Posts

Microsoft 365 open source replacement - Part 1 - Solution Design

Image
This is an open source solution as an alternative to Microsoft 365. Here is the overview of the solution. Let me introduce the function of each components. Cloudflare First of all , we use Cloudflare as our first line of defend. The free plan include SSL certificate , Global CDN and Unmetered mitigation of DDoS attacks with up to 59 Tbps capacity.  Nginx Master nginx will act as the reverse proxy for most of the services. So that you wouldn't need to configure ssl certificate for each of the services behind the nginx. And you can configure a lot of settings here, for example, limit service access by incoming ip address , fault tolerance and load balance the service. This is a example if you need HA or load balance Authelia Authelia will work together with Nginx to provide 2FA protection for the services that don't support 2FA. For our case here, Guacamole, Bookstack and LDAP Manager do not have 2FA, so we will shield it with Authelia. Zimbra Zimbra Collaboration is a collaborat

Setup mail server with ldap authentication in docker

Getting an email server to run in docker is easy but getting an email server with ldap authentication to run in docker spend me a week to get up and running. Here are the steps that I taken. I will assume you already know how to install docker. Install LDAP. docker run \              --detach \              --restart unless-stopped \              --name openldap \              -e LDAP_ORGANISATION=domain \              -e LDAP_DOMAIN=domain.com \              -e LDAP_ADMIN_PASSWORD=complex-password \              -e LDAP_RFC2307BIS_SCHEMA=true \              -e LDAP_REMOVE_CONFIG_AFTER_SETUP=true \              -e LDAP_TLS=false \              -p 389:389 \              --volume /data/openldap/var_lib_ldap:/var/lib/ldap \              --volume /data/openldap/etc_ldap_slapd.d:/etc/ldap/slapd.d \              osixia/openldap:latest Install postfix-book schema into the ldap. # cd /etc/ldap/schema # apt update # apt install vim wget # wget https://raw.githubusercontent.com/variablenix/ldap-

Firefox performance issue at fedora 32

If you are running firefox in Fedora 32 XFCE spin, you might face performance issue. I fix it by turn on gfx.webrender.enabled and gfx.webrender.all in about:config . Hope this will help to solve the issue for you. ---

My note on ffmpeg usage

Image
Most Common Basic Usage to burn subtitles into video ffmpeg -i input.mp4 -vf subtitles="sub.srt" output.mp4 with gpu ffmpeg -i input.mp4 -c:v hevc_amf -vf subtitles="sub.srt" output.mp4 ffmpeg -i input.mp4 -c:v h264_amf -vf subtitles="sub.srt" output.mp4 ffmpeg -i input.mp4 -c:v h264_nvenc -vf subtitles="sub.srt" output.mp4 Use this command to list down gpu option available ffmpeg -f lavfi -i nullsrc -c:v h264_nvenc -gpu list -f null - Below is the RAW note which I haven't tidy up. Bash Shell Script for convert media file in batch. for f in *.flv do #echo $f #echo ${f%.*} ffmpeg -i $f ./done/${f%.*}.mp4 done rename 's/ACDC/AC-DC/' *.xxx To replace # by somethingelse for filenames in the current directory (not recursive) you can use the GNU rename utility: rename  's/#/somethingelse/' * Characters like - must be escaped with a \. ffmpeg -i orig.mkv -filter_complex "[0:v][0:s]overlay=(W-w)/2:(H-h)/10*9

Connect 2 monitors to Dell Laptop G3 15 on Fedora 32

If you are trying to connect 2 monitors (HDMI + USB C), you might find that only USB C and the laptop monitors is working in Fedora 32. After I search around, here is the simple solution. Create a file (any file name end with extension .conf) under folder /etc/X11/xorg.conf.d. I name it 11-nvidia-prime.conf. (Copy from ubuntu). Enter the lines below and reboot.  [root@localhost xorg.conf.d]# cat 11-nvidia-prime.conf Section "OutputClass"     Identifier "Nvidia Prime"     MatchDriver "nvidia-drm"     Driver "nvidia"     Option "AllowEmptyInitialConfiguration"     Option "IgnoreDisplayDevices" "CRT"     Option "PrimaryGPU" "Yes" EndSection I believe this solution should be working for Fedora 25 and above. Leave me a message if you have question.

Using zabbit agent, not able to retrieve value from nmap command.

Recently I've playing with zabbix installation and I faced this issue. From the Zabbix agent issue command zabbix_agentd -s zabbix-agent -k "openvpn[x.x.x.x]" manage to retrieve text value. But from the zabbix server issue command zabbix_get -s zabbix-agent -k "openvpn[x.x.x.x]" empty value return from the zabbix agent. The zabbix script look like this. Timeout=30 UserParameter=openvpn[*],nmap -sT $1 -p 443 |grep 443 | awk -F " " '{print $$2}' After searching the around, i found the solution. First add the capabilities to Nmap. sudo setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip /usr/bin/nmap Then add additional parameter into the script. Timeout=30 UserParameter=openvpn[*],nmap --privileged -sT $1 -p 10443 |grep 10443 | awk -F " " '{print $$2}' Once the agent restarted, the script will be working again. ---

How to allow non root user to execute hping command ?

If you run hping command without root permission or without sudo and you receive this error : [open_sockraw] socket(): Operation not permitted [main] can't open raw socket This command might be able to help you. sudo setcap cap_net_raw+ep /usr/bin/hping3 (or any location of the hping command) setcap command is to set file capabilities. What are filesystem capabilities?    For the purpose of performing permission checks, traditional Unix implementations distinguish two categories of processes: privileged processes (whose effective user ID is 0, referred to as superuser or root), and unprivileged processes (whose effective UID is non-zero). Privileged processes bypass all kernel permission checks, while unprivileged processes are subject to full permission checking based on the process's credentials (usually: effective UID, effective GID, and supplementary group list).  Starting with kernel 2.2, Linux divides the privileges traditionally associated with super