BossLa harmakhis971

Docker & PostgreSQL

How to backup PostgreSQL database from Docker container

Go to the directory with docker-compose file.
Execute the next command to get db dump (note that the next command is an example for actual docker-compose config):

docker-compose run postgres pg_dump -h postgres -U postgres db_development &gt; db_development.dump

Awesome-Selfhosted

Selfhosting is the process of locally hosting and managing applications instead of renting from SaaS providers.

This is a list of Free Software network services and web applications which can be hosted locally. Non-Free software is listed on the Non-Free page.

See Contributing.

Ubuntu-Server-Hardening

1. Secure Shared Memory

What is shared memory?

Shared memory is an efficient means of passing data between programs. Because two or more processes can use the same memory space, it has been discovered that, since shared memory is, by default, mounted as read/write, the /run/shm space can be easily exploited. That translates to a weakened state of security.

If you’re unaware, shared memory can be used in an attack against a running service. Because of this, you’ll want to secure that portion of system memory.

iLO Remote Console

This small script lets you start iLO Java-based console from shell.

But why not HTML5?

iLO 2/3 doesn't have HTML5 console
Mounting local (from the client computer) ISOs is PAINFULLY slow via HTML5 client

TL;DR

If you just start it, it will ask you for everything:

[guide] keycloak authentication for proxmox

How to setup Proxmox to use Keycloak as authentication realm.

Proxmox Setup

root@proxmox:/etc/pve# cat domains.cfg
pam: pam
        comment Linux PAM standard authentication

	#!/bin/sh

	# SOURCES:
	# QNAP persistent smb.conf commands @ https://forum.qnap.com/viewtopic.php?t=132175
	# Socket options @ https://calomel.org/samba_optimize.html
	# Server multichannel support / AIO @ https://blog.chaospixel.com/linux/2016/09/samba-enable-smb-multichannel-support-on-linux.html
	# Min receivefile, RW raw, AIO switched aio to 16384 @ https://superuser.com/a/928126

	netbios_wrapper()
	{

	Install WireGuard via whatever package manager you use. For me, I use apt.

	$ sudo add-apt-repository ppa:wireguard/wireguard
	$ sudo apt-get update
	$ sudo apt-get install wireguard

	MacOS
	$ brew install wireguard-tools

	Generate key your key pairs. The key pairs are just that, key pairs. They can be

	# set to system default proxy
	[System.Net.WebRequest]::DefaultWebProxy = [System.Net.WebRequest]::GetSystemWebProxy()
	[System.Net.WebRequest]::DefaultWebProxy.Credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials

	# or a custom one
	[System.Net.WebRequest]::DefaultWebProxy = New-Object System.Net.WebProxy("http://localhost:8080")

	# or use username and password auth
	[System.Net.WebRequest]::DefaultWebProxy = New-Object System.Net.WebProxy("http://localhost:8080",$true)
	[System.Net.WebRequest]::DefaultWebProxy.Credentials = New-Object System.Net.NetworkCredential($user, $passwd)

	FROM quay.io/keycloak/keycloak:17.0.0 as builder

	ENV KC_METRICS_ENABLED=true
	ENV KC_FEATURES=preview
	ENV KC_DB=postgres
	ENV KC_HTTP_RELATIVE_PATH=/auth
	# specify the custom cache config file here
	ENV KC_CACHE_CONFIG_FILE=cache-ispn-jdbc-ping.xml

	# copy the custom cache config file into the keycloak conf dir