Use Bind 9 as local recursive DNS on Ubuntu, linux mint and Debian

Here is a quick guide on how to change the default dnsmasq dns client into a fully working uncensored bind 9 recursive server – client setup on localhost.

First of all, we need to “disable” the dnsmasq in


by uncommenting the


Next we need to make a change in the order of how nsswitch do the lookup of .local domains, so edit


and change the line from

hosts: files mdns4_minimal [NOTFOUND=return] dns


hosts: files dns mdns4_minimal [NOTFOUND=return]

Next ensure bind9 is installed by apt install -y bind9 dnsutils

When that’s done edit


and ensure you have a line with the following value within the options values

listen-on port 53 { any; }
recursion yes;

Now restart the bind9 by sudo systemsctl restart bind9

You should now be up and running with your own dns server/client to avoid any governmental censorship like in undemocratic Denmark

Last you need to ensure that your messedup NetWorkmanager pointing to your local DNS server.

Posted on

Trac wiki on Ububtu 16.10 and Nginx

= Install Trac on Ubuntu proxied by Nginx =

How to install and run a single hosted Trac project from

This guide should apply for the following debian variations:

* Debian 9
* Ubuntu 16.04
* Ubuntu 16.10
* LinuxMint 18.1
* LinuxMint 18.2

Here is a somewhat basic copy paste #bash script for this, however, there will be some manual labor for you 😛 but a find+replace would help you a lot. Be aware you might run all of these commands with the `sudo -H`

**important** remember to replace the `` with [ latest verion]
apt-get install subversion libapache2-mod-python pypy python python-babel trac python-pip -y
pip install --upgrade pip
pip install --upgrade Babel
pip install --upgrade Trac
pip install --upgrade pillow
pip install dnspython
pip install spambayes
pip install oauth2
pip install httplib2
pip install TracTags
pip install TracSpamFilter 
pip install TracVote
easy_install --always-unzip
mkdir -p /var/www/trac/

trac-admin /var/www/trac initenv

Follow the trac-admin guide…

Now lets test the trac before we do more

tracd --port 8000 /var/www/trac
lynx localhost:8000/trac

Great it’s working, then it’s time to setup a admin user and password for the admin account. Bad luck if it doesn’t as that is beyond this wiki and you’ll need to go to find a solution 🙁

htpasswd -c /var/www/trac/.htpasswd adminusername
trac-admin /var/www/trac/ permission add adminusername TRAC_ADMIN

Replace `adminusername` with your desired username

Next we set the propper user and group permissions on the Trac folder to allow the Nginx/Apache/Trac server to access it

chown -R UserName:GroupName /var/www/trac/
chmod -R 775 /var/www/trac/

== Enable GIT source ==
To enable git source brosing we need another subfolder

mkdir -p /var/www/trac/git

== Systemd startup script == #SystemD

In your `/etc/systemd/system/` make this new file –>

nano /etc/systemd/system/tracd.service
Description=TrackD Daemon

ExecStart=/usr/local/bin/tracd -p 3050 --protocol=http --basic-auth="*,/var/www/trac/.htpasswd,Restricted" -s /var/www/trac


== Nginx configs ==
Now it’s time to do the NginX configureations 🙂

First we have to make a reverse proxy to the Trac daemon we have made in [#SystemD Systemd startup script]

In the `/etc/nginx/nginx.conf` we’ll have to add a upstream for our reverse_proxy to Trac

  upstream live_trachosts_com {

Now make the site.conf file in your preferred location, which by default would be `/etc/nginx/conf.d/` for other it would be in `/etc/nginx/sites-available` but we go whit the default
`nano /etc/nginx/conf.d/site.conf`

server {
  server_name  trac.local;
  charset utf8;
  access_log  /var/log/nginx/trac.access.log;
  error_log  /var/log/nginx/trac.debug.log;

  location / {
    proxy_pass  http://live_trachosts_com;
    proxy_set_header Host $host;
  # redirect server error pages to the static page /50x.html
  error_page   500 502 503 504  /50x.html;
  location = /50x.html {
      root   /usr/share/nginx/html;

  # deny access to .htaccess files, if Apache's document root
  # concurs with nginx's one
  location ~ /\.ht {
      deny  all;

== Apache ==
And since you properly anyway use apache 🙁 well here is that piece of code 🙁

a2enmod python
nano /etc/apache2/sites-available/trac.conf
 ServerName trac.local
 <Location />
 SetHandler mod_python
 PythonInterpreter main_interpreter
 PythonHandler trac.web.modpython_frontend
 PythonOption TracEnv /var/www/trac
 PythonOption TracEnvParentDir /var/www/trac
 PythonOption TracUriRoot /
 PythonOption TracEnv /var/www/trac
 # PythonOption TracEnvIndexTemplate /var/www/trac/templates/index-template.html
 PythonOption TracLocale en_US.UTF8
 PythonOption PYTHON_EGG_CACHE /tmp
 Order allow,deny
 Allow from all
 <Location /login>
 AuthType Basic
 AuthName "myproject"
 AuthUserFile /var/www/trac/.htpasswd
 Require valid-user

To enable the trac site run `a2ensite trac.conf`

== Find/Replace ==
The following paths is to be replaced with your preferences
`/var/www/trac` –> `/full/path/to/trac`
`adminusername` –> `YourUserName` to be used as the track admin
`UserName` –> The username for which trac daemon runs as ex. `Your login UserName`
`GroupName` –> The group name for which trac daemon runs as ex `www-data`
`trac.local` –> `full.domain.tld`
`live_trachosts_com` –> to what suits your needs
`` –> if you are running both NginX and Apache on port 80/443 you’ll need to set the IP, but if you only runs Nginx or Apache you can delete the ip to listen on all address

== Versions ==
In this tutorial I have used the following software versions

$ uname -a
Linux hostname 4.11.0-14-generic #20~16.04.1-Ubuntu SMP Wed Aug 9 09:06:22 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
$ tracd --version
tracd 1.2.2
$ nginx -v
nginx version: nginx/1.13.6


Posted on

Use FFmpeg to add an aditional subtitle to a mkv video

Running ex. on Evita from 1996

First let Examining the source file with ffprobe and grep the Stream lines with the googdies

ffprobe Evita.mkv

Then will see these stream lines

Stream #0:0(eng): Video: h264 (High), yuv420p, 1280×536, SAR 67:68 DAR 40:17, 23.98 fps, 23.98 tbr, 1k tbn, 47.95 tbc (default)
Stream #0:1(eng): Audio: ac3, 48000 Hz, 5.1(side), fltp, 448 kb/s (default)
Stream #0:2(ita): Subtitle: subrip
Stream #0:3(eng): Subtitle: subrip
Stream #0:4(spa): Subtitle: subrip
Stream #0:5(fre): Subtitle: subrip
Stream #0:6(ger): Subtitle: subrip
Stream #0:7(dut): Subtitle: subrip
Stream #0:8(chi): Subtitle: subrip

This tells us that -map layers is:
0:0 is the video layer
0:1 is the Audio layer
0:2 is the italian subtitle layer
0:3 is the English subtitle layer
0:4 is the Spanish subtitle layer
0:5 is the Frensh subtitle layer
0:6 is the German subtitle layer
0:7 is the Dutch subtitle layer
0:8 is the Chinese subtitle layer

Now we will add the subtitle layer for the danish language, by simply copy all the source and add the contents of the file, but if you would like to have a “named” list of which subtitle layer is which you need to do some manual labor adding the -metadata:0:9 language=dan I’m afraid. Now go ahead and do as in the code below 🙂

You determine the -metadata:s:x by simply take the highest number in source file and adding +1, on this case 8+1=9 which makes the -metadata:s:9

ffmpeg -y -i Evita.mkv -f srt -i -map 0:0 -map 0:1 -map 0:2 -map 0:3 -map 0:4 -map 0:5 -map 0:6 -map 0:7 -map 0:8 -map 1:0 -c copy -c:s srt -metadata:s:9 language=dan Evita-dan.mkv

Posted on

Use FFmpeg to add subtitles to video


ffmpeg -i input.mp4 -f srt -i -map 0:0 -map 0:1 -map 1:0 -c:v copy -c:a copy -c:s mov_text output.mp4


ffmpeg -i input.mp4 -f srt -i -map 0:0 -map 0:1 -map 1:0 -c:v copy -c:a copy -c:s srt  output.mkv

To understand the -map option you’ll first need to examine your source file by running the video trough ffprobe or ffmpeg

ffmprob -i video.mp4

Then you’ll see some lines named “Stream”, each stream represent a video, sound and/or subtitle. Streams starting with 0: is video or sound tracks and streams starting with a number higher than 0 is subtitle (overlays)

To add several subtitles to the same video requires you to add a -c:s mov_text or -c:s srt for each subtitle submitted

If you like to add a title to each soundtrack or subtitle you can use the -metadata:s: and -metadata:s:s


For soundtracks you’ll use for English

-metadata:s:0 language=English

For subtitle you have to use the extra s

-metadata:s:s:1 language=English \
-metadata:s:s:2 language=Dansk

Posted on

Apache order of deny,allow or allow,deny

If you as many other users sometime need to do some allow,deny in apache and can’t remember which order to use them, then here is the link to Apaches Order Directives

But in short:

Ordering is one of:

First, all Allow directives are evaluated; at least one must match, or the request is rejected. Next, all Deny directives are evaluated. If any matches, the request is rejected. Last, any requests which do not match an Allow or a Deny directive are denied by default.
First, all Deny directives are evaluated; if any match, the request is denied unless it also matches an Allow directive. Any requests which do not match any Allow or Deny directives are permitted.
This order has the same effect as Order Allow,Deny and is deprecated in its favor.

Keywords may only be separated by a comma; no whitespace is allowed between them.

Match Allow,Deny result Deny,Allow result
Match Allow only Request allowed Request allowed
Match Deny only Request denied Request denied
No match Default to second directive: Denied Default to second directive: Allowed
Match both Allow & Deny Final match controls: Denied Final match controls: Allowed

In the following example, all hosts in the domain are allowed access; all other hosts are denied access.

Order Deny,Allow
Deny from all
Allow from

In the next example, all hosts in the domain are allowed access, except for the hosts which are in the subdomain, who are denied access. All hosts not in the domain are denied access because the default state is to Deny access to the server.

Order Allow,Deny
Allow from
Deny from

On the other hand, if the Order in the last example is changed to Deny,Allow, all hosts will be allowed access. This happens because, regardless of the actual ordering of the directives in the configuration file, the Allow from will be evaluated last and will override the Deny from All hosts not in the domain will also be allowed access because the default state is Allow.

The presence of an Order directive can affect access to a part of the server even in the absence of accompanying Allow and Deny directives because of its effect on the default access state. For example,

<Directory /www>
Order Allow,Deny

will Deny all access to the /www directory because the default access state is set to Deny.

Posted on

How to clear NginX Reverse_proxy cache

You can also bypass/re-cache on a file by file basis using

proxy_cache_bypass $http_secret_header;

and as a bonus you can return this header to see if you got it from the cache (will return ‘HIT’) or from the content server (will return ‘BYPASS’).

add_header X-Cache-Status $upstream_cache_status;

to expire/refresh the cached file, use curl or any rest client to make a request to the cached page.

curl…erse_proxy-cache/ -s -I -H "secret-header:true"

this will return a fresh copy of the item and it will also replace what’s in cache

Posted on

How to crawl your own website to save to cache

You can use wget for that. After setting the http_proxy environment variable to point to your proxy run it with options similar to below (linux commands below).

export http_proxy=

wget --cache=off --delete-after -m

If you only need to heat the cache server with static files you can do one of the following things

  1. Use the find command and paste the output to either curl or wget like this
    for path in $(find /full/path/to/files/ -type f -printf "%f\n"); do wget --cache=off --delete-after -m https://static.domain.tld/rewriten-path/$path; done;
  2. By using Curl
    for path in $(find /full/path/to/files/ -type f -printf "%f\n"); do curl -I https://static.domain.tld/rewriten-path/$path; done;
  3. Another way is to make a list of files, then rewrite results into urls that you paste into curl
    find /full/path/to/files/ -type f -printf "%f\n" >> output.txt; xargs -n 1 curl -I https://static.domain.tld/ < output.txt

Posted on

Linux Enabling / Disabling a init.d service

Enabling / Disabling a service

To toggle a service from starting or stopping permanently you would need to:

echo manual | sudo tee /etc/init/SERVICE.override

where the stanza manual will stop Upstart from automatically loading the service on next boot. Any service with the .override ending will take precedence over the original service file. You will only be able to start the service manually afterwards. If you do not want this then simply delete the .override. For example:

echo manual | sudo tee /etc/init/mysql.override

Will put the MySQL service into manual mode. If you do not want this, afterwards you can simply do

sudo rm /etc/init/mysql.override

and Reboot for the service to start automatically again. Of course to enable a service, the most common way is by installing it. If you install Apache, Nginx, MySQL or others, they automatically start upon finishing installation and will start every time the computer boots. Disabling, as mentioned above, will make use of the service manual.

Temporary enabling/disabling services

To stop and start services temporarily (Does not enable / disable them for future boots), you can type service SERVICE_NAME. For example:

  • sudo service apache2 stop (Will STOP the Apache service until Reboot or until you start it again).
  • sudo service apache2 start (Will START the Apache service assuming it was stopped before.).
  • service apache2 status (Will tell you the STATUS of the service, if it is either enabled/running of disabled/NOT running.).
  • sudo service apache2 restart (Will RESTART the service. This is most commonly used when you have changed, a config file. In this case, if you changed either a PHP configuration or an Apache configuration. Restart will save you from having to stop/start with 2 command lines)
  • service apache2 (In this case, since you did not mention the ACTION to execute for the service, it will show you all options available for that specific service.) This aspect varies depending on the service, for example, with MySQL it would only mention that it is missing a parameter. For other services like networking service it would mention the small list of all options available.

Posted on

How can I find all file extensions types in a folder or subfolder hierarchy

It work as following:

  • Find all files from current folder
  • Prints extension of files if any
  • Make a unique sorted list
find . -type f | perl -ne 'print $1 if m/\.([^.\/]+)$/' | sort -u

Or by using awk

find . -type f | awk -F. '!a[$NF]++{print $NF}'

You can also use git as follow

git ls-tree -r HEAD --name-only | perl -ne 'print $1 if m/\.([^.\/]+)$/' | sort -u

This is should be better than naive find, because:

  • it excludes untracked (gitignored) files
  • it excludes .git directory which contains usually hundreds/thousands of files and hence slows down the search

If you still haven’t upgraded to Linux from Shitdows, then the powershell command looks like this (powershell not cmd (Command promt)):

dir -recurse | select-object extension -unique

Posted on

How to reset ACL file permission in linux

HI, I have some files, that I’d like to remove the SELinux context or ACLs from (denoted by a ‘.‘ or a ‘+‘ respectively when using ls -alZ).



setfacl -b will remove the ACL on a file. setfattr -x security.selinux will remove the SELinux file context, but you will probably have to boot with SELinux completely disabled.

Posted on