Vítejte!

Osobní blog programátora a správce (nejen) Linux serverů. Najdete tady úryvky kódu, příkazy pro instalaci nejrůznějších programů a nastavení všeho možného.

MySQL tmp adresář v RAM (tmpfs)

df -h (zda máte /run s tmpfs) vi /etc/mysql/percona-server.conf.d/mysqld.cnf tmpdir=/run/mysqld Restart

Intel RST (software) RAID5

   

ZFS v Debian 9

sed -i ‚s/main/main contrib non-free/g‘ /etc/apt/sources.list apt-get update apt -y install linux-headers-$(uname -r) ln -s /bin/rm /usr/bin/rm apt-get -y install zfs-dkms /sbin/modprobe zfs systemctl restart zfs-import-cache systemctl restart zfs-import-scan systemctl restart zfs-mount systemctl restart zfs-share truncate -s 100M /root/z zpool create tank /root/z zfs set compression=on tank zpool status systemctl preset zfs-import-cache zfs-import-scan zfs-mount zfs-share […]

Instalace Java 8 v Debian 9 (Stretch)

apt install dirmngr echo „deb http://ppa.launchpad.net/webupd8team/java/ubuntu xenial main“ | tee /etc/apt/sources.list.d/webupd8team-java.list echo „deb-src http://ppa.launchpad.net/webupd8team/java/ubuntu xenial main“ | tee -a /etc/apt/sources.list.d/webupd8team-java.list apt-key adv –keyserver hkp://keyserver.ubuntu.com:80 –recv-keys EEA14886 apt-get update apt-get install oracle-java8-installer

Let’s Encrypt na samostatném serveru

Na webserveru: vi /etc/apache2/conf-available/letsencrypt.conf: <Location „/.well-known/acme-challenge/“> ProxyPass http://<IP_LETSENCRYPT_SERVERU>/.well-known/acme-challenge/ ProxyPassReverse http://<IP_LETSENCRYPT_SERVERU>/.well-known/acme-challenge/ </Location> a2enconf letsencrypt.conf service apache2 restart Na Let’s Encrypt serveru: certbot certonly –standalone –preferred-challenges http –non-interactive -d domena.cz certbot renew –standalone –preferred-challenges http –non-interactive

Docker v Ubuntu 17.04

vi /etc/apt/sources.list deb [arch=amd64] https://download.docker.com/linux/ubuntu yakkety stable apt-key adv –keyserver hkp://keyserver.ubuntu.com:80 –recv-keys 7EA0A9C3F273FCD8 sudo apt-get update sudo apt install docker-ce

ZFS dataset partition enlarge

zfs set volsize=1200g storage/iscsi/elk zfs get volsize,reservation storage/iscsi/elk virsh pool-list virsh pool-destroy elk tgt-admin –show tgt-admin –update tid=12 tgt-admin –show virsh pool-start elk virsh pool-autostart elk virsh start elk.cesal.cz sudo fdisk /dev/sda # sudo fdisk /dev/sda Welcome to fdisk (util-linux 2.29). Changes will remain in memory only, until you decide to write them. Be careful […]

Let’s Encrypt certifikáty

sudo add-apt-repository ppa:certbot/certbot sudo apt-get update sudo apt-get install -y certbot

DKIM v Postfixu

apt-get install -y opendkim opendkim-tools postfix-policyd-spf-python postfix-pcre adduser postfix opendkim

Blokování IP adresy v iptables

Instalace a vytvoření složky apt-get -y install ipset mkdir -p /etc/ipblock/ Skript zajišťující aktualizaci seznamu IP adres #!/bin/bash echo „Updating firehol IP lists..“ cd /etc/ipblock/firehol/ git pull origin master ipset -! create alwaysallow hash:ip ipset -! create blockedips hash:net echo „Adding allowed IPs..“ ipset -q -A alwaysallow XXX.XXX.XXX.XXX ipset -q -A alwaysallow YYY.YYY.YYY.YYY tmpname=$(mktemp) echo […]