# for i in proc sys dev; do mount --rbind /$i /mnt/$i ; done
Scharmlos geklaut aus dem SUSE Wiki. :-)
Autorarchive: André P.
Snippet: Windows DNS Cache deaktivieren/aktivieren
Deaktivieren:
reg add "HKLM\System\CurrentControlSet\Services\Dnscache" /v "Start" /t REG_DWORD /d "4" /f
Aktivieren:
reg add "HKLM\System\CurrentControlSet\Services\Dnscache" /v "Start" /t REG_DWORD /d "2" /f
Snippet: GoCryptFS kompilieren (für HW-beschleunigtes AES) und Systemd Dienst einrichten
Wichtig: Nach der Initialisierung den Master-Key sicher speichern!
# 1.
yum install openssl-devel fuse
# 2.
go get -d github.com/rfjakob/gocryptfs
cd $(go env GOPATH)/src/github.com/rfjakob/gocryptfs
./build.bash
cp gocryptfs /usr/local/bin/
# 3.
mkdir -p /data/{crypted,decrypted}
# 4.
if [ ! -f /data/crypted/gocryptfs.conf ]; then
if ! gocryptfs -init /data/crypted; then
echo "cannot init /data/crypted directory, skipping"
fi
else
echo "/data/crypted is an initialized gocryptfs directory"
fi
# 5.
systemctl stop gocryptfs
# 6.
cat << 'EOF' > /etc/systemd/system/gocryptfs.service
[Unit]
Description=gocryptfs Mount Unit
Requires=network.target local-fs.target
After=network.target local-fs.target
[Service]
Type=forking
ExecStart=/usr/local/bin/gocryptfs -extpass "systemd-ask-password GoCryptFS:" -allow_other /data/crypted/ /data/decrypted/
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
# Do not start on boot
systemctl disable gocryptfs
# 7.
until systemctl start gocryptfs; do
sleep 1
done
Rsyslog: via UDP erhaltene Logs in eine Datei schreiben
$template RemoteUDP,"/var/log/remote-udp.log" :inputname, isequal, "imudp" ?RemoteUDP & ~
& ~ beendet die Verarbeitung der Regel.
Template Zammad Reverse Proxy mit Apache
<VirtualHost *:80>
ServerName ticket.domain.tld
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{HTTP_HOST}/$1 [R=301,L]
ProxyPass / http://127.0.0.1:8090/
ProxyPassReverse / http://127.0.0.1:8090/
ProxyPreserveHost On
ProxyAddHeaders On
RequestHeader set X-Forwarded-Proto "http"
</VirtualHost>
<VirtualHost *:443>
ServerName ticket.domain.tld
ProxyPass /ws ws://127.0.0.1:8090/ws
ProxyPassReverse /ws ws://127.0.0.1:8090/ws
ProxyPass / http://127.0.0.1:8090/
ProxyPassReverse / http://127.0.0.1:8090/
ProxyPreserveHost On
ProxyAddHeaders On
RequestHeader set X-Forwarded-Proto 'https'env=HTTPS
RequestHeader set X-Forwarded-Ssl on
SSLCertificateFile /etc/letsencrypt/live/ticket.domain.tld/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/ticket.domain.tld/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>