HP RAID CLI Debian 8 jessie

November 14th, 2016

Список публичных NTP серверов

November 28th, 2015

Restricting Solr with Jetty to localhost

November 11th, 2014

If you want to try Apache Solr, the easiest way to get started is to use the example the comes with the download. Just run java -jar start.jar and you can start searching like a pro.

However, the integrated Jetty server is configured to bind to port 8983 on all IP adresses by default. This configuration is unsafe: anyone could clear your whole Solr index!

It is a good idea to let the server listen (bind) only on localhost, unless your server is in a private network. A quick solution is to set the system properties jetty.host and jetty.port on startup, e.g. like that:

Alternatively, you can edit the configuration at example/etc/jetty.xml. Look for these lines:

Could not load host key: /etc/ssh/ssh_host_ecdsa_key

November 9th, 2014

if you get error message : ‘Could not load host key: /etc/ssh/ssh_host_ecdsa_key’ when restarting ssh, after an upgrade from FreeBSD 8.x to 9.x

You need to create new ecdsa key with following command

#ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N

then you should restart the sshd service

#/etc/rc.d/sshd restart

Nginx direct file upload without passing them through backend

April 16th, 2014

It’s pretty straightforward to manage file upload. Everybody can do it with using multipart/form-data encoding RFC 1867. Let’s see what happens:

client sends POST request with the file content in BODY
webserver accepts the request and initiates data transfer (or returns error 413 if the file size is exceed the limit)
webserver starts to populate buffers (depends on file and buffers size), store it on disk and send it via socket/network to back-end
back-end verifies the authentication (take a look, once file is uploaded)
back-end reads the file and cuts few headers Content-Disposition, Content-Type, stores it on disk again
back-end performs all you need to do with the file
Too much overhead? It happens all the time you upload something. The problems are obvious:

authentication happens on back-end after the file being saved on disk by webserver
the BODY request saves on disk twice (on web-server and back-end sides both)
back-end blocks while eating your file
resulted binary-data rarely required by back-end itself, because images usually use by Imagemagic, documents upload on S3 or something else
To be honest I can see no problem due to small file size upload. But what if you handle big files upload all the time? Let’s assume you use Nginx web-server, so you have several options:

nginx-upload-module widely used, but not supported with Nginx 1.3.9+
nginx-big-upload too young, nobody uses it in production yet
lua-resty-upload requires few external dependencies
clientbodyinfileonly Nginx built-in functionality
The best and production-ready solution is the last one, clientbodyinfileonly. Due to lack of documentation nobody uses it, but let me share with experience how to setup it. First of all you need to use premature authentication before file uploading is started – Basic HTTP Authentication (shared password) or httpauthrequest module (for back-end authentication through headers). Then update nginx configuration with the following config:

location /upload {
auth_basic "Restricted Upload";
auth_basic_user_file basic.htpasswd;
limit_except POST { deny all; }

client_body_temp_path /tmp/;
client_body_in_file_only on;
client_body_buffer_size 128K;
client_max_body_size 1000M;

proxy_pass_request_headers on;
proxy_set_header X-FILE $request_body_file;
proxy_set_body off;
proxy_redirect off;
proxy_pass http://backend/file;

Once you reload nginx, the new URL /upload is ready to accept file upload without any back-end interaction, it all goes through nginx and send callback to http://backend/file with file name in X-FILE header. It’s all, easy?

You already know the file name before you make POST request, so you should preserve it until the back-end receive it. We do use extra headers with POST that pass through Nginx proxy and comes to back-end unmodified. For instance, having X-NAME headers from initial requests help you to catch it up on backend.

If you need to have back-end authentication, only way to handle is to use auth_request, for instance:

location = /upload {
auth_request /upload/authenticate;

location = /upload/authenticate {
proxy_set_body off;
proxy_pass http://backend;

Upload request should come with headers to be validated, for instance X-API-KEY, once authentication is finished, Nginx started to file uploading and pass the file name to backend afterward. It’s internal cascade of requests, so you have to do only one request with file BODY and authentication headers. The good news that auth_request module will be incorporated in the Nginx core soon, so we can use it without ./configure … –add-module=/tmp/ngxhttpauth_request

P.S. clientbodyinfileonly incompatible with multi-part data upload, so you can use it via XMLHttpRequest2 (without multi-part) and binary data upload only

curl –data-binary ‘@file’ http://localhost/upload
This method is prefer to use with native mobile applications that handle big file upload all the time.


Remove The ^M Character At The End Of Text Files

April 16th, 2014

$ cat filename | col -b > newfilename

Mac OS X – Show / Hide Hidden Files in Finder

April 16th, 2014

As noted in the comments its nice to have the text available for easy copy and paste into your terminal.


defaults write com.apple.finder AppleShowAllFiles TRUE
killall Finder


defaults write com.apple.finder AppleShowAllFiles FALSE
killall Finder


Рассылка Frozen писем из очереди exim

February 28th, 2014

Вотм так можно принудительно разослать “замершие письма” из очереди:

exim -bp | grep frozen | awk '{print $3}' | xargs exim -v -M

Accessing Local (Craft) Procedures 9608, 9611G, 9621G and 9641G Deskphones (reset)

February 12th, 2014

During Telephone Startup:
1. During startup, invoke local procedures by pressing * to display the Craft Access Code
Entry screen:
Enter code:__

2. Enter the local dialpad procedure password (0 to 7 numeric digits), as specified by the
system administrator in the system value PROCPSWD. For security purposes, the
telephone displays an asterisk for each numeric dialpad press. If you are using a
touchscreen deskphone, and need to backspace during password entry, use the Contacts
button; for non-touchscreen phones, use the left arrow button or the designated softkey.

Note: The factory-set default Craft Access Code (PROCPSWD) is 27238

Select CLEAR to clear all values to factory defaults

Mikrotik backup to E-Mail

February 11th, 2014

/system script
add name=backup2email policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api source="log info \"Starting Automatic Backup to EMAIL Script\"\r\
\n:global thisdate [/system clock get date]\r\
\n:global datetimestring ([:pick \$thisdate 0 3] .\"-\" . [:pick \$thisdate 4 6] .\"-\" . [:pick \$thisdate 7 11])\r\
\n:global backupfilename ([/system identity get name].\"_\".\$datetimestring.\"_1w\")\r\
\n:global backupbin (\$backupfilename.\".backup\")\r\
\n:global backupexport (\$backupfilename.\".rsc\")\r\
\n:local smtp [:resolve smtp.gmail.com]\r\
\n:local emailto (\"your@mail.ru\")\r\
\n/system backup save name=\"\$backupfilename\"\r\
\n:delay 5s\r\
\n/export compact file=\"\$backupfilename\"\r\
\n:log info \"Please wait...!!!\"\r\
\n:delay 5s\r\
\n/tool e-mail send file=\"\$backupbin\" to=\"\$emailto\" server=\"\$smtp\" port=587 start-tls=yes subject=\"mikrotik \$backupfilename BIN\"\r\
\n:delay 5s\r\
\n/file remove \$backupbin\r\
\n/tool e-mail send file=\"\$backupexport\" to=\"\$emailto\" server=\"\$smtp\" port=587 start-tls=yes subject=\"mikrotik \$backupfilename TXT\"\r\
\n:delay 5s\r\
\n/file remove \$backupexport"
/system scheduler
add interval=1d name=backup2email on-event=backup2email policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api start-date=feb/11/2014 start-time=\
/tool e-mail
set address= from=mikrotik@mail.ru password=MEGAPASS port=587 start-tls=yes user=robot@gmail.com