XCP-NG few basic command lines- CLI

Run the following command to list VMs and their UUIDs:

xe vm-list resident-on=<uuid_of_host>

Try the shutdown command with force:

xe vm-shutdown uuid=<uuid_of_vm> force=true

Restart the toolstack on the host by using the following command:

xe-toolstack-restart

Restart the host.

shutdown -r now

If the VM is still not shutdown, you might need to destroy the domain. However, the steps given below can cause problems for your VM and should only be done as a last resort.

Read more

Share

Install LetsEncrypt on Debian with Nginx Server

Install Certbot and its Nginx plugin with apt:

sudo apt install certbot python3-certbot-nginx

Certbot provides a variety of ways to obtain SSL certificates through plugins. The Nginx plugin will take care of reconfiguring Nginx and reloading the config whenever necessary. To use this plugin, type the following:

sudo certbot --nginx -d example.com -d www.example.com
Share

Reset XCP-ng root password

The full prodecure can also be found on xcp-ng site.

  • Reboot your XCP-ng into Grub boot menu.
  • Select XCP-ng boot menu entry and press e key to edit boot options.
  • Locate the read-only parameter ro and replace it with rw init=/sysroot/bin/sh.
  • Press Ctrl + X to boot into single-mode.
  • From the Emergency Mode prompt, execute the command chroot /sysroot.
  • Once in single-mode, use passwd command to reset your XCP-ng root password.
  • Reboot XCP-ng by sending Ctrl + Alt + Suppr.
  • If everything went well, you should now be able to login with your new XCP-ng password.
Share

Creating 1:1 NAT using iptables

Its a POC where I needed a 1:1 NAT using  Linux iptables. I used 2 Debian 11 OS for this and here’s the machine IP plans-

  • VM-1: IPTables/NAT Router- 123.45.67.5/24, 123.45.67.6/24 and 192.168.10.5/24
  • VM-2: Backend Server- 192.168.10.6/24 (this VM’s gateway will be 192.168.10.5

On VM-1

Uninstall nftables and its Dependencies

IPtables is being replaced by nftables starting with Debian 10 Buster. Debian 11 comes with nftables framework. To install iptables first we need uninstall nftables and its dependencies. SSH into your server and run the next commands:

# apt-get remove --auto-remove nftables
# apt-get purge nftables

Install IPtables in Debian 11

# apt-get update
# apt-get install iptables

Now we can check the iptables status and list rules. For list all the rules we will use option -L.

Run command:

# iptables -L -v

You will see the output:

As you see on the screenshot just installed iptables firewall and it works. But all chains (INPUT, FORWARD, OUTPUT) are set to ACCEPT, and we have no security rules configured.

Read more

Share

Install LAMP- Apache, PHP 7.4 with Apache Handler on Debian 12

Well, it’s not perfectly a LAMP stack as MySQL and PHPMYadmin are not covered here. But for someone who needs a backward compatible php edition to work on a modern/latest os built.

Step1: Add PHP repository

We’ll use a bash script to add the repository-

#!/bin/sh
# To add this repository please do:

if [ "$(whoami)" != "root" ]; then
SUDO=sudo
fi

${SUDO} apt-get update
${SUDO} apt-get -y install lsb-release ca-certificates curl
${SUDO} curl -sSLo /tmp/debsuryorg-archive-keyring.deb https://packages.sury.org/debsuryorg-archive-keyring.deb
${SUDO} dpkg -i /tmp/debsuryorg-archive-keyring.deb
${SUDO} sh -c 'echo "deb [signed-by=/usr/share/keyrings/deb.sury.org-php.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
${SUDO} apt-get update

Step-2: Install PHP Modules

Install a few dependencies required by this tutorial with the below-mentioned command:

sudo apt install software-properties-common ca-certificates lsb-release apt-transport-https

Install PHP 7.4:

sudo apt install php7.4

if you want to add multiple extensions then include them in braces, I am going to install “php-mbstring, php-mysql, php-xml, and php-curl” by running the below-mentioned command:

sudo apt install php7.4-mysql php7.4-mbstring php7.4-xml php7.4-curl

Src:

How To Install PHP (8.3, 8.2, 7.4) on Ubuntu 22.04


https://packages.sury.org/php/README.txt

Share

Nginx with Let’s Encrypt on Debian 10

Step 1 — Installing Certbot

The first step to using Let’s Encrypt to obtain an SSL certificate is to install the Certbot software on your server.

Installing the python3-certbot-nginx package from the Debian repositories will allow us to install and use Cerbot’s nginx plugin. Working with Python 3 and the python3-certbot-nginx package increases the longevity of our setup: Python 2 will be deprecated by January 2020, so our setup ensures compatibility with Python 3. Debian 10 currently supports both Python 2 and Python 3.

Before installing the python3-certbot-nginx package, update your package list:

sudo apt update

Next, install the dependencies for the python3-certbot-nginx package, which include the python3-acme, python3-certbot, python3-mock, python3-openssl, python3-pkg-resources, python3-pyparsing, and python3-zope.interface packages:

sudo apt install python3-acme python3-certbot python3-mock python3-openssl python3-pkg-resources python3-pyparsing python3-zope.interface

Finally, install the python3-certbot-nginx package:

sudo apt install python3-certbot-nginx

Certbot is now ready to use, but in order for it to configure SSL for Nginx, we need to verify some of Nginx’s configuration.

Read more

Share

Set Up and Use Syncthing to Sync Files on Linux

Syncthing is a powerful, decentralized, open-source file synchronization software that allows users to easily and securely synchronize files between different devices and platforms, including Windows, Linux, macOS, and Android, making it a versatile solution for individuals and organizations. In addition, it uses a peer-to-peer architecture, meaning that files are synchronized directly between devices without relying on a central server, making it a more secure and private option for file syncing.

The Syncthing UI gives users a graphical interface to configure and manage Syncthing instances running on their devices. With it, users can view the status of their synced folders, add or remove devices from the synchronization network, set up advanced synchronization options, and monitor the transfer of files between devices.

The UI is designed to be user-friendly and intuitive, with a clean and easy-to-use interface that makes it easy for users to manage their synchronized files and folders. Furthermore, it is accessible via a web browser so that users can access it from any device with an internet connection. This guide shows you how to set up your Syncthing instances to sync files between them. So let’s get started!

Read more

Share

Create Jellyfin CDN using Nginx

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
worker_connections 768;
# multi_accept on;
}

http {

##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;

include /etc/nginx/mime.types;
default_type application/octet-stream;

##
# SSL Settings
##

ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##

access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;

##
# Gzip Settings
##

gzip on;

# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

##
# Virtual Host Configs
##

include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;

proxy_cache_path /var/www/cache keys_zone=mycache:10m inactive=23h loader_threshold=300 loader_files=4096 max_size=4g;
server {
        listen 80;
        proxy_cache mycache;

        location / {
            proxy_pass http://<jellyfin_server_domain>:8096;
        }

        location /web {
            proxy_pass http://<jellyfin_server_domain>:8096;
            proxy_cache_valid any 1m;
            proxy_cache_min_uses 3;
            proxy_cache_bypass $cookie_nocache $arg_nocache$arg_comment;
        }

location /socket {
        # Proxy Jellyfin Websockets traffic
        proxy_pass http://<jellyfin_server_domain>:8096;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Protocol $scheme;
        proxy_set_header X-Forwarded-Host $http_host;
    }
    }
}

#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
# 
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
# 
# server {
# listen     localhost:110;
# protocol   pop3;
# proxy      on;
# }
# 
# server {
# listen     localhost:143;
# protocol   imap;
# proxy      on;
# }
#}

Src:
https://www.peterbe.com/plog/how-i-simulate-a-cdn-with-nginx
https://docs.nginx.com/nginx/admin-guide/content-cache/content-caching/
https://www.oodlestechnologies.com/dev-blog/creating-custom-cache-server-nginx/
https://dev.to/janreges/how-to-build-a-cdn-23-server-and-reverse-proxy-configuration-16md

Share

Proxmox Firewall Service Disable using Command

Chrooting and then doing:

systemctl disable pve-firewall
systemctl mask pve-firewall

should do the trick. then after rebooting and fixing your config,

systemctl unmask pve-firewall
systemctl enable pve-firewall
systemctl start pve-firewall

Should return to the defaults again.

Ports used by Proxmox VE

  • Web interface: 8006 (TCP, HTTP/1.1 over TLS)
  • VNC Web console: 5900-5999 (TCP, WebSocket
  • SPICE proxy: 3128 (TCP)
  • sshd (used for cluster actions): 22 (TCP)
  • rpcbind: 111 (UDP)
  • sendmail: 25 (TCP, outgoing)
  • corosync cluster traffic: 5405-5412 UDP
  • live migration (VM memory and local-disk data): 60000-60050 (TCP)

Ref:
https://pve.proxmox.com/wiki/Firewall
https://forum.proxmox.com/threads/how-to-disable-pve-firewall-after-lock-out-datacenter-level-firewall.60557/

Share