Clear PageCache only
# sync; echo 1 > /proc/sys/vm/drop_caches
Clear dentries and inodes
# sync; echo 2 > /proc/sys/vm/drop_caches
Clear PageCache, dentries and inodes
# sync; echo 3 > /proc/sys/vm/drop_caches
Seperate Private Key and Certificate file
#Generate certificates bundle file
openssl pkcs12 -nokeys -in server-cert-key-bundle.p12 -out server-ca-cert-bundle.pem
#Generate server key file.
openssl pkcs12 -nocerts -nodes -in server-cert-key-bundle.p12 -out server.key
Convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM
openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes
Create a .pfx/.p12 certificate file using OpenSSL
openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt
Src: https://www.sslshopper.com/article-most-common-openssl-commands.html
Allow IP forwarding
(Note: if your testing this on the same box your doing this on it won’t work, you need at least 3 machines to test this out, virtual ones work nicely)
First we enable ipv4 forwarding or this will not work:
# echo "1" > /proc/sys/net/ipv4/ip_forward
XOR
# sysctl net.ipv4.ip_forward=1
next we add a filter that changes the packets destination ip and allows us to masquerade:
# iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 10.0.0.3:80 # iptables -t nat -A POSTROUTING -j MASQUERADE
The above filter gets added to iptables PREROUTING chain. The packets first go through the filters in the PREROUTING chain before iptables decides where they go. The above filter says all packets input into eth0 that use tcp protocol and have a destination port 80 will have their destination address changed to 1.2.3.4 port 80. The DNAT target in this case is responsible for changing the packets Destination IP address. Variations of this might include mapping to a different port on the same machine or perhaps to another interface all together, that is how one could implement a simple stateful vlan (in theory). Continue reading “Stateful Load Balancer with iptables and NAT” »
For example, you need to assign the IP range 192.168.10.6 – 192.168.10.100 to your eth0 interface.
Create a range file in /etc/sysconfig/network-scripts/ifcfg-eth0-range0 as below
DEVICE=eth0 BOOTPROTO=static IPADDR_START=192.168.10.6 IPADDR_END=192.168.10.100 NETMASK=255.255.255.0 CLONENUM_START=1 ONBOOT=yes TYPE=Ethernet
CLONENUM_START is the number that will be assigned to the first IP alias interface (eth0:1 in this example).
If you need to add more ranges of IPs then just use a different file for eg. ifcfg-eth0-range1, for each one of the ranges. Make sure CLONENUM_START does not overwrite other aliases.
Once you have configured the range/s of IPs you just need to restart the network service in order to activate it
This guide assumes you’ve set up a Ubuntu 14.04 server and have MYSQL up and running. This guide uses the “PHPMyAdmin” from the “One Click Apps” available on Digital Ocean running on a vps running Ubuntu 16.04. The smallest memory (512mb) should be enough to get you up and running.
If you don’t have a Digital Ocean account (you should, they’re a great service) get one here.
Step 1: Update Package Manager
ssh root@YOUR-IP
Note: If this is the first time you’ve logged into your vps, you will be asked to change the password from the one emailed to you when you created your vps. This is fairly self explanatory, simply follow the prompts.
Update your package manager:
sudo apt-get update
Step 2: Install Some PHP Modules
We need to install a few PHP modules that CakePHP uses. Namely the curl, zip, intl and sqlite modules. Continue reading “Install CakePHP 3 On Ubuntu 16.04” »
The OVA file is nothing more than a TAR archive, containing the .OVF and .VMDK files. Easy!
Using Evergreen ILS for example:
~ $ file Evergreen_trunk_Squeeze.ova
Evergreen_trunk_Squeeze.ova: POSIX tar archive (GNU). I’ts possible to use the tar command to list the contents
~ $ tar -tf Evergreen_trunk_Squeeze.ova Evergreen_trunk_Squeeze.ovf Evergreen_trunk_Squeeze-disk1.vmdk
Simply extract those things…
~ $ tar -xvf Evergreen_trunk_Squeeze.ova Evergreen_trunk_Squeeze.ovf Evergreen_trunk_Squeeze-disk1.vmdk
Continue reading “Converting OVA for use with KVM / QCOW2” »
Installing Smokeping on Ubuntu used to be a total breeze. Since 14.04 however, it’s been a bit of a mission.
This guide assumes a fresh out of the box Ubuntu install. I’m using the 64bit Server variety, but this should work on any 14.04 system.
UPDATE – It also works perfectly on Ubuntu 16.04 LTS Server :~)
Step 1: install smokeping (and you’re done).
sudo apt-get install smokeping -y
Step 2: normally, you’d be done by now.. But things have changed.
sudo nano /etc/smokeping/config.d/pathnames
You’re going to want to go into the pathnames file and comment out the line about mail. Setting up mail to work with smokeping is outside the scope of this post. Because I’m lazy.
Do this:
#sendmail = /usr/sbin/sendmail
Then hit CTRL-O, Enter, CTRL-X. That’s how you save a file in Nano, I won’t stick that bit in again. Continue reading “Installing Smokeping on Ubuntu 14.04 LTS” »
Add the epel repository and update everything.
yum -y install epel-release nano && yum -y update
Populate the yum repo with the mongodb-org repository
nano /etc/yum.repos.d/mongodb-org.repo
Paste this into the new file:
[mongodb-org] name=MongoDB Repository baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.6/x86_64/ gpgcheck=1 enabled=1 gpgkey=https://www.mongodb.org/static/pgp/server-3.6.asc
To write and save do:
CTRL-O, CTRL-X
Now we need to install our dependencies from yum:
yum install -y nodejs curl GraphicsMagick npm mongodb-org-server mongodb-org gcc-c++
Now that we have Node.js and npm installed, we need to install a few more dependencies:
npm install -g inherits n
The recommended Node.js version for using Rocket.Chat is 8.9.3. Using n we are going to install that version:
n 8.9.3
Installing Rocket.Chat
Now we download and install Rocket.Chat
cd /opt curl -L https://releases.rocket.chat/latest/download -o rocket.chat.tar.gz tar zxvf rocket.chat.tar.gz mv bundle Rocket.Chat cd Rocket.Chat/programs/server npm install cd ../..
You can set PORT, ROOT_URL and MONGO_URL: Continue reading “Install Rocket Chat on Centos 7with Jitsi Video Conferencing” »
In the event your Linux box experiences disk or file system issues you may receive a “Give root password for maintenance” prompt upon reboot. If you have your root password you can login but in the event your using ‘slide’ or ‘sudo’ for wheel access or you’ve just mis-placed your root password – you’ll need to reset it.
To reset your root password:
Cacti is a free and open source network monitoring and graphing tool written in PHP. With the help of RRDtool (Round-Robin database tool), Cacti can be used to provide various useful features, including remote and local data collectors, graph templating, network discovery, device management automation, etc.
Prerequisites
A fresh CentOS 7 x64 server instance. Say its IP address is 1.2.3.4.
A sudo user.
The server instance has been updated to the latest stable status using the EPEL YUM repo.
Step 1: Setup an up to date LAMP stack
Before you can properly install and run Cacti, you need to setup a LAMP stack or an equivalent web operating environment.
The following will set up an up to date LAMP stack for Cacti, which consists of CentOS 7, Apache 2.4, MariaDB 10.2, and PHP 7.1
# Install Apache 2.4 sudo yum install httpd -y sudo sed -i 's/^/#&/g' /etc/httpd/conf.d/welcome.conf sudo sed -i "s/Options Indexes FollowSymLinks/Options FollowSymLinks/" /etc/httpd/conf/httpd.conf sudo systemctl start httpd.service sudo systemctl enable httpd.service
Continue reading “Install Cacti 1.1 on CentOS 7” »
My ZImbra 8.6 was throwing the following error once after my letsencrypt SSL got expired:
Unable to start TLS: SSL connect attempt failed error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed when connecting to ldap master.Cannot determine services - exiting
The Fix:
In order to fix the problem you need to modify the following parameters as Zimbra user:
zmlocalconfig -e ldap_starttls_required=false zmlocalconfig -e ldap_starttls_supported=0
Then restart zimbra by using
zmcontrol restart
Hope it’ll restarted
Let’s Begin:
This works if you already have an expired letsencrypt ssl certificate and assuming you have already deployed SSL in you zimbra system. However, if you come up here already, and would like to know how to setup letsencrypt on your system you may read my other article here:
https://tweenpath.net/installing-encrypt-zimbra-server/
Log on Zimbra user then stop proxy and mail box service for renew proccess.
su zimbra zmproxyctl stop zmmailboxdctl stop
Then return root user and renew Letsencrypt certificate
exit
letsencrypt renew: Change directory to Zimbra Letsecnrpyt SSL folder Continue reading “Zimbra Letsencrypt SSL Renew – Zimbra 8.6” »
