SmartNote

User Tools

Site Tools

You are here: start

Sidebar

Tags Cloud
alert apache apt ascii auth bash centos certificate checkinstall chroot cron debian debuild dedikit etch format freebsd grub https ip iptables kernel libwww linux load_average logrotate logs minimal_install mldonkey mysql nginx openvpn perl php proxy realip rsync semaphores sftp squeeze ssh table tun ubuntu user ustats vhost vim watchdog wheezy
start

Table of Contents

Last updates

Использование chroot для sftp подключений

# mkdir -p /srv/ssh/chroot
# mkdir -p /etc/ssh/authorized_keys /srv/ssh/chroot
# groupadd sftponly
# useradd -G www-data -g sftponly -s /usr/sbin/nologin -d /srv/ssh -N USERNAME
# find /var/www/static -type d -print0 | xargs -0 chmod g+xwr
# find /var/www/static -type f -print0 | xargs -0 chmod g+wr
# chmod 775 /var/www/static /srv/ssh/chroot
# mount -o bind /var/www/static /srv/ssh/chroot
/etc/ssh/sshd_config
Subsystem sftp internal-sftp -u 0002
AuthorizedKeysFile /etc/ssh/authorized_keys/%u %h/.ssh/authorized_keys .ssh/authorized_keys
Match Group sftponly
  ChrootDirectory %h
  ForceCommand internal-sftp -u 0002
  AllowTcpForwarding no
  X11Forwarding no
  PasswordAuthentication no
/etc/fstab
LABEL=cloudimg-rootfs   /               ext4  defaults,discard  0 0
/var/www/static         /srv/ssh/chroot none  bind              0 0
2018/05/10 16:05 · kyxap
, , ,

How to fix Python 2.x urllib3 SNI warning

Problem
kyxap@workbench:~$ pip search pg_activity
/usr/local/lib/python2.7/dist-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:318: SNIMissingWarning: An HTTPS request has been made, but the SNI (Subject Name Indication) extension to TLS is not available on this platform. This may cause the server to present an incorrect TLS certificate, which can cause validation failures. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#snimissingwarning.
  SNIMissingWarning
/usr/local/lib/python2.7/dist-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:122: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
  InsecurePlatformWarning
pg_activity (1.3.0)  - Command line tool for PostgreSQL server activity monitoring.
Solution
kyxap@workbench:~$ pip install pyopenssl ndg-httpsclient pyasn1 -U
2016/09/22 01:10 · kyxap
, ,

Apache-like ~/public_html access

nginx
location ~ ^/~(.+?)(/.*)?$ {
  alias /home/$1/public_html$2;
  index  index.html index.htm;
  autoindex off;
}
2016/03/13 22:02 · kyxap
,

ffmpeg-php centos 6.x

atrpms-repo-6-7.el6.x86_64 https://www.mirrorservice.org/sites/dl.atrpms.net/el$releasever-$basearch/atrpms/stable

atrpms.repo
[atrpms]
name=Red Hat Enterprise Linux $releasever - $basearch - ATrpms
failovermethod=priority
#baseurl=http://dl.atrpms.net/el$releasever-$basearch/atrpms/stable
baseurl=https://www.mirrorservice.org/sites/dl.atrpms.net/el$releasever-$basearch/atrpms/stable
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-atrpms
 
[atrpms-debuginfo]
name=Red Hat Enterprise Linux $releasever - $basearch - ATrpms - Debug
failovermethod=priority
baseurl=https://www.mirrorservice.org/sites/dl.atrpms.net/debug/el$releasever-$basearch/atrpms/stable
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-atrpms
 
[atrpms-source]
name=Red Hat Enterprise Linux $releasever - $basearch - ATrpms - Source
failovermethod=priority
baseurl=https://www.mirrorservice.org/sites/dl.atrpms.net/src/el$releasever-$basearch/atrpms/stable
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-atrpms
#!/usr/bin/env bash

yum --enablerepo=atrpms ffmpeg-devel

SRC_DIR=/opt/src/ffmpeg-php
[[ -d $SRC_DIR ]] || mkdir -p $SRC_DIR
cd $SRC_DIR
git clone https://github.com/tony2001/ffmpeg-php.git
cd ffmpeg-git
grep -ir avcodec_alloc_frame "$SRC_DIR" -l | xargs -I{} sed 's/avcodec_alloc_frame/av_frame_alloc/' -i {}
./configure
2016/01/29 21:43 · kyxap
, , , , , ,

Запуск предопределенных shell-команд через nginx fastcgi

bash скрипт
#!/usr/bin/env bash
set -e

LANG=C
PATH="/bin:/usr/sbin:/usr/bin:/sbin:/usr/local/bin:/usr/local/sbin"

# print header
echo -e "Content-type: text/html\n\n";

# print body/command
echo "<html><body>";

# print error
print_error() { echo "$@"; exit 1;}

# run cmd
runcmd() {
  [[ "$@" ]] || print_error "No args passed to runcmd()" # exit if no args
  bash -c "$@" 2>&1                                      # run cmd with stderr -> stdout redirection
}

##### USER MAPPING #####

# new array to store all users
declare -a users

mysqld='ps auxww | grep [m]ysqld'                            # cmd to run
users+=(${!mysqld*})                                         # push to users array

redis='ps auxww | grep [r]edis'
users+=(${!redis*})

# check for authenticated user
[[ $REMOTE_USER ]] || print_error "REMOTE_USER value not found"

# loop over users array then run cmd if known user found
for user in ${users[@]}
do
  [[ $REMOTE_USER == $user ]] && { runcmd "${!user}"; break; }
done

echo "</body></html>";
конфиг nginx
    location / {
      gzip off;

      auth_basic              "auth";
      auth_basic_user_file    /etc/nginx/conf.d/mydomain.tld.htpasswd;

      root /home/http/mydomain.tld/html;

      fastcgi_param DOCUMENT_ROOT /home/http/mydomain.tld/html;
      fastcgi_param SCRIPT_NAME   runme.sh;
      fastcgi_param REMOTE_USER $remote_user;

      fastcgi_pass  unix:/var/run/fcgiwrap.socket;

      include /etc/nginx/fastcgi_params;

      fastcgi_param SCRIPT_FILENAME  /home/http/mydomain.tld/html$fastcgi_script_name;
    }
2015/04/09 12:28 · kyxap
,

Shell-wrapper для standalone passenger

/opt/scripts/passenger.sh
#!/usr/bin/env bash
 
_dir=/home/bundle     # app root dir
_home=/home/passenger # user home dir
_addr="0.0.0.0"
_port="8191"
 
_pid="$_home/passenger.pid"
_log="$_home/passenger.log"
_ngxtpl="$_home/nginx.conf.erb"
 
_args="--address $_addr --port $_port --user passenger --environment production --pid-file $_pid --log-file $_log --nginx-config-template $_ngxtpl --daemonize --sticky-sessions --app-type node --startup-file main.js"
 
[[ -f $_home/.nvm/nvm.sh ]] && source $_home/.nvm/nvm.sh
 
export MONGO_URL='mongodb://localhost:27017/mongodb'
export ROOT_URL="http://pro-manage.net:$_port"
 
[[ `whoami 2>/dev/null` == passenger ]] || echo "Run as passenger user"
 
cd $_dir
 
case $@ in
  stop)
    passenger stop --port $_port --pid-file $_pid
    ;;
  start)
    passenger start $_args
    ;;
  restart)
    $0 stop
    $0 start
    ;;
  status)
    passenger status --port $_port --pid-file $_pid
    ;;
  *)
    echo "usage: $0 stop | start | restart | status"
    ;;
esac
2015/04/09 10:16 · kyxap
, , , , , ,

Получение диапазона IP адресов

Prerequisites
apt-get install jq netmask moreutils

wget -P ~/tmp https://gist.githubusercontent.com/kyxap1/5233d86a9649f142e0c894598d4d60b0/raw/b369cf61cea3f20cce96244c33e55a6da0c92b89/aggregate-cidr-addresses.pl
chmod +x ~/tmp/aggregate-cidr-addresses.pl
Google1
dig +short TXT _spf.google.com \
  | grep -oP "(?<=include:).+?\s" \
  | xargs dig +short TXT \
  | grep -oP "(?<=ip4:).+?\s" \
  | xargs netmask -s \
  | perl -pne 's#(.+)/(.+)#route \1 \2 vpn_gateway#'
Google2
wget -q https://www.gstatic.com/ipranges/goog.json -O - \
  | jq '.prefixes[] | select(.ipv4Prefix) | .ipv4Prefix' -r
Amazon
wget https://ip-ranges.amazonaws.com/ip-ranges.json -O - \
  | jq -r ".prefixes[].ip_prefix" \
  | ./tmp/aggregate-cidr-addresses.pl \
  | sort -V
Github
wget -O - https://api.github.com/meta \
  | jq -r ".hooks, .web, .api, .git, .pages, .importer | .[]" \
  | ./tmp/aggregate-cidr-addresses.pl \
  | sort -V
2015/02/28 22:49 · kyxap
,

Older entries >>

start.txt · Last modified: 2016/09/22 01:27 by kyxap

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki