Docker requires legacy iptables. If docker installation got network issue, following commands might fix the issue.
sudo update-alternatives --set iptables /usr/sbin/iptables-legacy
apt remove apparmorTable of Contents
Use environment variable RSYNC_PASSWORD to provide password to rsync command
export RSYNC_PASSWORD=$PASSWORD
rsync -zvr source destinationor
env RSYNC_PASSWORD=$PASSWORD rsync -zvr source destinationrsync --password-file=rsync_pass -zvr source destinationSuch as sshpass and public key.
How can I rsync without prompt for password, without using public key authentication?
Table of Contents
Use docker pull command can get image digest
docker pull registry.example.com/image_path/image:tagIf it is daily build for container backup purpose, the tag can be in date format, such as YYYYMMDD. The output can be
20210624: Pulling from image_path/image
...
22b5d63ad977: Already exists
8e2e66517d7e: Pull complete
Digest: sha256:7535af1f65524f9200b901fc31b9c779819e45c0502ef99605666842a319908fThe digest is also printed when deleting it.
docker rmi registry.example.com/image_path/image:tagSample output as below
Untagged: registry.example.com/image_path/image:tag
Untagged: registry.example.com/image_path/image@sha256:e300ff463dc18c7b3bf3964dc5a9832f613d829285a0da49e5fd37519dc7d0fc
Deleted: sha256:35baba3d5948b5844b67adcd6a236905039e929f8647d4e4afc9e64e9460d557
Deleted: sha256:bd681f3956f55dc028bae7ca4c2657457824a0e356c59705302fb084660a669bNote: The Digest is the second tag, the sha256 in the first Deleted message is allowed to be deleted too, but the sha256 in the second Deleted message was not. Don't understand why
curl -v --silent -H "Accept: application/vnd.docker.distribution.manifest.v2+json" -X GET https://$USER:$PASSWORD@registry.example.com/v
2/image_path/image/manifests/tag 2>&1 | grep Docker-Content-Digest | awk '{print ($3)}'curl https://$USER:$PASSWORD@registry.example.com/v2/image_path/image/manifests/sha256:xxxxxxxxxxxxxxxxcurl -X DELETE https://$USER:$PASSWORD@registry.example.com/v2/image_path/image/manifests/sha256:xxxxxxxxxxxxxxxxdocker exec registry bin/registry garbage-collect --delete-untagged /etc/docker/registry/config.ymldocker restart registryTable of Contents
NextCloud shows Internal Server Error on first page.
In docker log, shows following message
Class 'OCP\\User' not foundand it points to following file
/data/nextcloud/apps/epubreader/lib/Hooks.phpThere was an warning message pointing to epubreader app, shows untruested source, but after I reinstalled it, the message disappered.
Access docker
docker exec -it nextcloudpi bashMove the epubreader app to /tmp directory.
mv /data/nextcloud/apps/epubreader/ /tmp/Restart NextCloudPi docker container
After fixed, if try to install EPUB/CBZ/PDF ebook reader app again, following message appears.
Error: This app cannot be enabled because it makes the server unstableIf force install it, NextCloud will appear Internal Server Error again.
Today, got RockPro64 and 10 SATA ports PCI-E card. Will try it once got time.
docker run --rm --entrypoint htpasswd httpd:2 -Bbn <user> <password>Append password into /auth/htpasswd
Restart docker container
Try not to use some special characters in password, such as $, @, etc.
Table of Contents
Except User name and Password, which is hard to remember if you don't want others guess it easily, there are other easy ways to protect SSH server.
This is most a simple way, just generate a pair of key,
ssh-keygenIf need more secure, generate 4096 bit RSA key
ssh-keygen -t rsa -b 4096Then inject public key in .ssh/id_rsa.pub into remote .ssh/authorized_keys
Refer to Signed SSH Certificates using Hashicorp Vault in Practice
Use free software, hashicorp vault to manage signed certificate.
Inject trusted CA key retrieved from vault into target SSH server configure,
Use authorized token and client private key to generate short life signed certificate
Use signed certificate and client private key login to target server
Note: Only need normal token to generate signed certificate
Need to save a token
Refer to Enable 2FA for Ubuntu
Instead of all servers maintain their own password, passwords are centrally managed by authentication server.
Retrieve password from authentication server, then use it to login to remote server.
Remote server will use it to verify against authentication server.
Table of Contents
This is to create an operational task to pass it to operator. For example, SSH to host.
Vault Admin creates AppRole (role_id), pass role_id to Operator as operational task reference id
Vault Admin creates Admin Token (admin_token), pass it to App Token Admin
Now, Operator has a operational task reference id, role_id.
Task Requester submit request to Operator
Operator submit the request to App Token Admin
App Token Admin uses Admin Token against AppRole to create Secret ID (secret_id), pass it to Operator
Operator use role_id and secret_id login to retrieve App token, and retrieve credential, such as signed public key in SSH case
Operator pass credential to Task Performer
Then complete change task.
Root Token - Manage Vault
App Token - Manage App, for example, SSH App as whole
Role ID - Identify AppRole, for example, Project or Host
Secret ID - Retrieve Task Token
Task Token - Retrieve credential
Root Token should be revoken after used
App Token should be securely managed
Secret ID and Task Token should have short life
Secret ID and Task Token should be held by operator or task performer, this can be decided by how AppRole managed. If AppRole cannot restrict the task to be performed, then only can pass credential to task performer.
In order to identify the host, the Host Key Signing mentioned in following page should be considered.
There is no clear info on the machines managed.
In DSM 6, notification can only set as global value
Control Panel => Notifications => Advanced => Internal Storage
Click on Low Capacity of Volume, then define the Warning and Critical space thresholds.
In DSM 7, notification can be defined at individual volume level.
https://nextcloudpi_host:4443/