I’ve the following setup:
network-0 – 192.168.2.11 (real)
network-1 – 192.168.2.12 (real)
I want to add “network” as 192.168.2.10 as the floating address. I’ll need to do the following to both network-0 and network-1
Continue reading “Setup Keepalived for VRRP instead of ucarp” »
Connection time out!!!! So boring nah?
I can’t figure out where the problem is. It works and then couple of hours later I’d come back and it keeps on loading forever. SSH works fine, can SSH into containers as well. Just the GUI doesn’t work. Tried full upgrade. Checked for network conflicts, doesn’t seem to be any.
Here’s the tidbit solution to this probelm like similar (BTW works on PVE 6/7 version apparent)-
If browser refresh doesn’t work, then please post the output:
apt update apt full-upgrade pveversion -v
Then Run
apt install --reinstall pve-manager proxmox-widget-toolkit systemctl restart pveproxy pvestatd pvedaemon systemctl daemon-reload
#!/bin/bash -x # SSL certificate installation in Zimbra # with SSL certificate provided by Let's Encrypt (letsencrypt.org) # Check if running as root if [ "$(id -u)" != "0" ]; then echo "This script must be run as root" 1>&2 exit 1 fi read -p 'letsencrypt_email [mail@server]: ' letsencrypt_email read -p 'mail_server_url [mail.server]: ' mail_server_url # Check All variable have a value if [ -z $mail_server_url ] || [ -z $letsencrypt_email ] then echo run script again please insert all value. do not miss any value else # Installation start # Stop the jetty or nginx service at Zimbra level su - zimbra -c 'zmproxyctl stop' su - zimbra -c 'zmmailboxdctl stop' # Install git and letsencrypt cd /opt/ apt-get install git git clone https://github.com/letsencrypt/letsencrypt cd letsencrypt # Get SSL certificate ./letsencrypt-auto certonly --standalone --non-interactive --agree-tos --email $letsencrypt_email -d $mail_server_url --hsts cd /etc/letsencrypt/live/$mail_server_url cat <<EOF >>chain.pem -----BEGIN CERTIFICATE----- MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/ MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw 7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69 ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5 JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ -----END CERTIFICATE----- EOF # Verify commercial certificate mkdir /opt/zimbra/ssl/letsencrypt cp /etc/letsencrypt/live/$mail_server_url/* /opt/zimbra/ssl/letsencrypt/ chown zimbra:zimbra /opt/zimbra/ssl/letsencrypt/* ls -la /opt/zimbra/ssl/letsencrypt/ su - zimbra -c 'cd /opt/zimbra/ssl/letsencrypt/ && /opt/zimbra/bin/zmcertmgr verifycrt comm privkey.pem cert.pem chain.pem' # Deploy the new Let's Encrypt SSL certificate cp -a /opt/zimbra/ssl/zimbra /opt/zimbra/ssl/zimbra.$(date "+%Y%m%d") cp /opt/zimbra/ssl/letsencrypt/privkey.pem /opt/zimbra/ssl/zimbra/commercial/commercial.key sudo chown zimbra:zimbra /opt/zimbra/ssl/zimbra/commercial/commercial.key su - zimbra -c 'cd /opt/zimbra/ssl/letsencrypt/ && /opt/zimbra/bin/zmcertmgr deploycrt comm cert.pem chain.pem' # Restart Zimbra su - zimbra -c 'zmcontrol restart' # setting auto https redirect cd /opt && touch https-redirect.sh && chown zimbra:zimbra https-redirect.sh && chmod +x https-redirect.sh cat <<EOF >>/opt/https-redirect.sh zmprov ms $mail_server_url zimbraReverseProxyMailMode redirect EOF su - zimbra -c '/opt/https-redirect.sh' rm /opt/https-redirect.sh fi
If you check the above test scenario and try to create DBs on any of the nodes, you would see that the data would automatically sync between the nodes. Which means Availability is achieved. Now to achieve high availability we will use HaProxy as the loadbalancer.
Set up another VM for this and install HAProxy as follows.
sudo apt-get update sudo apt-get install haproxy
Edit HA Proxy Config as follows.
sudo vim /etc/haproxy/haproxy.cfg
Add the following lines. Continue reading “Setup HAProxy Load Balancer for MariaDB Galera Cluster” »
MariaDB Galera Cluster is a synchronous multi-master cluster for MariaDB with support for XtraDB/InnoDB storage engines. It has the following top features.
sudo apt update && sudo apt -y upgrade sudo reboot
Setup Hostnames
Here’re the IP plans of my servers-
Continue reading “MariaDB Galera Cluster on Ubuntu 20” »
Found this lovely code base (that actually worked) on github, supported on a debian 10/11 or ubuntu 20+ versions-
The script (jitsi_setup.sh) can be used to install stable version of all 3 on a stand-alone server. This is simply a script version of quick-install document at https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-quickstart
It Installs below mentioned software:
nginx, prosody, jitsi-meet-prosody, jitsi-meet, jitsi-meet-web, jitsi-meet-web-config, jitsi-meet-turnserver, jicofo, jitsi-videobridge2
Below are optional, will be installed only if opted for:
jigasi (https://github.com/jitsi/jigasi)
jibri (https://github.com/jitsi/jibri)
Also has option for configuring:
Continue reading “Installer for jitsi-meet, jigasi and jibri” »
* Note: If your cdrom device is not acd0, check the bootup messages for the proper device.
If you deploy pfSense on a XenServer, you may be shocked at the performance loss-specially on interface speed! But wait, there are some tweaks to make this usable.
Installing pfSense
Go ahead and setup pfSense like normal, and when you are done, perform the following tweaks. (the day till it’s tested on pfsense version 2.5.2 and xen on scp-ng 8.1)
XenServer tweaks
Find UUID for the pfSense VM you just installed.
xe vm-list
You should get something like the following
uuid ( RO) : b435d920-eb22-b45d-5058-091619ed427f name-label ( RW): pfSense power-state ( RO): running uuid ( RO) : 42626f69-6185-4aa6-a125-839700f96828 name-label ( RW): Control domain on host: xenserver-000 power-state ( RO): running
We want the UUID of the instance running pfSense, b435d920-eb22-b45d-5058-091619ed427f in this case. Continue reading “Running pfSense in a XenServer with xenguest” »
Getting Started
First, it is recommended to update and upgrade all your software packages to the latest version. You can update all of them by running the following command:
apt update -y apt upgrade -y
Once all the packages are updated, install other required packages with the following command:
apt install g++ flex bison curl apache2-dev doxygen libyajl-dev ssdeep liblua5.2-dev libgeoip-dev libtool dh-autoreconf libcurl4-gnutls-dev libxml2 libpcre++-dev libxml2-dev git liblmdb-dev libpkgconf3 lmdb-doc pkgconf zlib1g-dev libssl-dev -y
Once you are done, you can proceed to the next step.
Install ModSecurity on Ubuntu 22.04
By default, the ModSecurity package is not included in the Ubuntu default repository. So you will need to compile it from the source.
First, download the latest version of ModSecurity with the following command:
wget https://github.com/SpiderLabs/ModSecurity/releases/download/v3.0.8/modsecurity-v3.0.8.tar.gz
Once the download is completed, extract the downloaded file with the following command:
tar -xvzf modsecurity-v3.0.8.tar.gz
Next, navigate to the extracted directory and configure it with the following command: Continue reading “Build WAF with Reverse Proxy Load Balancer using Nginx” »
