vim /etc/init.d/elasticsearch
ES_HEAP_SIZE=512m
vim /etc/elasticsearch/elasticsearch.yml
bootstrap.memory_lock: true
vim /etc/init.d/elasticsearch
ES_HEAP_SIZE=512m
vim /etc/elasticsearch/elasticsearch.yml
bootstrap.memory_lock: true
PURGE BINARY LOGS BEFORE '2021-04-11 00:00:00';
webroot-path should not include full path, so skip .well-known/acme-challenge
LogLevel alert rewrite:trace6
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
curl http://localhost:9200/_cluster/settings?pretty=true
{
"persistent" : {
"cluster" : {
"max_shards_per_node" : "xxxx"
}
},
"transient" : { }
}
curl -XPUT http://localhost:9200/_cluster/settings -H "Content-Type: application/json" -d '{ "persistent": { "cluster.max_shards_per_node": "xxxx" } }'
mysqldump migrate users to new server
MySQL 5.6 and older
while read line; do mysql -B -N -e "SHOW GRANTS FOR $line"; done < <(mysql -B -N -e "SELECT CONCAT('\'', user,'\'@\'', host, '\'') FROM user WHERE user != 'debian-sys-maint' AND user != 'root' AND user != ''" mysql) | sed 's/$/;/' > mysql_all_users_grants.sql
if MySQL 5.7 and above
while read line; do mysql -B -N -e "SHOW CREATE USER $line"; done < <(mysql -B -N -e "SELECT CONCAT('\'', user,'\'@\'', host, '\'') FROM user WHERE user != 'mysql' AND user != 'root' AND user != ''" mysql) | sed 's/$/;/' > mysql_create_users.sql
while read line; do mysql -B -N -e "SHOW GRANTS FOR $line"; done < <(mysql -B -N -e "SELECT CONCAT('\'', user,'\'@\'', host, '\'') FROM user WHERE user != 'mysql' AND user != 'root' AND user != ''" mysql) | sed 's/$/;/' > mysql_all_users_grants.sql
Excludes some users like root
while read line; do mysql -B -N -e "drop user $line"; done < <(mysql -B -N -e "SELECT CONCAT('\'', user,'\'@\'', host, '\'') FROM user WHERE user != 'debian-sys-maint' AND user != 'root' AND user != ''" mysql)
apt-key adv --fetch-keys 'https://mariadb.org/mariadb_release_signing_key.asc'
add-apt-repository 'deb [arch=amd64,arm64,ppc64el] http://nyc2.mirrors.digitalocean.com/mariadb/repo/10.4/ubuntu focal main'
apt update
apt install mariadb-server
echo 'deb http://apt.newrelic.com/debian/ newrelic non-free' | tee /etc/apt/sources.list.d/newrelic.list
wget -O- https://download.newrelic.com/548C16BF.gpg | apt-key add -
apt install newrelic-php5
newrelic-install install
wget https://github.com/php/pecl-text-wddx/archive/master.zip -O wddx.zip
unzip wddx.zip
cd pecl-text-wddx-master
phpize
./configure
make
make install
apt -s install libssl-dev
The following packages have unmet dependencies:
libssl-dev : Depends: libssl1.1 (= 1.1.1-1ubuntu2.1~18.04.9) but 1.1.1d-1+ubuntu18.04.1+deb.sury.org+2 is to be installed
E: Unable to correct problems, you have held broken packages.
apt-cache policy apt-cache libssl1.1
apt install libssl1.1=1.1.1-1ubuntu2.1~18.04.9
Cannot initiate the connection to archive.ubuntu.com:80 (2001:67c:1360:8001::23). – connect (101: Network is unreachable) Cannot initiate the connection to archive.ubuntu.com:80 (2001:67c:1360:8001::24). – connect (101: Network is unreachable) Could not connect to archive.ubuntu.com:80 (91.189.88.152), connection timed out Could not connect to archive.ubuntu.com:80 (91.189.88.142), connection timed out
Err:7 http://archive.ubuntu.com/ubuntu bionic-updates InRelease
echo "Acquire::ForceIPv4 "true";" > /etc/apt/apt.conf.d/99force-ipv4
filebeat.inputs:
- ...
fields:
type: "logs1"
- ...
fields:
type: "logs2"
setup.template.name: "myindex-%{[agent.version]}"
setup.template.pattern: "myindex-%{[agent.version]}-*"
output.elasticsearch:
...
index: "myindex-%{[agent.version]}-%{[fields.type]:other}-%{+yyyy.MM.dd}"
vim /etc/wireguard/wg0.conf
[Interface]
Address = 10.0.0.1/24
ListenPort = 51820
PrivateKey = WG0_SERVER_PRIVATE_KEY
SaveConfig = false
[Peer]
# client1
PublicKey = PUBKEY_FROM_CLIENT_ONE
AllowedIPs = 10.0.0.2/32
vim /etc/wireguard/wg1.conf
[Interface]
Address = 10.0.1.1/24
ListenPort = 51821
PrivateKey = WG1_SERVER_PRIVATE_KEY
SaveConfig = false
[Peer]
# client2
PublicKey = PUBKEY_FROM_CLIENT_TWO
AllowedIPs = 10.0.1.2/32
systemctl start [email protected]
systemctl start [email protected]