Skip to content


Docker error on ubuntu 24.04.1

Error response from daemon: Cannot kill container: 

If you find that docker gives an error when trying to restart or in my case, watchtower updated the docker image but could not restart the docker container and then clear the old image, then you can fix by fixing apparmor which is causing this issue.

sudo aa-remove-unknown
sudo apt purge –auto-remove apparmor
sudo service docker restart
sudo apt install apparmor snapd firefox squashfs-tools

Posted in Uncategorized.


How to move a docker container

  1. Export the container to a tarball docker export <CONTAINER ID> > /home/export.tar
  2. Move your tarball to new machine
  3. Import it back cat /home/export.tar | docker import - some-name:latest
  4. Copy config files and docker-compose file and then start the docker container
  5. clean up any extra image files if not being used.

Posted in Uncategorized.


How to fix permissions on wordpress docker file system

docker exec -t -i mycontainer /bin/bash
cd .. (so you see the html folder)
chown -R www-data:www-data html

Posted in Uncategorized.


edgerouter

#edgerouter

Create CA
First, you’ll need to become root.

sudo su –
Next, move into the necessary directory and create a new CA certificate.

cd /usr/lib/ssl/misc/
./CA.sh -newca
Once this completes, you’ll have a new directory called demoCA. The two most important files in here are as follows:

private/cakey.pem – This is the private key for your CA (keep this secret)
cacert.pem – This the public key for your CA (you’ll be giving this out to your clients)
Create server certificate
Next, we’ll generate a public/private key for the server. The Common Name (CN) of your server certificate should be something unique (I used my dynamic DNS name).

./CA.sh -newreq
Once this completes, you’ll have two new files, as follows:

newkey.pem – This is the private key for your server (keep this secret)
newreq.pem – This is the unsigned public key of the server (this needs to be signed by your CA)
Now, sign the request.

./CA.sh -sign
You’ll have one more file, shown below.

newcert.pem – This is the public key for your server
Move files
I recommend moving the important files to a directory where they won’t be wiped out during a firmware upgrade. In addition to moving the files, we’re also renaming them.

cp /usr/lib/ssl/misc/demoCA/cacert.pem /config/auth/
cp /usr/lib/ssl/misc/demoCA/private/cakey.pem /config/auth/
mv /usr/lib/ssl/misc/newcert.pem /config/auth/host.pem
mv /usr/lib/ssl/misc/newkey.pem /config/auth/host.key
DH parameters
Next, generate Diffie-Hellman (DH) parameters to ensure Perfect Forward Secrecy (PFS). Expect this to take 5-10 minutes with one CPU at 100%.

openssl dhparam -out /config/auth/dh2048.pem -2 2048
A good explanation of DH parameters and why you need them is located here.

Create user certificate(s)
Next, generate a request and sign it for a new user certificate. The Common Name (CN) of your user certificate should be something unique (I used my client’s host name).

./CA.sh -newreq
./CA.sh -sign
Move the new files into your preserved directory while renaming them.

mv newcert.pem /config/auth/client1.pem
mv newkey.pem /config/auth/client1.key
Repeat this as necessary for each client.

Decrypt keys
You’ll need to remove the password from the host and client(s) keys so that OpenVPN can run in interactive mode.

openssl rsa -in /config/auth/host.key -out /config/auth/host-decrypted.key
openssl rsa -in /config/auth/client1.key -out /config/auth/client1-decrypted.key
Repeat this as necessary for each client(s).

EdgeRouter setup
First, I would recommend exiting back to the normal ubnt user.

exit
whoami

Create interface
Now, we’ll need to create a new interface for the VPN and set a few settings.

configure
set interfaces openvpn vtun0
set interfaces openvpn vtun0 description “OpenVPN server”
set interfaces openvpn vtun0 mode server
set interfaces openvpn vtun0 encryption aes256
set interfaces openvpn vtun0 hash sha256
set interfaces openvpn vtun0 server subnet 192.168.105.0/24
set interfaces openvpn vtun0 server push-route 192.168.5.0/24
set interfaces openvpn vtun0 server name-server 192.168.5.254
set interfaces openvpn vtun0 tls ca-cert-file /config/auth/cacert.pem
set interfaces openvpn vtun0 tls cert-file /config/auth/host.pem
set interfaces openvpn vtun0 tls key-file /config/auth/host-decrypted.key
set interfaces openvpn vtun0 tls dh-file /config/auth/dh2048.pem
set interfaces openvpn vtun0 openvpn-option “–port 1194”
set interfaces openvpn vtun0 openvpn-option –tls-server
set interfaces openvpn vtun0 openvpn-option “–comp-lzo yes”
set interfaces openvpn vtun0 openvpn-option –persist-key
set interfaces openvpn vtun0 openvpn-option –persist-tun
set interfaces openvpn vtun0 openvpn-option “–keepalive 10 120”
set interfaces openvpn vtun0 openvpn-option “–user nobody”
set interfaces openvpn vtun0 openvpn-option “–group nogroup”
commit
save

Setup firewall
We’ll need to open a port in the firewall for OpenVPN. If you’re not using the standard port (1194), change it appropriately.

configure
set firewall name WAN_LOCAL rule 50 action accept
set firewall name WAN_LOCAL rule 50 description “OpenVPN”
set firewall name WAN_LOCAL rule 50 destination port 1194
set firewall name WAN_LOCAL rule 50 log enable
set firewall name WAN_LOCAL rule 50 protocol udp
commit
save
Set DNS
Tell DNS to listen for requests on the new vtun0 interface.

configure
set service dns forwarding listen-on vtun0
commit
save
Setup client configuration
The client configuration will vary from client-to-client, but the configuration below should work for Android phones or Linux clients. If you’re using Windows, you’re going to have a tougher time, because it needs some extra options.

Posted in HowTo, Uncategorized.

Tagged with .


media box build list(update June 2018)

media box build list(update June 2018)

setup influxdb and Grafana for smarthings
copy files
setup nfs
setup samba
setup apache
-setup mysql
-setup phpmysql
setup websites
setup mythtv
setup cron jobs
setup plex
setup ssl
-setup email server
-setup unifi and attach aps to it
https://help.ubnt.com/hc/en-us/articles/220066768-UniFi-How-to-Install-Update-via-APT-on-Debian-or-Ubuntu
echo ‘deb http://www.ubnt.com/downloads/unifi/debian stable ubiquiti’ | sudo tee /etc/apt/sources.list.d/100-ubnt-unifi.list
apt-key adv –keyserver keyserver.ubuntu.com –recv 06E85760C0A52C50
apt-get update
apt-get install openjdk-8-jdk-headless openjdk-8-jre-headless; update-alternatives –config java
apt-get install unifi
https://community.ubnt.com/t5/UniFi-Routing-Switching/MongoDB-3-6/td-p/2195435/page/2
setup awstats
setup cacti
direct all computers to new server
direct all nfs mounts to new server
sync 1s and 2s
unmount 1s and 2s and mount 1s as local file system
direct all internet traffic to media
start cron sync job and verify
stop cron jobs on old vm
backup new vm
turn off old vm
delete old vms

Posted in Uncategorized.


esxi 6.0

patching
https://esxi-patches.v-front.de/ESXi-6.0.0.html

update 1a
esxcli software profile update -p ESXi-6.0.0-20151004001-standard
-d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml

11/25/2016
esxcli software profile update -p ESXi-6.0.0-20151104001-standard
-d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml

update 1b
esxcli software profile update -p ESXi-6.0.0-20160104001-standard
-d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml

esxcli software profile update -p ESXi-6.0.0-20160101001s-standard
-d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml

2/23/2016
esxcli software profile update -p ESXi-6.0.0-20160204001-standard
-d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml

Posted in Uncategorized.


freenas

#freenas

Speedup nfs access
vfs.zfs.cache_flush_disable value 1 Type loader
zfs.cache_flush_disable value 1 Type loader

owncloud
edit /mnt/v1/Jail/owncloud_1/usr/pbi/owncloud-amd64/www/owncloud/.htaccess
to increase file limits

add server name to config
edit /mnt/v1/Jail/owncloud_1/usr/pbi/owncloud-amd64/www/owncloud/config/config.php
example add 1 => ‘files.newy.org’,

Posted in Uncategorized.

Tagged with .


edgerouter copy restart

#edgerouter

when upgrading the edgerouter lite work on the following
right after the upgrade
apt-get update
apt-get install rsync iftop iptraf vnstat nano

webvnstat config:
ln -s /config/newy/vnstat /var/www/htdocs/stat

Verify the first line is in the /etc/lighttpd/lighttpd.conf file after the upgrade

url.rewrite-once = (
“^/stat/(.*)” => “/stat/$1”,
“^(/(lib|media|ws|tests)/.*)” => “$0”,
“^/([^\?]+)(\?(.*))?$” => “/index.php/$1?$3”
)

restart lighttpd:
sudo kill -SIGTERM $(cat /var/run/lighttpd.pid)
sudo /usr/sbin/lighttpd -f /etc/lighttpd/lighttpd.conf
verify https://gw5.newy.org/stat/index.php

contents of /config/scripts/firstboot.d/postinstall.sh

#!/bin/bash

doneit=’/var/lib/my_packages’
packages=’rsync iftop iptraf vnstat nano’

if [ -e $doneit ]; then
exit 0;
fi

#copy old vnstat data
cp -a /root.dev/w.o/var/lib/vnstat /var/lib/

apt-get update
apt-get install -y $packages
if [ $? == 0 ]; then
echo package install successful
touch $doneit
else
echo package install failed
fi
exit 0

#restart vnstat
service vnstat restart

Posted in Uncategorized.

Tagged with , , .


ubuntu zfs

#ubuntu
#zfs

ZFS on linux http://zfsonlinux.org/
https://launchpad.net/~zfs-native/+archive/stable
sudo apt-add-repository ppa:zfs-native/stable && sudo apt-get update
sudo apt-get install ubuntu-zfs zfs-auto-snapshot
commands: https://wiki.ubuntu.com/ZFS/ZPool

Posted in Uncategorized.

Tagged with , .


edgerouter

#edgerouter
This assumes your wan interfaces is eth0 and your lan interface is eth1

1. sudo vi /etc/sysctl.conf

Add the following lines:
net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.eth0.accept_ra = 2

2. Load your changes:
sudo sysctl -p /etc/sysctl.conf

3. Setup the wide-dhcpv6 client
sudo vi /etc/wide-dhcpv6/dhcp6c.conf

Add the following at the end:
interface eth0 {
send ia-pd 0;
request domain-name-servers;
};

id-assoc pd 0 {
prefix-interface eth1 {
sla-id 1;
sla-len 0;
};
};

4. Start wide-dhcpv6:
sudo /etc/init.d/wide-dhcpv6-client start

Check your eth1 interface for an IPv6 address..
sudo ipconfig
Look for lines like…
inet6 addr: fe80::618:d6ff:fef0:7744/64 Scope:Link
inet6 addr: 2602:306:bdbe:966f:xxxx:xxxx:xxxx:xxxx/64 Scope:Global

5. Set up radvd
Use the following commands:
configure
set interfaces ethernet eth1 ipv6 router-advert prefix ::/64
commit

Workstations should now get addresses and all should be well.

Posted in Uncategorized.

Tagged with .