apt install php7.2-{mysql,curl,json,xsl,gd,xml,zip,xsl,soap,bcmath,mbstring,gettext,imagick}
wireguard-ui without docker
wget wireguard-ui:
https://github.com/ngoduykhanh/wireguard-ui/releases
tar -xvzf wireguard-ui-*.tar.gz
mkdir /opt/wireguard-ui
mv wireguard-ui /opt/wireguard-ui/
vim /opt/wireguard-ui/.env
SESSION_SECRET=
WGUI_USERNAME=
WGUI_PASSWORD=
vim /opt/wireguard-ui/postup.sh
#!/usr/bin/bash
# /opt/wireguard-ui/postup.sh
ufw route allow in on wg0 out on eth0
iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE
vim /opt/wireguard-ui/postdown.sh
#!/usr/bin/bash
# /opt/wireguard-ui/postdown.sh
ufw route delete allow in on wg0 out on eth0
iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
chmod +x /opt/wireguard-ui/post*.sh
vim /etc/systemd/system/wireguard-ui-daemon.service
[Unit]
Description=WireGuard UI Daemon
Wants=network-online.target
After=network-online.target
[Service]
User=root
Group=root
Type=simple
systemctl daemon-reload
systemctl start wireguard-ui-daemon.service
vim /etc/systemd/system/wgui.service
[Unit]
Description=Restart WireGuard
After=network.target
[Service]
Type=oneshot
ExecStart=/usr/bin/systemctl restart [email protected]
[Install]
RequiredBy=wgui.path
vim /etc/systemd/system/wgui.path
[Unit]
Description=Watch /etc/wireguard/wg0.conf for changes
[Path]
PathModified=/etc/wireguard/wg0.conf
[Install]
WantedBy=multi-user.target
systemctl daemon-reload
systemctl enable wgui.{path,service}
systemctl start wgui.{path,service}
Nginx proxy:
add_header Cache-Control no-cache;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://127.0.0.1:5000/;
kibana add enrollment token cli
bin/kibana-setup --enrollment-token
PMM
Percona Monitoring and Management (PMM) is an open-source database monitoring, management, and observability solution for MySQL, PostgreSQL, and MongoDB.
mysql dump triggers only
mysqldump --routines --no-create-info --no-data --no-create-db --skip-opt my_db > ~/my_db_triggers.sql
journalctl clean all
journalctl –rotate
journalctl –vacuum-time=1s
grep 500 errors
awk match pattern in column
Grep only 502 && 503:
cat /var/log/nginx/access.log| awk '$9 ~ /^50[23]/'
Grep all 50X:
cat /var/log/nginx/access.log| awk '$9 ~ /^50./'
Pug
Pug is a high-performance template engine heavily influenced by HTML and implemented with JavaScript for Node.js and browsers. But there are ports for other languages like Java, Python, Ruby, etc.
arkade
arkade is how developers install the latest versions of their favourite tools and Kubernetes apps.
curl -sLS https://get.arkade.dev | sudo sh
arkade get kubectl
arkade get kubectl \
helm \
istioctl
actions-runner Install GitHub Actions Runner
buildkitd Install Buildkitd
cni Install CNI plugins
containerd Install containerd
firecracker Install Firecracker
gitlab-runner Install Gitlab Runner
go Install Go
node Install Node.js
prometheus Install Prometheus
tc-redirect-tap Install tc-redirect-tap
registry Install Open Source Registry implementation for storing and distributing container images using the OCI Distribution Specification
mercure
wget https://github.com/dunglas/mercure/releases/download/v0.10.2/mercure_0.10.2_Linux_x86_64.tar.gz && mkdir mercure && tar -zxvf mercure_0.10.2_Linux_x86_64.tar.gz -C mercure
vim /etc/supervisor/conf.d/mercure.conf
[program:mercure]
command=/usr/sbin/mercure
process_name=%(program_name)s_%(process_num)s
numprocs=1
environment=JWT_KEY=”secret_jwt_key”,ADDR=’:3333′, DEMO=1, ALLOW_ANONYMOUS=1, CORS_ALLOWED_ORIGINS=, PUBLISH_ALLOWED_ORIGINS=”, USE_FORWARDED_HEADERS=1, DEBUG=1
directory=/tmp
autostart=true
autorestart=true
startsecs=5
startretries=10
user=www-data
redirect_stderr=false
stdout_capture_maxbytes=1MB
stderr_capture_maxbytes=1MB
stdout_logfile=/path/to/mercure/out.log
stderr_logfile=/path/to/mercure/error.log
supervisorctl reread
supervisorctl update
supervisorctl start mercure
Generate token online here: www.JWT.io
You need use your secret_jwt_key to get token
{
“mercure”: {
“publish”: [
“*”
]
}
}
Test token bash script:
#!/usr/bin/env bash
curl –request POST \
–url http://127.0.0.1:3333/.well-known/mercure \
–header ‘authorization: Bearer Paste_your_generated_token_here’ \
–header ‘content-type: application/x-www-form-urlencoded’ \
–data topic=test \
–data ‘data={
“headline”: “Hello there this is Mercure.Rocks”
}’
zfs access files lxc
nsenter -t $(cat /var/snap/lxd/common/lxd.pid) -m
lxc change srorage
lxc move container_name -s new_storage_pool
mysql lock all tables
FLUSH TABLES WITH READ LOCK;
UNLOCK TABLES;
systemd listen on port and run command
systemd listen on port and run command on connect
vin /usr/lib/systemd/system/restart-db.service
[Unit]
Description=Restart MySQL Listener
After=network.target
[Service]
User=restart
Type=simple
ExecStart=/bin/bash -xc 'echo -e "HTTP/1.1 204 No Content\\r\\nConnection: close\\r\\n\\r" | nc -p 7777 -l -w 1; sudo systemctl restart mysql'
Restart=always
StartLimitInterval=1min
StartLimitBurst=60
[Install]
WantedBy=multi-user.target
systemctl start restart-db.service
● restart-db.service – Restart MySQL Listener
Loaded: loaded (/lib/systemd/system/restart-db.service; disabled; vendor preset: enabled)
Active: active (running) since Mon 2023-11-27 21:29:28 UTC; 11s ago
Main PID: 41246 (bash)
Tasks: 2 (limit: 76710)
Memory: 572.0K
CPU: 1ms
CGroup: /system.slice/restart-db.service
├─41246 /bin/bash -xc “echo -e \”HTTP/1.1 204 No Content\\r\\nConnection: close\\r\\n\\r\” | nc -p 7777 -l -w 1; sudo systemctl restart mysql”
└─41248 nc -p 7777 -l -w
vim /etc/sudoers.d/restart-db
restart ALL=(ALL) NOPASSWD: /usr/bin/systemctl restart mysql
Also possible use socat with some simple auth:
socat -u TCP-LISTEN:7777,keepalive,reuseaddr,rcvbuf=7777 STDOUT | grep -w -q “mypassword” && sudo systemctl restart mysql
ceph osd pool list
ceph osd lspools