 200, "bad2");
        }
    });
}

async function test() {
    try {
        const ans = await myCreate();
        console.log("ans", ans);
    } catch (err) {
        console.log("err:", err);
    }
}

test();

You still can use then to consume a promise returned by a function.

function myCreate() {
    return new Promise((resolve, reject) => {
        let n = Math.floor(Math.random() * 100);
        let good = n % 2 == 0 ? true : false;

        if (good) {
            setTimeout(resolve, 100, { "dd": 1212 });
        } else {
            setTimeout(reject, 200, "bad2");
        }
    });
}

myCreate().then((ans) => console.log("ans", ans), (err) => console.log("err:", err));

Install older version vscode

Install

• go to vscode versions
• Pick a one and download
• For mac, unzip the file. Drag app file into Application folder

Prevent from upgrading automatically

• – Open VS Code.
• – Press ⌘, (Command-Comma) to open Settings.
• – In the search box type “update”.
• – Under Features → Updates find “Update: Mode” and set it to “none”.

AWS ECR image scan reports vulnerabilities

Question:When the image was scanned one month ago, there is no vulnerability. The same image is scanned today, and reports vulnerabilities. Why?

Answser: AWS has updated its' vulnerability definitions.

Question:Sometimes, after image is rebuilt using the same docker file, these vulnerabilities are gone. Why?

Answer: When the image is rebult, it will grab the latest libraries and these vulnerabilities may have been fixed in these new libraies. In the case, use this flag.

 --no-cache

Here is an example. Scan reports vulnerabilities related to curl

Dockerfile

FROM alpine:3.19
RUN apk update && apk add curl && apk upgrade

To build

 docker image build --no-cache  -t leo_test:latest .

When do apk update && apk add, it will get the latest libraries. At that time, alpine may have fix the curl issue. You may check and find that curl version has been changed.

curl --version

X-Frame-Options header for iframe

<iframe
        src="https://google.com"
        width="600"
        height="300"
        title="Demo Iframe"
        frameborder="0"
> </iframe>

Google.com will not be displayed in iframe. It is said that Google is refused to be connected. This is because that Google send out X-Frame-Options header

There are two values for this header

X-Frame-Options: DENY
X-Frame-Options: SAMEORIGIN

To set in apache httpd.conf

Header always append X-Frame-Options SAMEORIGIN

Header always append X-Frame-Options DENY

For the first option, will display content of the same domain. For the second option, will not display content from any domain

Overwrite for one single page in httpd.conf Therefore pay.html can be used as src of iframe on other domains

Header always append X-Frame-Options SAMEORIGIN

<Location /pay.html>
  # remove the SAMEORIGIN header
  Header always unset X-Frame-Options
</Location>

ECS service and target group

• associate ECS service to load balancer
• define target group for load balancer
• running tasks of this ECS service become targets of this target group

#cloudformation template snippet
Service:
    Type: "AWS::ECS::Service"
    Properties:
      Cluster: !FindInMap [BuildEnvironment, !Ref 'EnvironmentType', "cluster"]
      DesiredCount: !FindInMap [BuildEnvironment, !Ref 'EnvironmentType', "desire"]
      LoadBalancers:
        - ContainerName: !Sub "${EnvironmentType}-${APP}"
          ContainerPort: 80
          TargetGroupArn: my_target_group_arn

See targets in a target group

1. Go to EC2
2. In left side, under Load Balancing. Click Target Groups link
3. Search target group by name. Click that target group
4. In Registered targets section, see targets. They are running tasks. Find port
5. Go to a task. Check the Network bindings for the task to find port. These ports are matched.

Encrypt and decrypt password using PHP sodium

Encrypt password

<?php
/**
 * encrypt.php
 */
$masterKey = "canyouguess";
$passwordToEncrypt = "top-secret";

//ecncypt password
$code = encrypt($masterKey, $passwordToEncrypt);
echo "code: ", $code, "\n";

/**
 * @param $masterKey
 * @param $password
 * @return string
 * @throws SodiumException
 */
function encrypt($masterKey, $password)
{
    // Derive a subkey of the correct length for secretbox
    $key = sodium_crypto_generichash($masterKey, '', SODIUM_CRYPTO_SECRETBOX_KEYBYTES
    );

    // Generate a random nonce
    $nonce = random_bytes(SODIUM_CRYPTO_SECRETBOX_NONCEBYTES);

    // Encrypt
    $ciphertext = sodium_crypto_secretbox($password, $nonce, $key);

    // Prepend nonce for later decryption, and base64-encode the lot
    return base64_encode($nonce . $ciphertext);
}

In the directory of encrypt.php, run:

docker run -it --rm -v "$PWD":/usr/src -w /usr/src php:8.2-cli php encrypt.php

Output:

code: qKUilnBOnSPIOmKnwIoJAdOaC+9lhud/0eiTekLPokmuImFiRpuHvKG6AoUs7eT7fBY=

Decrypt code to get password

If do not have master key, there is no way to decrypt the code

<?php
/**
 * decrypt.php
 */

$masterKey = "canyouguess";
$code = "qKUilnBOnSPIOmKnwIoJAdOaC+9lhud/0eiTekLPokmuImFiRpuHvKG6AoUs7eT7fBY=";

//decrypt password using master key
$password = decrypt($masterKey, $code);
echo "password: ", $password, "\n";

/**
 * @param $masterKey
 * @param $code
 * @return string
 * @throws SodiumException
 */
function decrypt($masterKey, $code)
{
    $raw = base64_decode($code, true);
    if ($raw === false) {
        throw new RuntimeException('Invalid base64');
    }

    // same derived subkey
    $key = sodium_crypto_generichash($masterKey, '', SODIUM_CRYPTO_SECRETBOX_KEYBYTES
    );

    $nonceLen = SODIUM_CRYPTO_SECRETBOX_NONCEBYTES;
    if (strlen($raw) < $nonceLen) {
        throw new RuntimeException('Ciphertext too short');
    }

    // extract nonce and ciphertext
    $nonce = mb_substr($raw, 0, $nonceLen, '8bit');
    $ciphertext = mb_substr($raw, $nonceLen, null, '8bit');

    // decrypt & verify
    $plaintext = sodium_crypto_secretbox_open($ciphertext, $nonce, $key);
    if ($plaintext === false) {
        throw new RuntimeException('Decryption failed or message forged');
    }

    return $plaintext;
}

In the same directory of decrypt.php, run:

docker run -it --rm -v "$PWD":/usr/src -w /usr/src php:8.2-cli php decrypt.php

Output:

password: top-secret

Import and export in AWS CloudFormation

 
- ContainerName: !Sub "${AWS::StackName}"
  ContainerPort: 80
  TargetGroupArn: { "Fn::ImportValue" : { "Fn::Join" : [ "-", [ { "Ref" : "EnvironmentType" }, "leo-elb-elb-target-group"]] }}

If EnvironmentType is sandbox, we are importing sandbox-leo-elb-elb-target-group as TargetGroupArn

# part of codes from stack sandbox-leo-elb
# export a resource called leo-elb-elb-target-group
# click Outputs tab in AWS console for this stack. Also see Export Name: leo-elb-elb-target-group
Outputs:
  ELBTargetGroupHTTP:
    Description: The target group
    Value: !Ref ELBTargetGroup
    Export:
      Name: !Sub "${AWS::StackName}-elb-target-group"

Git cherry pick

how to cherry pick codes from development to staging

1. need to find commit hash using git log
2. git checkout release/1-staging
3. git checkout -b feature/SMP-7777
4. git cherry-pick hash
5. git push --set-upstream origin feature/SMP-7777
6. create code review

If pick mutiple commits, start cherry pick from old one.

//example
git checkout master

git checkout -b feature/my-4247-hot-fix

git cherry-pick cd5861fb4c098855fe99b1eb74790874c6be4570 22dfcc0dd6064029da786637e3ceb3b5b5d00719

git push -u origin feature/my-4247-hot-fix

If deploy process stuck because of AWS stack update

If AWS stack update is stuck, and deploy process will not be completed.

• cancel Jenkin release process
• go to AWS cloudformation. go to Stack Action. click Cancel update stack from drop down.
• wait for update_rollback_complete state

AWS Lambda

To access AWS Cloudwatch Logs for Lambda function

1. Click Monitor tab
2. Click view CloudWatch Logs link

Use environment variable in node.js

//here SHARED_MS_BUCKET is env variable name
Bucket: process.env.SHARED_MS_BUCKET

Edit host file for Window 11 WSL (Windows Subsystem for Linux)

You need to edit the following file using notepad and run as admin

 C:\Windows\System32\drivers\etc\hosts

If you edit subsystem linux's /etc/hosts, it will not affect browser such as Google Chrome

Access two github accounts in one linux machine

Assume you already can access your person github repositories using public key id_rsa.pub

1. Create another ssh private / public key pair

   # file name: ~/.ssh/id_rsa2
    ssh-keygen

2. upload public key to your company's github
3. create a ssh config at .ssh/config

   Host github.com
     HostName github.com
     User git
     IdentityFile ~/.ssh/id_rsa
     AddKeysToAgent yes
     ServerAliveInterval 60
     ServerAliveCountMax 30
   
   # Work GitHub account
   Host github-work
     HostName github.com
     User git
     IdentityFile ~/.ssh/id_rsa2
     AddKeysToAgent yes
     ServerAliveInterval 60
     ServerAliveCountMax 30

4. clone work repository

   git clone git@github-work:mycompany/jackt.git

5. clone your person repository as normal because it will use the default ssh config