Difference between revisions of "Very Windy"

From 6bit.ch wiki
Jump to navigation Jump to search
Tag: Manual revert
Line 14: Line 14:
role -> tags (nginx) will apply:<br>
role -> tags (nginx) will apply:<br>
<code>group_vars/all/nginx.yml</code><br>
<code>group_vars/all/nginx.yml</code><br>


<code>ansible-playbook -C -D playbooks/all.yml -u windy -t nginx</code> -C (check, dry run), -D (diff, show differences) -u (remote user) -t (tags)<br>
<code>ansible-playbook -C -D playbooks/all.yml -u windy -t nginx</code> -C (check, dry run), -D (diff, show differences) -u (remote user) -t (tags)<br>
Line 23: Line 22:
== curl ==
== curl ==
<code>curl -v --resolve windy.verywindy.ch:443:192.168.161.1 https://windy.verywindy.ch</code> check connection with hardcoded dns<br>
<code>curl -v --resolve windy.verywindy.ch:443:192.168.161.1 https://windy.verywindy.ch</code> check connection with hardcoded dns<br>


== New Systems ==
== New Systems ==
Line 50: Line 48:
   <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="99">-j DROP</rule>
   <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="99">-j DROP</rule>
</direct></nowiki>
</direct></nowiki>
== Clear root Password / disable root login ==
<code>passwd -dl root</code>

Revision as of 10:21, 18 February 2026

Very Windy

git

git submodule update --init Submodule laden
git submodule update --init --recursive Submodule laden
git submodule update --remote Submodule aktualisieren

openssl

Check CSR:
openssl req -in sample.csr -noout -text

ansible

playbooks/all.yml
role -> tags (nginx) will apply:
group_vars/all/nginx.yml

ansible-playbook -C -D playbooks/all.yml -u windy -t nginx -C (check, dry run), -D (diff, show differences) -u (remote user) -t (tags)

ln

ln -s ../files

curl

curl -v --resolve windy.verywindy.ch:443:192.168.161.1 https://windy.verywindy.ch check connection with hardcoded dns

New Systems

Size: 2CPU, 2G RAM, 40G Disk
VG Name: system
/: 10G
Swap: 4G
/var-log: 4G

IPTables / firewalld

 <?xml version="1.0" encoding="utf-8"?>
<direct>
  <rule ipv="ipv4" table="filter" chain="INPUT" priority="0">-p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT</rule>
  <rule ipv="ipv4" table="filter" chain="INPUT" priority="1">-p tcp --dport 21022 -m state --state NEW,ESTABLISHED -j ACCEPT</rule>
  <rule ipv="ipv4" table="filter" chain="INPUT" priority="5">-p icmp -j ACCEPT</rule>
  <rule ipv="ipv4" table="filter" chain="INPUT" priority="8">-p udp --sport 53 -j ACCEPT</rule>
  <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="0">-p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT</rule>
  <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="1">-p tcp --sport 21022 -m state --state ESTABLISHED -j ACCEPT</rule>
  <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="5">-p icmp -j ACCEPT</rule>
  <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="6">-p udp --dport 53 -j ACCEPT</rule>
  <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="8">-p tcp --dport 80 -j ACCEPT</rule>
  <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="9">-p tcp --dport 443 -j ACCEPT</rule>
  <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="12">-p udp --dport 123 -j ACCEPT</rule>
  <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="67">-p udp --dport 67:68 -j ACCEPT</rule>
  <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="69">-m state --state ESTABLISHED,RELATED -j ACCEPT</rule>
  <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="99">-j DROP</rule>
</direct>

Clear root Password / disable root login

passwd -dl root

Retrieved from "http://wiki.6bit.ch/index.php?title=Very_Windy&oldid=292"