TagLinux

The fastest rsync over SSH options

When synchronizing a ton of data you don’t want to wait longer than really necessary! So I tested several suggestions found on the net and came up with the following:

rsync -aHxv --numeric-ids --delete --progress -e "ssh -T -c arcfour -o Compression=no -x" <source_dir> <user>@<dest>:<dest_dir>

This command is almost exactly what somaddict suggested on commandlinefu.com.

Optimizing/Compressing PDF Files

To reduce the size of a PDF, you may try run this command on a linux box:

gs -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/ebook -dNOPAUSE -dQUIET -dBATCH -sOutputFile=output.pdf input.pdf

If the -dPDFSETTINGS=/ebook option produces too pixeled pictures, try -dPDFSETTINGS=/prepress, if you need an even smaller file size, try -dPDFSETTINGS=/screen.

nginx server status page and interpretation

Server tuning starts with server monitoring, with server-stats you can learn about the usage of nginx.

First, check if nginx has been compiled with –with-http_stub_status_module.

$ /usr/sbin/nginx -V 2>&1 | grep --color with-http_stub_status_module

Check the output for –with-http_stub_status_module. If it’s not there, you must compile it in manually.

If you have it, start by add this config snippet to your server config:

server {
  listen 127.0.0.1:8200;
  location /server-status {
    stub_status on;
    access_log off;
    allow 127.0.0.1;
    deny all;
  }
}

Then, reload nginx. You can query the status page from localhost only with this config. Try it:

$ wget http://127.0.0.1:8200/server-status -qO -

Active connections: 4
server accepts handled requests
488803 488803 1002230
Reading: 0 Writing: 2 Waiting: 2

This reads like this:

We have 4 active connections, 2 of them are currently being served by nginx (Writing), 0 are requesting something (Reading) and 2 have open connections but there is no activity at the moment (Waiting), this is because of keep-alive connections.

The server has accepted 488803 connections and could answer 488803 of it (100%). Within this connections, 1002230 requests have been served (2.05 requests/connection).

make git use vim and vimdiff

I like git, vim and vimdiff a lot! Here’s how you configure git to use vim as editor and vimdiff as merge tool:

git config --global merge.tool vimdiff
git config --global core.editor vim

enable SELinux on a Debian DO droplet

debian-DO-SELinux

Sometimes I have a natural attraction to things making my life more complicated. I could have just installed CentOS. Or rented a dedicated server. Or stopped using SELinux. But I wanted it all. So I’d like to show you how you can install Debian 7 on a DigitalOcean droplet and have SELinux enabled.

The problem is that at DO the kernel comes from outside (KVM) and you cannot manipulate it nor it’s parameters. But you can use kexec to replace the kernel as soon as you’re in control.

Before you begin:

  • I assume a freshly installed Debian 7 here (tested on 64bit version)
  • you should take a backup before proceeding!

Okay, get all the updates and install the required software

$ sudo apt-get update
$ sudo apt-get upgrade
$ sudo apt-get install selinux-basics selinux-policy-default auditd kexec-tools

Run selinux-activate, it modifies grub (no matter here), PAM and touches /.autorelabel:

$ sudo selinux-activate

Then, edit the file /etc/init.d/rcS and put the following in front of exec /etc/init.d/rc S

if grep -v kexeced /proc/cmdline ;then
      kexec -l /vmlinuz --initrd=/initrd.img --command-line="$(cat /proc/cmdline) selinux=1 security=selinux kexeced" && kexec -e
fi

If this is done, you’re ready to reboot!

$ sudo reboot

You can add some extra time for the reboot as it has to relabel all the files for the first time.

When rebooted, check the SELinux status with:

$ sestatus

Happy labeling :)

© 2017 netmess

Theme by Anders NorenUp ↑