Most Read Posts

Mikrotik stuff

Подробности
Автор: Kirill

Allow winbox from inet:

/ip firewall filter add chain=input protocol=tcp dst-port=8291 disabled=no action=accept place-before 0

move rule:

/ip firewall filter> move 14 destination=1

Port forwarding:

ip firewall nat add action=netmap chain=dstnat to-addresses=<server_dmz_address> to-ports=443 protocol=tcp in-interface=ether1 dst-port=443

NAT:

chain=srcnat action=masquerade src-address=192.168.1.0/24 log=no

 Terminal upgrade (ssh/telnet):

system package update check-for-updates
system package update print
system package update download
system reboot

 Backup/restore + script + scheduler

Based on https://www.technotrade.com.ua/Articles/beckup_config_mikrotik.php

 

 System - script - add

:log info "Starting Backup Script...";
:local sysname [/system identity get name]; 
:local sysver [/system package get system version];
:log info "Flushing DNS cache...";
/ip dns cache flush;
:delay 2;
:log info "Deleting last Backups...";
:foreach i in=[/file find] do={:if ([:typeof [:find [/file get $i name] "$sysname-backup-"]]!="nil") do={/file remove $i}};
:delay 2;
:local smtpserv [:resolve "supermailserver.com"];
:local smtpport "superport";
:local Eaccount "superЭтот адрес электронной почты защищён от спам-ботов. У вас должен быть включен JavaScript для просмотра.";
:local From "<deviceЭтот адрес электронной почты защищён от спам-ботов. У вас должен быть включен JavaScript для просмотра.>";
:local backupfile ("$sysname-backup-" . \
[:pick [/system clock get date] 7 11] . \
[:pick [/system clock get date] 0 3] . \
[:pick [/system clock get date] 4 6] . ".backup");
:log info "Creating new Full Backup file...";
/system backup save name=$backupfile;
:delay 2;
:log info "Sending Full Backup file via E-mail...";
/tool e-mail send from=$From to=$Eaccount server=$smtpserv \
port=$smtpport start-tls=no file=$backupfile \
subject=("$sysname Full Backup (" . [/system clock get date] . ")") \
body=("$sysname full Backup file see in attachment.\nRouterOS version: $sysver \
Time and Date stamp: " . [/system clock get time] . " " . \
[/system clock get date]);
:local exportfile ("$sysname-backup-" . \
[:pick [/system clock get date] 7 11] . \
[:pick [/system clock get date] 0 3] . \
[:pick [/system clock get date] 4 6] . ".rsc");
:log info "Creating new Setup Script file...";
/export verbose file=$exportfile;
:delay 2;
:log info "Sending Setup Script file via E-mail...";
/tool e-mail send from=$Form to=$Eaccount server=$smtpserv \
port=$smtpport start-tls=no file=$exportfile \
subject=("$sysname Setup Script Backup (" . [/system clock get date] . ")") \
body=("$sysname Setup Script file see in attachment.\nRouterOS version: $sysver\nTime and Date stamp: " . \
[/system clock get time] ." ". [/system clock get date]);
:delay 5;
:log info "All System Backups emailed successfully.Backup completed.";

 

/system scheduler add interval=1d name=backup_schedule on-event=backup_to_email start-date=apr/20/2019 start-time=03:12:50

 

https://wiki.mikrotik.com/wiki/Automated_Backups

 

 Vlan useful links:

https://lanmarket.ua/stats/bazovye-osnovy-nastroyki-vlan-v-routeros-na-oborudovanii-mikrotik-vlan-dlya-chaynikov-segmentatsiya

check-gateway=ping for dhcp default route:

1. set distance = 105

2. add a script in dhcp client config:

/ip route set [find where distance="105"] check-gateway=ping

 

 

Gitlab + letsencrypt automated

Подробности
Автор: Kirill

Written with help of this:

https://stackoverflow.com/questions/34189199/how-do-i-use-let-s-encrypt-with-gitlab

which is based on

https://webnugget.de/setting-up-gitlab-with-free-ssl-certs-from-lets-encrypt-on-ubuntu-14-04/

one more reference:

https://www.digitalocean.com/community/tutorials/how-to-secure-gitlab-with-let-s-encrypt-on-ubuntu-16-04

Done on Ubuntu, assumed gitlab and certbot installed.

- Create the folder /var/www/letsencrypt and use this directory as webroot-path for Let's Encrypt

- Use the webroot authenticator for Let's Encrypt (certbot -a webroot ...)

- Change the following config values in /etc/gitlab/gitlab.rb and run gitlab-ctl reconfigure after that:

nginx['redirect_http_to_https'] = true
nginx['ssl_certificate']= "/etc/letsencrypt/live/gitlab.yourdomain.com/fullchain.pem"
nginx['ssl_certificate_key'] = "/etc/letsencrypt/live/gitlab.yourdomain.com/privkey.pem"
nginx['custom_gitlab_server_config']="location ^~ /.well-known {\n alias /var/www/letsencrypt/.well-known;\n}\n"

If you are using Mattermost which is shipped with the Omnibus package then you can additionally set these options in /etc/gitlab/gitlab.rb:

mattermost_nginx['redirect_http_to_https'] = true
mattermost_nginx['ssl_certificate']= "/etc/letsencrypt/live/gitlab.yourdomain.com/fullchain.pem"
mattermost_nginx['ssl_certificate_key'] = "/etc/letsencrypt/live/gitlab.yourdomain.com/privkey.pem"
mattermost_nginx['custom_gitlab_mattermost_server_config']="location ^~ /.well-known {\n alias /var/www/letsencrypt/.well-known;\n}\n"

After requesting your first certificate remember to change the external_url to https://... and again run gitlab-ctl reconfigure

 P.S

Letsencrypt integration introduced in GitLab version 10.5 and disabled by default. Enabled by default in GitLab version 10.7 and later if external_url is set with the https protocol and no certificates are configured.

 To find out gitlabversion: You should be logged in to access the following page: https://your.domain.name/help

Virtualbox bridged networking on ubuntu host

Подробности
Автор: Kirill

Installing bridge-utils

sudo apt-get update
sudo apt-get -y install bridge-utils
brctl addbr br0
ip link set dev br0 up
sudo ifconfig br0 inet 192.168.99.1

 sudo apt -y install isc-dhcp-server

sudo mcedit /etc/dhcp/dhcpd.conf  add to the end of file :

subnet 192.168.99.0 netmask 255.255.255.0 {
    option routers 192.168.99.1;

    option domain-name-servers 192.168.99.1;
    pool {
        range 192.168.99.8 192.168.99.64;
     }
}

sudo service isc-dhcp-server restart

sudo sysctl net.ipv4.ip_forward=1

sudo mcedit /etc/sysctl.conf

uncomment

net.ipv4.ip_forward=1

Install bind 9:

sudo apt -y install bind9

sudo service bind9 restart

NAT configuration with iptables:

sudo iptables --flush

sudo iptables -t nat --flush

iptables --delete-chain

sudo iptables -t nat -A POSTROUTING -o eno1 -j MASQUERADE

sudo iptables -A FORWARD -i br0 -j ACCEPT

Automatically Create the Bridge at Start-up

 /etc/network/interfaces file

auto br0
iface br0 inet static
   bridge_stp off
   bridge_fd 0
   bridge_maxwait 0
   address 192.168.99.1
   netmask 255.255.255.0

 

Links:

https://help.ubuntu.com/community/NetworkConnectionBridge

PHP bulk upgrade FreeBSD

Подробности
Автор: Kirill

5.6 to 7.2 :

/usr/sbin/pkg info -xo ^php | /usr/bin/awk '{ gsub("56","72",$2); print  " -o "$2" "$1}' | /usr/bin/xargs -L 1 /usr/local/sbin/portupgrade -by

7.2 to 7.3:

pkg info -xo php72 | awk '{ gsub("72","73",$2); print " -o "$2" "$1}' | xargs -L 1 portupgrade -by

 

7.3 to 7.4:

pkg info -xo php73 | awk '{ gsub("73","74",$2); print " -o "$2" "$1}' | xargs -L 1 portupgrade -by

 

7.2 to 8.0:

pkg delete php72-hash php72-json; pkg info -xo ^php ^mod_php | grep php72 | awk '{gsub("72","80",$2); print " -o "$2" "$1}' | xargs -L 1 portupgrade -DbkycC --batch

  1. Mysqldump backup simple script
  2. LVM cant Boot - ALERT /dev/mapper/ubuntu--vg-root does not exist DROPPING to Shell -

Страница 8 из 18

Search

Older Posts

Login Form