Keycloak behind NGiNX

Configure NGiNX nano /etc/nginx/conf.d/sso.domain.com.conf server { listen 443 ssl http2; server_name sso.domain.com; ssl_certificate /etc/nginx/ssl/sso.domain.com/fullchain.crt; ssl_certificate_key /etc/nginx/ssl/sso.domain.com/key; ssl_session_timeout 5m; location / { proxy_pass http://127.0.0.1:8080/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-Port $server_port; proxy_set_header X-Forwarded-Proto $scheme; } } Configure Keycloak The following is needs to be ran for Keycloak to work behind nginx cd bin ./jboss-cli.sh 'embed-server,/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=proxy-address-forwarding,value=true)'
MORE →

Two separate sonarr instances via systemd

Here is how to have two different Sonarr instances (for example 4k and standard deff). Change the location after --data= to wherever you want the data to be. Since lidarr/radarr are both based on sonarr I would assume you could do it the same way with those as well. nano /etc/systemd/system/sonarr.service [Unit] Description=Sonarr Daemon After=network.target [Service] User=plex Group=plex StandardOutput=null Type=simple ExecStart=/usr/bin/mono /opt/Sonarr/Sonarr.exe -nobrowser --data=/opt/DB/Sonarr TimeoutStopSec=20 KillMode=process Restart=on-failure [Install] WantedBy=multi-user.target nano /etc/systemd/system/sonarr4k.
MORE →

Custom Launcher for Google Chromecast with Google TV

Do you have a great Google Chromecast with Google TV that you don’t want the horrible default launcher (my opinion, all I want is my apps nothing else, I love my Roku, but Channels-DVR doesn’t work with Roku :-() Here is how to install a new one. Today we will be setting up the ATV Launcher (Google Play Store Links below). It’s very easy. ATV Launcher: LINK ATV Launcher Pro: LINK
MORE →

Full system backup with restic and minio

Minio Install mkdir /opt/minio cd /opt/minio wget https://dl.min.io/server/minio/release/darwin-amd64/minio wget https://dl.min.io/client/mc/release/linux-amd64/mc chmod +x mc minio echo 'PATH="${PATH}:/opt/minio"' >> /root/.bashrc useradd minio mkdir -p /data/minio chown minio: -R /opt/minio /data/minio Configure Systemd service nano /etc/systemd/system/minio.service Paste the following in the above file # https://github.com/minio/minio-service/tree/master/linux-systemd [Unit] Description=MinIO Documentation=https://docs.min.io Wants=network-online.target After=network-online.target AssertFileIsExecutable=/opt/minio/minio [Service] WorkingDirectory=/opt/minio User=minio Group=minio EnvironmentFile=/etc/default/minio ExecStartPre=/bin/bash -c "if [ -z \"${MINIO_VOLUMES}\" ]; then echo \"Variable MINIO_VOLUMES not set in /etc/default/minio\"; exit 1; fi" ExecStart=/opt/minio/minio server $MINIO_OPTS $MINIO_VOLUMES # Let systemd restart this service always Restart=always # Specifies the maximum file descriptor number that can be opened by this process LimitNOFILE=65536 # Specifies the maximum number of threads this process can create TasksMax=infinity # Disable timeout logic and wait until process is stopped TimeoutStopSec=infinity SendSIGKILL=no [Install] WantedBy=multi-user.
MORE →

Channels DVR with Pluto and Philo installed on Debian 10

Below I will be writing how to install and configure Channels DVR with Pluto using Pluto4Channels and Philo using TV Everywhere on Debian 10 First install ChannelsDVR, I will be doing this on Linux. This does work on RaspberryPi which is awesome useradd channels-dvr cd /opt This will install the ChannelsDVR in the current folder and install the systemd service curl -f -s https://getchannels.com/dvr/setup.sh | sh chown channels-dvr: -R /opt/channels-dvr
MORE →

Compile bitwarden_rs from souce with mysql support

Here is how to install Bitwarden_rs on Debian 10 with MYSQL support Below I will be writing how to install and configure Bitwarden_rs to work with MYSQL without the need for Docker. Install required softwre Not everything below is required, but I like to install it anyway apt install -y tmux tmux apt install -y build-essential git pkg-config libssl-dev libmariadb-dev-compat libmariadb-dev htop curl wget Install Rust curl --proto '=https' --tlsv1.
MORE →

Basic InfluxDB CheatSheet

Here is a basic cheatsheet for InfluxDB I’ve learned from playing with the TIG stack How to find the hosts in the series. You run the below command and just go through the list to find the host you want to delete. You can delete with what you know the host is, but his is nice because it will insure there wasn’t a typo WHERE "host" = 'DESKTOP-NAME' Here is how you actually drop the data from the DB that way it’s not displayed in Grafana anymore
MORE →

DroneCI behind NGiNX reverse proxy

This so far has been working for me to have DroneCI behind an NGiNX reverse proxy working with Gitea NGiNX Code nano /etc/nginx/sites-available/droneci.domain.com ln -s /etc/nginx/sites-available/droneci.domain.com /etc/nginx/sites-enabled upstream droneci { server 127.0.0.1:8080; } server { server_name droneci.domain.com drone.domain.com; listen 443 ssl http2; ssl_certificate /etc/certs/droneci.domain.com/fullchain.crt; ssl_certificate_key /etc/certs/droneci.domain.com/key; ssl_session_cache builtin:1000 shared:SSL:10m; ssl_protocols TLSv1.2 TLSv1.3; location / { proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host droneci.domain.com; proxy_pass http://droneci; proxy_redirect off; proxy_http_version 1.1; proxy_buffering off; chunked_transfer_encoding off; } } Here is the code for the docker container docker run \ --volume=/var/lib/drone:/data \ --env=DRONE_GITEA_SERVER="https://git.
MORE →

Create self signed cert easily

MORE →

Autostart Tdarr via systemd

The folowing are the systemd units locations and content nano /etc/systemd/system/tdarr-node.service [Unit] Description=Tdarr Node Daemon After=network.target [Service] User=plex Group=plex #StandardOutput=null Type=simple WorkingDirectory=/opt/tDarr/Tdarr_Node ExecStart=/opt/tDarr/Tdarr_Node/Tdarr_Node TimeoutStopSec=20 KillMode=process Restart=on-failure [Install] WantedBy=multi-user.target nano /etc/systemd/system/tdarr-server.service [Unit] Description=Tdarr Server Daemon After=network.target [Service] User=plex Group=plex #StandardOutput=null Type=simple WorkingDirectory=/opt/tDarr/Tdarr_Server ExecStart=/opt/tDarr/Tdarr_Server/Tdarr_Server TimeoutStopSec=20 KillMode=process Restart=on-failure [Install] WantedBy=multi-user.target nano /etc/systemd/system/tdarr-node.service [Unit] Description=Tdarr Node Daemon After=network.target [Service] User=plex Group=plex #StandardOutput=null Type=simple WorkingDirectory=/opt/tDarr/Tdarr_Node ExecStart=/opt/tDarr/Tdarr_Node/Tdarr_Node TimeoutStopSec=20 KillMode=process Restart=on-failure [Install] WantedBy=multi-user.target Now to enable everything you can type the following.
MORE →

Uninstall program via powershell

This is useful if using remote shell to do things. I used this when I migrated from RemoteUtilities (great software, but I can’t seem to find a cheap host for a Windows OS, MeshCentral only requires a small Linux server) to MeshCentral. I was able to use the remote shell through SentinelOne to do this. SentinelOne is by far the best NextGenAV out there. If remote shell uses CMD we’re going to want to open/start powershell
MORE →

Download file via powershell

MORE →

Monitoring Domain Expiry

After using LibreNMS for years and it was giving me issues, I decided to give check_mk RAW a try. It works great. I was able to find a way to have check_mk check for Domain Expiry. The original post is HERE, but the formatting wasn’t working so I reposted it. nano /scripts/check-domain-expiry After you have edited this file make sure to add it to a daily crontab. We don’t check the every check cycle since you’d probably get blocked due to high requests.
MORE →

Systemctl edit stdin/file

MORE →

acme.sh with haproxy

MORE →

Install Duplicati as Windows Service

Here’s how to install Duplicati as a Windows Service 1. Download Duplicati from [HERE](https://www.duplicati.com/download). 2. During install don't mark "Auto Start up" option 3. Open CMD as admin * Search for CMD * Right click on CMD * Click "Run as admin" 4. Navigate to the installation folder in CMD (this should be the same as long as you left it as default) * `cd "C:\Program Files\Duplicati 2\` 5. Now we will install the service * `.
MORE →

Remote shell access to Windows machine on Domain

This seems to be just like connecting via SSH to a Linux machine, but with Windows. I’ve only tested with Windows 10, but it works great. Download PSEX HERE. Extract ZIP wherever (I like to use 7zip). CD to that location via CMD as domain admin (this is assuming domain environment, run CMD as administrator by right clicking, then run as administrator) Run the following .PsExec.exe \PCnameORip cmd.exe You are now in a remote shell You can also use winrs as well
MORE →

Download Win10 iSO

MORE →

Default user for WSL OS on Windows 10

1. Open a command prompt or PowerShell. (You shouldn’t run as admin since this is based for the specific user). 2. Copy and paste the command below into the command prompt or PowerShell for the .exe file of the WSL distro name (ex: “Debian”) you want to set the default user for, and press Enter. (You can replace root with any user you’d like) [Ubuntu] > ubuntu config --default-user root
MORE →

Send email using postfix

There’s many times when I want to send an email for testing using postfix and I can never remember how to do it. Here is how.This is super useful to make sure your SMTP relay thru AWS/Postmark is working as it should. Then you can tail /var/log/mail.log to see if it worked or if it got rejected for whatever reason. First type the following to start sendmail sendmail [email protected] Now we can type in or paste the following
MORE →

Access IPMI if IP is not in ACL

MORE →

Apple cash not verifying

So I finally switched to iPhone and ordered an Apple Credit Card (I love this thing). The cash back is put on you Apple Cash account, if your account can’t be verified than you don’t get the cash back. So I started the process of verifying my account. I put in my First Name, Last Name, Middle Name, and full address. Well they need you to use the address that’s on you’re license, makes sense, but I just moved so I used the incorrect one.
MORE →

acme.sh/LetsEncrypt with 301 https redirect

MORE →

Limit email/hour for just one domain on an account (addon, park, or sub domain).

MORE →

Create cPanel WHM session from CLI

MORE →