Linux is my primary operating system. I used it on the servers, desktops, laptops, netbooks, and even mobile phones since approximately 1997. I’ve tried a number of distributions over the years, and even created a couple myself. I still look around sometimes to see what others are up to. But most of my machines are running some sort of Red Hat – either a quick and easy Fedora Linux, or a stable and secure Red Hat Enterprise Server, or a cheaper CentOS alternative.
And while by now I am very comfortable in the Linux environment (both graphical and command line), I still discover a lot of new and interesting things about it. When I come across something worthy, I usually share it with the rest of the Open Software world, using this category.
Linux utils that you might not know covers a few Linux command line utilities that aren’t very famous:
My brother wrote a follow-up – HAProxy abuse filtering and rate limiting – to his previous post – Nginx rate limit by user agent (control bots). This is just a tip of the iceberg that we are working with at the office, but it’s pretty cool.
Hopefully, soon enough our Ansible playbooks will be up to date and shareable…
“HAProxy SNI” is pure gold! If you want to have a load balancer for HTTPS traffic, without managing SSL certificates on the said load balancer, there is a way to do so.
The approach is utilizing the Server Name Indication (SNI) extension to the TLS protocol. I knew about it and I was already using it on the web server side, but it didn’t occur to me that it’ll be utilized on the load balancer. Here’s the configuration bit:
frontend https *:443
description Incoming traffic to port 443
mode tcp
tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }
use_backend backend-ssl-foobar if { req_ssl_sni -i foobar.com }
use_backend backend-ssl-example if { req_ssl_sni -i example.com }
default_backend backend-ssl-default
The above will make HAProxy listen on port 443, and then send all traffic for foobar.com to one backend, all traffic for example.com to another backend, and the rest to the third, default backend.
Vidar Hokstad explains what systemd units are and how to write them. Very useful for that day when I will stop hating systemd and will try to embrace it.
Systemd has become the defacto new standard init for Linux-based systems. While not everyone has made the switch yet, pretty much all the major distros have made the decision to switch.
For most people this has not meant all that much yet, other than a lot of controversy. Systemd has built in SysV init system compatibility, and so it’s possible to avoid dealing with it quite well.
But there is much to be gained from picking up some basics. Systemd is very poweful.
I’m not going to deal with the basics of interacting with systemd as that’s well covered elsewhere. You can find a number of basic tips and tricks here.
Instead I want to talk about how to write systemd units.
Doug Vitale Tech Blog runs a post with a collection of the deprecated Linux networking commands and their replacements. Pretty handy if you want update some of your old bash scripts.
Deprecated command Replacement command(s) arp ip n (ip neighbor) ifconfig ip a (ip addr), ip link, ip -s (ip -stats) iptunnel ip tunnel iwconfig iw nameif ip link, ifrename netstat ss, ip route (for netstat-r), ip -s link (for netstat -i), ip maddr (for netstat-g) route ip r (ip route)