Author Archives: Vitalijus Ryzakovas

varnish 6.4 ubuntu

vim /etc/apache2/ports.conf
Listen 127.0.0.1:8080
vim /etc/apache2/sites-available/000-default.conf

systemctl restart apache2.service

apt-get install make automake autotools-dev libedit-dev libjemalloc-dev libncurses-dev libpcre3-dev libtool pkg-config python-docutils python-sphinx graphviz autoconf-archive curl git
git clone https://github.com/varnishcache/varnish-cache
sh autogen.sh && sh configure && make
ldconfig

varnishd -a :80 -T localhost:6082 -b localhost:8080

curl -I http://127.0.0.1
HTTP/1.1 200 OK
Date: Tue, 28 Jul 2020 16:52:48 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Sun, 27 Nov 2016 03:03:10 GMT
Vary: Accept-Encoding
Content-Type: text/html
X-Varnish: 32801
Age: 0
Via: 1.1 varnish (Varnish/6.4)
ETag: W/"2c39-5423f985a9780-gzip"
Accept-Ranges: bytes
Connection: keep-alive

veth with kernel namespaces


ip netns add netns0
ip netns list
netns0

ip netns exec netns0 ip link set lo up
ip link add veth-default type veth peer name veth-netns0
ip link set veth-netns0 netns netns0

ip a | grep veth
6: veth-default@if5: mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 56:78:d4:a5:8f:55 brd ff:ff:ff:ff:ff:ff link-netns netns0

ip addr add 10.0.3.1/24 dev veth-default
ip link set veth-default up

ip a | grep veth
6: veth-default@if5: mtu 1500 qdisc noqueue state LOWERLAYERDOWN group default qlen 1000
link/ether 56:78:d4:a5:8f:55 brd ff:ff:ff:ff:ff:ff link-netns netns0
inet 10.0.3.1/24 scope global veth-default
valid_lft forever preferred_lft forever

ip netns exec netns0 ip link set veth-netns0 up
ip netns exec netns0 ip addr add 10.0.3.2/24 dev veth-netns0

ping 10.0.3.2
PING 10.0.3.2 (10.0.3.2) 56(84) bytes of data.
64 bytes from 10.0.3.2: icmp_seq=1 ttl=64 time=0.102 ms
64 bytes from 10.0.3.2: icmp_seq=2 ttl=64 time=0.062 ms
64 bytes from 10.0.3.2: icmp_seq=3 ttl=64 time=0.062 ms
^C
--- 10.0.3.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2082ms

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -A FORWARD -o eno0 -i veth-default -j ACCEPT
iptables -A FORWARD -i eno0 -o veth-default -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.0.3.2/24 -o eno0 -j MASQUERADE

ip netns exec netns0 route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.3.0 0.0.0.0 255.255.255.0 U 0 0 0 veth-netns0

ip netns exec netns0 ip route add default via 10.0.3.1
ip netns exec netns0 ping srv24x7.com
PING srv24x7.com (93.115.28.151) 56(84) bytes of data.
64 bytes from pagirnis.cloudlix.com (93.115.28.151): icmp_seq=1 ttl=58 time=1.19 ms
64 bytes from pagirnis.cloudlix.com (93.115.28.151): icmp_seq=2 ttl=58 time=1.47 ms
64 bytes from pagirnis.cloudlix.com (93.115.28.151): icmp_seq=3 ttl=58 time=1.65 ms
^C
--- srv24x7.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 1.190/1.437/1.649/0.189 ms

ip netns list
netns0 (id: 0)

borg backup


borg init -e repokey /path/to/repo
borg create /path/to/repo::Day1 ~/public_html
borg create -v --stats /path/to/repo::Day2 ~/public_html

performance-critical code (chunking, compression, encryption) is implemented in C/Cython
local caching of files/chunks index data
quick detection of unmodified files

lz4 (super fast, low compression)
zstd (wide range from high speed and low compression to high compression and lower speed)
zlib (medium speed and compression)
lzma (low speed, high compression)

postfix remove received header


vi /etc/postfix/header_checks
/^Received:.*with ESMTPSA/ IGNORE
/^Received:/ IGNORE
/^X-Originating-IP:/ IGNORE
/^X-Mailer:/ IGNORE
/^Mime-Version:/ IGNORE

vi /etc/postfix/main.cf
mime_header_checks = regexp:/etc/postfix/header_checks
header_checks = regexp:/etc/postfix/header_checks

postmap /etc/postfix/header_checks
postfix reload

cloudflare style SNI proxy


git clone https://github.com/dlundquist/sniproxy.git

yum groupinstall "Development Tools"
yum install autoconf automake curl gettext-devel libev-devel pcre-devel perl pkgconfig rpm-build udns-devel
cd sniproxy
./autogen.sh && ./configure && make dist
rpmbuild --define "_sourcedir `pwd`" -ba redhat/sniproxy.spec
yum install /root/rpmbuild/RPMS/x86_64/sniproxy-0.6.0+git.10.g822bb80-1.el7.x86_64.rpm
sniproxy -c /etc/sniproxy.conf

Centos 7 x86_64:
sniproxy-0.6.0+git.10.g822bb80-1.el7.x86_64.rpm.gz

laravel hacked database

Its serious security issue this default Laravel configuration. because .env file and database credentials are not protected. So you need to create a .htaccess file in same folder to protect it:

<Files .env>
order allow,deny
Deny from all
</Files>

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^(.*)$ public/$1 [L]
</IfModule>