g3rhard

# hiera
uptream:
  'abc_core':
    'ips':
      - '1.2.3.4'
      - '1.2.3.5'
    'port': 8080
  'abc_cp_core':
    'ips':
      - '1.2.3.4'

g3rhard

Adjusting child processes for PHP-FPM (Nginx)

When setting these options consider the following:

• How long is your average request?
• What is the maximum number of simultaneous visitors the site(s) get?
• How much memory on average does each child process consume?

Determine if the max_children limit has been reached.

• sudo grep max_children /var/log/php?.?-fpm.log.1 /var/log/php?.?-fpm.log

g3rhard

Download the RKN list from https://github.com/zapret-info/z-i, massage it into
a Mikrotik script that manages a firewall address list, and put it up on a web
server.  Note well that the list is gigantic---more than 80,000 entries as of
2018-04-28---so be sure to check if your router can handle it in advance (for
example, hAP Lite, with its measly 32M of memory, can’t).

On the router side, do something like

    /tool fetch url="https://sheaf.site/rkn.rsc" dst-path=rkn.rsc
    :import rkn.src

g3rhard

#!/bin/bash

if [ ! -x /usr/bin/curl ]; then
  echo "Please install curl"
  exit 1
fi

if [ ! -x /usr/bin/jq ]; then
  echo "Please install jq"
  exit 1

g3rhard

#!/bin/bash
#
# Queries AWS Route53 for a zone name and outputs a zone file of its records
#
# Usage:
#
#     r53export example.com[ profile]
#
# By default, uses $AWS_PROFILE environment variable, if set.
#

g3rhard

#!/bin/bash

# download zone from AWS Route53

zonename=$1
hostedzoneid=$(aws route53 list-hosted-zones | jq -r ".HostedZones[] | select(.Name == \"$zonename.\") | .Id" | cut -d'/' -f3)
aws route53 list-resource-record-sets --hosted-zone-id $hostedzoneid --output json | jq -jr '.ResourceRecordSets[] | "\(.Name) \t\(.TTL) \t\(.Type) \t\(.ResourceRecords[].Value)\n"'

g3rhard

Make config file:

sudo nano /etc/nginx/sites-available/bot.conf

Then copy and paste bot.conf content and edit YOUR.DOMAIN strings. Now install Let's Encrypt on your server. For example in Debian you need to add jessie-backports and easily install it with apt-get:

sudo apt-get install -t jessie-backports letsencrypt

Then get cert for you domain:

g3rhard

#!/bin/sh
### BEGIN INIT INFO
# Source: http://www.dropboxwiki.com/tips-and-tricks/install-dropbox-in-an-entirely-text-based-linux-environment
# NOTE: Change the dropbox path in line: 32
# Provides: dropbox update daemon
# Required-Start: $local_fs $remote_fs $network $syslog $named
# Required-Stop: $local_fs $remote_fs $network $syslog $named
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# X-Interactive: false

g3rhard

###############################################################################
# The MIT License
#
# Copyright 2012-2014 Jakub Jirutka <jakub@jirutka.cz>.
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is

g3rhard

Setup fail2ban (v0.8.11) with ufw and nginx on Ubuntu 14.04

Install fail2ban & ufw

If you haven't already, install fail2ban and ufw:

sudo apt-get install fail2ban ufw

Now make a copy of the fail2ban configuration, and name it jail.local: