Author: samuel

FFmpeg Reference file

Records video from an ddshow device and records in to a file with current datestamp in filename. restart after 8 seconds on error or if user user presses Q.

echo off
SET tid=%TIME: =0%
FFmpeg\bin\ffmpeg -strict -2 -f dshow -video_size 1280x720 -framerate 25 -pixel_format yuv420p -i video="Osprey-700 HD Video Device 1":audio="SDI Input 1 (Osprey-700 HD 1)" -filter:v fps=25 -c:v libx264 -preset ultrafast -tune fastdecode -crf 16 -r 25 -g 25 -x264opts "keyint=50:min-keyint=50:no-scenecut" -c:a aac -ab 224000 -ar 48000 -ac 2 c:\referens\referens_720p_%date:~0,4%%date:~-5,2%%date:~-2,2%_%tid:~0,2%%tid:~3,2%%tid:~6,2%%tid:~-2,2%.mp4
timeout 8
goto loop

Set ip-number from commandline

Set Static IP-number

netsh interface ipv4 set address "Extern" static x.x.x.x y.y.y.y z.z.z.z
netsh interface ipv4 add dnsserver name="Extern" address= index=1
netsh interface ipv4 add dnsserver name="Extern" address= index=2

Extern is the name of your network device
x.x.x.x is your ip-number
y.y.y.y is your netmask.
z.z.z.z is your default gateway.

Enable DHCP

netsh interface ipv4 set address "Extern" source=dhcp
netsh interface ipv4 set dnsserver "Extern" source=dhcp



Run letsencrypt as a normal user

Install and change permission to work with your normal user account.

yum install yum-utils -y
yum-config-manager --enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-server-optional
yum install certbot -y

useradd certmaster
chown certmaster: /etc/letsencrypt/ -R
chown certmaster: /var/log/letsencrypt/ -R
chown certmaster: /var/lib/letsencrypt/ -R

You might want to allow your certmaster account to reload nginx or another service then a new certificate exists. To allow certmaster to reload nginx configuration, create sudoers file /etc/sudoers.d/certmaster with this content.

certmaster ALL=NOPASSWD: /usr/bin/systemctl reload nginx.service
certmaster ALL=NOPASSWD: /usr/sbin/nginx -t -c /etc/nginx/nginx.conf

Example of cron script to run.

# .---------------- minute (0 - 59)
# | .------------- hour (0 - 23)
# | | .---------- day of month (1 - 31)
# | | | .------- month (1 - 12) OR jan,feb,mar,apr ...
# | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# | | | | |
# * * * * * user-name command to be executed
# Updates all certificates on saturday morning, checks nginx config and reloads
15 2 * * * certmaster chronic /usr/bin/certbot --no-self-upgrade renew && sudo /usr/sbin/nginx -t -c /etc/nginx/nginx.conf && sudo /usr/bin/systemctl reload nginx.service

Embedding certificates in .ovpn

You can simplify OpenVPN distribution by only use one file for both config and certificates. A normal .ovpn file with separate .key and .crt files looks like this.

client dev tun 
dev-node Dalesjo VPN 
proto tcp 
remote my-server 443 
resolv-retry infinite 
remote-cert-tls server 
verb 3 
comp-lzo yes

ca DALESJO-OpenVPN.crt
tls-auth DALESJO-Server.tls 1

Continue reading

Varnish reload

A reload of the varnish server does not destroy your cache but reloads your vcl.  Check your vcl file for errors before trying a reload.

varnishd -C -f /etc/varnish/default.vcl && systemctl reload varnish.service && systemctl status varnish.service varnishncsa.service

Run commands over SSH

Run one or multiple commands on a remote server

ssh root@host <<'ENDSSH'
#commands to run on remote host

Run a local script on a remote server. (none interactive, cant open nano). the script does not need to start with #/!bin/bash

ssh root@host <

Run a command interactive, ex start nano on remote server.

ssh -t 'nano /etc/postfix/'