Author Archive

Aug 12

Go Format Output Column Style

Similar to this article (using python) https://blog.ls-al.com/python-output-align-by-column/ I also did a quick Golang implementation.

It is not quite as done as I would like but it is reasonably close. Similar to the python article the idea is to use something like an array to store column header descriptions and a value on how long the output strings should be and use it for header printing as well as line output statements.

In addition I am doing some file operations here to create the output so the article has additional value.

package main

import (
  "path/filepath"
  "os"
  "flag"
  "fmt"
  "strconv"
)

type rec struct {
  fname, fsize string
}

var i int64
var files map[int64]rec
var FORMAT map[string]int 

func PadLeft(str, pad string, length int) string {
  for {
   str = pad + str
   if len(str) > length {
     return str[0:length]
   }
  }
}

func printHeader(FORMAT map[string]int) {
  for k, v := range FORMAT {
    fmt.Printf("%[1]*[2]s ",v ,k)    
  }
  fmt.Println()
  for k, v := range FORMAT {
    _ = k
    //fmt.Printf("% [1]*[2]s ",v, "#")
    fmt.Printf("%s   ",PadLeft("","#",v))    
  }
  fmt.Println()
}

func visit(path string, f os.FileInfo, err error) error {
  fi, e := os.Stat(path)
  if e != nil {
    return e
  }
  i = i + 1
  files[i] = rec{path, strconv.Itoa(int(fi.Size()))}
  return nil
} 

func main() {
  FORMAT := map[string]int{"File Size": 10, "File Name": 11}
  printHeader(FORMAT)
  files = make(map[int64]rec)
  flag.Parse()
  root := flag.Arg(0)
  err := filepath.Walk(root, visit)
  _ = err
  //fmt.Printf("filepath.Walk() returned %v\n", err)
  for k, v := range files {
    _ = k
    fmt.Printf("%[1]*[2]s   %[3]*[4]s\n", FORMAT["File Size"], v.fsize, FORMAT["File Name"], v.fname)
  }
}

Test Run

$ go run header.go /etc/default/
 File Size   File Name 
##########   ###########   
       346   /etc/default/acpid
       290   /etc/default/anacron
       209   /etc/default/saned
       149   /etc/default/apport
       132   /etc/default/speech-dispatcher

Comments Off on Go Format Output Column Style
comments

Posted in go

Aug 10

Go Associative Array

Jotting down my test to implement an associative array similar to as my python test here: https://blog.ls-al.com/python-dict-for-arrays/

In python I used dict and in go I used map.

$ pwd
/home/rrosso/src/examples

$ cat maps.go 
package main
import "fmt"
type rec struct {
	lname, fname string
}

var m map[string]rec

func main() {
	m = make(map[string]rec)
	m["1"] = rec{"Sable", "Sam",}
	m["2"] = rec{"Sable", "Samantha",}
	m["3"] = rec{"Sable", "Stevie",}

	fmt.Println(m)
	fmt.Println(m["2"])
	fmt.Println(m["3"].fname)
	fmt.Println()

        //simpler example no struct
	n := map[string]int{"foo": 1, "bar": 2}
    	fmt.Println("map:", n)
	fmt.Println("val:", n["bar"])
}

Output

$ go run maps.go 
map[1:{Sable Sam} 2:{Sable Samantha} 3:{Sable Stevie}]
{Sable Samantha}
Stevie

map: map[foo:1 bar:2]
val: 2

Comments Off on Go Associative Array
comments

Posted in go

Aug 10

Restic updates

If you are used to the way how easy rclone updates with a one-liner then this may help with restic also. Found it here: https://github.com/restic/restic/issues/1930

"just wanted to share a simple 4-line script to download and install the latest release of restic from Linux shell using cURL to /usr/local/bin:"

RESTIC_TAG_LATEST=$(curl --silent "https://api.github.com/repos/restic/restic/releases/latest" | grep -Po '"tag_name": "v\K.*?(?=")')
echo "Downloading and installing restic v$RESTIC_TAG_LATEST ..."
RESTIC_URL=https://github.com/restic/restic/releases/download/v${RESTIC_TAG_LATEST}/restic_${RESTIC_TAG_LATEST}_linux_amd64.bz2
sudo curl -L --silent ${RESTIC_URL} | bunzip2 > /usr/local/bin/restic

Comments Off on Restic updates
comments

Posted in restic

Aug 07

Object Storage with Duplicity and Rclone

At this point I prefer using restic for my object storage backup needs but since I did a POC for duplicity and specifically using rclone with duplicity I am writing down my notes. A good description of duplicity and restic here:

https://www.backblaze.com/blog/backing-linux-backblaze-b2-duplicity-restic/
We’re highlighting Duplicity and Restic because they exemplify two different philosophical approaches to data backup: “Old School” (Duplicity) vs “New School” (Restic).

Since I am doing my tests with Oracle Cloud Infrastructure (OCI) Object Storage and so far it's Amazon S3 Compatibility Interface does not work out of the box with most tools except with rclone, I am using rclone as a backend. With restic using rclone as a back-end worked pretty smooth but duplicity does not have good rclone support so I used a python back-end written by Francesco Magno and hosted here: https://github.com/GilGalaad/duplicity-rclone/blob/master/README.md

I had a couple issues with getting duplicity to work with this back-end so I will show how to get around it.

First:
1. Make sure rclone is working with your rclone config and can at least "ls" your bucket.
2. Setup a gpg key.
3. Copy rclonebackend.py to duplicity backends folder. In my case /usr/lib64/python2.7/site-packages/duplicity/backends

# PASSPHRASE="mypassphrase" duplicity --encrypt-key 094CA414 /tmp rclone://mycompany-POC-phoenix:dr01-duplicity
InvalidBackendURL: Syntax error (port) in: rclone://mycompany-POC-phoenix:dr01-duplicity AFalse BNone Cmycompany-POC-phoenix:dr01-duplicity

## Hack backends.py

# diff /usr/lib64/python2.7/site-packages/duplicity/backend.py /tmp/backend.py 
303c303
< if not (self.scheme in ['rsync'] and re.search('::[^:]*$', self.url_string) or (self.scheme in ['rclone']) ): --- >             if not (self.scheme in ['rsync'] and re.search('::[^:]*$', self.url_string)):

# PASSPHRASE="mypassphrase" duplicity --encrypt-key 094CA414 /tmp rclone://mycompany-POC-phoenix:dr01-duplicity
Local and Remote metadata are synchronized, no sync needed.
Last full backup date: none
No signatures found, switching to full backup.
--------------[ Backup Statistics ]--------------
StartTime 1533652997.49 (Tue Aug  7 14:43:17 2018)
EndTime 1533653022.35 (Tue Aug  7 14:43:42 2018)
ElapsedTime 24.86 (24.86 seconds)
SourceFiles 50
SourceFileSize 293736179 (280 MB)
NewFiles 50
NewFileSize 136467418 (130 MB)
DeletedFiles 0
ChangedFiles 0
ChangedFileSize 0 (0 bytes)
ChangedDeltaSize 0 (0 bytes)
DeltaEntries 50
RawDeltaSize 293723433 (280 MB)
TotalDestinationSizeChange 279406571 (266 MB)
Errors 0
-------------------------------------------------

# rclone ls mycompany-POC-phoenix:dr01-duplicity
  1773668 duplicity-full-signatures.20180807T144317Z.sigtar.gpg
      485 duplicity-full.20180807T144317Z.manifest.gpg
209763240 duplicity-full.20180807T144317Z.vol1.difftar.gpg
 69643331 duplicity-full.20180807T144317Z.vol2.difftar.gpg

# PASSPHRASE="mypassphrase" duplicity --encrypt-key 094CA414 collection-status rclone://mycompany-POC-phoenix:dr01-duplicity
Last full backup date: Tue Aug  7 14:43:17 2018
Collection Status
-----------------
Connecting with backend: BackendWrapper
Archive dir: /root/.cache/duplicity/df529824ba5d10f9e31329e440c5efa6

Found 0 secondary backup chains.

Found primary backup chain with matching signature chain:
-------------------------
Chain start time: Tue Aug  7 14:43:17 2018
Chain end time: Tue Aug  7 14:50:12 2018
Number of contained backup sets: 2
Total number of contained volumes: 3
 Type of backup set:                            Time:      Num volumes:
                Full         Tue Aug  7 14:43:17 2018                 2
         Incremental         Tue Aug  7 14:50:12 2018                 1
-------------------------
No orphaned or incomplete backup sets found.

Comments Off on Object Storage with Duplicity and Rclone
comments

Posted in Dupliciti, OCI, rclone

Aug 03

Object Storage with Restic and Rclone

I have been playing around with some options to utilize Object Storage for backups. Since I am working on Oracle Cloud Infrastructure (OCI) I am doing my POC using the OCI Object Storage. OCI object storage does have Swift and S3 Compatibility API's to interface with. Of course if you want commercial backups many of them can use object storage as back-ends now so that would be the correct answer. If your needs does not warrant commercial backups solutions you can try several things. A few options I played with.

1. Bareos server/client with the object storage droplet. Not working reliably. Too experimental with droplet?
2. Rclone and using tar to pipe with rclone's rcat feature. This works well but is not a backup solution as in incrementals etc.
3. Duplicati. In my case using rclone as connection since S3 interface on OCI did not work.
4. Dupliciti. Could not get this one to work to S3 interface on OCI.
5. Restic. In my case using rclone as connection since S3 interface on OCI did not work.

So far duplicati was not bad but had some bugs. It is beta software so probably should expect problems. Restic is doing a good job so far and I show a recipe of my POC below:

Out of scope is setting up rclone, rclone.conf. Make sure you test that rclone is accessing your bucket first.

Restic binary

# wget https://github.com/restic/restic/releases/download/v0.9.1/restic_0.9.1_linux_amd64.bz2
2018-08-03 10:25:10 (3.22 MB/s) - ‘restic_0.9.1_linux_amd64.bz2’ saved [3786622/3786622]
# bunzip2 restic_0.9.1_linux_amd64.bz2 
# mv restic_0.9.1_linux_amd64 /usr/local/bin/
# chmod +x /usr/local/bin/restic_0.9.1_linux_amd64 
# mv /usr/local/bin/restic_0.9.1_linux_amd64 /usr/local/bin/restic
# /usr/local/bin/restic version
restic 0.9.1 compiled with go1.10.3 on linux/amd64

Initialize repo

# rclone ls s3_servers_phoenix:oci02a
# export RESTIC_PASSWORD="WRHYEjblahblah0VWq5qM"
# /usr/local/bin/restic -r rclone:s3_servers_phoenix:oci02a init
created restic repository 2bcf4f5864 at rclone:s3_servers_phoenix:oci02a

Please note that knowledge of your password is required to access
the repository. Losing your password means that your data is
irrecoverably lost.

# rclone ls s3_servers_phoenix:oci02a
      155 config
      458 keys/530a67c4674b9abf6dcc9e7b75c6b319187cb8c3ed91e6db992a3e2cb862af63

Run a backup

# time /usr/local/bin/restic -r rclone:s3_servers_phoenix:oci02a backup /opt/applmgr/12.2
repository 2bcf4f58 opened successfully, password is correct

Files:       1200934 new,     0 changed,     0 unmodified
Dirs:            2 new,     0 changed,     0 unmodified
Added:      37.334 GiB

processed 1200934 files, 86.311 GiB in 1:31:40
snapshot af4d5598 saved

real	91m40.824s
user	23m4.072s
sys	7m23.715s

# /usr/local/bin/restic -r rclone:s3_servers_phoenix:oci02a snapshots
repository 2bcf4f58 opened successfully, password is correct
ID        Date                 Host              Tags        Directory
----------------------------------------------------------------------
af4d5598  2018-08-03 10:35:45  oci02a              /opt/applmgr/12.2
----------------------------------------------------------------------
1 snapshots

Run second backup

# /usr/local/bin/restic -r rclone:s3_servers_phoenix:oci02a backup /opt/applmgr/12.2
repository 2bcf4f58 opened successfully, password is correct

Files:           0 new,     0 changed, 1200934 unmodified
Dirs:            0 new,     0 changed,     2 unmodified
Added:      0 B  

processed 1200934 files, 86.311 GiB in 47:46
snapshot a158688a saved

Example cron entry

# crontab -l
05 * * * * /usr/local/bin/restic -r servers_phoenix:oci02a backup -q /usr; /usr/local/bin/restic -r servers_phoenix:oci02a forget -q --prune --keep-hourly 2 --keep-daily 7

Comments Off on Object Storage with Restic and Rclone
comments

Posted in Backups, OCI, rclone, restic

Jul 20

Bash Date Usage For Naming

I am recording some scripting I used to create backup classification/retention naming. It can be simplified into one function easily but I kept it like this so I can copy and paste easier which function I need. Script is pretty self explanatory but basically it takes today's date and name my eventual backup file name based on some logic.

# cat test_class.sh 
HOSTNAME=$(hostname -s)
BACKUP_CLASSIFICATION="UNCLASSIFIED"

function retention_date() {
  MM=`date -d ${1} +%m`
  DD=`date -d ${1} +%d`
  DAY=`date -d ${1} +%u`

  if [ $DD == 01 ]
  then
     if [ $MM == 01 ]
     then
       BACKUP_CLASSIFICATION="YEARLY"
     else
       BACKUP_CLASSIFICATION="MONTHLY"
     fi
  else
    if (($DAY == 7)); then
     BACKUP_CLASSIFICATION="WEEKLY"
    else
     BACKUP_CLASSIFICATION="DAILY"
    fi
  fi

}

function retention_today() {
  MM=`date '+%m'`
  DD=`date '+%d'`
  DAY=`date +%u`
  
  if [ $DD == 01 ]
  then
     if [ $MM == 01 ]
     then
       BACKUP_CLASSIFICATION="YEARLY"
     else
       BACKUP_CLASSIFICATION="MONTHLY"
     fi
  else
    if (($DAY == 7)); then
     BACKUP_CLASSIFICATION="WEEKLY"
    else
     BACKUP_CLASSIFICATION="DAILY"
    fi
  fi

}

echo "TEST TODAY"
DATE=`date +%Y-%m-%d`
retention_today
echo $HOSTNAME-$BACKUP_CLASSIFICATION-$DATE
  
echo 
echo "TEST SPECIFIC DATES"
testD=(
 '2018-01-01'
 '2018-02-02'
 '2018-03-01'
 '2018-02-06'
 '2018-07-14'
 '2018-07-15'
)

for D in "${testD[@]}"
do
  DATE=`date -d ${D} +%Y-%m-%d`
  retention_date $D
  echo $HOSTNAME-$BACKUP_CLASSIFICATION-$DATE
done

Run and output.

# ./test_class.sh 
TEST TODAY
oci04-DAILY-2018-07-20

TEST SPECIFIC DATES
oci04-YEARLY-2018-01-01
oci04-DAILY-2018-02-02
oci04-MONTHLY-2018-03-01
oci04-DAILY-2018-02-06
oci04-DAILY-2018-07-14
oci04-WEEKLY-2018-07-15

Comments Off on Bash Date Usage For Naming
comments

Posted in Backups, Bash

Jul 18

Tar to Object Storage Using rclone

Sometimes using curl and uploading/downloading with an object storage back end will work just fine but in this case I was looking to tar straight into object storage. One option is using rclone with the rcat command. Some example below.

This test was done using Oracle Cloud Infrastructure Object Storage with an Amazon S3 Compatibility API Key. This test consists of:
- 2 196 914 files
- size using df -h 122G
- local tar/gzip file for comparison 52G
- correct rclone.conf setup for the API Key and OCI policies if required for this user

# rclone ls s3_servers_ashburn:SERVERS
 10738097 oci01-20180717_/etc.tgz
  2132252 oci01-20180718_/home/opc.tgz
   286946 oci01-20180717_/home/opc/terraform.tgz

# time tar zcpf - /opt/app2/12.2 | rclone rcat s3_servers_ashburn:SERVERS/oci01-20180718_/opt/app2/12.2.tgz
tar: Removing leading `/' from member names
real	149m48.812s
user	78m13.544s
sys	11m42.817s

# rclone ls s3_servers_ashburn:SERVERS
 10738097 oci01-20180717_/etc.tgz
  2132252 oci01-20180718_/home/opc.tgz
40476682243 oci01-20180718_/opt/app2/12.2.tgz
   286946 ocil01-20180717_/home/opc/terraform.tgz

Comments Off on Tar to Object Storage Using rclone
comments

Posted in rclone

Jul 09

SSH Tunnel Proxy Traffic and Bastion

Sometimes you need to test a protocol and only have SSH access through a bastion host. You can display X back for example firefox or you can route traffic through a SSH tunnel. Here is a couple examples:

1. Display back should be fairly common and I don't need to elaborate much. Use -X and connect to the host with firefox.

$ ssh -X -F M-config ociserver1
Last login: Mon Jul  9 07:46:39 2018 from desk01
$ firefox

URL works http://ebs.domain1.com:8000/OA_HTML/OA.jsp?OAFunc=OASIMPLEHOMEPAGE

2. SSH Tunnel

$ ssh -L8000:10.35.6.4:8000 -i oci-M opc@pub.lic.ip.address
Last login: Mon Jul  9 07:36:01 2018 from c-desktop

$ grep ebs /etc/hosts
127.0.0.1 ebs.domain1.com

URL works http://ebs.domain1.com:8000/OA_HTML/OA.jsp?OAFunc=OASIMPLEHOMEPAGE

Comments Off on SSH Tunnel Proxy Traffic and Bastion
comments

Posted in SSH

Jun 01

Amazon Linux 2 Image and LAMP

I recently migrated a LAMP server from Amazon Linux to an Amazon Linux 2 image.  Several reasons for why I needed this including it has systemd.

More here: https://aws.amazon.com/amazon-linux-2/

High level steps around mysql database, wordpress and static html migration was pretty smooth as I have done this multiple times. The only notable things to report on were:
1. You are probably going from a php5.x world to php7.x world and that could cause a few problems. In my case some older php gallery software threw multiple DEPRECATED problem so I had to work through them case by case.
2. I had a problem with php and mpm.
3. Certbot/Let's Encrypt does not recognize Amazon Linux 2 from /etc/issue and fails.

LAMP Install:

Pretty much followed this without issues.

# yum update -y
# amazon-linux-extras install lamp-mariadb10.2-php7.2
# yum install -y httpd php mariadb-server php-mysqlnd
# systemctl enable httpd
# usermod -a -G apache ec2-user
# chown -R ec2-user:apache /var/www
# chmod 2775 /var/www && find /var/www -type d -exec sudo chmod 2775 {} \;
# find /var/www -type f -exec sudo chmod 0664 {} \;
# echo "<?php phpinfo(); ?>" > /var/www/html/phpinfo.php

MPM Issue:

There may be other or better ways to solve this I have not had time to investigate further.

# systemctl start httpd
Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.

# systemctl status httpd.service -l
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
  Drop-In: /usr/lib/systemd/system/httpd.service.d
           └─php-fpm.conf
   Active: failed (Result: exit-code) since Tue 2018-05-29 13:35:34 UTC; 1min 21s ago
     Docs: man:httpd.service(8)
  Process: 12701 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
 Main PID: 12701 (code=exited, status=1/FAILURE)

May 29 13:35:34 ip-172-31-48-7.ec2.internal systemd[1]: Starting The Apache HTTP Server...
May 29 13:35:34 ip-172-31-48-7.ec2.internal httpd[12701]: [Tue May 29 13:35:34.378884 2018] [php7:crit] [pid 12701:tid 140520257956032] Apache is running a threaded MPM, but your PHP Module is not compiled to be threadsafe.  You need to recompile PHP.
May 29 13:35:34 ip-172-31-48-7.ec2.internal httpd[12701]: AH00013: Pre-configuration failed

# pwd
/etc/httpd/conf.modules.d

# cp 00-mpm.conf /tmp
# vi 00-mpm.conf 
# diff 00-mpm.conf /tmp/00-mpm.conf 
11c11
< LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
---
> #LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
23c23
< #LoadModule mpm_event_module modules/mod_mpm_event.so
---
> LoadModule mpm_event_module modules/mod_mpm_event.so

# systemctl restart httpd

# ps -ef | grep http
root      9735     1  0 13:42 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
apache    9736  9735  0 13:42 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
apache    9737  9735  0 13:42 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
apache    9738  9735  0 13:42 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
apache    9739  9735  0 13:42 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
apache    9740  9735  0 13:42 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND

CERTBOT:

On the old server delete certs.

# /opt/eff.org/certbot/venv/local/bin/certbot delete
[..]
-------------------------------------------------------------------------------
Deleted all files relating to certificate blog.domain.com.
-------------------------------------------------------------------------------

On the new server install certs.

# yum install mod_ssl

# wget https://dl.eff.org/certbot-auto
# chmod a+x certbot-auto 
# ./certbot-auto --debug

Sorry, I don't know how to bootstrap Certbot on your operating system!

Work around the fact that certbot does not know about Amazon Linux 2 yet.

# yum install python-virtualenv python-augeas
# ./certbot-auto --debug --no-bootstrap
Creating virtual environment...
Installing Python packages...
Installation succeeded.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Error while running apachectl configtest.

AH00526: Syntax error on line 100 of /etc/httpd/conf.d/ssl.conf:
SSLCertificateFile: file '/etc/pki/tls/certs/localhost.crt' does not exist or is empty


How would you like to authenticate and install certificates?
-------------------------------------------------------------------------------
1: Apache Web Server plugin - Beta (apache) [Misconfigured]
2: Nginx Web Server plugin - Alpha (nginx)
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1

-------------------------------------------------------------------------------
The selected plugin encountered an error while parsing your server configuration
and cannot be used. The error was:

Error while running apachectl configtest.

AH00526: Syntax error on line 100 of /etc/httpd/conf.d/ssl.conf:
SSLCertificateFile: file '/etc/pki/tls/certs/localhost.crt' does not exist or is
empty

Have to fix ssl first apparently certbot need a generic localhost cert.

# openssl req -new -x509 -nodes -out localhost.crt -keyout localhost.key

# mv localhost.crt localhost.key /etc/pki/tls/certs/
# mv /etc/pki/tls/certs/localhost.key /etc/pki/tls/private/

# systemctl restart httpd

Now try again.

# ./certbot-auto --debug --no-bootstrap
Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate and install certificates?
-------------------------------------------------------------------------------
1: Apache Web Server plugin - Beta (apache)
2: Nginx Web Server plugin - Alpha (nginx)
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): E@MAIL.com
[..]

Which names would you like to activate HTTPS for?
-------------------------------------------------------------------------------
1: blog.domain.com
-------------------------------------------------------------------------------
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for blog.domain.com
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/httpd/conf.d/vhost-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/conf.d/vhost-le-ssl.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Redirecting vhost in /etc/httpd/conf.d/vhost.conf to ssl vhost in /etc/httpd/conf.d/vhost-le-ssl.conf

-------------------------------------------------------------------------------
Congratulations! You have successfully enabled https://blog.domain.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=blog.domain.com
-------------------------------------------------------------------------------
[..]

Test your site here:
https://www.ssllabs.com/ssltest/analyze.html?d=blog.domain.com&latest

Comments Off on Amazon Linux 2 Image and LAMP
comments

Posted in AWS, Certbot, Linux

May 22

Rsync Plus SSH Config

Sometimes you need to use settings from the ssh config file or in my case a custom config file.  Here is a quick note on how I did it.

Example without SSH config just using the key and user@publicIP

$ pwd
/home/rrossouw/.ssh

$ rsync -avz --exclude "env-vars" -e "ssh -i /media/sf_DATA/ssh-keys/oci-mgmt" /media/sf_DATA/src/terraform/* opc@pu.blic.ip:~/terraform/
sending incremental file list
devtest/lb_private.tf

sent 2,650 bytes  received 91 bytes  1,096.40 bytes/sec
total size is 1,343,000  speedup is 489.97

Example with SSH config

$ pwd
/home/rrossouw/.ssh

$ rsync -avz --exclude "env-vars" -e "ssh -F My-config" /media/sf_DATA/src/terraform/* jump01:~/terraform/
sending incremental file list

sent 2,607 bytes  received 32 bytes  1,759.33 bytes/sec
total size is 1,343,000  speedup is 508.90

Comments Off on Rsync Plus SSH Config
comments

Posted in rsync, SSH

« Older Entries
Newer Entries »