Servers

SSH tunnel

Posted on by Andy

how to open an SSH tunnel through another host: 

# ssh -l <user> -L <local_port>:<remote_host>:<remote_port> <host_to_connect>

this can be chained through multiple hosts, e.g.

# ssh -l user1 -L 80:localhost.1234 server1 (type on local machine)
# ssh -l user2 -L 1234:localhost:80 server2 (type on server1)

now server2's port can be reached through http://localhost

Limit per request bandwidth using Apache 2.4

Posted on by Andy

Apache 2.4 has a module called mod_ratelimit. This module gives you the ability to limit the bandwidth of your requests posted to the web server. The usage is quite simple (read the docs):

First load the module (Apache 2.4 on FreeBSD). Uncomment following line in /usr/local/etc/apache24/httpd.conf 

LoadModule ratelimit_module libexec/apache24/mod_ratelimit.so

This will load the module during next startup. Now how do i use it? Well, let's say you want the whole server to limit every request to 5MB/s, then use this: 

<IfModule mod_ratelimit.c>
    SetOutputFilter RATE_LIMIT
    SetEnv rate-limit 5120
</IfModule>

The same can be applied to only specific directories if you need to: 

<IfModule mod_ratelimit.c>
    <Location "/downloads">
        SetOutputFilter RATE_LIMIT
        SetEnv rate-limit 5120
    </Location>
</IfModule>

Last step, as apache needs to load a new module, restart your webserver, not reload: 

# service apache24 restart

Mounting samba share permanently (Ubuntu 16.04 LTS)

Posted on by Andy

Here is how to mount a windows/samba share permanently with your /etc/fstab:

First install the cifs-utils package: 

# apt-get install cifs-utils

now create a credential file containing your user and password 

# vim /home/myuser/.smbcredentials

add following lines: 

username=myuser
password=mypassword
domain=mydomain (optional)

then secure its permissions: 

# chmod 600 /home/myuser/.smbcredentials

after that open your /etc/fstab and add following line to it: 

//servername/share /mymountpoint cifs vers=3.0,sec=ntlmssp,credentials=/home/myuser/.smbcredentials,iocharset=utf8 0 0

as a final step run 

# sudo mount -a

Some explanations on the fstab line:

vers: this specifies the SMB protocol version, in my case version 3.0
sec: sets the security for the password hashes, here NTLMv2 password hash inside raw NTLM
credentials: sets the file with your credentials
iocharst: sets the encoding to UTF-8

(refer to man mount.cifs for parameter details)