Random notes from installing Linux on it … it does just work – but ….
Continue reading “Intel NUC6i7KYK with Debian Jessie”
compiling a vanilla kernel to a .deb
As I keep losing this….
Creating a .deb kernel package from a vanilla kernel.org kernel :
- wget https://cdn.kernel.org/pub/linux/kernel/v4.x/linux-4.4.24.tar.xz
- tar -xf linux-4.4.24.tar.xz
- cd linux-4.4.24
- cp /boot/config-whatever .config
- Optionally: edit and set: CONFIG_DEBUG_INFO=n to stop the *dbg* package being generated
- make olddefconfig
- make deb-pkg -j6 LOCALVERSION=-dg1
dotdeb – apt package pinning
As of last night, Debian Security released PHP 5.4.44 for Wheezy. Wheezy shipped with PHP 5.4.12 or something like that.
DotDeb is currently on 5.4.43, and if you’ve been using it based on the assumption that it has a newer version of a package over Debian, then an upgrade will leave your PHP install in a mess (e.g. no php5-gearman or php5-imagick).
To fix this, the following in e.g. /etc/apt/preferences.d/dotdeb will help :
Package: * Pin: origin packages.dotdeb.org Pin-Priority: 1001
This should make apt choose dotdeb packages over Debian, even if Debian contains a newer version.
i.e. stop apt relying on just the package version number, and previously dotdeb always had a higher one.
varnish throttling
I came across the varnish throttle module the other day – which seems quite useful – and certainly gives better control over abusive requests than using fail2ban (in that, only specific URLs/request types can be targeted and blocked with the throttle module, while fail2ban tends to trigger the blocking of any traffic from a client which can be more painful).
Continue reading “varnish throttling”
MySQL Max_connections stuck on 214 ?
I found MySQL was being annoying earlier and not ‘accepting’ my max_connections = 450 directive on a Debian Wheezy install, and being seemingly stuck on having 214 connections….
More monitors.
I have an Intel NUC d54250wyk as my work computer (it’s a little dinky thing, which somehow manages to pack a reasonable punch).
On board it has a mini-hdmi port, and a mini-display port – which I used for a dual monitor configuration.
But two monitors is so last year …. and after 5+ years of having two monitors to stare at, I thought it was perhaps time to move up to 3 (or more).
Continue reading “More monitors.”
BTRFS gotchas… (balance / scrub / snapshots / quota)
I’ve been using BTRFS for a few weeks now, and some bits are great (filesystem snapshots, dynamic resizing etc).
The “Good” and “Bad” things follow:
Continue reading “BTRFS gotchas… (balance / scrub / snapshots / quota)”
Squid 3.4.x for with transparent ssl proxying/support for Debian Wheezy.
I needed a variant of Squid which supported transparent SSL interception (i.e via iptables redirection) so I could log outgoing HTTPS requests without the client being aware.
The stock wheezy variant doesn’t support SSL (see : Debian Bug Report).
Even after recompiling Wheezy’s squid3 it didn’t seem to work (perhaps my stupidity) so I ended up moving to the latest-and-greatest squid (3.4.9 at the time of writing) and getting that to work. Brief notes follow.
Continue reading “Squid 3.4.x for with transparent ssl proxying/support for Debian Wheezy.”
Postfix – connect from unknown[ip.address]
One server I poke around on, has a number of postfix instances
(see: postmulti).
Interestingly, one instance was logging things like :
Oct 26 22:02:05 mail postfix-blah/smtpd[59158]: connect from unknown[1.2.3.4] Oct 26 22:02:05 mail postfix-blah/smtpd[59158]: CA9292EE2C0: client=unknown[1.2.3.4]
Continue reading “Postfix – connect from unknown[ip.address]”
Debian http_proxy setting
Need to set a HTTP proxy within a Debian system ?
Assuming your proxy server is on 192.168.0.1 and listening on port 3128, then the below may help …
( If you need authentication you can use username:password@ like you would in an old style web browser – e.g. http://username:password@192.168.0.1:3128. )
/etc/profile.d/proxy.sh
Add /etc/profile.d/proxy.sh containing
export http_proxy=http://192.168.0.1:3128
/etc/apt/apt.conf.d/99HttpProxy
Add /etc/apt/apt.conf.d/99HttpProxy containing
Acquire::http::Proxy "http://192.168.0.1:3128";
/etc/wgetrc
Edit /etc/wgetrc and add
http_proxy = http://192.168.0.1:3128
(some system commands rely on wget, and may not otherwise use an environment variable, e.g. debootstrap; the http_proxy setting should be present by default but commented out).
(This is all, in a round about way, relayed to the http proxy security vulnerability announced in July 2016 – see httpoxy.org for more info)