Setup usable ubuntu server from scratch

转载已于 2022-11-09 22:25:40 修改 · 2.8k 阅读

1 ·

CC 4.0 BY-SA版权

原文链接：https://help.ubuntu.com/community/IptablesHowTo#Configuration_on_startup

文章标签：

#ubuntu #ssh #服务器

于 2016-11-10 12:01:27 首次发布

其他专栏收录该内容

18 篇文章

订阅专栏

本文汇总了多种实用的IT操作技巧，包括SSH无密码登录配置、USB驱动格式化、MySQL命令使用、Samba文件共享设置等，适用于Ubuntu及类似系统的日常管理和维护。

SSH

Install SSH server

apt-get install openssh-server

sshd_config is the configuration file for the OpenSSH server. ssh_config is the configuration file for the OpenSSH client. Make sure not to get them mixed up.

Config file location

/etc/ssh/sshd_config

Restart the SSH service

systemctl restart ssh

Copying Public Key Manually
If you do not have password-based SSH access to your server available, you will have to complete the above process manually.

We will manually append the content of your id_rsa.pub file to the ~/.ssh/authorized_keys file on your remote machine.

To display the content of your id_rsa.pub key, type this into your local computer:

cat ~/.ssh/id_rsa.pub

You will see the key’s content, which should look something like this:

Output
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCqql6MzstZYh1TmWWv11q5O3pISj2ZFl9HgH1JLknLLx44+tXfJ7mIrKNxOOwxIxvcBF8PXSYvobFYEZjGIVCEAjrUzLiIxbyCoxVyle7Q+bqgZ8SeeM8wzytsY+dVGcBxF6N4JS+zVk5eMcV385gG3Y6ON3EG112n6d+SMXY0OEBIcO6x+PnUSGHrSgpBgX7Ks1r7xqFa7heJLLt2wWwkARptX7udSq05paBhcpB0pHtA1Rfz3K2B+ZVIpSDfki9UVKzT8JUmwW6NNzSgxUfQHGwnW7kj4jp4AT0VZk3ADw497M2G/12N0PPB5CnhHf7ovgy6nL1ikrygTKRFmNZISvAcywB9GVqNAVE+ZHDSCuURNsAInVzgYo9xgJDW8wUw2o8U77+xiFxgI5QSZX3Iq7YLMgeksaO4rBJEa54k8m5wEiEE1nUhLuJ0X/vh2xPff6SQ1BL/zkOhvJCACK6Vb15mDOeCSq54Cr7kvS46itMosi/uS66+PujOO+xt/2FWYepz6ZlN70bRly57Q06J+ZJoc9FfBCbCyYH7U/ASsmY095ywPsBo1XQ9PqhnN1/YOorJ068foQDNVpm146mUpILVxmq41Cj55YKHEazXGsdBIbXWhcrRf4G2fJLRcGUr9q8/lERo9oxRm5JFX6TCmj6kmiFqv+Ow9gI0x8GvaQ== demo@test

Access your remote host using whichever method you have available.

Once you have access to your account on the remote server, you should make sure the ~/.ssh directory exists. This command will create the directory if necessary, or do nothing if it already exists:

mkdir -p ~/.ssh

Now, you can create or modify the authorized_keys file within this directory. You can add the contents of your id_rsa.pub file to the end of the authorized_keys file, creating it if necessary, using this command:

echo public_key_string >> ~/.ssh/authorized_keys

In the above command, substitute the public_key_string with the output from the cat ~/.ssh/id_rsa.pub command that you executed on your local system. It should start with ssh-rsa AAAA…

Finally, we’ll ensure that the ~/.ssh directory and authorized_keys file have the appropriate permissions set:

chmod -R go= ~/.ssh

This recursively removes all “group” and “other” permissions for the ~/.ssh/ directory.

If you’re using the root account to set up keys for a user account, it’s also important that the ~/.ssh directory belongs to the user and not to root:

chown -R sammy:sammy ~/.ssh

In this tutorial our user is named sammy but you should substitute the appropriate username into the above command.

We can now attempt passwordless authentication with our Ubuntu server.

Disable Password Authentication on your Server
Once you’ve confirmed that your remote account has administrative privileges, log into your remote server with SSH keys, either as root or with an account with sudo privileges. Then, open up the SSH daemon’s configuration file:

sudo nano /etc/ssh/sshd_config

Inside the file, search for a directive called PasswordAuthentication. This may be commented out. Uncomment the line and set the value to “no”. This will disable your ability to log in via SSH using account passwords:

/etc/ssh/sshd_config
…
PasswordAuthentication no
…
Save and close the file when you are finished by pressing CTRL + X, then Y to confirm saving the file, and finally ENTER to exit nano. To actually implement these changes, we need to restart the sshd service:

sudo systemctl restart ssh

format usb drive

fdisk /dev/sdb

Then press letter o to create a new empty DOS partition table.
Press letter n to add a new partition. You will be prompted for the size of the partition. Making a primary partition when prompted, if you are not sure.
Then press letter w to write table to disk and exit.

mkfs.vfat /dev/sdb1  
or
mkfs.ext4 /dev/sdb1

mysql commands

Connect to server

mysql -h host -u user -p

Drop database and table

drop database databasename;
drop table tablename;

Reserved word, when you meet reserved words, you can use double ` to enclose the words.
Remove mysql totally

apt-get remove --purge mysql-server-5.5

mount

Auto mount disk when ubuntu start
Decide which partitions to mount

System name	English name	Linux type
W95 FAT32	Microsoft FAT32	vfat
W95 FAT32 (LBA)	Microsoft FAT32	vfat
W95 FAT16 (LBA)	Microsoft FAT16	vfat
W95 Ext’d (LBA)	Microsoft extended partition	Not used
NTFS volume set	Microsoft NTFS	ntfs
NTFS volume set	Microsoft NTFS with read-write access	ntfs-3g
Apple_HFS	Apple HFS	hfsplus

option example

To learn more about options, type ‘man mount’.

Description	Accessible by everyone	Accessible by a subset of users**
FAT(16/32) partition	user,auto,fmask=0111,dmask=0000	user,auto,fmask=0177,dmask=0077,uid=1000
NTFS partition*	rw,auto,user,fmask=0111,dmask=0000	rw,user,auto,fmask=0177,dmask=0077,uid=1000
Apple Partition	user,auto,file_umask=0111,dir_umask=0000	user,auto,file_umask=0177,dir_umask=0077,uid=1000

If you want write access to your file system, you should set the filesystem type to ‘ntfs-3g’ instead of ‘ntfs’. You may need to install the package ‘ntfs-3g’ for this to work, so make sure it is installed before you use ntfs-3g.
uid=1000 restricts access to the user created while installing Ubuntu. 1001 is the user created after that, and so forth. gid=# may be used with or in place of uid to grant access to a group. However, group and user enumeration is beyond the scope of this article.

vi /etc/fstab

UUID=519CB82E5888AD0F  /media/Data  ntfs-3g  user,auto,file_umask=0111,dir_umask=0000  0 0

if you want to mount ext4 drive directly

UUID=913aedd1...    /media/download   ext4    defaults,errors=remount-ro,noatime    0    2

UUID=913aedd1...    /media/download   ext4    rw,relatime   0    2

For the mount option, please refer Fstab

you can find the UUID by running the following command

blkid

you can input the following command to check the mount status

mount -a

New usb3.0 ssd external drive issue:

New usb3.0 devices are not supported well in ubuntu, you could face the issue when using these devices. The root cause is the uas driver is not stable. We need to blacklist the uas.

lsusb -t

If you are using Debian, go to /boot folder, try to find armbianEnv.txt or orangepiEnv.txt. Edit this file and add the ID your get in previous step like

usbstoragequirks=0x2537:0x1066:u,0x2537:0x1068:u,2109:0715:u

then

update-initramfs -u

If the above step doesn’t take effect, please try the following:

create a new file in /etc/modprobe.d/disable-uas.conf

options usb-storage quirks=0bc2:3322:u

then

update-initramfs -u

Auto mount knowledge link

samba

Please refer the link

sudo apt-get install samba
sudo useradd USERNAME --shell /bin/false
sudo vi /etc/samba/smb.conf

add the following lines at the end of the config file

Once "smb.conf" has loaded, add this to the very end of the file:

[<folder_name>]
path = /home/<user_name>/<folder_name>
valid users = <user_name>
read only = no

sudo smbpasswd -a <user_name>
sudo service smbd restart

Hdparm

sudo apt-get install hdparm

Make sure your drive supports hd parm, if you have multiple hard drives it could be /dev/sdb or /dev/sdb – the command blkid will show you all disk drives connected.

sudo hdparm -y /dev/sda

You should get output like this indicating a successful standby command

/dev/sda:
 issuing standby command

Check if your drive supports write cache

sudo hdparm -I /dev/sda | grep 'Write cache'

If you see a * (asterix) then you are good to go.

*    Write cache

If you don’t see a star (asterix) then write cache is not possible for your drive

Time to make hdparm configurations permanent edit the configuration file

sudo nano /etc/hdparm.conf

The spindown_time value is multiplied by 5 and you have the total time in seconds. So a value of 120 yields 10 minutes (120*5=600).

Enable write cache and spindown time by adding this text to the bottom of the file

/dev/sda {
write_cache = on
spindown_time = 120
}

Systemd

Refer this link
Unbuntu systemd

Example systemd service

[Unit]
Description=Job that runs the foo daemon
Documentation=man:foo(1)

[Service]
Type=forking
Environment=statedir=/var/cache/foo
ExecStartPre=/usr/bin/mkdir -p ${statedir}
ExecStart=/usr/bin/foo-daemon --arg1 "hello world" --statedir ${statedir}

[Install]
WantedBy=multi-user.target

To determine which init daemon you are currently booting with, run:

ps -p1 | grep systemd && echo systemd || echo upstart

systemctl usages:

systemctl status
systemctl list-units
systemctl --failed
systemctl list-unit-files
systemctl is-enabled unit
systemctl enable unit

journalctl usages:

journalctl -b
journalctl --since="2012-10-30 18:17:16"
journalctl --since "20 min ago"
journalctl /usr/lib/systemd/systemd

SSL Certificate

To generate the keys for the Certificate Signing Request (CSR) run the following command from a terminal prompt:

openssl genrsa -des3 -out server.key 2048

Now create the insecure key, the one without a passphrase, and shuffle the key names:

openssl rsa -in server.key -out server.key.insecure
mv server.key server.key.secure
mv server.key.insecure server.key

To create the CSR, run the following command at a terminal prompt:

openssl req -new -key server.key -out server.csr

To create the self-signed certificate, run the following command at a terminal prompt:

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

iptables

ubuntu iptables

Solution #2 /etc/network/if-pre-up.d and …/if-post-down.d

NOTE: This solution uses iptables-save -c to save the counters. Just remove the -c to only save the rules.

Alternatively you could add the iptables-restore and iptables-save to the if-pre-up.d and if-post-down.d directories in the /etc/network directory instead of modifying /etc/network/interface directly.

NOTE: Scripts in if-pre-up.d and if-post-down.d must not contain dot in their names.

The script /etc/network/if-pre-up.d/iptablesload will contain:

#!/bin/sh
iptables-restore < /etc/iptables.rules
exit 0

and /etc/network/if-post-down.d/iptablessave will contain:

#!/bin/sh
iptables-save -c > /etc/iptables.rules
if [ -f /etc/iptables.downrules ]; then
   iptables-restore < /etc/iptables.downrules
fi
exit 0

Then be sure to give both scripts execute permissions:

sudo chmod +x /etc/network/if-post-down.d/iptablessave
sudo chmod +x /etc/network/if-pre-up.d/iptablesload

nginx

Some key directives

Syntax: 	proxy_pass URL;
Default: 	—
Context: 	location, if in location, limit_except

Sets the protocol and address of a proxied server and an optional URI to which a location should be mapped. As a protocol, “http” or “https” can be specified. The address can be specified as a domain name or IP address, and an optional port:

proxy_pass http://localhost:8000/uri/;

If the proxy_pass directive is specified with a URI, then when a request is passed to the server, the part of a normalized request URI matching the location is replaced by a URI specified in the directive:
```
 location /name/ {
     proxy_pass http://127.0.0.1/remote/;
 }
```
When the URI is changed inside a proxied location using the rewrite directive, and this same configuration will be used to process a request (break):
```
location /name/ {
    rewrite    /name/([^/]+) /users?name=$1 break;
    proxy_pass http://127.0.0.1;
}
```

In this case, the URI specified in the directive is ignored and the full changed request URI is passed to the server.

Syntax: 	proxy_redirect default;
proxy_redirect off;
proxy_redirect redirect replacement;
Default: 	

proxy_redirect default;

Context: 	http, server, location

Sets the text that should be changed in the “Location” and “Refresh” header fields of a proxied server response. Suppose a proxied server returned the header field “Location: http://localhost:8000/two/some/uri/”. The directive

proxy_redirect http://localhost:8000/two/ http://frontend/one/;

will rewrite this string to “Location: http://frontend/one/some/uri/”.

A server name may be omitted in the replacement string:

proxy_redirect http://localhost:8000/two/ /;

then the primary server’s name and port, if different from 80, will be inserted.

The directive can be specified (1.1.11) using regular expressions. In this case, redirect should either start with the “~” symbol for a case-sensitive matching, or with the “~*” symbols for case-insensitive matching. The regular expression can contain named and positional captures, and replacement can reference them:

proxy_redirect ~^(http://[^:]+):\d+(/.+)$ $1$2;
proxy_redirect ~*/user/([^/]+)/(.+)$      http://$1.example.com/$2;

Location config

The = modifier
The requested document URI must match the specified pattern exactly. The pattern
here is limited to a simple literal string; you cannot use a regular expression.
No modifier
The requested document URI must begin with the specified pattern. You may not
use regular expressions.
The ~ modifier
The requested URI must be a case-sensitive match to the specified regular expression
The ~* modifier
The requested URI must be a case-insensitive match to the specified regular expression.
The ^~ modifier
Similar to the no-symbol behavior, the location URI must begin with the specified
pattern. The difference is that if the pattern is matched, Nginx stops searching for
other patterns (read the section below about search order and priority).
The @ modifier
Defines a named location block. These blocks cannot be accessed by the client,
but only by internal requests generated by other directives, such as try_files or
error_page.
Search order
Nginx will search for matching patterns in a
specific order:

location blocks with the = modifier: If the specified string exactly matches
the requested URI, Nginx retains the location block.
location blocks with no modifier: If the specified string exactly matches the
requested URI, Nginx retains the location block.
location blocks with the ^~ modifier: If the specified string matches the
beginning of the requested URI, Nginx retains the location block.
location blocks with ~ or ~* modifier: If the regular expression matches the
requested URI, Nginx retains the location block.
location blocks with no modifier: If the specified string matches the
beginning of the requested URI, Nginx retains the location block.
In that extent, the ^~ modifier begins to make sense, and we can envision cases
where it becomes useful.

Script

nginx enable/disable script

#!/bin/bash
##
#  File:
#    nginx_modsite
#  Description:
#    Provides a basic script to automate enabling and disabling websites found
#    in the default configuration directories:
#      /etc/nginx/sites-available and /etc/nginx/sites-enabled
#    For easy access to this script, copy it into the directory:
#      /usr/local/sbin
#    Run this script without any arguments or with -h or --help to see a basic
#    help dialog displaying all options.
##

# Copyright (C) 2010 Michael Lustfield <mtecknology@ubuntu.com>

# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer in the
#    documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED.  IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.

##
# Default Settings
##

NGINX_CONF_FILE="$(awk -F= -v RS=' ' '/conf-path/ {print $2}' <<< $(nginx -V 2>&1))"
NGINX_CONF_DIR="${NGINX_CONF_FILE%/*}"
NGINX_SITES_AVAILABLE="$NGINX_CONF_DIR/sites-available"
NGINX_SITES_ENABLED="$NGINX_CONF_DIR/sites-enabled"
SELECTED_SITE="$2"

##
# Script Functions
##

ngx_enable_site() {
    [[ ! "$SELECTED_SITE" ]] &&
        ngx_select_site "not_enabled"

    [[ ! -e "$NGINX_SITES_AVAILABLE/$SELECTED_SITE" ]] && 
        ngx_error "Site does not appear to exist."
    [[ -e "$NGINX_SITES_ENABLED/$SELECTED_SITE" ]] &&
        ngx_error "Site appears to already be enabled"

    ln -sf "$NGINX_SITES_AVAILABLE/$SELECTED_SITE" -T "$NGINX_SITES_ENABLED/$SELECTED_SITE"
    ngx_reload
}

ngx_disable_site() {
    [[ ! "$SELECTED_SITE" ]] &&
        ngx_select_site "is_enabled"

    [[ ! -e "$NGINX_SITES_AVAILABLE/$SELECTED_SITE" ]] &&
        ngx_error "Site does not appear to be \'available\'. - Not Removing"
    [[ ! -e "$NGINX_SITES_ENABLED/$SELECTED_SITE" ]] &&
        ngx_error "Site does not appear to be enabled."

    rm -f "$NGINX_SITES_ENABLED/$SELECTED_SITE"
    ngx_reload
}

ngx_list_site() {
    echo "Available sites:"
    ngx_sites "available"
    echo "Enabled Sites"
    ngx_sites "enabled"
}

##
# Helper Functions
##

ngx_select_site() {
    sites_avail=($NGINX_SITES_AVAILABLE/*)
    sa="${sites_avail[@]##*/}"
    sites_en=($NGINX_SITES_ENABLED/*)
    se="${sites_en[@]##*/}"

    case "$1" in
        not_enabled) sites=$(comm -13 <(printf "%s\n" $se) <(printf "%s\n" $sa));;
        is_enabled) sites=$(comm -12 <(printf "%s\n" $se) <(printf "%s\n" $sa));;
    esac

    ngx_prompt "$sites"
}

ngx_prompt() {
    sites=($1)
    i=0

    echo "SELECT A WEBSITE:"
    for site in ${sites[@]}; do
        echo -e "$i:\t${sites[$i]}"
        ((i++))
    done

    read -p "Enter number for website: " i
    SELECTED_SITE="${sites[$i]}"
}

ngx_sites() {
    case "$1" in
        available) dir="$NGINX_SITES_AVAILABLE";;
        enabled) dir="$NGINX_SITES_ENABLED";;
    esac

    for file in $dir/*; do
        echo -e "\t${file#*$dir/}"
    done
}

ngx_reload() {
    read -p "Would you like to reload the Nginx configuration now? (Y/n) " reload
    [[ "$reload" != "n" && "$reload" != "N" ]] && invoke-rc.d nginx reload
}

ngx_error() {
    echo -e "${0##*/}: ERROR: $1"
    [[ "$2" ]] && ngx_help
    exit 1
}

ngx_help() {
    echo "Usage: ${0##*/} [options]"
    echo "Options:"
    echo -e "\t<-e|--enable> <site>\tEnable site"
    echo -e "\t<-d|--disable> <site>\tDisable site"
    echo -e "\t<-l|--list>\t\tList sites"
    echo -e "\t<-h|--help>\t\tDisplay help"
    echo -e "\n\tIf <site> is left out a selection of options will be presented."
    echo -e "\tIt is assumed you are using the default sites-enabled and"
    echo -e "\tsites-disabled located at $NGINX_CONF_DIR."
}

##
# Core Piece
##

case "$1" in
    -e|--enable)    ngx_enable_site;;
    -d|--disable)   ngx_disable_site;;
    -l|--list)  ngx_list_site;;
    -h|--help)  ngx_help;;
    *)      ngx_error "No Options Selected" 1; ngx_help;;
esac

shellinabox

Setup
sudo apt-get install shellinabox

then navigate to https://yourcomputername:4200

Change the default config

sudo gedit /etc/default/shellinabox

SHELLINABOX_ARGS="--no-beep --localhost-only --disable-ssl"

Restart the service
sudo invoke-rc.d shellinabox restart
Nginx config

  location /shellinabox/ {
    rewrite ^/shellinabox/(.*) /$1 break;
    proxy_pass http://127.0.0.1:4200;
    proxy_read_timeout 90;
  }

SNI proxy

# Install required packages
sudo apt-get install autotools-dev cdbs debhelper dh-autoreconf dpkg-dev gettext libev-dev libpcre3-dev libudns-dev pkg-config fakeroot devscripts

# Clone sniproxy repo from Github
git clone https://github.com/dlundquist/sniproxy.git

# Compile and create the package
cd sniproxy
./autogen.sh && dpkg-buildpackage

# Install the package
sudo dpkg -i ../sniproxy_*_*.deb

Configuration location

/etc/sniproxy.conf

# sniproxy.conf
# Setup for sharing port 443 with Sandstorm

user daemon
pidfile /var/run/sniproxy.pid

error_log {
    syslog daemon
    priority notice
}

listen 443 {
    proto tls
    table https_hosts
    fallback 127.0.0.1:7443

    access_log {
        filename /var/log/sniproxy/https_access.log
        priority notice
    }
}

table https_hosts {
    .*\.sandcats\.io 127.0.0.1:6443
}

To make SNI proxy automatically startup on boot up

sudo update-rc.d sniproxy enable

For Raspberry or Ubuntu auto start


[unit]
Description=sniproxy
After=network.target

[Service]
Type=forking
ExecStart=/usr/sbin/sniproxy
Restart=always
User=root
Group=root

[Install]
WantedBy=multi-user.target

Detail setting is here

Important tips
Usually sniproxy will work with nginx, in seafile or sandstorm official sites’ documents, by default, nginx is deployed with these services on the same server. This saves a lot of configuration effort. But, if your nginx is deployed to another independent server, we need to configure the nginx with disabling the port_in_redirect parameter in location context. This will help to remove the port in url, such as 7443 which is sent from sniproxy.

transmission

Add Transmission PPA Repository

add-apt-repository ppa:transmissionbt/ppa
apt-get update

Install

apt-get install transmission-cli transmission-common transmission-daemon

Config

service transmission-daemon stop

/var/lib/transmission-daemon/info/settings.json

You need to modify the username/password, whitelist, default file directory and unmask parameters.

"rpc-password": "{62b16db87b89a91dd49a5110a7cafc06d20eb4f2wtK6kqPj",
"rpc-username": "transmission",
----------
"rpc-whitelist": "127.0.0.1,192.168.*.*",
----------
"umask": 2,

Web interface
http://server-ip:9091

Unbuntu transmission installation

Note
Need to setup the forward port on router, port 51413. Search how to port forward

Detail configuration item

Bandwidth

    alt-speed-enabled: Boolean (default = false, aka 'Turtle Mode')
    Note: Clicking the "Turtle" in the gui when the scheduler is enabled, will only temporarily remove the scheduled limit until the next cycle.
    alt-speed-up: Number (KB/s, default = 50)
    alt-speed-down: Number (KB/s, default = 50)
    speed-limit-down: Number (KB/s, default = 100)
    speed-limit-down-enabled: Boolean (default = false)
    speed-limit-up: Number (KB/s, default = 100)
    speed-limit-up-enabled: Boolean (default = false)
    upload-slots-per-torrent: Number (default = 14)

If in the log you met UDP Failed to set receive buffer: requested 4194304, got 425984 (tr-udp.c:84), please run the following command:

sysctl -w net.core.rmem_max=8388608
sysctl -w net.core.wmem_max=8388608

flexget

Linux installation
For the above steps, if you want to use plugins, please note:
virtualenv --system-site-packages ~/flexget/

To have flexget run as a system unit, the path is /lib/systemd/system.

[Unit](/Unit)
Description=Flexget Daemon
After=network.target

[Service](/Service)
Type=simple
User=root
Group=root
UMask=000
WorkingDirectory=/etc/flexget
ExecStart=/usr/bin/flexget daemon start
ExecStop=/usr/bin/flexget daemon stop
ExecReload=/usr/bin/flexget daemon reload

[Install](/Install)
WantedBy=multi-user.target

sudo mkdir /etc/flexget
sudo chown daemon:daemon /etc/flexget

You can now place your config.yml file in the /etc/flexget directory.

Enable or disable Flexget at boot using :

sudo systemctl enable flexget
sudo systemctl disable flexget

Read the systemd log:

journalctl --u flexget

config.yml

tasks:
  pt-task:
    rss: http://mysite.com/myfeed.rss
    accept_all: yes
    exists: /some/download/folder
    transmission:
      host: localhost
      port: 9091
      username: myusername
      password: mypassword
  cleanseed:
    from_transmission:
      host: localhost
      port: 9091
      username: myusername
      password: mypassword
      only_complete: yes
    disable: [seen, seen_info_hash]
    if:
      - transmission_progress == 100: accept
      - not transmission_seed_ratio_ok: reject
      - not transmission_idle_limit_ok: reject
      - transmission_date_done > now - timedelta(days=3): reject
    transmission:
      action: remove
schedules:
  - tasks: pt-task
    interval:
      minutes: 15
  - tasks: cleanseed
    interval:
      hours: 4

Transmission plugin config
Plugin list
If in the log you met Transmissionrpc module version 0.11 or higher required. in log, run the following command to install transmissionrpc.

pip install  transmissionrpc

seafile

Please refer this link
after seahub (web page) starts up, you have to modify the SERVICE_URL and FILE_SERVER_ROOT. For the site is behind nginx, FILE_SERVER_ROOT need to be configured as www.mydomain.com/seafhttp
Don’t forget to modify the file path in location section namedwith /media of nginx config file, if not, it could lead to the css file can’t be loaded correctly.
Create systemd service files, change ${seafile_dir} to your seafile installation location and seafile to user, who runs seafile (if appropriate). Then you need to reload systemd’s daemons: systemctl daemon-reload.
Create systemd service file /etc/systemd/system/seafile.service

[Unit]
Description=Seafile
# add mysql.service or postgresql.service depending on your database to the line below
After=network.target

[Service]
Type=oneshot
ExecStart=${seafile_dir}/seafile-server-latest/seafile.sh start
ExecStop=${seafile_dir}/seafile-server-latest/seafile.sh stop
RemainAfterExit=yes
User=seafile
Group=seafile

[Install]
WantedBy=multi-user.target

Create systemd service file /etc/systemd/system/seahub.service

[Unit]
Description=Seafile hub
After=network.target seafile.service

[Service]
# change start to start-fastcgi if you want to run fastcgi
ExecStart=${seafile_dir}/seafile-server-latest/seahub.sh start
ExecStop=${seafile_dir}/seafile-server-latest/seahub.sh stop
User=seafile
Group=seafile
Type=oneshot
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target

If seafile and nginx runs on different server, we can simplify the nginx configuration as following:

location / {
         proxy_pass http://serverip:8000;
         client_max_body_size 0;
         proxy_connect_timeout  36000s;
         proxy_read_timeout  36000s;
         
	     access_log      /var/log/nginx/seahub.access.log;
         error_log       /var/log/nginx/seahub.error.log;
     }

     location /seafhttp {
        rewrite ^/seafhttp(.*)$ $1 break;
        proxy_pass http://serverip:8082;
        client_max_body_size 0;
        proxy_connect_timeout  36000s;
        proxy_read_timeout  36000s;
        proxy_send_timeout  36000s;
        send_timeout  36000s;
     }

at the same time, we need to modify the config in seafile web, change SERVICE_URL to local ip and port, change FILE_SERVER_ROOT to domain name/seafhttp

Use systemctl enable seafile.service and seahub.service.

To add memcached, you need to run the following command

apt-get install libmemcached-dev
apt-get install memcached
apt-get install python-dev
pip install pylibmc
pip install django-pylibmc

then add the following snipet to seahub_settings.py

CACHES = {
    'default': {
        'BACKEND': 'django_pylibmc.memcached.PyLibMCCache',
        'LOCATION': '127.0.0.1:11211',
    }
}

Backup and Restore

rsync -az src dest

./seaf-fsck.sh --repair

Backup and Restore Ubuntu

Backup reference link

Backup Command

tar cvpzf backup.tgz --exclude=/proc --exclude=/lost+found --exclude=/backup.tgz --exclude=/mnt --exclude=/sys --exclude=/media /

cd /

The following is an exemplary command of how to archive your system.

tar -cvpzf backup.tar.gz --exclude=/backup.tar.gz --one-file-system /

–one-file-system - Do not include files on a different filesystem. If you want other filesystems, such as a /home partition, or external media mounted in /media backed up, you either need to back them up separately, or omit this flag. If you do omit this flag, you will need to add several more --exclude= arguments to avoid filesystems you do not want. These would be /proc, /sys, /mnt, /media, /run and /dev directories in root. /proc and /sys are virtual filesystems that provide windows into variables of the running kernel, so you do not want to try and backup or restore them. /dev is a tmpfs whose contents are created and deleted dynamically by udev, so you also do not want to backup or restore it. Likewise, /run is a tmpfs that holds variables about the running system that do not need backed up.

Restore Command

tar xvpfz backup.tar.gz -C /

If you change the hard drive, the uuid is changed, the restore will stop the system booting. There are two places need to use uuid, one is /etc/fstab, the other is /boot/grub/grub.cfg. If you use boot cd, you have to add /media/xxxx/ to the path to edit these two files. Use gksudo gedit to modify the files.
Or before restore the backup, you can backup the above two files by changing the filename to .bak. After restore, change back the two files’ name to original.

After reboot into system, you’d better run the following command.

sudo update-grub

Restore Grub

Pop in the Live CD, boot from it until you reach the desktop.
Open a terminal window or switch to a tty.
Type “grub”
Type “root (hd0,6)”, or whatever your harddisk + boot partition numbers are (my /boot is at /dev/sda7, which translates to hd0,6 for grub).
Type “setup (hd0)”, ot whatever your harddisk nr is.
Quit grub by typing “quit”.
Reboot.

Desktop crash restore

1. Try to open a terminal with Ctrl+Alt+T.
This may not work but you can try right clicking on the desktop and selecting "Open terminal here." Otherwise, you may need to change to a "hard" terminal by pressing Ctrl+Alt+F1 and log in.

2. Install compizconfig-settings-manager by running

    sudo apt-get install compizconfig-settings-manager

3. Then run it with this:

    DISPLAY=:0 ccsm &

The first part tells the terminal which display you want it to load on (otherwise it won't have a clue)

4. If you switched to a TTY in step 1, switch back to the graphical server by pressing Ctrl+Alt+F7 (or Ctrl+Alt+F8 sometimes).
There there should be a CompizConfig Settings Manager waiting for you.

5. Find the Unity plugin. Enable it. You will be asked "Ubuntu Unity Plugin requires the plugin OpenGL. Enable Ubuntu Unity Plugin / Enable OpenGL"

6. Everything should spring into life but if it doesn't, you might have to restart. You can do that by going back to the terminal and running

sudo reboot.

If you get to step 5 and don’t see unity on the list, try this: sudo apt-get -f install && sudo apt-get --reinstall install unity

Another way to reinstall the gnome desktop.

Try:

sudo apt-get remove ubuntu-desktop
sudo apt-get remove ubuntu-gnome-desktop

Do not restart. This could effectively leave your system without GUI.

sudo apt-get install ubuntu-gnome-desktop
sudo apt-get autoremove

This will install all the missing GNOME dependencies.

User and Group

Check one user’s user id, group id and groups it belongs to:

id userid

Add one existing user to a group

usermod -a -G groupName username

Maintain and audit

Apply the system updates:

sudo apt-get dist-upgrade

Check the login history:

sudo less /var/log/auth.log

Use the PID to find the process information.

ss -lptn 'sport=:80'
or
lsof -n -i :80|rep LISTEN
or
ps -p 1337 -o command=/sbin/init

Change time zone:

dpkg-reconfigure tzdata
timedatectl set-timezone Australia/Melbourne

Find out files that used most disk space
To list the top 10 largest files from the current directory:

du . | sort -nr | head -n10

To list the largest directories from the current directory:

du -s * | sort -nr | head -n10

Find the files larger than 10M

find / -size +10M -ls

Find the files larger than 10M less than 12M

find / -size +10M -size -12M -ls

Rasperberry pi clone sd card

use rpi-clone to clone the sd card to another device.
Backup the external hard drive by using rsync

rsync -axHAWXS --info=progress2 src dest

Raspberry enable ssh without head

go to boot drive
create a empty file named ssh

Raspberry change apt source

edit /etc/apt/sources.list
comment out the original source add the following

deb http://mirrors.tuna.tsinghua.edu.cn/raspbian/raspbian/ bullseyemain non-free contrib rpi
deb-src http://mirrors.tuna.tsinghua.edu.cn/raspbian/raspbian/ bullseye main non-free contrib rpi