Blog

Enable Proxmox No-subscription Repository

You don’t need a license key to use the Proxmox No-subscription repository. It is suitable for home labs users, testing purpose and non-production use.

To enable Proxmox No-subscription repository, edit /etc/apt/sources.list file:

# nano /etc/apt/sources.list

And add the following lines:

deb http://ftp.debian.org/debian bullseye main contrib

deb http://ftp.debian.org/debian bullseye-updates main contrib

# security updates
deb http://security.debian.org bullseye-security main contrib

# PVE pve-no-subscription repository provided by proxmox.com,
# NOT recommended for production use
deb http://download.proxmox.com/debian/pve bullseye pve-no-subscription

Finally, update the repository list:

$ sudo apt update

$ apt full-upgrade

Samba & Bonjour with Avahi

Okay, so you have a shiny new Linux box, and it’s running Samba, all nice and configured to share your files.  You have a Mac, and you want to use it with your nifty new Windows shares.  You can connect with Command-K in the finder, but it doesn’t show up in Finder under the Shared section.

You need Avahi.

I won’t bother going into the details of configuring Samba.  If you’ve not gotten that far, there are some pretty good resources out on the ‘net that will tell you how.  Where interacting with Bonjour is concerned, however, most of the references I found were flat wrong with modern OS X and Samba.

To make this work, the steps are simple (I’m running Ubuntu 12.04, so you may have to adjust accordingly for your Linux distro of choice).  The first step is to install Avahi:

root@core:/# apt-get install avahi-daemon avahi-utils

When this command completes, you’ll essentially have Bonjour running on your Linux box.  This has a number of advantages, most notably that you can now log into the thing by hostname (eg. core.local for my machine) without having to configure DNS.  But it still won’t allow you to browse shares in Finder; for that, you need a bit of configuration.

And so we move to step 2: create a file in /etc/avahi/services called smb.service, and place the following content in it:

<?xml version="1.0" standalone='no'?>
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
 <name replace-wildcards="yes">%h</name>
 <service>
   <type>_smb._tcp</type>
   <port>445</port>
 </service>
 <service>
   <type>_device-info._tcp</type>
   <port>0</port>
   <txt-record>model=RackMac</txt-record>
 </service>
</service-group>

Upon saving it, your new Linux box will happily appear in the Finder sidebar, and should all work.  You don’t even need to restart Avahi; it’ll pick up the new service file automagically.

There are other references out there for how to do this, but they all use port 139 – which doesn’t work.  I haven’t a clue when Microsoft changed the port number, but whatever; I don’t really care.  I have finder browsing goodness, so I’m happy.

macOS Built-in Speed Test:

How to Check Open Ports in Linux?

Which ports are occupied by which service? How many open ports are there? Learn to scan for open ports on your Linux system or any remote system.Table of Contents

  1. Method 1: Checking open ports in the currently logged in Linux system using lsof command
  2. Method 2: Checking ports on any remote Linux server using the netcat command
  3. Conclusion

Whether you are using Linux as a server or desktop, knowing open ports or ports in use can be helpful in a variety of situations.

For example, if you are running an Apache or Ngnix based web server, the port in use should be 80 or 443. Checking the ports will confirm that. Similarly, you can check which port is being used by SMTP or SSH or some other services. Knowing which ports are in use can be helpful while allocating the ports to a new service.

You may also check if there are open ports for intrusion detection.

There are various ways for checking ports in Linux. I’ll share two of my favorite methods in this quick tip.

Method 1: Checking open ports in the currently logged in Linux system using lsof command

If you are logged into a system, either directly or via SSH, you can use the lsof command to check its ports.

sudo lsof -i -P -n

This lsof command is used to find the files and processes used by a user. The options user here are:

  • -i: If no IP address is specified, this option selects the listing of all network files
  • -P: inhibits the conversion of port numbers to port names for network files
  • -n: inhibits the conversion of network numbers to host names for network files
Checking open ports in Linux

But, this also shows us a lot of extra ports that the computer does not actually listen to.

You can just pipe this output to the grep command and match the pattern “LISTEN”, like this:

sudo lsof -i -P -n | grep LISTEN

This will only show the ports that our computer is actively listening to and also which service is using said open port.

Method 2: Checking ports on any remote Linux server using the netcat command

nc (Netcat) is a command line utility that read and writes data between computers over network using the TCP and UDP protocols.

Given below is the syntax for nc command:

nc [options] host port

This utility has a nifty -z flag. When used, it will make nc scan for listening daemons without actually sending any data to the port.

Combine this with the -v flag, enabling verbosity, you can get a detailed output.

Below is the command you can use to scan for open ports using the nc command:

nc -z -v <IP-ADDRESS> 1-65535 2>&1 | grep -v 'Connection refused'

Replace IP-ADDRESS with the IP address of the Linux system you are checking the ports for.

As for why I selected values 1 to 65535, that is because the port range starts from 1 and ends at 65535.

Finally, pipe the output to the grep command. Using the -v option, it excludes any line that has “Connection refused” as a matched pattern.

This will show all the ports that are open on the computer which are accessible by another machine on the network.

Conclusion

Of the two methods, I prefer the lsof command. It’s quicker than nc command. However, you need to be logged into the system and have sudo access for that. In other words, lsof is more suitable a choice if you are managing a system.

The nc command has the flexibility of scanning ports without being logged in.

Both commands can be used for checking open ports in Linux based on the scenario you are in. Enjoy.TipsSHARE

Setting Up Your Local Web Server on macOS Big Sur 11.0.1 (2020)| MAMP Setup on mac | macOS, Apache, MySQL, PHP

Apple released its 2020 newest macOS Big Sur on November 12, 2020. It is a time of the year again that you might need to reconfigure your macOS if you are upgrading from the macOS Catalina. Or if you have a new macOS, follow the below steps to enable your local web server on macOS Big Sur (version 11.0.1)

NOTE: For macOS 12 Monterey, please check out the How to Setup MAMP (MacOS, Apache, MySQL, PHP) on macOS12 Monterey (2021)

Table of Contents

Start the Apache Server

macOS comes with Apache Server by default. To start the built-in Apache server, open the Terminal app from your Application folder or type Terminal in the Spotlight Search (shortcut: Command + Space Bar)

Type sudo apachectl start and press enter

Open any of your favorite browser (e.g. Safari, Chrome)

Type localhost or 127.0.0.1 in the address bar

If Apache Server is started, you should see the below:

Create Sites Directory

It is recommended to create a Sites directory under username folder (username is your mac login name) This directory will be your document root for any web-related stuff.

  1. Go to Mac HDD > Users > [your account folder]
  2. Create a folder with the name Sites. When the folder is created, it will generate a folder with a compass image on the folder as you can see from the below screenshot.

Create username.conf file

To be able to recognize the files putting into Sites directory, username.conf needed to be setup.

1. Type whoami and press enter. (Note down the name. this is your account name / username) For example, if your username is developer, we will be making a .conf file with the name of developer.conf under /etc/apache2/users

2. Type cd /etc/apache2/users and press enter.

3. Type ls and press enter. Check if there is an existing username.conf file (username is your account name)

4. If there is an existing username.conf, make a backup copy by typing sudo cp username.conf username.conf.bak

5. Type sudo nano username.conf and press enter (note: username will be your account name e.g. developer.conf)

6. Copy and paste the following configuration.

<Directory "/Users/developer/Sites/">
AllowOverride All
Options Indexes MultiViews FollowSymLinks
Require all granted
</Directory>

7. Press Control + o and press enter to save the file.

8. Press Control + x to exit the nano editor.

Configure the httpd.conf file

1. Open the Terminal app from your Application folder or type Terminal in the Spotlight Search (shortcut: Command + Space Bar)

2. Type cd /etc/apache2 and press enter.

3. Type sudo cp httpd.conf httpd.conf.bak and press enter. (This step is optional if you want to keep the copy of the original config file but I would recommend keeping one just in case.)

4. Type sudo nano /etc/apache2/httpd.conf and press enter.

5. Press control + w and type LoadModule authz_core_module and press enter. (control + w will activate the search and it will look for a line with the keyword you put in)

Uncomment the following modules. The # you see in front of each line means that line is commented out. That means that a specific line or module on that line will be ignored. What we want to do is, uncomment this so the module is enabled.

6. Use control + w to find each of the modules below.

LoadModule authn_core_module libexec/apache2/mod_authn_core.so
LoadModule authz_host_module libexec/apache2/mod_authz_host.so
LoadModule userdir_module libexec/apache2/mod_userdir.so
LoadModule include_module libexec/apache2/mod_include.so
LoadModule rewrite_module libexec/apache2/mod_rewrite.so

7. Uncomment the following line for the User home directories.

Include /private/etc/apache2/extra/httpd-userdir.conf

8. Replace the below two lines with your username document root. (You can comment on those two lines by putting # in front of them.

DocumentRoot "/Library/WebServer/Documents"
<Directory "/Library/WebServer/Documents">

9. Replace with the following:

Note: USERNAME needs be replaced with your username (e.g. developer)

DocumentRoot "/Users/USERNAME/Sites/"
<Directory "/Users/USERNAME/Sites/">

10. Press control + w and type AllowOverride None then enter

Replace AllowOverride None to AllowOverride All

Your DocumentRoot configuration in httpd.conf will look like below:

DocumentRoot "/Users/developer/Sites/"
<Directory "/Users/developer/Sites/">
    #
    # Possible values for the Options directive are "None", "All",
    # or any combination of:
    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
    #
    # Note that "MultiViews" must be named *explicitly* --- "Options All"
    # doesn't give it to you.
    #
    # The Options directive is both complicated and important.  Please see
    # http://httpd.apache.org/docs/2.4/mod/core.html#options
    # for more information.
    #
    Options FollowSymLinks Multiviews
    MultiviewsMatch Any

    #
    # AllowOverride controls what directives may be placed in .htaccess files.
    # It can be "All", "None", or any combination of the keywords:
    #   AllowOverride FileInfo AuthConfig Limit
    #
    AllowOverride All

    #
    # Controls who can get stuff from this server.
    #
    Require all granted
</Directory>

11. Press control + o and press enter to save the file.

12. Press control + x to exit the nano editor.

Configure the httpd-userdir.conf file

1. Type cd /etc/apache2/extra and press enter.

2. Type sudo cp httpd-userdir.conf httpd-userdir.conf.bak and press enter. (this step is optional if you want to keep the copy of original file.)

3. Type sudo nano httpd-userdir.conf and press enter.

Uncomment the following line.

Include /private/etc/apache2/users/*.conf

4. Press control + o and press enter to save the file.

5. Press control + x to exit the nano editor.

6. Type sudo apachectl restart (this step will restart the Apache server to take effect of the changes made in the config file)

Enable the PHP

macOS has built-in PHP (at least in Big Sur and prior versions) You just need to enable the PHP from the Apache’s config file. Follow the below steps to do so.

1. Open the Terminal app from your Application folder or type Terminal in the Spotlight Search (shortcut: Command + Space Bar)

2. Type cd /etc/apache2 and press enter.

3. Type sudo nano /etc/apache2/httpd.conf and press enter.

4. Press control + w and type php (this will search for a line with keyword php in Apache’s config file.)

You should be seeing the following line. Uncomment the LoadModule php7_module libexec/apache2/libphp7.so by removing the # in the front of that line of code.

5. Press control + o and press enter to save the file.

6. Press control + x to exit the nano editor.

7. Type sudo apachectl restart (this step will restart the Apache server to take effect of the changes made in the config file)

Create a phpinfo() page

To try out the PHP is working on your local mac web server, create a phpinfo() file and load it on the browser.

1. Open the Terminal app from your Application folder or type Terminal in the Spotlight Search (shortcut: Command + Space Bar)

2. Type cd ~/Sites/ and press enter.

3. Type sudo nano phpinfo.php and press enter. (this will bring up the nano editor with blank screen since the phpinfo.php is newly created file and has no code at this point)

4. Put the following code.

<?php phpinfo(); ?>

5. Press control + o and press enter to save the file.

6. Press control + x to exit the nano editor.

7. Open a browser and type the following in the address bar.

http://localhost/~developer/phpinfo.php

You should be seeing a page something like below. This means, the PHP is working on your local mac server.

Setting Up the MySQL Server

To be able to use a local database, you need to install a database server. In this case, we will be installing the MySQL Server. Follow the below steps to setup your MySQL Server on your local macOS.

  1. Go to https://dev.mysql.com/downloads/mysql/

2. Download the installer with DMG file.

3. Double click the MySQL server installer.

Follow the instructions on the Installer.

If above message shows up, click Allow.

Select Use Strong Password Encryption

Setup a password for “root” user and click Finish to complete the setup.

Once the installation is complete, you can move the installer to the trash.

Now, if you go to System Preferences, you should be seeing MySQL.

If you check, it should have the green indicator showing it is up and running.

If you need to setup a MySQL Workbench, you can refer to Using MySQL Workbench on macOS Catalina (2019)

If you are using macOS Catalina, check out Setting Up Your Local Server on macOS Catalina (2019) – MAMP – macOS, Apache, MySQL, PHP to setup your mac local web server.

Latest Post

Feel free to share this post!

What is APIPA (Automatic Private IP Addressing)?

APIPA stands for Automatic Private IP Addressing (APIPA). It is a feature or characteristic in operating systems (eg. Windows) which enables computers to self-configure an IP address and subnet mask automatically when their DHCP(Dynamic Host Configuration Protocol) server isn’t reachable. The IP address range for APIPA is (169.254.0.1 to 169.254.255.254) having 65, 534 usable IP addresses, with the subnet mask of 255.255.0.0.

History

Initially, the Internet Engineering Task Force (IETF) has reserved the IPv4 address block 169.254.0.0/16 (169.254.0.0 – 169.254.255.255) for link-local addressing. Due to the simultaneous use of IPv4 addresses of different scopes, traffic overload becomes high. The link-local addresses are allocated to interface i.e., stateless in nature such that communication will be established when not getting a response from DHCP Server. After that Microsoft refers to this address autoconfiguration method as “Automatic Private IP Addressing (APIPA)”.

Automatic Configuration and Service Checks

It starts with when the user(client) is unable to find the data/information, then uses APIPA to configure the system with an IP address automatically(ipconfig). The APIPA provides the configuration to check for the presence of a DHCP server(in every five minutes, stated by Microsoft). If APIPA detects a DHCP server on the network configuration area, it stops, and let run the DHCP server that replaces APIPA with dynamically allocated addresses.

Note: To Know the given IP address is provided by which addressing, just run the following command:

ipconfig/all

Characteristics

  • Communication can be established properly if not getting response from DHCP Server.
  • APIPA regulates the service, by which always checking response and status of the main DHCP server in a specific period of time.

Advantages

  • It can be used as a backup of DHCP because when DHCP stops working then APIPA has the ability to assign IP to the networking hosts.
  • It stops unwanted broadcasting.
  • It uses ARP(Address Resolution Protocol) to confirm the address isn’t currently in use.

Disadvantages

  • APIPA ip addresses can slow you network.
  • APIPA doesnot provide network gateway as DHCP does.

Limitations

  • APIPA addresses are restricted for use in local area network.
  • APIPA configured devices follow the peer to peer communication rule.

T-mobile instellingen modem

De instellingen voor (V)VDSL werken voor vrijwel alle DSL-verbindingen die T-Mobile aanbiedt. Werkt dit niet, probeer dan de instellingen voor ADSL. Voor glasvezelaansluitingen (Fiber via WAN/SFP) dien je het modem achter de zwarte Media Converter of witte Media Converter (ONT) aan te sluiten. Heb je momenteel een Draytek modem, dan dien je ook zelf voor een Media Converter te zorgen of een modem met glasvezelaansluiting te gebruiken. De instellingen voor het gebruik van een eigen Media Converter of ONT zie je verderop in dit artikel.
 

Eigen Media Converter aansluiten

Verberg inhoud

Om een eigen Media Converter te gebruiken (dit kan alleen bij een PtP verbinding op zowel het WBA-netwerk als ons eigen netwerk) dien je de volgende instellingen te gebruiken. Let er bij het aansluiten op dat je de glazen connector niet aanraakt. Dit kan de verbinding nadelig beïnvloeden.

Specificaties

  • Bidi optic LR (20KM)
  • TX 1310 nm, -3 ~ -9 dBm
  • RX -3 ~ -22 dBm
  • Class 1 laser product
  • Single mode Fiber (9/125)
  • SP/PC connector of SC/APC connector

Instellingen
Auto Negotiation: On
Duplex mode: Full
Flow control: Disabled
F/O mode: Auto


Alternatieve setting
Auto Negotiation: Off
Manual TP speed: 1000M
Duplex mode: Full
Flow control: Disabled
F/O mode: Auto

Eigen ONT (Optical Network Terminal) aansluiten 

Verberg inhoud

Om een eigen ONT te gebruiken, dien je een ONT te nemen die geschikt is voor het gebruik op je netwerk. We raden het gebruik van een eigen ONT af, omdat we bij het omwisselen enkele dagen nodig kunnen hebben om de door ons geleverde ONT weer te registreren. Als je begrijpt wat de risico’s hiervan zijn, kan je via onze klantenservice een verzoek indienen om je eigen ONT te registreren. Binnen enkele dagen zal de ODIDO ONT de verbinding verliezen. Vanaf dat moment kan je je eigen ONT aansluiten. Let er bij het aansluiten op dat je de glazen connector niet aanraakt. Dit kan de verbinding nadelig beïnvloeden.

Op een KPN WBA glasvezelverbinding is een eigen ONT alleen mogelijk wanneer je met XGSPON verbonden bent. Mogelijk moet je lijn gemigreerd worden voordat je een eigen XGSPON ONT kan aansluiten.

Op ons eigen netwerk (GPON of XGSPON) kan je, afhankelijk van de verbinding, een GPON ONT gebruiken of een XGSPON ONT gebruiken.

VoIP (Vast Bellen)

Verberg inhoud

  • SIP Username: Kan klant vinden in My T-Mobile Thuis 
  • SIP Password: Dit moet klant zelf instellen in My T-Mobile thuis 
  • SIP Proxy Server Address: voip.t-mobilethuis.nl 
  • Primair compressie type: G.711a 
  • Secundair compressie type: G.722 
  • Tertiair compressie type: G.711u 
  • Bediening van spreek volume: Middle 
  • Luister volume regelaar: Middle 
  • G.168 (Echo-annulering): inschakelen 
  • RTP Start – eind poort:  40000 – 40018 
  • DTMF-modus: PCM 
  • Transport Type: UDP 
  • SIP DSCP Markeringinstelling: 46 
  • RTP DSCP Markeringinstelling: 46 
  • Vervaltermijn van SIP-registratie: 3600 seconden 
  • Mislukte timer voor opnieuw proberen van SIP-registratie: 1800 
  • Sessie verloopt (SE): 900 
  • Min-SE : 600 

IPTV (tv-kijken)

Verberg inhoud

Deze instellingen zijn enkel nodig wanneer je op het oude TV platform zit (Interactieve TV). Op het nieuwere platform T-Mobile TV gaat het tv-signaal over het internet VLAN en is er ook geen routing nodig. 

WAN (V)VDSL ETHWAN ADSL 
VPI/VCI   8/71 
Mode Routing Routing Routing 
Encapsulation IPoE IPoE IPoE 
IPv4/IPv6 Mode IPv4 IPv4 IPv4 
VLAN Enable 802.1p: 0 802.1q: 640 Enable 802.1p: 0 802.1q: 640 Disable 
MTU 1500 1500 1500 
NAT 
IGMP Proxy 

Static Route: 

Rule Name Destination IP Subnet mask WAN Interface 
IPTV_SR01 10.12.255.0 255.255.255.0 IPTV Sub interface 
IPTV_SR02 10.10.254.0 255.255.255.0 IPTV Sub interface 
IPTV_SR03 10.10.26.0 255.255.255.0 IPTV Sub interface 
IPTV_SR04 10.10.108.0 255.255.255.0 IPTV Sub interface 
IPTV_SR05 10.18.0.0 255.255.240.0 IPTV Sub interface 
IPTV_SR06 10.12.254.0 255.255.255.0 IPTV Sub interface 
IPTV_SR07 10.10.24.0 255.255.255.192 IPTV Sub interface 
IPTV_SR08 10.200.0.0 255.255.252.0 IPTV Sub interface 
IPTV_SR09 10.12.200.65 255.255.255.255 IPTV Sub interface 

IGMP Proxy: Enabled 

IGMP Mode: Blocking Mode 

IGMP version: 2 

Notes tips en tricks

check jumbo-frames on Juniper switch :

ping 192.168.1.1 no-resolve routing-instance ri-main do-not-fragment size 9170

Learn to Use CURL Command in Linux With These Examples

Page Contents

What is CURL ?

CURL is a tool for data transfer. It is also available as a library for developers and as a CLI for terminal-based use cases. Both have the same engine inside (Truth is that CLI tool is just the program that uses the library under the hood).

CURL works with every protocol you might have used. Head over this site to check whether CURL works with your target protocol or not.

What CURL can do?

Hmm… Everything that is related to data transfer. Everyone must have used a browser. Even now, you are reading this article through your browser. What browser does, it requests a page and gets it as a response. It can write and read cookies. And then it renders(displaying the content, images and executing JS scripts) it. 

CURL can do everything a browser except for the last part rendering because it is not related to data transfer.

As wrap up, CURL can download HTML pages, fill HTML forms and submit them, download files from a FTP/HTTP server and upload files to the same and read/write cookies.

This makes it an excellent tool to be used in scripting, debugging and forensic analysis etc.

Curl command examples

curl command examples in Linux

Let’s see what can you do with Curl.

1. Get a response from a server

Everything from server is a response to the request. So getting a HTML page is same as downloading a file.

To get a HTML response from http://info.cern.c,

curl http://info.cern.ch/

To get the list of posts as a response from a server ( https://jsonplaceholder.typicode.com/posts), 

curl https://jsonplaceholder.typicode.com/posts

Since we know how to get a response from a server, you can download a file ( say Google logo ).

curl https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_272x92dp.png

Above command will dump binary image data which you can’t view in the terminal. You need to save them and then use a photo viewer to see them.  Continue reading to find out how to do so.
READ  9 Useful Examples of Touch Command in Linux

Note that various option flags can be placed anywhere on the command instead of the strict ordering. So no worry if you placed any option in the last while the examples had the flag in the beginning.

2. Save the file with a default file name

Every file that is served on the internet has a filename. To use the same filename as the downloaded filename use -O flag.

curl -O http://www.google.com/robots.txt

3. Save the file with custom name

To save the filename with your own custom name, use -o flag followed (strictly) by a custom name.

curl -O http://www.google.com/robots.txt googleRobots.txt

4. Download multiple files

To download multiple files, separate them with a white space.

curl url1 url2 url3

If you want to use -O flag for all the URL’s, use

curl url1 url2 url3 -O -O -O

The same workaround should be done for any flag. This is because the first occurrence of a certain flag is for the first URL, the second flag is for the second URL and so on.

5. Download a range of files

curl has the in-built ability to download a range of files from the server. This can be illustrated from the following example.

curl http://www.google.com/logo/logo[1-9].png

Above command downloads files from logo1.png, logo2.png, logo3.png and up to logo9.png.

6. Download a file only if latest

To download a file only if the file’s modification time is latest than the given time.

curl url -z "DD MMM YY MM:HH:SS"

7. Resume Downloading

If you have already partially transferred a file, you can resume the transfer by using the -C flag. Offset from which transfer needs to be continued should be passed as a parameter to the -C flag.

curl -C 1024 http://seeni.linuxhandbook.org/files/largeFile.mpv -O

8. Upload a file

To upload a file to the server, one needs to use -T flag followed by the file path on your local system.

curl -T uploadFile.txt http://upload.linuxhandbook.org/files

9. Delete a file

To delete a file named deleteFile.txt in a server, one can use -X flag which is intended for any HTTP verb/method(like GET, POST, PUT, DELETE, PATCH). Most of the FTP servers will have configured DELETE method if not all advanced HTTP methods.

curl -X DELETE http://upload.linuxhandbook.org/files/deleteFile.txt

You can also modify the above command for any HTTP method to do the corresponding task. For Example, if your server allows TRUNCATE method ( this is made-up HTTP method, not a standard one) which removes only the content in the file and not the file, one can use the command similar to the below one.

curl -X  TRUNCATE http://upload.linuxhandbook.org/files/mysql.dump

Above mentioned are the main uses of curl. But there might be difficulties which needed to be fought such as redirects, user authentication, SSL certificates, etc., We can call them add-ons as they are only optional but still remain crucial for certain purposes. Let’s see some of those addons and how to handle it with curl in the next section.READ  5 Practical Examples of chgrp command in Linux

10. Avoid redirects

When you request htttp://www.google.com , you will be served only the regional page such as www.google.co.in. This is done with the help of redirects (HTTP packets with status codes in the range 300-399).

You can avoid redirects with the option L.

curl -L  htttp://www.google.com

11. Authentication

When the server is configured to serve for only certain individuals with credentials, they will be provided with username and password. One can make login with the help of -u flag.

curl -u username:password http://seeni.linuxhandbook.org/files/tasks.txt

12. Limit data transfer

If you want to impose a data transfer limit use –limit-rate flag. Following command tries to download the file with rate limit as 10K.

curl --limit-rate 10K http://seeni.linuxhandbook.org/files/logoDetails.tgz

13. Show/Hide transfer Status

If the response is redirected from the terminal such as downloading, uploading then curl automatically shows the status/progress meter for the transfer.

If you do not want to see the progress meter, just append the command with -s flag. Progress will not be shown for response directed for the terminal.

14. Ignore SSL certificates

Do you remember the situations in which you need to give security certificate exception to visit some websites? If you trust the sources and you want to do a data transfer, you can ignore SSL certificate validation by using -k flag.

curl -k https://notSoSecure.org/files/logoDetails.tgz

15. Get Header Information also

To display the header information along with transferred data, use the -i flag.

curl -i http://www.google.com/robots.txt

16. Get Header information Only

If you want only the headers and not the data, use the -I flag

curl -I http://www.google.com/robots.txt

17. Change User Agent

Some websites and servers don’t allow certain kinds of devices to access their systems. But how do they know that we are using a specific kind of device? This is due to the User-Agent HTTP header field. We can change this User Agent with -A flag.

curl -A "Mozilla FireFox(42.0)" http://notAllowedForCLI.sites.org/randomFile.png

18. Sending data to the Server

If the server needs some data such as token or API key, use -d flag to send the data. Data that needs to be sent should follow the flag in the command. One can use “&” to combine multiple data. This is usually done by GET and POST requests in browsers. This is one of the ways by which you can send your form information.

curl -d "token=34343abvfgh&name='seeni'" http://api.restful.org/getcontent

19. Write Cookies to a File

Cookies are some small information that allows maintaining a session with a stateless HTTP protocol. If you want to know more about Cookies, refer to this great resource.READ  10 Practical Grep Command Examples for Developers

To write cookies to a file, -c flag followed by the cookie filename should be used.

curl -c googleCookie.txt http://www.google.com/files

20. Reading Cookies from a File

To read a cookie from the file, -b flag followed by cookie filename can be used.

curl -b googleCookie.txt http://www.google.com/files

Note that -b flag only reads the cookie from the file. So if the server resends another cookie, you might need to use -c option to write them.

21. Start a new Session

If you want to initiate a new session by discarding the cookies, use -j flag. It starts a new session even if you have provided the cookie file to read with -b flag.

curl -b googleCookie.txt http://www.google.com/files -

C

Centos Install Server

Omdat CentOS nu eenmaal één van mijn favoriete server-besturingssystemen is, gaan we uit van een installatieserver met CentOS. Dat maakt overigens voor het principe niet heel veel uit, want een installatieserver maakt gebruik van dezelfde componenten, welke distributie je ook gebruikt. De server die momenteel voor me aan het werk is, staat gelijktijdig zowel OpenSUSE als CentOS te installeren. Met een goed ingerichte server installeer je dus moeiteloos elke distributie.

 

Componenten

Een volledig geautomatiseerde installatieomgeving heeft een aantal dingen nodig. We gaan ervan uit dat je wilt opstarten vanaf het netwerk. Om dit succesvol te laten verlopen, heb je een DHCP-server nodig die IP-adressen uitdeelt aan de te installeren machines. De volgende stap bestaat eruit dat die machines ook een boot image nodig hebben. Hiervoor wordt gebruik gemaakt van een TFTP-server. De DHCP-server zorgt ervoor dat de client doorgestuurd wordt naar de TFTP-server, zodat daar de juiste bestanden aangeleverd worden om van op te starten.

Om op te kunnen starten, heeft een Linux-client 3 bestanden nodig: een boot loader, een kernel en een initramfs. De boot loader vervangt de lokale boot loader (meestal GRUB) en geeft aan welke kernel gestart moet worden. Die kernel laadt vervolgens het initramfs. Daarbij wordt ook aangegeven waarvandaan de rest van de installatie uitgevoerd moet worden. Voor dat laatste deel is een repository nodig. Om een flexibele installatieserver aan te bieden waarop je zelf bepaalt welke packages precies aangeboden worden, is het aan te raden zelf de repositories aan te bieden (en deze niet van internet te halen). Je kan daarvoor in principe elke service gebruiken, in dit artikel laten we zien hoe je voor dit doel een webserver in kan zetten.

Als je alles tot op dit punt werkend hebt, heb je een omgeving waar de te installeren servers op kunnen booten, een boot image krijgen, en vervolgens ook toegang krijgen tot een repository om de installatie verder uit te voeren. Als het hierbij blijft, moet die installatie echter nog wel steeds handmatig uitgevoerd worden. Leuk als je één of twee servers wilt installeren, minder leuk als je er 200 wilt installeren. Om dit gedeelte ook nog te automatiseren, heb je een installatiescript nodig.

Er zijn verschillende oplossingen voorhanden: SUSE gebruikt autoyast, Red Hat gebruikt Kickstart en ook op Ubuntu kun je Kickstart gebruiken. Zowel Kickstart als Autoyast gebruiken input files waarin alle parameters gedefinieerd zijn die tijdens de installatie gebruikt moeten worden. Dit script plaats je op de installatieserver, zodat het ook eenvoudig aangeroepen kan worden. Bij het aanroepen van de installatie-kernel geef je aan welk script gebruikt moet worden en daarmee maak je de procedure compleet. In de rest van dit artikel zullen we de belangrijkste delen van de configuratie bekijken die nodig zijn om dit allemaal te realiseren.

 

De DHCP-server

De DHCP-server heeft op zich niet veel configuratie nodig. In listing 1 zie je een voorbeeldconfiguratie, waarin de regel next-server ervoor zorgt dat DHCP de client doorstuurt naar een TFTP-server op dit adres. De filename pxelinux.0 is de PXE-boot loader die aan de client gestuurd wordt.

 

Listing 1: Voorbeeld DHCP-server configuratie

 

subnet 192.168.178.0 netmask 255.255.255.0 {

option routers 192.168.178.1 ;

range 192.168.178.200 192.168.178.250 ;

next-server 192.168.178.110;

filename “pxelinux/pxelinux.0”;

}

 

De TFTP-server

TFTP is al heel lang een onderdeel van xinetd. Om TFTP te kunnen gebruiken, zet je het aan in xinetd en zorg je dat de xinetd service gestart is. Daarbij hoort een configuratiebestand waarin je het PXE-menu zet. Deze vind je standaard in /var/lib/tftptboot/pxelinux/pxelinux.cfg en heeft de naam default. Listing 2 laat een voorbeeld PXE menu zien waaruit verschillende configuraties aangeboden kunnen worden.

 

Listing 2: Voorbeeld PXE boot menu

 

default Linux

prompt 10

timeout 10

display boot.msg

label Linux

menu label ^Install RHEL

menu default

kernel vmlinuz

append initrd=initrd.img inst.repo=http://192.168.178.110/install ks=http://192.168.178.110/anaconda-ks.cfg

label Fedora

menu label Install ^Fedora Server

kernel vmlinuz-fedora

append initrd=initrd-fedora inst.repo=http://192.168.178.110/fedora ks=http://192.168.178.110/fedora-ks.cfg

label Fedoraws

menu label Install Fedora ^Workstation

kernel vmlinuz-fedoraws

append initrd=initrd-fedoraws inst.repo=http://192.168.178.110/fedoraws

label opensuse

menu label install opensuse

kernel vmlinuz-suse

append initrd=initrd-suse install=http://192.168.178.110/opensuse

 

Als je ooit een GRUB-menu gezien hebt, zie je dat een PXE boot-menu daar niet wezenlijk van verschilt. Het komt erop neer dat je voor elke distributie een kernel neerzet in de TFTP document root, daarnaast een initramfs en tot slot aanwijst welke repository gebruikt moet worden om de rest van de installatie uit te voeren. Je hebt dan in principe voldoende om de installatie op te starten en handmatig verder uit te voeren.

 

De Webserver

Het aanmaken van de repositories is overigens niet heel ingewikkeld. Een handige manier is om de ISO van de betreffende distributie te downloaden en via /etc/fstab te loop-mounten op de locatie waar de installatiebestanden beschikbaar moeten zijn. Handig, want je hoeft niets te kopiëren en het is eenvoudig te regelen als een nieuwe versie van je distributie beschikbaar komt.

Als je er dan ook nog voor zorgt dat die locatie beschikbaar is onder de documentroot van je webserver, hoef je helemaal niet veel meer te doen dan de webserver aan te zetten om te regelen dat repositories automatisch beschikbaar gesteld worden.

 

De installatie-instructies

Het laatste element van de installatie server bestaat uit de installatie instructies. Autoyast is de oplossing die door SUSE gebruikt wordt. Daarnaast is er Kickstart. De installatie-instructies worden aangeleverd in een kort tekstbestand waarin de antwoorden staan op de vragen die tijdens de installatie gesteld worden. Kickstart doet dat in een ASCII-tekstbestand, Autoyast doet het in een XML-bestand. In listing 3 zie je een voorbeeld van hoe dat eruitziet in een Kickstart bestand.

 

Listing 3: Voorbeeld Kickstart bestand

 

[root@server html]# cat anaconda-ks.cfg

#version=RHEL7

# System authorization information

auth –enableshadow –passalgo=sha512

 

# Use network installation

url –url=”http://192.168.178.110/install”

# Run the Setup Agent on first boot

firstboot –enable

ignoredisk –only-use=sda

# Keyboard layouts

keyboard –vckeymap=us –xlayouts=’us’

# System language

lang en_US.UTF-8

 

# Network information

network  –bootproto=dhcp –device=p6p1 –ipv6=auto –activate

network  –hostname=localhost.localdomain

# Root password

rootpw –iscrypted $6$GUg.iLUId16gnydz$AHsdHvpPof2KmIYQH2nlF8H.lFFf9DM/J5tC91HsvZYvKpGSeTRo0oE9B8aR1KaZ5u5YK1NwXBOUhv1ZkbZVY.

# System timezone

timezone America/New_York –isUtc

user –name=user –password=$6$yMRAMUievKP2EYT5$JmwC3j.jo9ySsuo6ogUNsI.5sQvW51SgtCLtlGDD/6/dLlz.XLj2dvTXVbfTaeDSLKPfgEDkVqxvbstjpYZt9. –iscrypted –gecos=”user”

# X Window System configuration information

xconfig  –startxonboot

# System bootloader configuration

bootloader –location=mbr –boot-drive=sda

# Partition clearing information

clearpart –drives=sda –all

# Disk partitioning information

part /boot –fstype=”xfs” –ondisk=sda –size=1000

part pv.11 –fstype=”lvmpv” –ondisk=sda –size=31008

volgroup centos –pesize=4096 pv.11

logvol /  –fstype=”xfs” –size=30000 –name=root –vgname=centos

logvol swap  –fstype=”swap” –size=1000 –name=swap –vgname=centos

 

%packages

@base

@core

@desktop-debugging

@dial-up

@fonts

@gnome-desktop

@guest-agents

@guest-desktop-agents

@input-methods

@internet-browser

@multimedia

@print-client

@virtualization-hypervisor

@virtualization-client

@virtualization-platform

@virtualization-tools

@x11

wget

%end

 

%post

mkdir /files

logger now running post

wget http://192.168.178.110/downloads/CentOS-7-x86_64-DVD-1611.iso -O /files/centos73.iso

wget http://192.168.178.110/downloads/labipa-3.0.3.zip -O /files/labipa-3.0.3.zip

wget http://192.168.178.110/downloads/how-to-use-labipa.pdf -O /files/how-to-use-labipa.pdf

 

%end

 

De enige uitdaging is hoe je aan zo’n bestand komt. Welnu, dat is niet moeilijk. Na installatie van een Red Hat of Fedora systeem wordt het standaard aangemaakt in de home directory van de gebruiker root en op SUSE kan je het vanuit Yast genereren met behulp van de autoyast module. Het enige dat dan nog rest, is in het PXE-boot bestand aan te geven waar de te installeren server dit bestand kan vinden en je installatieserver is klaar voor gebruik.

Categories