/var/bergercity/ – Seite 2 – what does IT stand for?

Cloud backup with restic

Yes, I’ve tried multiple approaches in the past to get an offsite-backup up and running. I’ve used rsync first and then obnam and duplicity with encryption. Both successful with remote ssh-hosts.

But times are changing and I wanted to use a cloud-storage provider now instead of a dedicated remote host for my backups – so I started with duplicity/duply to get AWS S3 access running – that worked quite good.

But for some reason I discovered restic on github and gave it a try (maybe because of this introduction)

Things I like:

growing user base on GitHub
its encrypted (very interesting read on this)
uses deduplication
usage is straightforward, no hard to read config-files with dozens of options
no full-/incremental backups, every backup is a „snapshot“
they’re promise to not change the repository format in the future
access to cloud providers (tested AWS S3 and Google Cloud Storage) went very easy
its using a local cache to speed up (but is not sticked to that)
you could move the backups to different locations using standard tools and they’re still usable
local backups (like on USB-drives) could be achieved the same way: every destination is considered as „remote“ and is encrypted

Documentation is good, so I won’t share usage details here. But I’ve started backups to Google Cloud Storage last week and it feels great…

Schlagwörter AWS, Backup, Google Cloud, Restic

General

postfix: redirect mails for root

Beitragsautor Von otto
Beitragsdatum 1. November 2017
Keine Kommentare zu postfix: redirect mails for root

Short note: redirect local root mails (cron, mdadm, …) to an external address:

# install postfix
apt-get install postfix

# add alias for root
echo "root: otto@example.com" >> /etc/aliases

# reload aliases for postfix
newaliases

Schlagwörter crond, mdadm, Postfix

General

Vigor 130 Webinterface / PPPOE passthrough with Sophos UTM

Beitragsautor Von otto
Beitragsdatum 27. August 2017
Keine Kommentare zu Vigor 130 Webinterface / PPPOE passthrough with Sophos UTM

The Vigor 130 works very well as VDSL (Vectoring) modem in connection with a Sophos UTM. Therefore the modem is configured in PPPOE pass-through mode – this way all connection related details like credentials are configured by the Sophos UTM.

Because the vigor 130 has only one Ethernet interface I always had to re-plug some network cables just to watch the DSL status via the webinterface of the „modem“.

Here are some hints on how to connect to the modem interface (using just basic routing).

In my case my LAN subnet is 192.168.23.0/24.

Place the modem into an additional Subnet

here: 192.168.24.0/24, ip of the modem: 192.168.24.2

create a static route

the vigor allows not to change the default route, but that is also not neccessary if you have only one LAN subnet.

Add an additional address to the Sophos WAN interace

In my setup the WAN interface is used as PPPOE interface for the modem, but its easy to add the modem subnet on top of it:

Thats it!

you should now be able to connect to your modem webinterface from your LAN via http://192.168.24.2/

Schlagwörter Astaro, DSL, Sophos, VDSL, Vigor

Linux MacOS

macOS: ignore hostkeys of some hosts

Beitragsautor Von otto
Beitragsdatum 14. April 2017
Keine Kommentare zu macOS: ignore hostkeys of some hosts

To ignore hostkey checking for a subnet (i.e. when hosts got changed/provisioned/scaled often) use the following snippet:

# ~/.ssh/config

Host 172.18.*
   StrictHostKeyChecking no
   UserKnownHostsFile=/dev/null

But use with care, in general hostkey checking is a good idea!

Schlagwörter ssh

Linux

force fsck on next boot

Beitragsautor Von otto
Beitragsdatum 16. Januar 2017
Keine Kommentare zu force fsck on next boot

How to force a filesystem check on next boot?

touch /forcefsck

Schlagwörter Linux

MacOS

macOS: add ssh-keys to agent

Beitragsautor Von otto
Beitragsdatum 10. Januar 2017
Keine Kommentare zu macOS: add ssh-keys to agent

Since macOS sierra the system don’t adds ssh-keys to the agent automatically anymore. Add the following ssh-config file to restore the previous behaviour:

# ~/.ssh/config

Host *
    UseKeychain yes
    AddKeysToAgent yes

after connecting to a remote shell and typing the passphrase once the key/passphrase will be remembered in the macOS keychain.

Schlagwörter MacOS, ssh

Links

Links November 2015

Linux

Debugging NGINX location regex-rules

Beitragsautor Von otto
Beitragsdatum 10. August 2015
Keine Kommentare zu Debugging NGINX location regex-rules

Nginx has unfortunately no really usable „rewrite log“ for regex location matches. But you can create your own small (but sometimes very useful) debug output:

    location ~ ^/(.*?)/(.*)  {

        return 200 'Debug: 1:$1  2:$2';
        add_header Content-Type text/plain;

        # try_files $uri /$1/index.php?$args;
    }

Nginx now simply returns the generated content:

Debug: 1:xxxxx  2:yyyyy

The add_header statement is used to force text-output if you’re debugging using a web-browser (otherwise a download would be created).

Schlagwörter NGINX, regex

Allgemein Links

Links August 2015

A bit Elasticsearch dominated this time ;-)

Schlagwörter elasticsearch, haproxy, logstash, PHP

Allgemein

Links April 2015

Beitragsautor Von otto
Beitragsdatum 25. April 2015
Keine Kommentare zu Links April 2015

Schlagwörter elasticsearch, logstash, Openfire, opennebula, OpenNMS