Blog

Posted on

Bash: set up a temporary SSH tunnel

You can do this cleanly with an ssh ‘control socket’. To talk to an already-running SSH process and get its PID, kill it etc. Use the ‘control socket’ (-M for master and -S for socket) as follows:


ssh -M -S my-ctrl-socket -fnNT -L 50000:localhost:3306 [email protected]

ssh -S my-ctrl-socket -O check [email protected]
Master running (pid=3517) 

ssh -S my-ctrl-socket -O exit [email protected]
Exit request sent.

Note that my-ctrl-socket will be an actual file that is created.

You can use -o ExitOnForwardFailure=yes with -f and SSH will wait for all remote port forwards to be successfully established before placing itself in the background. You can grep the output of ps to get the PID. For example, you can use

ssh -Cfo ExitOnForwardFailure=yes -N -L 9999:localhost:5900 $REMOTE_HOST
PID=$(pgrep -f 'N -L 9999:')
[ "$PID" ] || exit 1

and be pretty sure you’re getting the desired PID

Posted on

WordPress with nginx

See https://www.nginx.com/resources/wiki/start/topics/recipes/wordpress/


    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    location / {
        # This is cool because no php is touched for static content.
        # include the "?$args" part so non-default permalinks doesn't break when using query string
        try_files $uri $uri/ /index.php?$args;
    }
    location ~ \.php$ {
        #NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
        include fastcgi_params;
        fastcgi_intercept_errors on;
        fastcgi_pass unix:/var/php-nginx/162475923957101.sock/socket;
        #The following parameter can be also included in fastcgi_params file
        fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }

    location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
        expires max;
        log_not_found off;
    }
Posted on

Guest Machines Do Not Show in VMPlayer Library

My vmware player does not show guest machines in the library. The troubleshooting suggests it’s a permissions error wherever the library data is stored.

When I try to open a guest machine the player does not show the guest in the inventory pane of the player. However, I can run vmplayer /path/to/machine.vmx and the machine will open execute properly.

The problem happens with all guest machines – so it does not appear to be related to anything about a machine itself.

REF

@dsy7211-14-2015 04:44 AM

This behavior still exists in Ubuntu 14.04 LTS and VMware Player 7.1.2. The file /home/user/.local/share/recently-used.xbel will be emptied from time to time and every time you log out, thus the library / list of VMs will be lost.

This only happens if you have deactivated ‘Record file & application usage’ in Ubuntu System Settings ‘All Settings / Security & Privacy / Files & Applications’.

If you activate ‘Record file & application usage’ your list of VMs will not be lost anymore, as the file ‘recently-used.xbel’ will no longer be emptied. I’m actually very happy to have discovered this, because before I had to manually restore the list of VMs dozens of time.

Posted on

Setup blog with WordPress self-hosted

Prerequisite

  • A domain from matbao or namecheap
    • for Vietnamese domain, matbao has a simple user interface and very good support for registering and payment
    • namecheap protects domain information (whois) without any fee – it’s free
  • a wordpress packages, bluehost is a good option. If you want to have more controll on your own host, try a VPS on aws lightsail, linode, vultr, digital ocean (standard price) or heiztner contabo (cheap price)

Theme:

  • Simple text content with 2011, 2017
  • Advance features theme from wordpress market, or Envanto’s – Themeforest

Recommended plugins:

  • Security: Sucuri – monitor the website, notify if there is any changes made
  • Security: Prevent Concurrent Logins
  • Security: Limit Max IPs Per User
  • Security: reCaptcha by BestWebSoft: add Google’s capcha to login/ comment
  • Site Kit by Google – Add sites to Google’s search console and analytics

Posted on

Setup Virtualmin with nginx and a custom domain

  1. In webmin, create a virtual server for your panel, eg webmin.example.com and usermin.example.com
  2. Go to Webmin > Webmin Configuration > Ports and Addresses, set Web server hostname to webmin.example.com
  3. Go to Webmin > Usermin Configuration > Ports and Addresses, set Web server hostname to usermin.example.com.
    3.2. In case you want usermin hosted on a same domain but a different path to webmin (eg webmin.example.com for webmin and webmin.example.com/ucp/ for usermin) just enter webmin.example.com
  4. Edit nginx server configuration file for domain webmin.example.com
upstream webmin-upstream {
	server localhost:10000;
}
upstream usermin-upstream {
	server localhost:20000;
}
server {
...
    location /ucp/ {

		# set some headers and proxy stuff.
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		#proxy_redirect off;

		# include Host header
		proxy_set_header Host $http_host;

		# proxy request to usermin server
		proxy_pass https://usermin-upstream/;
		
		# Fixes initial redirect after login
		proxy_redirect https://$host:20000/ https://$http_host/;
	}
	location / {

		# set some headers and proxy stuff.
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		#proxy_redirect off;

		# include Host header
		proxy_set_header Host $http_host;

		# proxy request to webmin server
		proxy_pass https://webmin-upstream/;
		
		# Fixes initial redirect after login
		proxy_redirect https://$host:10000/ https://$http_host/;
	}
Posted on

Setup ghost blog with nginx

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-NginX-Proxy true;
        proxy_pass http://192.168.1.35:3001/;
        proxy_ssl_session_reuse off;
        proxy_set_header Host $http_host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_read_timeout 900;
        proxy_redirect off;
    }
Posted on

RaspberryPI as nfs share server

Server side

1. Install nfs server

sudo apt-get install nfs-kernel-server -y

2. Update share configuration

Append to file /etc/exports

/nfsshare *(rw,all_squash,insecure,async,no_subtree_check,anonuid=33,anongid=33)

Following configuration applied:

  • /nfsshare: the folder we share in network
  • *: limit the ip range, eg: to allow all IP’s from 192.168.0.0 to 192.168.0.256, we can replace the asterisk with 192.168.0.0/24.
  • rw: allows both read and write requests on the NFS volume
  • all_squash: map all uids and gids to the anonymous user
  • insecure: allows clients with an NFS implementation that doesn’t use a reserved NFS port
  • async: allows the NFS server to break the NFS protocol to improve performance at the cost of data potentially becoming corrupted if the server crashes
  • no_subtree_check: disables subtree checking, while it comes at a cost to security it can improve the reliability of the NFS server
  • anonuid=33,anongid=33 userId and groupId for a user that is connecting anonymously

3. Apply new exportfs config:

sudo exportfs -ra

That’s all for server-side!

Client side

Ubuntu

1. Install client:

sudo apt install nfs-common

2. Test mount point

# create folder for mount point
sudo mkdir /pi-server-02
sudo mount 192.168.1.196:/nfsshare /pi-server-02

3. Permanent mount

If it’s works in the previous step, you can create an /etc/fstab entry:

192.168.1.196:/nfsshare /pi-server-02	nfs 	defaults 0 0