HTTP protokolü erişim sağlanan cihaz ve server arasındaki bilgi alışverişinin sağlanmasına ile ilgili kurallar ve yöntemleri düzenleyen bir protokoldür. Bu sistemlerin arasındaki ilişkiyi herhangi bir web sitesine giriş yapmaya çalıştığınızda adresin başına “http” yazmasanız bile tarayıcının bunu otomatik olarak eklemesinden görebilirsiniz.

HTTP/1.1 ile HTTP/2 protokolleri arasındaki en büyük fark, HTTP/1.1 protokolünün her statik dosya için (css,js,resim,video vb.) ayrı istekler göndermesidir. Her dosya için tek tek istek gönderilmesi ve yanıtlanması açılma süresinin artmasına neden olur. HTTP/2 de ise gelen istekler toplu olarak alınarak, en hızlı şekilde yanıtlanmakta ve bu sayede açılış hızlarında ki gecikmelerin önüne geçilmektedir.



HTTP/2 ile birlikte sunucular üzerindeki yükün en aza indirilmesi hem son kullanıcı bazlı hemde hizmet sağlayıcı firmalar tarafından büyük bir yükü almış oldu. HTTP/2 çoklu bağlantı yapısı ile bilikte TCP üzerinden birden fazla istek gönderebilmekte. Her bir çağrı için ayrı bir istek açılması ve tek tek yanıtlanması yerine tek bir istekte tüm çağrıların iletilmesi ve karşı sunucunun cevaplamasını sağlıyor, bu özellik de sitenizde herhangi bir optimizasyon yapmasanız dahi HTTP/2 protokolü sayesinde web sitenizin daha hızlı yüklenmesini sağlamaktadır.

Son olarak HTTP/2 ‘yi birkaç kelime ile açıklamak gerekirse, web sayfalarının daha hızlı yüklenmesini sağlar ve tüm kullanıcılar için zaman kaybını önler. Yapılan birçok testte açılış hızında %20’lik bir artış gözükmekte olup, optimize edilmiş web sayfalarında bu oran %30-40’lık açılış hızı farkına ulaşmaktadır.

Örnek Nginx

server {
    listen 443 ssl http2;



    ssl_certificate server.crt;
    ssl_certificate_key server.key;
}

# ----- Baslama ------
### ##
Host *
     ServerAliveInterval 60
     ServerAliveCountMax 30
#--------------------------
Host sunucu1
	 HostName sunucu1.com.net.edu
	 User root
	 Port 1015
	 IdentityFile ~/.ssh/sunucu1_id.rsa
#--------------------------
Host sunucu2
     HostName sunucu2.com.net.edu
     User root
     IdentityFile ~/.ssh/sunucu2_id.rsa
     Port 1453
# ----- Bitis  ------- 

Create public DNS entries Remember to create an MX record with an lower priority than the primary mail server, or else this will not work!

Example:

example.com.		43200	IN	MX	10 mail.example.com.
example.com.		43200	IN	MX	20 backup.example.com.

After this these two records are created with A records pointing to different IPs (different servers). Example:

mail.example.com.       343     IN      A       123.456.789.123
backup.example.com.     343     IN      A       987.654.321.987

Installation First install postfix if it is not installed

aptitude install postfix

Configure postfix Next we will configure postfix to accept e-mails from only trusted domains, and define where want to send the e-mails to.

Please note that I have set the queue lifetime to 30 days, in case a mailserver breaks down when a person is on vacation. Default for this is 5 days, which is some cases is just not enough. Of course in a serious production environment these 5 days should be sufficient! :)

Now to main.cf file, which is very simple here. Make sure that "relay_recipient_maps = " is not defined with parameters, it must be defined as "empty", since we will then automatically accept all e-mail addresses. If not we might have a huge amount of work to create all the users, which is a critical bad idea on a backup MX. Remember that the original mailserver, still "sorts" the emails at arrival. Actually it is (empty) as default, but for a visual view it could be added.

Finding the PTR entry which we should use as hostname. We will use this output later on!

dig -x example.com
#ptrentry.example.com

/etc/postfix/main.cf
myhostname = ptrentry.example.com
smtpd_banner = $myhostname ESMTP
mynetworks = 127.0.0.0/24
maximal_queue_lifetime = 30d



relay_recipient_maps = 
relay_domains = hash:/etc/postfix/relaydomains
transport_maps = hash:/etc/postfix/transportmaps



smtpd_recipient_restrictions =
 permit_mynetworks,
 reject_unauth_destination

Time to configure the relay domains. This is the domains that we trust, and we want to act as backup for. Add the domains you want in this file.

Actually it is possible to add them directly in postfix instead of this flat file and then seperate the domains with commas. But as you can see later on, it is still required to run postmap, so since we have to do this anyway, I find it easier just to create both of these files, and I personally have a better overview.

/etc/postfix/relaydomains
example.com OK
example1.com OK
example2.com OK

In the transportmaps file we will define where we want our e-mails to go when the host is up again. It is possible to add an internal host inside the network, or just another external host. For internal hosts a smart trick is to use brackets ( [ ] ), to avoid DNS lookup.

Below have I specified example2.com to an internal host. Also another port can be used, if SMTP is blocked from the ISP. In this example I have used port 587. First goes the domain, and next we define the original mailserver, where we want to have our mail delivered when the host is up again.

/etc/postfix/transportmaps
example.com smtp:mail.example.com:25
example1.com smtp:mail.example1.com:587
example2.com smtp:[192.168.10.20]:25

Updating postfix's lookup table Everytime a change have been made to either the transportmaps, or relaydomains files it is needed to run postmap to create/update the lookup tables for postfix!

postmap /etc/postfix/relaydomains
postmap /etc/postfix/transportmaps
/etc/init.d/postfix restart

Below is a little very simple and basic script I have created, that updates the tables, and restarts postfix after changes.

updateRelayDomains.sh
#!/bin/sh
echo "running postmap"
postmap /etc/postfix/relaydomains
postmap /etc/postfix/transportmaps
echo "restarting postfix, to accept changes"
/etc/init.d/postfix restart
echo "done"

Adding TLS Support - Optional

postconf -e 'smtp_tls_security_level = may'
postconf -e 'smtpd_tls_security_level = may'                                       
postconf -e 'smtpd_tls_key_file = /etc/postfix/tls/smtpd.key'
postconf -e 'smtpd_tls_cert_file = /etc/postfix/tls/smtpd.crt'
postconf -e 'smtpd_tls_CAfile = /etc/postfix/tls/cacert.pem

SPF Whitelist - Optional This is only important if your have configured SPF, else skip it! On your primary mailserver, NOT this backup mx host, you can and should most likely add the(se) MX backup server(s), to avoid blocking valid emails.

apt-get install spfmilter

Configure spfmilter with whitelists.

/etc/default/spfmilter
add --whitelist to DAEMON_OPTS
DAEMON_OPTS="--whitelist=/etc/postfix/spfwhitelist

The the IPs of your backup MX servers.

/etc/postfix/spfwhitelist
123.456.789.123
321.987.654.321

Restart spfmilter.

/etc/init.d/spfmilter restart

Time to test Time to test if everything is working. Unplug the cable from the original MTA. If everything goes well, mails should start comming in, in the mailqueue on the backup MX server. Follow the process in the mail.log. Also if something is wrong, it should show in the same place.

tail -f /var/log/mail.log

Take a look at the mail queue, it should start to grow, since e-mails cannot be delivered since the original host defined in the transportmaps file is still down.

postqueue -p

When the host is up again, mails should automatically be removed from the backup server, again you can follow this in the mail.log or with postqueue as shown above. If you are impatience, and just want the e-mails to be delivered at the remote host immediately, you can force/flush the delivery with postqueue.

postqueue -f

Cheat Sheet
If you can't remember, write it down :)



# MySQL
# Admin Commands
# Cool Commands
# SSH Tunnel
# GPG
# vim
# firewalld
# tmux
MySQL
User administration
Create user, and grant permissions to database. 
% Can be used as a wildcard to allow all hosts to connect.
GRANT ALL PRIVILEGES ON Databasename.* to username@"localhost" 
IDENTIFIED BY 'mysecretpassword';
FLUSH PRIVILEGES;
Search for a string replace, does not replace, only show search result.
SELECT REPLACE( '', 'u', 'span class="underline"' ) FROM content;
Search and replace a string in MySQL.
UPDATE tblname SET fieldname = replace(fieldname,'orgiginal text','replacement text');
Backup and Restore
Restore a full dump, with all databases
mysql -u [user] -p < mysqlDump.gz
Restore a full gz dump, with all databases
pigz -dc mysqlDump.gz |mysql -u [user] -p
Restore a dump of a single database. Database would likely need to be precreated
mysql -u [user] -p [db_name_to_restore_to] < mysqlDump.gz
Restore a gz dump of a single database. Database would likely need to be precreated
pigz -dc mysqlDump.gz |mysql [db_name_to_restore_to] -u [user] -p
Useful commands
Show listening ports and programs attached
netstat -lnp -A inet 
Check webserver certificate
openssl s_client -connect exmaple.com:443 |openssl x509 -text
And see the date only
openssl s_client -connect exmaple.com:443 |openssl x509 -noout -dates
Cool commands
awk
$0 full line, nomatter delimiter 



Print lines starting with #, and printing column 5 and 6 on all others
cat testtext.txt |awk '{if($1 =="#"){print $0} else {print $5,$6}}'
print first 4 chars
| awk '{ print substr($1,0,3) }'
print last 4 chars
| awk '{ print substr($1,length($1)-4,length($1)) }'
print if $1 larger or equels 666
| awk '$1>=666{print $1}'
# larger than and less than
|awk -F',' '$2>=1607 && $2<=1612 {print $2}'
do an regex match and print
cat feeds/myfile.csv |awk -F',' '{ if($3 ~ /^36/) print $3}'
#do an regex !notmatch and print
cat feeds/myfile.csv |awk -F',' '{ if($3 !~ /^7/) print $3}'
#regex field seperator (space and ? )
awk -F' |?'
SSH Tunnel
ssh user@remotehost -L localport:remoteip:destinationport
ssh nsroot@server -L 3008:192.168.100.150:3008 -N -v
GPG
Generating gpg keypair
gpg --gen-key
# or, which allows more options
gpg --full-gen-key 
List keys:
gpg --list-keys
List the secret keys
gpg --list-secret-keys
Import key:
gpg --import 
Export public key:
gpg --export --armor  >mypublicfilename.asc
Export public key:
gpg --export-secret-key --armor "User Name" >  >myprivatekeyfilename.asc
Delete public key:
gpg --delete-key ""
Export private key:
gpg --delete-secret-key ""
Encrypt:
Decrypt:
If there are multiple keys, it will automatically choose the correct one. If there are not correct keys available, it will exist with an error.
gpg -d 
vim
Open files
:Ex - open filexplorer in current window
:Vex - opens a new vertical window
:Sex - open a new horizinal window
% - Create a new file, in explorer mode.
Movement
:Nn - move to line number Nn
$ - move to end of line
Marking text
v - visual mode
aw - mark word
Marked edits
:s/oldtext/newtext/g - Will search the marked text, and replace
ctrl-v,mark the text, then shift+i to insert at cursor only, escape finalize edit - Insert text at multiple lines
Editing
yy - copy line
2yy - copy 6 lines
yw - copy word
y$ - copy to end of line
dd - delete/cut line
dw - delete/cut word
d$ - delete/cut to end of line
p - put "clipboard" after "cursor"
P - put "clipboard" before "cursor"
u - undo
o - insert below
ci' - delete word inside '', and insert go to insert mode.
shift+A - insert end of line
ctrl+shift+A - will add +1 to number at cursor.
. - redo last action
Search / Replace
Delete lines starting with *
:g/^\*/d
Multiple windows/files
ctrl+ws - split window
ctrl+ww - switch window
ctrl+wv - split window vertically
ctrl+wq - quit window
ctrl+wn - splut horizontal
Recording
q[x] - start recording, followed by a letter, example X
q - stop recording
@x - execute recording from register x
100@x - execute recording 100 times from register x
Other
:%s/^/newtext/ - will prepend 'newtext' on all lines
:%s/$/newtext/ - will append 'newtext' on all lines
firewalld
General info about firewalld
when using --permanent reload is required
when --permanent is not applied, it works instantly. If reload is ran, the rules will be whiped
Zones are at set of "predefines rules" which can be added to different interfaces.
Zones ONLY becomes active when there's an interface OR source ip addresses assigned to the zone.
Zones is added to interfaces. For example 'internal' is added to an internal interface where only LAN traffics passes.
Direct rules should be used as an last option resort, when add-service or add-rich-rule is not possible (man page refs) Ref: http://www.firewalld.org/documentation/man-pages/firewalld.zones.html
Zones are located in /usr/lib/firewalld/zones/ and/or /etc/firewalld/zones/
Man page reference tags
from firewalld-cmd --help
[P] = (--permanent)
[Z] = (--zone=)
List Rules for default zone
firewall-cmd --list-all
Get default zone
firewall-cmd --get-default-zone
Get active zones
firewall-cmd --get-active-zones
List information from an non default zone
firewall-cmd --info-zone=
List everything added for, or enabled from an non default zone
firewall-cmd --list-all --zone=
Set default zone
firewall-cmd --set-default-zone=drop
Create new zone
firewall-cmd --new-zone=test --permanent
firewall-cmd reload
firewall-cmd --zone=testzone --add-service=mysql
Delete an zone
firewall-cmd --delete-zone=bla --permanent
Get available services for an zone
firewall-cmd --get-services
List rich/direct/nat rules
firewall-cmd --list-rich-rules
firewall-cmd --direct --get-all-rules
#permanent direct rules
firewall-cmd --permanent --direct --get-all-rules
#permanent rich rules
firewall-cmd --permanent --list-rich-rules
Change zone on an interface
firewall-cmd --zone=block --change-interface=eth0
firewall-cmd --get-active-zones
Add port to default zone (RUNTIME only)
firewall-cmd --add-port=3306/tcp
#add multiple ports
firewall-cmd --add-port={3306/tcp,5000/tcp}
#port range
firewall-cmd --add-port=5000-5010/tcp
Add services to default zone
firewall-cmd --add-service={http,https} --permanent
Add source to an zone
This would allow all services from this IP which is in the "testzone"
firewall-cmd --zone=testzone --add-source=192.168.10.1 --permanent
delete port rules
Instead of add, remove should be used.
firewall-cmd --remove-port=3306/tcp
# delete rich rules (tip, get the full rule from firewall-cmd --list-rich-rules, and use exact this.
firewall-cmd --remove-rich-rule 'rule family="ipv4" source address="192.168.10.11/26" port port="1556" protocol="tcp" accept'
# remove direct rules
firewall-cmd --permanent --direct --remove-rule ipv4 filter OUTPUT 1 -j DROP
#port forwarding,locally
firewall-cmd --add-forward-port=port=8080:proto=tcp:toport=80
#port forwrding, "external"
firewall-cmd --add-forward-port=port=8080:proto=tcp:toport=80:toaddr=xxx.xxx.xxx.xxx
Save running conf
firewall-cmd --runtime-to-permanent
Generating specific source rules, rich-rule
#accept
firewall-cmd --add-rich-rule='rule family="ipv4" source address="xxx.xxx.xxx.xxx" accept'
#drop
firewall-cmd --add-rich-rule='rule family="ipv4" source address="xxx.xxx.xxx.xxx" drop/reject'
Add rich-rule to zone
firewall-cmd --add-rich-rule='rule family="ipv4" source address="192.168.10.11/32" port protocol="tcp" port=10050 accept' --zone=internal --permanent
Creating NAT direct rules
For example for loadbalancers.org, VIPs. We need to use direct rules here, since rich-rules cannot be used.
firewall-cmd --permanent --direct --add-rule ipv4 nat PREROUTING 0 -p tcp -m tcp --dport 8080 -d 192.168.10.100/32 -j REDIRECT
# redirect outgoing traffic to 192.168.10.100:8080 to 192.168.10.10:8080
firewall-cmd --permanent --direct --add-rule ipv4 nat OUTPUT 0 -p tcp -d 192.168.10.100/32 --dport 8080 -j DNAT --to-destination 192.168.10.10:8080
Drop outgoing traffic
firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 0 -p tcp -m tcp --dport=45688/ -j DROP
firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 0 -p tcp -m tcp --dport=23364/ -j DROP
firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 0 -p tcp -m tcp --dport=3306/ -j DROP
Lockdown server quickly
/etc/firewalld/firewalld.conf Lockdown=yes 



tmux
Panes:
Split pane vertical: ctrl+b %
Split pane horizontal: ctrl+b "
Switch pane: ctrl+b o
Switch pane: ctrl+b ARROW-KEYSv
show pane numbers: ctrl-b q
change layout: ctrl-b SPACE
resize pane(s): HOLD ctrl+b ARROW-KEYS
zoom/fullscreen: ctrl-b z
swap current pane with previous: ctrl+b {
swap current pane with next: ctrl+b }
kill pane: ctrl+b x
Scroll: ctrl+b pgup/pgdown, will enable scrolling
Basics:
Detach: ctrl+b d
Show seesions: tmux ls
attach: tmux attach / tmux attach -t
Other:
show shortcuts: ctrl+b ?



I CAN remember, the rest

WireShark Kurulumnda Dikkat edilecek hususlar

$ sudo apt-get install wireshark
$ sudo usermod -a -G wireshark $USER
$ sudo dpkg-reconfigure wireshark-common 
$ gnome-session-quit --logout --no-prompt

If you want to use a more fine-grained model you can choose to relay the outbound traffic for domains over separate users. This allows you to apply different settings per domain, but also provides the enduser access to their own logfiles.

Create sasl_passwd file for the individual outgoing user(s):

/etc/postfix/sasl_passwd
@example.com outgoing@example.com:THEPASSWORD

Create the sender_relay file

@example.com [SMARTHOST1]:587
@example.net [SMARTHOST2]:587

Postmap both files:

postmap /etc/postfix/sasl_passwd
postmap /etc/postfix/sender_relay

Add the following part has to be added to your main.cf:

relayhost = [SMARTHOST]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =
smtp_sender_dependent_authentication = yes
sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relay

Please note the above extract also configures serverwide, to also filter those that are not added on the sender_relay file. If you do not want this and only want to filter specific domains remove the relayhost line from above

Restart postfix.

Postfix allows you to store virtual alias maps in a text file, which tells postfix how to route virtual email addresses to real users on the system. This setting and the file location is determined in the postfix configuration file /etc/postfix/main.cf like so:

virtual_alias_maps = hash:/etc/postfix/virtual

The format of the file is with the alias on one side, and the destination on the other, for example like so:

john_smith@example.com john
john-smith@example.com john
fred@example.com john

This routes all email addressed to john_smith@example.com, john-smith@example.com and fred@example.com to the real user (or system alias) john. It's possible to have a catch-all alias :x which will route anything addressed to @example.com to a particular user like so:

@example.com john

If you wanted everything to go to "john" except for mail to fred@ then you can do it like this:

@example.com john
fred@example.com fred

Just editing the /etc/postfix/virtual file is not enough to make the changes take affect. You must run the postmap command to make postfix read the file, like so:

/usr/sbin/postmap /etc/postfix/virtual

This creates a new file called /etc/postfix/virtual.db and the aliases are now loaded into postfix.

Gerçek Prenses Nasıl Anlaşılır? (Prenses ve Bezelye Tanesi)

Bu öykü Young Folks Treasury 1919'dan alınmıştır.

Pire berber deve tellal iken, ben dedemin beşiğini tıngır mıngır sallar iken, bir prensesle evlenmek isteyen bir prens varmış, fakat onun aradığı prenses gerçek prenses olmalıymış. Bundan dolayı prens dünyanın dört bir yanını dolaşmış, fakat hep birtakım sorunlar çıkmış. Prenses çokmuş da o gerçek prenses olup olmadıklarını bir türlü anlayamıyormuş. Hepsinde bazı küçük, belli belirsiz kusurlar varmış. Bu nedenle çok istediği halde gerçek prensesi bulamamış olarak keyifsizce evine dönmüş. Bir gece inanılmaz bir fırtına çıkmış. Gök gürlüyor, yıldırımlar düşüyor ve yağmur sel olup akıyormuş. Korkunç bir hava! Saray kapısının dövüldüğünü duyan yaşlı kral kapıyı açmaya gitmiş.

Masal bu ya, kapıda bir prenses duruyormuş; fakat o ne, prenses yağmurdan ve fırtınadan berbat bir durumdaymış. Su saçlarından ve elbiselerinden aşağı ayakkabılarının içine oradan da dışarı akıyormuş. Sıra misafirin kendini tanıtmasına gelince, misafirimiz kendisinin gerçek bir prenses olduğu söylemiş!

"Öyle olsun bakalım, yakında anlarız!" diye aklından geçirmiş yaşlı kraliçe. Fakat hiçbir şey demeden yatak odasına gidip yatak takımlarını almış ve prensesin yatağını hazırlamaya koyulmuş. Döşeğin üstüne bir bezelye tanesi koymuş, üzerine yirmi kuştüyü şilte, onların da üzerine yirmi kuştüyü yorgan koymuş. Böylece prensesin yatağı hazır olmuş.

Ertesi sabah kraliçe prensese nasıl uyuduğunu sormuş.

"Çok kötü!" demiş prenses. "Gözümü neredeyse hiç kırpmadım bütün gece! Yatakta ne olduğunu bilmediğim birşey vardı. Her tarafımı al al mor mor yapan sert bir şeyin üzerinde yattım. Korkunçtu!"

Böylece, artık onun gerçek prenses olduğunu anlamışlar, çünkü o üzerindeki yirmi şilte ve yirmi yorgana rağmen bezelyeyi hissetmişti.

Gerçek bir prensesten başka hiç kimse bu kadar duyarlı olamazdı.

Böylece prens sonunda gerçek bir prenses bulduğuna emin olmuş ve onunla evlenmiş. Bezelye tanesi de herkes görebilsin diye Kraliyet Müzesine konmuş. Kimse çalmadıysa hala orada duruyordur.

Kaynak: http://www.belgeler.org/uygulamalar/emacs/espk-tutorial-pea.html

Müzik Klipler

Bazı root erişimi gereken durumlar olabiliyor.
bunun için sudo komutu imdada yetişiyor.
i Ubuntu ve türevleri için bu komutları işletmek gerekli.
Önce kullanıcıyı sudo grubuna ekleyelim.

~# usermod -a -G sudo caylak

ilgili kullanıcıya parolasız root yetkisi vermek.

~# echo 'caylak ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/caylak

hepsi bu kadar :)