Upgrade MariaDB 10.1 to MariaDB 10.2

Shutdown current MariaDB server

mysql -u root -p {-h remote.db.server}

For safety, backup current database files

rsync -aP /var/lib/mysql /path/to/backup/
rsync -aP /etc/mysql /path/to/backup/mysql-config

Uninstall MariaDB 10.1

apt-get remove mariadb-server

Add or replace MariaDB 10.1 with MariaDB 10.2 repositories
You can find suitable server in https://downloads.mariadb.org/mariadb/repositories
My case use server in Thailand.

# MariaDB 10.2 repository list - created 2017-08-28 07:37 UTC
# http://downloads.mariadb.org/mariadb/repositories/
deb [arch=amd64,i386] http://mirrors.bestthaihost.com/mariadb/repo/10.2/ubuntu xenial main
deb-src http://mirrors.bestthaihost.com/mariadb/repo/10.2/ubuntu xenial main

Install MariaDB 10.2

apt-get update
apt-get install mariadb-server

Run upgrade database command


Stop service and edit your MariaDB server with your config

# systemd
systemctl stop mariadb
# upstart
service mysql stop
# edit config file in /etc/mysql with your config

Restart MariaDB Server

# systemd
systemctl restartmariadb
# upstart
service mysql restart

Mirror http(s) (s)ftp(s) with lftp

Install lftp

#!/usr/bin/env bash
apt update && apt -y full-upgrade
apt -y install lftp
exit 0

Mirror from remote to local

lftp http://mirror.remote.site/src-path -e "mirror -e -c -P=4 . /local/target-path; bye"


lftp remote_url/path -e [command]

mirror [option] source target

-e delete different files

-c continue transfer

-P=[number] number of parallel connections

SoftEther VPN ubuntu server

Update server and install essential package

sudo apt-get update && sudo apt-get -y upgrade
sudo apt-get -y install build-essential wget curl

Install SoftEther RTM from source as systemd daemon

#!/usr/bin/env bash
RTM=$(curl http://www.softether-download.com/files/softether/ | grep -o 'v[^"]*e' | grep rtm | tail -1)
IFS='-' read -r -a RTMS <<< "${RTM}"

mkdir -p /tmp/softether
cd /tmp/softether || exit 1

wget "http://www.softether-download.com/files/softether/${RTMS[0]}-${RTMS[1]}-${RTMS[2]}-${RTMS[3]}-${RTMS[4]}/Linux/SoftEther_VPN_Server/64bit_-_Intel_x64_or_AMD64/softether-vpnserver-${RTMS[0]}-${RTMS[1]}-${RTMS[2]}-${RTMS[3]}-linux-x64-64bit.tar.gz"

tar xzf "softether-vpnserver-${RTMS[0]}-${RTMS[1]}-${RTMS[2]}-${RTMS[3]}-linux-x64-64bit.tar.gz"

cd vpnserver
sudo make

cd ..
sudo mv vpnserver /usr/local/

sudo chmod 0600 /usr/local/vpnserver/*
sudo chmod +x /usr/local/vpnserver/vpnserver
sudo chmod +x /usr/local/vpnserver/vpncmd

cat <<EOF >>/lib/systemd/system/vpnserver.service
Description=SoftEther VPN Server

ExecStart=/usr/local/vpnserver/vpnserver start
ExecStop=/usr/local/vpnserver/vpnserver stop


systemctl enable vpnserver.service
systemctl restart vpnserver.service

exit 0

Init first config

cd /usr/local/vpnserver/
sudo ./vpncmd



Installer script

Freeradius with Zimbra LDAP

Get zimbra LDAP url and password

zmlocalconfig -s ldap_master_url zimbra_ldap_password

Edit /etc/freeradius/modules/ldap

ldap {
        server = "ldap_master_url"
        identity = "uid=zimbra,cn=admins,cn=zimbra"
        password = "zimbra_ldap_password"
        basedn = "ou=people,dc=yourHost,dc=yourDomain"
        filter = "(mail=%{mschap:User-Name:-%{User-Name}}@*)"
        base_filter = "(objectClass=organizationalPerson)"

Edit /etc/freeradius/sites-available/default

authorize {

authenticate {
        Auth-Type LDAP {

Edit /etc/freeradius/modules/mschap

mschap {
        use_mppe = yes
        require_encryption = yes
        require_strong = yes
        with_ntdomain_hack = yes
        ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} --challenge=%{%{mschap:Challenge}:-00} --nt-response=%{%{mschap:NT-Response}:-00}"

Edit /etc/freeradius/eap.conf

eap {
    default_eap_type = ttls
    gtc {
        auth_type = PAP
    ttls {
        default_eap_type = gtc
    peap {
        default_eap_type = gtc

Edit /etc/freeradius/clients.conf

#client IPv4/CIDR4 {
#        secret = "[email protected]"
#        shortname = ipv4-clients
#client IPv6/CIDR6 {
#       secret = "[email protected]"
#       shortname = ipv6-clients
client {
        secret = "[email protected]"
        shortname = ipv4-clients
client ::/0 {
       secret = "[email protected]"
       shortname = ipv6-clients

Restart freeradius service

systemctl restart radiusd

Enable IPv4 and IPv6 on Zimbra Collaboration

Work around nginx proxy IPv6 fix

sed -i 's| ipv6only=off||g' /opt/zimbra/conf/nginx/templates/nginx.conf.*

Get current settings

su zimbra
zmprov gs `zmhostname` | grep -i ipmode

Get public IP

# IPv6
curl http://v6.ipv6-test.com/api/myip.php
# IPv4
curl http://v4.ipv6-test.com/api/myip.php

Enable IPv4 and IPv6

zmprov ms `zmhostname` zimbraIPMode both
zmprov ms `zmhostname` " [::1]/128 IPv4/32 [IPv6]/128"
zmcontrol restart


HPKP with letsencrypt and nginx

Get SPKI-hash

Let’s Encrypt Authority X4

curl https://letsencrypt.org/certs/lets-encrypt-x4-cross-signed.pem | openssl x509 -pubkey | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | base64

Let’s Encrypt Authority X3

curl https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem | openssl x509 -pubkey | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | base64

ISRG Root X1

curl https://letsencrypt.org/certs/isrgrootx1.pem | openssl x509 -pubkey | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | base64

Add config to nginx

add_header Public-Key-Pins 'pin-sha256="X4-Hash"; pin-sha256="X3-Hash"; pin-sha256="X1-Hash"; max-age=15768000;';

Reload nginx

nginx -s reload


Minecraft server on ubuntu

Update OS & package

sudo apt update && sudo apt -y full-upgrade

Install JAVA & other package

sudo apt -y install software-properties-common tmux htop iotop nano wget curl
sudo add-apt-repository -y ppa:webupd8team/java
sudo apt update && sudo apt -y full-upgrade
sudo apt -y install oracle-java8-installer oracle-java8-set-default

Add minecraft user & login with minecraft

sudo adduser minecraft
su minecraft

Download minecraft server from https://yivesmirror.com/downloads/spigot

mkdir server
cd server
curl -L https://yivesmirror.com/files/paper/Paper-latest.jar > minecraft_server.jar
echo "eula=true" > eula.txt

Exit to main user


Add minecraft server to systemd service

sudo nano /etc/systemd/system/minecraft-server.service

With this unit

Description=start and stop the minecraft-server

RestartSec=20 5

ExecStart=/usr/bin/tmux new -s minecraft-server -d '/usr/bin/java -Xms512M -Xmx2048M -XX:+UseG1GC -XX:ParallelGCThreads=4 -jar minecraft_server.jar nogui'

ExecStop=/usr/bin/tmux send-keys -t minecraft-server:0.0 'say SERVER SHUTTING DOWN. Saving map...' C-m 'save-all' C-m 'stop' C-m
ExecStop=/bin/sleep 2


Reload daemon and allow autostart

sudo systemctl daemon-reload
sudo systemctl enable minecraft-server

Start minecraft server

systemctl start minecraft-server

Stop minecraft server

systemctl stop minecraft-server

Get minecraft server status

systemctl status minecraft-server