2 years, 8 months ago
Hi everyone! Last article about transparent proxying of HTTPS by means of Squid'a was quite successful. The set of responses about successful installation of this system came by mail. But also also letters with requests for the help arrived. Problems were quite solvable. But not so long ago one colleague about the help in installation of this system on h64 to architecture (Debian) appealed to me. Here we were puzzled. First, it turned out that last article is unsuitable for this purpose because of lack of the necessary source codes in Debian repository (there now 3.5.10). It was not succeeded to find the necessary source codes in the first article Debian'ovskiye, and checkinstall gave strange error messages. Secondly, there was a wish for more universal solution which without problems would work both on h64, and on h86, and (whenever possible) at other distribution kits. The solution was found. Small addition to the previous article + some amendments turned out. This instruction allows to compile both h86, and h64 Squid'a versions and to create the corresponding packets. The instruction will be broken into several points and subparagraphs. If it is interesting, we go under kat:
2 years, 8 months ago Good afternoon, dear friends! Today I want to provide you the short practical overview devoted to a solution of a specific objective. Namely initial setup of the server and the Windows Server 2012 R2 OS installation by means of branded means of expansion of HPE. I will do it on the example of the HP ProLiant ML10v2 server popular now in the following configuration (school desks numbers 814483-421):
Tower server 4U
Intel Pentium G3240 processor
Built-in HP Dynamic SmartArray B120i RAID controller
In ours the case uses 4 disks Seagate LFF — they are not included in the package of the server
It is possible to look at total characteristics here.
Feature of this server, being the most budget representative of ProLiant family — lack of the built-in means of expansion of Intelligent Provisioning on the server. Therefore for its initial setup it is necessary to use the boot USB stick with image of HP Service Pack for ProLiant. The instruction will include such operations below:
Preparation and creation of the boot USB stick
The RAID setup on the server
Updating of program components of the server (firmwares)
Windows Server 2012R2 OS installation
All significant operations are followed by pictures. Awful quality of pictures serves for achievement of effect of presence :)
As practice shows — the big part of clients does not monitor the used resources, the services rented by them in any way (especially it is noticeable on the cheap services VPS from $3). That is, after installation of system and setup of software, necessary for the project, the future of the server is assigned to a case. And, when there are problems with operability of the server, information for the analysis has not enough.
Except the set and configured logging in atop (which also meets not often), logs of system, it would be desirable to have more information with which it is possible to work.
2 years, 8 months ago
There comes the moment when virtual hosting to become insufficiently and your project and "to ask" on the server. Not always for new tasks you need a dedicated server at once, but at least it is worth beginning with the virtual server. At the same time many of you what as to save that begin to look for the partner(s) for lease of more productive service. Also, use of the free software is one of options of economy of the budget —.
Not to each of you, for example, will pleasantly sit in the console and to set necessary for software, or to make management of your websites through a touch the command line. At such moments many webmasters are come to the rescue by control bars a hosting and as it is pleasant when this panel — qualitative and free software. Quite recently we already told about one free software product, and today it will be a question of one more interesting control bar a hosting, namely of "coin" …
Somehow I considered that 1 minute of idle time of hh.ru on weekdays affects about 30 000 users in the afternoon. We constantly solve a problem of decrease in number of incidents and their duration. We can reduce quantity of problems the correct infrastructure, architecture of the application is a separate subject, we will not take it in attention yet. Let's talk better about how quickly to understand what occurs in our infrastructure. Here just we are also helped by monitoring.
In this article on the example of hh.ru I will tell and I will show how to cover with monitoring all layers of infrastructure:
2 years, 8 months ago
In spite of the fact that almost everywhere we use domain names instead of IP addresses, tools for monitoring and control of a network traffic as a rule operate with IP addresses. Permission of names in general (and DNS in particular) is used quite conditionally.
It is connected with some features of work of DNS — the result of permission of a name in the address can quickly turn sour, the following request can return other address, results can differ depending on geography and the provider requesting.
Whether it is possible to have an actual look-up table of names and addresses for small networks? What domains were requested by users and what received IP addresses? With some clauses — yes.
2 years, 8 months ago
Sandra Henry-Stocker (Unix Dweeb, works in the TeleCommunication Systems company developing the innovative technical solutions at present). Looking back in the past, more than 30 years of work as the Unix system administrator later, I can tell that it was the long and interesting way. These years I of course did not execute one and too. Development of technologies was led to improbable changes in my work. It were impressive improvements in "iron" which I serviced, and the invention of new software tools which I studied and put into practice. For many years I took improbable pleasure from that how a lot of work I could make in the command line for identification and elimination of different problems and understanding of how in the best way to provide data protection of my employers. Within 30 years I worked with surprising people, at the same time was dismissed once, and also learned a lot of new about what works and does not work, both from the technical point of view, and from the point of view of career development.
The profession and all with it connected changes dramatically, but it always brought and will bring me the sea of pleasure.
Here my reflections about changes which I saw also those which still I will see.
Let's Encrypt — it is the non-commercial initiative providing the free, automated and open CA (certificate authority — certificate authority) created ISRGby for the benefit of society:
free of charge: the owner of any domain name can use Let's Encrypt and receive entrusted (to read as "is recognized as any modern browser") the TLS certificate (TLS — the successor of SSL) absolutely free of charge;
it is automated: Let's Encrypt provides free and the free software (client) which, being configured on the Web server, can request completely automatically non-paid provided certificates of Let's Encrypt, automatically configure and update them;
safely: Let’s Encrypt is under construction as a platform for promotion the best practician of safety of TLSof both on the party of certificate authority (CA), and on the party of websites, helping administrators to configure Web servers properly;
it is transparent: information on release and a withdrawal of each certificate of Let's Encrypt is available quite and publicly so that anyone to study it will be able to make it;
freely: the protocols of interaction from CA allowing to automate processes of release and updating of certificates will be published as the open standard for the maximum implementation;
kooperativno: as well as any protocol which is the cornerstone of the Internet and the World Wide Web of Let's Encrypt is joint, uncontrollable any specific organization by the non-commercial project created bringing benefit to society.
2 years, 8 months ago
From the "marginal notes" series. It is more not to forget most, but, maybe, to whom and it is useful.
After purchase of Raspberry Pi 2 to replace not lived and weeks of Odroid XU4 slow shamanism on installation and initial setup of system under itself began. What disappointment when favourite ramlog refused not only to be put (hands we will unpack, not lazy) was, but also to be started after forced "implementation". Having despaired and having requested Google, found out that it is not on friendly terms with systemd, from the word "absolutely".
Already practically sobiravshis to fence something special, came across one German post where the "adapted" ramlog was mentioned. The imboweling of immediately downloaded image showed that there just and the fact that I and wanted was made. Therefore, instead of the invention of the bicycle, I suggest to use already ready