Sometimes you just want to query a remote ntp server (and maybe see the difference between the two clocks). In this case you can use the tool sntp. From the sntp man page: The default is to write the estimated correct local date and time (i.e. not UTC) to the standard output…. use something like: $ sntp at.pool.ntp.org 2018-04-19 11:36:26.538479 (-0100) -0.004752 +/- 0.023788 at.pool.ntp.org 86.59.28.10 s2 no-leap

How to disable persistent network interface names in Debian 9 (Stretch) edit /etc/default/grub and change the following line GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0" afterwards run update-grub

The traditional way for creating a linux swapfile would be using dd to create an empty file e.g. dd if=/dev/zero of=/swapfile1 bs=1M count=2048 A faster way is to use “fallocate” e.g. (( http://www.cyberciti.biz/faq/ubuntu-linux-create-add-swap-file/ )) fallocate -l 2G /swapfile1 Don’t forget the usually procedure for swapfiles: chmod 0600 /swapfile1 chown root:root /swapfile1 mkswap /swapfile1 swapon /swapfile1 # edit /etc/fstab to add the swapfile during boot

Since our beloved OpenVZ virutalisation technology is not moving in a direction we are comfortable with, we are currently evaluation several virtualisation technologies. One the the possible options is KVM. This is not a full tutorial about KVM, there are many good tutorials already, e.g. ((https://www.lisenet.com/2016/getting-started-with-kvm-on-debian-jessie/)) or ((http://linuxnewbieguide.org/?p=1993)) or ((http://xmodulo.com/use-kvm-command-line-debian-ubuntu.html)) or ((http://wiki.libvirt.org/page/UbuntuKVMWalkthrough)) or ((http://www.cyberciti.biz/faq/how-to-install-kvm-on-ubuntu-linux-14-04/)), this is just a collection of some notes which I collected during the evaluation. General Documentation RedHat has some good KVM virtualisation documentation available at: https://access.

Sometimes it’s necessary to run a complex command on a remote server witch also includes some “backticks”. Usually these commands are interpreted by the local shell so you need to use a little trick to force execution on the remote server: ssh this.is.my.beautiful.server '( echo `echo "This Command is run on the remote server" ` )' You need to use single quotes combined with brackets to use the backtick on the remote server.

This is an update to the checklist to create a prefect mailout server: Original Checklist Setup DMARC DNS Record to receive mail delivery reports https://www.unlocktheinbox.com/dmarcwizard/ btw: I Just started adding all those settings to my own domain too. Google DKIM signing is still waiting for DNS propagation.

We are currently trying out the cloudflare service to protect one of our company service. In front of this service we are using haproxy as SSL endpoint and loadbalancer. Cloudflare adds a number of custom headers((http://www.linuxorz.com/2014/10/cloudflare-haproxy-get-real-ip/)): _SERVER["HTTP_CF_IPCOUNTRY"] CN _SERVER["HTTP_CF_RAY"] 17da8155355b0520-SEA _SERVER["HTTP_CF_VISITOR"] {"scheme":"http"} _SERVER["HTTP_CF_CONNECTING_IP"] XX.YY.ZZ.00 In order to extract the original client IP in the X_FORWARDD_FOR header, you need to use the following configuration((http://permalink.gmane.org/gmane.comp.web.haproxy/12019)) in haproxy: acl FROM_CLOUDFLARE src -f /etc/haproxy/cf-ips-v4 reqidel ^X-Forwarded-For:.

If you come across the situation, that your java programs are not able to connect to ssl encrypted services, it might be most likely that the java cacerts keystore is empty or not uptodate. This might also be due to a bug in the java (or ca-certificate-java) package ((https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/1396760)). In order to fix the issue, you can run: sudo /var/lib/dpkg/info/ca-certificates-java.postinst configure

Update: 2014/01/17: Again a few weeks have past without finishing the article. So I’m going to publish it anyway even it it is unfinished work yet. I also disabled OCSP Stapling again. I’m using StartSSL and I’ve had some issues with their OCSP website. Also the nginx implementation is still not “mature” (see: http://nginx.org/patches/attic/ocsp-stapling/README.txt). There are some limitations for less used sites e.g. the OCSP stapling information is stored for each worker.