Monday, 9 November 2015

Gitlab git push DO NOT work because Gitlab Server Send Error 503 for remote origins ending with a "/"

Got a problem and resolved,
git push DO NOT work because Gitlab Server Send Error 503 for remote origins ending with a "/"

Have  issue with Nginx and Omnipackage, but received not 503 but 521 error. 
I resoled issue with steps: 
1. in /etc/gitlab/gitlab.rb
 gitlab_git_http_server['listen_network'] = "tcp"
 gitlab_git_http_server['listen_addr'] = "localhost:8181"
but leave nginx[‘enable’] = true
and run gitlab-ctl reconfigure
2, Change generated gitlab-http.conf
in first part change
upstream gitlab-git-http-server {
  server unix:localhost:8181;
upstream gitlab-git-http-server {
  server localhost:8181;
and after location @gitlab { …} add new section
  location ~ [-\/\w\.]+\.git\/ {
    ## If you use HTTPS make sure you disable gzip compression
    ## to be safe against BREACH attack.
    # gzip off;

    ## Some requests take more than 30 seconds.
    proxy_read_timeout      300;
    proxy_connect_timeout   300;
    proxy_redirect          off;

    # Do not buffer Git HTTP responses
    proxy_buffering off;

    # The following settings only work with NGINX 1.7.11 or newer
    # # Pass chunked request bodies to gitlab-git-http-server as-is
    # proxy_request_buffering off;
    # proxy_http_version 1.1;

    proxy_set_header    Host                $http_host;
    proxy_set_header    X-Real-IP           $remote_addr;
    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-Proto   $scheme;

    proxy_pass http://gitlab-git-http-server;
Now gitlab-ctl restart and all return to work

Sunday, 25 October 2015

mongodb service is not starting up

Answer helped me:
if you don't find any traces in the logs:
tail -f -n50 /var/log/mongodb/mongodb.log
you should try to start the server in foreground:
sudo -u mongodb mongod --dbpath /var/lib/mongodb/
and see what's happening. For instance, I had a locale problem:

root@server :~# sudo -u mongodb mongod --dbpath /var/lib/mongodb/
2015-10-25T09:45:23.613+0000 E NETWORK  [initandlisten] listen(): bind() failed errno:98 Address already in use for socket:
2015-10-25T09:45:23.613+0000 E NETWORK  [initandlisten]   addr already in use
2015-10-25T09:45:23.613+0000 W -        [initandlisten] Detected unclean shutdown - /var/lib/mongodb/mongod.lock is not empty.
2015-10-25T09:45:23.614+0000 I STORAGE  [initandlisten] exception in initAndListen: 98 Unable to lock file: /var/lib/mongodb/mongod.lock errno:11 Resource temporarily unavailable. Is a mongod instance already running?, terminating
2015-10-25T09:45:23.614+0000 I CONTROL  [initandlisten] dbexit:  rc: 100
To see config problem:

root@server :~# sudo -u mongodb mongod --dbpath /var/lib/mongodb/ -f /etc/mongod.conf
Unrecognized option: net.authorization
try 'mongod --help' for more information

Tuesday, 25 August 2015

cURL support for CloudFlare-enabled websites (zabbix with ssl sites, enebled in CloudFlare )

Ordinal post:

For debian 7 works like in post, not only on Fedora!

For Centos - curl -v --ciphers ecdhe_ecdsa_aes_128_sha URL works, use .curlrc.

cURL support for CloudFlare-enabled websites

CloudFlare provides a nice protection from DDoS and other hacking activities, last year they even added a free UniverSSL package to all users. The problem began with the cURL ciphers on cloudflare-enabled websites. cURL does not successfully handshake with cloudflare servers with its default encryption algorithms.
I test my website out using openssl s_client.
openssl s_client -connect
We could see the following output:

New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
OK so it is using ECDHE-RSA-AES128-GCM-SHA256 cipher to connect to my website.
Well, let’s try this:
curl --cipher ecdhe_rsa_aes_128_gcm_sha_256
curl: (35) Cannot communicate securely with peer: no common encryption algorithm(s).
Huh. Strange isn’t it? With a LOT of searching, finally I got an answer from here, I added the suggested line to .curlrc in my home directory:
Then try:
curl -v
Yes, now my curl is working. Let’s see the output:

* SSL connection using TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
OK. It is actually using the TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 algorithm, so forcing the cipher to use ecdhe_ecdsa_aes_128_gcm_sha_256 works.
My curl is:

curl -V
curl 7.37.0 (x86_64-redhat-linux-gnu) libcurl/7.37.0 NSS/3.17.4 Basic ECC zlib/1.2.8 libidn/1.28 libssh2/1.4.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp
Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz Metalink

And I am on Fedora 20+.
1. Debian/RHEL/CentOS series does not support this algorithm. You’ll have to create a ticket to CloudFlare support to discuss it with them.
2. According to this, git uses cURL to access https repositories but this workaround won’t help. Too bad.

Install Java 8 (both JDK8 and JRE8) in Debian

Original post :

echo "deb trusty main" | tee /etc/apt/sources.list.d/webupd8team-java.list
echo "deb-src trusty main" | tee -a /etc/apt/sources.list.d/webupd8team-java.list
apt-key adv --keyserver hkp:// --recv-keys EEA14886
apt-get update
apt-get install oracle-java8-installer

#There is a package in our repository that automatically sets the Java 8 environment variab#les and sets JDK8 as the default JDK

sudo apt-get install oracle-java8-set-default

#to check
java -version

#java version "1.8.0_60"
#Java(TM) SE Runtime Environment (build 1.8.0_60-b27)
#Java HotSpot(TM) 64-Bit Server VM (build 25.60-b23, mixed mode)

javac -version
#javac 1.8.0_60

How to accept the Oracle JDK8 license automatically

you can use the following command:
echo oracle-java8-installer shared/accepted-oracle-license-v1-1 select true | sudo /usr/bin/debconf-set-selections

Saturday, 15 August 2015

Upload SSH key from Windows to Linux

mkdir -p ~/.ssh && chmod 700 ~/.ssh && touch ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys && cat >> ~/.ssh/authorized_keys

cntrl-C public key text and Ctrl - V to ssh command propt, Enter
Cntrl-D to finish 

Install FreeRADIUS v3 on Centos 7

Install FreeRADIUS v3 on Centos 7


Install packages

yum install mariadb-server mariadb freeradius freeradius-mysql freeradius-utils -y
sudo chkconfig --levels 235 radiusd  on
sudo chkconfig --levels 235 mariadb on

Populate MySql db

mysql -uroot -p



SOURCE /etc/raddb/mods-config/sql/main/mysql/schema.sql

Configure RADIUS

ln -s /etc/raddb/mods-available/sql /etc/raddb/mods-enabled


Edit radiusd.conf

modules {
$INCLUDE mods-enabled/
policy {
$INCLUDE sites-enabled/

Enable SQL configuration in the default enabled site /etc/freeradius/sites-available/default:
authorize {


accounting {


session {


post-auth {


Post-Auth-Type REJECT {


Configure SQL module /raddb/mods-available/sql and change the database connection parameters to suite your environment:

sql {
driver = “rlm_sql_mysql”
server = “”
port = 3306
login = “radius”
password = “radiuspwd”
  1. Database table configuration for everything except Oracle
    radius_db = “radius”
  1. Set to ‘yes’ to read radius clients from the database (‘nas’ table)
  2. Clients will ONLY be read on server startup.
    read_clients = yes
  1. Table to keep radius client info
    client_table = “nas”

Test to see if Free Radius works by issuing the following command:

This will start FreeRadius in debug mode ( To stop it -> Ctrl+c).
radiusd -X

Install daloradius


Download daloradius and updated sql

yum install php-mysql php php-pear php-gd php-pear-DB -y
cd /tmp
tar zxvf download?source=files
mysql -uradius -p radius < daloradius-0.9-9/contrib/db/fr2-mysql-daloradius-and-freeradius.sql

Config daloradius sql connection

nano daloradius-0.9-9/library/daloradius.conf.php

# $configValues['DALORADIUS_VERSION'] = '0.9-9';
# $configValues['FREERADIUS_VERSION'] = '3';
# $configValues['CONFIG_DB_ENGINE'] = 'mysql';
# $configValues['CONFIG_DB_HOST'] = 'localhost';
# $configValues['CONFIG_DB_USER'] = 'radius';
# $configValues['CONFIG_DB_PASS'] = 'radius@123';
# $configValues['CONFIG_DB_NAME'] = 'radius';

Config apache

nano /etc/httpd/conf/httpd.conf
Edit the /etc/httpd/conf/httpd.conf file and append this to the end of the file (customize to your likings):
Alias /myradius "/var/www/daloradius/"
<Directory /var/www/daloradius/>
Options None
order deny,allow
deny from all
allow from
allow from <my management system's ip which has a web-browser>

Monday, 8 June 2015

How To : tar untar files/folders

You can tar or untar folders using below commands, and additional you can zipped them too :
To Compress a folder:
tar –czvf foldername.tar.gz foldername
To Uncompress a tar file:
tar –xzvf foldername.tar.gz
To View files within tar.gz:
tar –tzvf foldername.tar.gz
To Create tar only:
tar -cvf foldername.tar foldername
To Extract tar only:
tar -xvf foldername.tar
To View tar only:
tar -tvf foldername.tar

Tuesday, 12 May 2015

Debian 7 - install Sentry log system

1.Install soft

#You should be able to use any of the listed mirrors by adding a line to your /etc/apt/sources.list like this:

add-apt-repository "deb sid main" 

apt-get -f install
apt-get autoremove

#insall nginx-full

apt-get install nginx-full
iptables -I INPUT 1 -p tcp --dport 80 -j ACCEPT

update-rc.d nginx defaults

#Instructions - [[]]

#install Python

apt-get install python2.7 -y

#install dependencies

apt-get install -y python-setuptools  python-pip  python-dev libxslt1-dev libxml2-dev libz-dev libffi-dev libssl-dev

#install postgresql

#add to /etc/apt/sources.list
add-apt-repository "deb wheezy-pgdg main" 

apt-get install wget ca-certificates -y
wget --quiet -O - | apt-key add -
apt-get update -y
apt-get upgrade -y
apt-get install postgresql-9.4 pgadmin3 postgresql-server-dev-9.4 -y

#Install Redis
apt-get install build-essential
apt-get autoremove

apt-get install tcl8.5
cd /tmp

tar xzf redis-2.8.9.tar.gz
cd redis-2.8.9


make test

make install

mkdir /etc/redis
mkdir /var/redis
cd /tmp/redis-2.8.9
cp utils/redis_init_script /etc/init.d/redis_6379
#change REDIS_PORT if need
cp redis.conf /etc/redis/6379.conf
mkdir /var/redis/6379

#nano /etc/redis/6379.conf
#Set daemonize to yes (by default it is set to no).
#Set the pidfile to /var/run/ (modify the port if needed).
#Change the port accordingly. In our example it is not needed as the default port is already 6379.
#Set your preferred loglevel.
#Set the logfile to /var/log/redis_6379.log
#Set the dir to /var/redis/6379 (very important step!)

sed -i 's/daemonize no/ daemonize yes/g' /etc/redis/6379.conf
sed -i 's/pidfile \/var\/run\/ pidfile \/var\/run\/' /etc/redis/6379.conf
sed -i 's/logfile ""/ logfile "\/var\/log\/redis_6379.log"/g' /etc/redis/6379.conf
sed -i 's/dir .\// dir \/var\/redis\/6379/g' /etc/redis/6379.conf

update-rc.d redis_6379 defaults
/etc/init.d/redis_6379 start

# Install Sentry
pip install -U virtualenv
virtualenv /www/sentry/
source /www/sentry/bin/activate

pip install -U sentry
pip install -U sentry[postgres]

1. Config Sentry

sentry init /etc/
nano /etc/
# setttings
# ~/.sentry/

# for more information on DATABASES, see the Django configuration at:
    'default': {
        # We suggest PostgreSQL for optimal performance
        'ENGINE': 'django.db.backends.postgresql_psycopg2',

        # Alternatively you can use MySQL
        #'ENGINE': 'django.db.backends.mysql',

        'NAME': 'sentry',
        'USER': 'sentry',
        'PASSWORD': 'PASS_TO_DB',
        'HOST': '',
        'PORT': '',

# No trailing slash!

    'workers': 3,  # the number of gunicorn workers
    #'secure_scheme_headers': {'X-FORWARDED-PROTO': 'https'},  # detect HTTPS mode from X-Forwarded-Proto header

    'hosts': {
        0: {
            'host': '',
            'port': 6379,
            'timeout': 3,
            #'password': 'redis auth password'

#Configure Outbound Mail
EMAIL_HOST = 'localhost'
#Install DB
su - postgres
createdb -E utf-8 sentry
createuser --superuser sentry
\password sentry
source /www/sentry/bin/activate
sentry --config=/etc/ upgrade
# create a new user
sentry --config=/etc/ createuser
mkdir /root/.sentry/
cp -v /etc/ /root/.sentry/
    location / {
      proxy_pass         http://localhost:9000;
      proxy_redirect     off;

      proxy_set_header   Host              $host;
      proxy_set_header   X-Real-IP         $remote_addr;
      proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
      proxy_set_header   X-Forwarded-Proto $scheme;

#Start test and go http://IP/
sentry --config=/etc/ start
#Install Supervisor launcher
pip install supervisor --pre
echo_supervisord_conf > /etc/supervisord.conf
mkdir  /var/log/supervisord
nano /etc/supervisord.conf

command=/www/sentry/bin/sentry --config=/etc/ start

command=/www/sentry/bin/sentry --config=/etc/ celery worker -B
#init supervisord
#start / stop
#/www/sentry/bin/supervisorctl stop all
#/www/sentry/bin/supervisorctl start all

#add auto clear for 30 days
crontab -e
#add this line: 0 3 * * * sentry cleanup --days=30

Sunday, 3 May 2015

Disable some built-in functionality in Sails.js

Original post,  thanks for sgress454!

You'll need to disable several hooks, and also some middleware. First, in your .sailsrcfile, set:
"hooks": {
  "session": false,
  "sockets": false,
  "pubsub": false,
  "views": false,
  "csrf": false,
  "i18n": false,
  "blueprints": false
Then in your config/https.js:
middleware: {
  order: [
    // 'cookieParser',
    // 'session',
    // 'www',
    // 'favicon',

Saturday, 2 May 2015

Friday, 17 April 2015

Keepass ssh client integration

1. Install XShell 
2 Keepass : in tools > Options > Integrations> Url Ovverides
add schema override
cmd://"C:\Program Files (x86)\NetSarang\Xshell 5\Xshell.exe" -url {URL:SCM}://{USERNAME}:{PASSWORD}@{URL:HOST}:{URL:PORT}

In Url field of KeePass entry write address in format


Can by ope by Ctrl-U

Thursday, 16 April 2015

Debian 7 installation

cd /
apt-get install -y wget mc sshpass unzip nano git
apt-get update -y

#change ssh port

cp -p /etc/ssh/sshd_config /etc/ssh/sshd_config.orig.$(date +%F)

sed -i 's/Port 22/Port 27628/g' /etc/ssh/sshd_config
/etc/init.d/ssh restart
iptables -I INPUT 1 -p tcp --dport 27628 -j ACCEPT
iptables -A INPUT -p tcp --destination-port 22 -j DROP


#install nginx

addgroup --system  --group nginx
adduser --system --no-create-home --ingroup nginx --disabled-login --disabled-password nginx

apt-get install nginx -y
iptables -I INPUT 1 -p tcp --dport 80 -j ACCEPT

update-rc.d nginx defaults

mv -v /usr/share/nginx/www /var

chown -R nginx:nginx /var/www
chmod -R 0755 /var/www

#move directory to www and
#service nginx start

# Restrict access to site

 cd /etc/nginx/

printf "USER:$(openssl passwd -crypt PASSWORD)\n" >> .htpasswd
Replace USER and PASSWORD for your user and password 

#Add  to site config:

# auth_basic "Restricted";

# auth_basic_user_file /etc/nginx/.htpasswd;

#install mySQL

apt-get -y install mariadb-server mariadb

service start mariadb start


update-rc.d mariadb defaults

#install  yii

apt-get install -y php5-fpm php5-mysql

update-rc.d php5-fpm defaults

sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php5/fpm/php.ini

sed -i 's/;date.timezone =/date.timezone = America\/New_York/g' /etc/php5/fpm/php.ini

sed -i 's/group = www-data/group = nginx/g' /etc/php5/fpm/pool.d/www.conf
sed -i 's/user = www-data/user = nginx/g' /etc/php5/fpm/pool.d/www.conf

service php5-fpm restart

#copy your app to www, and

cd /tmp
git config --global http.sslVerify false
git clone REPOSITORY

chown -R nginx:nginx /var/www/YOUR_APP

chmod -R 755 /var/www/YOUR_APP

chown nginx -R /var/www/YOUR_APP/web/runtime

chown nginx -R /var/www/YOUR_APP/www/assets 

#install mySQL

apt-get -y install mariadb-server mariadb

service start mariadb start


update-rc.d mariadb defaults

#Configure folders:

mkdir /etc/nginx/sites-available
mkdir /etc/nginx/sites-enabled
cd /etc/nginx/sites-available
touch YOUR_APP.conf
ln -s /etc/nginx/sites-available/YOUR_APP.conf  /etc/nginx/sites-enabled/YOUR_APP.conf

# insert from here:

rm /etc/nginx/nginx.conf -f
nano /etc/nginx/nginx.conf

nano /etc/nginx/sites-available/YOUR_APP.conf

yum -y install php-xcache
yum -y install xcache-admin

#Pass gen:

#xcache.cacher =               On
#xcache.stat   =               On
#xcache.optimizer =            On
#copy /etc/php.d/xcache.ini

cp -avr /usr/share/xcache /var/www

chown -R nginx:nginx /var/www/xcache
chmod -R 755 /var/www/xcache
touch /etc/nginx/sites-available/xcache.conf
ln -s /etc/nginx/sites-available/xcache.conf  /etc/nginx/sites-enabled/xcache.conf 

#copy xcache.conf config

firewall-cmd --permanent --zone=public --add-port=8091/tcp
firewall-cmd --reload

service nginx restart

#install  Zabbix client

rpm -Uvh

yum install –y zabbix zabbix-agent nano 

sed -i 's/Server= Server=SERVER_IP/g' /etc/zabbix/zabbix_agentd.conf

service zabbix-agent stop

service zabbix-agent start

chkconfig zabbix-agent on

firewall-cmd --permanent --zone=public --add-port=10050/tcp

firewall-cmd --permanent --zone=public --add-port=10050/udp

firewall-cmd --reload