Setup HAProxy Load Balancer for MariaDB Galera Cluster

If you check the above test scenario and try to create DBs on any of the nodes, you would see that the data would automatically sync between the nodes. Which means Availability is achieved. Now to achieve high availability we will use HaProxy as the loadbalancer.

Set up another VM for this and install HAProxy as follows.

sudo apt-get update
sudo apt-get install haproxy

Edit HA Proxy Config as follows.

sudo vim /etc/haproxy/haproxy.cfg

Add the following lines. Continue reading “Setup HAProxy Load Balancer for MariaDB Galera Cluster” »

Share

MariaDB Galera Cluster on Ubuntu 20

MariaDB Galera Cluster is a synchronous multi-master cluster for MariaDB with support for XtraDB/InnoDB storage engines. It has the following top features.

  • It provides active-active multi-master topology
  • You can read and write to any cluster node
  • It has an automatic node joining
  • Automatic membership control, failed nodes drop from the cluster
  • Has true parallel replication, on row level
  • Direct client connections
sudo apt update && sudo apt -y upgrade
sudo reboot

Setup Hostnames

Here’re the IP plans of my servers-

Continue reading “MariaDB Galera Cluster on Ubuntu 20” »

Share

Installer for jitsi-meet, jigasi and jibri

Found this lovely code base (that actually worked) on github, supported on a debian 10/11 or ubuntu 20+ versions-

The script (jitsi_setup.sh) can be used to install stable version of all 3 on a stand-alone server. This is simply a script version of quick-install document at https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-quickstart

It Installs below mentioned software:

nginx, prosody, jitsi-meet-prosody, jitsi-meet, jitsi-meet-web, jitsi-meet-web-config, jitsi-meet-turnserver, jicofo, jitsi-videobridge2

Below are optional, will be installed only if opted for:

jigasi (https://github.com/jitsi/jigasi)
jibri (https://github.com/jitsi/jibri)

Also has option for configuring:

  • secure domain (https://jitsi.github.io/handbook/docs/devops-guide/secure-domain)
  • jigasi authentication (find it towards the end of secure domain link)
  • transcription(Google/Vosk) (https://github.com/jitsi/jigasi#configuring-sip-and-transcription)
  • Etherpad (https://github.com/ether/etherpad-lite)

Continue reading “Installer for jitsi-meet, jigasi and jibri” »

Share

Build WAF with Reverse Proxy Load Balancer using Nginx

Getting Started

First, it is recommended to update and upgrade all your software packages to the latest version. You can update all of them by running the following command:

apt update -y
apt upgrade -y

Once all the packages are updated, install other required packages with the following command:

apt install g++ flex bison curl apache2-dev doxygen libyajl-dev ssdeep liblua5.2-dev libgeoip-dev libtool dh-autoreconf libcurl4-gnutls-dev libxml2 libpcre++-dev libxml2-dev git liblmdb-dev libpkgconf3 lmdb-doc pkgconf zlib1g-dev libssl-dev -y

Once you are done, you can proceed to the next step.

Install ModSecurity on Ubuntu 22.04

By default, the ModSecurity package is not included in the Ubuntu default repository. So you will need to compile it from the source.

First, download the latest version of ModSecurity with the following command:

wget https://github.com/SpiderLabs/ModSecurity/releases/download/v3.0.8/modsecurity-v3.0.8.tar.gz

Once the download is completed, extract the downloaded file with the following command:

tar -xvzf modsecurity-v3.0.8.tar.gz

Next, navigate to the extracted directory and configure it with the following command: Continue reading “Build WAF with Reverse Proxy Load Balancer using Nginx” »

Share

M3U Restream

There’s a wonderful piece of microservice node.js based restream utility, that let you re-stream from a source and also do the ffmped transcoding if you’d like. I just liked the piece!

My installed OS was Ubuntu 18.x and I used node version 12.x.

The problem

You have an IPTV provider that provides an (extended) M3U playlist file. You want to:

  • Add HTTPS encryption to the streams (and probably move the unencrypted reception offsite).
  • Transcode the streams to a lower bitrate, or convert to a uniform video or audio format.

The solution

Run this software, preferably on an offsite host. It only requires a Node installation (No NPM modules are required!). To add HTTPS support, front it with nginx (or similar). Continue reading “M3U Restream” »

Share

Install Discourse on Ubuntu 20.04

Secure the Server

Turn on automatic security updates.

$ sudo dpkg-reconfigure -plow unattended-upgrades

Setup a firewall with ufw.

$ sudo apt-get install ufw
$ sudo ufw default allow outgoing
$ sudo ufw default deny incoming
$ sudo ufw allow 22 comment 'SSH'
$ sudo ufw allow http comment 'HTTP'
$ sudo ufw allow https comment 'HTTPS'
$ sudo ufw enable

Install fail2ban to secure your server

$ sudo apt install fail2ban

Configure fail2ban to Use ufw

Copy the main configuration to avoid unexpected changes during package updates.

$ sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Edit the configuration file with your favorite text editor

$ sudo nano /etc/fail2ban/jail.local

Change the banaction and banaction_allports settings to ufw in the file /etc/fail2ban/jail.local as follows: Continue reading “Install Discourse on Ubuntu 20.04” »

Share

Disable ipv6 on Linux Machine

Disable on Centos/RHEL system:

1. Append below lines in /etc/sysctl.conf:

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1

NOTE : To disable IPv6 on a single interface add below lines to /etc/sysctl.conf :

net.ipv6.conf.[interface].disable_ipv6 = 1 ### put interface name here [interface]
net.ipv6.conf.default.disable_ipv6 = 1

2. To make the settings affective, execute :

# sysctl -p

Disable on Debian/Ubuntu system:

One method to make this option persist is modifying /etc/sysctl.conf.  Add the following lines to the file:

net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1
net.ipv6.conf.lo.disable_ipv6=1

For the settings to take effect use:

sudo sysctl -p
Share

Install Development Tool on CentOS and Debian

Well, in my working domain I face these tools to be installed, so that most of the dependent tools or programs that need to be deployed later don’t face much of dependency issue. So here goes the installation process for both the OS.

On CentOS/RHEL system use the follwoing command (either one of it would work)-

Type the following yum command as root user:

# yum group install "Development Tools"

Continue reading “Install Development Tool on CentOS and Debian” »

Share

Delete Old Unused Kernels in Debian

To find out the current version of Linux kernel running on your system, use the following command.

$ uname -sr
Linux 4.12.0-041200-generic

To list all installed kernels on your system, issue this command.

$ dpkg -l | grep linux-image | awk '{print$2}'

linux-image-4.12.0-041200-generic
linux-image-4.8.0-22-generic
linux-image-extra-4.8.0-22-generic
linux-image-generic

Remove Old Unused Kernels on Debian and Ubuntu

Run the commands below to remove a particular linux-image along with its configuration files, then update grub2 configuration, and lastly reboot the system.

$ sudo apt remove --purge linux-image-4.4.0-21-generic
$ sudo update-grub2
$ sudo reboot
Share

Reset Root Password on Ubuntu 20

Step 1: Reboot your Ubuntu 20.04 LTS Operating System and load the GRUB menu by holding the Shift Key on Keyboard

The first step is to start your computer machine and keep pressing the shift button on your keyboard until the GRUB menu appears, as shown in the picture below:

Step 2: Press ‘e’ to edit the commands

Now, select the boot Operating system, which is Ubuntu in our case, and press the ‘e’ key on your keyboard to edit some commands. By doing so, we can load the root shell Command prompt. Pressing the ‘e’ key on your keyboard allows you to have an edit screen, as shown in the picture below: Continue reading “Reset Root Password on Ubuntu 20” »

Share