Mirror http(s) (s)ftp(s) with lftp

Install lftp

#!/usr/bin/env bash
apt update && apt -y full-upgrade
apt -y install lftp
exit 0

Mirror from remote to local

lftp http://mirror.remote.site/src-path -e "mirror -e -c -P=4 . /local/target-path; bye"

Explain

lftp remote_url/path -e [command]

mirror [option] source target

-e delete different files

-c continue transfer

-P=[number] number of parallel connections

SoftEther VPN ubuntu server

Update server and install essential package

sudo apt-get update && sudo apt-get -y upgrade
sudo apt-get -y install build-essential wget curl

Install SoftEther RTM from source as systemd daemon

#!/usr/bin/env bash
RTM=$(curl http://www.softether-download.com/files/softether/ | grep -o 'v[^"]*e' | grep rtm | tail -1)
IFS='-' read -r -a RTMS <<< "${RTM}"

mkdir -p /tmp/softether
cd /tmp/softether || exit 1

wget "http://www.softether-download.com/files/softether/${RTMS[0]}-${RTMS[1]}-${RTMS[2]}-${RTMS[3]}-${RTMS[4]}/Linux/SoftEther_VPN_Server/64bit_-_Intel_x64_or_AMD64/softether-vpnserver-${RTMS[0]}-${RTMS[1]}-${RTMS[2]}-${RTMS[3]}-linux-x64-64bit.tar.gz"

tar xzf "softether-vpnserver-${RTMS[0]}-${RTMS[1]}-${RTMS[2]}-${RTMS[3]}-linux-x64-64bit.tar.gz"

cd vpnserver
sudo make

cd ..
sudo mv vpnserver /usr/local/

sudo chmod 0600 /usr/local/vpnserver/*
sudo chmod +x /usr/local/vpnserver/vpnserver
sudo chmod +x /usr/local/vpnserver/vpncmd

cat <<EOF >>/lib/systemd/system/vpnserver.service
[Unit]
Description=SoftEther VPN Server
After=network.target

[Service]
Type=forking
ExecStart=/usr/local/vpnserver/vpnserver start
ExecStop=/usr/local/vpnserver/vpnserver stop

[Install]
WantedBy=multi-user.target
EOF

systemctl enable vpnserver.service
systemctl restart vpnserver.service

exit 0

Init first config

cd /usr/local/vpnserver/
sudo ./vpncmd

1


ServerPasswordSet

Installer script

Freeradius with Zimbra LDAP

Get zimbra LDAP url and password

zmlocalconfig -s ldap_master_url zimbra_ldap_password

Edit /etc/freeradius/modules/ldap

ldap {
...
        server = "ldap_master_url"
        identity = "uid=zimbra,cn=admins,cn=zimbra"
        password = "zimbra_ldap_password"
        basedn = "ou=people,dc=yourHost,dc=yourDomain"
        filter = "(mail=%{mschap:User-Name:-%{User-Name}}@*)"
        base_filter = "(objectClass=organizationalPerson)"
...
}

Edit /etc/freeradius/sites-available/default

authorize {
...
        ldap
...
}

authenticate {
...
        Auth-Type LDAP {
                ldap
        }
...
}

Edit /etc/freeradius/modules/mschap

mschap {
...
        use_mppe = yes
        require_encryption = yes
        require_strong = yes
        with_ntdomain_hack = yes
        ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} --challenge=%{%{mschap:Challenge}:-00} --nt-response=%{%{mschap:NT-Response}:-00}"
...
}

Edit /etc/freeradius/eap.conf

eap {
...
    default_eap_type = ttls
    ...
    gtc {
    ...
        auth_type = PAP
    ...
    }
    ttls {
    ...
        default_eap_type = gtc
    ...
    }
    peap {
    ...
        default_eap_type = gtc
    ...
    }
...
}

Edit /etc/freeradius/clients.conf

...
#client IPv4/CIDR4 {
#        secret = "[email protected]"
#        shortname = ipv4-clients
#}
#client IPv6/CIDR6 {
#       secret = "[email protected]"
#       shortname = ipv6-clients
#}
client 0.0.0.0/0 {
        secret = "[email protected]"
        shortname = ipv4-clients
}
client ::/0 {
       secret = "[email protected]"
       shortname = ipv6-clients
}

Restart freeradius service

systemctl restart radiusd

Enable IPv4 and IPv6 on Zimbra Collaboration

Work around nginx proxy IPv6 fix

sed -i 's| ipv6only=off||g' /opt/zimbra/conf/nginx/templates/nginx.conf.*

Get current settings

su zimbra
zmprov gs `zmhostname` | grep -i ipmode

Get public IP

# IPv6
curl http://v6.ipv6-test.com/api/myip.php
# IPv4
curl http://v4.ipv6-test.com/api/myip.php

Enable IPv4 and IPv6

zmprov ms `zmhostname` zimbraIPMode both
zmprov ms `zmhostname` "127.0.0.0/8 [::1]/128 IPv4/32 [IPv6]/128"
/opt/zimbra/libexec/zmiptool
zmcontrol restart

 

HPKP with letsencrypt and nginx

Get SPKI-hash

Let’s Encrypt Authority X4

curl https://letsencrypt.org/certs/lets-encrypt-x4-cross-signed.pem | openssl x509 -pubkey | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | base64

Let’s Encrypt Authority X3

curl https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem | openssl x509 -pubkey | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | base64

ISRG Root X1

curl https://letsencrypt.org/certs/isrgrootx1.pem | openssl x509 -pubkey | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | base64

Add config to nginx

add_header Public-Key-Pins 'pin-sha256="X4-Hash"; pin-sha256="X3-Hash"; pin-sha256="X1-Hash"; max-age=15768000;';

Reload nginx

nginx -s reload

 

Minecraft server on ubuntu

Update OS & package

sudo apt update && sudo apt -y full-upgrade

Install JAVA & other package

sudo apt -y install software-properties-common tmux htop iotop nano wget curl
sudo add-apt-repository -y ppa:webupd8team/java
sudo apt update && sudo apt -y full-upgrade
sudo apt -y install oracle-java8-installer oracle-java8-set-default

Add minecraft user & login with minecraft

sudo adduser minecraft
su minecraft

Download minecraft server from https://yivesmirror.com/downloads/spigot

mkdir server
cd server
curl -L https://yivesmirror.com/files/spigot/spigot-latest.jar > minecraft_server.jar
echo "eula=true" > eula.txt

Exit to main user

exit

Add minecraft server to systemd service

sudo nano /etc/systemd/system/minecraft-server.service

With this unit

[Unit]
Description=start and stop the minecraft-server

[Service]
WorkingDirectory=/home/minecraft/server
User=minecraft
Group=minecraft
Restart=on-failure
RestartSec=20 5
Type=forking

ExecStart=/usr/bin/tmux new -s minecraft-server -d '/usr/bin/java -XX:+UseConcMarkSweepGC -XX:+UseParNewGC -XX:+CMSIncrementalPacing -XX:ParallelGCThreads=2 -XX:+AggressiveOpts -jar minecraft_server.jar nogui'

ExecStop=/usr/bin/tmux send-keys -t minecraft-server:0.0 'say SERVER SHUTTING DOWN. Saving map...' C-m 'save-all' C-m 'stop' C-m
ExecStop=/bin/sleep 2

[Install]
WantedBy=multi-user.target
Alias=minecraft.service

Reload daemon and allow autostart

sudo systemctl daemon-reload
sudo systemctl enable minecraft-server

Start minecraft server

systemctl start minecraft-server

Stop minecraft server

systemctl stop minecraft-server

Get minecraft server status

systemctl status minecraft-server