Today I had a task which sounded like this "Change for balancer urls for this VIP - vip:8080 -> server* 16081/int"
Long story short:
frontend my_vip bind x.x.x.x:8080 mode http maxconn 30000 default_backend my_backend
backend my_backend mode http balance leastconn acl int_prefix path_beg /int reqrep ^([^\ :]*)\ /(.*) \1\ /int/\2 unless int_prefix server server1 y.y.y.y:16081 maxconn 32 check fall 3 server server2 z.z.z.z:16081 maxconn 32 check fall 3
A while ago I had to renew the SSL certificate for a website I'm taking care of.
How do I verify that a private key matches a certificate?
[codesyntax lang="bash"]
openssl x509 -noout -modulus -in server.crt | openssl md5 openssl rsa -noout -modulus -in server.key | openssl md5
[/codesyntax]
How do I verify that a CSR matches a certificate match?
[codesyntax lang="bash"]
openssl req -noout -modulus -in server.csr | openssl md5
[/codesyntax]
dnsmasq is a lightweight DNS, TFTP, PXE, router advertisement and DHCP server. It is intended to provide coupled DNS and DHCP service to a LAN.
From time to time dnsmasq decided to resolve some hosts over a VPN tunnel to their external IP address instead the internal one. This was quite annoying... After digging a little bit I found that the root cause of all my VPN heartache was the dnsmasq daemon controlling my DNS. And, related, network-manager. Ok, so how can we disable dnsmasq?!
[codesyntax lang="bash"]
vim /etc/NetworkManager/NetworkManager.conf :%s/dns=dnsmasq/#dns=dnsmasq/g :wq
[/codesyntax]
Ta-da! No more problems! We're all set!
Well, at some point you might need this. So, how do you do this?
[codesyntax lang="bash"]
cat /proc/modules | cut -f 1 -d " " | while read module; do \
echo "Module: $module"; \
if [ -d "/sys/module/$module/parameters" ]; then \
ls /sys/module/$module/parameters/ | while read parameter; do \
echo -n "Parameter: $parameter --> "; \
cat /sys/module/$module/parameters/$parameter; \
done; \
fi; \
echo; \
done
[/codesyntax]
Wasn't that hard, right?!
After many years of using Debian, I decided to give Ubuntu 14.04 a shoot... One of the many problems I have encountered was the installation of VMware. Well, everything went fine but the kernel modules... Ok, long story short, here's the patch:
[codesyntax lang="bash"]
vim ~/vmnet313.patch
[/codesyntax]
205a206
> #if LINUX_VERSION_CODE < KERNEL_VERSION(3, 13, 0)
206a208,210
> #else
> VNetFilterHookFn(const struct nf_hook_ops *ops, // IN:
> #endif
255c259,263
< transmit = (hooknum == VMW_NF_INET_POST_ROUTING);
---
> #if LINUX_VERSION_CODE < KERNEL_VERSION(3, 13, 0)
> transmit = (hooknum == VMW_NF_INET_POST_ROUTING);
> #else
> transmit = (ops->hooknum == VMW_NF_INET_POST_ROUTING);
> #endif
[codesyntax lang="bash"]
:wq
[/codesyntax]
[codesyntax lang="bash"]
# Change directory into the vmware module source directory cd /usr/lib/vmware/modules/source # untar the vmnet modules tar -xvf vmnet.tar # run a the patch you should have just saved earlier patch vmnet-only/filter.c < ~/vmnet313.patch # re-tar the modules tar -uvf vmnet.tar vmnet-only # delete the previous working directory rm -r vmnet-only # just run the GUI app vmware
[/codesyntax]
There you go!
If you see [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) in you apache error.log file means you have created a cert that is intended to be used to sign other certs, but you're using that cert as your SSL cert. So, it depends how you create the SSL cert.
But how can we solve this problem?!
1. Generate private key and certificate signing request
[codesyntax lang="bash"]
openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 openssl rsa -passin pass:x -in server.pass.key -out server.key rm server.pass.key openssl req -new -key server.key -out server.csr
[/codesyntax]
Note: when the openssl req command asks for a “challenge password”, just press return, leaving the password empty.
2. Generate SSL certificate
[codesyntax lang="bash"]
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
[/codesyntax]
This document describes a stealth method to externally open ports that, by default, are kept closed by the firewall.
Server side
1. Install knockd
[codesyntax lang="bash"]
apt-get install knockd
[/codesyntax]
2. Configure knockd
[codesyntax lang="bash"]
vim /etc/knockd.conf
[options]
UseSyslog
[OpenClosePort]
sequence = 2123:udp,3543:tcp,6454:udp
seq_timeout = 5
Start_Command = /sbin/iptables -I INPUT -s %IP% -p tcp --dport PORT -j ACCEPT
tcpflags = syn
Cmd_timeout = 3600
Stop_Command = /sbin/iptables -D INPUT -s %IP% -p tcp --dport PORT -j ACCEPT
:wq
[/codesyntax]
Notes:
3. Enable knockd
[codesyntax lang="bash"]
vim /etc/default/knockd :%s/START_KNOCKD=0/START_KNOCKD=1/g :%s/#KNOCKD_OPTS="-i eth1"/KNOCKD_OPTS="-i eth0"/g :wq
[/codesyntax]
4. Start knockd
[codesyntax lang="bash"]
/etc/init.d/knockd restart
[/codesyntax]
Client side
1. Knock the port
[codesyntax lang="bash"]
nmap -Pn --host_timeout 201 --max-retries 0 -sU -p 2123 host; nmap -Pn --host_timeout 201 --max-retries 0 -p 3543 host; nmap -Pn --host_timeout 201 --max-retries 0 -sU -p 6454 host
[/codesyntax]
2. Check if the port is open
[codesyntax lang="bash"]
telnet host PORT
[/codesyntax]
I wanted to have syntax highlighting for a php file I was debugging. Source-highlight given a source file, produces a document with syntax highlighting.
These are the output formats already supported:
These are the input languages (or input formats) already supported (in alphabetical order):
Exactly what I needed!
[codesyntax lang="bash"]
apt-get install source-highlight echo "" >> ~/.bashrc echo "export LESSOPEN=\"| /usr/share/source-highlight/src-hilite-lesspipe.sh %s\"" >> ~/.bashrc echo "export LESS=' -R '" >> ~/.bashrc
[/codesyntax]
Note: Be sure this line isn't present in your .bashrc because it will interfere with source-highlight:
[codesyntax lang="bash"]
[ -x /usr/bin/lesspipe ] && eval "$(lesspipe)"
[/codesyntax]
References:
Many people would say why don't you use rsync? rsync is, in deed, a wonderful little tool that has a lot of features, but it doesn't support segmented file transfer. Well, there are a lot of software applications out there that can handle segmented file transfers over FTP or HTTP protocol. One of them is prozilla. But, as rsync, prozilla doesn't support SFTP protocol. So, how can we handle this? The answer has four letters: lftp. Quote from lftp man page:
Gets the specified file using several connections. This can speed up transfer, but loads the net and server heavily impacting other users. Use only if you really have to transfer the file ASAP
[codesyntax lang="bash"]
lftp sftp://user[:password]@host.ro[:port] -e "mirror -c --parallel=5 --use-pget-n=5 \"/path/to/folder/\""
[/codesyntax]
Very simple and effective, right?
(Very) Later edit:
[codesyntax lang="bash"]
echo 'set sftp:connect-program "ssh -a -x -i /full/path/to/the/ssh/private/key"' | tee ~/.lftprc lftp -u user,xxx sftp://host.ro:6646 -e "mirror -c --parallel=10 --use-pget-n=10 \"/path/to/folder/\"; quit"
[/codesyntax]
Where:
Prozilla Download Accelerator is a multi-threaded download accelerator for Linux which supports both HTTP and FTP protocols and because it makes multiple connections to the server and downloads the file in portions, thus giving a much better speed rate than the conventional download programs which use a single connection, increases download speeds with up to 200-300%.
Resuming connections is fully supported and customizable.
Because it based on ncurses, Prozilla is also a lightweight download accelerator.
1. Get prozilla 2.0.4.
[codesyntax lang="bash"]
git clone https://github.com/totosugito/prozilla-2.0.4.git
[/codesyntax]
2. Install required packages
[codesyntax lang="bash"]
apt-get install autoconf build-essential libncurses5-dev
[/codesyntax]
3. Installing from source code
[codesyntax lang="bash"]
cd prozilla-2.0.4 ./configure make make install
[/codesyntax]
4. Troubleshouting. If an error occurs:
make[4]: Leaving directory `/home/user/prozilla-2.0.4/libprozilla/src’
make[4]: Entering directory `/home/user/prozilla-2.0.4/libprozilla’
make[4]: Nothing to be done for `all-am’.
make[4]: Leaving directory `/home/user/prozilla-2.0.4/libprozilla’
make[3]: Leaving directory `/home/user/prozilla-2.0.4/libprozilla’
make[2]: Leaving directory `/home/user/prozilla-2.0.4/libprozilla’
Making all in src
make[2]: Entering directory `/home/user/prozilla-2.0.4/src’
if g++ -DHAVE_CONFIG_H -I. -I. -I.. -I. -I.. -I../libprozilla/src -I../intl -I/usr/local/include -fno-inline -DLOCALEDIR=\”/usr/local/share/locale\” -Wall -ggdb -D_REENTRANT -MT main.o -MD -MP -MF “.deps/main.Tpo” \
-c -o main.o `test -f ‘main.cpp’ || echo ‘./’`main.cpp; \
then mv -f “.deps/main.Tpo” “.deps/main.Po”; \
else rm -f “.deps/main.Tpo”; exit 1; \
fi
In file included from main.cpp:39:
download_win.h:55: error: extra qualification ‘DL_Window::’ on member âprint_status’
make[2]: *** [main.o] Error 1
make[2]: Leaving directory `/home/user/prozilla-2.0.4/src’
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/home/user/prozilla-2.0.4′
make: *** [all] Error 2
And the solutions...
Looks like the problem of error occurs because the compatibility of the compiler the GNU C/C+ + latest version, to avoid this error edit the file src/download_win.h and replace:
void DL_Window::print_status(download_t * download, int quiet_mode);
with:
void print_status(download_t * download, int quiet_mode);
5. Do you want to make this a deb package?
[codesyntax lang="bash"]
apt-get install build-essential automake autoconf libtool pkg-config libcurl4-openssl-dev intltool libxml2-dev libgtk2.0-dev libnotify-dev libglib2.0-dev libevent-dev checkinstall ./configure && make && sudo checkinstall
[/codesyntax]
Recent Comments