Daz's bits and bobs

…bytes bits

Entries for the ‘Linux’ Category

pc engine – pfsense as router / firewall

Just built a pfsense router to replace my aging 7390 fritzbox…. Very very awesome and fast! I’m currently running these services on it (2 x 1GHZ cpu, 4GB RAM, 16GB msata SSD); dhcpd – DHCP server miniupnpd – UPnP server ntpd – NTP server squid – Transparent Proxy & Reverse Proxy snort – IDS (Intrusion […]

Veeam Cloud Connect / Provider – datasilo.co.nz

We use Veeam B&R a lot at work, with Veeam 8 there is a new offsite capability via Veeam’s “Veeam Cloud Connect” option. This essentially gives you a repository that you can use offsite without having to invest in infrastructure yourself. Works very well. datasilo.co.nz is a new Veeam Cloud Provider located in New Zealand which […]

Creating a .pem with the Private Key and Entire Trust Chain

You may find you install a SSL cert, but certain browsers show the connection as unsafe (i.e. mobile browser has issues but desktop browsers are happy) – this generally points to not having the cert chain correct. You can check your cert chain at sites like – https://ssltools.websecurity.symantec.com/checker/views/certCheck.jsp https://www.sslshopper.com/ssl-checker.html Download your Intermediate and Primary Certificates. […]

ERROR: No forward-proxy ports configured

I had the above issue after a squid upgrade and after changing from http_port 3128 transparent to http_port 3128 intercept. Add “http_port 8080” line to squid.config to avoid this message, if you are not already using that port. The changes in security require that a separate port be setup for forwarding proxy requests

nginx – and gzip

i only have vdsl at home and host my website via it… the following graphs shows when nginx started serving faster than the vdsl connection could handle (which is about 9Mbits) ngnix with cache enabled, gzip enabled and set to 6 http://loadimpact.com/load-test/sigtar.com-6a246200e28f354c64582cf2c0b6ce46 ngnix with cache enabled, gzip enabled and set to 9 (maximum) http://loadimpact.com/load-test/sigtar.com-1422b3e7250c4e3acb7868177f2b2056 ngnix with cache […]

nginx – setup as reverse proxy

  Previously to take down this wordpress site all you needed to do was hold down F5 for about 20 seconds then the site would take about 5 mins to recover. There were a few factors causing this and quite a few different methods to solving the problem. WordPress itself is run on php / […]

use nmap to port scan / find free IPS

I use angry IP scanner in windows, linux has a good util for port scanning an ip range called nmap; Grab nmap from usual repositories sudo nmap -sP (will show hosts up and resolve mac addresses to vendors) sudo nmap -v -sT (will show hosts up and the various open ports) sudo nmap […]

tinycore – autostart rdesktop

The directory for that purpose is hidden directly in your user folder, e.g. /home/tc/.X.d Create a file in there called rdesktop and put in it a command like while x=0 do sleep 5 /usr/local/bin/rdesktop -f done Remember to make file executable with chmod

squid – reverse proxy

Great guide here – http://www.classhelper.org/articles/reverse-proxy-server-squid-debian/installing-squid-proxy-server.shtml I’ve modified slightly for Ubuntu, but almost identical. apt-get install squid cp /etc/squid3/squid.conf /etc/squid3/squid.bak rm /etc/squid3/squid.conf nano /etc/squid/squid.conf http_port 80 defaultsite=www.yoursite.com vhost forwarded_for on refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 cache_peer parent 80 0 no-query no-digest originserver name=web1 acl sites_web1 dstdomain www.yoursite.com yoursite.com […]

cron job to re prioitize tasks

I’m using the following crontab script to renice my squid process…. Put following in script and  call via cron (i’m doing every 10 mins) */10 * * * * /home/user/renice.sh (renice.sh) renice -15 $(ps -C squid3 -o pid=) renice -15 $(ps -C unlinkd -o pid=)