Nothing for me to add, found a really good guide:
https://www.grounation.org/index.php?post/2008/07/04/8-how-to-use-a-tpm-with-linux
Tuesday, July 21, 2009
Sunday, July 19, 2009
Using stunnel to connect to gmail imaps/pop3s
# Useful for clients/daemons that can't imaps/pop3s.
# Axigen mail server can't migrate imaps mailboxes for example.
# stunnel.conf
sslVersion = SSLv3
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
debug = 0
output = /var/log/stunnel4/stunnel.log
client = yes
[pop3s]
accept = 110
connect = pop.gmail.com:995
[imaps]
accept = 143
connect = imap.gmail.com:993
# Axigen mail server can't migrate imaps mailboxes for example.
# stunnel.conf
sslVersion = SSLv3
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
debug = 0
output = /var/log/stunnel4/stunnel.log
client = yes
[pop3s]
accept = 110
connect = pop.gmail.com:995
[imaps]
accept = 143
connect = imap.gmail.com:993
Saturday, July 18, 2009
Generate .CSV file of MySQL results
SELECT foo, bar INTO OUTFILE '/some/file.csv' FIELDS TERMINATED BY ',' ENCLOSED BY '"' LINES TERMINATED BY '\n' FROM t1 WHERE ...
iptables NAT port forward
# The port forwarding
iptables -t nat -A PREROUTING -i ethX -p tcp -m tcp --dport 12345 \
-j DNAT --to-destination 10.10.10.10:12345
# The masquerade
iptables -t nat -A POSTROUTING -o ethX -j MASQUERADE
# Don't forget to turn on ip_forwarding:
sysctl -w net.ipv4.conf.ethX.forwarding=1
iptables -t nat -A PREROUTING -i ethX -p tcp -m tcp --dport 12345 \
-j DNAT --to-destination 10.10.10.10:12345
# The masquerade
iptables -t nat -A POSTROUTING -o ethX -j MASQUERADE
# Don't forget to turn on ip_forwarding:
sysctl -w net.ipv4.conf.ethX.forwarding=1
Self-signed Apache style SSL Certificate
# Generate the key
openssl genrsa -des3 -out myhost.com.key 1024
# Generate the Certificate Signing Request
openssl req -new -key myhost.com.key -out myhost.com.csr
# Generate a Self-Signed SSL Certificate
openssl x509 -req -days 365 -in myhost.com.csr -signkey myhost.com.key -out myhost.com.crt
openssl genrsa -des3 -out myhost.com.key 1024
# Generate the Certificate Signing Request
openssl req -new -key myhost.com.key -out myhost.com.csr
# Generate a Self-Signed SSL Certificate
openssl x509 -req -days 365 -in myhost.com.csr -signkey myhost.com.key -out myhost.com.crt
Friday, July 17, 2009
create a ramdisk for fast read/write access
ramfs grows dynamically, tmpfs doesn't. tmpfs uses the swap if you exceed the size specified, while ramfs doesn't. For an application like varnish, you can set a fixed size of the cache, so it _should_ not be a problem.
# example of mount
mount -t ramfs none /tmp/varnish -o size=1024m
# for fstab
cache /tmp/varnish ramfs defaults 0 0
# example of mount
mount -t ramfs none /tmp/varnish -o size=1024m
# for fstab
cache /tmp/varnish ramfs defaults 0 0
Subscribe to:
Posts (Atom)