Posts for: #Servers

rsync Fun

Only copy specific file extentions in folder rsync -a --include '*/' --include '*.mp3' --exclude '*' source/ target/ Speed up rsync over SSH without needed to change any configs. arcfour is faster, but no longer enabled by default meanwhile aes128-ctr is rsync -avhP -e "ssh -c aes128-ctr" /src/ user@ip:/dst/ rsync ssh with non standard port rsync -avhP -e "ssh -p number" /src/ user@ip:/dst/ rsync ssh with non standard port and show full progress
MORE →

Headscale with Android

I based this post on HERE Just for reference, the things I did to make it work: git clone https://github.com/tailscale/tailscale-android.git nano tailscale-android/cmd/tailscale/backend.go change: func (b *backend) Start(notify func(n ipn.Notify)) error { b.backend.SetNotifyCallback(notify) return b.backend.Start(ipn.Options{ StateKey: "ipn-android", }) } to: func (b *backend) Start(notify func(n ipn.Notify)) error { b.backend.SetNotifyCallback(notify) prefs := ipn.NewPrefs() prefs.ControlURL = "https://myheadscale.domain.com" opts := ipn.Options{ StateKey: "ipn-android", UpdatePrefs: prefs, } return b.backend.Start(opts) } nano Dockerfile Add the below to the file:
MORE →

Resolvconf BS

Install resolvconf sudo apt install resolvconf Edit the base file with what you want to always be in the file sudo nano /etc/resolvconf/resolv.conf.d/base Have resolvconf rebuild the base sudo resolvconf -u
MORE →

SystemD Fun

Show logs from when systemd service last restarted. (This needs systemd > v232) journalctl _SYSTEMD_INVOCATION_ID=$(systemctl show -p InvocationID --value SERVICE_NAME.service) | head -n15 NFS Mount with NFS and /etc/fstab From all of my reading over the years it’s always been said to add _netdev to the /etc/fstab mount, but that never worked for me. After more reading it appears that was for SystemV which is dead. I figured it out after much Googleing.
MORE →

SSH Cheatsheet

Connect via SSH client with a different user by default nano ~/.ssh/config Add the following to the file above: Host * User DEFAULT_USER Force Password auth ssh -o PreferredAuthentications=password -o PubkeyAuthentication=no user@host
MORE →

Docker and UFW

For UFW and Docker I use a program called UFW-Docker To use it do the following: wget -O /usr/local/bin/ufw-docker https://github.com/chaifeng/ufw-docker/raw/master/ufw-docker chmod +x /usr/local/bin/ufw-docker ufw-docker install Allow tailscale VPN to all docker containers This is based on the issue HERE ufw route allow from 100.64.0.0/10 to any You should now be good to accept anything from the tailscale network
MORE →

Headscale with Windows

This is how to get the Windows client with headscale. I’m happy to finaly get it working. Headscales docs are HERE, but I’m adding some more info since I wasn’t able to get it to work the first time If you’ve already installed tailscale on the machine make sure to delete the C:\Users\<USERNAME>\AppData\Local\Tailscale directory Download the Official Windows Client HERE and install it. You can either do option A or B Option A Manually edit the registry
MORE →

tmux Fun

By default the prefix is Ctrl+B for tmux How to save pane to file Use prefix + : We need to puts those lines into a buffer by typing in capture-pane -S -150 | Replace -150 with however many lines you’d like to save, or - for all lines. Hit return (enter) Now we have to save the buffer to a file by doing the following prefix + : Type in save-buffer filename.
MORE →

Autorestic Fun

Install autorestic with the below curl https://raw.githubusercontent.com/cupcakearmy/autorestic/master/install.sh | bash Now we install the config with the below cat <<EOF > /root/.autorestic.yml version: 2 global: forget: keep-daily: 5 keep-weekly: 15 keep-monthly: 15 backends: storj: type: s3 path: https://gateway.us1.storjshare.io/bucket.name.here env: aws_access_key_id: aws_secret_access_key: backblaze: type: s3 path: https://s3.us-west-002.backblazeb2.com/bucket-name-here env: aws_access_key_id: aws_secret_access_key: locations: root: from: - / to: - storj - backblaze options: backup: exclude: - /dev - /media - /mnt - /proc - /run - /sys - /tmp - /var/tmp - /var/lib/mysql - /swap* EOF Now autorestic is installed
MORE →

DynamicDNS with Cloudflare bash

Here is a bash script I use to update DDNS with CloudFlare, I could use ddclient, but I like this it works for me apt -y install dnsutils jq curl #!/usr/bin/env bash # A bash script to update a Cloudflare DNS A record with the external IP of the source machine # Used to provide DDNS service for my home # Needs the DNS record pre-creating on Cloudflare ## Based on https://gist.
MORE →

Watchtower fun

Watchtower fun with gotify for notifications mkdir -p /opt/watchtower && cd /opt/watchtower version: "3" services: watchtower: image: containrrr/watchtower volumes: - /var/run/docker.sock:/var/run/docker.sock environment: - WATCHTOWER_CLEANUP=true #- WATCHTOWER_LABEL_ENABLE=true - WATCHTOWER_INCLUDE_RESTARTING=true - WATCHTOWER_NOTIFICATIONS=gotify - WATCHTOWER_NOTIFICATION_GOTIFY_URL=https://push.domain.com - WATCHTOWER_NOTIFICATION_GOTIFY_TOKEN= - TZ=America/New_York #- WATCHTOWER_POLL_INTERVAL=86400 - WATCHTOWER_HTTP_API_METRICS=true - WATCHTOWER_HTTP_API_TOKEN= - WATCHTOWER_SCHEDULE=0 0 0 * * * restart: unless-stopped
MORE →

Gitea Auth using Authentik Proxy Outpost

RIGHT NOW GITEA KEEPS LOGGED IN AS FIRST USER SO IT’S NOT PERFECT, THERE’S A KNOWN ISSUE We need to update the logout button to the authentik logout URL: wget -O /var/lib/gitea/custom/templates/base/head_navbar.tmpl https://raw.githubusercontent.com/go-gitea/gitea/main/templates/base/head_navbar.tmpl Replace the old logout URL with the new: sed -i 's#/user/logout#/akprox/sign_out#g' /var/lib/gitea/custom/templates/base/head_navbar.tmpl I did notice when replacing the URL to logout it doesn’t directly log you out, but will be logged out next time you try to do anything Now it’s time to config gitea; nano /etc/gitea/app.
MORE →

Grafana Auth using Authentik Proxy Outpost

nano /etc/grafana/grafana.ini [auth.proxy] # Defaults to false, but set to true to enable this feature enabled = true # HTTP Header name that will contain the username or email header_name = X-authentik-username # HTTP Header property, defaults to `username` but can also be `email` header_property = username # Set to `true` to enable auto sign up of users who do not exist in Grafana DB. Defaults to `true`. auto_sign_up = false # Define cache time to live in minutes # If combined with Grafana LDAP integration it is also the sync interval sync_ttl = 60 # Limit where auth proxy requests come from by configuring a list of IP addresses.
MORE →

rPiBoot Fun

First you can download the intstaller for rpiboot for Windows from github at HERE Then I always prefer Debian which can be found HERE I’m using the DF Robot Router Board from HERE Huge shoutout and thanks to Jeff Geerling for the board. To get the CM4 into rpiboot mode you have to switch the little switch on the DF Robot Board labeled RPIBOOT to 1 Now you have to install the program, then open up rpiboot and let it do it’s thing then it’ll be mounted
MORE →

Rundeck fun

nano docker-compose.yaml version: '3' services: rundeck: image: 'rundeck/rundeck:3.4.8' restart: unless-stopped environment: RUNDECK_GRAILS_URL: 'https://rundeck.domain.com' RUNDECK_SERVER_FORWARDED: 'true' RUNDECK_DATABASE_DRIVER: org.mariadb.jdbc.Driver RUNDECK_DATABASE_USERNAME: rundeck RUNDECK_DATABASE_PASSWORD: rundeck RUNDECK_DATABASE_URL: jdbc:mysql://mysql/rundeck?autoReconnect=true&useSSL=false ports: - 127.0.0.1:4440:4440 volumes: - ./data/data:/home/rundeck/server/data - ./data/projects:/home/rundeck/projects - ./data/realm.properties:/home/rundeck/server/config/realm.properties depends_on: - "mysql" mysql: image: mysql:5.7 restart: unless-stopped environment: - MYSQL_ROOT_PASSWORD=root - MYSQL_DATABASE=rundeck - MYSQL_USER=rundeck - MYSQL_PASSWORD=rundeck volumes: - ./data/db:/var/lib/mysql First you’ll want to comment out - ./data/realm.properties:/home/rundeck/server/config/realm.properties then docker exec -it rundeck_rundeck_1 cat /home/rundeck/server/config/realm.properties > ./data/realm.properties to get the file.
MORE →

Usenet Basics

Here’s a quick rundown of how usenet works: The three things required are a server, indexer, and downloaders. Server: Where you download the articles from. (Eweka, SuperNews) Indexer: A search engine for the usenet servers. (NZBGeek, NZBCat, DogNZB) Downloader: This is used to download and extract the files since they are put into RAR files. (NZBGet, SABnzbd) Arr software searches via the indexer which then sends the .nzb file to the downloader.
MORE →

Headscale Notes

Client DNS If you don’t want to use magic DNS like myself. I was having issues with it so I did this. Add the following to ~/.bashrc this will allow you to SSH to clients in the following way tailssh $USER $HOSTNAME you can also just run tailssh and that will show you all of the servers function tailssh () { if [[ -z $1 ]] && [[ -z $2 ]]; then tailscale status | grep -v 'filter/INPUT' | column -t else host=$(tailscale status | grep $2 | awk '{ print $1 }') ssh ${1}@${host} fi } Now we need to install column apt install bsdmainutils
MORE →

How to set up Headscale

Here I will walk you through setting up Headscale Create Directories mkdir -p /opt/headscale/config /opt/headscale/bin Install Reqs apt install -y wireguard-tools nginx apt-transport-https Generate Key wg genkey > /opt/headscale/config/private.key Download newest release from HERE wget https://github.com/juanfont/headscale/releases/download/v0.15.0-beta5/headscale_0.15.0-beta5_linux_amd64 -O /opt/headscale/bin/headscale Add headscale ~/.bashrc echo PATH=$PATH:/opt/headscale/bin >> ~/.bashrc Source the new PATH source ~/.bashrc Create config Create a config in /opt/headscale/config/config.yml nano config.yaml --- # The url clients will connect to. # Typically this will be a domain.
MORE →

Apaches Alias with ProxyPass

I was trying to get an alias to work with a ProxyPass. This is pretty easy in NGiNX you just add locations where they need to be, but it appears in Apache/HTTPD you have to specify to ignore the location without the ProxyPass Module The below needs to be added into your VirtualHost. This specific use was for the AppRise_API server Alias "/s" "/opt/apprise/server/apprise_api/static" <Directory "/opt/apprise/server/apprise_api/static"> AllowOverride None Require all granted </Directory> ReWriteEngine on ProxyPassMatch ^/s !
MORE →

Access IPMI if IP is not in ACL

If you ever run into a scenario where you have an ACL in place, but can’t get on the IP that’s in the ACL and you have ssh access, the following will work well. You have to do a partial factory reset which resets everything other than the networking. The default creds are ADMIN/ADMIN. Make sure to change those as soon as you’re logged in. ipmitool raw 0x3c 0x40
MORE →

Limit email/hour for just one domain on an account (addon, park, or sub domain).

Sometimes you have an email account and you want to edit the email/hour for only one of the domain on the account, here is how to do that. SSH to the server ssh domainHere.com Edit the file /var/cpanel/users/userAccount file Add or Edit a line like this MAX_EMAIL_PER_HOUR-domainHere.com=100 Replace domainHere.com with the domain name in question, and 100 with the number of emails per hour you wish to allow. Save the file and run /usr/local/cpanel/scripts/updateuserdomains
MORE →

Comments: