run lsusb and note the Bus and Device IDs for the External HDD (in this case)
Bus 001 Device 002: ID 1058:2621 Western Digital Technologies, Inc.
Create an xml file ExHDD.xml as follows :
<hostdev mode='subsystem' type='usb' managed='yes'>
<source>
<address bus='1' device='2'/>
</source>
</hostdev>
Next just run following command to attach the device :
virsh attach-device fs1 /root/ExHDD.xml
where fs1 is the QEMU guest
This is for NIC Email or services which are linked to Kavach. If you are connected using only IPv6 you will face this issue. Mostly for Jio Mobile network which sometimes uses only IPv6. The Kavach server running over IPv4 fails to detect clients location and fails.
Unless NIC uses IPv6 for Kavach this problem will remain (today is 03/Sep/2024).
check diskspace in /boot
if required remove old kernels to free space:
run "rpm -q kernel-core" then "dnf remove <name of the kernel>"
dnf upgrade –refresh
dnf install dnf-plugin-system-upgrade
dnf system-upgrade download --releasever=<ver>
Incase of broken dependancy try with
dnf system-upgrade download --releasever=<ver> –allowerasing
replace <var> with the version you want to upgrade to. Remember <ver> should not be more than 2 versions from current version.
I have tested above from 35 to 37 then 37 to 39 then 39 to 40.
There is no option in windows for adding a static route automatically through a VPN using GUI, but using powershell its working fine here is the command :
Add-VpnConnectionRoute VPN-Name Route-In-CIDR
To remove the route
Remove-VpnConnectionRoute VPN-Name Route-In-CIDR
For Example
Add-VpnConnectionRoute "IKEv2 VPN NML" "192.168.1.0/24"Whenever I connect to NML VPN I get all traffic 192.168.1.0/24 directed to NML Network. Be careful your home network is other than 192.168.1.0/24
Decided to create ipset stophack and add all access to ports 23, 22, 3306, 110, 143, 25 of ip <myserverip>
firewall-cmd –zone=external –add-rich-rule=’rule source ipset=stophack drop’
firewall-cmd –permanent –get-ipsets
firewall-cmd –permanent –new-ipset=stophack –type=hash:net
firewall-cmd –permanent –ipset=stophack –add-entries-from-file=stophack.txt
firewall-cmd –permanent –ipset=stophack –get-entries
firewall-cmd –permanent –ipset=stophack –add-entry=120.224.174.135
cat bdknock.xml
<?xml version="1.0" encoding="utf-8"?>
<service>
<port port="12345" protocol="tcp"/>
<port port="2345" protocol="udp"/>
<port port="345" protocol="udp"/>
<port port="54321" protocol="tcp"/>
</service>
After Fedora upgrade to 35 from 33 faced issue under OwnCloud
Can not run OC 10.xxx under php 8.0.xx
Resolved the issue with following steps
Following was already there under /etc/httpd/conf.d/owncloud.conf
# Enable http authorization headers
SetEnvIfNoCase ^Authorization$ “(.+)” HTTP_AUTHORIZATION=$1
<FilesMatch \.(php|phar)$>
SetHandler "proxy:unix:/var/opt/remi/php74/run/php-fpm/www.sock|fcgi://localhost"
</FilesMatch>while doing console upgrade using
occ upgrade
problem arises as default php was 8.0
First renamed /usr/bin/php to /usr/bin/php80
then run following command
update-alternatives –install /usr/bin/php php /opt/remi/php74/root/usr/bin/php 74
next occ update was successful
A separate VLAN created for the printer(say PVLAN). All PCs are in default VLAN.
A router (R1) is connected to both default VLAN and PVLAN. A static route is configured in R1 for the printers IP Address (IP1) via PVLAN interface. Appropriate firewall rules configured in R1 to forward packets only from defined/allowed source IPs to the printer.
Printer is assigned an static IP (IP1) from same pool as the PCs and default route is R1.
DHCP is configured to push a static route to client PCs which are allowed. The static route defined R1 for IPs assigned to printers.
Now any access to the printer is goes through the router/firewall, where you can configured which system you want to allow printer access.
PC <->DefaultVLAN<-> Router<->PRN VLAN<->Printer
First installed podman-compose then created docker file with name docker-compose.yml :
version: '3.1'
services:
wordpress:
image: wordpress1
restart: always
ports:
- 8080:80
environment:
WORDPRESS_DB_HOST: db
WORDPRESS_DB_USER: mydbuser
WORDPRESS_DB_PASSWORD: mydbpassword
WORDPRESS_DB_NAME: mydb
volumes:
- wordpress:/var/www/html
- logs:/var/log/apache2
db:
image: wordpress1db
restart: always
environment:
MYSQL_DATABASE: mydb
MYSQL_USER: mydbuser
MYSQL_PASSWORD: mydbpassword
MYSQL_RANDOM_ROOT_PASSWORD: '1'
volumes:
- db:/var/lib/mysql
volumes:
wordpress:
db:
logs:
now run :
podman-compose up -dIt will create containers and run webserver at 8080 port.
to stop and remove the containers run
podman-compose downThe docker file will create containers for webserver from image wordpress1 and container for database server from image wordpress1db, please check and update image name incase of any problem. Also you can commit after any change to webserver / mysql configuration to create another image locally.
The running containers will share storage outside the docker for mysql database files(/var/lib/mysql) in named space db and website (/var/www/html) at named space wordpress. These named spaces can be looked by running:
# podman volume ls
DRIVER VOLUME NAME
local fcab36796140245f735851f808b193c38e4771143db12ead1c59ce2b5fa3177e
local WordPress_db
local WordPress_logs
local WordPress_wordpress
now run following to find out the actual location of the volumes
# podman volume inspect WordPress_db WordPress_wordpress
[
{
"Name": "WordPress_db",
"Driver": "local",
"Mountpoint": "/var/lib/containers/storage/volumes/WordPress_db/_data",
"CreatedAt": "2022-01-31T18:54:23.157971622+05:30",
"Labels": {
"io.podman.compose.project": "WordPress"
},
"Scope": "local",
"Options": {}
},
{
"Name": "WordPress_wordpress",
"Driver": "local",
"Mountpoint": "/var/lib/containers/storage/volumes/WordPress_wordpress/_data",
"CreatedAt": "2022-01-31T18:54:19.661705064+05:30",
"Labels": {
"io.podman.compose.project": "WordPress"
},
"Scope": "local",
"Options": {}
}
]
You can add/modify webserver files located at /var/lib/containers/storage/volumes/WordPress_wordpress/_data
To login to any of the containers above first findout the names of containers by running
]# podman container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4f7976ee3529 k8s.gcr.io/pause:3.5 4 hours ago Up 4 hours ago 0.0.0.0:8080->80/tcp bca02e003722-infra
171df0e7c268 localhost/wp1:latest apache2-foregroun... 4 hours ago Up 4 hours ago 0.0.0.0:8080->80/tcp WordPress_wordpress_1
70c70112d52b localhost/wp1db:latest mysqld 4 hours ago Up 4 hours ago 0.0.0.0:8080->80/tcp WordPress_db_1
the last word in each line is the name i.e. WordPress_wordpress_1 and WordPress_db_1 are the container names. Now to login to wordpress (webserver) type the following
# podman exec -ti WordPress_wordpress_1 /bin/bash
root@171df0e7c268:/var/www/html#similarly for the db server type:
podman exec -ti WordPress_db_1 /bin/bash
root@70c70112d52b:/#Generated dhparams.pem for haproxy moved to its directory linked it in the haproxy.cfg file
Kept most global options in the cfg file. Add lines for frontend and backend.
frontend default
bind :80
http-request redirect scheme https unless { ssl_fc }
use_backend % [req.hdr(host),lower,map_dom(/etc/haproxy/maps/hosts.map,be_default)]
default_backend acer2
create hosts.map file for each and every host, each line must have host name and backend name like
acer2.nmlindia.org acer2
for each altername port create a frontend like above just replace :80 with say :8080 and provide another map file for hosts handing this port
backend acer2
mode http
http-request redirect scheme https unless { ssl_fc }
server acer2 acer2.nmlindia.org:8888 check
the line
http-request redirect scheme https unless { ssl_fc }
controls the reirection in case the traffic is SSL
if nonSSL site comment out in both default block and backend block
the port 8888 indicates the port where the website is running
frontend https
bind *:443 ssl crt-list /etc/haproxy/ssl/private/crt-list.txt # crt /etc/haproxy/ssl/bdpc-ssl.pem
mode tcp
tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }
use_backend acer2 if { ssl_fc_sni acer2.nmlindia.org }
Provide certificate path and mode should be tcp for SSL port