Monday, 9 November 2015

Gitlab git push DO NOT work because Gitlab Server Send Error 503 for remote origins ending with a "/"

https://gitlab.com/gitlab-org/gitlab-ce/issues/2727

Got a problem and resolved,
git push DO NOT work because Gitlab Server Send Error 503 for remote origins ending with a "/"

......
Have  issue with Nginx and Omnipackage, but received not 503 but 521 error. 
I resoled issue with steps: 
1. in /etc/gitlab/gitlab.rb
 gitlab_git_http_server['listen_network'] = "tcp"
 gitlab_git_http_server['listen_addr'] = "localhost:8181"
but leave nginx[‘enable’] = true
and run gitlab-ctl reconfigure
2, Change generated gitlab-http.conf
in first part change
upstream gitlab-git-http-server {
  server unix:localhost:8181;
}
to
upstream gitlab-git-http-server {
  server localhost:8181;
}
and after location @gitlab { …} add new section
  location ~ [-\/\w\.]+\.git\/ {
    ## If you use HTTPS make sure you disable gzip compression
    ## to be safe against BREACH attack.
    # gzip off;


    ## https://github.com/gitlabhq/gitlabhq/issues/694
    ## Some requests take more than 30 seconds.
    proxy_read_timeout      300;
    proxy_connect_timeout   300;
    proxy_redirect          off;

    # Do not buffer Git HTTP responses
    proxy_buffering off;

    # The following settings only work with NGINX 1.7.11 or newer
    #
    # # Pass chunked request bodies to gitlab-git-http-server as-is
    # proxy_request_buffering off;
    # proxy_http_version 1.1;

    proxy_set_header    Host                $http_host;
    proxy_set_header    X-Real-IP           $remote_addr;
    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-Proto   $scheme;

    proxy_pass http://gitlab-git-http-server;
  }
Now gitlab-ctl restart and all return to work

Sunday, 25 October 2015

mongodb service is not starting up

Answer helped me:
http://stackoverflow.com/questions/17527606/mongodb-failing-on-debian
if you don't find any traces in the logs:
tail -f -n50 /var/log/mongodb/mongodb.log
you should try to start the server in foreground:
sudo -u mongodb mongod --dbpath /var/lib/mongodb/
and see what's happening. For instance, I had a locale problem:

root@server :~# sudo -u mongodb mongod --dbpath /var/lib/mongodb/
2015-10-25T09:45:23.613+0000 E NETWORK  [initandlisten] listen(): bind() failed errno:98 Address already in use for socket: 0.0.0.0:27017
2015-10-25T09:45:23.613+0000 E NETWORK  [initandlisten]   addr already in use
2015-10-25T09:45:23.613+0000 W -        [initandlisten] Detected unclean shutdown - /var/lib/mongodb/mongod.lock is not empty.
2015-10-25T09:45:23.614+0000 I STORAGE  [initandlisten] exception in initAndListen: 98 Unable to lock file: /var/lib/mongodb/mongod.lock errno:11 Resource temporarily unavailable. Is a mongod instance already running?, terminating
2015-10-25T09:45:23.614+0000 I CONTROL  [initandlisten] dbexit:  rc: 100
To see config problem:

root@server :~# sudo -u mongodb mongod --dbpath /var/lib/mongodb/ -f /etc/mongod.conf
Unrecognized option: net.authorization
try 'mongod --help' for more information


Tuesday, 25 August 2015

cURL support for CloudFlare-enabled websites (zabbix with ssl sites, enebled in CloudFlare )

Ordinal post: https://luxing.im/curl-support-for-cloudflare-enabled-websites/

For debian 7 works like in post, not only on Fedora!

For Centos - curl -v --ciphers ecdhe_ecdsa_aes_128_sha URL works, use .curlrc.

cURL support for CloudFlare-enabled websites


CloudFlare provides a nice protection from DDoS and other hacking activities, last year they even added a free UniverSSL package to all users. The problem began with the cURL ciphers on cloudflare-enabled websites. cURL does not successfully handshake with cloudflare servers with its default encryption algorithms.
I test my website out using openssl s_client.
openssl s_client -connect luxing.im:443
We could see the following output:

...
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
...
OK so it is using ECDHE-RSA-AES128-GCM-SHA256 cipher to connect to my website.
Well, let’s try this:
curl https://luxing.im --cipher ecdhe_rsa_aes_128_gcm_sha_256
curl: (35) Cannot communicate securely with peer: no common encryption algorithm(s).
Huh. Strange isn’t it? With a LOT of searching, finally I got an answer from here, I added the suggested line to .curlrc in my home directory:
 ciphers="rsa_aes_256_sha,rsa_aes_128_sha,dhe_rsa_aes_256_cbc_sha,dhe_rsa_aes_128_cbc_sha,rsa_aes_256_cbc_sha_256,rsa_aes_128_cbc_sha_256,dhe_rsa_aes_256_cbc_sha_256,dhe_rsa_aes_128_cbc_sha_256,rsa_aes_128_gcm_sha_256,ecdhe_rsa_aes_128_gcm_sha_256,ecdhe_ecdsa_aes_128_gcm_sha_256"
Then try:
curl -v https://luxing.im
Yes, now my curl is working. Let’s see the output:

...
* SSL connection using TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
...
OK. It is actually using the TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 algorithm, so forcing the cipher to use ecdhe_ecdsa_aes_128_gcm_sha_256 works.
My curl is:

curl -V
curl 7.37.0 (x86_64-redhat-linux-gnu) libcurl/7.37.0 NSS/3.17.4 Basic ECC zlib/1.2.8 libidn/1.28 libssh2/1.4.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp
Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz Metalink

And I am on Fedora 20+.
Note:
1. Debian/RHEL/CentOS series does not support this algorithm. You’ll have to create a ticket to CloudFlare support to discuss it with them.
2. According to this, git uses cURL to access https repositories but this workaround won’t help. Too bad.

Install Java 8 (both JDK8 and JRE8) in Debian

Original post : http://www.webupd8.org/2014/03/how-to-install-oracle-java-8-in-debian.html


echo "deb http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main" | tee /etc/apt/sources.list.d/webupd8team-java.list
echo "deb-src http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main" | tee -a /etc/apt/sources.list.d/webupd8team-java.list
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys EEA14886
apt-get update
apt-get install oracle-java8-installer

#There is a package in our repository that automatically sets the Java 8 environment variab#les and sets JDK8 as the default JDK

sudo apt-get install oracle-java8-set-default

#to check
java -version

#java version "1.8.0_60"
#Java(TM) SE Runtime Environment (build 1.8.0_60-b27)
#Java HotSpot(TM) 64-Bit Server VM (build 25.60-b23, mixed mode)

javac -version
#javac 1.8.0_60



How to accept the Oracle JDK8 license automatically

you can use the following command:
echo oracle-java8-installer shared/accepted-oracle-license-v1-1 select true | sudo /usr/bin/debconf-set-selections

Saturday, 15 August 2015

Upload SSH key from Windows to Linux

mkdir -p ~/.ssh && chmod 700 ~/.ssh && touch ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys && cat >> ~/.ssh/authorized_keys

cntrl-C public key text and Ctrl - V to ssh command propt, Enter
Cntrl-D to finish 

Install FreeRADIUS v3 on Centos 7

Install FreeRADIUS v3 on Centos 7

Edit

Install packages

yum install mariadb-server mariadb freeradius freeradius-mysql freeradius-utils -y
sudo chkconfig --levels 235 radiusd  on
sudo chkconfig --levels 235 mariadb on
Edit

Populate MySql db

mysql -uroot -p

CREATE DATABASE radius;

GRANT ALL PRIVILEGES ON radius.* TO radius@localhost IDENTIFIED BY "YOUR PASS";

SOURCE /etc/raddb/mods-config/sql/main/mysql/schema.sql
Edit

Configure RADIUS

ln -s /etc/raddb/mods-available/sql /etc/raddb/mods-enabled

Edit

Edit radiusd.conf

modules {
$INCLUDE mods-enabled/
}
policy {
$INCLUDE sites-enabled/
}
Edit

Enable SQL configuration in the default enabled site /etc/freeradius/sites-available/default:
authorize {

sql

}
accounting {

sql

}
session {

sql

}
post-auth {

sql

}
Post-Auth-Type REJECT {
sql
}

Edit

Configure SQL module /raddb/mods-available/sql and change the database connection parameters to suite your environment:

sql {
driver = “rlm_sql_mysql”
server = “192.168.1.1”
port = 3306
login = “radius”
password = “radiuspwd”
  1. Database table configuration for everything except Oracle
    radius_db = “radius”
    }
  1. Set to ‘yes’ to read radius clients from the database (‘nas’ table)
  2. Clients will ONLY be read on server startup.
    read_clients = yes
  1. Table to keep radius client info
    client_table = “nas”
Edit

Test to see if Free Radius works by issuing the following command:

This will start FreeRadius in debug mode ( To stop it -> Ctrl+c).
radiusd -X
Edit

Install daloradius

Edit

Download daloradius and updated sql

yum install php-mysql php php-pear php-gd php-pear-DB -y
cd /tmp
wget http://sourceforge.net/projects/daloradius/files/latest/download?source=files
tar zxvf download?source=files
mysql -uradius -p radius < daloradius-0.9-9/contrib/db/fr2-mysql-daloradius-and-freeradius.sql
Edit

Config daloradius sql connection

nano daloradius-0.9-9/library/daloradius.conf.php

# $configValues['DALORADIUS_VERSION'] = '0.9-9';
# $configValues['FREERADIUS_VERSION'] = '3';
# $configValues['CONFIG_DB_ENGINE'] = 'mysql';
# $configValues['CONFIG_DB_HOST'] = 'localhost';
# $configValues['CONFIG_DB_USER'] = 'radius';
# $configValues['CONFIG_DB_PASS'] = 'radius@123';
# $configValues['CONFIG_DB_NAME'] = 'radius';
Edit

Config apache

nano /etc/httpd/conf/httpd.conf
Edit the /etc/httpd/conf/httpd.conf file and append this to the end of the file (customize to your likings):
Alias /myradius "/var/www/daloradius/"
<Directory /var/www/daloradius/>
Options None
order deny,allow
deny from all
allow from 127.0.0.1
allow from <my management system's ip which has a web-browser>
</Directory>

Monday, 8 June 2015

How To : tar untar files/folders

You can tar or untar folders using below commands, and additional you can zipped them too :
To Compress a folder:
tar –czvf foldername.tar.gz foldername
To Uncompress a tar file:
tar –xzvf foldername.tar.gz
To View files within tar.gz:
tar –tzvf foldername.tar.gz
To Create tar only:
tar -cvf foldername.tar foldername
To Extract tar only:
tar -xvf foldername.tar
To View tar only:
tar -tvf foldername.tar

Tuesday, 12 May 2015

Debian 7 - install Sentry log system

1.Install soft

#You should be able to use any of the listed mirrors by adding a line to your /etc/apt/sources.list like this:

add-apt-repository "deb http://ftp.de.debian.org/debian sid main" 

apt-get -f install
apt-get autoremove

#insall nginx-full

apt-get install nginx-full
iptables -I INPUT 1 -p tcp --dport 80 -j ACCEPT
iptables-save

update-rc.d nginx defaults

#Instructions - [[http://sentry.readthedocs.org/en/latest/quickstart/index.html#dependencies]]

#install Python

apt-get install python2.7 -y

#install dependencies

apt-get install -y python-setuptools  python-pip  python-dev libxslt1-dev libxml2-dev libz-dev libffi-dev libssl-dev

#install postgresql

#add to /etc/apt/sources.list
add-apt-repository "deb http://apt.postgresql.org/pub/repos/apt/ wheezy-pgdg main" 

apt-get install wget ca-certificates -y
wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add -
apt-get update -y
apt-get upgrade -y
apt-get install postgresql-9.4 pgadmin3 postgresql-server-dev-9.4 -y

#Install Redis
apt-get install build-essential
apt-get autoremove

apt-get install tcl8.5
cd /tmp
wget http://download.redis.io/releases/redis-2.8.9.tar.gz

tar xzf redis-2.8.9.tar.gz
cd redis-2.8.9

make

make test

make install

mkdir /etc/redis
mkdir /var/redis
cd /tmp/redis-2.8.9
cp utils/redis_init_script /etc/init.d/redis_6379
#change REDIS_PORT if need
cp redis.conf /etc/redis/6379.conf
mkdir /var/redis/6379

#nano /etc/redis/6379.conf
#Set daemonize to yes (by default it is set to no).
#Set the pidfile to /var/run/redis_6379.pid (modify the port if needed).
#Change the port accordingly. In our example it is not needed as the default port is already 6379.
#Set your preferred loglevel.
#Set the logfile to /var/log/redis_6379.log
#Set the dir to /var/redis/6379 (very important step!)

sed -i 's/daemonize no/ daemonize yes/g' /etc/redis/6379.conf
sed -i 's/pidfile \/var\/run\/redis.pid/ pidfile \/var\/run\/redis_6379.pid/g' /etc/redis/6379.conf
sed -i 's/logfile ""/ logfile "\/var\/log\/redis_6379.log"/g' /etc/redis/6379.conf
sed -i 's/dir .\// dir \/var\/redis\/6379/g' /etc/redis/6379.conf

update-rc.d redis_6379 defaults
/etc/init.d/redis_6379 start

# Install Sentry
pip install -U virtualenv
virtualenv /www/sentry/
source /www/sentry/bin/activate

pip install -U sentry
pip install -U sentry[postgres]
Edit

1. Config Sentry

sentry init /etc/sentry.conf.py
nano /etc/sentry.conf.py
# setttings
# ~/.sentry/sentry.conf.py

# for more information on DATABASES, see the Django configuration at:
# https://docs.djangoproject.com/en/1.6/ref/databases/
DATABASES = {
    'default': {
        # We suggest PostgreSQL for optimal performance
        'ENGINE': 'django.db.backends.postgresql_psycopg2',

        # Alternatively you can use MySQL
        #'ENGINE': 'django.db.backends.mysql',

        'NAME': 'sentry',
        'USER': 'sentry',
        'PASSWORD': 'PASS_TO_DB',
        'HOST': '127.0.0.1',
        'PORT': '',
    }
}

# No trailing slash!
SENTRY_URL_PREFIX = 'http://sentry.example.com'

SENTRY_WEB_HOST = '0.0.0.0'
SENTRY_WEB_PORT = 9000
SENTRY_WEB_OPTIONS = {
    'workers': 3,  # the number of gunicorn workers
    #'secure_scheme_headers': {'X-FORWARDED-PROTO': 'https'},  # detect HTTPS mode from X-Forwarded-Proto header
}

#Redis
SENTRY_REDIS_OPTIONS = {
    'hosts': {
        0: {
            'host': '127.0.0.1',
            'port': 6379,
            'timeout': 3,
            #'password': 'redis auth password'
        }
    }
}

#Configure Outbound Mail
EMAIL_HOST = 'localhost'
EMAIL_HOST_PASSWORD = ''
EMAIL_HOST_USER = ''
EMAIL_PORT = 25
EMAIL_USE_TLS = False
#Install DB
su - postgres
createdb -E utf-8 sentry
createuser --superuser sentry
psql
\password sentry
#set PASS_TO_DB
\q 
source /www/sentry/bin/activate
sentry --config=/etc/sentry.conf.py upgrade
# create a new user
sentry --config=/etc/sentry.conf.py createuser
mkdir /root/.sentry/
cp -v /etc/sentry.conf.py /root/.sentry/
#CONFIGURE Nginx
    location / {
      proxy_pass         http://localhost:9000;
      proxy_redirect     off;

      proxy_set_header   Host              $host;
      proxy_set_header   X-Real-IP         $remote_addr;
      proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
      proxy_set_header   X-Forwarded-Proto $scheme;
    }

#Start test and go http://IP/
sentry --config=/etc/sentry.conf.py start
#Install Supervisor launcher
pip install supervisor --pre
echo_supervisord_conf > /etc/supervisord.conf
mkdir  /var/log/supervisord
nano /etc/supervisord.conf

#Add
[program:sentry-web]
directory=/www/sentry/
command=/www/sentry/bin/sentry --config=/etc/sentry.conf.py start
autostart=true
autorestart=true
redirect_stderr=true
stdout_logfile=/var/log/supervisord/sentry-web.log
stderr_logfile=/var/log/supervisord/sentry-web-err.log

[program:sentry-worker]
directory=/www/sentry/
command=/www/sentry/bin/sentry --config=/etc/sentry.conf.py celery worker -B
autostart=true
autorestart=true
redirect_stderr=true
stdout_logfile=/var/log/supervisord/sentry-worker.log
stderr_logfile=/var/log/supervisord/sentry-worker-err.log
#init supervisord
supervisord
#start / stop
#/www/sentry/bin/supervisorctl stop all
#/www/sentry/bin/supervisorctl start all

#add auto clear for 30 days
crontab -e
#add this line: 0 3 * * * sentry cleanup --days=30

Sunday, 3 May 2015

Disable some built-in functionality in Sails.js

Original post,  thanks for sgress454!

You'll need to disable several hooks, and also some middleware. First, in your .sailsrcfile, set:
"hooks": {
  "session": false,
  "sockets": false,
  "pubsub": false,
  "views": false,
  "csrf": false,
  "i18n": false,
  "blueprints": false
}
Then in your config/https.js:
middleware: {
  order: [
    'startRequestTimer',
    // 'cookieParser',
    // 'session',
    'bodyParser',
    'handleBodyParserError',
    'compress',
    'methodOverride',
    'poweredBy',
    '$custom',
    'router',
    // 'www',
    // 'favicon',
    '404',
    '500'      
  ]
}

Saturday, 2 May 2015

Friday, 17 April 2015

Keepass ssh client integration


1. Install XShell 
2 Keepass : in tools > Options > Integrations> Url Ovverides
add schema override
ssh
cmd://"C:\Program Files (x86)\NetSarang\Xshell 5\Xshell.exe" -url {URL:SCM}://{USERNAME}:{PASSWORD}@{URL:HOST}:{URL:PORT}

In Url field of KeePass entry write address in format

ssh://ip_address:port

Can by ope by Ctrl-U

Thursday, 16 April 2015

Debian 7 installation

cd /
apt-get install -y wget mc sshpass unzip nano git
apt-get update -y


#change ssh port

cp -p /etc/ssh/sshd_config /etc/ssh/sshd_config.orig.$(date +%F)

sed -i 's/Port 22/Port 27628/g' /etc/ssh/sshd_config
/etc/init.d/ssh restart
iptables -I INPUT 1 -p tcp --dport 27628 -j ACCEPT
iptables-save
iptables -A INPUT -p tcp --destination-port 22 -j DROP

#Optional

#install nginx

addgroup --system  --group nginx
adduser --system --no-create-home --ingroup nginx --disabled-login --disabled-password nginx

apt-get install nginx -y
iptables -I INPUT 1 -p tcp --dport 80 -j ACCEPT
iptables-save

update-rc.d nginx defaults


mv -v /usr/share/nginx/www /var

chown -R nginx:nginx /var/www
chmod -R 0755 /var/www

#move directory to www and
#service nginx start

# Restrict access to site


 cd /etc/nginx/

printf "USER:$(openssl passwd -crypt PASSWORD)\n" >> .htpasswd
Replace USER and PASSWORD for your user and password 

#Add  to site config:

# auth_basic "Restricted";

# auth_basic_user_file /etc/nginx/.htpasswd;

#install mySQL



apt-get -y install mariadb-server mariadb


service start mariadb start


mysql_secure_installation


update-rc.d mariadb defaults

#install  yii

apt-get install -y php5-fpm php5-mysql

update-rc.d php5-fpm defaults

sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php5/fpm/php.ini


sed -i 's/;date.timezone =/date.timezone = America\/New_York/g' /etc/php5/fpm/php.ini


sed -i 's/group = www-data/group = nginx/g' /etc/php5/fpm/pool.d/www.conf
sed -i 's/user = www-data/user = nginx/g' /etc/php5/fpm/pool.d/www.conf

service php5-fpm restart


#copy your app to www, and

cd /tmp
git config --global http.sslVerify false
git clone REPOSITORY

chown -R nginx:nginx /var/www/YOUR_APP

chmod -R 755 /var/www/YOUR_APP

chown nginx -R /var/www/YOUR_APP/web/runtime

chown nginx -R /var/www/YOUR_APP/www/assets 

#install mySQL


apt-get -y install mariadb-server mariadb

service start mariadb start


mysql_secure_installation


update-rc.d mariadb defaults


#Configure folders:

mkdir /etc/nginx/sites-available
mkdir /etc/nginx/sites-enabled
cd /etc/nginx/sites-available
touch YOUR_APP.conf
ln -s /etc/nginx/sites-available/YOUR_APP.conf  /etc/nginx/sites-enabled/YOUR_APP.conf

# insert from here: http://blog.saitov.me/2014/11/nginx-configuration-for-yii.html


rm /etc/nginx/nginx.conf -f
nano /etc/nginx/nginx.conf


nano /etc/nginx/sites-available/YOUR_APP.conf


#xcache
yum -y install php-xcache
yum -y install xcache-admin

#Pass gen: http://xcache.lighttpd.net/demo/cacher/mkpassword.php

#xcache.cacher =               On
#xcache.stat   =               On
#xcache.optimizer =            On
#copy /etc/php.d/xcache.ini

cp -avr /usr/share/xcache /var/www

chown -R nginx:nginx /var/www/xcache
chmod -R 755 /var/www/xcache
touch /etc/nginx/sites-available/xcache.conf
ln -s /etc/nginx/sites-available/xcache.conf  /etc/nginx/sites-enabled/xcache.conf 

#copy xcache.conf config


firewall-cmd --permanent --zone=public --add-port=8091/tcp
firewall-cmd --reload

service nginx restart



#install  Zabbix client



rpm -Uvh http://repo.zabbix.com/zabbix/2.2/rhel/7/x86_64/zabbix-release-2.2-1.el7.noarch.rpm


yum install –y zabbix zabbix-agent nano 


sed -i 's/Server=127.0.0.1/ Server=SERVER_IP/g' /etc/zabbix/zabbix_agentd.conf



service zabbix-agent stop

service zabbix-agent start


chkconfig zabbix-agent on



firewall-cmd --permanent --zone=public --add-port=10050/tcp

firewall-cmd --permanent --zone=public --add-port=10050/udp

firewall-cmd --reload