Category Archives: Linux

tar

Cheat Sheet, Linux

Backup

See Ubuntu Help for details.

# Full root file system backup
tar -cvpzf backup.tar.gz --exclude=/backup.tar.gz --one-file-system /

# Backup remote file system (SSH)
ssh root@srv.local -p 22 "tar -cvpz --one-file-system /" > srv-backup.tar.gz

# Restore
tar -xvpzf /path/to/backup.tar.gz -C /media/whatever --numeric-owner

Other useful commands

# Remove compression from tar.gz
gzip -dk archive.tar.gz

# Compress directory
tar -zcvf myfolder.tar.gz myfolder

# Read gzipped log
zcat error.log.2.gz

Nginx

Linux, NGINX

Configuration

# HTTP to HTTPS
if ($scheme = http) {
    return 301 https://$host$request_uri;
}

# Proxy
location / {
    include /etc/nginx/proxy_params;
    proxy_pass http://127.0.0.1:5000/;
}

# Custom robots.txt
location = /robots.txt {
    add_header Content-Type text/plain;
    return 200 "User-agent: *\nDisallow: /\n";
}

# Activate HTTP2 (1.9.5+)
listen 443 ssl http2;

Rate limiting

# Use $http_cf_connecting_ip instead of $binary_remote_addr when behind Cloudflare
limit_req_zone $http_cf_connecting_ip zone=php_limit:10m rate=10r/s;
limit_req_log_level warn;

location ~ \.php$ {
    limit_req zone=php_limit burst=50;
}

# Test using bash
for i in $(seq 1 30); do curl -I -s "https://[HOST]/" | head -n 1; done

Real IP

To get current IPv4 Cloudflare ranges see the official list.

# Get Real IP from Cloudflare
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 104.16.0.0/13;
set_real_ip_from 104.24.0.0/14;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 2400:cb00::/32;
set_real_ip_from 2606:4700::/32;
set_real_ip_from 2803:f800::/32;
set_real_ip_from 2405:b500::/32;
set_real_ip_from 2405:8100::/32;
set_real_ip_from 2a06:98c0::/29;
set_real_ip_from 2c0f:f248::/32;
real_ip_header CF-Connecting-IP;

AutoMySQLBackup

Cheat Sheet, Linux

Configuration

```
# Set rotation of daily backups. VALUE*24hours
# If you want to keep only today's backups, you could choose 1, i.e. everything older than 24hours will be removed.
CONFIG_rotation_daily=6

# Set rotation for weekly backups. VALUE*24hours
CONFIG_rotation_weekly=30

# Set rotation for monthly backups. VALUE*24hours
CONFIG_rotation_monthly=90
```

Systemd configuration for Bitwarden

Bitwarden, Linux

If you run Bitwarden eg. in Proxmox LXC you need to make sure Bitwarden start automatically. Create a configuration file in /etc/systemd/system/bitwarden.service with the following contents.

[Unit]
Description=Bitwarden
Requires=docker.service
After=docker.service

[Service]
User=bitwarden
Restart=on-failure
ExecStart=/opt/bitwarden/bitwarden.sh start
ExecStop=/opt/bitwarden/bitwarden.sh stop

# Script starts docker images and ends
Type=oneshot
RemainAfterExit=true

[Install]
WantedBy=default.target

Enable it, start it and check the logs.

systemctl daemon-reload
systemctl enable bitwarden
systemctl start bitwarden
journalctl -f -u bitwarden

Download Gravatar image from CLI

Gravatar, Linux

First you need to compute hash of your e-mail.

echo -n "john.doe@example.com" | sha256sum

Than you can download it using curl. Replace HASH with the output from the previous command.

curl -fL "https://www.gravatar.com/avatar/HASH?s=500&d=404" -o avatar.jpg

Parameters

  • s=500 (Gravatar supports 1–2048px size)
  • d=404 (If there is no image return HTTP 404)
  • r=pg|r|x (To change rating)

See more information on Gravatar docs.