At work I had the task to implement a redirection based on the visitors country for the company website.
I came to use this serverfault.com answer as a base for my implementation.
But how do I test this? In order to test the behavior I need to fake IP adresses from all over the world. iptables to the rescue!
Faking the source IP address To test this I had the NGINX running in a virtual machine.
I do have a few applications that I need many times throughout the day but usually only for a very short time. One of the prime examples for this is my password manager. Others are a go to terminal or some note taking application. You might have some other needs like a messenger or who knows what.
Since over a year I am using I3 as my window manager.
I ran into the situation where I had a directory tree restored from backup but the permissions were all messed up. The directory with the corrupted files still existed and the permissions there were intact.
So the idea was to sync the permissions of the one directory tree to the other. I found the solution to my problem in this Serverfault thread.
The way this works is to read the permissions recursively with getfacl, store the result in a file, change the path with sed and then run setfacl with the file as input.
A was faced with the situation that a client could not connect to it’s MSSQL named instance in another subnet. There is a firewall in between those subnets. The firewall rule allowed TCP 1433, 1434 and Pings. The client was able to ping the server. So far so good. But the SQL client could not connect to the server. A nmap scan of the server showed that port 1433 or 1434, the classical MSSQL ports, were not open.
I had to set up a system for Atlassian’s Jira and Confluence that would be accessed by at least two different URLs. The Tomcat servers are behind an NGINX server that handles the whole SSL stuff.
In the past, when such a system would have only one very specific URL I would set the proxyName=<FQDN/URL> in the connector section in the server.xml and be good. Jira or Confluence would generate the right URLs.
I had to migrate an OVA exported by VirtualBox to an ESXi 6.
TL;DR: Untar the OVA, copy the vmdk file to ESXi, migrate the vmdk with vmkfstools and create a new VM using the new vmdk file for the HDD.
You got time to read it all An OVA file is a tarball of the VMs vmdk and the OVF file containing all the settings in XML format.
Ever wondered how to automatically lock your screen when you put your laptop to sleep? Like me you most likely found a SystemD unit file looking a lot like the one below. What annoyed me though was that the lock command would be executed after the system reached the sleep target, ergo when waking up. This resulted in a brief flicker where my screen was visible before i3lock kicked in.
This blog entry is my personal documentation. If it helps others even better. I will try to keep it as up to date as possible. What helped me when I tried this the first time was the github gist by codedreality. Since then I modified and adapted his procedure a bit to fit my personal needs.
The goal is to have an encrypted Arch Linux running on ZFS as root file system with an additional swap partition to enable hibernation.
Quick note to myself.
Having an environment where some services (LDAP, Radius, …) that the F5 needs to access are not reachable from the Virtual Server but only via the management interface can be tricky. Adding a specific route to the host in question will solve this.
The command where 10.0.20.10 is the server we want to reach and 10.0.10.1 the gateway for the management interface is:
tmsh create sys management-route 10.
While working on this website with HUGO I needed the first and last element of the current URL in variables at some point.
There is a snippet available to get the last element in a URL that does some delimit and split magic.
When looking into how to get the first element I came up with another way to also get the last element that might be a bit more understandable.