On server with Alma9 we shoud do
update-crypto-policies --set LEGACY
and add this line to /etc/ssh/sshd_config
HostKeyAlgorithms +ssh-rsa,ssh-dss
Category: Linux
Port forward to Hetzner from VPS via GRE Tunnel + iptables rules
Server A = Hetzner (public IP 193.1.1.2) that compute with virtual machines that have network br0.
Server B = VPS (public IP 176.1.1.2). From that VM we will do portforwarding.
On server A, file /etc/rc.local
ip tunnel add gre1 mode gre local 193.1.1.2 remote 176.1.1.2 ttl 255 ip addr add 10.0.0.2/30 dev gre1 ip link set gre1 up #echo '100 GRE' >> /etc/iproute2/rt_tables ip rule add from 10.0.0.0/30 table GRE ip route add default via 10.0.0.1 table GRE ip route add 10.96.111.0/24 dev br0 table GREContinue reading “Port forward to Hetzner from VPS via GRE Tunnel + iptables rules”
Replace defective HDD on CentOS 6 (mbr)
Prologue: sda old but works, sdc defective. I will replace sdc.
First of all, mark disk sdc as defective and remove from raid.
mdadm --manage /dev/md0 --fail /dev/sdc2 mdadm --manage /dev/md1 --fail /dev/sdc1 mdadm --manage /dev/md2 --fail /dev/sdc3 mdadm /dev/md0 -r /dev/sdc2 mdadm /dev/md1 -r /dev/sdc1 mdadm /dev/md2 -r /dev/sdc3
Physically replace disk and copy partition table to new one.
Continue reading “Replace defective HDD on CentOS 6 (mbr)”Postfix as Yandex Relay
In that quickie article we will setup Postfix as yandex relay that servers only local mail (emails for root) on AlmaLinux 8.
dnf install postfix mailx cyrus-sasl-plain
Continue reading “Postfix as Yandex Relay”UFW for antizapret
Couple UFW rules for antizapret node
ufw default deny incoming ufw default allow outgoing ufw allow ssh / ufw allow from 203.0.113.4 to any port 22 ufw allow 1194 ufw route allow proto tcp from any to any port 1194 ufw route allow proto udp from any to any port 1194 ufw allow in on lxdbr0 ufw route allow in on lxdbr0 ufw enable
Nginx as CDN POP
This released on ubuntu with packages nginx and nginx-extras (some modules used additionally that not avail on Alma packages, that’s why ubuntu).
We will store cached files in /cdncache and logs in /var/log/nginx/cdnlogs.
Our CDN URL is yourcdn1.domain.name for site1.dev and yourcdn2.domain.name for site2.dev
We will server static files (mp4,jpg,png,gif,jpeg,js,ico,html,htm,webp,css,mp3,wav,swf,mov,doc,pdf,xls,ppt,docx,pptx,xlsx,ttf,woff,woff2), accept only GET queries and disallow listing for /.
Continue reading “Nginx as CDN POP”Upgrading all packages on OpenWRT
More difficult than on Centos, yeah? π
opkg list-upgradable | cut -f 1 -d ' ' | xargs opkg upgrade
Ivacy VPN strongswan settings for android (and may be iOS)
Hey. I just tried to find out how to setup Ivacy on my android phone but not with OpenVPN or stock Ivacy app.
As we now strongswan app is more battery-friendly. So we should use strongswan. You hear? Use strongswan if its possible.
But googling not give me anything. I asked support and receive half of truth. But figure out the rest by myself. So lets go.
How to install guacamole 1.0.0 on Centos 7 box
Hey. Guacamole – really good app that allow you to connect to PC in your net via RDP/SSH/Telnet/VNC. Lets install it.
yum install cairo-devel libjpeg-devel libpng-devel uuid-devel freerdp-devel pango-devel libssh2-devel libssh-dev tomcat libvncserver-devel libtelnet-devel tomcat-admin-webapps tomcat-webapps gcc terminus-fontsContinue reading “How to install guacamole 1.0.0 on Centos 7 box”
You can’t upgrade from Centos6 to Centos7
Via redhat-upgrade-tool ?
A lot of articles. And a lot of comments that tool is broken. π