Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. <nav> * {{fa>server?color=#8B0000}} Linux * [[rpi_common|β General Things on Raspbian]] * [[rpi_nimbus|ππ’ππππ πππΉππππ]] * [[debian_common|β General info on Debian Linux]] * [[deb_cicada|ππ’ππππ πππ©π π₯π¦π]] * [[deb_mutism|ππππ’ππ πππππ¦π]] * [[deb_gilead|ππ’ππππ πΈπ£ππππ₯π]] * [[deb_symbio|πππππ’π βπ πππ₯π¦π€]] * [[deb_tardis|πππππ’π ππ‘ππ₯ππ¦π]] * [[deb_debris|πππππ’π βππ£π ππ]] * {{fa>windows?color=#0000A0}} Windows * [[:pc_common|β Common Works on Windows]] * [[PC_MESONiSM|ππππππ’ππ]] * [[PC_MESONiST|ππππππ’ππ]] * {{fa>android?color=#006400}} Android * [[:cell_common|β Common Stuffs on Androids]] * [[CELL_EPiCON|πππ’πππ π½π]] * [[CELL_EPiMER|πππ’πππ π‘]] * [[CELL_EPiLUX|πππ’πππ π]] * [[CELL_EPiTAP|πππ’πππ ππ]] * [[CELL_EPiETA|πππ’πππ π]] </nav> ====== General info on Debian ====== {{:playground:boo_the_bunny_36.png?nolink&250|}} ---- ===== Initial steps ===== ==== Watchlist for backup ==== <code bash> /etc/nginx/sites-available/* /var/www/* /etc/transmission-daemon/ /opt/scripts/ </code> **update-motd** <code bash> /etc/update-motd.d/ </code> **crontab** <code bash> sudo crontab -l sudo -u www-data crontab -l crontab -l </code> **MariaDB** ''per DATABASE'' === Backup MariaDB DATABASE === <code bash> /usr/bin/mysqldump --single-transaction -h localhost -u root -p[database_passwd] [database_name] > /..(path)../.backup/[database_name]-sqlbkp_`date +"%Y%m%d"`.bak </code> ---- === Backup using rsync command === == Backup Nginx configuration files == <code bash> sudo rsync -avh --progress /etc/nginx/sites-available/ /home/meson/.backup/nginx/nginx_config_`date +"%Y%m"`/ </code> == Backup HTML source files == <code bash> sudo rsync -avh --progress /var/www/ /home/meson/.backup/html/html_backup_`date +"%Y%m"`/ </code> ---- === Remote backup for webpages === Rsync with ''[TARGET]'' using rsync from ''[SOURCE]'' <code bash> sudo -u www-data rsync -azP --exclude '.ssh' -e 'ssh -p [port_number]' --rsync-path="sudo rsync" /var/www/ [user]@[TARGET]:"/[TARGET PATH]../../" </code> Put ''[SOURCE]'' public key in ''[TARGET]'' user's ''authorized_keys'' ---- ==== Configure log files ==== Edit ''/etc/nginx/nginx.conf'' <code nginx> access_log /var/log/nginx/_access.log; error_log /var/log/nginx/_error.log; </code> ---- ==== Purge log files ==== == Cleaning compressed log files == <code bash> sudo find /var/log -name '*.gz' -exec rm {} \; </code> ---- ==== Set hostnames ==== <code bash> sudo hostname HOSTiD sudo hostnamectl HOSTiD </code> Edit ''/etc/hostname'' with full domain name <code bash> hostid.mydomain.com </code> ---- ==== Enable SSH ==== Genesis step for all {{mdi>debian?2x}} Linux works. ---- === Generate Public/Private key pair === <code bash> ssh-keygen -t rsa -b 4096 ssh-keygen -t dsa ssh-keygen -t ecdsa -b 521 ssh-keygen -t ed25519 </code> <code bash> touch $home/.ssh/authorized_keys chmod 600 $home/.ssh/authorized_keys </code> Append ''public keys'' for SSH client. --- === SSH Key to ED25519 === <code bash> ssh-keygen -o -a 100 -t ed25519 -f ~/.ssh/id_ed25519 -C "john@example.com" </code> * ''-o'': Save the private-key using the new OpenSSH format * ''-a'': KDF (Key Derivation Function) rounds. Higher numbers result in slower passphrase verification, increasing the resistance to brute-force password cracking should the private-key be stolen. * ''-C'': An option to specify a comment --- ==== Enable colorful terminal ==== Comment out **''force_color_prompt=yes''** in ''~/.bashrc'' <code bash> vi ~/.bashrc source ./.bashrc </code> === Time stamp prompt === Edit ''~/.bashrc'' and change ''PS1'' line <code bash> if [ "$color_prompt" = yes ]; then PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]: \[\033[01;33m\]\D{%T}\[\033[00m\] \[\033[01;37m\]\w\$\[\033[00m\] ' else PS1='${debian_chroot:+($debian_chroot)}\u@\h: \D{%T} \w\$ ' fi </code> Save and load ''.bashrc'' <code bash> source ~/.bashrc </code> ---- ==== User aliases command ==== If you don't have ''.bash_aliases'' in your home directory. <code bash> touch .bash_aliases </code> ''Edit'' ''.bash_aliases''. Example: Backup Nginx configuration files with date stamp. <code bash> alias backup_nginx='sudo rsync -avh --progress /etc/nginx/ /home/user/storage/Nginx.Config//nginx_config_`date +"%Y%m%d"`/' </code> ---- ===== Configure Dynamic DNS ===== === Google Domains with ddclient === Dynamic DNS records are configured in [[https://google.com/domains|Google Domains]], then update IP using **ddclient**.[[https://support.google.com/domains/answer/6147083|Set Up Dynamic DNS]] in Google Domains. Keep ''generated credentials'' to use in ddclient. <code bash> sudo apt-get install ddclient </code> ''ddclient'' and related packages are installed and will pop up the screen to ask a few parameters. Just do it as you wish and exit quickly. This is not your big deal. \\ Edit ''/etc/ddclient.conf'' <code ini> protocol=dyndns2 ssl=yes use=web server=domains.google.com login=generated_username password=generated_password your_resource.your_domain.tld </code> If this configuration is not work when you run ''ddclient -noquiet'' with some WARNINGs because ddclient does not support Google Domains directly. Then change configuration file as followings: Google Domain ''protocol'' is **updated**, so use it directly. <code ini> protocol=googledomains use=web # this is essential. ssl=yes login=generated_username password=generated_password your_resource.your_domain.tld </code> Edit ''sudo crontab -e'' to run periodically or register as daemon to run start. ---- === Cloudflare with ddclient === Assume you already installed ''ddclient'' before this. --- [[:debian_common#google_domains_with_ddclient|Google Domains with ddclient]] It require a package ''libjson-any-perl'' <code bash> sudo apt-get install libjson-any-perl </code> edit ''/etc/ddclient.conf'' <code ini> ssl=yes use=web protocol=cloudflare, \ zone=yourhost.com, \ login=my-cloudflare-login@email.com, \ password=cloudflare-API-global-token \ ddns.yourhost.com, </code> ''login'' is email address for Cloudflare and ''password'' is API key string. Cloudflare(tm) with ''ddclient'' uses ''JSON'' format. <code bash> sudo ddclient -verbos -noquiet </code> ''Run'' with ''-verbos'' and ''-noquiet'' option to see the progress. Messages, if any, error(s) show up. ''add'' work in ''crontab'' with ''root permission'' <code bash> sudo crontab -e </code> 30 */2 * * * /usr/sbin/ddclient -quiet This ''crontab'' runs at minute 30 past every 2nd hour. ---- === FreeDNS with ddclient === Edit ''/etc/ddclient.conf'' <code ini> ssl=yes use=web protocol=freedns login=login_id password='account_password' ddns.yourhost.com </code> Add ''crontab'' schedule, <code bash> sudo crontab -e </code> ---- === NO-IP with ddclient === <code ini> protocol=dyndns2 server=dynupdate.no-ip.com login=your_login_id password=your_password your_domain.com </code> ---- === Google Domains with API === Create ''Synthetic record'' with Dynamic DNS option and keep ''generated credentials'' <code bash> #!/bin/bash ### Google Domains provides an API to update a DNS "Syntheitc record". This script ### updates a record with the script-runner's public IP, as resolved using a DNS ### lookup. ### ### Google Dynamic DNS: https://support.google.com/domains/answer/6147083 ### Synthetic Records: https://support.google.com/domains/answer/6069273 USERNAME="generated_id" PASSWORD="generated_password" HOSTNAME="yoursubdomain.yourdomain.here" # Resolve current public IP IP=$( dig +short myip.opendns.com @resolver1.opendns.com ) # Update Google DNS Record URL="https://${USERNAME}:${PASSWORD}@domains.google.com/nic/update?hostname=${HOSTNAME}&myip=${IP}" curl -s $URL </code> ---- === Cloudflare with API === Getting user's data from Cloudfalreβ’ Before, you set up the dynamic DNS from Cloudfalreβ’, you need to set **A record** with your desired domain name. If you want to use ''DDNS.DOMAIN.COM'' as your dynamic DNS. Put **A record** in ''**DOMAIN.COM**'' section. <hidden> .Cloudflare API v1 not available any more <code bash> curl https://www.cloudflare.com/api_json.html \ -d 'a=rec_load_all' \ -d 'tkn=8afbeYOUR0API0KEY0INdCLOUDFLARE0' \ -d 'email=YOU@DOMAIN.COM' \ -d 'z=DOMAIN.COM' </code> </hidden> <code bash> curl -X GET 'https://api.cloudflare.com/client/v4/zones/7140bd43dh357d0e8ee2ea786cef70ae/dns_records' \ -H 'X-Auth-Email: 'YOU@DOMAIN.COM \ -H 'X-Auth-Key: '8afbeYOUR0API0KEY0INdCLOUDFLARE0 \ -H 'Content-Type: application/json' </code> Check your ''Global API key'' for ''X-Auth-Key'' from [[https://www.cloudflare.com/a/profile|My Profiles]] and ''Zone ID'' can be found in your ''**DOMAIN.COM**'' page. This will shows bunch of strings and just copy them or your can make text file appending ''>> ~/cloudflare.json'' To find data you want, you need to arrange using [[http://jsonviewer.stack.hu/|Online JSON parser]] or your editor. Find out **''id''** value for specific domains. Here assume ''id'' for ''ddns.DOMAIN.COM'' under ''DOMAIN.COM'' is ''372e679540...86b9e0b59'' Make shell script. <hidden> .Cloudflare API v1 (not used any more) <code bash> #!/bin/sh NEW_IP=`curl ifconfig.me/ip` CURRENT_IP=`cat /var/tmp/current_ip.dat` if [ "$NEW_IP" = "$CURRENT_IP" ] then echo "No Change in IP Adddress" else curl https://www.cloudflare.com/api_json.html \ -d 'a=rec_edit' \ -d 'tkn=8afbeYOUR0API0KEY0INdCLOUDFLARE0' \ -d 'email=YOU@DOMAIN.COM' \ -d 'z=DOMAIN.COM' \ -d 'id=rec_id_FROMABOVE' \ -d 'type=A' \ -d 'name=DDNS.DOMAIN.COM' \ -d 'ttl=1' \ -d "content=$NEW_IP" echo $NEW_IP > /var/tmp/current_ip.dat fi </code> </hidden> <code bash> #!/bin/sh NEW_IP=`curl ifconfig.me/ip` CURRENT_IP=`cat /var/tmp/current_ip.dat` if [ "$NEW_IP" = "$CURRENT_IP" ] then echo "No Change in IP Adddress" else curl -X PUT 'https://api.cloudflare.com/client/v4/zones/7140bd43dh357d0e8ee2ea786cef70ae/dns_records/372e679540...86b9e0b59' \ -H 'X-Auth-Email: 'YOU@DOMAIN.COM \ -H 'X-Auth-Key: '8afbeYOUR0API0KEY0INdCLOUDFLARE0 \ -H 'Content-Type: application/json' \ --data '{ "type": "A", "name": "ddns.domain.com", "content": '\"$NEW_IP\"', "proxied": true }' echo $NEW_IP > /var/tmp/current_ip.dat fi </code> grant execute permission <code bash> sudo chmod +x ./ddns.sh </code> and touch file to record current IP address. <code bash> sudo touch /var/tmp/current_ip.dat </code> ''ifconfig.me/ip'' is API to retrieve external IP for Dynamic DNS. Alternatives are ''ifconfig.io/ip'' or ''api.ipify.org'' \\ If your script is ''/usr/bin/ddns.sh'', edit ''crontab'' to update IP periodically. <code bash> sudo crontab -e * */3 * * * /usr/bin/ddns.sh </code> Then the script runs every 3 hours. \\ [[https://meson.ml/2vJ5wOm|JΓΊnes's configuration and scripts]] {{fa>folder-open?color=#FFDF00}} WebDAV --- Updated on //2017/08/24 22:06// ---- ===== Disable unused settings ===== ==== Disable suspend mode ==== Disable / Ignore ''suspend mode'' of laptop for lasting online even when LCD lid is closed. ''Edit'' ''**/etc/systemd/logind.conf**'' <code ini> #HandlePowerKey=poweroff #HandleSuspendKey=suspend #HandleHibernateKey=hibernate #HandleLidSwitch=suspend </code> Comment out the items that you wish to edit. ''HandlePowerKey'' is for when pressing Power key. ''HandleSuspendKey'' is for suspend key (if exists). ''HandleHibernateKey'' is for hibernation key. And ''**HandleLidSwitch**'' is for lid panel. <code ini> #HandlePowerKey=poweroff #HandleSuspendKey=suspend #HandleHibernateKey=hibernate HandleLidSwitch=ignore </code> ---- ==== Disable Hardware Acceleration ==== <code bash> /etc/X11/xorg.conf.d/disable-gpu.conf Section "Extensions" Option "GLX" "Disable" EndSection </code> ---- ==== Disable power wireless off ==== <code bash> sudo iwconfig wlan0 power off </code> ---- ==== Disable Bluetooth service ==== <code bash> vi /etc/bluetooth/main.conf </code> Edit the line with ''AutoEnable'' with ''false'' <code ini> AutoEnable = false </code> A more radical way is to either stop the bluetooth service <code bash> sudo systemctl stop bluetooth.service </code> Or even more radical is to disable it permanently <code bash> sudo systemctl disable bluetooth </code> ---- ==== Debugging service ==== <code bash> sudo service stop sshd # ssd daemon for example /usr/sbin/sshd -d # need to specify full path </code> Find problem from messages in debugging mode. ---- ==== Configure locales ==== <code bash> sudo dpkg-reconfigure locales </code> Deselect unused ''locales'' and save them. ---- ===== Install Services ===== ==== Nextcloudβ’ ==== [[os_nextcloud|Nextcloud 101]] --- Nextcloud user's Guides ---- ===== Upgrade & Maintenance ===== ==== Major LTS upgrade ==== Upgrade from 18.04 LTS to 20.04 LTS (''Focal Fossa'') Official Guide on upgrade [[https://meson.in/2ALsTwg|How to upgrade from Ubuntu 18.04 LTS to 20.04 LTS today]] <sub> --- Updated on //2020/07/11 03:40// </sub> === Upgrade on the command line === Update all repository for packages, which already installed on the system. <code bash> sudo apt update && sudo apt dist-upgrade -y && sudo apt autoremove </code> Upgrade with major LTS with <code bash> sudo do-release-upgrade -d </code> Follow the procedures and finish. <code text> Some third party entries in your sources.list were disabled. You can re-enable them after the upgrade with the 'software-properties' tool or your package manager. </code> ---- ==== Fetch error during update ==== Error during update --- ''Failed to fetch'' or something like that <code bash> sudo apt-get clean sudo rm -vf /var/lib/apt/lists/* sudo rm -vf /var/lib/apt/lists/partial/* sudo apt-get update </code> Run ''update'' command several times until finishing fetches ---- ==== Upgrade php 7.x ==== Append additional source for php7.x latest, <code bash> sudo apt install software-properties-common sudo add-apt-repository ppa:ondrej/php </code> <code bash> wget -q https://packages.sury.org/php/apt.gpg -O- | sudo apt-key add - echo "deb https://packages.sury.org/php/ `lsb_release -cs` main" | sudo tee /etc/apt/sources.list.d/php.list </code> Append ''Nginx mainline'' packages <code bash> sudo add-apt-repository ppa:ondrej/nginx-mainline </code> Update source lists <code bash> sudo apt-get update </code> <code text> Reading package lists... Done E: The method driver /usr/lib/apt/methods/https could not be found. N: Is the package apt-transport-https installed? E: Failed to fetch https://packages.sury.org/php/dists/stretch/InRelease E: Some index files failed to download. They have been ignored, or old ones used instead. </code> When it comes to this errors, install additional packages for update, <code bash> sudo apt-get install ca-certificates apt-transport-https </code> Install php with latest version <code bash> sudo apt-get install php7.2 php7.2-cli php7.2-common php7.2-opcache php7.2-curl php7.2-mbstring php7.2-mysql php7.2-zip php7.2-xml </code> To verify the installation is completed run the following command: <code bash> php -v </code> ---- ==== Install & upgrade Nginx ==== Install the prerequisites: <code bash> sudo apt install curl gnupg2 ca-certificates lsb-release </code> To set up the apt repository for stable nginx packages, run the following command: <code bash> echo "deb http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" \ | sudo tee /etc/apt/sources.list.d/nginx.list </code> If you would like to use mainline nginx packages, run the following command instead: <code bash> echo "deb http://nginx.org/packages/mainline/ubuntu `lsb_release -cs` nginx" \ | sudo tee /etc/apt/sources.list.d/nginx.list </code> Next, import an official nginx signing key so apt could verify the packages authenticity: <code bash> curl -fsSL https://nginx.org/keys/nginx_signing.key | sudo apt-key add - </code> Verify that you now have the proper key: <code bash> sudo apt-key fingerprint ABF5BD827BD9BF62 </code> The output should contain the full fingerprint ''573B FD6B 3D8F BC64 1079 A6AB ABF5 BD82 7BD9 BF62'' as follows: <code txt> pub rsa2048 2011-08-19 [SC] [expires: 2024-06-14] 573B FD6B 3D8F BC64 1079 A6AB ABF5 BD82 7BD9 BF62 uid [ unknown] nginx signing key <signing-key@nginx.com> </code> To install nginx, run the following commands: <code bash> sudo apt update sudo apt install nginx </code> ---- ==== Upgrade mariadb ==== <button type="link" icon="mdi mdi-database-plus">[[https://downloads.mariadb.org/mariadb/repositories|Setting up MariaDB Repositories]]</button> Select ''Disto'', ''Release'' and ''Version'' and follow the instruction <code bash> sudo apt-get install software-properties-common sudo apt-key adv --fetch-keys 'https://mariadb.org/mariadb_release_signing_key.asc' sudo add-apt-repository 'deb [arch=amd64,arm64,ppc64el] https://ftp.harukasan.org/mariadb/repo/10.5/ubuntu focal main' </code> Once the key is imported and the repository added you can install MariaDB 10.5 from the MariaDB repository with: <code bash> sudo apt update sudo apt install mariadb-server </code> Check service is working correctly and installed version. <code bash> sudo mysql -uroot -p </code> Alternatively, edit ''/etc/apt/sources.list'' or add repository with command line. <code> # MariaDB 10.5 repository list - created 2020-08-31 04:34 UTC # http://downloads.mariadb.org/mariadb/repositories/ deb [arch=amd64] https://ftp.harukasan.org/mariadb/repo/10.5/ubuntu focal main deb-src https://ftp.harukasan.org/mariadb/repo/10.5/ubuntu focal main </code> If you need debug packages, add the debug component to your sources.list with: <code bash> sudo add-apt-repository 'deb [arch=amd64,arm64,ppc64el] https://ftp.harukasan.org/mariadb/repo/10.5/ubuntu focal main/debug' </code> MariaDB debug packages will now show up when searching for 'mariadb' with apt and are distinguished by the `-dbgsym` suffix. Debug packages are generally only needed during development and usually should not be installed unless you know that you need them. ---- ==== Basic commands 101 ==== {{fa>terminal?size=24&color=#AABBCC}} [[https://devhints.io/|Rico's cheatsheets]] -- first glimpse on {{fa>linux?color=#a80030}} **Linux commands** === rm === <code bash> rm -R \\ Remove directory, Recursively rm -i \\ Remove with confirmation rm -f \\ Force deletion of Files Directories rm -v \\ Show information of deletion process, Verbosely </code> ---- === ufw (firewalls) === <code bash> sudo ufw app list \\ show app list by firewall </code> <code bash> sudo ufw allow OpenSSH \\ allow OpenSSH sudo ufw enable sudo ufw status </code> ---- === udevadm === To retrieve hardware information such as serial number of product, <code bash> sudo udevadm info --query=all --name=/dev/sda </code> ---- === find string(s) in files === <code bash> find /path/to/files/ -type f | xargs grep -n 'string_to_search' </code> ---- === [output to file] === | | visible in terminal | | visible in file | | | | syntax | ''stdout'' | ''stderr'' | ''stdout'' | ''stderr'' | existing file | | | | | | | | | ''>'' | no | yes | yes | no | overwrite | | ''>>'' | no | yes | yes | no | append | | ''2>'' | yes | no | no | yes | overwrite | | ''2>>'' | yes | no | no | yes | append | | ''&>'' | no | no | yes | yes | overwrite | | ''&>>'' | no | no | yes | yes | append | | ''| tee'' | yes | yes | yes | no | overwrite | | ''| tee -a'' | yes | yes | yes | no | append | | ''|& tee'' | yes | yes | yes | yes | overwrite | | ''|& tee -a'' | yes | yes | yes | yes | append | | | | | | | | <code bash> command > output.txt </code> The standard output stream will be redirected to the file only, it will not be visible in the terminal. If the file already exists, it gets overwritten. <code bash> command >> output.txt </code> The standard output stream will be redirected to the file only, it will not be visible in the terminal. If the file already exists, the new data will get appended to the end of the file. <code bash> command 2> output.txt </code> The standard error stream will be redirected to the file only, it will not be visible in the terminal. If the file already exists, it gets overwritten. <code bash> command 2>> output.txt </code> The standard error stream will be redirected to the file only, it will not be visible in the terminal. If the file already exists, the new data will get appended to the end of the file. <code bash> command &> output.txt </code> Both the standard output and standard error stream will be redirected to the file only, nothing will be visible in the terminal. If the file already exists, it gets overwritten. <code bash> command &>> output.txt </code> Both the standard output and standard error stream will be redirected to the file only, nothing will be visible in the terminal. If the file already exists, the new data will get appended to the end of the file.. <code bash> command | tee output.txt </code> The standard output stream will be copied to the file, it will still be visible in the terminal. If the file already exists, it gets overwritten. <code bash> command | tee -a output.txt </code> The standard output stream will be copied to the file, it will still be visible in the terminal. If the file already exists, the new data will get appended to the end of the file. <code bash> (*) </code> Bash has no shorthand syntax that allows piping only StdErr to a second command, which would be needed here in combination with tee again to complete the table. If you really need something like that, please look at "How to pipe stderr, and not stdout?" on Stack Overflow for some ways how this can be done e.g. by swapping streams or using process substitution. <code bash> command |& tee output.txt </code> Both the standard output and standard error streams will be copied to the file while still being visible in the terminal. If the file already exists, it gets overwritten. <code bash> command |& tee -a output.txt </code> Both the standard output and standard error streams will be copied to the file while still being visible in the terminal. If the file already exists, the new data will get appended to the end of the file. ---- debian_common Last modified: 2024/04/18 08:58by JΓΊne Park