Apache2: url-based exception for ProxyPass

i have apache2 reverse proxy which passes traffic to some application server. everything going to /server/ is handled by http://localhost:8000. i had to do one exception – serve content for /server/something.txt from a static file. here’s what i did:

rsync to exfat mount

exfat does not carry information about user/group ownership of files/directories, has less precise timestamps. to make rsync stop complaining about it i’m using:

using clickhouse-local to analyze archived log files

at work we’re hoarding log files. it’s a low-cost, low-tech solution: btrfs, some python script archiving /var/log/*.log, *.1 from hundreds of servers. we have a peace of mind that whatever it is – as long as it’s logging to that folder – we’ll have an archive of it. till now, whenever there was a need ... Read More

debian installer not detecting built-in nvme drive

i’m trying to set up debian 12 on a laptop [ dell latitude 7400 ]. pendrive ready but.. the installer detects only pendrive and no NVMe that holds Windows 11. why? it turns out bios had Raid mode configured for the intel storage controller – as described here. how to reconfigure it without ruining ability ... Read More

playing with min.io cluster

min.io is open source [ although AGPL-3 licensed ] object storage software providing s3-compatible interface and handling clustering for HA & data distribution. below – notes from setting it up on a tiny scale, without using Kubernetes. notes are based on RELEASE.2023-03-24T21-41-23Z i’ve fetched two binaries for the project: my cluster has 4 nodes, looks ... Read More

mental models and alike

https://fs.blog/tgmm https://perell.com/essay/50-ideas-that-changed-my-life https://en.wikipedia.org/wiki/List_of_cognitive_biases https://en.wikipedia.org/wiki/List_of_fallacies

temporarily speeding up IO performance for KVM VM

i have few VMs running on top of spinning rust. recently i’ve upgraded one of them to not-yet-stable debian bookworm. upgrade would be pretty slow but.. i’ve edited the VM definition and asked KVM to allow host server to cache any IO operations. speedup was great, bullseye->bookworm upgrade finished in less than 5 minutes. for ... Read More

using hardware tokens to secure SSH, MS365 logins

i’ve done a bit of research, below – my understanding of the current state of affairs [ 2023-03 ]. i’m writing this while testing YubiKey 5 NFC, but consider different alternatives. SSH why: i’m considering an attack vector where malicious actor has remote control of my PC – can lift up arbitrary files [ including ... Read More

re-parenting a shell command

let’s say you’ve logged in via ssh to some server and started some long running command. minutes or hours later you’ve realized that you did not run it under screen or tmux – so that command will die once your ssh connection is closed. today i’ve learned about reptyr which can help with that – ... Read More

squid-based forward proxy that accepts incoming tls-encrypted connections

we needed to do some interoperability testing, and for that we had to allow http client application to talk with http proxy via secure channel. on debian 11 i had to install package squid-openssl and add this line in /etc/squid/squid.conf: the ssl cert was generated by certbot certonly. that’s how i tested it:

MySQL / MariaDB login audit

once in a while i need to review which database accounts are used, from what IPs connections arrive. MySQL / MariaDB does not have built-in mechanism [ unless you want to allow full query log ], but there’s quite easy way to get the data.

online tools to test your mail infrastructure

once in a while i’m involed in moving mail servers around, to and from the could. those tools are useful each time it’s done: also related – a deep dive into e-mail delivery in 2024.

rsync with more efficient compression, hash algorithm

rsync 3.2.0 and newer supports more compression and hash algorithms. zstd compression is well suited for slower network connections [ tens mbit/s ], lz4 – for faster. xxh3 hash is worth using regardless of the network speed. syntax:

nrpe’s check_http – POSTing a file

i needed to monitor some service available via HTTP, this service is expecting to get a file posted – as if it was submitted via HTML form. so the file’s content is in the POST body, wrapped in Content-Type: multipart/form-data and stored between boundaries. Is it possible to simulate via check_http? yes!