Listing posts
Displaying posts 201 - 205 of 328 in total
Securely backup files to an online drive with EncFS (OBSOLETE)
Last update
2019-02-04
2019-02-04
«encrypted online backup»
ATTENTION: EncFS is not secure for online storage, see my gocryptfs post or consider an alternative.
We can easily accomplish this by using rclone on top of encfs, just remember to:
- do not loose the
.encfs6.xml
volume's settings file - consider using AES because it is often hardware accelerated (eg: ks:256, bs:4096)
- check your online drive limitations such as case insensitive file names (eg: Block32)
- choose a random IV for each file to increase security if you can afford some space wasting (eg:
Enable per-file initialization vectors?
> yes) - disable online storage automatic file versioning to increase security
Note: in the future we could use rclone crypt
but at the moment it is not the best option available.
Backup
1 2 3 4 5 6 7 8 | # 1. setup the encrypted virtual fs encfs -f --reverse plain enc # 2. umount and move away volume settings fusermount -u enc mv plain/.encfs6.xml plain-encfs6.xml # 3. remount and start the backup ENCFS6_CONFIG=plain-encfs6.xml encfs -f --reverse plain enc rclone sync enc remote:/path/to/dest |
Restore
Stable solution:
1 2 3 4 5 6 7 8 | # 1. temporary dump of the online drive rclone sync remote:/path/to/backup enc # 2. mount the unencrypted virtual fs ENCFS6_CONFIG=plain-encfs6.xml encfs -f enc plain # 3. restore the backup rsync -avi plain/ /path/to/restore/ # 4. umount the vfs fusermount -u plain |
Experimental solution via rclone mount
:
1 2 3 4 5 6 7 8 9 | # 1. temporary dump of the online drive rclone mount remote:/path/to/backup enc # 2. mount the unencrypted virtual fs ENCFS6_CONFIG=plain-encfs6.xml encfs -f enc plain # 3. restore the backup rsync -avi plain/ /path/to/restore/ # 4. umount the virtual fs in backward order fusermount -u plain fusermount -u enc |
~~~ * ~~~
nginx sample conf for drupal
Last update
2019-02-01
2019-02-01
« — »
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 | # https://www.nginx.com/resources/wiki/start/topics/recipes/drupal/ server { listen 80; listen localhost:8000; server_name www.mysite.net; root /path/to/folder; # path for static files access_log /path/to/log/nginx.access.log main; error_log /path/to/log/nginx.error.log error; add_header X-Frame-Options SAMEORIGIN; # https://www.nginx.com/resources/wiki/start/topics/examples/phpfcgi/ location ~ \..*/.*\.php$ { return 403; } # don't exit from root location ~ ^/sites/.*/private/ { return 403; } # drupal private folders location ~ (^|/)\. { return 403; } # hidden files location ~ /vendor/.*\.php$ { deny all; return 404; } # exclude vendor folder location / { try_files $uri /index.php?$query_string; } # drupal default route location ~ [^/]\.php(/|$) { fastcgi_split_path_info ^(.+?\.php)(/.*)$; # set $fastcgi_script_name and $fastcgi_path_info try_files $fastcgi_script_name =404; fastcgi_pass unix:/var/run/phpX-fpm.sock; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; # fix empty PATH_INFO => https://trac.nginx.org/nginx/ticket/321 set $path_info $fastcgi_path_info; fastcgi_param PATH_INFO $path_info; fastcgi_index index.php; } # fighting with styles? this little gem is amazing: # location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } # location @rewrite { rewrite ^/(.*)$ /index.php?q=$1; } location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { expires max; log_not_found off; } } |
~~~ * ~~~
nginx sample conf for wordpress
Last update
2019-02-01
2019-02-01
« — »
Main conf
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 | # https://www.nginx.com/resources/wiki/start/topics/recipes/wordpress/ server { listen 80; listen localhost:8000; server_name www.mysite.net; root /path/to/folder; # path for static files access_log /path/to/log/nginx.access.log main; error_log /path/to/log/nginx.error.log error; add_header X-Frame-Options SAMEORIGIN; include wp_restrictions.conf; index index.php; # https://www.nginx.com/resources/wiki/start/topics/recipes/drupal/ # https://www.nginx.com/resources/wiki/start/topics/examples/phpfcgi/ location ~ \..*/.*\.php$ { return 403; } # don't exit from root location ~ (^|/)\. { return 403; } # hidden files # include "?$args" part so non-default permalinks doesn't break when using query string location / { try_files $uri $uri/ /index.php?$args; } location ~ [^/]\.php(/|$) { fastcgi_split_path_info ^(.+?\.php)(/.*)$; # set $fastcgi_script_name and $fastcgi_path_info try_files $fastcgi_script_name =404; fastcgi_pass unix:/var/run/phpX-fpm.sock; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; # fix empty PATH_INFO => https://trac.nginx.org/nginx/ticket/321 set $path_info $fastcgi_path_info; fastcgi_param PATH_INFO $path_info; fastcgi_index index.php; } location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { expires max; log_not_found off; } } |
wp_restrictions.conf
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 | # Global restrictions configuration file. # Designed to be included in any server {} block. location = /favicon.ico { log_not_found off; access_log off; } # robots.txt fallback to index.php location = /robots.txt { # Some WordPress plugin gererate robots.txt file allow all; try_files $uri $uri/ /index.php?$args @robots; access_log off; log_not_found off; } # additional fallback if robots.txt doesn't exist location @robots { return 200 "User-agent: *\nDisallow: /wp-admin/\nAllow: /wp-admin/admin-ajax.php\n"; } # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac) excepted .well-known directory. # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban) location ~ /\.(?!well-known\/) { deny all; } # Deny access to any files with a .php extension in the uploads directory for the single site location /wp-content/uploads { location ~ \.php$ { deny all; } } # Deny access to any files with a .php extension in the uploads directory # Works in sub-directory installs and also in multisite network # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban) location ~* /(?:uploads|files)/.*\.php$ { deny all; } |
~~~ * ~~~
Strip video metadata
Last update
2019-01-28
2019-01-28
« — »
1 2 3 4 5 6 7 8 9 10 11 12 13 | # print metadata exiftool in.mp4 | grep -iE "title|name" mediainfo in.mp4 | grep -iE "title|name" # another tool # remove metadata with ffmpeg/avconv ffmpeg -i in.mp4 -map_metadata -1 -c:v copy -c:a copy out.mp4 # remove tags from MKV files: mkvpropedit in.mkv --tags all: --delete title # massive operations: detect and convert (fish shell) for i in *.{mp4,avi,mkv}; echo -n "$i -- "; exiftool $i | grep -i title; or echo; end for i in *.{mp4,avi}; ffmpeg -i $i -map_metadata -1 -c:v copy -c:a copy _$i; and mv _$i $i; end |
Source: Superuser
~~~ * ~~~
PdfTk | Extract PDF page range
Last update
2019-01-15
2019-01-15
« — »
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 | # extract pages from 1 to 10: pdftk in.pdf cat 1-10 output out.pdf # extract range 1-10 and pages 15, 20: pdftk in.pdf cat 1-10 15 20 output out.pdf # extract pages from page 2 till the end: pdftk in.pdf cat 2-end output out.pdf # extract all pages except the last one pdftk in.pdf cat ~end output out.pdf # extract all pages except the last 3 (reverse range) pdftk in.pdf cat ~r3-r1 output out.pdf # extract range from multiple documents: pdftk A=in1.pdf B=in2.pdf cat A1-10 B1-3 output out.pdf |
Source: PDFtk homepage