« Ubuntu arm 18.04 » : différence entre les versions

De Banane Atomic
Aller à la navigationAller à la recherche
 
(112 versions intermédiaires par le même utilisateur non affichées)
Ligne 18 : Ligne 18 :
# shutdown
# shutdown
poweroff
poweroff
</kode>
= Astuces =
<kode lang='bash'>
# cp is by default an alias to cp -i
# to use cp only:
\cp
# get OS version, kernel version, architecture, hostname
hostnamectl
# create a daemon user
sudo useradd -r -s /usr/sbin/nologin -N -g nogroup <user>
</kode>
= Claim space =
<kode lang='bash'>
journalctl --disk-usage
sudo journalctl --vacuum-time=30d
sudo apt autoremove
sudo du -sh /var/cache/apt
sudo apt autoclean
</kode>
</kode>


Ligne 28 : Ligne 51 :
</kode>
</kode>
{{info | Utiliseur Apache: {{boxx|www-data}}}}
{{info | Utiliseur Apache: {{boxx|www-data}}}}
= PHP =
== [https://launchpad.net/~ondrej/+archive/ubuntu/php Upgrade to PHP 7.4+] ==
<kode lang='bash'>
sudo add-apt-repository ppa:ondrej/php
sudo add-apt-repository ppa:ondrej/apache2
# sudo add-apt-repository ppa:ondrej/nginx-mainline
sudo apt update && sudo apt upgrade
</kode>
== Uninstall old versions ==
<kode lang='bash'>
# list installed version of php
dpkg -l "php*"
# stop and disable php-fpm service
sudo systemctl stop php5.6-fpm
sudo systemctl disable php5.6-fpm
# deactivate apache configuration if needed
ls /etc/apache2/conf-enabled/php*
# uninstall php 5.6
sudo apt purge php5.6-common
</kode>


= [https://doc.ubuntu-fr.org/mariadb MySql / MariaDb] =
= [https://doc.ubuntu-fr.org/mariadb MySql / MariaDb] =
Ligne 39 : Ligne 88 :
# status
# status
systemctl status mysql
systemctl status mysql
</kode>
== [https://mariadb.org/download/?t=repo-config&d=18.04+LTS+%22bionic%22 Upgrade version] ==
<kode lang='bash'>
# install apt-transport-https and curl if not yet installed
sudo apt-get install apt-transport-https curl
# add mariadb release signing key
sudo curl -o /etc/apt/trusted.gpg.d/mariadb_release_signing_key.asc 'https://mariadb.org/mariadb_release_signing_key.asc'
</kode>
Add the repo
<filebox fn='/etc/apt/sources.list.d/mariadb.list' lang='bash'>
# MariaDB 10.10 repository list
deb https://mirrors.ircam.fr/pub/mariadb/repo/10.10/ubuntu bionic main
# deb-src https://mirrors.ircam.fr/pub/mariadb/repo/10.10/ubuntu bionic main
# deb https://mirrors.ircam.fr/pub/mariadb/repo/10.10/ubuntu bionic main/debug
</filebox>
<kode lang='bash'>
# backup
# stop mariadb
sc-stop mariadb
# upgrade
ai mariadb-server
# start mariadb
sc-start mariadb
</kode>
</kode>


Ligne 56 : Ligne 133 :


= [https://www.mediawiki.org/wiki/Manual:Running_MediaWiki_on_Debian_or_Ubuntu Mediawiki] =
= [https://www.mediawiki.org/wiki/Manual:Running_MediaWiki_on_Debian_or_Ubuntu Mediawiki] =
== Upgrade ==
<kode lang='bash'>
<kode lang='bash'>
wget https://releases.wikimedia.org/mediawiki/1.33/mediawiki-1.33.0.tar.gz
# disable the website
tar -xzf /mediawiki-*.tar.gz
sudo a2dissite mediawiki.conf
sc-reload apache2
 
wget https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.6.tar.gz
tar xf mediawiki-*.tar.gz
 
cd /var/www
# backup the previous version
sudo mv mediawiki mediawiki.bak
 
sudo mv -T ~/downloads/mediawiki-* mediawiki
sudo chown -R root:root mediawiki
sudo chown -R www-data:www-data mediawiki/cache
sudo chown -R www-data:www-data mediawiki/images
sudo cp -R mediawiki.bak/images/* mediawiki/images
# copy the custom extensions
sudo cp -R mediawiki.bak/extensions/MyCustomExtension mediawiki/extensions
# copy the LocalSettings
sudo cp mediawiki.bak/LocalSettings.php mediawiki
 
# upgrade the database
cd mediawiki
php maintenance/update.php
 
# re-enable the website
sudo a2ensite mediawiki.conf
sc-reload apache2
 
# delete unused folder
sudo rm -rf mediawiki.bak
</kode>
 
== Install ==
<kode lang='bash'>
wget https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.6.tar.gz
tar xf mediawiki-*.tar.gz
sudo mv -T mediawiki-* /var/www/mediawiki
sudo mv -T mediawiki-* /var/www/mediawiki
</kode>
</kode>
Ligne 138 : Ligne 251 :
== Client certificate ==
== Client certificate ==
<kode lang='bash'>
<kode lang='bash'>
./build-key [client-name]
# load variables
source ./vars
 
./build-key --pass [client-name]
# --pass: Build password-protected key
# --pkcs12: Build key in PKCS#12 format (*.p12 protected with password)
# les fichiers suivants sont créés dans le dossier keys
# les fichiers suivants sont créés dans le dossier keys
# 02.pem index.txt index.txt.attr client-name.crt client-name.csr client-name.key serial
# 02.pem index.txt index.txt.attr client-name.crt client-name.csr client-name.key serial
# revoke certificate
./revoke-full [client-name]
</kode>
</kode>
{{info | Le fichier {{boxx|keys/index.txt}} contient la liste des certificats valides et révoqués.}}


== [[OpenVPN#Configuration_Serveur|Server configuration]] ==
== [[OpenVPN#Configuration_Serveur|Server configuration]] ==
Ligne 238 : Ligne 360 :
</kode>
</kode>


= netplan =
= [https://netplan.io/ netplan] =
<filebox fn='/etc/netplan/01-netcfg.yaml'>
<filebox fn='/etc/netplan/01-netcfg.yaml'>
network:
network:
     version: 2
     version: 2
    renderer: NetworkManager
     ethernets:
     ethernets:
         eth0:
         eth0:
Ligne 249 : Ligne 372 :
                 addresses: [192.168.0.x, 192.168.0.y]
                 addresses: [192.168.0.x, 192.168.0.y]
</filebox>
</filebox>
{{info | Renderers: {{boxx|NetworkManager}} {{boxx|networkd}}}}


<kode lang='bash'>
<kode lang='bash'>
Ligne 257 : Ligne 381 :
sudo netplan apply
sudo netplan apply
# --debug if you run into some issues
# --debug if you run into some issues
# créé les fichiers /run/systemd/network/10-netplan-eno1.link et /run/systemd/network/10-netplan-eno1.network
# créé le fichier /run/systemd/network/10-netplan-eth0.network


# vérifier la configuration en cour
# vérifier la configuration en cour
netplan ip leases [interface]
netplan ip leases [interface]
</kode>
</kode>
= [https://linuxize.com/post/how-to-install-pip-on-ubuntu-18.04 pip] =
<kode lang='bash'>
sudo apt install python3-pip
# version 9.0.1
# install without sudo
pip install [package]
# installed in ~/.local/bin
</kode>
<filebox fn='.zshenv' lang=bash>
export PATH=$PATH:"$HOME/.local/bin"
</filebox>
= [https://pypi.org/project/pip-safe pip-safe] =
{{info | Add {{boxx|/usr/local/bin}} to your {{boxx|PATH}}}}
<kode lang='bash'>
# system-wide installation of a package
sudo -H pip-safe --system install <package> 
# installs a package to /opt/pip-safe/<package> and symlinks its executable to /usr/local/bin
# list installed packages
pip-safe list
# system-wide installation
sudo mkdir -p /opt/pip-safe
sudo chown [current-user]:[current-group] /opt/pip-safe
python3 -m venv /opt/pip-safe/pip-safe
/opt/pip-safe/pip-safe/bin/pip install pip-safe
sudo chown root:root -R /opt/pip-safe
sudo ln -s /opt/pip-safe/pip-safe/bin/pip-safe /usr/local/bin/pip-safe
</kode>
= Let's Encrypt =
{{info | {{boxx|certbot}} version 0.27 is available via apt.<br>
To get a newer version, use {{boxx|pip}} or {{boxx|pip-safe}}.}}
<kode lang='bash'>
sudo -H pip-safe --system install certbot-dns-ovh
sudo ln -s /opt/pip-safe/certbot-dns-ovh/bin/certbot /usr/local/bin/certbot
sudo python3 -m pip install -U certbot certbot-dns-ovh
</kode>
= Install useful bash tools with cargo =
<kode lang='bash'>
# fd !!! unable to install, memory overflow !!!
cargo install fd-find
# dust
cargo install du-dust
# rg
cargo install ripgrep
# bat
cargo install bat
# also installable with the deb package https://github.com/sharkdp/bat/releases
# list packages installed with cargo
cargo install --list
# binaries are installed in ~/.cargo/bin
</kode>
<filebox fn='~/.zshenv' lang='bash'>
export PATH=$PATH:"$HOME/.cargo/bin"
</filebox>
* [https://crates.io/ Rust community’s crate registry]


= [https://github.com/nicolargo/glances Glances] =
= [https://github.com/nicolargo/glances Glances] =
Ligne 312 : Ligne 505 :
     "rpc-whitelist": "127.0.0.1,192.168.x.x",
     "rpc-whitelist": "127.0.0.1,192.168.x.x",
     "peer-port": 51413,
     "peer-port": 51413,
    "download-dir": "/var/lib/transmission-daemon/downloads",
    "incomplete-dir": "/var/lib/transmission-daemon/downloads",
    "incomplete-dir-enabled": false,
}
}
</filebox>
</filebox>
Ligne 349 : Ligne 545 :
ECPassword=ef7628c92bff39c0b3532d36a617cf09
ECPassword=ef7628c92bff39c0b3532d36a617cf09
</filebox>
</filebox>
= [[DLNA_uPNP#ReadyMedia_.2F_MiniDLNA|MiniDLNA]] =
<kode lang='bash'>
# install
sudo apt install minidlna
</kode>
* [[Ufw#Applications_custom|Ufw and MiniDLNA]]


= .NET Core =
= .NET Core =
* [https://docs.microsoft.com/en-us/dotnet/core/install/dependencies?tabs=netcore31&pivots=os-linux .NET Core dependencies and requirements]
* [https://learn.microsoft.com/en-us/dotnet/core/install/linux-ubuntu-1804 Install .NET SDK or .NET Runtime on Ubuntu 18.04]
{{warn | ARM64 support requires Linux kernel 4.14 or higher.}}


== Installation ==
== Installation ==
* [https://dotnet.microsoft.com/download/dotnet-core/thank-you/sdk-3.1.100-linux-arm64-binaries Téléchargement Linux ARM64 Binaries]
* [https://dotnet.microsoft.com/download/dotnet-core/ Download the ASP.NET Core Runtime] → Linux ARM64 Binaries
<kode lang='bash'>
<kode lang='bash'>
mkdir ~/dotnet
# download the archive
cd ~/dotnet
wget https://download.visualstudio.microsoft.com/download/.../aspnetcore-runtime-x-linux-arm64.tar.gz
# create the dotnet folder
mkdir dotnet
# extract the archive in the dotnet folder
tar zxf aspnetcore-runtime-x-linux-arm64.tar.gz -C dotnet


wget https://download.visualstudio.microsoft.com/download/pr/5a4c8f96-1c73-401c-a6de-8e100403188a/0ce6ab39747e2508366d498f9c0a0669/dotnet-sdk-3.1.100-linux-arm64.tar.gz
sudo mv dotnet /usr/share
wget https://download.visualstudio.microsoft.com/download/pr/e7c893c5-726a-40aa-8a13-7ae6f1e3ee4e/8ba7467756a3fb1778f02f1ca98ca1ee/aspnetcore-runtime-3.1.0-linux-arm64.tar.gz
sudo chown root:root -R /usr/share/dotnet


tar xzvf dotnet-sdk-3.1.100-linux-arm64.tar.gz
export DOTNET_ROOT=/usr/share/dotnet
tar xzvf aspnetcore-runtime-3.1.0-linux-arm64.tar.gz
export PATH=$PATH:/usr/share/dotnet
 
export DOTNET_ROOT=$HOME/dotnet
export PATH=$PATH:$HOME/dotnet


# test
# test
dotnet --info
dotnet --info
# sdk
wget https://download.visualstudio.microsoft.com/download/.../dotnet-sdk-x-linux-arm64.tar.gz
tar xzf dotnet-sdk-x-linux-arm64.tar.gz
</kode>
</kode>


<filebox fn='~/.zshenv' lang='bash'>
<filebox fn='~/.zshenv' lang='bash'>
# .NET Core 3.1
# .NET Core
export DOTNET_ROOT="$HOME/dotnet"
export DOTNET_ROOT="/usr/share/dotnet"
export PATH=$PATH:"$HOME/dotnet"
export PATH=$PATH:"/usr/share/dotnet"
</filebox>
</filebox>


Ligne 410 : Ligne 618 :


== [[Blazor_.NET_Core_3.1|Blazor]] ==
== [[Blazor_.NET_Core_3.1|Blazor]] ==
= [https://docs.microsoft.com/en-us/sql/linux/quickstart-install-connect-ubuntu?view=sql-server-linux-ver15 SQL Server 2019] =
{{warn | SQL Server is not supported on ARM architecture.}}
= Gitweb =
<kode lang='bash'>
sudo apt install gitweb
# /etc/apache2/conf-available/gitweb.conf
# /etc/gitweb.conf
# /usr/lib/cgi-bin/gitweb.cgi -> ../../share/gitweb/gitweb.cgi (installed by git)
# enable cgid module if not already done
sudo apachectl -M | grep cgi
# cgid_module (shared)
sudo a2enmod cgid
</kode>
== Use gitolite repositories ==
<filebox fn='/etc/gitweb.conf' lang=perl>
$projectroot = "/var/lib/gitolite3/repositories";
</filebox>
<kode lang='bash'>
# only user gitolite3 can access to /var/lib/gitolite3/repositories
# and gitweb runs under the www-data user
# here is a way to give access at user www-data to /var/lib/gitolite3/repositories
sudo setfacl -RPm u:www-data:rX /var/lib/gitolite3/repositories
</kode>
= [https://ubuntu.com/server/docs/service-gitolite Gitolite] =
<kode lang='bash'>
# before install copy your local ssh public key to the server (~/.ssh/id_rsa.pub → /tmp/<user>.pub)
sudo apt install gitolite3
# during installation a ssh public key is asked to allow the administrator to login, select the ssh public key you copied to the server
# installation creates the user gitolite3 and its home directory /var/lib/gitolite3
# test if it worked
ssh gitolite3@<server> info
# hello admin, this is gitolite3@<server> running gitolite3 3.6.7-2 (Debian) on git 2.17.1
# clone the admin repository
git clone gitolite3@<server>:gitolite-admin
# create a new repo
# clone gitolite-admin repo, edit gitolite.conf to add the repo, commit the change
# add the newly created remote repository to your already existing local git repo
git remote add origin gitolite3@<server>:<project>
# push and set the remote as upstream
git push --set-upstream origin main
</kode>
<filebox fn='conf/gitolite.conf' lang=bash>
# add new repo
repo new_repo
    RW+    =  @all
</filebox>
{{warn | Commit and push to apply changes.}}
{{warn | Ensure the {{boxx|gitolite3}} user is allowed in the ssh config file {{boxx|/etc/ssh/sshd_config}}}}
= [https://about.gitlab.com/install/#ubuntu GitLab] =
{{warn | Not supported on ARM architecture}}
<kode lang='bash'>
# install and configure the necessary dependencies
sudo apt install curl openssh-server ca-certificates postfix
# add the GitLab package repository (package source /etc/apt/sources.list.d/ and GPG keys)
curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh | sudo bash
# installation
sudo EXTERNAL_URL="https://gitlab.example.com" apt-get install gitlab-ce
</kode>
= Roundcube =
{{warn | 1=Version available {{boxx|1.3.6}} supports PHP version >=5.4 <=7.3}}
<filebox fn='/etc/apache2/sites-available/roundcube.conf' lang='xml'>
    <FilesMatch "\.php$">
        # force php 7.4
        SetHandler "proxy:unix:/run/php/php7.4-fpm.sock|fcgi://localhost"
        SSLOptions +StdEnvVars
    </FilesMatch>
</filebox>


= Installation =
= Installation =
Ligne 436 : Ligne 725 :
</kode>
</kode>
* [[Archlinux_installation#.2Fetc.2Flocale.gen|locale]]
* [[Archlinux_installation#.2Fetc.2Flocale.gen|locale]]
= Errors =
== [https://askubuntu.com/questions/356689/ubuntu-man-command-display-blank-pages Blank man pages] ==
<kode lang='bash'>
sudo apt install apparmor-utils
sudo aa-disable /usr/bin/man
</kode>

Dernière version du 5 juillet 2023 à 22:43

Liens

Commandes

Bash.svg
# mise à jour
adg
sudo apt update && sudo apt upgrade

# reboot
reboot

# shutdown
poweroff

Astuces

Bash.svg
# cp is by default an alias to cp -i
# to use cp only:
\cp

# get OS version, kernel version, architecture, hostname
hostnamectl

# create a daemon user
sudo useradd -r -s /usr/sbin/nologin -N -g nogroup <user>

Claim space

Bash.svg
journalctl --disk-usage
sudo journalctl --vacuum-time=30d

sudo apt autoremove
sudo du -sh /var/cache/apt
sudo apt autoclean

Apache

  • Dossier de déploiement des web sites /var/www/html
  • Dossier des configurations des web sites /etc/apache2/sites-available
Bash.svg
# service apache
systemctl restart apache2
Utiliseur Apache: www-data

PHP

Upgrade to PHP 7.4+

Bash.svg
sudo add-apt-repository ppa:ondrej/php
sudo add-apt-repository ppa:ondrej/apache2
# sudo add-apt-repository ppa:ondrej/nginx-mainline

sudo apt update && sudo apt upgrade

Uninstall old versions

Bash.svg
# list installed version of php
dpkg -l "php*"

# stop and disable php-fpm service
sudo systemctl stop php5.6-fpm
sudo systemctl disable php5.6-fpm

# deactivate apache configuration if needed
ls /etc/apache2/conf-enabled/php*

# uninstall php 5.6
sudo apt purge php5.6-common

MySql / MariaDb

L'utilisateur root utilise par défaut l'authentification unix_socket.
Il faut donc utiliser sudo pour se connecter avec root et non pas le mdp.
Bash.svg
sudo apt install mariadb-server
# connexion avec root après l'installation
sudo mysql

# status
systemctl status mysql

Upgrade version

Bash.svg
# install apt-transport-https and curl if not yet installed
sudo apt-get install apt-transport-https curl

# add mariadb release signing key
sudo curl -o /etc/apt/trusted.gpg.d/mariadb_release_signing_key.asc 'https://mariadb.org/mariadb_release_signing_key.asc'

Add the repo

/etc/apt/sources.list.d/mariadb.list
# MariaDB 10.10 repository list

deb https://mirrors.ircam.fr/pub/mariadb/repo/10.10/ubuntu bionic main
# deb-src https://mirrors.ircam.fr/pub/mariadb/repo/10.10/ubuntu bionic main
# deb https://mirrors.ircam.fr/pub/mariadb/repo/10.10/ubuntu bionic main/debug
Bash.svg
# backup
# stop mariadb
sc-stop mariadb
# upgrade
ai mariadb-server
# start mariadb
sc-start mariadb

phpmyadmin

Bash.svg
sudo apt install phpmyadmin
# coller dans ncurse: Shift + Insert
# login: phpmyadmin
# url: http://myserver/phpmyadmin
Mysql.svg
# accorder tous les privilèges au compte phpmyadmin
GRANT ALL ON *.* TO 'phpmyadmin'@'localhost' WITH GRANT OPTION;
FLUSH PRIVILEGES;

Mediawiki

Upgrade

Bash.svg
# disable the website
sudo a2dissite mediawiki.conf
sc-reload apache2

wget https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.6.tar.gz
tar xf mediawiki-*.tar.gz

cd /var/www
# backup the previous version
sudo mv mediawiki mediawiki.bak

sudo mv -T ~/downloads/mediawiki-* mediawiki
sudo chown -R root:root mediawiki
sudo chown -R www-data:www-data mediawiki/cache
sudo chown -R www-data:www-data mediawiki/images
sudo cp -R mediawiki.bak/images/* mediawiki/images
# copy the custom extensions
sudo cp -R mediawiki.bak/extensions/MyCustomExtension mediawiki/extensions
# copy the LocalSettings
sudo cp mediawiki.bak/LocalSettings.php mediawiki

# upgrade the database
cd mediawiki
php maintenance/update.php

# re-enable the website
sudo a2ensite mediawiki.conf
sc-reload apache2

# delete unused folder
sudo rm -rf mediawiki.bak

Install

Bash.svg
wget https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.6.tar.gz
tar xf mediawiki-*.tar.gz
sudo mv -T mediawiki-* /var/www/mediawiki
Mysql.svg
# peut-être pas nécessaire car fait lors de la configuration
CREATE USER 'my_user'@'localhost' IDENTIFIED BY 'password';
CREATE DATABASE my_wiki;
USE my_wiki;

GRANT ALL ON my_wiki.* TO 'my_user'@'localhost';

SSH

openssh est déjà installé et démarré.

Bash.svg
# sshfs
sudo apt install sshfs

OpenVPN

CA certificate

Avec Ubuntu les serveurs CA et VPN sont sur la même machine.
~/openvpn-ca/vars
export KEY_COUNTRY="FR"
export KEY_PROVINCE="Paris"
export KEY_CITY="Paris"
export KEY_ORG="MyOrg"
export KEY_EMAIL="admin@domain.fr"
export KEY_OU="MyUnit"

# X509 Subject Field
export KEY_NAME="myservername"
Bash.svg
# copie le contenu du dossier /usr/share/easy-rsa
make-cadir ~/openvpn-ca
cd ~/openvpn-ca

# load variables
source ./vars
./clean-all

# create CA files (keys/ca.crt, keys/ca.key) 
./build-ca

Server certificate

Bash.svg
# le fichier openssl.cnf n'existe plus. Il s’appelle openssl-1.0.0.cnf. Il faut donc le lier
ln -s openssl-1.0.0.cnf openssl.cnf
# create missing .rnd file
dd if=/dev/urandom of=$HOME/.rnd bs=256 count=1

# generate a certificate and private key for the server
./build-key-server myservername
# les fichiers suivants sont créés dans le dossier keys
# 01.pem index.txt index.txt.attr myservername.crt myservername.csr myservername.key serial

# generate Diffie Hellman parameters
./build-dh
# generate an HMAC signature
openvpn --genkey --secret keys/ta.key

# copy certificates and keys
cd keys/
cp ca.crt myservername.crt myservername.key ta.key dh2048.pem /etc/openvpn/server

Client certificate

Bash.svg
# load variables
source ./vars

./build-key --pass [client-name]
# --pass: Build password-protected key
# --pkcs12: Build key in PKCS#12 format (*.p12 protected with password)
# les fichiers suivants sont créés dans le dossier keys
# 02.pem index.txt index.txt.attr client-name.crt client-name.csr client-name.key serial

# revoke certificate
./revoke-full [client-name]
Le fichier keys/index.txt contient la liste des certificats valides et révoqués.

Server configuration

Bash.svg
# copier le fichier de configuration d'exemple
sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/server
sudo gzip -d /etc/openvpn/server/server.conf.gz
/etc/openvpn/server/server.conf
ca ca.crt
cert [server-name].crt
key [server-name].key
dh dh2048.pem
tls-auth ta.key 0
Bash.svg
# start openvpn with server-name configuration
sc-start openvpn-server@[server-name]

IP forward

/etc/sysctl.conf
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
Bash.svg
# reload sysctl
sudo sysctl -p /etc/sysctl.conf
# restart the procps service
sudo /etc/init.d/procps restart

Firewall

Bash.svg
sudo ufw allow 1194/udp comment 'OpenVPN udp port 1194'
/etc/default/ufw
DEFAULT_FORWARD_POLICY="ACCEPT"
/etc/ufw/before.rules
#   ufw-before-forward
#

# START OPENVPN RULES
# NAT table rules
*nat
:POSTROUTING ACCEPT [0:0]
# Allow traffic from OpenVPN client to eth0
-A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
COMMIT
# END OPENVPN RULES

# Don't delete these required lines, otherwise there will be errors
*filter

zsh - oh my zsh

Bash.svg
apt install zsh zsh-syntax-highlighting
# zsh install zsh-common

# install oh-my-zsh et change de shell
sh -c "$(wget https://raw.githubusercontent.com/robbyrussell/oh-my-zsh/master/tools/install.sh -O -)"
~/.zshrc
# plugins
plugins=(common-aliases debian extract git sudo systemd wd)

# don't store in history commands prefixed with a space (test with: history | tail)
setopt HIST_IGNORE_SPACE

# zsh-syntax-highlighting, doit être sourcé en dernier
source /usr/share/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh

Network Manager

Bash.svg
# vérifier que le packet est installé
dpkg -l "network-manager"

# vérifier que le service fonctionne
sc-status NetworkManager

# lister les connections
nmcli c show
# afficher les détails d'une connection
nmcli c show <NAME>

netplan

/etc/netplan/01-netcfg.yaml
network:
    version: 2
    renderer: NetworkManager
    ethernets:
        eth0:
            addresses: [192.168.0.x/24]
            gateway4: 192.168.0.y
            nameservers:
                addresses: [192.168.0.x, 192.168.0.y]
Renderers: NetworkManager networkd
Bash.svg
# tester la syntaxe (possibilité de revert)
sudo netplan try

sudo netplan generate
sudo netplan apply
# --debug if you run into some issues
# créé le fichier /run/systemd/network/10-netplan-eth0.network

# vérifier la configuration en cour
netplan ip leases [interface]

pip

Bash.svg
sudo apt install python3-pip
# version 9.0.1

# install without sudo
pip install [package]
# installed in ~/.local/bin
.zshenv
export PATH=$PATH:"$HOME/.local/bin"

pip-safe

Add /usr/local/bin to your PATH
Bash.svg
# system-wide installation of a package
sudo -H pip-safe --system install <package>  
# installs a package to /opt/pip-safe/<package> and symlinks its executable to /usr/local/bin

# list installed packages
pip-safe list

# system-wide installation
sudo mkdir -p /opt/pip-safe
sudo chown [current-user]:[current-group] /opt/pip-safe
python3 -m venv /opt/pip-safe/pip-safe
/opt/pip-safe/pip-safe/bin/pip install pip-safe
sudo chown root:root -R /opt/pip-safe
sudo ln -s /opt/pip-safe/pip-safe/bin/pip-safe /usr/local/bin/pip-safe

Let's Encrypt

certbot version 0.27 is available via apt.
To get a newer version, use pip or pip-safe.
Bash.svg
sudo -H pip-safe --system install certbot-dns-ovh
sudo ln -s /opt/pip-safe/certbot-dns-ovh/bin/certbot /usr/local/bin/certbot

sudo python3 -m pip install -U certbot certbot-dns-ovh

Install useful bash tools with cargo

Bash.svg
# fd !!! unable to install, memory overflow !!!
cargo install fd-find

# dust
cargo install du-dust

# rg
cargo install ripgrep

# bat
cargo install bat
# also installable with the deb package https://github.com/sharkdp/bat/releases

# list packages installed with cargo
cargo install --list
# binaries are installed in ~/.cargo/bin
~/.zshenv
export PATH=$PATH:"$HOME/.cargo/bin"

Glances

Service web équivalent à top. Service accessible via host:61208

Bash.svg
apt install glances

# démarrer le service web
glances -w

Reverse proxy to the Glances Web UI

/etc/apache2/sites-available/000-default.conf
# redirect host:80/glances to host:61208
RewriteEngine on
RewriteCond %{HTTP_REFERER} ^https?://[^/]+/glances
RewriteCond %{REQUEST_URI} !^/glances
RewriteCond %{THE_REQUEST} ^GET
RewriteRule ^/(.*) /glances/$1 [QSA,R]
ProxyPass /glances/ http://localhost:61208/
ProxyPassReverse /glances/ http://localhost:61208/
Redirect permanent /glances http://n2/glances/

Start Glances through Systemd

/etc/systemd/system/glances-web-ui.service
[Unit]
Description=Glances Web UI
After=network.target

[Service]
ExecStart=/usr/bin/glances -w
Restart=on-abort

[Install]
WantedBy=multi-user.target

Torrent

Bash.svg
sudo apt install transmission-daemon
# transmission-cli transmission-common

sc-status transmission-daemon
/etc/transmission-daemon/settings.json
{
    "rpc-port": 9091,
    "rpc-whitelist": "127.0.0.1,192.168.x.x",
    "peer-port": 51413,
    "download-dir": "/var/lib/transmission-daemon/downloads",
    "incomplete-dir": "/var/lib/transmission-daemon/downloads",
    "incomplete-dir-enabled": false,
}

Amule

Bash.svg
sudo apt install amule-daemon

sc-status amule-daemon

# create an amule user
useradd -r -d /var/lib/amule-daemon -s /usr/sbin/nologin amule

# generate md5 hash from password
echo -n password | md5sum | cut -d ' ' -f1
/etc/default/amule-daemon
# The init.d script will only run if this variable non-empty.
AMULED_USER="amule"

# You can set this variable to make the daemon use an alternative HOME.
# The daemon will use $AMULED_HOME/.aMule as the directory, so if you
# want to have $AMULED_HOME the real root (with an Incoming and Temp
# directories), you can do `ln -s . $AMULED_HOME/.aMule`.
AMULED_HOME="/var/lib/amule-daemon"
/var/lib/amule-daemon/.aMule/amule.conf
Port=4662
UDPPort=4672
TempDir=/var/lib/amule-daemon/.aMule/Temp
IncomingDir=/var/lib/amule-daemon/.aMule/Incoming

[ExternalConnect]
ECPort=4712
ECPassword=ef7628c92bff39c0b3532d36a617cf09

MiniDLNA

Bash.svg
# install
sudo apt install minidlna

.NET Core

Installation

Bash.svg
# download the archive
wget https://download.visualstudio.microsoft.com/download/.../aspnetcore-runtime-x-linux-arm64.tar.gz
# create the dotnet folder
mkdir dotnet
# extract the archive in the dotnet folder
tar zxf aspnetcore-runtime-x-linux-arm64.tar.gz -C dotnet

sudo mv dotnet /usr/share
sudo chown root:root -R /usr/share/dotnet

export DOTNET_ROOT=/usr/share/dotnet
export PATH=$PATH:/usr/share/dotnet

# test
dotnet --info

# sdk
wget https://download.visualstudio.microsoft.com/download/.../dotnet-sdk-x-linux-arm64.tar.gz
tar xzf dotnet-sdk-x-linux-arm64.tar.gz
~/.zshenv
# .NET Core
export DOTNET_ROOT="/usr/share/dotnet"
export PATH=$PATH:"/usr/share/dotnet"

Console

Bash.svg
# create the project
dotnet new console -o dotnet-console

# build the project
cd dotnet-console
dotnet build

# run the binary
bin/Debug/netcoreapp3.1/dotnet-console

ASP.NET Core with React.js and Redux

Bash.svg
# create the project
dotnet new reactredux -o dotnet-reactredux

# install node.js and npm
sudo apt install nodejs npm

# build the project
cd dotnet-reactredux
dotnet build

# start the server
dotnet run

Blazor

SQL Server 2019

SQL Server is not supported on ARM architecture.

Gitweb

Bash.svg
sudo apt install gitweb
# /etc/apache2/conf-available/gitweb.conf
# /etc/gitweb.conf
# /usr/lib/cgi-bin/gitweb.cgi -> ../../share/gitweb/gitweb.cgi (installed by git)

# enable cgid module if not already done
sudo apachectl -M | grep cgi
# cgid_module (shared)
sudo a2enmod cgid

Use gitolite repositories

/etc/gitweb.conf
$projectroot = "/var/lib/gitolite3/repositories";
Bash.svg
# only user gitolite3 can access to /var/lib/gitolite3/repositories
# and gitweb runs under the www-data user
# here is a way to give access at user www-data to /var/lib/gitolite3/repositories
sudo setfacl -RPm u:www-data:rX /var/lib/gitolite3/repositories

Gitolite

Bash.svg
# before install copy your local ssh public key to the server (~/.ssh/id_rsa.pub → /tmp/<user>.pub)
sudo apt install gitolite3
# during installation a ssh public key is asked to allow the administrator to login, select the ssh public key you copied to the server
# installation creates the user gitolite3 and its home directory /var/lib/gitolite3

# test if it worked
ssh gitolite3@<server> info
# hello admin, this is gitolite3@<server> running gitolite3 3.6.7-2 (Debian) on git 2.17.1

# clone the admin repository
git clone gitolite3@<server>:gitolite-admin

# create a new repo
# clone gitolite-admin repo, edit gitolite.conf to add the repo, commit the change
# add the newly created remote repository to your already existing local git repo
git remote add origin gitolite3@<server>:<project>
# push and set the remote as upstream
git push --set-upstream origin main
conf/gitolite.conf
# add new repo
repo new_repo
    RW+     =   @all
Commit and push to apply changes.
Ensure the gitolite3 user is allowed in the ssh config file /etc/ssh/sshd_config

GitLab

Not supported on ARM architecture
Bash.svg
# install and configure the necessary dependencies 
sudo apt install curl openssh-server ca-certificates postfix

# add the GitLab package repository (package source /etc/apt/sources.list.d/ and GPG keys)
curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh | sudo bash

# installation
sudo EXTERNAL_URL="https://gitlab.example.com" apt-get install gitlab-ce

Roundcube

Version available 1.3.6 supports PHP version >=5.4 <=7.3
/etc/apache2/sites-available/roundcube.conf
    <FilesMatch "\.php$">
        # force php 7.4
        SetHandler "proxy:unix:/run/php/php7.4-fpm.sock|fcgi://localhost"
        SSLOptions +StdEnvVars
    </FilesMatch>

Installation

Bash.svg
# ajouter un compte (-m: create the user's home directory)
sudo useradd -m -G users,sudo <username>

# changer le mot de passe d'un autre compte
sudo passwd <username>

# afficher la configuration courante (se reloguer pour voir les changements)
locale
# liste les locales disponibles
locale -a
# ajouter une locale (modifie le fichier /etc/locale.gen)
sudo locale-gen fr_CH.UTF-8
# définir une LANG (modifie la fichier /etc/default/locale)
update-locale LANG=fr_CH.UTF-8

# get current time zone
timedatectl status
# list all available time zone
timedatectl list-timezones
# set a timezone
sudo timedatectl set-timezone Europe/Paris

Errors

Blank man pages

Bash.svg
sudo apt install apparmor-utils 
sudo aa-disable /usr/bin/man