CIFS/Smbclient speed

By default the linux smbclient mounts smb shares using smb protocol version 1.0 (now deprecated). resulting in slow transfer speed against Windows 10 shares. by adding vers=3.0 to you mount options you are using smb protocol version 3.0 with greater speed.

mount -t cifs //192.168.60.202/föreningar "/mnt/share/radion/k2/foreningar" --verbose -o username=backup,password=mypassword,vers=3.0

More info in this stackexchange thread about cifs randomly losing connection to windows share

FFmpeg Reference file

Records video from an ddshow device and records in to a file with current datestamp in filename. restart after 8 seconds on error or if user user presses Q.

echo off
:loop
SET tid=%TIME: =0%
FFmpeg\bin\ffmpeg -strict -2 -f dshow -video_size 1280x720 -framerate 25 -pixel_format yuv420p -i video="Osprey-700 HD Video Device 1":audio="SDI Input 1 (Osprey-700 HD 1)" -filter:v fps=25 -c:v libx264 -preset ultrafast -tune fastdecode -crf 16 -r 25 -g 25 -x264opts "keyint=50:min-keyint=50:no-scenecut" -c:a aac -ab 224000 -ar 48000 -ac 2 c:\referens\referens_720p_%date:~0,4%%date:~-5,2%%date:~-2,2%_%tid:~0,2%%tid:~3,2%%tid:~6,2%%tid:~-2,2%.mp4
timeout 8
goto loop

Set ip-number from commandline

Set Static IP-number

netsh interface ipv4 set address "Extern" static x.x.x.x y.y.y.y z.z.z.z
netsh interface ipv4 add dnsserver name="Extern" address=208.67.220.220 index=1
netsh interface ipv4 add dnsserver name="Extern" address=208.67.222.222 index=2

Extern is the name of your network device
x.x.x.x is your ip-number
y.y.y.y is your netmask.
z.z.z.z is your default gateway.

Enable DHCP

netsh interface ipv4 set address "Extern" source=dhcp
netsh interface ipv4 set dnsserver "Extern" source=dhcp

 

 

Run letsencrypt as a normal user

Install and change permission to work with your normal user account.

yum install yum-utils -y
yum-config-manager --enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-server-optional
yum install certbot -y

useradd certmaster
chown certmaster: /etc/letsencrypt/ -R
chown certmaster: /var/log/letsencrypt/ -R
chown certmaster: /var/lib/letsencrypt/ -R

You might want to allow your certmaster account to reload nginx or another service then a new certificate exists. To allow certmaster to reload nginx configuration, create sudoers file /etc/sudoers.d/certmaster with this content.

certmaster ALL=NOPASSWD: /usr/bin/systemctl reload nginx.service
certmaster ALL=NOPASSWD: /usr/sbin/nginx -t -c /etc/nginx/nginx.conf

Example of cron script to run.

# .---------------- minute (0 - 59)
# | .------------- hour (0 - 23)
# | | .---------- day of month (1 - 31)
# | | | .------- month (1 - 12) OR jan,feb,mar,apr ...
# | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# | | | | |
# * * * * * user-name command to be executed
# Updates all certificates on saturday morning, checks nginx config and reloads
15 2 * * * certmaster chronic /usr/bin/certbot --no-self-upgrade renew && sudo /usr/sbin/nginx -t -c /etc/nginx/nginx.conf && sudo /usr/bin/systemctl reload nginx.service

Embedding certificates in .ovpn

You can simplify OpenVPN distribution by only use one file for both config and certificates. A normal .ovpn file with separate .key and .crt files looks like this.

client dev tun 
dev-node Dalesjo VPN 
proto tcp 
remote my-server 443 
resolv-retry infinite 
nobind 
persist-key 
persist-tun 
remote-cert-tls server 
verb 3 
comp-lzo yes

ca DALESJO-OpenVPN.crt
cert DALESJO-SADAL.crt
key DALESJO-SADAL.key
tls-auth DALESJO-Server.tls 1

Continue reading

Varnish reload

A reload of the varnish server does not destroy your cache but reloads your vcl.  Check your vcl file for errors before trying a reload.

varnishd -C -f /etc/varnish/default.vcl && systemctl reload varnish.service && systemctl status varnish.service varnishncsa.service