Varnish reload

A reload of the varnish server does not destroy your cache but reloads your vcl.  Check your vcl file for errors before trying a reload.

varnishd -C -f /etc/varnish/default.vcl && systemctl reload varnish.service && systemctl status varnish.service varnishncsa.service

Run commands over SSH

Run one or multiple commands on a remote server

ssh root@host <<'ENDSSH'
#commands to run on remote host

Run a local script on a remote server. (none interactive, cant open nano). the script does not need to start with #/!bin/bash

ssh root@host <

Run a command interactive, ex start nano on remote server.

ssh -t 'nano /etc/postfix/'

Uninstall compiled software

When uninstalling software you compiled yourself you can run make -n install to see what the make install command did. For Nginx you only had to remove /sbin/nginx before installning NginX from YUM.

# make -n install
make -f objs/Makefile install
make[1]: Entering directory `/root/install/cache/nginx-1.9.9'
test -d '/' || mkdir -p '/'
test -d '/' || mkdir -p '/'
test ! -f '/sbin' || mv '/sbin' '/sbin.old'
cp objs/nginx '/sbin'
test -d '/etc/nginx' || mkdir -p '/etc/nginx'
cp conf/koi-win '/etc/nginx'
cp conf/koi-utf '/etc/nginx'
cp conf/win-utf '/etc/nginx'
test -f '/etc/nginx/mime.types' || cp conf/mime.types '/etc/nginx'
cp conf/mime.types '/etc/nginx/mime.types.default'
test -f '/etc/nginx/fastcgi_params' || cp conf/fastcgi_params '/etc/nginx'
cp conf/fastcgi_params '/etc/nginx/fastcgi_params.default'
test -f '/etc/nginx/fastcgi.conf' || cp conf/fastcgi.conf '/etc/nginx'
cp conf/fastcgi.conf '/etc/nginx/fastcgi.conf.default'
test -f '/etc/nginx/uwsgi_params' || cp conf/uwsgi_params '/etc/nginx'
cp conf/uwsgi_params '/etc/nginx/uwsgi_params.default'
test -f '/etc/nginx/scgi_params' || cp conf/scgi_params '/etc/nginx'
cp conf/scgi_params '/etc/nginx/scgi_params.default'
test -f '/etc/nginx/nginx.conf' || cp conf/nginx.conf '/etc/nginx/nginx.conf'
cp conf/nginx.conf '/etc/nginx/nginx.conf.default'
test -d '/var/run/nginx' || mkdir -p '/var/run/nginx'
test -d '/var/log/nginx/access' || mkdir -p '/var/log/nginx/access'
test -d '//html' || cp -R html '/'
test -d '/var/log/nginx/errors' || mkdir -p '/var/log/nginx/errors'
make[1]: Leaving directory `/root/install/cache/nginx-1.9.9'


Javier Rivera on askubuntu

Keepalive in varnish


Default in varnish 5.2.1 keepalive is enabled, and set with a timeout of timeout_idle=5 seconds. which means that if no traffic goes through the tcp pipe in 5 seconds the TCP connection is closed.

If you are running HLS with a chunksize of 8 seconds you want to change timeout_idle to 8 seconds. you can change timeout_idle in a default installation by adding the following to /etc/varnish/varnish.params.

DAEMON_OPTS="-p timeout_idle=8"

Continue reading

Add a second network card

To add a second ip-number to an network interface create a new ifcfg file ex /etc/sysconfig/network-scripts/ifcfg-enp1s0f0:0


The default configuration for that interface might have parameters such as UUID, NAME those are not needed. change ONBOOT to yes after testing the configuration. To test run.

systemctl restart network.service

SSH Filtering

The goal is to allow root to login with username/password from local IP-addresses. But only allow root to login with public key authentication from internet.

First change the following settings in /etc/ssh/sshd_config. this will allow normal users to login with username/password but root users must use public key authentication.

PasswordAuthentication yes
PermitRootLogin without-password

Second, add the following to the end of /etc/ssh/sshd_config. Its important that you are in the end of the file because how sshd_config is read by the daemon.

Match address
 PermitRootLogin yes

DNSSEC with named

Faster entropy

after haveged is installed /proc/sys/kernel/random/entropy_avail should return something above 1000.

yum install -y epel-release
yum install -y rng-tools haveged
systemctl enable haveged.service
systemctl start haveged.service
systemctl status haveged.service
cat /proc/sys/kernel/random/entropy_avail
cat /dev/random | rngtest -c 1000

Source: NixCraft
Continue reading

PfSense does not boot without a monitor because of serial ports

Shuttle DS77u, DS67u and DS57u has problem booting without a monitor then upgrading from PfSense 2.3 to 2.4. These devices ran Legacy bios and not UEFI (UEFI is a new feature in PfSense 2.4) but never booted if the sceen was disconnected at power on, and never initialized the screen if plugged in after power on. This was because the serial ports were enabled in bios.

Bleupomme on PfSense Forum had the answer.

This just happened to me too on a shuttle XPC:
– Updated the BIOS, but this did not solve the problem
– Brute forced BIOS settings
-> by disabling the Serial ports the computer boots normally

Does pfsense 2.4 default to Serial and wait for some sort of connection when there is no monitor?