I always forget the file location, I always have to google to find askubuntu.com, so I document it here, then I find it faster.
Check if e reboot is needed, check for this file:
/var/run/reboot-required
Zufällig gesammelte Themen
I always forget the file location, I always have to google to find askubuntu.com, so I document it here, then I find it faster.
Check if e reboot is needed, check for this file:
/var/run/reboot-required
After you installed PiHole according to Install PiHole in docker-compose on Ubuntu Server you probably want to run regular updates.
With docker compose you simply could run this:
cd /opt/pihole/
sudo docker-compose stop
sudo docker-compose rm -f
sudo docker-compose pull
sudo docker-compose up -d
I want to have a separate Firefox profile for my Google-Account, primary used by Gmail.
I use Linux Mint 19.3 Tricia.
I want to have an own icon in the task list, and the Gmail profile should not be opened in the Firefox "Icon Group" (don't know the correct name)
firefox -P
~/.local/share/applications/GmailFF.desktop
and with this content:
[Desktop Entry]
Name=Gmail Firefox
Exec=firefox -P Google --no-remote --class GoogleFF
Comment=Open Firefox with Google Profile
Terminal=false
Icon=checkgmail
Type=Application
StartupNotify=True
StartupWMClass=GoogleFF
The magic is coming from StartupWMClass, now Firefox for profile Google opens like a different program (found at https://www.techrepublic.com/article/how-to-run-two-different-firefox-profiles-at-once-on-linux/)
Name
you defined above) and open the profile.
This will document how to install PiHole on an Ubuntu server. PiHole will run in docker-compose with couple including some volumes from the host, so data could be stored during updates. The docker container for pihole should be is ephemeral.
the following steps are done according to pi-hole/docker-pi-hole
Run this steps:
Install docker compose installed on yourserver.example.com with sudo apt install docker-compose
For the following use install folder /opt/pihole
create docker-compose.yaml in /opt/pihole/
, below is the final version incl the volumes which are added later:
* version: "3"
# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
services:
pihole:
container_name: pihole
hostname: yourserver-pihole
image: pihole/pihole:latest
ports:
- "53:53/tcp"
- "53:53/udp"
- "67:67/udp"
- "80:80/tcp"
- "443:443/tcp"
environment:
ADMIN_EMAIL: 'pihole@example.com'
DNS1: '9.9.9.9'
DNS2: '1.1.1.1'
PIHOLE_BASE: '/opt/pihole'
TZ: 'Europe/Zurich'
WEBPASSWORD: '...'
# Volumes store your data between container upgrades
volumes:
- './etc-pihole/:/etc/pihole/'
- './etc-dnsmasq.d/:/etc/dnsmasq.d/'
- './letsencrypt:/opt/letsencrypt/'
- './letsencrypt/lighttpd-external.conf:/etc/lighttpd/external.conf'
- './fakewebroot/.well-known:/var/www/html/.well-known'
# Recommended but not required (DHCP needs NET_ADMIN)
# https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
cap_add:
- NET_ADMIN
restart: unless-stopped
You now can start it with with: docker-compose up --detach
You now can connect to http://yourserver.example.com/admin, make sure you don't login with the defined WEBPASSWORD
, your conneciton isn't encrypted yet.
The Admin interface isn't encrypted yet, therefore we want to run the let's encrypt (certbot) on the host machine.
Below was done with information from https://discourse.pi-hole.net/t/enabling-https-for-your-pi-hole-web-interface/5771
/opt/pihole/fakewebroot
and /opt/pihole/letsencrypt
../letsencrypt:/opt/letsencrypt/
to copy the combined.pem and fullchain.pem in./fakewebroot/.well-known:/var/www/html/.well-known
which will be used by certbot for to safe the challengesudo certbot certonly --webroot /opt/pihole/fakewebroot/ -d yourserver.example.com
sudo cat /etc/letsencrypt/live/yourserver.example.com/privkey.pem /etc/letsencrypt/live/yourserver.example.com/cert.pem > /opt/pihole/letsencrypt/combined.pem
./letsencrypt/lighttpd-external.conf:/etc/lighttpd/external.conf
Add the following to the lighthttpd-external.conf
, make sure you have the correct file names for ssl.pemfile
and ssl.ca-file
:
$HTTP["host"] == "yourserver.example.com" {
# Ensure the Pi-hole Block Page knows that this is not a blocked domain
setenv.add-environment = ("fqdn" => "true")
# Enable the SSL engine with a LE cert, only for this specific host
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/opt/letsencrypt/combined.pem"
ssl.ca-file = "/opt/letsencrypt/fullchain.pem"
ssl.honor-cipher-order = "enable"
ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"
ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"
}
# Redirect HTTP to HTTPS
$HTTP["scheme"] == "http" {
$HTTP["host"] =~ ".*" {
url.redirect = (".*" => "https://%0$0")
}
}
}
In the section before we already added the well-known folder /opt/pihole/fakewebroot/
and it is already added as volume in docker-compose.yaml
We now need a post action for the timer renewing, create a post hook file. Add the file with
sudo vim /etc/letsencrypt/renewal-hooks/post/redeploy-docker.sh
With this content:
cat /etc/letsencrypt/live/yourserver.example.com/privkey.pem /etc/letsencrypt/live/yourserver.example.com/cert.pem > /opt/pihole/letsencrypt/combined.pem
cat /etc/letsencrypt/live/yourserver.example.com/fullchain.pem /etc/letsencrypt/live/yourserver.example.com/cert.pem > /opt/pihole/letsencrypt/fullchain.pem
/usr/bin/docker-compose -f /opt/pihole/docker-compose.yaml down &>/dev/null
/usr/bin/docker-compose -f /opt/pihole/docker-compose.yaml up --detach &>/dev/null
And make it executable
sudo chmod +x /etc/letsencrypt/renewal-hooks/post/redeploy-docker.sh
This will copy the new certificate in to the correct folder and ensures, the docker container es restarted, so it will have the new ceritificate.
You can test whether your script works properly with a dry-run
sudo certbot renew --dry-run
If docker ps
shows a new container id after that, the container was restarted successful.
With sudo openssl x509 -noout -text -in /opt/letsencrypt/combined.pem | grep Validity -A3
you will see, whether the new certificate was copied correctly (doesn't really work shortly after the installation, because you have no new certificate)
Now you can use the IP address of yourserver.example.com as you DNS server address.
You can now use https://yourserver.example.com/admin/ to check your server.
The goal is to connect Keepass2Android (used version 1.07b-r0) on Android to the Keepass database on a Hetzner Storage Box. In https://blog.chloesoe.ch/?p=546 it is described, how to connect and store your Keepass DB to the Storage Box.
Now we want to connect the mobile phone to that database.
pubkey_android
(you could change the key name at the end of the line of thet new file if you like).read -p "Enter your Hetzner's username: " USERNAME
rsync --progress -e 'ssh -p23' $USERNAME@$USERNAME.your-storagebox.de:.ssh/authorized_keys .
cat pubkey_android >> authorized_keys
rsync --progress -e 'ssh -p23' authorized_keys $USERNAME@$USERNAME.your-storagebox.de:.ssh/
First you have to make sure, your public key is at your .ssh/authorized_keys
on your StorageBox, see links provided at https://blog.chloesoe.ch/?p=541. Now you could add some aliases to your ~/.bashrc
, to safe your keepass db, do an additional backup to the folder keepass_backup
, and a command to list all backups:
~/.pws/hetzner-vars alias pwsave='rsync -v --progress -e ssh -p23 $KEEPASSPATH/$KEEPASSFILE $HETZNERUSER@$HETZNERUSER.your-storagebox.de:/home'
alias pwbackup=\'rsync -v --progress -e ssh -p23 $KEEPASSPATH/$KEEPASSFILE $HETZNERUSER@$HETZNERUSER.your-storagebox.de:/home/keepass_backup/${KEEPASSFILE}_$(date +%Y%m%d-%H%M)\'
alias pwlistbkp=\'ssh -p23 $HETZNERUSER@$HETZNERUSER.your-storagebox.de ls -l keepass_backup\' Your account details you have to put at
~/.pws/hetzner-vars
and looks like (adjust to your need): export HETZNERUSER=uXXXXXX export KEEPASSPATH=~/.pws export KEEPASSFILE=keepass-filename.kdbx Additionally you could add some functions in your .bashrc
:
pwgetbkp() {
echo List of all backups
pwlistbkp
read -p Type backup filename you want to restore: _restore
rsync -v --progress -e ssh -p23 $HETZNERUSER@$HETZNERUSER.your-storagebox.de:/home/keepass_backup/$_restore $_folder
}
pwdeletebkp() {
echo List of all backups
pwlistbkp
read -p Type backup filename you want to DELETE: _delete
echo rm /home/keepass_backup/$_delete | sftp -P23 $HETZNERUSER@$HETZNERUSER.your-storagebox.de
}
Unfortunately sshfs seems not to work anymore.
To get it run, first copy your public key to your storage box:
https://wiki.hetzner.de/index.php/Backup_Space_SSH_Keys.
Then to run rsync have a look at https://wiki.hetzner.de/index.php/Storage_Boxes#rsync.
On a Debian based Linux you can update the locals with:
update-locale LANG=de_CH.UTF-8
see also https://www.thomas-krenn.com/de/wiki/Locales_unter_Ubuntu_konfigurieren
https://www.freeplane.org/forum2012/viewtopic.php?f=1&t=631
It's in the preferences: Tools->Preferences->Behaviour->Selection method->By click.
To force every webapp to use https instead of http, add the following part in $TOMCATHOME/conf/web. Insert it at the second last line, before end tag </web-apps>
<security-constraint>
<web-resource-collection>
<web-resource-name>Entire Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>