Networking / Síťování

Apache

iptables and network wide access

iptables -I INPUT 4 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT

Basic HTTP access authentication

Create username and password to file, where apache main process has permitted to read, but not to site or any other shared space!

htpasswd file username

Site configuration file in /etc/apache2 or something you have should have in appropriate directory section something like

AllowOverride AuthConfig

Create .htaccess in directory to be protected with content:

AuthType Basic
AuthUserFile full_path_to_htpasswd_file
AuthName "Some message to user."
Require user username

More advanced version to allow some ip address without authentication.

AuthType Basic
AuthUserFile full_path_to_htpasswd_file
AuthName "Hey, log in or get out!"
Require user username
Order allow,deny
Allow from ip_address_to_allow_without_authentication
satisfy any

source: http://httpd.apache.org/docs/2.2/howto/auth.html

SSH

Key-based authentification

ssh-keygen -t rsa
cat ~/.ssh/id_rsa.pub | ssh user@host 'cat >> .ssh/authorized_keys'

Remote port forwarding to get on home computer behind NAT with help of public server

Remote port forwarding means bringing client's port or any port in client's range (here home's 22 port of ssh but it can be 80 of internal webpage etc...) *to listen* on remote machine's port. Here is difference between local port forwarding.

In following instructions, remote machine is called public and machine whose port should listen on public is called home. On public check if in sshd_config there is

AllowTcpForwarding yes

It should be yes as default, for details see [2]. For forwarding home's 22 to 11000 on public do in home

ssh -N -R 11000:localhost:22 publicuser@public

Then you can connect when logged in public by

ssh -l homeuser -p 11000 localhost

You can use autossh instead ssh to automatically restart session when died.

if you can ensure there are no vulnerable SSH accounts on home (for example by setting home's sshd_config AllowUsers directive) you can change on public allow in sshd_config

GatewayPorts yes

and then instead "11000:localhost:22" do "\*:11000:localhost:22" to listen for all adresses on all interfaces to allow from everywhere on the net

ssh -p 11000 homeuser@public

Sources:

[1] man ssh
[2] man sshd_config

Nginx

Installing nginx on CentOS 7 [tested]

Misc / Různé

Hostname

TODO: how to set

Is nice to get name to machine i.e. to show it in prompt for your quick info. Show short and full hostname:

hostname
hostname -f

netstat

netstat to write which programs (-p) are listening (-l) on TCP ports (-t) (to exclude unix sockets)

netstat -plt --numeric-ports

traceroute

traceroute google.cz

Show external IP address

dig +short myip.opendns.com @resolver1.opendns.com

from http://unix.stackexchange.com/questions/22615/how-can-i-get-my-external-ip-address-in-bash

Postfix

Postfix configuration utility:

dpkg-reconfigure postfix

Home / Domů