Setup Keepalived for VRRP instead of ucarp

I’ve the following setup:

network-0 – (real)
network-1 – (real)

I want to add “network” as as the floating address.  I’ll need to do the following to both network-0 and network-1

  • Install keepalived
  • Configure keepalived
  • Start keepalived
  • Set keepalived to start at boot.

Continue reading “Setup Keepalived for VRRP instead of ucarp” »


Proxmox GUI webpage stuck on loading

Connection time out!!!! So boring nah?

I can’t figure out where the problem is. It works and then couple of hours later I’d come back and it keeps on loading forever. SSH works fine, can SSH into containers as well. Just the GUI doesn’t work. Tried full upgrade. Checked for network conflicts, doesn’t seem to be any.

Here’s the tidbit solution to this probelm like similar (BTW works on PVE 6/7 version apparent)-

If browser refresh doesn’t work, then please post the output:

apt update
apt full-upgrade
pveversion -v

Then Run

apt install --reinstall pve-manager proxmox-widget-toolkit
systemctl restart pveproxy pvestatd pvedaemon
systemctl daemon-reload

Zimbra Let’s Encrypt SSL Script

#!/bin/bash -x

# SSL certificate installation in Zimbra
# with SSL certificate provided by Let's Encrypt (

# Check if running as root
if [ "$(id -u)" != "0" ]; then
echo "This script must be run as root" 1>&2
exit 1

read -p 'letsencrypt_email [mail@server]: ' letsencrypt_email
read -p 'mail_server_url [mail.server]: ' mail_server_url

# Check All variable have a value
if [ -z $mail_server_url ] || [ -z $letsencrypt_email ]
echo run script again please insert all value. do not miss any value

# Installation start
# Stop the jetty or nginx service at Zimbra level
su - zimbra -c 'zmproxyctl stop'
su - zimbra -c 'zmmailboxdctl stop'

# Install git and letsencrypt
cd /opt/
apt-get install git
git clone
cd letsencrypt

# Get SSL certificate
./letsencrypt-auto certonly --standalone --non-interactive --agree-tos --email $letsencrypt_email -d $mail_server_url --hsts
cd /etc/letsencrypt/live/$mail_server_url
cat <<EOF >>chain.pem

# Verify commercial certificate
mkdir /opt/zimbra/ssl/letsencrypt
cp /etc/letsencrypt/live/$mail_server_url/* /opt/zimbra/ssl/letsencrypt/
chown zimbra:zimbra /opt/zimbra/ssl/letsencrypt/*
ls -la /opt/zimbra/ssl/letsencrypt/
su - zimbra -c 'cd /opt/zimbra/ssl/letsencrypt/ && /opt/zimbra/bin/zmcertmgr verifycrt comm privkey.pem cert.pem chain.pem'

# Deploy the new Let's Encrypt SSL certificate
cp -a /opt/zimbra/ssl/zimbra /opt/zimbra/ssl/zimbra.$(date "+%Y%m%d")
cp /opt/zimbra/ssl/letsencrypt/privkey.pem /opt/zimbra/ssl/zimbra/commercial/commercial.key
sudo chown zimbra:zimbra /opt/zimbra/ssl/zimbra/commercial/commercial.key
su - zimbra -c 'cd /opt/zimbra/ssl/letsencrypt/ && /opt/zimbra/bin/zmcertmgr deploycrt comm cert.pem chain.pem'

# Restart Zimbra
su - zimbra -c 'zmcontrol restart'

# setting auto https redirect
cd /opt && touch && chown zimbra:zimbra && chmod +x
cat <<EOF >>/opt/
zmprov ms $mail_server_url zimbraReverseProxyMailMode redirect
su - zimbra -c '/opt/'
rm /opt/

Setup HAProxy Load Balancer for MariaDB Galera Cluster

If you check the above test scenario and try to create DBs on any of the nodes, you would see that the data would automatically sync between the nodes. Which means Availability is achieved. Now to achieve high availability we will use HaProxy as the loadbalancer.

Set up another VM for this and install HAProxy as follows.

sudo apt-get update
sudo apt-get install haproxy

Edit HA Proxy Config as follows.

sudo vim /etc/haproxy/haproxy.cfg

Add the following lines. Continue reading “Setup HAProxy Load Balancer for MariaDB Galera Cluster” »


MariaDB Galera Cluster on Ubuntu 20

MariaDB Galera Cluster is a synchronous multi-master cluster for MariaDB with support for XtraDB/InnoDB storage engines. It has the following top features.

  • It provides active-active multi-master topology
  • You can read and write to any cluster node
  • It has an automatic node joining
  • Automatic membership control, failed nodes drop from the cluster
  • Has true parallel replication, on row level
  • Direct client connections
sudo apt update && sudo apt -y upgrade
sudo reboot

Setup Hostnames

Here’re the IP plans of my servers-

Continue reading “MariaDB Galera Cluster on Ubuntu 20” »


Installer for jitsi-meet, jigasi and jibri

Found this lovely code base (that actually worked) on github, supported on a debian 10/11 or ubuntu 20+ versions-

The script ( can be used to install stable version of all 3 on a stand-alone server. This is simply a script version of quick-install document at

It Installs below mentioned software:

nginx, prosody, jitsi-meet-prosody, jitsi-meet, jitsi-meet-web, jitsi-meet-web-config, jitsi-meet-turnserver, jicofo, jitsi-videobridge2

Below are optional, will be installed only if opted for:

jigasi (
jibri (

Also has option for configuring:

  • secure domain (
  • jigasi authentication (find it towards the end of secure domain link)
  • transcription(Google/Vosk) (
  • Etherpad (

Continue reading “Installer for jitsi-meet, jigasi and jibri” »


Running pfSense in a XenServer with xenguest

If you deploy pfSense on a XenServer, you may be shocked at the performance loss-specially on interface speed! But wait, there are some tweaks to make this usable.

Installing pfSense

Go ahead and setup pfSense like normal, and when you are done, perform the following tweaks. (the day till it’s tested on pfsense version 2.5.2 and xen on scp-ng 8.1)

XenServer tweaks

Find UUID for the pfSense VM you just installed.

xe vm-list

You should get something like the following

uuid ( RO) : b435d920-eb22-b45d-5058-091619ed427f
name-label ( RW): pfSense
power-state ( RO): running

uuid ( RO) : 42626f69-6185-4aa6-a125-839700f96828
name-label ( RW): Control domain on host: xenserver-000
power-state ( RO): running

We want the UUID of the instance running pfSense, b435d920-eb22-b45d-5058-091619ed427f in this case. Continue reading “Running pfSense in a XenServer with xenguest” »


Build WAF with Reverse Proxy Load Balancer using Nginx

Getting Started

First, it is recommended to update and upgrade all your software packages to the latest version. You can update all of them by running the following command:

apt update -y
apt upgrade -y

Once all the packages are updated, install other required packages with the following command:

apt install g++ flex bison curl apache2-dev doxygen libyajl-dev ssdeep liblua5.2-dev libgeoip-dev libtool dh-autoreconf libcurl4-gnutls-dev libxml2 libpcre++-dev libxml2-dev git liblmdb-dev libpkgconf3 lmdb-doc pkgconf zlib1g-dev libssl-dev -y

Once you are done, you can proceed to the next step.

Install ModSecurity on Ubuntu 22.04

By default, the ModSecurity package is not included in the Ubuntu default repository. So you will need to compile it from the source.

First, download the latest version of ModSecurity with the following command:


Once the download is completed, extract the downloaded file with the following command:

tar -xvzf modsecurity-v3.0.8.tar.gz

Next, navigate to the extracted directory and configure it with the following command: Continue reading “Build WAF with Reverse Proxy Load Balancer using Nginx” »