-
Notifications
You must be signed in to change notification settings - Fork 0
/
dev-notes.txt
197 lines (151 loc) · 5.62 KB
/
dev-notes.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
#########
fedora 24 uses kernel 4.5 or 4.6
lxc as of version 2.0.3 is not stable on those kernels.
lxc-starts uses 100% cpu, and renders the system unstable.
https://github.com/lxc/lxc/issues/1088
A workaround is to use kernel 4.4.6 from fedora 23.
https://ask.fedoraproject.org/en/question/30549/stop-grub2-changing-default-boot-everytime-i-run-yum-update/
#########
Should start using this ...
http://arachnoid.com/python/beautify_bash_program.html
############################ for regenerate this might come handy!
chmod -R a-x+X directory remove the execute permission on all files in
a directory tree, while allowing for directory browsing.
TODO add node, etc.. to srv
usermod -a -G srv node
####### Server re-installation TODO ############
Backup for server reinstallation in /etc/srvctl
config
saslauthd
certificates
etc sshd host-keys
ssh keys
networking-scripts
####### SSH ###################
## NOTE on port forwarding and ssh usage. This will allow direct ssh on a custom local port!
## Create the tunnel
## ssh -L 2222:nameof.container.ve:22 -N -f user@host
## connect to the tunnel
## ssh -p 2222 user@localhost
## List Open tunnels
## ps ax | grep "ssh " | grep " -L "
## ssh with compresion
## ssh -C -c blowfish
## kill all L tunnels
## kill $(ps ax | grep "ssh " | grep " -L " | cut -f 1 -d " ")
## another method for rsync-ing container data
## rsync -avz -e "ssh -A user@host ssh" [email protected]:/srv/node-project /srv
###### E MAIL ###################
## To create proper SMTPD Auth proxy method http://www.postfix.org/SASL_README.html
## saslauthd can verify the SMTP client credentials by using them to log into an IMAP server.
## If the login succeeds, SASL authentication also succeeds. saslauthd contacts an IMAP server when started like this: saslauthd -d -a rimap -O test.d250.hu
## the remote server - in the container - needs to have dovecot (or an IMAP server) with users to authenticate.
## saslauthd and perdition - incompability problem as of 2014.06.25
##
## saslauthd with rimap to perdition ...
## The response after LOGIN is not being processed correctly.
## Perdition sends the CAPABILITY before the OK, thus saslauthd returns
## [reason=[ALERT] Unexpected response from remote authentication server]
## .. and fails to authenticate.
##
## A workaround is to patch saslauthd.
## We can consider CAPABILITY equal to OK [CAPABILITY ...], as in case of bad password / bad username / bad host, the remote server rejects the credentials.
## That means, if the response is not a NO, and there is a response, we can assume its an OK.
## ... at least in our enviroment. Seems this is not true for the world.
##
## cyrus-sasl-2.1.26/saslauthd/auth_rimap.c last lines:
## replace: return strdup(RESP_UNEXPECTED);
## with: return strdup("OK remote authentication successful");
## .. compile, install.
## Some more dev-hints.
##
## The LOGIN command is supported on both, saslauthd and perdition, plaintext only on saslauthd.
## Here is a note how to enable plaintext in dovecot:
## disable_plaintext_auth = no >>> /etc/dovecot 10-auth.conf
## ssl = no >>> 10-ssl.conf
## testing the running saslauthd: testsaslauthd -u tx -p xxxxxx
##
## Get base64 encoded login code for user x pass xxxxxx
## echo -en "\0x\0xxxxxx" | base64
## AHgAeHh4eHh4
##
## Send e-mail
## echo "this is the body" | mail -s "this is the subject" "to@address"
## Other test commands:
##
#### plaintext IMAP connaction test
## telnet test.d250.hu 143
## a AUTHENTICATE PLAIN
## + base64_code
##
#### IMAP4S connection test
## openssl s_client -crlf -connect test.d250.hu:993
## a LOGIN user passwd
##
#### SASL commands
## saslauthd -a rimap -O localhost
## saslauthd -d -a rimap -O localhost
## testsaslauthd -u username -p password
## testsaslauthd -u x -p xxxxxx
## testsaslauthd -u [email protected] -p xxxxxx
##
#### SMTPS connection test
## openssl s_client -connect test.d250.hu:465
## EHLO d250.hu
## AUTH PLAIN
## base64_code
##
## exit from telnet Ctrl-AltGr-G quit
##
## TODO: this information is submitted to the cyrus sasl devel mailing list. keep an eye on it.
## for now we use a custom saslauthd patch
## to verify openssl SNI use the following command:
## openssl s_client -servername container.ve -connect localhost:443
##
## email sending
## echo BODY | mail -s SUBJECT user@host
##
## To flush the que stuck in postfix
## postqueue -f
################ Using vncserver ################xx
User needs a ~/.vnc/xstartup
#!/bin/sh
xrdb $HOME/.Xresources
xsetroot -solid grey
export XKL_XMODMAP_DISABLE=1
ratpoison &
.. and then an application here.
#########################################x
Label Service Port(s)
www test
web stage
dev codepad 9001
run play 8080 8443
log logio
ssh shell
sys cockpit
dns zone
git repo
src source
srv service
lab label
doc docs
dyn dyndns
ftp files
adm admin
pma phpmyadmin
alt port
opt custom
vnc container
vpn network
gui devel
wss websocket
Additional labels:
webmail
shop
forum
demo
chat
game
support
.. feel free to submit suggestions on github.