Notes from sysadmin work. Yet another sysadm blog
Same as post below but from el9 to el6.
We will do all on el9 box.
nano /etc/openssl_dhssl.cnf (create new file)
.include /etc/ssl/openssl.cnf [openssl_init] alg_section = evp_properties [evp_properties] rh-allow-sha1-signatures = yes
/root/.ssh/config
Host your.host.com
HostkeyAlgorithms +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa
Than just connect via
OPENSSL_CONF=/etc/openssl_dhssl.cnf ssh root@your.host.com
On server with Alma9 we shoud do
update-crypto-policies --set LEGACY
and add this line to /etc/ssh/sshd_config
HostKeyAlgorithms +ssh-rsa,ssh-dss
Server A = Hetzner (public IP 193.1.1.2) that compute with virtual machines that have network br0.
Server B = VPS (public IP 176.1.1.2). From that VM we will do portforwarding.
On server A, file /etc/rc.local
ip tunnel add gre1 mode gre local 193.1.1.2 remote 176.1.1.2 ttl 255 ip addr add 10.0.0.2/30 dev gre1 ip link set gre1 up #echo '100 GRE' >> /etc/iproute2/rt_tables ip rule add from 10.0.0.0/30 table GRE ip route add default via 10.0.0.1 table GRE ip route add 10.96.111.0/24 dev br0 table GREContinue reading “Port forward to Hetzner from VPS via GRE Tunnel + iptables rules”
Prologue: sda old but works, sdc defective. I will replace sdc.
First of all, mark disk sdc as defective and remove from raid.
mdadm --manage /dev/md0 --fail /dev/sdc2 mdadm --manage /dev/md1 --fail /dev/sdc1 mdadm --manage /dev/md2 --fail /dev/sdc3 mdadm /dev/md0 -r /dev/sdc2 mdadm /dev/md1 -r /dev/sdc1 mdadm /dev/md2 -r /dev/sdc3
Physically replace disk and copy partition table to new one.
Continue reading “Replace defective HDD on CentOS 6 (mbr)”In that quickie article we will setup Postfix as yandex relay that servers only local mail (emails for root) on AlmaLinux 8.
dnf install postfix mailx cyrus-sasl-plain
Continue reading “Postfix as Yandex Relay”Couple UFW rules for antizapret node
ufw default deny incoming ufw default allow outgoing ufw allow ssh / ufw allow from 203.0.113.4 to any port 22 ufw allow 1194 ufw route allow proto tcp from any to any port 1194 ufw route allow proto udp from any to any port 1194 ufw allow in on lxdbr0 ufw route allow in on lxdbr0 ufw enable
This released on ubuntu with packages nginx and nginx-extras (some modules used additionally that not avail on Alma packages, that’s why ubuntu).
We will store cached files in /cdncache and logs in /var/log/nginx/cdnlogs.
Our CDN URL is yourcdn1.domain.name for site1.dev and yourcdn2.domain.name for site2.dev
We will server static files (mp4,jpg,png,gif,jpeg,js,ico,html,htm,webp,css,mp3,wav,swf,mov,doc,pdf,xls,ppt,docx,pptx,xlsx,ttf,woff,woff2), accept only GET queries and disallow listing for /.
Continue reading “Nginx as CDN POP”More difficult than on Centos, yeah? 🙂
opkg list-upgradable | cut -f 1 -d ' ' | xargs opkg upgrade
cat /etc/systemd/system/goip.service
We should start goip service after mysql and we should be sure that it will autorestart on crash.
Continue reading “Goip systemd service”Idea: make a queue of calls in which agents will register themselves. A man came to work, dialed a secret combination, “signed up,” and he is all in line and ready to receive calls. Let’s make it happen.
Continue reading “Asterisk & Self Registration Queue”