Skip to content

Instantly share code, notes, and snippets.

Working from home

Julius Thyssen jult

Working from home
View GitHub Profile
jult /
Last active Mar 31, 2018
Base install over debian 9 x64 minimal server, with certbot, webmin, csf&lfd and fail2ban
## Filesystem ext4
## Run as root
# Check if user has root privileges
if [[ $EUID -ne 0 ]]; then
echo "You must run the script as root or using sudo"
exit 1
jult /
Last active Aug 14, 2018 — forked from jniltinho/
ISPconfig 3.x install with NGINX 1.13.x + PHP 7.1 on Debian 9 x64 (Stretch) server
## Install ISPConfig + NGINX + PHP 7.1 on Debian 9 x64 (Stretch)
## Filesystem ext4
## Run as root
## Based on:
## and:
## ! For Postfix config see
# Check if user has root privileges
jult / rc.local
Last active Apr 13, 2018
tweaks for a KVM guest VPS in /etc/rc.local with commands for Debian/Ubuntu linux server with enough free RAM (4GB+)
View rc.local
echo never > /sys/kernel/mm/transparent_hugepage/enabled
echo noop > /sys/block/vda/queue/scheduler
echo 0 > /sys/block/vda/queue/rotational
echo 0 > /sys/block/vda/queue/rq_affinity
echo 9000 > /proc/sys/vm/dirty_expire_centisecs
echo 9000 > /proc/sys/vm/dirty_writeback_centisecs
ethtool --offload ens3 tx-checksum-ip-generic off
jult / TLS
Last active Dec 7, 2020
My nginx include for TLS A+ rating at using nginx/1.14.* and openssl 1.1.1*
View TLS
# version 2020 feb 24
ssl_certificate /etc/letsencrypt/live/;
ssl_certificate_key /etc/letsencrypt/live/;
ssl_trusted_certificate /etc/letsencrypt/live/;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;
jult / .stglobalignore
Last active Mar 29, 2021
syncthing ignore file(s) .stglobalignore and .stignore
View .stglobalignore
// .stglobalignore
// These prevent SyncThing from trying to sync data that's locked, constantly changing, going to be thrown out, unimportant, etc.
// Lots of conflicts/issues disappeared using these ignores, but do check to prevent major disappointment!
// *.log and *cache* are in there, just so you know.. but firefox' startupCache and offlineCache will be synced.
// Decided to stop categorizing these. Sorting them Lexicographically from now on. Ignores are case sensitive.
jult /
Last active Feb 14, 2019
current postfix and some related config (partly managed by ISPconfig)
# this is most of my /etc/postfix/ file:
inet_protocols = all
inet_interfaces = all
recipient_delimiter = +
smtpd_banner = Blah ESMTP
empty_address_recipient = admin
jult /
Last active Mar 7, 2020
iptables blocklist script (using ipset hash..)
IP_BLACKLIST_CUSTOM=/etc/ip-blacklist-custom.conf # optional
list="chinese nigerian russian lacnic exploited-servers"
"" # Project Honey Pot Directory of Dictionary Attacker IPs
# "" # TOR Exit Nodes, who would refuse those accessing your server?
# "" # MaxMind GeoIP Anonymous Proxies
jult / cors.conf
Last active Jul 11, 2016
nginx example config for Cross-origin resource sharing
View cors.conf
# fonts only:
location ~* \.(eot|ttf|woff|woff2)$ {
add_header Access-Control-Allow-Origin *;
# all crossed, just remove the POST Methods if you don't want writes on the resource:
location ~* {
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
jult /
Last active Jul 5, 2017
wordpress permissions hell
WP_OWNER=lamedude # <-- wordpress owner (usually also ftp-username)
WP_GROUP=psaserv # <-- wordpress group
WP_ROOT=/var/www/vhosts/somesite.tld/httpdocs # <-- wordpress root directory, note it's the docroot here, not wp default
WS_GROUP=psacln # <-- webserver group
# reset to safe defaults
find ${WP_ROOT} -exec chown ${WP_OWNER}:${WP_GROUP} {} \;
find ${WP_ROOT} -type d -exec chmod 2755 {} \;
jult /
Last active Jan 16, 2019
Back-up files from server to server using ssh/rsync, and encrypt heavily using openssl before transfer because of insecure remote machine owned by other(s)
# backup files files from server to server using ssh/rsync
# encrypt heavily using openssl before transfer to less secure location
# create the files
tar -zcpf /somepath/etc.tar.gz -C / etc
# tar -cv --exclude='root/io'-f /somepath/root.tar -find /root ! -type l
mysqldump --dump-date -uwp_admin -pSomedbpass -h localhost wordprass > /somepath/zichtbaar.sql