On my Multi Cycle bike, I have a SR Suntour CR9, serial number TF00478709, Series: CR, Year: 2015, Name: CR 9V-D-P-LO 700C TS 300/0, from 2015.
Author: halfgaar (Page 4 of 26)
Halfgaar is Wiebe. Wiebe is a contributing author on this weblog. He also has a lot of stuff (such as long, in-depth articles) on his personal website.
Wiebe's day job is as a senior software developer and system administrator at YTEC.
In his free time, he built the free, open-source FlashMQ software. Together with Jeroen and Rowan, he is now building a managed MQTT hosting business around his open masterpiece.
We found that if you do what the Apache documentation says and put quotes around the expr:
<RequireAny>
Require user victron
Require expr "%{REQUEST_URI} =~ m#^/.well-known/acme-challenge/.*#"
</RequireAny>
You get:
Cannot parse expression in require line: syntax error, unexpected $end
Remove the quotes around it…
As Bigsmoke indicated, we had some issues with google not finding content. For the same reason, I would like to share my insight into some stuff I write about:
When sending mail from a host behind NAT, you will run into trouble when the “From” says “root@host.localdomain”, because receiving servers will refuse that domain.
I’m not quite sure why, but setting myorigin used to be enough. Now I need to do this in main.cf:
# For when you have a host behind NAT that is refusing to # use hostname.realdomain.net as specified as origin. # You can test with: # postmap -q "fubar@hostname.somelocaldomain" regexp:/etc/postfix/sender_canonical sender_canonical_maps = regexp:/etc/postfix/sender_canonical
And in sender_canonical:
/^(.*@)host.*$/ ${1}hostname.realdomain.net
Or more generic:
/^(.*@.*\.)company$/ ${1}company.nl
And as usual, I use a relay host.
One of the inconveniences of encryption is the need to open the encrypted volume by hand when the computer/server boots. Luckily, you can easily automate that securely. You need a machine that will act as a key server, whether that’s a Raspberry Pi or some VPS you hire.
Take a server that will act as a key server and create a passwordless user:
adduser --disabled-password cryptsetupkeys su - cryptsetupkeys mkdir keys chmod go-rwx keys
We’re going to use ~/.ssh/authorized_keys to give access to the key to one public key, and only from one IP (to prevent someone stealing your computer from also auto-unlocking it):
from="2a01:1b0:5256:1:2:3:4:5",command="/usr/local/bin/catkey.sh keys/server1.key" ssh-rsa AAA...vJxw== root@server1 from="1.2.3.4",command="/usr/local/bin/catkey.sh keys/server2.key" ssh-rsa AAA...vJxw== root@server2
The /usr/local/bin/catkey.sh can be:
#!/bin/bash # # Script to be used as only permitted command to echo the key # data for cryptsetup encrypted partitions. # # from="1.2.3.4",command="/usr/local/bin/catkey.sh keys/server1.key" ssh-rsa AAA...vJxw== root@server2 # # http://blog.bigsmoke.us/2016/05/22/download-dmcrypt-cryptsetup-encryption-key-from-remote-server-and-auto-mount keyname="$1" keyfile="$HOME/$keyname" hostname="$(hostname)" mailto="you@example.com" mailfrom="Autokeydecryptor <you@example.com>" subject="Cryptsetup key access for '$keyname', '$USER' on '$hostname'" if [ -z "$keyname" ]; then message="key name not specified" echo "$message" echo "$message" | mail -a "From: $mailfrom" -s "$subject" "$mailto" exit 1 fi if [ ! -f "$keyfile" ]; then message="$keyfile not found or is not a regular file" echo "$message" echo "$message" | mail -a "From: $mailfrom" -s "$subject" "$mailto" exit 1 fi cat -- "$keyname" message="This is an audit of the access to cryptsetup keys on server '$hostname', account '${USER}', key '$keyname'. This should normally only happen on boot of the server which has the cryptsetup partition." echo "$message" | mail -a "From: $mailfrom" -s "$subject" "$mailto"
Then on the machine that has the encrypted volume, put the following in something like /etc/rc.local:
ssh -4 -o PasswordAuthentication=no "cryptsetupkeys@server.example.com" "dummy" | cryptsetup --key-file - luksOpen /dev/raidvg/mainencrypted maindecrypted # put the proper entry in /etc/fstab so this mount works mount /mnt/decryptedvolume
Or better yet put that in a separate script to be called from /etc/rc.local, because /etc/rc.local often has -e in the shebang, so it would stop on any error in that script, possibly failing to execute your command. Why that -e is there is a mystery to me, but that’s another story.
The less obvious flags explained:
-4is to make sure thefromclause will always work, also if your ISP suddenly gives you IPv6.-o PasswordAuthentication=nois necessary to be sure the command fails if the login fails. Otherwise, should your IP address change, the command may hang on password input (if it’s not smart enough to detect a non-interactive terminal).
I had a server that booted with a degraded array every time, because there was a USB drive attached to it, that messed up the auto detection. I solved it by putting this in mdadm.conf:
# This is to try to solve the problem that the array always boots as degraded when I boot the server with a USB disk attached. # http://serverfault.com/questions/722360/debian-server-has-degraded-mdam-array-on-every-boot/ DEVICE /dev/disk/by-id/ata-*
Then run:
update-initramfs -u
I still don’t know what went wrong, though. It can plainly see what drivse should be in the array.
If you need/have a large transaction log file, a shut down can take a while. This post lists how you can force a flush before you do so, decreasing shut down time.
In short:
mysql> set global innodb_max_dirty_pages_pct = 0;
Then monitor the dirty pages:
mysqladmin ext -i10 | grep dirty
This article gives a good explation of LC resonances caused by turn-on transients.
Whenever electrolytic caps are a thing of the past and replaced by super low ESR devices, we may actually have to add some resistance.
Just for my references. I made changes to it before, but I now added the comments to them (for custom notifications and acknowledgements):
define command{ command_name notify-host-by-email command_line /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\nComment: $NOTIFICATIONCOMMENT$\nHost: $HOSTNAME$\nState: $HOSTSTATE$\nAddress: $HOSTADDRESS$\nInfo: $HOSTOUTPUT$\n\nDate/Time: $LONGDATETIME$\n" | /usr/bin/mail -s "** $NOTIFICATIONTYPE$ Host Alert ($SHORTDATETIME$): $HOSTNAME$ is $HOSTSTATE$ **" $CONTACTEMAIL$ } define command{ command_name notify-service-by-email command_line /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\nComment: $NOTIFICATIONCOMMENT$\nService: $SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\nAdditional Info:\n\n$SERVICEOUTPUT$" | /usr/bin/mail -s "** $NOTIFICATIONTYPE$ Service Alert ($SHORTDATETIME$): $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ **" $CONTACTEMAIL$ } define command{ command_name notify-host-by-sms command_line /usr/local/sbin/send-sms.sh -n $CONTACTPAGER$ -m "$HOSTNAME$: $NOTIFICATIONTYPE$, $HOSTSTATE$ ($NOTIFICATIONCOMMENT$)" } define command{ command_name notify-service-by-sms command_line /usr/local/sbin/send-sms.sh -n $CONTACTPAGER$ -m "$SERVICEDESC$ on $HOSTNAME$ $NOTIFICATIONTYPE$ ($NOTIFICATIONCOMMENT$): $SERVICEOUTPUT$" }
ChunkVNC consists of three parts, InstantSupport, Repeater and Viewer.
UltraVNC SC is a mini (166k) UltraVNC Server that can be customized and preconfigured for download by a Customer. UltraVNC SC does not require installation and does not make use of the registry. The customer only have to download the little executable and Click to make a connection. The connection is initiated by the server, to allow easy access thru customers firewall.
Recent Comments