« Ubuntu arm 18.04 » : différence entre les versions
De Banane Atomic
Aller à la navigationAller à la recherche
| (136 versions intermédiaires par le même utilisateur non affichées) | |||
| Ligne 18 : | Ligne 18 : | ||
# shutdown | # shutdown | ||
poweroff | poweroff | ||
</kode> | |||
= Astuces = | |||
<kode lang='bash'> | |||
# cp is by default an alias to cp -i | |||
# to use cp only: | |||
\cp | |||
# get OS version, kernel version, architecture, hostname | |||
hostnamectl | |||
# create a daemon user | |||
sudo useradd -r -s /usr/sbin/nologin -N -g nogroup <user> | |||
</kode> | |||
= Claim space = | |||
<kode lang='bash'> | |||
journalctl --disk-usage | |||
sudo journalctl --vacuum-time=30d | |||
sudo apt autoremove | |||
sudo du -sh /var/cache/apt | |||
sudo apt autoclean | |||
</kode> | </kode> | ||
| Ligne 28 : | Ligne 51 : | ||
</kode> | </kode> | ||
{{info | Utiliseur Apache: {{boxx|www-data}}}} | {{info | Utiliseur Apache: {{boxx|www-data}}}} | ||
= PHP = | |||
== [https://launchpad.net/~ondrej/+archive/ubuntu/php Upgrade to PHP 7.4+] == | |||
<kode lang='bash'> | |||
sudo add-apt-repository ppa:ondrej/php | |||
sudo add-apt-repository ppa:ondrej/apache2 | |||
# sudo add-apt-repository ppa:ondrej/nginx-mainline | |||
sudo apt update && sudo apt upgrade | |||
</kode> | |||
== Uninstall old versions == | |||
<kode lang='bash'> | |||
# list installed version of php | |||
dpkg -l "php*" | |||
# stop and disable php-fpm service | |||
sudo systemctl stop php5.6-fpm | |||
sudo systemctl disable php5.6-fpm | |||
# deactivate apache configuration if needed | |||
ls /etc/apache2/conf-enabled/php* | |||
# uninstall php 5.6 | |||
sudo apt purge php5.6-common | |||
</kode> | |||
= [https://doc.ubuntu-fr.org/mariadb MySql / MariaDb] = | = [https://doc.ubuntu-fr.org/mariadb MySql / MariaDb] = | ||
| Ligne 39 : | Ligne 88 : | ||
# status | # status | ||
systemctl status mysql | systemctl status mysql | ||
</kode> | |||
== [https://mariadb.org/download/?t=repo-config&d=18.04+LTS+%22bionic%22 Upgrade version] == | |||
<kode lang='bash'> | |||
# install apt-transport-https and curl if not yet installed | |||
sudo apt-get install apt-transport-https curl | |||
# add mariadb release signing key | |||
sudo curl -o /etc/apt/trusted.gpg.d/mariadb_release_signing_key.asc 'https://mariadb.org/mariadb_release_signing_key.asc' | |||
</kode> | |||
Add the repo | |||
<filebox fn='/etc/apt/sources.list.d/mariadb.list' lang='bash'> | |||
# MariaDB 10.10 repository list | |||
deb https://mirrors.ircam.fr/pub/mariadb/repo/10.10/ubuntu bionic main | |||
# deb-src https://mirrors.ircam.fr/pub/mariadb/repo/10.10/ubuntu bionic main | |||
# deb https://mirrors.ircam.fr/pub/mariadb/repo/10.10/ubuntu bionic main/debug | |||
</filebox> | |||
<kode lang='bash'> | |||
# backup | |||
# stop mariadb | |||
sc-stop mariadb | |||
# upgrade | |||
ai mariadb-server | |||
# start mariadb | |||
sc-start mariadb | |||
</kode> | </kode> | ||
| Ligne 56 : | Ligne 133 : | ||
= [https://www.mediawiki.org/wiki/Manual:Running_MediaWiki_on_Debian_or_Ubuntu Mediawiki] = | = [https://www.mediawiki.org/wiki/Manual:Running_MediaWiki_on_Debian_or_Ubuntu Mediawiki] = | ||
== Upgrade == | |||
<kode lang='bash'> | |||
# disable the website | |||
sudo a2dissite mediawiki.conf | |||
sc-reload apache2 | |||
wget https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.6.tar.gz | |||
tar xf mediawiki-*.tar.gz | |||
cd /var/www | |||
# backup the previous version | |||
sudo mv mediawiki mediawiki.bak | |||
sudo mv -T ~/downloads/mediawiki-* mediawiki | |||
sudo chown -R root:root mediawiki | |||
sudo chown -R www-data:www-data mediawiki/cache | |||
sudo chown -R www-data:www-data mediawiki/images | |||
sudo cp -R mediawiki.bak/images/* mediawiki/images | |||
# copy the custom extensions | |||
sudo cp -R mediawiki.bak/extensions/MyCustomExtension mediawiki/extensions | |||
# copy the LocalSettings | |||
sudo cp mediawiki.bak/LocalSettings.php mediawiki | |||
# upgrade the database | |||
cd mediawiki | |||
php maintenance/update.php | |||
# re-enable the website | |||
sudo a2ensite mediawiki.conf | |||
sc-reload apache2 | |||
# delete unused folder | |||
sudo rm -rf mediawiki.bak | |||
</kode> | |||
== Install == | |||
<kode lang='bash'> | <kode lang='bash'> | ||
wget https://releases.wikimedia.org/mediawiki/1. | wget https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.6.tar.gz | ||
tar | tar xf mediawiki-*.tar.gz | ||
sudo mv -T mediawiki-* /var/www/mediawiki | sudo mv -T mediawiki-* /var/www/mediawiki | ||
</kode> | </kode> | ||
| Ligne 138 : | Ligne 251 : | ||
== Client certificate == | == Client certificate == | ||
<kode lang='bash'> | <kode lang='bash'> | ||
./build-key [client-name] | # load variables | ||
source ./vars | |||
./build-key --pass [client-name] | |||
# --pass: Build password-protected key | |||
# --pkcs12: Build key in PKCS#12 format (*.p12 protected with password) | |||
# les fichiers suivants sont créés dans le dossier keys | # les fichiers suivants sont créés dans le dossier keys | ||
# 02.pem index.txt index.txt.attr client-name.crt client-name.csr client-name.key serial | # 02.pem index.txt index.txt.attr client-name.crt client-name.csr client-name.key serial | ||
# revoke certificate | |||
./revoke-full [client-name] | |||
</kode> | </kode> | ||
{{info | Le fichier {{boxx|keys/index.txt}} contient la liste des certificats valides et révoqués.}} | |||
== [[OpenVPN#Configuration_Serveur|Server configuration]] == | == [[OpenVPN#Configuration_Serveur|Server configuration]] == | ||
| Ligne 158 : | Ligne 280 : | ||
</filebox> | </filebox> | ||
<filebox fn='/etc/sysctl.conf'> | <kode lang='bash'> | ||
# start openvpn with server-name configuration | |||
sc-start openvpn-server@[server-name] | |||
</kode> | |||
=== IP forward === | |||
<filebox fn='/etc/sysctl.conf' lang='bash'> | |||
# Uncomment the next line to enable packet forwarding for IPv4 | # Uncomment the next line to enable packet forwarding for IPv4 | ||
net.ipv4.ip_forward=1 | net.ipv4.ip_forward=1 | ||
| Ligne 166 : | Ligne 294 : | ||
# reload sysctl | # reload sysctl | ||
sudo sysctl -p /etc/sysctl.conf | sudo sysctl -p /etc/sysctl.conf | ||
# restart the procps service | |||
sudo /etc/init.d/procps restart | |||
</kode> | |||
# | === [https://wiki.archlinux.org/index.php/OpenVPN#ufw Firewall] === | ||
<kode lang='bash'> | |||
sudo ufw allow 1194/udp comment 'OpenVPN udp port 1194' | |||
</kode> | </kode> | ||
<filebox fn='/etc/default/ufw' lang='bash'> | |||
DEFAULT_FORWARD_POLICY="ACCEPT" | |||
</filebox> | |||
<filebox fn='/etc/ufw/before.rules' lang='bash'> | |||
# ufw-before-forward | |||
# | |||
# START OPENVPN RULES | |||
# NAT table rules | |||
*nat | |||
:POSTROUTING ACCEPT [0:0] | |||
# Allow traffic from OpenVPN client to eth0 | |||
-A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE | |||
COMMIT | |||
# END OPENVPN RULES | |||
# Don't delete these required lines, otherwise there will be errors | |||
*filter | |||
</filebox> | |||
= [https://github.com/robbyrussell/oh-my-zsh zsh - oh my zsh] = | = [https://github.com/robbyrussell/oh-my-zsh zsh - oh my zsh] = | ||
| Ligne 206 : | Ligne 359 : | ||
nmcli c show <NAME> | nmcli c show <NAME> | ||
</kode> | </kode> | ||
= [https://netplan.io/ netplan] = | |||
<filebox fn='/etc/netplan/01-netcfg.yaml'> | |||
network: | |||
version: 2 | |||
renderer: NetworkManager | |||
ethernets: | |||
eth0: | |||
addresses: [192.168.0.x/24] | |||
gateway4: 192.168.0.y | |||
nameservers: | |||
addresses: [192.168.0.x, 192.168.0.y] | |||
</filebox> | |||
{{info | Renderers: {{boxx|NetworkManager}} {{boxx|networkd}}}} | |||
<kode lang='bash'> | |||
# tester la syntaxe (possibilité de revert) | |||
sudo netplan try | |||
sudo netplan generate | |||
sudo netplan apply | |||
# --debug if you run into some issues | |||
# créé le fichier /run/systemd/network/10-netplan-eth0.network | |||
# vérifier la configuration en cour | |||
netplan ip leases [interface] | |||
</kode> | |||
= [https://linuxize.com/post/how-to-install-pip-on-ubuntu-18.04 pip] = | |||
<kode lang='bash'> | |||
sudo apt install python3-pip | |||
# version 9.0.1 | |||
# install without sudo | |||
pip install [package] | |||
# installed in ~/.local/bin | |||
</kode> | |||
<filebox fn='.zshenv' lang=bash> | |||
export PATH=$PATH:"$HOME/.local/bin" | |||
</filebox> | |||
= [https://pypi.org/project/pip-safe pip-safe] = | |||
{{info | Add {{boxx|/usr/local/bin}} to your {{boxx|PATH}}}} | |||
<kode lang='bash'> | |||
# system-wide installation of a package | |||
sudo -H pip-safe --system install <package> | |||
# installs a package to /opt/pip-safe/<package> and symlinks its executable to /usr/local/bin | |||
# list installed packages | |||
pip-safe list | |||
# system-wide installation | |||
sudo mkdir -p /opt/pip-safe | |||
sudo chown [current-user]:[current-group] /opt/pip-safe | |||
python3 -m venv /opt/pip-safe/pip-safe | |||
/opt/pip-safe/pip-safe/bin/pip install pip-safe | |||
sudo chown root:root -R /opt/pip-safe | |||
sudo ln -s /opt/pip-safe/pip-safe/bin/pip-safe /usr/local/bin/pip-safe | |||
</kode> | |||
= Let's Encrypt = | |||
{{info | {{boxx|certbot}} version 0.27 is available via apt.<br> | |||
To get a newer version, use {{boxx|pip}} or {{boxx|pip-safe}}.}} | |||
<kode lang='bash'> | |||
sudo -H pip-safe --system install certbot-dns-ovh | |||
sudo ln -s /opt/pip-safe/certbot-dns-ovh/bin/certbot /usr/local/bin/certbot | |||
sudo python3 -m pip install -U certbot certbot-dns-ovh | |||
</kode> | |||
= Install useful bash tools with cargo = | |||
<kode lang='bash'> | |||
# fd !!! unable to install, memory overflow !!! | |||
cargo install fd-find | |||
# dust | |||
cargo install du-dust | |||
# rg | |||
cargo install ripgrep | |||
# bat | |||
cargo install bat | |||
# also installable with the deb package https://github.com/sharkdp/bat/releases | |||
# list packages installed with cargo | |||
cargo install --list | |||
# binaries are installed in ~/.cargo/bin | |||
</kode> | |||
<filebox fn='~/.zshenv' lang='bash'> | |||
export PATH=$PATH:"$HOME/.cargo/bin" | |||
</filebox> | |||
* [https://crates.io/ Rust community’s crate registry] | |||
= [https://github.com/nicolargo/glances Glances] = | = [https://github.com/nicolargo/glances Glances] = | ||
| Ligne 256 : | Ligne 505 : | ||
"rpc-whitelist": "127.0.0.1,192.168.x.x", | "rpc-whitelist": "127.0.0.1,192.168.x.x", | ||
"peer-port": 51413, | "peer-port": 51413, | ||
"download-dir": "/var/lib/transmission-daemon/downloads", | |||
"incomplete-dir": "/var/lib/transmission-daemon/downloads", | |||
"incomplete-dir-enabled": false, | |||
} | } | ||
</filebox> | </filebox> | ||
| Ligne 292 : | Ligne 544 : | ||
ECPort=4712 | ECPort=4712 | ||
ECPassword=ef7628c92bff39c0b3532d36a617cf09 | ECPassword=ef7628c92bff39c0b3532d36a617cf09 | ||
</filebox> | |||
= [[DLNA_uPNP#ReadyMedia_.2F_MiniDLNA|MiniDLNA]] = | |||
<kode lang='bash'> | |||
# install | |||
sudo apt install minidlna | |||
</kode> | |||
* [[Ufw#Applications_custom|Ufw and MiniDLNA]] | |||
= .NET Core = | |||
* [https://learn.microsoft.com/en-us/dotnet/core/install/linux-ubuntu-1804 Install .NET SDK or .NET Runtime on Ubuntu 18.04] | |||
== Installation == | |||
* [https://dotnet.microsoft.com/download/dotnet-core/ Download the ASP.NET Core Runtime] → Linux ARM64 Binaries | |||
<kode lang='bash'> | |||
# download the archive | |||
wget https://download.visualstudio.microsoft.com/download/.../aspnetcore-runtime-x-linux-arm64.tar.gz | |||
# create the dotnet folder | |||
mkdir dotnet | |||
# extract the archive in the dotnet folder | |||
tar zxf aspnetcore-runtime-x-linux-arm64.tar.gz -C dotnet | |||
sudo mv dotnet /usr/share | |||
sudo chown root:root -R /usr/share/dotnet | |||
export DOTNET_ROOT=/usr/share/dotnet | |||
export PATH=$PATH:/usr/share/dotnet | |||
# test | |||
dotnet --info | |||
# sdk | |||
wget https://download.visualstudio.microsoft.com/download/.../dotnet-sdk-x-linux-arm64.tar.gz | |||
tar xzf dotnet-sdk-x-linux-arm64.tar.gz | |||
</kode> | |||
<filebox fn='~/.zshenv' lang='bash'> | |||
# .NET Core | |||
export DOTNET_ROOT="/usr/share/dotnet" | |||
export PATH=$PATH:"/usr/share/dotnet" | |||
</filebox> | |||
== Console == | |||
<kode lang='bash' collapsed> | |||
# create the project | |||
dotnet new console -o dotnet-console | |||
# build the project | |||
cd dotnet-console | |||
dotnet build | |||
# run the binary | |||
bin/Debug/netcoreapp3.1/dotnet-console | |||
</kode> | |||
== ASP.NET Core with React.js and Redux == | |||
<kode lang='bash' collapsed> | |||
# create the project | |||
dotnet new reactredux -o dotnet-reactredux | |||
# install node.js and npm | |||
sudo apt install nodejs npm | |||
# build the project | |||
cd dotnet-reactredux | |||
dotnet build | |||
# start the server | |||
dotnet run | |||
</kode> | |||
* [[Apache_et_ubuntu#Dotnet_core|Apache et dotnet core]] | |||
== [[Blazor_.NET_Core_3.1|Blazor]] == | |||
= [https://docs.microsoft.com/en-us/sql/linux/quickstart-install-connect-ubuntu?view=sql-server-linux-ver15 SQL Server 2019] = | |||
{{warn | SQL Server is not supported on ARM architecture.}} | |||
= Gitweb = | |||
<kode lang='bash'> | |||
sudo apt install gitweb | |||
# /etc/apache2/conf-available/gitweb.conf | |||
# /etc/gitweb.conf | |||
# /usr/lib/cgi-bin/gitweb.cgi -> ../../share/gitweb/gitweb.cgi (installed by git) | |||
# enable cgid module if not already done | |||
sudo apachectl -M | grep cgi | |||
# cgid_module (shared) | |||
sudo a2enmod cgid | |||
</kode> | |||
== Use gitolite repositories == | |||
<filebox fn='/etc/gitweb.conf' lang=perl> | |||
$projectroot = "/var/lib/gitolite3/repositories"; | |||
</filebox> | |||
<kode lang='bash'> | |||
# only user gitolite3 can access to /var/lib/gitolite3/repositories | |||
# and gitweb runs under the www-data user | |||
# here is a way to give access at user www-data to /var/lib/gitolite3/repositories | |||
sudo setfacl -RPm u:www-data:rX /var/lib/gitolite3/repositories | |||
</kode> | |||
= [https://ubuntu.com/server/docs/service-gitolite Gitolite] = | |||
<kode lang='bash'> | |||
# before install copy your local ssh public key to the server (~/.ssh/id_rsa.pub → /tmp/<user>.pub) | |||
sudo apt install gitolite3 | |||
# during installation a ssh public key is asked to allow the administrator to login, select the ssh public key you copied to the server | |||
# installation creates the user gitolite3 and its home directory /var/lib/gitolite3 | |||
# test if it worked | |||
ssh gitolite3@<server> info | |||
# hello admin, this is gitolite3@<server> running gitolite3 3.6.7-2 (Debian) on git 2.17.1 | |||
# clone the admin repository | |||
git clone gitolite3@<server>:gitolite-admin | |||
# create a new repo | |||
# clone gitolite-admin repo, edit gitolite.conf to add the repo, commit the change | |||
# add the newly created remote repository to your already existing local git repo | |||
git remote add origin gitolite3@<server>:<project> | |||
# push and set the remote as upstream | |||
git push --set-upstream origin main | |||
</kode> | |||
<filebox fn='conf/gitolite.conf' lang=bash> | |||
# add new repo | |||
repo new_repo | |||
RW+ = @all | |||
</filebox> | |||
{{warn | Commit and push to apply changes.}} | |||
{{warn | Ensure the {{boxx|gitolite3}} user is allowed in the ssh config file {{boxx|/etc/ssh/sshd_config}}}} | |||
= [https://about.gitlab.com/install/#ubuntu GitLab] = | |||
{{warn | Not supported on ARM architecture}} | |||
<kode lang='bash'> | |||
# install and configure the necessary dependencies | |||
sudo apt install curl openssh-server ca-certificates postfix | |||
# add the GitLab package repository (package source /etc/apt/sources.list.d/ and GPG keys) | |||
curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh | sudo bash | |||
# installation | |||
sudo EXTERNAL_URL="https://gitlab.example.com" apt-get install gitlab-ce | |||
</kode> | |||
= Roundcube = | |||
{{warn | 1=Version available {{boxx|1.3.6}} supports PHP version >=5.4 <=7.3}} | |||
<filebox fn='/etc/apache2/sites-available/roundcube.conf' lang='xml'> | |||
<FilesMatch "\.php$"> | |||
# force php 7.4 | |||
SetHandler "proxy:unix:/run/php/php7.4-fpm.sock|fcgi://localhost" | |||
SSLOptions +StdEnvVars | |||
</FilesMatch> | |||
</filebox> | </filebox> | ||
| Ligne 319 : | Ligne 725 : | ||
</kode> | </kode> | ||
* [[Archlinux_installation#.2Fetc.2Flocale.gen|locale]] | * [[Archlinux_installation#.2Fetc.2Flocale.gen|locale]] | ||
= Errors = | |||
== [https://askubuntu.com/questions/356689/ubuntu-man-command-display-blank-pages Blank man pages] == | |||
<kode lang='bash'> | |||
sudo apt install apparmor-utils | |||
sudo aa-disable /usr/bin/man | |||
</kode> | |||
Dernière version du 5 juillet 2023 à 22:43
Liens
Commandes
|
# mise à jour adg sudo apt update && sudo apt upgrade # reboot reboot # shutdown poweroff |
Astuces
|
|
# cp is by default an alias to cp -i # to use cp only: \cp # get OS version, kernel version, architecture, hostname hostnamectl # create a daemon user sudo useradd -r -s /usr/sbin/nologin -N -g nogroup <user> |
Claim space
|
|
journalctl --disk-usage sudo journalctl --vacuum-time=30d sudo apt autoremove sudo du -sh /var/cache/apt sudo apt autoclean |
Apache
- Dossier de déploiement des web sites /var/www/html
- Dossier des configurations des web sites /etc/apache2/sites-available
|
|
# service apache systemctl restart apache2 |
 |
Utiliseur Apache: www-data |
PHP
Upgrade to PHP 7.4+
|
|
sudo add-apt-repository ppa:ondrej/php sudo add-apt-repository ppa:ondrej/apache2 # sudo add-apt-repository ppa:ondrej/nginx-mainline sudo apt update && sudo apt upgrade |
Uninstall old versions
|
|
# list installed version of php dpkg -l "php*" # stop and disable php-fpm service sudo systemctl stop php5.6-fpm sudo systemctl disable php5.6-fpm # deactivate apache configuration if needed ls /etc/apache2/conf-enabled/php* # uninstall php 5.6 sudo apt purge php5.6-common |
MySql / MariaDb
 |
L'utilisateur root utilise par défaut l'authentification unix_socket. Il faut donc utiliser sudo pour se connecter avec root et non pas le mdp. |
|
|
sudo apt install mariadb-server # connexion avec root après l'installation sudo mysql # status systemctl status mysql |
Upgrade version
|
|
# install apt-transport-https and curl if not yet installed sudo apt-get install apt-transport-https curl # add mariadb release signing key sudo curl -o /etc/apt/trusted.gpg.d/mariadb_release_signing_key.asc 'https://mariadb.org/mariadb_release_signing_key.asc' |
Add the repo
| /etc/apt/sources.list.d/mariadb.list |
# MariaDB 10.10 repository list deb https://mirrors.ircam.fr/pub/mariadb/repo/10.10/ubuntu bionic main # deb-src https://mirrors.ircam.fr/pub/mariadb/repo/10.10/ubuntu bionic main # deb https://mirrors.ircam.fr/pub/mariadb/repo/10.10/ubuntu bionic main/debug |
|
|
# backup # stop mariadb sc-stop mariadb # upgrade ai mariadb-server # start mariadb sc-start mariadb |
phpmyadmin
|
|
sudo apt install phpmyadmin # coller dans ncurse: Shift + Insert # login: phpmyadmin # url: http://myserver/phpmyadmin |
|
# accorder tous les privilèges au compte phpmyadmin GRANT ALL ON *.* TO 'phpmyadmin'@'localhost' WITH GRANT OPTION; FLUSH PRIVILEGES; |
Mediawiki
Upgrade
|
|
# disable the website sudo a2dissite mediawiki.conf sc-reload apache2 wget https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.6.tar.gz tar xf mediawiki-*.tar.gz cd /var/www # backup the previous version sudo mv mediawiki mediawiki.bak sudo mv -T ~/downloads/mediawiki-* mediawiki sudo chown -R root:root mediawiki sudo chown -R www-data:www-data mediawiki/cache sudo chown -R www-data:www-data mediawiki/images sudo cp -R mediawiki.bak/images/* mediawiki/images # copy the custom extensions sudo cp -R mediawiki.bak/extensions/MyCustomExtension mediawiki/extensions # copy the LocalSettings sudo cp mediawiki.bak/LocalSettings.php mediawiki # upgrade the database cd mediawiki php maintenance/update.php # re-enable the website sudo a2ensite mediawiki.conf sc-reload apache2 # delete unused folder sudo rm -rf mediawiki.bak |
Install
|
|
wget https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.6.tar.gz tar xf mediawiki-*.tar.gz sudo mv -T mediawiki-* /var/www/mediawiki |
|
|
# peut-être pas nécessaire car fait lors de la configuration CREATE USER 'my_user'@'localhost' IDENTIFIED BY 'password'; CREATE DATABASE my_wiki; USE my_wiki; GRANT ALL ON my_wiki.* TO 'my_user'@'localhost'; |
SSH
openssh est déjà installé et démarré.
|
|
# sshfs sudo apt install sshfs |
OpenVPN
CA certificate
|
Avec Ubuntu les serveurs CA et VPN sont sur la même machine. |
| ~/openvpn-ca/vars |
export KEY_COUNTRY="FR" export KEY_PROVINCE="Paris" export KEY_CITY="Paris" export KEY_ORG="MyOrg" export KEY_EMAIL="admin@domain.fr" export KEY_OU="MyUnit" # X509 Subject Field export KEY_NAME="myservername" |
|
|
# copie le contenu du dossier /usr/share/easy-rsa make-cadir ~/openvpn-ca cd ~/openvpn-ca # load variables source ./vars ./clean-all # create CA files (keys/ca.crt, keys/ca.key) ./build-ca |
Server certificate
|
|
# le fichier openssl.cnf n'existe plus. Il s’appelle openssl-1.0.0.cnf. Il faut donc le lier ln -s openssl-1.0.0.cnf openssl.cnf # create missing .rnd file dd if=/dev/urandom of=$HOME/.rnd bs=256 count=1 # generate a certificate and private key for the server ./build-key-server myservername # les fichiers suivants sont créés dans le dossier keys # 01.pem index.txt index.txt.attr myservername.crt myservername.csr myservername.key serial # generate Diffie Hellman parameters ./build-dh # generate an HMAC signature openvpn --genkey --secret keys/ta.key # copy certificates and keys cd keys/ cp ca.crt myservername.crt myservername.key ta.key dh2048.pem /etc/openvpn/server |
Client certificate
|
|
# load variables source ./vars ./build-key --pass [client-name] # --pass: Build password-protected key # --pkcs12: Build key in PKCS#12 format (*.p12 protected with password) # les fichiers suivants sont créés dans le dossier keys # 02.pem index.txt index.txt.attr client-name.crt client-name.csr client-name.key serial # revoke certificate ./revoke-full [client-name] |
|
Le fichier keys/index.txt contient la liste des certificats valides et révoqués. |
Server configuration
|
|
# copier le fichier de configuration d'exemple sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/server sudo gzip -d /etc/openvpn/server/server.conf.gz |
| /etc/openvpn/server/server.conf |
ca ca.crt cert [server-name].crt key [server-name].key dh dh2048.pem tls-auth ta.key 0 |
|
|
# start openvpn with server-name configuration sc-start openvpn-server@[server-name] |
IP forward
| /etc/sysctl.conf |
# Uncomment the next line to enable packet forwarding for IPv4 net.ipv4.ip_forward=1 |
|
|
# reload sysctl sudo sysctl -p /etc/sysctl.conf # restart the procps service sudo /etc/init.d/procps restart |
Firewall
|
|
sudo ufw allow 1194/udp comment 'OpenVPN udp port 1194' |
| /etc/default/ufw |
DEFAULT_FORWARD_POLICY="ACCEPT" |
| /etc/ufw/before.rules |
# ufw-before-forward # # START OPENVPN RULES # NAT table rules *nat :POSTROUTING ACCEPT [0:0] # Allow traffic from OpenVPN client to eth0 -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE COMMIT # END OPENVPN RULES # Don't delete these required lines, otherwise there will be errors *filter |
zsh - oh my zsh
|
|
apt install zsh zsh-syntax-highlighting # zsh install zsh-common # install oh-my-zsh et change de shell sh -c "$(wget https://raw.githubusercontent.com/robbyrussell/oh-my-zsh/master/tools/install.sh -O -)" |
| ~/.zshrc |
# plugins plugins=(common-aliases debian extract git sudo systemd wd) # don't store in history commands prefixed with a space (test with: history | tail) setopt HIST_IGNORE_SPACE # zsh-syntax-highlighting, doit être sourcé en dernier source /usr/share/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh |
- zsh-antigen: plugin manager
- zsh-theme-powerlevel9k: Powerline theme
Network Manager
|
|
# vérifier que le packet est installé dpkg -l "network-manager" # vérifier que le service fonctionne sc-status NetworkManager # lister les connections nmcli c show # afficher les détails d'une connection nmcli c show <NAME> |
netplan
| /etc/netplan/01-netcfg.yaml |
network:
version: 2
renderer: NetworkManager
ethernets:
eth0:
addresses: [192.168.0.x/24]
gateway4: 192.168.0.y
nameservers:
addresses: [192.168.0.x, 192.168.0.y]
|
|
Renderers: NetworkManager networkd |
|
|
# tester la syntaxe (possibilité de revert) sudo netplan try sudo netplan generate sudo netplan apply # --debug if you run into some issues # créé le fichier /run/systemd/network/10-netplan-eth0.network # vérifier la configuration en cour netplan ip leases [interface] |
pip
|
|
sudo apt install python3-pip # version 9.0.1 # install without sudo pip install [package] # installed in ~/.local/bin |
| .zshenv |
export PATH=$PATH:"$HOME/.local/bin" |
pip-safe
|
Add /usr/local/bin to your PATH |
|
|
# system-wide installation of a package sudo -H pip-safe --system install <package> # installs a package to /opt/pip-safe/<package> and symlinks its executable to /usr/local/bin # list installed packages pip-safe list # system-wide installation sudo mkdir -p /opt/pip-safe sudo chown [current-user]:[current-group] /opt/pip-safe python3 -m venv /opt/pip-safe/pip-safe /opt/pip-safe/pip-safe/bin/pip install pip-safe sudo chown root:root -R /opt/pip-safe sudo ln -s /opt/pip-safe/pip-safe/bin/pip-safe /usr/local/bin/pip-safe |
Let's Encrypt
|
certbot version 0.27 is available via apt. To get a newer version, use pip or pip-safe. |
|
|
sudo -H pip-safe --system install certbot-dns-ovh sudo ln -s /opt/pip-safe/certbot-dns-ovh/bin/certbot /usr/local/bin/certbot sudo python3 -m pip install -U certbot certbot-dns-ovh |
Install useful bash tools with cargo
|
|
# fd !!! unable to install, memory overflow !!! cargo install fd-find # dust cargo install du-dust # rg cargo install ripgrep # bat cargo install bat # also installable with the deb package https://github.com/sharkdp/bat/releases # list packages installed with cargo cargo install --list # binaries are installed in ~/.cargo/bin |
| ~/.zshenv |
export PATH=$PATH:"$HOME/.cargo/bin" |
Glances
Service web équivalent à top. Service accessible via host:61208
|
|
apt install glances # démarrer le service web glances -w |
Reverse proxy to the Glances Web UI
| /etc/apache2/sites-available/000-default.conf |
# redirect host:80/glances to host:61208
RewriteEngine on
RewriteCond %{HTTP_REFERER} ^https?://[^/]+/glances
RewriteCond %{REQUEST_URI} !^/glances
RewriteCond %{THE_REQUEST} ^GET
RewriteRule ^/(.*) /glances/$1 [QSA,R]
ProxyPass /glances/ http://localhost:61208/
ProxyPassReverse /glances/ http://localhost:61208/
Redirect permanent /glances http://n2/glances/
|
Start Glances through Systemd
| /etc/systemd/system/glances-web-ui.service |
[Unit] Description=Glances Web UI After=network.target [Service] ExecStart=/usr/bin/glances -w Restart=on-abort [Install] WantedBy=multi-user.target |
Torrent
|
|
sudo apt install transmission-daemon # transmission-cli transmission-common sc-status transmission-daemon |
| /etc/transmission-daemon/settings.json |
{
"rpc-port": 9091,
"rpc-whitelist": "127.0.0.1,192.168.x.x",
"peer-port": 51413,
"download-dir": "/var/lib/transmission-daemon/downloads",
"incomplete-dir": "/var/lib/transmission-daemon/downloads",
"incomplete-dir-enabled": false,
}
|
Amule
|
|
sudo apt install amule-daemon sc-status amule-daemon # create an amule user useradd -r -d /var/lib/amule-daemon -s /usr/sbin/nologin amule # generate md5 hash from password echo -n password | md5sum | cut -d ' ' -f1 |
| /etc/default/amule-daemon |
# The init.d script will only run if this variable non-empty. AMULED_USER="amule" # You can set this variable to make the daemon use an alternative HOME. # The daemon will use $AMULED_HOME/.aMule as the directory, so if you # want to have $AMULED_HOME the real root (with an Incoming and Temp # directories), you can do `ln -s . $AMULED_HOME/.aMule`. AMULED_HOME="/var/lib/amule-daemon" |
| /var/lib/amule-daemon/.aMule/amule.conf |
Port=4662 UDPPort=4672 TempDir=/var/lib/amule-daemon/.aMule/Temp IncomingDir=/var/lib/amule-daemon/.aMule/Incoming [ExternalConnect] ECPort=4712 ECPassword=ef7628c92bff39c0b3532d36a617cf09 |
MiniDLNA
|
|
# install sudo apt install minidlna |
.NET Core
Installation
- Download the ASP.NET Core Runtime → Linux ARM64 Binaries
|
|
# download the archive wget https://download.visualstudio.microsoft.com/download/.../aspnetcore-runtime-x-linux-arm64.tar.gz # create the dotnet folder mkdir dotnet # extract the archive in the dotnet folder tar zxf aspnetcore-runtime-x-linux-arm64.tar.gz -C dotnet sudo mv dotnet /usr/share sudo chown root:root -R /usr/share/dotnet export DOTNET_ROOT=/usr/share/dotnet export PATH=$PATH:/usr/share/dotnet # test dotnet --info # sdk wget https://download.visualstudio.microsoft.com/download/.../dotnet-sdk-x-linux-arm64.tar.gz tar xzf dotnet-sdk-x-linux-arm64.tar.gz |
| ~/.zshenv |
# .NET Core export DOTNET_ROOT="/usr/share/dotnet" export PATH=$PATH:"/usr/share/dotnet" |
Console
|
|
# create the project dotnet new console -o dotnet-console # build the project cd dotnet-console dotnet build # run the binary bin/Debug/netcoreapp3.1/dotnet-console |
ASP.NET Core with React.js and Redux
|
|
# create the project dotnet new reactredux -o dotnet-reactredux # install node.js and npm sudo apt install nodejs npm # build the project cd dotnet-reactredux dotnet build # start the server dotnet run |
Blazor
SQL Server 2019
|
SQL Server is not supported on ARM architecture. |
Gitweb
|
|
sudo apt install gitweb # /etc/apache2/conf-available/gitweb.conf # /etc/gitweb.conf # /usr/lib/cgi-bin/gitweb.cgi -> ../../share/gitweb/gitweb.cgi (installed by git) # enable cgid module if not already done sudo apachectl -M | grep cgi # cgid_module (shared) sudo a2enmod cgid |
Use gitolite repositories
| /etc/gitweb.conf |
$projectroot = "/var/lib/gitolite3/repositories"; |
|
|
# only user gitolite3 can access to /var/lib/gitolite3/repositories # and gitweb runs under the www-data user # here is a way to give access at user www-data to /var/lib/gitolite3/repositories sudo setfacl -RPm u:www-data:rX /var/lib/gitolite3/repositories |
Gitolite
|
|
# before install copy your local ssh public key to the server (~/.ssh/id_rsa.pub → /tmp/<user>.pub) sudo apt install gitolite3 # during installation a ssh public key is asked to allow the administrator to login, select the ssh public key you copied to the server # installation creates the user gitolite3 and its home directory /var/lib/gitolite3 # test if it worked ssh gitolite3@<server> info # hello admin, this is gitolite3@<server> running gitolite3 3.6.7-2 (Debian) on git 2.17.1 # clone the admin repository git clone gitolite3@<server>:gitolite-admin # create a new repo # clone gitolite-admin repo, edit gitolite.conf to add the repo, commit the change # add the newly created remote repository to your already existing local git repo git remote add origin gitolite3@<server>:<project> # push and set the remote as upstream git push --set-upstream origin main |
| conf/gitolite.conf |
# add new repo
repo new_repo
RW+ = @all
|
|
Commit and push to apply changes. |
|
Ensure the gitolite3 user is allowed in the ssh config file /etc/ssh/sshd_config |
GitLab
|
Not supported on ARM architecture |
|
|
# install and configure the necessary dependencies sudo apt install curl openssh-server ca-certificates postfix # add the GitLab package repository (package source /etc/apt/sources.list.d/ and GPG keys) curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh | sudo bash # installation sudo EXTERNAL_URL="https://gitlab.example.com" apt-get install gitlab-ce |
Roundcube
|
Version available 1.3.6 supports PHP version >=5.4 <=7.3 |
| /etc/apache2/sites-available/roundcube.conf |
<FilesMatch "\.php$">
# force php 7.4
SetHandler "proxy:unix:/run/php/php7.4-fpm.sock|fcgi://localhost"
SSLOptions +StdEnvVars
</FilesMatch>
|
Installation
|
|
# ajouter un compte (-m: create the user's home directory) sudo useradd -m -G users,sudo <username> # changer le mot de passe d'un autre compte sudo passwd <username> # afficher la configuration courante (se reloguer pour voir les changements) locale # liste les locales disponibles locale -a # ajouter une locale (modifie le fichier /etc/locale.gen) sudo locale-gen fr_CH.UTF-8 # définir une LANG (modifie la fichier /etc/default/locale) update-locale LANG=fr_CH.UTF-8 # get current time zone timedatectl status # list all available time zone timedatectl list-timezones # set a timezone sudo timedatectl set-timezone Europe/Paris |
Errors
Blank man pages
|
|
sudo apt install apparmor-utils sudo aa-disable /usr/bin/man |
