Liens
Commandes
|
# mise à jour
adg
sudo apt update && sudo apt upgrade
# reboot
reboot
# shutdown
poweroff
|
Astuces
|
|
# cp is by default an alias to cp -i
# to use cp only:
\cp
# get OS version, kernel version, architecture, hostname
hostnamectl
# create a daemon user
sudo useradd -r -s /usr/sbin/nologin -N -g nogroup <user>
|
Claim space
|
|
journalctl --disk-usage
sudo journalctl --vacuum-time=30d
sudo apt autoremove
sudo du -sh /var/cache/apt
sudo apt autoclean
|
- Dossier de déploiement des web sites /var/www/html
- Dossier des configurations des web sites /etc/apache2/sites-available
|
|
# service apache
systemctl restart apache2
|
 |
Utiliseur Apache: www-data |
|
|
sudo add-apt-repository ppa:ondrej/php
sudo add-apt-repository ppa:ondrej/apache2
# sudo add-apt-repository ppa:ondrej/nginx-mainline
sudo apt update && sudo apt upgrade
|
 |
L'utilisateur root utilise par défaut l'authentification unix_socket.
Il faut donc utiliser sudo pour se connecter avec root et non pas le mdp. |
|
|
sudo apt install mariadb-server
# connexion avec root après l'installation
sudo mysql
# status
systemctl status mysql
|
|
|
sudo apt-get install software-properties-common
sudo apt-key adv --fetch-keys 'https://mariadb.org/mariadb_release_signing_key.asc'
# pub rsa4096 2016-03-30 [SC]
# 177F 4010 FE56 CA33 3630 0305 F165 6F24 C74C D1D8
# uid [ unknown] MariaDB Signing Key <signing-key@mariadb.org>
# sub rsa4096 2016-03-30 [E]
sudo add-apt-repository 'deb [arch=amd64,arm64,ppc64el] http://mariadb.mirrors.ovh.net/MariaDB/repo/10.6/ubuntu bionic main'
# /etc/apt/sources.list
# deb [arch=amd64,ppc64el,arm64] http://mariadb.mirrors.ovh.net/MariaDB/repo/10.6/ubuntu bionic main
# # deb-src [arch=amd64,ppc64el,arm64] http://mariadb.mirrors.ovh.net/MariaDB/repo/10.6/ubuntu bionic main
|
|
|
sudo apt install phpmyadmin
# coller dans ncurse: Shift + Insert
# login: phpmyadmin
# url: http://myserver/phpmyadmin
|
|
# accorder tous les privilèges au compte phpmyadmin
GRANT ALL ON *.* TO 'phpmyadmin'@'localhost' WITH GRANT OPTION;
FLUSH PRIVILEGES;
|
Upgrade
|
|
# disable the website
sudo a2dissite mediawiki.conf
sc-reload apache2
wget https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.6.tar.gz
tar xf mediawiki-*.tar.gz
cd /var/www
# backup the previous version
sudo mv mediawiki mediawiki.bak
sudo mv -T ~/downloads/mediawiki-* mediawiki
sudo chown -R root:root mediawiki
sudo chown -R www-data:www-data mediawiki/cache
sudo chown -R www-data:www-data mediawiki/images
# copy the LocalSettings
cp mediawiki.bak/LocalSettings.php mediawiki
# re-enable the website
sudo a2ensite mediawiki.conf
sc-reload apache2
# delete unused folder
sudo rm -rf mediawiki.bak
|
Install
|
|
wget https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.6.tar.gz
tar xf mediawiki-*.tar.gz
sudo mv -T mediawiki-* /var/www/mediawiki
|
|
|
# peut-être pas nécessaire car fait lors de la configuration
CREATE USER 'my_user'@'localhost' IDENTIFIED BY 'password';
CREATE DATABASE my_wiki;
USE my_wiki;
GRANT ALL ON my_wiki.* TO 'my_user'@'localhost';
|
SSH
openssh est déjà installé et démarré.
|
|
# sshfs
sudo apt install sshfs
|
OpenVPN
CA certificate
|
Avec Ubuntu les serveurs CA et VPN sont sur la même machine. |
| ~/openvpn-ca/vars
|
export KEY_COUNTRY="FR"
export KEY_PROVINCE="Paris"
export KEY_CITY="Paris"
export KEY_ORG="MyOrg"
export KEY_EMAIL="admin@domain.fr"
export KEY_OU="MyUnit"
# X509 Subject Field
export KEY_NAME="myservername"
|
|
|
# copie le contenu du dossier /usr/share/easy-rsa
make-cadir ~/openvpn-ca
cd ~/openvpn-ca
# load variables
source ./vars
./clean-all
# create CA files (keys/ca.crt, keys/ca.key)
./build-ca
|
Server certificate
|
|
# le fichier openssl.cnf n'existe plus. Il s’appelle openssl-1.0.0.cnf. Il faut donc le lier
ln -s openssl-1.0.0.cnf openssl.cnf
# create missing .rnd file
dd if=/dev/urandom of=$HOME/.rnd bs=256 count=1
# generate a certificate and private key for the server
./build-key-server myservername
# les fichiers suivants sont créés dans le dossier keys
# 01.pem index.txt index.txt.attr myservername.crt myservername.csr myservername.key serial
# generate Diffie Hellman parameters
./build-dh
# generate an HMAC signature
openvpn --genkey --secret keys/ta.key
# copy certificates and keys
cd keys/
cp ca.crt myservername.crt myservername.key ta.key dh2048.pem /etc/openvpn/server
|
Client certificate
|
|
# load variables
source ./vars
./build-key --pass [client-name]
# --pass: Build password-protected key
# --pkcs12: Build key in PKCS#12 format (*.p12 protected with password)
# les fichiers suivants sont créés dans le dossier keys
# 02.pem index.txt index.txt.attr client-name.crt client-name.csr client-name.key serial
# revoke certificate
./revoke-full [client-name]
|
|
Le fichier keys/index.txt contient la liste des certificats valides et révoqués. |
|
|
# copier le fichier de configuration d'exemple
sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/server
sudo gzip -d /etc/openvpn/server/server.conf.gz
|
| /etc/openvpn/server/server.conf
|
ca ca.crt
cert [server-name].crt
key [server-name].key
dh dh2048.pem
tls-auth ta.key 0
|
|
|
# start openvpn with server-name configuration
sc-start openvpn-server@[server-name]
|
IP forward
| /etc/sysctl.conf
|
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
|
|
|
# reload sysctl
sudo sysctl -p /etc/sysctl.conf
# restart the procps service
sudo /etc/init.d/procps restart
|
|
|
sudo ufw allow 1194/udp comment 'OpenVPN udp port 1194'
|
| /etc/default/ufw
|
DEFAULT_FORWARD_POLICY="ACCEPT"
|
| /etc/ufw/before.rules
|
# ufw-before-forward
#
# START OPENVPN RULES
# NAT table rules
*nat
:POSTROUTING ACCEPT [0:0]
# Allow traffic from OpenVPN client to eth0
-A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
COMMIT
# END OPENVPN RULES
# Don't delete these required lines, otherwise there will be errors
*filter
|
|
|
apt install zsh zsh-syntax-highlighting
# zsh install zsh-common
# install oh-my-zsh et change de shell
sh -c "$(wget https://raw.githubusercontent.com/robbyrussell/oh-my-zsh/master/tools/install.sh -O -)"
|
| ~/.zshrc
|
# plugins
plugins=(common-aliases debian extract git sudo systemd wd)
# don't store in history commands prefixed with a space (test with: history | tail)
setopt HIST_IGNORE_SPACE
# zsh-syntax-highlighting, doit être sourcé en dernier
source /usr/share/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh
|
|
|
# vérifier que le packet est installé
dpkg -l "network-manager"
# vérifier que le service fonctionne
sc-status NetworkManager
# lister les connections
nmcli c show
# afficher les détails d'une connection
nmcli c show <NAME>
|
| /etc/netplan/01-netcfg.yaml
|
network:
version: 2
renderer: NetworkManager
ethernets:
eth0:
addresses: [192.168.0.x/24]
gateway4: 192.168.0.y
nameservers:
addresses: [192.168.0.x, 192.168.0.y]
|
|
Renderers: NetworkManager networkd |
|
|
# tester la syntaxe (possibilité de revert)
sudo netplan try
sudo netplan generate
sudo netplan apply
# --debug if you run into some issues
# créé le fichier /run/systemd/network/10-netplan-eth0.network
# vérifier la configuration en cour
netplan ip leases [interface]
|
|
|
sudo apt install python3-pip
# install without sudo
pip install [package]
# installed in ~/.local/bin
|
| .zshenv
|
export PATH=$PATH:"$HOME/.local/bin"
|
Install useful bash tools with cargo
|
|
# dust
cargo install du-dust
# rg
cargo install ripgrep
# bat
cargo install bat
# also installable with the deb package https://github.com/sharkdp/bat/releases
# list packages installed with cargo
cargo install --list
# binaries are installed in ~/.cargo/bin
|
| ~/.zshenv
|
export PATH=$PATH:"$HOME/.cargo/bin"
|
Service web équivalent à top. Service accessible via host:61208
|
|
apt install glances
# démarrer le service web
glances -w
|
| /etc/apache2/sites-available/000-default.conf
|
# redirect host:80/glances to host:61208
RewriteEngine on
RewriteCond %{HTTP_REFERER} ^https?://[^/]+/glances
RewriteCond %{REQUEST_URI} !^/glances
RewriteCond %{THE_REQUEST} ^GET
RewriteRule ^/(.*) /glances/$1 [QSA,R]
ProxyPass /glances/ http://localhost:61208/
ProxyPassReverse /glances/ http://localhost:61208/
Redirect permanent /glances http://n2/glances/
|
| /etc/systemd/system/glances-web-ui.service
|
[Unit]
Description=Glances Web UI
After=network.target
[Service]
ExecStart=/usr/bin/glances -w
Restart=on-abort
[Install]
WantedBy=multi-user.target
|
|
|
sudo apt install transmission-daemon
# transmission-cli transmission-common
sc-status transmission-daemon
|
| /etc/transmission-daemon/settings.json
|
{
"rpc-port": 9091,
"rpc-whitelist": "127.0.0.1,192.168.x.x",
"peer-port": 51413,
}
|
|
|
sudo apt install amule-daemon
sc-status amule-daemon
# create an amule user
useradd -r -d /var/lib/amule-daemon -s /usr/sbin/nologin amule
# generate md5 hash from password
echo -n password | md5sum | cut -d ' ' -f1
|
| /etc/default/amule-daemon
|
# The init.d script will only run if this variable non-empty.
AMULED_USER="amule"
# You can set this variable to make the daemon use an alternative HOME.
# The daemon will use $AMULED_HOME/.aMule as the directory, so if you
# want to have $AMULED_HOME the real root (with an Incoming and Temp
# directories), you can do `ln -s . $AMULED_HOME/.aMule`.
AMULED_HOME="/var/lib/amule-daemon"
|
| /var/lib/amule-daemon/.aMule/amule.conf
|
Port=4662
UDPPort=4672
TempDir=/var/lib/amule-daemon/.aMule/Temp
IncomingDir=/var/lib/amule-daemon/.aMule/Incoming
[ExternalConnect]
ECPort=4712
ECPassword=ef7628c92bff39c0b3532d36a617cf09
|
|
|
# install
sudo apt install minidlna
|
.NET Core
|
ARM64 support requires Linux kernel 4.14 or higher. |
Installation
|
|
# download the archive
wget https://download.visualstudio.microsoft.com/download/.../aspnetcore-runtime-x-linux-arm64.tar.gz
# create the dotnet folder
mkdir dotnet
# extract the archive in the dotnet folder
tar zxf aspnetcore-runtime-x-linux-arm64.tar.gz -C dotnet
sudo mv dotnet /usr/share
sudo chown root:root -R /usr/share/dotnet
export DOTNET_ROOT=/usr/share/dotnet
export PATH=$PATH:/usr/share/dotnet
# test
dotnet --info
# sdk
wget https://download.visualstudio.microsoft.com/download/.../dotnet-sdk-x-linux-arm64.tar.gz
tar xzf dotnet-sdk-x-linux-arm64.tar.gz
|
| ~/.zshenv
|
# .NET Core
export DOTNET_ROOT="/usr/share/dotnet"
export PATH=$PATH:"/usr/share/dotnet"
|
Console
|
|
# create the project
dotnet new console -o dotnet-console
# build the project
cd dotnet-console
dotnet build
# run the binary
bin/Debug/netcoreapp3.1/dotnet-console
|
ASP.NET Core with React.js and Redux
|
|
# create the project
dotnet new reactredux -o dotnet-reactredux
# install node.js and npm
sudo apt install nodejs npm
# build the project
cd dotnet-reactredux
dotnet build
# start the server
dotnet run
|
|
SQL Server is not supported on ARM architecture. |
Gitweb
|
|
sudo apt install gitweb
# /etc/apache2/conf-available/gitweb.conf
# /etc/gitweb.conf
# /usr/lib/cgi-bin/gitweb.cgi -> ../../share/gitweb/gitweb.cgi (installed by git)
# enable cgid module if not already done
sudo apachectl -M | grep cgi
# cgid_module (shared)
sudo a2enmod cgid
|
Use gitolite repositories
| /etc/gitweb.conf
|
$projectroot = "/var/lib/gitolite3/repositories";
|
|
|
# only user gitolite3 can access to /var/lib/gitolite3/repositories
# and gitweb runs under the www-data user
# here is a way to give access at user www-data to /var/lib/gitolite3/repositories
sudo setfacl -RPm u:www-data:rX /var/lib/gitolite3/repositories
|
|
|
# before install copy your local ssh public key to the server (~/.ssh/id_rsa.pub → /tmp/<user>.pub)
sudo apt install gitolite3
# during installation a ssh public key is asked to allow the administrator to login, select the ssh public key you copied to the server
# installation creates the user gitolite3 and its home directory /var/lib/gitolite3
# test if it worked
ssh gitolite3@<server> info
# hello admin, this is gitolite3@<server> running gitolite3 3.6.7-2 (Debian) on git 2.17.1
# clone the admin repository
git clone gitolite3@<server>:gitolite-admin
# create a new repo
# clone gitolite-admin repo, edit gitolite.conf to add the repo, commit the change
# add the newly created remote repository to your already existing local git repo
git remote add origin gitolite3@<server>:<project>
# push and set the remote as upstream
git push --set-upstream origin master
|
| conf/gitolite.conf
|
# add new repo
repo new_repo
RW+ = @all
|
|
Commit and push to apply changes. |
|
Not supported on ARM architecture |
|
|
# install and configure the necessary dependencies
sudo apt install curl openssh-server ca-certificates postfix
# add the GitLab package repository (package source /etc/apt/sources.list.d/ and GPG keys)
curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh | sudo bash
# installation
sudo EXTERNAL_URL="https://gitlab.example.com" apt-get install gitlab-ce
|
Installation
|
|
# ajouter un compte (-m: create the user's home directory)
sudo useradd -m -G users,sudo <username>
# changer le mot de passe d'un autre compte
sudo passwd <username>
# afficher la configuration courante (se reloguer pour voir les changements)
locale
# liste les locales disponibles
locale -a
# ajouter une locale (modifie le fichier /etc/locale.gen)
sudo locale-gen fr_CH.UTF-8
# définir une LANG (modifie la fichier /etc/default/locale)
update-locale LANG=fr_CH.UTF-8
# get current time zone
timedatectl status
# list all available time zone
timedatectl list-timezones
# set a timezone
sudo timedatectl set-timezone Europe/Paris
|
Errors
|
|
sudo apt install apparmor-utils
sudo aa-disable /usr/bin/man
|
