uniq_

setup nginx tls reverse proxy on debian 8

It often makes sense to run a web-server behind a reverse proxy for various reasons. It often also makes sense to terminate TLS on the reverse proxy. So here's a minimal approach for doing this with nginx:

sudo apt-get install nginx-full

# generate strong diffie haleman paramters
# might take some time ...
sudo openssl dhparam -out /etc/ssl/dhparams.pem 4096
sudo chmod 600 /etc/ssl/dhparams.pem

cat << EOF | sudo bash -c 'cat >> /etc/nginx/sites-available/example.com.conf'

    server {
        listen 80;
        listen [::]:80;
        server_name example.com;
        rewrite ^ https://$server_name$request_uri? permanent;
    }

    server {
        listen 443 ssl;
        listen [::]:443 ssl;
        server_name example.com;

        # reverse proxy configuration
        location / {
            proxy_pass http://1.2.3.4;
        }

        # allow big uploads
        client_max_body_size 1024M;

        # ssl settings
        ssl_protocols TLSv1.1 TLSv1.2;
        ssl_certificate /etc/ssl/example.com_bundle.crt;
        ssl_certificate_key /etc/ssl/example.com.key;
        ssl_dhparam /etc/ssl/dhparams.pem;
        ssl_prefer_server_ciphers on;

        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
    }
EOF

sources:

install postgresql and add database on debian 8

Here's a little followup to my last post. On Debian postgresql defaults to using linux user accounts for access management. Here's how to add a new postregsql user:

sudo apt-get install postgresql postgresql-client

# if no postgress process is running now, this command can fix it
#pg_createcluster 9.4 main --start
# if this command fails with locale errors install all locales it demands
#dpkg-reconfigure locales

sudo adduser dbuser

sudo su -c 'createuser dbuser' postgres
sudo su -c 'createdb -O dbuser owncloud' postgres

sources:

encrypted partion on debian 8

Encrypting partitions is fun, but also a bit unintuitive.

# install dependencies
sudo apt-get install cryptsetup

# setup luks on desired partition
sudo cryptsetup -y -v luksFormat /dev/sdb1

# init mapper device (and persist this setting)
sudo cryptsetup luksOpen /dev/sdb1 sdb1_crypt
sudo sh -c 'echo "sdb1_crypt /dev/sdb1 none luks" >> /etc/crypttab'

# format block device
sudo mkfs.ext4 /dev/mapper/sdb1_crypt

# add device to fstab
sudo mkdir /mountpoint
sudo sh -c 'echo "/dev/mapper/sdb1_crypt /mountpoint ext4 defaults 0 1" >> /etc/fstab'

# mount
sudo mount /mountpoint

sources:

cron restart process if it died

I just put something like this in my crontab. It's quick and dirty, but it works.

*/1 * * * * [ -z "`ps -ef | grep -v grep | grep '<command>'`" ] && <command>

For those rare cases when writing a daemon just does not pay off.

screen capture on ubuntu 14.04 (trusty thar)

list your pulse devices:

pactl list

record with avconf (which is a weird version of ffmpeg):

avconv -video_size 1024x768 -framerate 20 -b $((10*1024))k -f x11grab -i $DISPLAY -f pulse -ac 2 -i "alsa_input.usb-0b0e_Jabra_SPEAK_510_USB_1C48F9E60C09020A00-00-USB.analog-mono" -threads 2 -vcodec libx264 -acodec mp3 -preset ultrafast output.mp4

install epson L355 scanner driver on debian

Short and painless:

wget https://download2.ebz.epson.net/iscan/general/deb/x64/iscan-bundle-1.0.0.x64.deb.tar.gz
tar -xf iscan-bundle-1.0.0.x64.deb.tar.gz
sudo bash iscan-bundle-1.0.0.x64.deb/install.sh

grep epkowa /etc/sane.d/dll.conf \
    || sudo bash -c 'echo epkowa >> /etc/sane.d/dll.conf'

# you printer is very like different form 192.168.123.4
# so adjust accordingly
grep 'net 192\.168\.123\.4' /etc/sane.d/epkowa.conf \
    || sudo bash -c "echo 'net 192.168.123.4' >> /etc/sane.d/epkowa.conf"

This of course is a security nightmare so don't forget to do this only in a VM or better yet on dedicated hardware with no sensitive data / network access.

resources:

eclipse search code

If it comes to IDEs Eclipse is a beast. Here are some shorts-cuts I use really a lot lately, they're for searching and navigating through code:

  • search for files: [Ctrl+Shift+r]
  • search for java methods: [Ctrl+Shift+m]
  • search for java classes: [Ctrl+Shift+t]