Developers Club geek daily blog

Program Internet gateway for not the small company (Shorewall, OpenVPN, OSPF). Part 2

1 year, 5 months ago
I submit the second article from a series, the "continuing" system administrators oriented on, for experienced I will hardly open something new.
In these articles we will consider creation of the Internet gateway on linux allowing to connect several offices of the company and to provide limited access in a network, a prioritetzation of a traffic (QoS) and simple balancing of loading with reservation of the channel between two providers.
Specifically in this part:
  • More detailed Shorewall setup
  • Terrible and not clear QoS
  • Balancing of loading and reservation


And in the previous part were considered:
  • The elementary Shorewall setup
  • Awfully difficult dnsmasq setup
  • Not less difficult OpenVPN setup
  • And for many continuing administrators atypical, dynamic routing, on the example of OSPF

Read more »


Hunting for rodents under Linux

1 year, 5 months ago
There is a mass of monitors of an operating system, but the special sense is made by a task to catch the moment of emergence of a problem and to catch the reason of high loading or a source of problems with performance. I call it hunting for "rodents" of resources.

For this purpose I composed for myself a simple script of ratskill.sh which you will be able to modify under the systems and tasks.

The principle of work simple — a script is started with the set frequency, checks the Load Average level (you can use other control parameters) and in case of exceeding of the set value the script executes the set set of diagnostic commands with creation of the report which is sent on the postal address specified by you.

Read more »


The logrotate setup + access for collecting of logs on SFTP

1 year, 5 months ago
I had a task: to configure compression of logs of the DNS Unbound server, with a possibility of convenient collecting of these backups in a collector. Also it was required to limit access rights that from a collector it was possible to come only into a directory where backups of logs are stored. Carried out the specified actions on CentOS 7 Minimal and CentOS 6.6 Minimal.

Read more »


Expansion of sections without data loss

1 year, 5 months ago

Essence


Developed the program for simple expansion of the section and file system (xfs, ext3,4) without data loss. github.com/rekby/fsextender/releases/latest

Initial problem


After expansion of a disk of the virtual computer from wasps of linux family to expand in it the section of data.

Read more »


Kill switch for OpenVPN on the basis of iptables

1 year, 5 months ago
It is known that at connection to open Wi-Fi to networks your traffic can be easily listened. Of course, now more and more websites use HTTPS. Nevertheless, it is yet not 100%. There is a natural desire to secure the traffic at connection to such open Wi-Fi to networks.

Popular solution of this problem — connection through VPN. In that case your traffic is transferred in encrypted form to the VPN server, and already from there goes to the Internet.

Such solution has a small shortcoming: until VPN connection is not set yet, all applications on your computer (including open tabs of the browser) get Internet access bypassing VPN connection.

In this article I will tell how it is possible to avoid it.

Read more »


Authorization in CentOS through Microsoft Azure AD/Office 365

1 year, 5 months ago
All users of Microsoft Office 365 (for business) pass authorization through Microsoft Azure AD. So, when adding each new user (email) in Office 365, for it the corresponding record in Microsoft Azure AD is automatically created.

Earlier I told about how it is possible to use Microsoft Azure AD for authorization of users of Ununtu 14.04. That is, as in Ubuntu to make SSO with Microsoft Azure AD/Office 365. Now I will tell as it is possible to make the same in CentOS 7.

Read more »


Process priority, or attempt to optimize is a little more server

1 year, 5 months ago


In a case when a startup the project young and perspective, but the budget is strongly limited — it is necessary to squeeze out a maximum possible from the available resources.
Well if money under an equipment upgrade is budgeted (in mythical good time), but now it is necessary to receive performance maximum from the available resources.

On open spaces of the Internet there are many articles on a subject as to implement it — failure from LAMP for benefit of nginx+php-fpm or uWSGI (out of need), their thin setup (we do not forget to cache a statics), the PHP installation of an accelerator, tuning of DBMS (if it is used), and other useful things.

But even at installation and competent execution of all points it is possible to optimize work of services a little more.

Read more »


Assembly and the FreeRADIUS 3 setup with support of SQLITE

1 year, 5 months ago
Kind day, dear.
I want to share with you a solution of one creative task. I hope to someone it will be useful.
So,

IT IS GIVEN:


low-power piece of iron with arm the processor both Debian 7 wheezy collected under it and set.

TASK:


to deliver to FreeRADIUS 3.0.X, to configure it for work with SQLITE DB. I.e., RADIUS has to take accounts of users (who need to be authenticated) from SQLITE DB.

Read more »


Authorization in Ubuntu through Microsoft Azure AD/Office 365

1 year, 5 months ago
All users of Microsoft Office 365 (for business) pass authorization through Microsoft Azure AD. So, when adding each new user (email) in Office 365, for it the corresponding record in Microsoft Azure AD is automatically created.

Here I will tell as it is possible to use Microsoft Azure AD for authorization of users of Ununtu 14.04. That is, as in Ubuntu to make SSO with Microsoft Azure AD/Office 365.

Read more »


Development environment: Redmine + Git + ownCloud

1 year, 5 months ago
This article appeared with the purpose to generalize quite long attempts to collect a convenient environment for work on projects. Undoubtedly, there is a set of services ready to provide similar functionality, but their use is not always convenient also for the different reasons, can be unacceptable. If there was such situation, hope, the configuration presented in article will be useful.



The scenario of use of this sheaf, it is possible to describe briefly as follows:

  • Files of the project are stored in Git repositories;
  • The repository contains settings, source codes and other files of the project which existence is convenient and admissible in a collective repository;
  • In a root cloud directory excluded in .gitignore in which through WebDAV ownCloud the folder, for other files is mounted is located;
  • Contents of Git of a repository are traced in Redmine project management system.


The plan of system deployment includes setup of the following services:

  1. OpenLDAP — the uniform account for all services;
  2. Redmine — start in Docker the container, creation and a binding of Git of a repository, LDAP authentication;
  3. NGINX — access to Git to a repository through HTTPS and LDAP authentication;
  4. ownCloud — LDAP authentication and assembling of the folder through davfs2.

Read more »