Systemd: docker-compose system configuration

Description=iix-notes @ iix.se docker Requires=docker.service After=docker.service [Service] WorkingDirectory=/srv/iix-notes ExecStart=/usr/local/bin/docker-compose up ExecStop=/usr/local/bin/docker-compose down [Install] WantedBy=multi-user.target

Systemd: Creating a generic non-forking service

# /etc/systemd/system/spark-backend.service Description=iix.se java spark backend After=network.target [Service] WorkingDirectory=/srv/spark-backend User=www-data Group=www-data ExecStart=/srv/spark-backend/bin/spark-backend [Install] WantedBy=multi-user.target

Let's encrypt crontab with nginx service

Crontab for renewal # m h dom mon dow command 15 3 * * * certbot renew --quiet --no-self-upgrade --pre-hook "systemctl stop nginx.service" --post-hook "systemctl start nginx.service" Docker alternative Note that if you run certbot in docker, you cannot use the –pre-hook and –post-hook as the other services cannot be changed through the docker container. Instead, you should create a script file, where you run the –pre-hook before the command and –post-hook afterwards ...

Nginx: connect() failed while connecting to upstream

Spam in error.log: 2017/05/07 16:51:50 [error] 30504#0: *7089 connect() failed (111: Connection refused) while connecting to upstream, client: 169.54.244.93, server: iix.se, request: "GET / HTTP/1.1", upstream: "http://[::1]:8001/", host: "phoenix.iix.se" In your nginx configuration, replace hostnames with ip-addresses

Rolling up sequence numbers

Find sequences: \c database_name \ds For each, run: SELECT setval('your_table_id_seq', (SELECT MAX(id) FROM your_table));

Simple reverse proxy with socat

Open local port 5901 to be reached from anyone by connecting to localhost:8080 socat TCP4-LISTEN:8080,fork TCP4:localhost:5901

April 28, 2017  |  🏷️Socat

Adding AUTH PLAIN to Postfix

Note Instructions are for debian (and probably works for ubuntu and friends too). Easiest way to getting it to work in fedora is through dovecot’s sasl2. See dovecot configuration and postfix configuration Install sasl dependencies sudo apt-get install libsasl2-modules sasl2-bin Create /etc/postfix/sasl/smtpd.conf: pwcheck_method: saslauthd mech_list: PLAIN LOGIN Create /etc/default/saslauthd-postfix cp /etc/default/saslauthd /etc/default/saslauthd-postfix Edit /etc/default/saslauthd-postfix START=yes DESC="SASL Auth. Daemon for Postfix" NAME="saslauthd-postf" # max. 15 char? OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd" Create subdirs: dpkg-statoverride --add root sasl 710 /var/spool/postfix/var/run/saslauthd Add group (maybe not required?) adduser postfix sasl Reset and enable saslauthd sudo systemctl restart saslauthd sudo systemctl enable saslauthd Config postfix sudo postconf -e 'smtpd_sasl_local_domain = $myhostname' sudo postconf -e 'smtpd_sasl_auth_enable = yes' sudo postconf -e 'broken_sasl_auth_clients = yes' sudo postconf -e 'smtpd_sasl_security_options = noanonymous' sudo postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination' Reset postfix sudo systemctl restart postfix

Debian: Unattended upgrades

Description: Install unattended-upgrades. The server should run unattended upgrades every night, and reboot at 4 am if required by any application. Implementation: Login as root Install packages unattended-upgrades and cron-apt Set the following values in /etc/apt/apt.conf.d/50unattended-upgrades Unattended-Upgrade::Origins-Pattern { "o=Debian,a=stable"; }; Unattended-Upgrade::MinimalSteps "true"; Unattended-Upgrade::InstallOnShutdown "true"; Unattended-Upgrade::Mail "root"; Unattended-Upgrade::MailOnlyOnError "true"; Unattended-Upgrade::Remove-Unused-Dependencies "false"; Unattended-Upgrade::Automatic-Reboot "true"; Unattended-Upgrade::Automatic-Reboot-Time "04:00"; Unattended-Upgrade::InstallOnShutdown "false"; Set the following values in /etc/apt/apt.conf.d/02periodic APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Unattended-Upgrade "1"; APT::Periodic::AutocleanInterval "30"; Verification: Run unattended-upgrade --dry-run --debug as root. If there are any application upgrades available, they should show up. Wait a few days and check /var/log/apt/history.log

Getting started with KVM

Installation (No X11) # Install prerequirements (ignore virtinst if you have x11) sudo apt-get install qemu-kvm libvirt-bin virtinst sudo usermod -aG kvm $USER sudo usermod -aG libvirt $USER Creating a new host (i.e. guest) # NAME-OF-VHOST is whatever you want to call your virtual host # SIZE-IN-MB is how many MBs of RAM you want to give the new host # LOCATION is the location to install from, you can find locations by typing `man virt-install` # NAME-OF-DISK is what disk you want to provide to the vhost, e.g. a partition sudo virt-install --virt-type kvm --name NAME-OF-VHOST --memory SIZE-IN-MB --location LOCATION --extra-args "console=ttyS0" --disk /dev/NAME-OF-DISK # Example sudo virt-install --virt-type=kvm --name david2 --memory 16384 --location http://ftp.us.debian.org/debian/dists/stable/main/installer-amd64/ --disk /dev/vg0/lv1 --extra-args "console=ttyS0" # Example (ISO-file and vnc graphics) sudo virt-install --virt-type=kvm --name bleach --memory 4096 --disk /dev/vg0/lv5 --cdrom Fedora-Server-netinst-x86_64-27-1.6.iso --graphics=vnc,listen=127.0.0.1,password=verysecret Bridge guest to host network Add network interface In /etc/network/interfaces, change from ...

Enabling angular-js html5mode

location ~ ^/(data|html|css|js)/ { try_files $uri $uri/ =404; } location / { try_files $uri $uri/ /index.html; }