Use Bind 9 as local recursive DNS on Ubuntu, linux mint and Debian

Here is a quick guide on how to change the default dnsmasq dns client into a fully working uncensored bind 9 recursive server – client setup on localhost.

First of all, we need to “disable” the dnsmasq in


by uncommenting the


Next we need to make a change in the order of how nsswitch do the lookup of .local domains, so edit


and change the line from

hosts: files mdns4_minimal [NOTFOUND=return] dns


hosts: files dns mdns4_minimal [NOTFOUND=return]

Next ensure bind9 is installed by apt install -y bind9 dnsutils

When that’s done edit


and ensure you have a line with the following value within the options values

listen-on port 53 { any; }
recursion yes;

Now restart the bind9 by sudo systemsctl restart bind9

You should now be up and running with your own dns server/client to avoid any governmental censorship like in undemocratic Denmark

Last you need to ensure that your messedup NetWorkmanager pointing to your local DNS server.

Posted on

Trac wiki on Ububtu 16.10 and Nginx

= Install Trac on Ubuntu proxied by Nginx =

How to install and run a single hosted Trac project from

This guide should apply for the following debian variations:

* Debian 9
* Ubuntu 16.04
* Ubuntu 16.10
* LinuxMint 18.1
* LinuxMint 18.2

Here is a somewhat basic copy paste #bash script for this, however, there will be some manual labor for you 😛 but a find+replace would help you a lot. Be aware you might run all of these commands with the `sudo -H`

**important** remember to replace the `` with [ latest verion]
apt-get install subversion libapache2-mod-python pypy python python-babel trac python-pip -y
pip install --upgrade pip
pip install --upgrade Babel
pip install --upgrade Trac
pip install --upgrade pillow
pip install dnspython
pip install spambayes
pip install oauth2
pip install httplib2
pip install TracTags
pip install TracSpamFilter 
pip install TracVote
easy_install --always-unzip
mkdir -p /var/www/trac/

trac-admin /var/www/trac initenv

Follow the trac-admin guide…

Now lets test the trac before we do more

tracd --port 8000 /var/www/trac
lynx localhost:8000/trac

Great it’s working, then it’s time to setup a admin user and password for the admin account. Bad luck if it doesn’t as that is beyond this wiki and you’ll need to go to find a solution 🙁

htpasswd -c /var/www/trac/.htpasswd adminusername
trac-admin /var/www/trac/ permission add adminusername TRAC_ADMIN

Replace `adminusername` with your desired username

Next we set the propper user and group permissions on the Trac folder to allow the Nginx/Apache/Trac server to access it

chown -R UserName:GroupName /var/www/trac/
chmod -R 775 /var/www/trac/

== Enable GIT source ==
To enable git source brosing we need another subfolder

mkdir -p /var/www/trac/git

== Systemd startup script == #SystemD

In your `/etc/systemd/system/` make this new file –>

nano /etc/systemd/system/tracd.service
Description=TrackD Daemon

ExecStart=/usr/local/bin/tracd -p 3050 --protocol=http --basic-auth="*,/var/www/trac/.htpasswd,Restricted" -s /var/www/trac


== Nginx configs ==
Now it’s time to do the NginX configureations 🙂

First we have to make a reverse proxy to the Trac daemon we have made in [#SystemD Systemd startup script]

In the `/etc/nginx/nginx.conf` we’ll have to add a upstream for our reverse_proxy to Trac

  upstream live_trachosts_com {

Now make the site.conf file in your preferred location, which by default would be `/etc/nginx/conf.d/` for other it would be in `/etc/nginx/sites-available` but we go whit the default
`nano /etc/nginx/conf.d/site.conf`

server {
  server_name  trac.local;
  charset utf8;
  access_log  /var/log/nginx/trac.access.log;
  error_log  /var/log/nginx/trac.debug.log;

  location / {
    proxy_pass  http://live_trachosts_com;
    proxy_set_header Host $host;
  # redirect server error pages to the static page /50x.html
  error_page   500 502 503 504  /50x.html;
  location = /50x.html {
      root   /usr/share/nginx/html;

  # deny access to .htaccess files, if Apache's document root
  # concurs with nginx's one
  location ~ /\.ht {
      deny  all;

== Apache ==
And since you properly anyway use apache 🙁 well here is that piece of code 🙁

a2enmod python
nano /etc/apache2/sites-available/trac.conf
 ServerName trac.local
 <Location />
 SetHandler mod_python
 PythonInterpreter main_interpreter
 PythonHandler trac.web.modpython_frontend
 PythonOption TracEnv /var/www/trac
 PythonOption TracEnvParentDir /var/www/trac
 PythonOption TracUriRoot /
 PythonOption TracEnv /var/www/trac
 # PythonOption TracEnvIndexTemplate /var/www/trac/templates/index-template.html
 PythonOption TracLocale en_US.UTF8
 PythonOption PYTHON_EGG_CACHE /tmp
 Order allow,deny
 Allow from all
 <Location /login>
 AuthType Basic
 AuthName "myproject"
 AuthUserFile /var/www/trac/.htpasswd
 Require valid-user

To enable the trac site run `a2ensite trac.conf`

== Find/Replace ==
The following paths is to be replaced with your preferences
`/var/www/trac` –> `/full/path/to/trac`
`adminusername` –> `YourUserName` to be used as the track admin
`UserName` –> The username for which trac daemon runs as ex. `Your login UserName`
`GroupName` –> The group name for which trac daemon runs as ex `www-data`
`trac.local` –> `full.domain.tld`
`live_trachosts_com` –> to what suits your needs
`` –> if you are running both NginX and Apache on port 80/443 you’ll need to set the IP, but if you only runs Nginx or Apache you can delete the ip to listen on all address

== Versions ==
In this tutorial I have used the following software versions

$ uname -a
Linux hostname 4.11.0-14-generic #20~16.04.1-Ubuntu SMP Wed Aug 9 09:06:22 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
$ tracd --version
tracd 1.2.2
$ nginx -v
nginx version: nginx/1.13.6


Posted on

Ubuntu 16.10 Server MariaDB (MySql) open_file_limit won’t go higher than 16364

In Ubuntu 16.10 and other systemd enabled OS like Debian, CentOs and LinuxMint with MariaDB Server version 10.x+ open_file_limit won’t go higher than 16364. according to MariaDB it’s simply because the SystemD daemon prefer new ways to set limit and a few other vital modifications

systemd is an init replacement that MariaDB uses on releases since 10.1.8. Distribution packages before this version may use a different configuration so consult their documentation if required.

systemd services are packaged on RPM and Debian based Linux distributions. When systemd is used, mysqld_safe is not used and settings in the mysqld_safe section of configuration files will not be read or applied.

systemd overview

systemd service files are included in the MariaDB-server package. The service definition is installed in /usr/lib/systemd/system/mariadb.service. The service name is mariadb.service; however aliases to mysql.service and mysqld.service are included for convenience.

Unlike previous init scripts, the mysqld process is executed directly from the init script running as the mysql user. This places a couple of limitations on situations that were previously possible:

  • open-files-limit cannot be raised beyond the operating system limit (usually 1K) and hence the systemd configuration for mariadb has LimitNOFILE set to 16K by default;
  • memlock can be used from version 10.1.10; and
  • The start timeout from init scripts was quite large and special configuration may be required if there is a slow startup time (MDEV-9202).
  • A mapping of common mysqld_safe options to systemd options is provided below.

    mysqld_safe option systemd option Comments
    no option ProtectHome=false If any MariaDB files are in /home/
    no option PrivateDevices=false If any MariaDB storage references raw block devices
    no option ProtectSystem= If any MariaDB write any files to anywhere under /boot, /usr or /etc
    no option TimeoutStartSec={time} Set if the systemd reports failure to start because of timeout. 0 disables any timeout
    no option (ref MDEV-9264) OOMScoreAdjust={priority} e.g. -600 to lower priority of OOM killer for mysqld
    open_files LimitNOFILE={limit}  
    core_file_size LimitCORE={size}  
      LimitMEMLOCK={size} or unlimited When large-pages or memlock is used
    nice Nice={nice value}  
    syslog StandardOutput=syslog  
    syslog-tag SyslogIdentifier  
    flush-caches ExecStartPre=/usr/bin/sync  
      ExecStartPre=/usr/sbin/sysctl -q -w vm.drop_caches=3  
    numa-interleave ExecStart=/usr/bin/numactl –interleave=all /usr/sbin/mysqld ${MYSQLD_OPTS} ${_WSREP_NEW_CLUSTER}  

    Note: systemd.service contains the official meanings for these systemd settings.

    There are other options and the mariadb-service-convert script will attempt to convert these as accurately as possible.

    In addition to the set of options previously provided by mysqld_safe, systemd.service has considerably more options.

When all or some of these settings have been altered don’t forget to:

systemctl daemon-reload
systemctl restart mysql.service

To make the new values active

To verify your changes open a mysql instance in terminal or your preferred Mysql GUI and type

show global variables like 'open%';

If you can see the changes, your done. As exsamle I’ve set my LimitNOFILE=1024000 in /etc/systemd/system/mariadb.service.d/migrated-from-my.cnf-settings.conf and the output looks like

MariaDB [(none)]> show global variables like 'open%';
| Variable_name    | Value   |
| open_files_limit | 1024000 |
1 row in set (0.00 sec)

Posted on

Apache order of deny,allow or allow,deny

If you as many other users sometime need to do some allow,deny in apache and can’t remember which order to use them, then here is the link to Apaches Order Directives

But in short:

Ordering is one of:

First, all Allow directives are evaluated; at least one must match, or the request is rejected. Next, all Deny directives are evaluated. If any matches, the request is rejected. Last, any requests which do not match an Allow or a Deny directive are denied by default.
First, all Deny directives are evaluated; if any match, the request is denied unless it also matches an Allow directive. Any requests which do not match any Allow or Deny directives are permitted.
This order has the same effect as Order Allow,Deny and is deprecated in its favor.

Keywords may only be separated by a comma; no whitespace is allowed between them.

Match Allow,Deny result Deny,Allow result
Match Allow only Request allowed Request allowed
Match Deny only Request denied Request denied
No match Default to second directive: Denied Default to second directive: Allowed
Match both Allow & Deny Final match controls: Denied Final match controls: Allowed

In the following example, all hosts in the domain are allowed access; all other hosts are denied access.

Order Deny,Allow
Deny from all
Allow from

In the next example, all hosts in the domain are allowed access, except for the hosts which are in the subdomain, who are denied access. All hosts not in the domain are denied access because the default state is to Deny access to the server.

Order Allow,Deny
Allow from
Deny from

On the other hand, if the Order in the last example is changed to Deny,Allow, all hosts will be allowed access. This happens because, regardless of the actual ordering of the directives in the configuration file, the Allow from will be evaluated last and will override the Deny from All hosts not in the domain will also be allowed access because the default state is Allow.

The presence of an Order directive can affect access to a part of the server even in the absence of accompanying Allow and Deny directives because of its effect on the default access state. For example,

<Directory /www>
Order Allow,Deny

will Deny all access to the /www directory because the default access state is set to Deny.

Posted on

How to crawl your own website to save to cache

You can use wget for that. After setting the http_proxy environment variable to point to your proxy run it with options similar to below (linux commands below).

export http_proxy=

wget --cache=off --delete-after -m

If you only need to heat the cache server with static files you can do one of the following things

  1. Use the find command and paste the output to either curl or wget like this
    for path in $(find /full/path/to/files/ -type f -printf "%f\n"); do wget --cache=off --delete-after -m https://static.domain.tld/rewriten-path/$path; done;
  2. By using Curl
    for path in $(find /full/path/to/files/ -type f -printf "%f\n"); do curl -I https://static.domain.tld/rewriten-path/$path; done;
  3. Another way is to make a list of files, then rewrite results into urls that you paste into curl
    find /full/path/to/files/ -type f -printf "%f\n" >> output.txt; xargs -n 1 curl -I https://static.domain.tld/ < output.txt

Posted on