Administrations

413 Request Entity Too Large

by

If you’re getting 413 Request Entity Too Large errors trying to upload with nginx.net/, you need to increase the size limit in nginx.conf . Add ‘client_max_body_size xxM’ inside the server section, where xx is the size (in megabytes) that you want to allow.

http {
 include mime.types;
 default_type application/octet-stream;
 sendfile on;
 keepalive_timeout 65;
server {
 client_max_body_size 20M;
 listen 80;
 server_name localhost;
# Main location
 location / {
 proxy_pass http://127.0.0.1:8000/;
 }
 }
}
Share

Understanding NAT, Direct Routing & Tunneling

by

Virtual Server via NAT
The advantage of the virtual server via NAT is that real servers can run any operating system that supports TCP/IP protocol, real servers can use private Internet addresses, and only an IP address is needed for the load balancer.

The disadvantage is that the scalability of the virtual server via NAT is limited. The load balancer may be a bottleneck of the whole system when the number of server nodes (general PC servers) increase to around 20 or more, because both the request packets and response packets are need to be rewritten by the load balancer. Supposing the average length of TCP packets is 536 Bytes, the average delay of rewriting a packet is around 60us (on Pentium processor, this can be reduced a little by using of higher processor), the maximum throughput of the load balancer is 8.93 MBytes/s. Assuming the average throughput of real servers is 400Kbytes/s, the load balancer can schedule 22 real servers.

Read more

Share

Testing Freeradius of Pfsense

by

FreeRADIUS offers an easy to use command line tool to check if the server is running and listening to incoming requests. Aninterface, a NAS/Client and a user must all be configured:

  • Add a User with the following configuration:Username: testuser
    Password: testpassword
  • Add a Client/NAS with the following configuration:IP-Address: 127.0.0.1
    Shared Secret: testing123
  • Add an interface with the following configuration:IP-Address: 127.0.0.1
    Interface-Type: Auth
    Port: 1812
  • SSH to the pfSense firewall and type in the following on the command line while FreeRADIUS is running (check before in System Log):
    radtest testuser testpassword 127.0.0.1:1812 0 testing123

The following output should appear if everything was setup correctly:

Read more

Share

Converting laptop into a wifi router

by

Well, first assuming, that the laptop has 2 NIC- one with an ethernet port for wired and the other- of course the Wifi ethernet (without this presume this content won’t exist otherwise 😉 )

Now, the next thing- either you get internet from the wired port or to be in some case, you may connect your android phone as wireless tethering and connect through mobile data service. Whatever the case- you basically got 2 interface for setting up the router- the WAN (either the wired or the mobile tethered connection) and the LAN- the wifi ethernet.

This document works good on Windows 7 and 8 (I didn’t test other editions of windows- hope they support too)

Read more

Share

Understanding RAID

by

I always try to share what I learn, and a few days back was looking for a single page short cut summary notes on various RAID level for the storage units. Found this article quite resourceful and exactly a single paged document that I was looking for.

Now sharing the content for the readers. Enjoy!

RAID 0 (STRIPE)

raid-0 (1)RAID 0 splits data across drives, resulting in higher data throughput. The performance of this configuration is extremely high, but a loss of any drive in the array will result in data loss. This level is commonly referred to as striping.

  • Minimum number of drives required: 2
  • Performance: High
  • Redundancy: Low
  • Efficiency: High

Read more

Share

TeamViewer for Headless Linux Unattended System Access

by

Googled for hours, couldn’t found a solid documentation on this. After many different stitching material- prepared a little moderate installation (at least it worked for me). My Linux OS is Debian 8.x- believe should work in other debian version and Ubuntu as well. But, before continuing this, make sure-

  1. You have a teamviewer account
  2. The workstation (assuming a windows client pc) has a teamviewer client program installed to access the headless remote linux system.

Read more

Share

Nginx- Allow Directory browsing

by

Enabling directory listing in a folder in nginx is simple enough with just an autoindex on;directive inside the location directive. You can also enable sitewide directory listing by putting it in the server block or even enable directory access for all sites by putting it in the http block.

An example config file:

server {
 listen 80;
 server_name domain.com www.domain.com;
 access_log /var/...........................;
 root /path/to/root;
 location / {
 index index.php index.html index.htm;
 }
 location /somedir {
 autoindex on;
 }
}
Share

Understanding Virtualbox network interfaces

by

To create and experiment with all kinds of networks without the risk (or taking the trouble) of creating an actual one. And here is where VirtualBox excels by providing several options for networking out of the box. VirtualBox installs an additional NIC (Network Interface Card) on your host computer to identify itself while communicating with the guest. By default the host gets an IP address of 192.168.56.1. You can change the network modes, IP and other network settings by right-clicking your virtual machine on the left and clicking Settings. These are the networking modes that work with VirtualBox guest computers:

NAT (Default)
Host-only Network (Most secure)
Bridged Network (Least secure)
Internal-Network (Betweeen guests only)
Not Attached (No connectivity, guest isolated)
NAT: By default, the networking mode for your virtual machine is NAT (Network Address Translation) mode. This works something like this:

Read more

Share

NFS fix on LXC Host Server

by

NFS client on LXC seems do not work. Why? The problem is apparmor on the real machine that block any appempt to mount NFS volumes.
In order to try to minimize the security changes on apparmor I add the following lines in/etc/apparmor.d/lxc/lxc-default

# allow nfs mount everywhere

mount fstype=rpc_pipefs, 
mount fstype=nfs,

Then

$ /etc/init.d/apparmor reload

And now I was able to restart nfs-common and nfs-kernel-server without errors !

Update!!!!!

nano /etc/apparmor.d/lxc/lxc-default

Update the file as below-

# Do not load this file. Rather, load /etc/apparmor.d/lxc-containers, which
# will source all profiles under /etc/apparmor.d/lxc

profile lxc-container-default flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/lxc/container-base>

# the container may never be allowed to mount devpts. If it does, it
# will remount the host's devpts. We could allow it to do it with
# the newinstance option (but, right now, we don't).
# deny mount fstype=devpts,

# allow nfs mount everywhere

mount fstype=rpc_pipefs,
mount fstype=nfs,
}

sasasa

Now read the other article on how to connect to NFS server from LXC container

Share

Remote Administering pfsense

by

To open the firewall GUI up completely, create a firewall rule to allow remote firewall administration – do not create a port forward or any other NAT configuration.

Example Firewall Rule Setup

  • Firewall > Rules, WAN Tab
  • Action: pass
  • Interface: WAN
  • Protocol: TCP
  • Source: Any (or restrict by IP/subnet)
  • Destination: WAN Address
  • Destination port range: HTTPS (Or the custom port)
  • Description: Allow remote management from anywhere (Dangerous!)

Read more

Share