From ca4cd711109e543fe903f63d477768390448b272 Mon Sep 17 00:00:00 2001 From: El Mau Date: Thu, 10 Feb 2022 22:44:33 -0600 Subject: [PATCH] Update --- source/notes/discourse.gmi | 71 ++++++++ source/notes/ffmpeg.gmi | 35 ++++ source/notes/flarum.gmi | 325 ++++++++++++++++++++++++++++++++++ source/notes/iredmail.gmi | 52 +++--- source/notes/jetforce.gmi | 2 +- source/notes/key.gmi | 20 +++ source/notes/mariadb.gmi | 41 +++++ source/notes/nebula.gmi | 5 +- source/notes/nginx.gmi | 119 ++++++++++++- source/notes/openssl.gmi | 20 +++ source/notes/php.gmi | 65 +++++++ source/notes/postgres.gmi | 28 ++- source/notes/ubuntuserver.gmi | 17 +- source/notes/xmlsec.gmi | 13 ++ 14 files changed, 771 insertions(+), 42 deletions(-) create mode 100644 source/notes/discourse.gmi create mode 100644 source/notes/flarum.gmi create mode 100644 source/notes/key.gmi create mode 100644 source/notes/mariadb.gmi create mode 100644 source/notes/openssl.gmi create mode 100644 source/notes/php.gmi create mode 100644 source/notes/xmlsec.gmi diff --git a/source/notes/discourse.gmi b/source/notes/discourse.gmi new file mode 100644 index 0000000..12dff66 --- /dev/null +++ b/source/notes/discourse.gmi @@ -0,0 +1,71 @@ +## Discourse + +Software libre para foros + +### Prerequisitos + +Asegurate de: + +* Tener un VPS limpio recien creado. +* Tener un dominio o subdominio apuntando a la IP del VPS. +* Tener una cuenta de correo electrónico, no de la basura de la GMAFIA. + + +### Clonar + +* Todo el proceso es como root + +``` +sudo -s + +git clone https://github.com/discourse/discourse_docker.git /var/discourse + +cd /var/discourse +``` + +### Instalar + +* Asegurate de que la configuración de salida (SMTP) sea correcta y este funcionando, los correos de alta y activación de la primer cuenta administrativa se envían desde este cuenta, y nunca llegaran si no esta bien configurado. + +``` +./discourse-setup + +Failed to find docker or docker.io on your PATH. +Enter to install Docker from https://get.docker.com/ or Ctrl+C to exit + +Hostname for your Discourse? [discourse.example.com]: foro.cuates.net + +Checking your domain name . . . +Connection to foro.cuates.net succeeded. +Email address for admin account(s)? [me@example.com,you@example.com]: +SMTP server address? [smtp.example.com]: +SMTP port? [587]: +SMTP user name? [user@example.com]: +SMTP password? [pa$$word]: +notification email address? [noreply@foro.cuates.net]: + + +Does this look right? + +Hostname : foro.cuates.net +Email : +SMTP address : +SMTP port : +SMTP username : +SMTP password : +Notification email: +Maxmind license: (unset) + +ENTER to continue, 'n' to try again, Ctrl+C to exit: + +... + +312ba259d82c2ad50a9f10cf0376791148e35232fbff5ff6b82d94ea94e7a742 +``` + +Si terminas con un hash todo se ha instalado correctamente. + + +=> gemini://elmau.net/chuletas.gmi Regresar el índice +=> gemini://elmau.net Regresar el inicio + diff --git a/source/notes/ffmpeg.gmi b/source/notes/ffmpeg.gmi index 29513cd..09c55de 100644 --- a/source/notes/ffmpeg.gmi +++ b/source/notes/ffmpeg.gmi @@ -1,39 +1,74 @@ ## ffmpeg 1] Cortar un video + ```Cortar un video + ffmpeg -i ENTRADA.mp4 -ss 00:00:00 -to 00:10:00 -c copy SALIDA.mp4 -ss = empezar en -to = terminar en + ``` 2] Descargar y fusionar un video desde un enlace m3u8, no debe estar encriptado. + ```Descargar y fusionar un video + ffmpeg -i "URL.m3u8" -c copy -bsf:a aac_adtstoasc output.mp4 + ``` 3] Escalar un video a la mitad + ```Escalar un video + ffmpeg -i input.mp4 -vcodec libx265 -crf 28 -vf "scale=iw/2:ih/2" output.mp4 + ``` 4] Concatenar videos. + ```Concatenar videos + ffmpeg -f concat -safe 0 -i files.txt -c copy output.mp4 + ``` El archivo files.txt debe contener las rutas de los videos en el formato: + ``` + file 'path/video1.mp4' file 'path/video2.mp4' + ``` 5] Extraer el audio de un video + ```Extraer el audio + ffmpeg -i video.mp4 -q:a 0 -map a audio.ogg + ``` +6] Extrare subtítulos de un video + +Primero extra los lenguajes y sus índices + +``` + +ffprobe -v error -of json VIDEO.mkv -of json -show_entries "stream=index:stream_tags=language" -select_streams s + +``` + +Ahora extrae por índice: + +``` + +ffmpeg -i VIDEO.mkv -map "0:2" subtitulo.eng.srt + +``` => gemini://elmau.net/chuletas.gmi Regresar el índice => gemini://elmau.net Regresar el inicio diff --git a/source/notes/flarum.gmi b/source/notes/flarum.gmi new file mode 100644 index 0000000..df87435 --- /dev/null +++ b/source/notes/flarum.gmi @@ -0,0 +1,325 @@ +## Flarum + +Flarum es un software para foros moderno y ligero. + +Instalación en un servidor Ubuntu 20.04. Ya debes de tener un dominio o subdominio apuntando a la IP de tu servidor. + +### Instalar composer + +* Actualizar el sistema + +``` +sudo apt update +sudo apt upgrade +``` + +* Instalar requisitos previos + +``` +sudo apt install php-cli unzip php-fpm +``` + +* Descargar `composer`, puede ser en `home` + +``` +curl -sS https://getcomposer.org/installer -o composer-setup.php +``` + +* Verificamos la descarga + +``` +HASH=`curl -sS https://composer.github.io/installer.sig` + +php -r "if (hash_file('SHA384', 'composer-setup.php') === '$HASH') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;" + +Installer verified +``` + +"No continues" si no ves: `Installer verified` + +* Instalamos + +``` +sudo php composer-setup.php --install-dir=/usr/local/bin --filename=composer +``` + +* Comprobamos + +``` +composer -V + +Composer version 2.1.12 2021-11-09 16:02:04 +``` + +* Se puede borrar el instalador + +``` +rm composer-setup.php +``` + + +### Instalar las extensiones necesarias + +``` +sudo apt install php-curl php-dom php-gd php-mbstring php-mysql php-zip +``` + +### Instalamos Flarum + +* Creamos la carpeta de instalación, cambiamos temporalmente el dueño, reemplaza USER por tu uuario y nos cambiamos a ella. + +``` +sudo mkdir /opt/flarum + +sudo chown USER:USER /opt/flarum + +cd /opt/flarum +``` + +* Instalamos Flarum + +``` +sudo composer create-project flarum/flarum . +``` + +### Instalamos Certbot + +* Usa un correo que puedas consultar para registrarte, es importante para las notificaciones de vencimiento del certificado. + +``` +sudo apt install certbot + +sudo certbot register --agree-tos -m YOUR_EMAIL +``` + +* Solicitamos el certificado, reemplaza DOMAIN por el dominio de tu foro. + +``` +sudo certbot certonly --standalone --preferred-challenges http-01 -d DOMAIN + + /etc/letsencrypt/live/DOMAIN/fullchain.pem + /etc/letsencrypt/live/DOMAIN/privkey.pem +``` + +* Generamos el archivo: ssl-dhparams.pem + +``` +sudo openssl dhparam -dsaparam -out /etc/letsencrypt/ssl-dhparams.pem 4096 +``` + +* Creamos el archivo: options-ssl-nginx.conf + +``` +sudo vim /etc/letsencrypt/options-ssl-nginx.conf + + ssl_session_cache shared:le_nginx_SSL:10m; + ssl_session_timeout 1440m; + + ssl_protocols TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; + + ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA38"; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header Permissions-Policy interest-cohort=(); +``` + +* Creamos el archivo: certbot.conf + +``` +sudo vim /etc/letsencrypt/live/DOMAIN/certbot.conf + + ssl_certificate /etc/letsencrypt/live/DOMAIN/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/DOMAIN/privkey.pem; + include /etc/letsencrypt/options-ssl-nginx.conf; + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; +``` + + +### Instalamos Nginx + +``` +sudo apt install nginx +``` + +* Configuración general + +``` +sudo vim /etc/nginx/nginx.conf + + user www-data; + worker_processes auto; + worker_rlimit_nofile 20480; + pid /run/nginx.pid; + + error_log /var/log/nginx/error.log warn; + + events { + worker_connections 5120; + } + + http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + server_tokens off; + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + + keepalive_timeout 65; + + include /etc/nginx/sites-enabled/*.conf; + + disable_symlinks off; + + client_max_body_size 100M; + + } +``` + +* Configuración para Flarum + +``` +sudo vim /etc/nginx/sites-available/flarum.cuates.net.conf + + server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name flarum.cuates.net; + charset utf-8; + + include /etc/letsencrypt/live/cuates.net/certbot.conf; + proxy_set_header X-Forwarded-For $remote_addr; + server_tokens off; + + access_log /var/log/nginx/foro.cuates.net.access.log; + error_log /var/log/nginx/foro.cuates.net.error.log; + + client_max_body_size 10M; + + root /opt/flarum/public; + index index.php index.html; + + include /opt/flarum/.nginx.conf; + + location ~ \.php$ { + fastcgi_pass unix:/run/php/php7.4-fpm.sock; + fastcgi_index index.php; + fastcgi_read_timeout 240; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + fastcgi_split_path_info ^(.+.php)(/.+)$; + } + + } + +``` + +* Creamos vínculo simbólico + +``` +sudo ln -s /etc/nginx/sites-available/flarum.cuates.net.conf /etc/nginx/sites-enabled/ +``` + +* Borrar el sitio predeterminado + +``` +sudo rm /etc/nginx/sites-enabled/default +``` + +* Validamos la configuración. + +``` +sudo nginx -t + +nginx: the configuration file /etc/nginx/nginx.conf syntax is ok +nginx: configuration file /etc/nginx/nginx.conf test is successful +``` + +No continues si obtienes cualquier error. + + +### Instalar y configurar MariaDB + +``` +sudo apt install mariadb-server + +sudo mysql_secure_installation + + Set root password? [Y/n] Y + Remove anonymous users? [Y/n] Y + Disallow root login remotely? [Y/n] Y + Remove test database and access to it? [Y/n] Y + Reload privilege tables now? [Y/n] Y + + Cleaning up... + + All done! If you've completed all of the above steps, your MariaDB + installation should now be secure. + + Thanks for using MariaDB! + +sudo mysql -u root -p + + use mysql; + update user set plugin='mysql_native_password' where user='root'; + flush privileges; +``` + +* Crear usuario y base de datos, reemplaza USER por el usuario para la base de datos y usa una contraseña fuerte. + +``` +CREATE DATABASE flarum; + +CREATE USER 'USER'@'localhost' IDENTIFIED BY 'CONTRASEÑA_FUERTE'; + +GRANT ALL PRIVILEGES ON flarum . * TO 'USER'@'localhost'; + +FLUSH PRIVILEGES; + +exit; +``` + +* Quitar la mierda de Google, elimina la línea 10 + +``` +vim /opt/flarum/vendor/flarum/core/views/install/app.php + + @import url(//fonts.googleapis.com/css?family=Open+Sans:400italic,700italic,400,700,600); +``` + +* Cambia el usuario y los permisos a la carpeta de instalación. + +``` +sudo chown -R www-data:www-data /opt/flarum + +sudo chmod -R 775 /opt/flarum +``` + +* Reinicia nginx + +``` +sudo systemctl restart nginx +``` + +* En tu navegador ver a la URL de tu foro para continuar con la instalación. + +``` +https://foro.cuates.net +``` + +* Captura todos los datos solicitados. + + + +=> gemini://elmau.net/chuletas.gmi Regresar el índice +=> gemini://elmau.net Regresar el inicio + diff --git a/source/notes/iredmail.gmi b/source/notes/iredmail.gmi index b8a4b2a..79b19d4 100644 --- a/source/notes/iredmail.gmi +++ b/source/notes/iredmail.gmi @@ -1,58 +1,66 @@ ## iRedMail * Manejar listas con + ``` su cd /opt/iredapd/tools wblist_admin.py -h + ``` -> Desactivar recepción para USER@DOMAIN -``` -\c vmail +* Desactivar recepción para USER@DOMAIN + +``` +psql -U postgres + + \c vmail + + UPDATE mailbox + SET enablelda=0, enabledeliver=0 + WHERE username='USER@DOMAIN'; -UPDATE mailbox -SET enablelda=0, enabledeliver=0 -WHERE username='USER@DOMAIN'; ``` -> Bloquear spam por cabeceras, algunos ejemplos. +* Bloquear spam por cabeceras, algunos ejemplos. + ``` vim /etc/postfix/header_checks -/^Subject: =?big5?/ REJECT Chinese encoding not accepted by this server + /^Subject: =?big5?/ REJECT Chinese encoding not accepted by this server -/^Subject: =?EUC-KR?/ REJECT Korean encoding not allowed by this server + /^Subject: =?EUC-KR?/ REJECT Korean encoding not allowed by this server -/^Subject: ADV:/ REJECT Advertisements not accepted by this server + /^Subject: ADV:/ REJECT Advertisements not accepted by this server -/^Subject: =?Windows-1251?/ REJECT Russian encoding not allowed by this server + /^Subject: =?Windows-1251?/ REJECT Russian encoding not allowed by this server -/^Subject: =\?KOI8-R\?/ REJECT Russian encoding not allowed by this server + /^Subject: =\?KOI8-R\?/ REJECT Russian encoding not allowed by this server -/^Subject:.*=\?(big5|euc-kr|gb2312|ks_c_5601-1987)\?/ REJECT Language not accepted by this server as it is probably spam + /^Subject:.*=\?(big5|euc-kr|gb2312|ks_c_5601-1987)\?/ REJECT Language not accepted by this server as it is probably spam -/[^[:print:]]{8}/ REJECT Sorry, ascii characters only permitted by this server + /[^[:print:]]{8}/ REJECT Sorry, ascii characters only permitted by this server -/^From:.*\@.*\.cn/ REJECT Sorry, Chinese mail not allowed here + /^From:.*\@.*\.cn/ REJECT Sorry, Chinese mail not allowed here -/^From:.*\@.*\.kr/ REJECT Sorry, Korean mail not allowed here + /^From:.*\@.*\.kr/ REJECT Sorry, Korean mail not allowed here -/^From:.*\@.*\.tr/ REJECT Sorry, Turkish mail not allowed here + /^From:.*\@.*\.tr/ REJECT Sorry, Turkish mail not allowed here -/^From:.*\@.*\.ru/ REJECT Sorry, Russian mail not allowed here + /^From:.*\@.*\.ru/ REJECT Sorry, Russian mail not allowed here -/^From:.*\@.*\.ro/ REJECT Sorry, Romanian mail not allowed here + /^From:.*\@.*\.ro/ REJECT Sorry, Romanian mail not allowed here -/^(Received|Message-Id|X-(Mailer|Sender)):.*\b(AutoMail|E-Broadcaster|Emailer Platinum|Thunder Server|eMarksman|Extractor|e-Merge|from stealth[^.]|Global Messenger|GroupMaster|Mailcast|MailKing|Match10|MassE-Mail|massmail\.pl|News Breaker|Powermailer|Quick Shot|Ready Aim Fire|WindoZ|WorldMerge|Yourdora|Lite)\b/ REJECT No mass mailers allowed. You are probably sending spam + /^(Received|Message-Id|X-(Mailer|Sender)):.*\b(AutoMail|E-Broadcaster|Emailer Platinum|Thunder Server|eMarksman|Extractor|e-Merge|from stealth[^.]|Global Messenger|GroupMaster|Mailcast|MailKing|Match10|MassE-Mail|massmail\.pl|News Breaker|Powermailer|Quick Shot|Ready Aim Fire|WindoZ|WorldMerge|Yourdora|Lite)\b/ REJECT No mass mailers allowed. You are probably sending spam -/^X-Mailer:.*\b(Aristotle|Avalanche|Blaster|Bomber|DejaVu|eMerge|Extractor|UltraMail|Sonic|Floodgate|GeoList|Mach10|MegaPro|Aureate|MultiMailer|Bluecom|Achi-Kochi Mail|Direct Email|Andrew's SuperCool Blastoise|MailerGear|Advanced Mass Sender|SpireMail|MailWorkZ|UltimDBMail|Mabry|Lite)\b/ REJECT No mass mailers allowed. You are probably sending spam. + /^X-Mailer:.*\b(Aristotle|Avalanche|Blaster|Bomber|DejaVu|eMerge|Extractor|UltraMail|Sonic|Floodgate|GeoList|Mach10|MegaPro|Aureate|MultiMailer|Bluecom|Achi-Kochi Mail|Direct Email|Andrew's SuperCool Blastoise|MailerGear|Advanced Mass Sender|SpireMail|MailWorkZ|UltimDBMail|Mabry|Lite)\b/ REJECT No mass mailers allowed. You are probably sending spam. -/^(To|From|Cc|Reply-To):.*@optonline/ REJECT Sorry, your message is probably spam + /^(To|From|Cc|Reply-To):.*@optonline/ REJECT Sorry, your message is probably spam ``` + => gemini://elmau.net/chuletas.gmi Regresar el índice => gemini://elmau.net Regresar el inicio diff --git a/source/notes/jetforce.gmi b/source/notes/jetforce.gmi index 69289d7..aa094c9 100644 --- a/source/notes/jetforce.gmi +++ b/source/notes/jetforce.gmi @@ -68,7 +68,7 @@ vim /opt/gemini/index.gmi ``` # Mi super servidor Gemini -Sin la basura GAFAM +Sin la basura de la GMAFIA ``` 11] Prueba el server, reemplaza DOMINIO por tu dominio diff --git a/source/notes/key.gmi b/source/notes/key.gmi new file mode 100644 index 0000000..00630ea --- /dev/null +++ b/source/notes/key.gmi @@ -0,0 +1,20 @@ +## Certificados + + +* Generar + +``` +ssh-keygen -t ed25519 +``` + +* Copiar a un servidor + +``` +ssh-copy-id -i ~/.ssh/id_ed25519.pub USER@IP +``` + + + +=> gemini://elmau.net/chuletas.gmi Regresar el índice +=> gemini://elmau.net Regresar el inicio + diff --git a/source/notes/mariadb.gmi b/source/notes/mariadb.gmi new file mode 100644 index 0000000..3e9d4c3 --- /dev/null +++ b/source/notes/mariadb.gmi @@ -0,0 +1,41 @@ +## MariaDB + +* Instalar + +```Instalar +sudo apt install mariadb-server +``` + +* Configurar + +```Configurar +sudo mysql_secure_installation + +Set root password? [Y/n] Y +Remove anonymous users? [Y/n] Y +Disallow root login remotely? [Y/n] Y +Remove test database and access to it? [Y/n] Y +Reload privilege tables now? [Y/n] Y + +Cleaning up... + +All done! If you've completed all of the above steps, your MariaDB +installation should now be secure. + +Thanks for using MariaDB! +``` + +* Para poder acceder con contraseña + +``` +sudo mysql -u root -p + + use mysql; + update user set plugin='mysql_native_password' where user='root'; + flush privileges; + quit; +``` + +=> gemini://elmau.net/chuletas.gmi Regresar el índice +=> gemini://elmau.net Regresar el inicio + diff --git a/source/notes/nebula.gmi b/source/notes/nebula.gmi index 840f16a..555eac0 100644 --- a/source/notes/nebula.gmi +++ b/source/notes/nebula.gmi @@ -329,7 +329,7 @@ Por ultimo, podemos mover los archivos, el binario, los certificados y el archiv Creamos el servicio. ``` -sudo cat /etc/systemd/system/nebula.service +sudo vim /etc/systemd/system/nebula.service ``` Con el siguiente contenido. @@ -339,11 +339,10 @@ Con el siguiente contenido. Description=nebula Wants=basic.target network-online.target After=basic.target network.target network-online.target +Before=sshd.service [Service] SyslogIdentifier=nebula -StandardOutput=syslog -StandardError=syslog ExecReload=/bin/kill -HUP $MAINPID ExecStart=/opt/nebula/nebula -config /opt/nebula/config.yml Restart=always diff --git a/source/notes/nginx.gmi b/source/notes/nginx.gmi index 15e84e1..d699860 100644 --- a/source/notes/nginx.gmi +++ b/source/notes/nginx.gmi @@ -1,12 +1,127 @@ ## Nginx -> Evitar la nueva pendejada de Google llamada FLoC +* Instalar + + * Ubuntu Server 20.04 +``` +sudo apt install nginx +``` + +* Configuración basica + +``` +sudo vim /etc/nginx/nginx.conf + + user www-data; + worker_processes auto; + worker_rlimit_nofile 20480; + pid /run/nginx.pid; + + error_log /var/log/nginx/error.log warn; + + events { + worker_connections 5120; + } + + http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + server_tokens off; + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + + keepalive_timeout 65; + + include /etc/nginx/sites-enabled/*.conf; + + disable_symlinks off; + + client_max_body_size 10m; + + } +``` + +* Evitar la nueva pendejada de Google llamada FLoC + ``` vim /etc/letsencrypt/options-ssl-nginx.conf -add_header Permissions-Policy interest-cohort=(); + add_header Permissions-Policy interest-cohort=(); ``` +* Instalar The Ultimate Nginx Bad Bot, User-Agent, Spam Referrer Blocker, + +``` +sudo wget https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/install-ngxblocker -O /usr/local/sbin/install-ngxblocker + +sudo chmod +x /usr/local/sbin/install-ngxblocker + +sudo install-ngxblocker -x + +sudo chmod +x /usr/local/sbin/setup-ngxblocker + +sudo chmod +x /usr/local/sbin/update-ngxblocker + +sudo /usr/local/sbin/setup-ngxblocker -x -e conf +``` + +* No hay bots buenos + +``` +sudo vim /etc/nginx/bots.d/blacklist-user-agents.conf + + # ------------ + # MY BLACKLIST + # ------------ + + "~*(?:\b)x22(?:\b)" 3; + "~*(?:\b){|}(?:\b)" 3; + "~*(?:\b)mb_ereg_replace(?:\b)" 3; + "~*(?:\b)file_put_contents(?:\b)" 3; + "~*(?:\b)AdsBot-Google(?:\b)" 3; + "~*(?:\b)DoCoMo(?:\b)" 3; + "~*(?:\b)Feedfetcher-Google(?:\b)" 3; + "~*(?:\b)Google-HTTP-Java-Client(?:\b)" 3; + "~*(?:\b)Googlebot(?:\b)" 3; + "~*(?:\b)Googlebot-Image(?:\b)" 3; + "~*(?:\b)Googlebot-Mobile(?:\b)" 3; + "~*(?:\b)Googlebot-News(?:\b)" 3; + "~*(?:\b)Googlebot-Video(?:\b)" 3; + "~*(?:\b)Googlebot/Test(?:\b)" 3; + "~*(?:\b)Gravityscan(?:\b)" 3; + "~*(?:\b)Jakarta\ Commons(?:\b)" 3; + "~*(?:\b)Kraken/0.1(?:\b)" 3; + "~*(?:\b)LinkedInBot(?:\b)" 3; + "~*(?:\b)Mediapartners-Google(?:\b)" 3; + "~*(?:\b)SAMSUNG(?:\b)" 3; + "~*(?:\b)Slackbot(?:\b)" 3; + "~*(?:\b)Slackbot-LinkExpanding(?:\b)" 3; + "~*(?:\b)TwitterBot(?:\b)" 3; + "~*(?:\b)Wordpress(?:\b)" 3; + "~*(?:\b)adidxbot(?:\b)" 3; + "~*(?:\b)aolbuild(?:\b)" 3; + "~*(?:\b)bingbot(?:\b)" 3; + "~*(?:\b)bingpreview(?:\b)" 3; + "~*(?:\b)developers.facebook.com(?:\b)" 3; + "~*(?:\b)duckduckgo(?:\b)" 3; + "~*(?:\b)facebookexternalhit(?:\b)" 3; + "~*(?:\b)facebookplatform(?:\b)" 3; + "~*(?:\b)gsa-crawler(?:\b)" 3; + "~*(?:\b)msnbot(?:\b)" 3; + "~*(?:\b)msnbot-media(?:\b)" 3; + "~*(?:\b)slurp(?:\b)" 3; + "~*(?:\b)teoma(?:\b)" 3; + "~*(?:\b)yahoo(?:\b)" 3; +``` + + + => gemini://elmau.net/chuletas.gmi Regresar el índice => gemini://elmau.net Regresar el inicio diff --git a/source/notes/openssl.gmi b/source/notes/openssl.gmi new file mode 100644 index 0000000..6df7efc --- /dev/null +++ b/source/notes/openssl.gmi @@ -0,0 +1,20 @@ +# Openssl + + +* DER a PEM, cuidado, queda sin contraseña + +``` +openssl pkcs8 -inform DER -in certificate.key -out certificate.pem +``` + +* CER a PEM + +``` +openssl x509 -inform der -in cert.cer -out cert.cer.pem +``` + +* A PFX + +``` +openssl pkcs12 -export -out cert.pfx -inkey cert.key.pem -in cert.cer.pem +``` diff --git a/source/notes/php.gmi b/source/notes/php.gmi new file mode 100644 index 0000000..fcc69df --- /dev/null +++ b/source/notes/php.gmi @@ -0,0 +1,65 @@ +## PHP + +### Instalar composer + +* Actualizar el sistema + +``` +sudo apt update +``` + +* Instalar requisitos previos + +``` +sudo apt install php-cli unzip +``` + +* Descargar `composer`, puede ser en `home` + +``` +curl -sS https://getcomposer.org/installer -o composer-setup.php +``` + +* Verificamos la descarga + +``` +HASH=`curl -sS https://composer.github.io/installer.sig` + +php -r "if (hash_file('SHA384', 'composer-setup.php') === '$HASH') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;" + +Installer verified +``` + +"No continues" si no ves: `Installer verified` + +* Instalamos + +``` +sudo php composer-setup.php --install-dir=/usr/local/bin --filename=composer +``` + +* Comprobamos + +``` +composer -V +``` + +* Se puede borrar el instalador + +``` +rm composer-setup.php +``` + + +### Instalar extensiones + +* Dependerá de los requerimientos del software. + +``` +sudo apt install php-curl php-dom php-gd php-mbstring php-mysql php-zip +``` + + +=> gemini://elmau.net/chuletas.gmi Regresar el índice +=> gemini://elmau.net Regresar el inicio + diff --git a/source/notes/postgres.gmi b/source/notes/postgres.gmi index 3e79245..5129b81 100644 --- a/source/notes/postgres.gmi +++ b/source/notes/postgres.gmi @@ -1,12 +1,15 @@ ## Postgres -Instalar +* Instalar + ```Instalar sudo apt install postgresql ``` -Configurar acceso + +* Configurar acceso + ```Configurar acceso sudo vim /etc/postgresql/12/main/pg_hba.conf @@ -17,7 +20,9 @@ sudo systemctl restart postgresql ``` -Crear roles y bases de datos + +* Crear roles y bases de datos + ``` psql -U postgres @@ -28,6 +33,23 @@ psql -U postgres ``` +* Generar respaldo de una base de datos. + +``` +pg_dump -U postgres -d DATA_BASE -Fc -f NAME.bk + +``` + + +* Restaurar base de datos desde respaldo. + +``` +pg_restore -U postgres -d DATA_BASE NAME.bk + +``` + + + => gemini://elmau.net/chuletas.gmi Regresar el índice => gemini://elmau.net Regresar el inicio diff --git a/source/notes/ubuntuserver.gmi b/source/notes/ubuntuserver.gmi index ce9af6e..836e941 100644 --- a/source/notes/ubuntuserver.gmi +++ b/source/notes/ubuntuserver.gmi @@ -2,22 +2,18 @@ Agregar un usuario. -``` +```Agregar usuario adduser USER - ``` Agregar un usuario al grupo "sudo". -``` +```Agregar usuario a grupo gpasswd -a USER sudo - ``` Establecer el uso horario ```Establecer el uso horario - sudo timedatectl set-timezone America/Mexico_City - ``` Mantener actualizado el servidor @@ -26,7 +22,6 @@ Mantener actualizado el servidor sudo apt update sudo apt upgrade - ``` Establecer locales @@ -64,10 +59,6 @@ Establecer el hostname sudo hostnamectl set-hostname elmau.net -sudo vim /etc/hostname - - elmau.net - sudo vim /etc/hosts 127.0.0.1 elmau.net localhost @@ -91,6 +82,8 @@ sudo vim /etc/ssh/sshd_config PasswordAuthentication no LogLevel INFO +sudo systemctl restart ssh + ``` Desactivar los mensajes de Ubuntu al entrar @@ -118,6 +111,8 @@ sudo ufw allow ssh sudo ufw allow http sudo ufw allow https +sudo ufw allow PORT/tcp + sudo ufw enable ``` diff --git a/source/notes/xmlsec.gmi b/source/notes/xmlsec.gmi new file mode 100644 index 0000000..13e3b17 --- /dev/null +++ b/source/notes/xmlsec.gmi @@ -0,0 +1,13 @@ +# xmlsec + +* Firmar + +``` +xmlsec1 --sign --output doc-signed.xml --privkey-pem cert.key.pem doc.xml +``` + +* Firmar con PFX + +``` +xmlsec --sign --output doc-signed-x509.xml --pkcs12 cert.pfx --pwd hello --trusted-pem cert.cer.pem doc.xml +```