Cloud/Shahed/VA: Difference between revisions

From Chorke Wiki
Jump to navigation Jump to search
← Older edit
VisualWikitext
 
(22 intermediate revisions by the same user not shown)
Line 28: Line 28:
lxc config show shahed-va
lxc config show shahed-va


cat <<'EXE' | lxc exec shahed-va -- bash
cat <<'EXE'| lxc exec shahed-va -- bash
apt-get update;echo
apt-get update;echo
mkdir -p /etc/apt/keyrings
mkdir -p /etc/apt/keyrings
Line 35: Line 35:
EXE
EXE
</syntaxhighlight>
</syntaxhighlight>
==Virtual » Exec » Bash==
<syntaxhighlight lang="bash">
cat <<'EXE'| lxc exec shahed-va -- bash
free -th && echo && systemd-analyze && echo && df -h
EXE
</syntaxhighlight>
==Virtual » LXD » Host==
<syntaxhighlight lang="bash">
# parse lxd bridge network ip using `ip -j address show|jq -r .` command
LXD_BRIDGE_IP="$(ip -j addr show lxdbr0|jq -r '.[].addr_info[]|select(.label=="lxdbr0").local')"
cat << EXE | lxc exec shahed-va -- bash
echo "${LXD_BRIDGE_IP} host.lxd.internal"|tee -a /etc/hosts
ping -c5 host.lxd.internal
EXE
</syntaxhighlight>
==Virtual » Cloudflare » VIRT==
<syntaxhighlight lang="ini">
cat <<'EXE'| lxc exec shahed-va -- bash
cat <<'INI'| sudo tee /etc/systemd/system/warp0.service >/dev/null
[Unit]
Description=Cloudflared WARP Routing Virtual Interface
After=network.target
[Service]
Type=oneshot
ExecStart=/usr/sbin/ip link add warp0 type dummy
ExecStartPost=/usr/sbin/ip addr add 10.20.40.200/32 dev warp0
ExecStartPost=/usr/sbin/ip link set warp0 up
ExecStop=/usr/sbin/ip link delete warp0
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
INI
echo
ls -lah /etc/systemd/system/warp0.service && echo
    cat /etc/systemd/system/warp0.service && echo
EXE
</syntaxhighlight>
----
<syntaxhighlight lang="bash">
cat <<'EXE'| lxc exec shahed-va -- bash
systemctl daemon-reload
systemctl enable --now warp0.service
systemctl status      warp0.service
ip a
EXE
</syntaxhighlight>
==Virtual » Cloudflare » Argo » Tunnel==
<syntaxhighlight lang="bash">
cat <<'EXE'| lxc exec shahed-va -- bash
wget -cq https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb -P ${HOME}/Downloads
sudo dpkg -i ${HOME}/Downloads/cloudflared-linux-amd64.deb; sudo apt-get install -f
      rm -rf ${HOME}/Downloads/cloudflared-linux-amd64.deb
EXE
</syntaxhighlight>
----
<syntaxhighlight lang="properties">
cat <<'EXE'| lxc exec shahed-va -- bash
cat <<'CFG'| sudo tee -a /etc/sysctl.conf >/dev/null
###################################################################
# Cloudflared Tunnel Private Network Config
# This config added by Chorke Academia, Inc
# ICMP Group ID Range 0 to 10,000 Users
net.ipv4.ping_group_range = 0 10000
# assumed that following parameters were
# configured in the lxc host machine
# 208 KiB Default RX Buffer
# net.core.rmem_default=212992
# 208 KiB Default TX Buffer
# net.core.wmem_default=212992
# 8 MB Maximum RX Buffer
# net.core.rmem_max=8388608
# 8 MB Maximum TX Buffer
# net.core.wmem_max=8388608
CFG
sudo sysctl -p
EXE
</syntaxhighlight>
----
[[Cloudflare/Argo_Tunnel#Argo Tunnel|Skipped » Find More » 👈]]
==Virtual » Cloudflare » Delete » Secret==
<syntaxhighlight lang="bash">
lxc exec shahed-va -- sudo -i -u shahed-biz-argo bash
rm -rf ~/.cloudflared/cert.pem && history
# inspect & delete secrets
history -d 62-67
history -w
</syntaxhighlight>
----
<syntaxhighlight lang="bash">
lxc exec shahed-va -- sudo bash
# inspect & delete secrets
history -d 68-74
history -w
</syntaxhighlight>
==Virtual » Cloudflare » Backup » Restore==
<syntaxhighlight lang="bash">
lxc snapshot shahed-va base:2025.03.03
lxc publish  shahed-va/base:2025.03.03 --alias shahed-va/base:2025.03.03
lxc restore  shahed-va base:2025.03.03
</syntaxhighlight>
----
<syntaxhighlight lang="bash">
cd ~/Documents/chorke/academia/var/backup/lxc_image/
lxc image export shahed-va/base:2025.03.03 shahed-va_base-2025.03.03
lxc image import shahed-va_base-2025.03.03.tar.gz --alias shahed-va/base:2025.03.03
</syntaxhighlight>
----
<syntaxhighlight lang="bash">
cd ~/Documents/chorke/academia/var/backup/lxc_container/
lxc export shahed-va shahed-va_20250304.tar.gz --optimized-storage
lxc import shahed-va_20250304.tar.gz shahed-va
</syntaxhighlight>
==Virtual » Instance » Postfix » Install==
<syntaxhighlight lang="bash">
lxc restore shahed-va base:2025.03.03
lxc exec    shahed-va -- sudo bash
systemctl restart cloudflared@shahed.biz.service
tail -n100 -f /var/log/cloudflared/shahed.biz/argo.log
</syntaxhighlight>
----
<syntaxhighlight lang="bash">
    nmap --reason mail.shahed.biz -sT -Pn -p25,587,110,995,143,993,465,4190
    nmap --reason mail.shahed.biz -sT -Pn --top 20
    nmap --reason  git.shahed.biz -sT -Pn -p4321
    nmap --reason  vpn.shahed.biz -sT -Pn -p1194
sudo nmap --reason  vpn.shahed.biz -sU -Pn -p1194
</syntaxhighlight>
==References==
{|
|valign="top"|
* [[Cloud/Hetzner/AA|Cloud » Hetzner » AA]]
* [[Cloud/Hetzner/AB|Cloud » Hetzner » AB]]
* [[Cloud/Shahed/AA|Cloud » Shahed » AA]]
* [[Cloud/Shahed/AB|Cloud » Shahed » AB]]
* [[Cloud/Shahed/AC|Cloud » Shahed » AC]]
* [[Cloud/Shahed/AD|Cloud » Shahed » AD]]
* [[Cloud/Shahed/AE|Cloud » Shahed » AE]]
* [[Cloud/Shahed/AF|Cloud » Shahed » AF]]
* [[Cloud/Shahed/AG|Cloud » Shahed » AG]]
* [[Cloud/Shahed/AH|Cloud » Shahed » AH]]
|valign="top"|
* [[Cloud/Shahed/AI|Cloud » Shahed » AI]]
* [[Cloud/Shahed/AJ|Cloud » Shahed » AJ]]
* [[Cloud/Shahed/AK|Cloud » Shahed » AK]]
* [[Cloud/Shahed/AL|Cloud » Shahed » AL]]
* [[Cloud/Shahed/AM|Cloud » Shahed » AM]]
|valign="top"|
|valign="top"|
|-
|colspan="4"|
----
|-
|valign="top"|
* [[Minikube Ingress DNS| Minikube » Ingress » DNS]]
* [[Minikube Systemd|Minikube » Systemd]]
* [[Minikube MetalLB|Minikube » MetalLB]]
* [[Minikube Registry|Minikube » Registry]]
* [[Minikube Tunnel|Minikube » Tunnel]]
* [[Minikube]]
* [[CIDR]]
* [[UFW]]
* [[YQ Tool|YQ]]
* [[JQ Tool|JQ]]
|valign="top"|
* [[K8s/Academia/Ingress|K8s » Academia » Ingress]]
* [[K8s/HAProxy/Ingress|K8s » HAProxy » Ingress]]
* [[K8s/Apache/Ingress|K8s » Apache » Ingress]]
* [[K8s/Nginx/Ingress|K8s » Nginx » Ingress]]
* [[K8s/Swiss Knife|K8s » Swiss Knife]]
* [[K8s/Storage|K8s » Storage]]
* [[K8s/Ingress|K8s » Ingress]]
* [[K8s/Service|K8s » Service]]
* [[K8s/Run|K8s » Run]]
* [[K8s]]
|valign="top"|
* [[Helm/Prometheus Stack|Helm » Prometheus Stack]]
* [[Helm/Cert Manager|Helm » Cert Manager]]
* [[Helm/Elasticsearch|Helm » Elasticsearch]]
* [[Minikube MetalLB|Helm » MetalLB]]
* [[Helm/Jenkins|Helm » Jenkins]]
* [[Helm/GitLab|Helm » GitLab]]
* [[Helm/Nexus|Helm » Nexus]]
* [[Helm/MinIO|Helm » MinIO]]
* [[Helm/Kafka|Helm » Kafka]]
* [[Helm/Redis|Helm » Redis]]
|valign="top"|
* [[Security/Container/Snyk|Security » Container » Snyk]]
* [[Security/Container/Trivy|Security » Container » Trivy]]
* [[Security/Certificate/TLS|Security » Certificate » TLS]]
* [[Java Key Store|Security » Java » Key Store]]
* [[Java Mail API|Security » Java » Mail API]]
* [[Security/Password|Security » Password]]
* [[ZA Proxy|Security » ZA Proxy]]
* [[Security/Domain|Security » Domain]]
* [[Jasypt|Security » Jasypt]]
* [[HTTP Security|Security » HTTP]]
|-
|colspan="4"|
----
|-
|valign="top"|
* [[Benchmarks]]
* [[IPTables]]
* [[Kubectl]]
* [[PyEnv]]
* [[CURL]]
* [[TMux]]
* [[7Zip]]
* [[Linux Containers|LXC]]
* [[Zip]]
* [[Tar]]
|valign="top"|
* [[Ubuntu Upgrade|Linux » Ubuntu Upgrade]]
* [[Linux Service Creation|Linux » Service Creation]]
* [[Linux User Creation|Linux » User Creation]]
* [[Linux Mount Drive|Linux » Mount Drive]]
* [[Swap Space|Linux » Swap Space]]
* [[EKSctl|CLI » AWS » EKS]]
* [[AWS CLI|CLI » AWS]]
* [[Google Cloud CLI|CLI » GCP]]
* [[CLI App|CLI]]
* [[K9s]]
|valign="top"|
* [[Cloudflare/WARP Host|Cloudflare » Host]]
* [[Cloudflare]]
* [[Terraform]]
* [[ActiveMQ]]
* [[Keycloak]]
* [[Hadoop]]
* [[Jenkins]]
* [[Spark]]
* [[Bash]]
* [[Port]]
|valign="top"|
* [[Private Enterprise Number]]
* [[Chorke Academia Backup]]
* [[Cloud Computing Cost|Cost » Cloud » Computing]]
* [[Cloud/Cost/Chorke|Cost » Cloud » Chorke]]
* [[YouTube/Channel]]
|-
|colspan="4"|
----
|-
|valign="top"|
|valign="top"|
|valign="top"|
|valign="top"|
|}

Latest revision as of 02:14, 17 June 2025

Virtual » Network

Virtual Instances
Name Network Subnets Forward
Virtual » Hosts 10.20.40.200/29 10.20.40.200 … 207/32 = 08
Virtual » Hosts 10.20.40.208/29 10.20.40.208 … 215/32 = 08 ⚪️
Virtual » Hosts 10.20.40.208/28 10.20.40.208 … 223/32 = 16
Virtual » Hosts 10.20.40.224/28 10.20.40.224 … 239/32 = 16 ⚪️
Virtual » Hosts 10.20.40.224/31 10.20.40.224 … 225/32 = 02
Virtual » Hosts 10.20.48.226/31 10.20.40.226 … 227/32 = 02 ⚪️

Virtual » Instance

lxc launch ubuntu:24.04 shahed-va -c limits.memory=2GB -c limits.cpu=2
lxc list -c=n -f=json|jq -r '.[]|select(.name=="shahed-va")|.status'
lxc config show shahed-va

cat <<'EXE'| lxc exec shahed-va -- bash
apt-get update;echo
mkdir -p /etc/apt/keyrings
apt list -a --upgradable;apt-get upgrade -y;echo
apt-get install -y apt-transport-https ca-certificates gnupg jq && apt-get clean
EXE

Virtual » Exec » Bash

cat <<'EXE'| lxc exec shahed-va -- bash
free -th && echo && systemd-analyze && echo && df -h
EXE

Virtual » LXD » Host

# parse lxd bridge network ip using `ip -j address show|jq -r .` command
LXD_BRIDGE_IP="$(ip -j addr show lxdbr0|jq -r '.[].addr_info[]|select(.label=="lxdbr0").local')"
cat << EXE | lxc exec shahed-va -- bash
echo "${LXD_BRIDGE_IP} host.lxd.internal"|tee -a /etc/hosts
ping -c5 host.lxd.internal
EXE

Virtual » Cloudflare » VIRT

cat <<'EXE'| lxc exec shahed-va -- bash
cat <<'INI'| sudo tee /etc/systemd/system/warp0.service >/dev/null
[Unit]
Description=Cloudflared WARP Routing Virtual Interface
After=network.target
[Service]
Type=oneshot
ExecStart=/usr/sbin/ip link add warp0 type dummy
ExecStartPost=/usr/sbin/ip addr add 10.20.40.200/32 dev warp0
ExecStartPost=/usr/sbin/ip link set warp0 up
ExecStop=/usr/sbin/ip link delete warp0
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
INI

echo
ls -lah /etc/systemd/system/warp0.service && echo
    cat /etc/systemd/system/warp0.service && echo
EXE

cat <<'EXE'| lxc exec shahed-va -- bash
systemctl daemon-reload
systemctl enable --now warp0.service
systemctl status       warp0.service
ip a
EXE

Virtual » Cloudflare » Argo » Tunnel

cat <<'EXE'| lxc exec shahed-va -- bash
wget -cq https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb -P ${HOME}/Downloads
sudo dpkg -i ${HOME}/Downloads/cloudflared-linux-amd64.deb; sudo apt-get install -f
      rm -rf ${HOME}/Downloads/cloudflared-linux-amd64.deb
EXE

cat <<'EXE'| lxc exec shahed-va -- bash
cat <<'CFG'| sudo tee -a /etc/sysctl.conf >/dev/null

###################################################################
# Cloudflared Tunnel Private Network Config
# This config added by Chorke Academia, Inc
# ICMP Group ID Range 0 to 10,000 Users
net.ipv4.ping_group_range = 0 10000

# assumed that following parameters were
# configured in the lxc host machine

# 208 KiB Default RX Buffer
# net.core.rmem_default=212992

# 208 KiB Default TX Buffer
# net.core.wmem_default=212992

# 8 MB Maximum RX Buffer
# net.core.rmem_max=8388608

# 8 MB Maximum TX Buffer
# net.core.wmem_max=8388608

CFG

sudo sysctl -p
EXE

Skipped » Find More » 👈

Virtual » Cloudflare » Delete » Secret

lxc exec shahed-va -- sudo -i -u shahed-biz-argo bash
rm -rf ~/.cloudflared/cert.pem && history
# inspect & delete secrets
history -d 62-67
history -w

lxc exec shahed-va -- sudo bash
# inspect & delete secrets
history -d 68-74
history -w

Virtual » Cloudflare » Backup » Restore

lxc snapshot shahed-va base:2025.03.03
lxc publish  shahed-va/base:2025.03.03 --alias shahed-va/base:2025.03.03
lxc restore  shahed-va base:2025.03.03

cd ~/Documents/chorke/academia/var/backup/lxc_image/
lxc image export shahed-va/base:2025.03.03 shahed-va_base-2025.03.03
lxc image import shahed-va_base-2025.03.03.tar.gz --alias shahed-va/base:2025.03.03

cd ~/Documents/chorke/academia/var/backup/lxc_container/
lxc export shahed-va shahed-va_20250304.tar.gz --optimized-storage
lxc import shahed-va_20250304.tar.gz shahed-va

Virtual » Instance » Postfix » Install

lxc restore shahed-va base:2025.03.03
lxc exec    shahed-va -- sudo bash

systemctl restart cloudflared@shahed.biz.service
tail -n100 -f /var/log/cloudflared/shahed.biz/argo.log

     nmap --reason mail.shahed.biz -sT -Pn -p25,587,110,995,143,993,465,4190
     nmap --reason mail.shahed.biz -sT -Pn --top 20
     nmap --reason  git.shahed.biz -sT -Pn -p4321
     nmap --reason  vpn.shahed.biz -sT -Pn -p1194
sudo nmap --reason  vpn.shahed.biz -sU -Pn -p1194

References

Retrieved from "https://wiki.chorke.org/index.php?title=Cloud/Shahed/VA&oldid=14948"