Diego dv336699

How to setup a practically free CDN using Backblaze B2 and Cloudflare

⚠️ Note 2023-01-21
Some things have changed since I originally wrote this in 2016. I have updated a few minor details, and the advice is still broadly the same, but there are some new Cloudflare features you can (and should) take advantage of. In particular, pay attention to Trevor Stevens' comment here from 22 January 2022, and Matt Stenson's useful caching advice. In addition, Backblaze, with whom Cloudflare are a Bandwidth Alliance partner, have published their own guide detailing how to use Cloudflare's Web Workers to cache content from B2 private buckets. That is worth reading,

Configure XDebug, Visual Studio Code for a Vagrant VM

1. Assumptions

Project (Drupal) is served on /var/www/html in the Vagrant box
Local project files location: c:\Users\username\Work\projects\my-project\repo\html
Guest machine IP is 10.0.2.2 (if this doesn't work, run route -nee in the VM and look for the gateway address)

2. Configuration

Adjusting child processes for PHP-FPM (Nginx)

When setting these options consider the following:

How long is your average request?
What is the maximum number of simultaneous visitors the site(s) get?
How much memory on average does each child process consume?

Determine if the max_children limit has been reached.

sudo grep max_children /var/log/php?.?-fpm.log.1 /var/log/php?.?-fpm.log

WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm

Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
Kill switch: If the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).

update: A minor variant of the viru

PHP7

Ubuntu 16.04+

$ sudo add-apt-repository ppa:ondrej/php
$ sudo apt update
$ sudo apt install nginx php7.1-fpm php7.1-cli php7.1-common php7.1-json php7.1-opcache php7.1-mysql php7.1-phpdbg php7.1-mbstring php7.1-gd php7.1-imap php7.1-ldap php7.1-pgsql php7.1-pspell php7.1-recode php7.1-soap php7.1-tidy php7.1-dev php7.1-intl php7.1-curl php7.1-zip php7.1-xml php-xdebug

	/* -------------------------------------------------------------------------- */
	// All Bootstrap 4 Sass Mixins [Cheat sheet]
	// Updated to Bootstrap v4.5.x
	// @author https://anschaef.de
	// @see https://github.com/twbs/bootstrap/tree/master/scss/mixins
	/* -------------------------------------------------------------------------- */

	/*
	// ########################################################################## */
	// New cheat sheet for Bootstrap 5:

	Use this as an example on how to start the virtual console without the need of Java Web Start or accessing it from the web interface.
	You can use the user and password that you use for the web interface.

	You need an old JRE... I used 1.7.0_80 from the Server JRE package, also I have tested successfully 1.7.0_79 with MacOS.
	You don't need to install it, just extract it or copy the files in "jre" folder.

	Open the viewer.jnlp file that you get by launching the virtual console from the web interface with a text editor.
	Note the urls to the jar files. Download the main jar file avctKVM.jar and the libs for your operating system and architecture.
	Extract the dlls (.so Linux, .jnilib MacOS) from the jar libs.

	# Kernel sysctl configuration file for Linux
	#
	# Version 1.12 - 2015-09-30
	# Michiel Klaver - IT Professional
	# http://klaver.it/linux/ for the latest version - http://klaver.it/bsd/ for a BSD variant
	#
	# This file should be saved as /etc/sysctl.conf and can be activated using the command:
	# sysctl -e -p /etc/sysctl.conf
	#
	# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and sysctl.conf(5) for more details.

	# This script create a Centos Minimal Unattended ISO

	# This method is based on excellent article http://pyxlmap.net/technology/software/linux/custom-centos-iso
	#
	# This script has be tested with CentOS 7.2 (on the orign server) to install CentOS 7.2 (on the target server)
	# TODO:
	# * test package update to reduce the update task on the target system. The following command downloads all updates :
	# (cd $CENTOS_CUSTOM_PATH/Packages ; yumdownloader $(for i in ; { echo ${i%%-[0-9]}; } ) )

	# Some global settings :