Skip to content

Instantly share code, notes, and snippets.

Avatar
🏠
Working from home

Julius Thyssen jult

🏠
Working from home
View GitHub Profile
@jult
jult / cors.conf
Last active Jul 11, 2016
nginx example config for Cross-origin resource sharing
View cors.conf
# fonts only:
location ~* \.(eot|ttf|woff|woff2)$ {
add_header Access-Control-Allow-Origin *;
}
# all crossed, just remove the POST Methods if you don't want writes on the resource:
location ~* {
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
@jult
jult / wp_perms.sh
Last active Jul 5, 2017
wordpress permissions hell
View wp_perms.sh
#!/bin/sh
WP_OWNER=lamedude # <-- wordpress owner (usually also ftp-username)
WP_GROUP=psaserv # <-- wordpress group
WP_ROOT=/var/www/vhosts/somesite.tld/httpdocs # <-- wordpress root directory, note it's the docroot here, not wp default
WS_GROUP=psacln # <-- webserver group
# reset to safe defaults
find ${WP_ROOT} -exec chown ${WP_OWNER}:${WP_GROUP} {} \;
find ${WP_ROOT} -type d -exec chmod 2755 {} \;
@jult
jult / dovecot.conf
Last active Mar 24, 2018
dovecot.conf for debian 9 with CLucene FTS
View dovecot.conf
protocols = imap pop3
auth_mechanisms = plain login
auth_cache_size = 24 M
auth_cache_ttl = 18 hours
disable_plaintext_auth = no
listen = *,[::]
log_timestamp = "%Y-%m-%d %H:%M:%S "
log_path = /var/log/dovecot.log
login_greeting = encrypted ready.
postmaster_address = julius@encrypted.net
@jult
jult / install_core_for_deb9.sh
Last active Mar 31, 2018
Base install over debian 9 x64 minimal server, with certbot, webmin, csf&lfd and fail2ban
View install_core_for_deb9.sh
#!/bin/bash
## Filesystem ext4
## Run as root
# Check if user has root privileges
if [[ $EUID -ne 0 ]]; then
echo "You must run the script as root or using sudo"
exit 1
fi
@jult
jult / rc.local
Last active Apr 13, 2018
tweaks for a KVM guest VPS in /etc/rc.local with commands for Debian/Ubuntu linux server with enough free RAM (4GB+)
View rc.local
#!/bin/sh
echo never > /sys/kernel/mm/transparent_hugepage/enabled
echo noop > /sys/block/vda/queue/scheduler
echo 0 > /sys/block/vda/queue/rotational
echo 0 > /sys/block/vda/queue/rq_affinity
echo 9000 > /proc/sys/vm/dirty_expire_centisecs
echo 9000 > /proc/sys/vm/dirty_writeback_centisecs
ethtool --offload ens3 tx-checksum-ip-generic off
@jult
jult / %userprofile%\AppData\Roaming\youtube-dl\config.txt
Last active Jul 18, 2018
[ youtube-dl ] My most succesful config for all-round best codecs and quality
View %userprofile%\AppData\Roaming\youtube-dl\config.txt
--no-mtime
--no-call-home
--ignore-errors
-f "bestvideo[height>=1080]+251/bestvideo[height>=1080]+bestaudio/bestvideo[height>=720]+251/bestvideo[height>=720]+bestaudio/137+bestaudio/136+bestaudio/bestvideo+bestaudio"
# Note that I output to an MKV container, despite the fact that shitty devices will not play some files
# or still don't support Opus, it *is* the highest quality available: http://opus-codec.org/comparison/
#
# I use Daum Potplayer, which plays them all perfectly fine: https://www.videohelp.com/software/PotPlayer
#
@jult
jult / install_ispcfg_for_deb9.sh
Last active Aug 14, 2018 — forked from jniltinho/install_ispconfig_nginx_debian.sh
ISPconfig 3.x install with NGINX 1.13.x + PHP 7.1 on Debian 9 x64 (Stretch) server
View install_ispcfg_for_deb9.sh
#!/bin/bash
## Install ISPConfig + NGINX + PHP 7.1 on Debian 9 x64 (Stretch)
## Filesystem ext4
## Run as root
## Based on: https://www.howtoforge.com/tutorial/perfect-server-debian-jessie-nginx-bind-dovecot-ispconfig-3.1/
## and: https://www.howtoforge.com/tutorial/perfect-server-debian-9-stretch-apache-bind-dovecot-ispconfig-3-1/
## ! For Postfix config see https://www.howtoforge.com/tutorial/perfect-server-debian-9-stretch-apache-bind-dovecot-ispconfig-3-1/
# Check if user has root privileges
@jult
jult / encback.sh
Last active Jan 16, 2019
Back-up files from server to server using ssh/rsync, and encrypt heavily using openssl before transfer because of insecure remote machine owned by other(s)
View encback.sh
#!/bin/sh
# backup files files from server to server using ssh/rsync
# encrypt heavily using openssl before transfer to less secure location
# create the files
tar -zcpf /somepath/etc.tar.gz -C / etc
# tar -cv --exclude='root/io'-f /somepath/root.tar -find /root ! -type l
mysqldump --dump-date -uwp_admin -pSomedbpass -h localhost wordprass > /somepath/zichtbaar.sql
@jult
jult / hostsupdater.sh
Last active Feb 1, 2019
grab and sort hosts to block for dnsmasq (this existed way before pihole)
View hostsupdater.sh
#!/bin/bash
# We create a new /tmp/block file first, then append to it
# the 'sleep 1's are inserted because we suffered from slow/delayed disk cache writes
# which often caused this script to skip or not entirely finish pasting lists
wget -qO - --limit-rate=1500k https://raw.githubusercontent.com/notracking/hosts-blocklists/master/hostnames.txt > /tmp/block
sleep 1
wget -qO - --limit-rate=1500k https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts >> /tmp/block
sleep 1
@jult
jult / main.cf
Last active Feb 14, 2019
current postfix and some related config (partly managed by ISPconfig)
View main.cf
# this is most of my /etc/postfix/main.cf file:
inet_protocols = all
inet_interfaces = all
recipient_delimiter = +
smtpd_banner = Blah ESMTP
empty_address_recipient = admin