Rabbitmq create user

# Enable web interface plugin
rabbitmq-plugins enable rabbitmq_management

# Create user with password
rabbitmqctl add_user megaadmin zwuvY0Ce7AETPsY2t4v5

# Set user role
rabbitmqctl set_user_tags megaadmin administrator
# Set user permissions
rabbitmqctl set_permissions -p / megaadmin ".*" ".*" ".*"

Linux top opened files

## Get common list of all opened files
lsof > lsof.log

## Get top
cat lsof.log | awk '{ print $2 " " $1; }' | sort -rn | uniq -c | sort -rn | head -20

Openvz notes

Migrate container between nodes

vzmigrate --live REMOTE-IP LOCAL-CTID

For example

vzmigrate --live -v 192.168.5.5 413

Quotas

Disk quota
vzctl set CTID --diskspace 45G:49G --save

Ram quota
vzctl set CTID --ram 3G --swap 2048M --save

firewalld allow ports

Check rules

# firewall-cmd --state

Get default zone

# firewall-cmd --get-default-zone

Add allowed ports

# firewall-cmd --zone=public --add-port=50000-51000/tcp

Add permanent allowed ports

# firewall-cmd --zone=public --permanent --add-port=50000-51000/tcp

Check ports and services

# firewall-cmd --zone=public --permanent --list-services
# firewall-cmd --zone=public --permanent --list-ports

Add custom service

# firewall-cmd --zone=public --permanent --add-service=https
# firewall-cmd --zone=public --permanent --add-service=smtp
# firewall-cmd --zone=public --permanent --add-service=imap

After all changes need apply rules

# firewall-cmd --reload

check processlist from swap

for file in /proc/*/status ; do awk '/VmSwap|Name/{printf $2 " " $3}END{ print ""}' $file; done | sort -k 2 -n -r | less

MariaDB enable slow logs

MariaDB [(none)]> SET GLOBAL slow_query_log = 'ON';
MariaDB [(none)]> set global slow_query_log_file = '/var/log/mariadb/slow.log';

mysql create user and db with privileges

> create database newdb;

 > GRANT ALL PRIVILEGES ON newdb . * TO 'newusername'@'localhost'  IDENTIFIED BY 'PASS';

> flush privileges;

// Change user password 

> SET PASSWORD FOR 'newusername'@'hostname' = PASSWORD('new-password');

> flush privileges;

/var/cache/nginx/fastcgi_temp permission denied

check which user nginx is running

ps aux | grep "nginx: worker process"

in my case it "apache"

chown apache:apache /var/cache/nginx/ -R

openssl csr request

openssl req -new -nodes -newkey rsa:2048 -keyout mydomain.key -out mydomain.csr

allow, deny not working apache + nginx

For allow remote connections for specific IP add next to htaccess

SetEnvIf Remote_Addr «10.11.12.15|10.11.12.16″ realremoteaddr
Order Deny,Allow
Deny from all
allow from env=realremoteaddr

10.11.12.15|10.11.12.16 — allowed IP


For deny:

SetEnvIf Remote_Addr «10.11.12.15|10.11.12.16″ realremoteaddr
Order Allow,Deny
Allow from all
Deny from env=realremoteaddr

10.11.12.15|10.11.12.16 — now allowed IPs

linux set PATH variable permanently

add to  ~/.bashrc

for example


export PATH=$PATH:/root/bin

nginx init.d script

#!/bin/sh
#
# nginx - this script starts and stops the nginx daemin
#
# chkconfig:   - 85 15
# description:  Nginx is an HTTP(S) server, HTTP(S) reverse \
#               proxy and IMAP/POP3 proxy server
# processname: nginx
# config:      /usr/local/nginx/conf/nginx.conf
# pidfile:     /usr/local/nginx/logs/nginx.pid

# Source function library.
. /etc/rc.d/init.d/functions

# Source networking configuration.
. /etc/sysconfig/network

# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0

nginx="/usr/local/sbin/nginx"
prog=$(basename $nginx)

NGINX_CONF_FILE="/usr/local/nginx/conf/nginx.conf"

lockfile=/var/lock/subsys/nginx

start() {
    [ -x $nginx ] || exit 5
    [ -f $NGINX_CONF_FILE ] || exit 6
    echo -n $"Starting $prog: "
    daemon $nginx -c $NGINX_CONF_FILE
    retval=$?
    echo
    [ $retval -eq 0 ] && touch $lockfile
    return $retval
}

stop() {
    echo -n $"Stopping $prog: "
    killproc $prog -QUIT
    retval=$?
    echo
    [ $retval -eq 0 ] && rm -f $lockfile
    return $retval
}

restart() {
    configtest || return $?
    stop
    start
}

reload() {
    configtest || return $?
    echo -n $"Reloading $prog: "
    killproc $nginx -HUP
    RETVAL=$?
    echo
}

force_reload() {
    restart
}

configtest() {
  $nginx -t -c $NGINX_CONF_FILE
}

rh_status() {
    status $prog
}

rh_status_q() {
    rh_status >/dev/null 2>&1
}

case "$1" in
    start)
        rh_status_q && exit 0
        $1
        ;;
    stop)
        rh_status_q || exit 0
        $1
        ;;
    restart|configtest)
        $1
        ;;
    reload)
        rh_status_q || exit 7
        $1
        ;;
    force-reload)
        force_reload
        ;;
    status)
        rh_status
        ;;
    condrestart|try-restart)
        rh_status_q || exit 0
            ;;
    *)
        echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
        exit 2
esac

haproxy exclude redirect domain to https

in frontend http-in section


redirect scheme https if !{ hdr(Host) -i sub.domain.com } !{ ssl_fc }

git server hook after push

in server repo site edit file
.git/hooks/post-receive

add next script


#!/bin/bash
export GIT_WORK_TREE=/var/www/sitepath
git checkout -f

create big file linux / создать большой файл

dd if=/dev/zero of=/home//movie.flv

it will be record zero data to file, until you'll stop operation

second solution

fallocate -l 1G test.img

search files modified in range time / найти файлы модифицированные в промежуток времени

find /path/to/dir/   -newermt '2015-08-24 11:35'   ! -newermt '2015-08-24 12:17'   -ls

linux кем слушаются порты

rpcinfo -p

вывод примерно такой

[root@host ~]# rpcinfo -p
   program vers proto   port
    100000    2   tcp    111  portmapper
    100000    2   udp    111  portmapper
    100011    1   udp    678  rquotad
    100011    2   udp    678  rquotad
    100011    1   tcp    681  rquotad
    100011    2   tcp    681  rquotad
    100021    1   udp  32768  nlockmgr
    100021    3   udp  32768  nlockmgr
    100021    4   udp  32768  nlockmgr
    100003    2   udp   2049  nfs
    100003    3   udp   2049  nfs
    100003    4   udp   2049  nfs
    100021    1   tcp  33303  nlockmgr
    100021    3   tcp  33303  nlockmgr
    100021    4   tcp  33303  nlockmgr
    100003    2   tcp   2049  nfs
    100003    3   tcp   2049  nfs
    100003    4   tcp   2049  nfs
    100005    1   udp    718  mountd
    100005    1   tcp    721  mountd
    100005    2   udp    718  mountd
    100005    2   tcp    721  mountd
    100005    3   udp    718  mountd
    100005    3   tcp    721  mountd

nginx / apache parse access log

cat /var/log/nginx/access_log | awk '{print $1}' |sort | uniq -c | sort -k 1 -n

AH00082: an unknown filter was not added: PHP

Должно быть так

/etc/apache2/apache2.conf

AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps

А не так

/etc/apache2/mod-available/php5filter.conf
<Files *.php>
       SetOutputFilter PHP
       SetInputFilter PHP
</Files>

Делаем так

#<Files *.php>
#      SetOutputFilter PHP
#       SetInputFilter PHP
#</Files>

Как посмотреть cron для всех пользователей

#!/bin/bash
for user in `cat /etc/passwd | cut -d":" -f1`;
do 
crontab -l -u $user;
done