Top

Tags: Linux

Certbot letsencrypt tutorial

Sep 09, 2020 | 608 views

#Linux

Avoid using python2 for certbot as it has deprecated.



cd /etc/letsencrypt/
virtualenv -p python3 venv3
source venv3/bin/activate
certbot certonly --standalone  -d your-domain.com

# renew ssl certificates
/etc/letsencrypt/venv3/bin/certbot renew 

Refer to: github info

Comments: 0

Nginx reverse proxy setting

Sep 06, 2020 | 659 views

#Linux #Web-frontend

Refer to below:


Comments: 0

Enable sshd service on CentOS7-systemd docker image

Sep 01, 2020 | 1216 views

#Linux #Docker


1. Build a centos7-systemd docker base image refer to official centos on docker hub

Dockerfile for systemd base image


FROM centos:7.8.2003
ENV container docker
RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == \
systemd-tmpfiles-setup.service ] || rm -f $i; done); \
rm -f /lib/systemd/system/multi-user.target.wants/*;\
rm -f /etc/systemd/system/*.wants/*;\
rm -f /lib/systemd/system/local-fs.target.wants/*; \
rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
rm -f /lib/systemd/system/basic.target.wants/*;\
rm -f /lib/systemd/system/anaconda.target.wants/*;
VOLUME [ "/sys/fs/cgroup" ]
CMD ["/usr/sbin/init"]

Build your base image

$ docker build --rm -t local/centos7-systemd .
2.  Build image with sshd service based upon above base image

Dockerfile of centos7-systemd-sshd 

FROM local/centos7-systemd
RUN yum -y install openssh-server openssh-clients; systemctl enable sshd.service;
CMD ["/usr/sbin/init"]

Build image

docker build --rm -t local/centos7-systemd-sshd .
3. Run a container of centos7-systemd-sshd refer to stackflow
docker run -it -d --name node2 --privileged -e container=docker \
-v /sys/fs/cgroup:/sys/fs/cgroup:ro local/centos7-systemd-sshd /usr/sbin/init

Enter into container's terminal:

docker exec -it node2 bash

End

Comments: 0

Zabbix-server Tutorial on Centos 7

Aug 28, 2020 | 780 views

#Linux #InstallGuide

Update on 2020/12/8:


IPMI with zabbix

  1. 利用zabbix通过IPMI监控服务器硬件 
  2. Template chooses "Template Server Chassis by IPMI“


Tutorials:

Configuring SELinux with zabbix: refer to here and here


Monitoring Tutorials:

Zabbix Related Tutorial:

On this page, we offer quick access to a list of tutorials related to Zabbix installation.





Comments: 0

An Introduction to Firewalld

Aug 25, 2020 | 626 views

#Linux

Refer to An Introduction to Firewalld

Add a Port for TCP or UDP

You do have to specify TCP or UDP and to open a port for both. You will need to add rules for each protocol.

firewall-cmd --permanent --add-port=443/tcp

Saving Firewall Rules

After you have completed all the additions and subtraction of rules, you need to reload the firewall rules to make them active. To do this, you again use the firewall-cmd tool but using the option –reload.

firewall-cmd --reload


Config to accept all traffic between the nodes:

[root@mgt ~]$ firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -s  192.168.x.xxx -j ACCEPT
success
[root@mgt ~]$ firewall-cmd --reload
success

Refer to add rule to firewalld in Centos7 to allow all traffic from a server 


Comments: 0