XFS just like EXT4 (I wrote a post about it last year) supports online defragmentation, to manage those volumes on CentOS and Fedora xfsprogs package is needed. Fragmentation level of XFS volumes can be checked with the command: [root@CentOS ~]$ xfs_db -c frag -r /dev/sdb1 actual 4491, ideal 4006, fragmentation factor 10.80% To perform online defragmentation of XFS volumes run the following command: [root@CentOS ~]$ xfs_fsr -v /dev/sdb1 /mnt/data1 start inode=0 ino=205 ino=205: file busy ino=201 ino=201 already fully defragmented. …

DNSCrypt installation process is pretty simple since it is present in the repository, pdnsd on the other hand is missing, luckily compiling from source is not that hard. For the sake of completeness I will also cover the procedure to install DNSCrypt from source, alternatively yum install dnscrypt-proxy. Install the required dependencies and get the source code: [root@CentOS ~]# yum install gcc libsodium-devel libtool-ltdl-dev git wget [root@CentOS ~]# git clone https://github. …

Fail2ban is a useful tool capable of mitigating brute force attacks performed against a multitude of services (ejabberd in our case). Configuration is split between a multitude of files: jail.conf defines which filters are active while the filters scripts are placed in ./filter.d directory. [root@CentOS ~]# vi /etc/fail2ban/jail.conf --- bantime = 1200 findtime = 1200 maxretry = 10 backend = auto [ejabberd-auth] enabled = true port = 5222,5280,7777 action = iptables-multiport[name=ejabberd, port="5222,5269,5280,777", protocol=tcp] logpath = /var/log/ejabberd/ejabberd. …

EXT4 is usually pretty good at keeping files fragmentation at minimum, but, sometimes, especially if dealing with really huge files, some fragmentation may actually occur. Luckily EXT4 supports online defragmentation, command fsck displays, among other things, fragmentation percentage: [root@fedora ~]$ fsck.ext4 -fvn /dev/sda1 e2fsck 1.42.12 (29-Aug-2014) Warning! /dev/sda1 is mounted. Warning: skipping journal recovery because doing a read-only filesystem check. Pass 1: Checking inodes, blocks, and sizes Pass 2: Checking directory structure Pass 3: Checking directory connectivity Pass 4: Checking reference counts Pass 5: Checking group summary information 429 inodes used (1. …

Postfix configuration Install the required software: $ yum install postfix postgrey dovecot fail2ban spamassassin spamass-milter-postfix opendkim Create TLS certificate, key and CA authority (replace mail.domain.tld with a valid domain name): $ mkdir /etc/postfix/ssl $ cd /etc/postfix/ssl $ openssl genrsa -aes256 -out mail.domain.tld.key 4096 $ chmod 600 mail.domain.tld.key $ openssl req -sha256 -new -key mail.domain.tld.key -out mail.domain.tld.csr $ openssl x509 -sha256 -req -days 1825 -in mail.domain.tld.csr -signkey mail.domain.tld.key -out mail.domain.tld.crt $ openssl rsa -in mail. …

I will be keeping this post up to date to keep track on how to configure and mantain an ejabberd server working efficiently and secure. I strongly advise any reader to read carefully what is written here and not just copy-and-paste the configuration file. My blog also contains a bunch of other posts regarding ejabberd that are worth giving a look at, use the search form. Server CentOS 7.5.1804 x86_64 Erlang/OTP 21. …

To password protect a directory xyz and every file and subdirectory in it open the configuration file (nginx.conf or one of the virtual host configuration files) and add the following two lines: location /xyz/ { auth_basic "Restricted Area"; auth_basic_user_file conf.d/htpasswd; } htpasswd file must be encrypted, it can be created using a tool named htpasswd. [root@xenserver ~]# cd /etc/nginx/conf.d/ [root@xenserver ~]# htpasswd -b htpasswd user password

It’s summer, it’s hot as hell, I am back home from mountains and I’ve plenty of free time. Between a barbecue and the next one I spend my time playing with and learning new stuff: this week new stuff is called QEMU-KVM. Yesterday I also tried XenServer but to be honest I wasn’t impressed, it just look like to be an old version of CentOS minimal install with some custom repos and a fancy GUI. …