System Administration

server { listen *:80; server_name _; return 301 https://$host$request_uri; }

server { listen *:443; server_name iix.se; ssl on; ssl_certificate /etc/letsencrypt/live/iix.se/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/iix.se/privkey.pem; ssl_session_cache builtin:1000 shared:SSL:10m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4; ssl_prefer_server_ciphers on; location / { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://127.0.0.1; proxy_read_timeout 90; } }

Description=iix-notes @ iix.se docker Requires=docker.service After=docker.service [Service] WorkingDirectory=/srv/iix-notes ExecStart=/usr/local/bin/docker-compose up ExecStop=/usr/local/bin/docker-compose down [Install] WantedBy=multi-user.target

# /etc/systemd/system/spark-backend.service Description=iix.se java spark backend After=network.target [Service] WorkingDirectory=/srv/spark-backend User=www-data Group=www-data ExecStart=/srv/spark-backend/bin/spark-backend [Install] WantedBy=multi-user.target

Crontab for renewal # m h dom mon dow command 15 3 * * * certbot renew --quiet --no-self-upgrade --pre-hook "systemctl stop nginx.service" --post-hook "systemctl start nginx.service" Docker alternative Note that if you run certbot in docker, you cannot use the –pre-hook and –post-hook as the other services cannot be changed through the docker container. Instead, you should create a script file, where you run the –pre-hook before the command and –post-hook afterwards...

Spam in error.log: 2017/05/07 16:51:50 [error] 30504#0: *7089 connect() failed (111: Connection refused) while connecting to upstream, client: 169.54.244.93, server: iix.se, request: "GET / HTTP/1.1", upstream: "http://[::1]:8001/", host: "phoenix.iix.se" In your nginx configuration, replace hostnames with ip-addresses

Note Instructions are for debian (and probably works for ubuntu and friends too). Easiest way to getting it to work in fedora is through dovecot’s sasl2. See dovecot configuration and postfix configuration Install sasl dependencies sudo apt-get install libsasl2-modules sasl2-bin Create /etc/postfix/sasl/smtpd.conf: pwcheck_method: saslauthd mech_list: PLAIN LOGIN Create /etc/default/saslauthd-postfix cp /etc/default/saslauthd /etc/default/saslauthd-postfix Edit /etc/default/saslauthd-postfix START=yes DESC="SASL Auth. Daemon for Postfix" NAME="saslauthd-postf" # max. 15 char? OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd" Create subdirs: dpkg-statoverride --add root sasl 710 /var/spool/postfix/var/run/saslauthd Add group (maybe not required?...

Installation (No X11) # Install prerequirements (ignore virtinst if you have x11) sudo apt-get install qemu-kvm libvirt-bin virtinst sudo usermod -aG kvm $USER sudo usermod -aG libvirt $USER Creating a new host (i.e. guest) # NAME-OF-VHOST is whatever you want to call your virtual host # SIZE-IN-MB is how many MBs of RAM you want to give the new host # LOCATION is the location to install from, you can find locations by typing `man virt-install` # NAME-OF-DISK is what disk you want to provide to the vhost, e....

The first RewriteCond allows requests for files which already exists, The second RewriteCond allowed requests for directories which already exists, The third RewriteCond makes sure to not redirect any of the data, html, css or js directories The first RewriteRule says that if any of the RewriteCond matched, we do not do anything else (i.e. return from this function) The second RewriteRule says that if we have not returned from the previous RewriteRule we will return index....

Description: Setup autofs on machines client-1 and client-2, which both uses ldap (how to install is described in a previous note) Implementation: Install package autofs5-ldap Create autofs.ldif with the following data: dn: cn=autofs,cn=schema,cn=config objectClass: olcSchemaConfig cn: autofs olcAttributeTypes: {0}( 1.3.6.1.1.1.1.25 NAME 'automountInformation' DESC 'Inf ormation used by the autofs automounter' EQUALITY caseExactIA5Match SYNTAX 1. 3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcObjectClasses: {0}( 1.3.6.1.1.1.1.13 NAME 'automount' DESC 'An entry in an automounter map' SUP top STRUCTURAL MUST ( cn $ automountInformation $ object class ) MAY description ) olcObjectClasses: {1}( 1....