From d8153a70dccc678d854ee0ff55bebe71f7c4417a Mon Sep 17 00:00:00 2001 From: David Luevano Alvarado Date: Mon, 17 May 2021 16:18:29 -0600 Subject: new blogging system pyssg --- blog/old/dst/a/el_blog_ya_tiene_timestamps.html | 100 ++++ blog/old/dst/a/first_blog_post.html | 98 ++++ blog/old/dst/a/git_server_with_cgit.html | 240 ++++++++++ blog/old/dst/a/linux_video_notes.html | 196 ++++++++ blog/old/dst/a/mail_server_with_postfix.html | 578 ++++++++++++++++++++++++ blog/old/dst/a/shell_scripting.html | 362 +++++++++++++++ blog/old/dst/a/sql_video_notes.html | 295 ++++++++++++ blog/old/dst/a/website_with_nginx.html | 250 ++++++++++ blog/old/dst/index.html | 108 +++++ blog/old/dst/sitemap.xml | 16 + blog/old/src/.files | 9 + blog/old/src/_footer.html | 23 + blog/old/src/_header.html | 63 +++ blog/old/src/a/el_blog_ya_tiene_timestamps.md | 9 + blog/old/src/a/first_blog_post.md | 7 + blog/old/src/a/git_server_with_cgit.md | 153 +++++++ blog/old/src/a/linux_video_notes.md | 88 ++++ blog/old/src/a/mail_server_with_postfix.md | 518 +++++++++++++++++++++ blog/old/src/a/shell_scripting.md | 263 +++++++++++ blog/old/src/a/sql_video_notes.md | 172 +++++++ blog/old/src/a/website_with_nginx.md | 157 +++++++ blog/old/src/index.md | 5 + 22 files changed, 3710 insertions(+) create mode 100644 blog/old/dst/a/el_blog_ya_tiene_timestamps.html create mode 100644 blog/old/dst/a/first_blog_post.html create mode 100644 blog/old/dst/a/git_server_with_cgit.html create mode 100644 blog/old/dst/a/linux_video_notes.html create mode 100644 blog/old/dst/a/mail_server_with_postfix.html create mode 100644 blog/old/dst/a/shell_scripting.html create mode 100644 blog/old/dst/a/sql_video_notes.html create mode 100644 blog/old/dst/a/website_with_nginx.html create mode 100644 blog/old/dst/index.html create mode 100644 blog/old/dst/sitemap.xml create mode 100644 blog/old/src/.files create mode 100644 blog/old/src/_footer.html create mode 100644 blog/old/src/_header.html create mode 100644 blog/old/src/a/el_blog_ya_tiene_timestamps.md create mode 100644 blog/old/src/a/first_blog_post.md create mode 100644 blog/old/src/a/git_server_with_cgit.md create mode 100644 blog/old/src/a/linux_video_notes.md create mode 100644 blog/old/src/a/mail_server_with_postfix.md create mode 100644 blog/old/src/a/shell_scripting.md create mode 100644 blog/old/src/a/sql_video_notes.md create mode 100644 blog/old/src/a/website_with_nginx.md create mode 100644 blog/old/src/index.md (limited to 'blog/old') diff --git a/blog/old/dst/a/el_blog_ya_tiene_timestamps.html b/blog/old/dst/a/el_blog_ya_tiene_timestamps.html new file mode 100644 index 0000000..1bae979 --- /dev/null +++ b/blog/old/dst/a/el_blog_ya_tiene_timestamps.html @@ -0,0 +1,100 @@ + + + + + + Luévano's Blog + + + + + + + + + + + + + + + + + +
+ + +
+ + + +
+
+ +
+

Así es raza, el blog ya tiene timestamps

+ +

Pues eso, esta entrada es sólo para tirar update sobre mi primer post. Ya modifiqué el ssg lo suficiente como para que maneje los timestamps, y ya estoy más familiarizado con este script entonces ya lo podré extender más, pero por ahora las entradas ya tienen su fecha de creación (y modificación en dado caso) al final y en el índice ya están organizados por fecha, que por ahora está algo simple pero está sencillo de extender.

+ +

Ya lo único que queda es cambiar un poco el formato del blog (y de la página en general), porque en un momento de desesperación puse todo el texto en justificado y pues no se ve chido siempre, entonces queda corregir eso. Y aunque me tomó más tiempo del que quisiera, así nomás quedó, diría un cierto personaje.

+ +

El ssg modificado está en mis dotfiles (o directamente aquí).

+ +

Por último, también quité las extensiones .html de las URLs, porque se veía bien pitero, pero igual los links con .html al final redirigen a su link sin .html, así que no hay rollo alguno.

+ +
+
+

Created: Mon, Mar 15, 2021 @ 19:46 MST

+
+
+ + + + diff --git a/blog/old/dst/a/first_blog_post.html b/blog/old/dst/a/first_blog_post.html new file mode 100644 index 0000000..2eeca94 --- /dev/null +++ b/blog/old/dst/a/first_blog_post.html @@ -0,0 +1,98 @@ + + + + + + Luévano's Blog + + + + + + + + + + + + + + + + + +
+ + +
+ + + +
+
+ +
+

This is the first blog post, just for testing purposes

+ +

I'm making this post just to figure out how ssg5 and lowdown are supposed to work (and eventually also rssg).

+ +

At the moment, I'm not satisfied because there's no automatic date insertion into the 1) html file, 2) the blog post itself and 3) the listing system in the blog homepage (and there's also the problem with the ordering of the entries…). And all of this just because I didn't want to use Luke's solution (don't really like that much how he handles the scripts… but they just work).

+ +

Hopefully, for tomorrow all of this will be sorted out and I'll have a working blog system.

+ +
+
+

Created: Sat, Feb 27, 2021 @ 06:08 MST

+
+
+ + + + diff --git a/blog/old/dst/a/git_server_with_cgit.html b/blog/old/dst/a/git_server_with_cgit.html new file mode 100644 index 0000000..c625eb6 --- /dev/null +++ b/blog/old/dst/a/git_server_with_cgit.html @@ -0,0 +1,240 @@ + + + + + + Luévano's Blog + + + + + + + + + + + + + + + + + +
+ + +
+ + + +
+
+ +
+

Create a git server and setup cgit web app (on Nginx)

+ +

My git server is all I need to setup to actually kill my other server (I've been moving from servers on these last 2-3 blog entries), that's why I'm already doing this entry. I'm basically following git's guide on setting up a server plus some specific stuff for (btw i use) Arch Linux (Arch Linux Wiki: Git server and Step by step guide on setting up git server in arch linux (pushable)).

+ +

Note that this is mostly for personal use, so there's no user/authentication control other than that of SSH. Also, most if not all commands here are run as root.

+ +

Prerequisites

+ +

I might get tired of saying this (it's just copy paste, basically)… but similar as before (check my website and mail entries):

+ + + +

git server

+ +

If not installed already, install the git package:

+ +
pacman -S git
+
+ +

On Arch Linux, when you install the git package, a git user is automatically created, so all you have to do is decide where you want to store the repositories, for me, I like them to be on /home/git like if git was a “normal” user. So, create the git folder (with corresponding permissions) under /home and set the git user's home to /home/git:

+ +
mkdir /home/git
+chown git:git /home/git
+usermod -d /home/git git
+
+ +

Also, the git user is “expired” by default and will be locked (needs a password), change that with:

+ +
chage -E -1 git
+passwd git
+
+ +

Give it a strong one and remember to use PasswordAuthentication no for ssh (as you should). Create the .ssh/authorized_keys for the git user and set the permissions accordingly:

+ +
mkdir /home/git/.ssh
+chmod 700 /home/git/.ssh
+touch /home/git/.ssh/authorized_keys
+chmod 600 /home/git/.ssh/authorized_keys
+chown -R git:git /home/git
+
+ +

Now is a good idea to copy over your local SSH public keys to this file, to be able to push/pull to the repositories. Do it by either manually copying it or using ssh's built in ssh-copy-id (for that you may want to check your ssh configuration in case you don't let people access your server with user/password).

+ +

Next, and almost finally, we need to edit the git-daemon service, located at /usr/lib/systemd/system/ (called git-daemon@.service):

+ +
...
+ExecStart=-/usr/lib/git-core/git-daemon --inetd --export-all --base-path=/home/git --enable=receive-pack
+...
+
+ +

I just appended --enable=receive-pack and note that I also changed the --base-path to reflect where I want to serve my repositories from (has to match what you set when changing git user's home).

+ +

Now, go ahead and start and enable the git-daemon socket:

+ +
systemctl start git-daemon.socket
+systemctl enable git-daemon.socket
+
+ +

You're basically done. Now you should be able to push/pull repositories to your server… except, you haven't created any repository in your server, that's right, they're not created automatically when trying to push. To do so, you have to do the following sequence (assuming you're “cd'ed” into the /home/git directory):

+ +
mkdir {repo_name}.git
+cd {repo_name}.git
+
+ +

Those two lines above will need to be run each time you want to add a new repository to your server (yeah, kinda lame… although there are options to “automate” this, I like it this way).

+ +

After that you can already push/pull to your repository. I have my repositories (locally) set up so I can push to more than one remote at the same time (my server, GitHub, GitLab, etc.), which is detailed here.

+ +

cgit

+ +

This bit is optional if you only wanted a git server (really easy to set up), this is so you can have a web application. This is basically a copy paste of Arch Linux Wiki: Cgit so you can go there and get more in-depth configurations.

+ +

Install the cgit and fcgiwrap packages:

+ +
pacman -S cgit fcgiwrap
+
+ +

Now, just start and enable the fcgiwrap socket:

+ +
systemctl start fcgiwrap.socket
+systemctl enable fcgiwrap.socket
+
+ +

Next, the way I configure nginx is creating a separate file {module}.conf (git.conf in this case) under /etc/nginx/sites-available and create a symlink to /etc/nginx/sites-enabled as stated in my nginx setup entry. Add the following lines to your git.conf file:

+ +
server {
+    listen 80;
+    listen [::]:80;
+    root /usr/share/webapps/cgit;
+    server_name {yoursubdomain}.{yourdomain};
+    try_files $uri @cgit;
+
+    location @cgit {
+        include fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $document_root/cgit.cgi;
+        fastcgi_param PATH_INFO $uri;
+        fastcgi_param QUERY_STRING $args;
+        fastcgi_param HTTP_HOST $server_name;
+        fastcgi_pass unix:/run/fcgiwrap.sock;
+    }
+}
+
+ +

Where the server_name line depends on you, I have mine setup to git.luevano.xyz and www.git.luevano.xyz. Optionally run certbot --nginx to get a certificate for those domains if you don't have already.

+ +

Now, all that's left is to configure cgit. Create the configuration file /etc/cgitrc with the following content (my personal options, pretty much the default):

+ +
css=/cgit.css
+source-filter=/usr/lib/cgit/filters/syntax-highlighting-edited.sh
+logo=/cgit.png
+
+enable-http-clone=1
+# robots=noindex, nofollow
+virtual-root=/
+
+repo.url={url}
+repo.path={dir_path}
+repo.owner={owner}
+repo.desc={short_description}
+
+...
+
+ +

Where you can uncomment the robots line to let web crawlers (like Google's) to index your git web app. And at the end keep all your repositories (the ones you want to make public), for example for my dotfiles I have:

+ +
...
+repo.url=.dots
+repo.path=/home/git/.dots.git
+repo.owner=luevano
+repo.desc=These are my personal dotfiles.
+...
+
+ +

Otherwise you could let cgit to automatically detect your repositories (you have to be careful if you want to keep “private” repos) using the option scan-path and setup .git/description for each repository. I will add more to my actual configuration, but for now it is useful as it is. For more, you can check cgitrc(5).

+ +

Finally, if you want further support for highlighting, other compressed snapshots or support for markdown, checkout the optional dependencies for cgit and also the Arch Wiki goes in detail on how to setup highlighting with two different packages.

+ +
+
+

Created: Sat, Mar 20, 2021 @ 22:58 MST; modified: Sun, Mar 21, 2021 @ 12:00 MST

+
+
+ + + + diff --git a/blog/old/dst/a/linux_video_notes.html b/blog/old/dst/a/linux_video_notes.html new file mode 100644 index 0000000..df9dbe9 --- /dev/null +++ b/blog/old/dst/a/linux_video_notes.html @@ -0,0 +1,196 @@ + + + + + + Luévano's Blog + + + + + + + + + + + + + + + + + +
+ + +
+ + + +
+
+ +
+

Linux tutorial video notes

+ +

I was requested to make a summary of a video about basic Linux stuff (like the SQL tutorial video notes); this time, I did most of the notes depending on the topic since I'm familiar with most of the stuff presented in the video. The video in question is: The Complete Linux Course: Beginner to Power User!. Also, some notes were taken from Arch Linux Wiki since it's got pretty decent documentation, and, of course, general googling.

+ +

(Basic) commands

+ +

A list of basic commands and small explanation (note that options are started with either - or --, depending on the program, but most of the time - is used for letter options and -- for word options, -l vs --list for example):

+ + + +

And in general, to see the options supported by almost any command, use command -h or command --help, for a quick explanation. IMPORTANT: Most programs have man (manual) pages; to access them do man command, this is a very powerful tool to use.

+ +

Commands can be redirected to other commands (the output), which is powerful to create mini scripts or to achieve a goal in a single command. Most of the time the redirection can be done with the special characters >, < and most powerful, the | (pipe). Also, some commands accept an option to execute another command, but this depends on a command to command basis (exec option for find, for example).

+ +

Most terminal programs accept Ctrl-c or just q to exit the program.

+ +

File permissions and ownership

+ +

When listing files with ls -l, an output with file attributes (permissions) and ownership is shown, such as drwxr-xr-x 2 user group 4096 Jul 5 21:03 Desktop, where the first part are the attributes, and user and group the ownership info (all other info is irrelevant for now).

+ +

File attributes (drwxr-xr-x in the example above) are specified by 10 (sometimes 11) characters, and can be break into 4 parts (or 5):

+ + + +

Each of the three permission triads (rwx) can be:

+ + + +

To change attributes or ownership use chmod and chown, respectively.

+ +

Services

+ +

Special type of linux process (think of a program or set of programs that run in the background waiting to be used, or doing essential tasks). There are many ways to manage (start, stop, restart, enable, disable, etc.) services, the most common way (if using systemd) is to just use systemctl. Basic usage of systemctl is systemctl verb service, where verb could be start, enable, stop, disable, restart, etc. Also, to get a general system status run systemctl status or just systemctl for a list of running units (a unit is an instance of a service, or a mount point or even a device or a socket). For more: Arch Linux Wiki: systemd.

+ +

systemd also provides a way to do tasks based on a timer, where you can schedule from the second to the year. One could also use cron (using crontab with option e) to do this. These timers provide support for calendar time events, monotonic time events, and can be run asynchronously.

+ +

User and group management

+ +

Most mainstream linux distributions come with a Graphic User Interface (GUI) to manage users and groups on the system. For a Command-Line Interface (CLI) just use useradd (with passwd to create a password for a given user) and groupadd. Also, other useful commands are usermod, userdel, groups, gpasswd, groupdel and more, each used for a basic management of users/groups like modification, deletion, listing (of all existing users/groups), etc.. For more: Arch Linux Wiki: Users and groups.

+ +

Networking

+ +

Hosts file

+ +

Located at /etc/hosts, serves as a translator from hostname (web addresses or URLs) into IP addresses (think of DNS records), meaning that any URL can be overridden to make it point to whatever IP address it's specified (only locally on the machine affected). The syntax of the file is pretty simple: first column for IP, second for hostname (URL) and third+ for aliases.

+ +

(Some) commands

+ +

These commands serve the sole purpose of showing information about the network and stuff related to it:

+ + + +
+
+

Created: Sat, Mar 13, 2021 @ 22:57 MST

+
+
+ + + + diff --git a/blog/old/dst/a/mail_server_with_postfix.html b/blog/old/dst/a/mail_server_with_postfix.html new file mode 100644 index 0000000..a39d0b9 --- /dev/null +++ b/blog/old/dst/a/mail_server_with_postfix.html @@ -0,0 +1,578 @@ + + + + + + Luévano's Blog + + + + + + + + + + + + + + + + + +
+ + +
+ + + +
+
+ +
+

Create a mail server with Postfix, Dovecot, SpamAssassin and OpenDKIM

+ +

The entry is going to be long because it's a tedious process. This is also based on Luke Smith's script, but adapted to Arch Linux (his script works on debian-based distributions). This entry is mostly so I can record all the notes required while I'm in the process of installing/configuring the mail server on a new VPS of mine; also I'm going to be writing a script that does everything in one go (for Arch Linux), that will be hosted here.

+ +

This configuration works for local users (users that appear in /etc/passwd), and does not use any type of SQL. And note that most if not all commands executed here are run with root privileges.

+ +

More in depth configuration is detailed in the Arch Wiki for each package used here.

+ +

Prerequisites

+ +

Basically the same as with the website with Nginx and Certbot:

+ + + +

Postfix

+ +

Postfix is a “mail transfer agent” which is the component of the mail server that receives and sends emails via SMTP.

+ +

Install the postfix package:

+ +
pacman -S postfix
+
+ +

We have two main files to configure (inside /etc/postfix): master.cf (master(5)) and main.cf (postconf(5)). We're going to edit main.cf first either by using the command postconf -e 'setting' or by editing the file itself (I prefer to edit the file).

+ +

Note that the default file itself has a lot of comments with description on what each thing does (or you can look up the manual, linked above), I used what Luke's script did plus some other settings that worked for me.

+ +

Now, first locate where your website cert is, mine is at the default location /etc/letsencrypt/live/, so my certdir is /etc/letsencrypt/live/luevano.xyz. Given this information, change {yourcertdir} on the corresponding lines. The configuration described below has to be appended in the main.cf configuration file.

+ +

Certificates and ciphers to use for authentication and security:

+ +
smtpd_tls_key_file = {yourcertdir}/privkey.pem
+smtpd_tls_cert_file = {yourcertdir}/fullchain.pem
+smtpd_use_tls = yes
+smtpd_tls_auth_only = yes
+smtp_tls_security_level = may
+smtp_tls_loglevel = 1
+smtp_tls_CAfile = {yourcertdir}/cert.pem
+smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
+smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
+smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
+smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
+tls_preempt_cipherlist = yes
+smtpd_tls_exclude_ciphers = aNULL, LOW, EXP, MEDIUM, ADH, AECDH, MD5,
+                DSS, ECDSA, CAMELLIA128, 3DES, CAMELLIA256,
+                RSA+AES, eNULL
+
+smtp_tls_CApath = /etc/ssl/certs
+smtpd_tls_CApath = /etc/ssl/certs
+
+smtpd_relay_restrictions = permit_sasl_authenticated, permit_mynetworks, defer_unauth_destination
+
+ +

Also, for the connection with dovecot, append the next few lines (telling postfix that dovecot will use user/password for authentication):

+ +
smtpd_sasl_auth_enable = yes
+smtpd_sasl_type = dovecot
+smtpd_sasl_path = private/auth
+smtpd_sasl_security_options = noanonymous, noplaintext
+smtpd_sasl_tls_security_options = noanonymous
+
+ +

Specify the mailbox home (this is going to be a directory inside your user's home):

+ +
home_mailbox = Mail/Inbox/
+
+ +

Pre-configuration to work seamlessly with dovecot and opendkim:

+ +
myhostname = {yourdomainname}
+mydomain = localdomain
+mydestination = $myhostname, localhost.$mydomain, localhost
+
+milter_default_action = accept
+milter_protocol = 6
+smtpd_milters = inet:127.0.0.1:8891
+non_smtpd_milters = inet:127.0.0.1:8891
+mailbox_command = /usr/lib/dovecot/deliver
+
+ +

Where {yourdomainname} is luevano.xyz in my case, or if you have localhost configured to your domain, then use localhost for myhostname (myhostname = localhost).

+ +

Lastly, if you don't want the sender's IP and user agent (application used to send the mail), add the following line:

+ +
smtp_header_checks = regexp:/etc/postfix/smtp_header_checks
+
+ +

And create the /etc/postfix/smtp_header_checks file with the following content:

+ +
/^Received: .*/     IGNORE
+/^User-Agent: .*/   IGNORE
+
+ +

That's it for main.cf, now we have to configure master.cf. This one is a bit more tricky.

+ +

First look up lines (they're uncommented) smtp inet n - n - - smtpd, smtp unix - - n - - smtp and -o syslog_name=postfix/$service_name and either delete or uncomment them… or just run sed -i "/^\s*-o/d;/^\s*submission/d;/\s*smtp/d" /etc/postfix/master.cf as stated in Luke's script.

+ +

Lastly, append the following lines to complete postfix setup and pre-configure for spamassassin.

+ +
smtp unix - - n - - smtp
+smtp inet n - y - - smtpd
+    -o content_filter=spamassassin
+submission inet n - y - - smtpd
+    -o syslog_name=postfix/submission
+    -o smtpd_tls_security_level=encrypt
+    -o smtpd_sasl_auth_enable=yes
+    -o smtpd_tls_auth_only=yes
+smtps inet n - y - - smtpd
+    -o syslog_name=postfix/smtps
+    -o smtpd_tls_wrappermode=yes
+    -o smtpd_sasl_auth_enable=yes
+spamassassin unix - n n - - pipe
+    user=spamd argv=/usr/bin/vendor_perl/spamc -f -e /usr/sbin/sendmail -oi -f \${sender} \${recipient}
+
+ +

Now, I ran into some problems with postfix, one being smtps: Servname not supported for ai_socktype, to fix it, as Till posted in that site, edit /etc/services and add:

+ +
smtps 465/tcp
+smtps 465/udp
+
+ +

Before starting the postfix service, you need to run newaliases first (but you can do a bit of configuration beforehand). Edit the file /etc/postfix/aliases and edit accordingly. I only change the root: you line (where you is the account that will be receiving “root” mail). Check the Arch Wiki for more info and other alternatives/options. After you're done, run:

+ +
postalias /etc/postfix/aliases
+newaliases
+
+ +

At this point you're done configuring postfix and you can already start/enable the postfix service:

+ +
systemctl start postfix.service
+systemctl enable postfix.service
+
+ +

Dovecot

+ +

Dovecot is an IMAP and POP3 server, which is what lets an email application retrieve the mail.

+ +

Install the dovecot and pigeonhole (sieve for dovecot) packages:

+ +
pacman -S dovecot pigeonhole
+
+ +

On arch, by default, there is no /etc/dovecot directory with default configurations set in place, but the package does provide the example configuration files. Create the dovecot directory under /etc and, optionally, copy the dovecot.conf file and conf.d directory under the just created dovecot directory:

+ +
mkdir /etc/dovecot
+cp /usr/share/doc/dovecot/example-config/dovecot.conf /etc/dovecot/dovecot.conf
+cp -r /usr/share/doc/dovecot/example-config/conf.d /etc/dovecot
+
+ +

As Luke stated, dovecot comes with a lot of “modules” (under /etc/dovecot/conf.d/ if you copied that folder) for all sorts of configurations that you can include, but I do as he does and just edits/creates the whole dovecot.conf file; although, I would like to check each of the separate configuration files dovecot provides I think the options Luke provides are more than good enough.

+ +

I'm working with an empty dovecot.conf file. Add the following lines for SSL and login configuration (also replace {yourcertdir} with the same certificate directory described in the Postfix section above, note that the < is required):

+ +
ssl = required
+ssl_cert = <{yourcertdir}/fullchain.pem
+ssl_key = <{yourcertdir}/privkey.pem
+ssl_min_protocol = TLSv1.2
+ssl_cipher_list = ALL:!RSA:!CAMELLIA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SHA1:!SHA256:!SHA384:!LOW@STRENGTH
+ssl_prefer_server_ciphers = yes
+ssl_dh = </etc/dovecot/dh.pem
+
+auth_mechanisms = plain login
+auth_username_format = %n
+protocols = $protocols imap
+
+ +

You may notice we specify a file we don't have under /etc/dovecot: dh.pem. We need to create it with openssl (you should already have it installed if you've been following this entry and the one for nginx). Just run (might take a few minutes):

+ +
openssl dhparam -out /etc/dovecot/dh.pem 4096
+
+ +

After that, the next lines define what a “valid user is” (really just sets the database for users and passwords to be the local users with their password):

+ +
userdb {
+    driver = passwd
+}
+
+passdb {
+    driver = pam
+}
+
+ +

Next, comes the mail directory structure (has to match the one described in the Postfix section). Here, the LAYOUT option is important so the boxes are .Sent instead of Sent. Add the next lines (plus any you like):

+ +
mail_location = maildir:~/Mail:INBOX=~/Mail/Inbox:LAYOUT=fs
+namespace inbox {
+    inbox = yes
+
+    mailbox Drafts {
+        special_use = \Drafts
+        auto = subscribe
+        }
+
+    mailbox Junk {
+        special_use = \Junk
+        auto = subscribe
+        autoexpunge = 30d
+        }
+
+    mailbox Sent {
+        special_use = \Sent
+        auto = subscribe
+        }
+
+    mailbox Trash {
+        special_use = \Trash
+        }
+
+    mailbox Archive {
+        special_use = \Archive
+        }
+}
+
+ +

Also include this so Postfix can use Dovecot's authentication system:

+ +
service auth {
+    unix_listener /var/spool/postfix/private/auth {
+        mode = 0660
+        user = postfix
+        group = postfix
+        }
+}
+
+ +

Lastly (for dovecot at least), the plugin configuration for sieve (pigeonhole):

+ +
protocol lda {
+    mail_plugins = $mail_plugins sieve
+}
+
+protocol lmtp {
+    mail_plugins = $mail_plugins sieve
+}
+
+plugin {
+    sieve = ~/.dovecot.sieve
+    sieve_default = /var/lib/dovecot/sieve/default.sieve
+    sieve_dir = ~/.sieve
+    sieve_global_dir = /var/lib/dovecot/sieve/
+
+ +

Where /var/lib/dovecot/sieve/default.sieve doesn't exist yet. Create the folders:

+ +
mkdir -p /var/lib/dovecot/sieve
+
+ +

And create the file default.sieve inside that just created folder with the content:

+ +
require ["fileinto", "mailbox"];
+if header :contains "X-Spam-Flag" "YES" {
+    fileinto "Junk";
+}
+
+ +

Now, if you don't have a vmail (virtual mail) user, create one and change the ownership of the /var/lib/dovecot directory to this user:

+ +
grep -q "^vmail:" /etc/passwd || useradd -m vmail -s /usr/bin/nologin
+chown -R vmail:vmail /var/lib/dovecot
+
+ +

Note that I also changed the shell for vmail to be /usr/bin/nologin. After that, run:

+ +
sievec /var/lib/dovecot/sieve/default.sieve
+
+ +

To compile the configuration file (a default.svbin file will be created next to default.sieve).

+ +

Next, add the following lines to /etc/pam.d/dovecot if not already present (shouldn't be there if you've been following these notes):

+ +
auth required pam_unix.so nullok
+account required pam_unix.so
+
+ +

That's it for dovecot, at this point you can start/enable the dovecot service:

+ +
systemctl start dovecot.service
+systemctl enable dovecot.service
+
+ +

OpenDKIM

+ +

OpenDKIM is needed so services like G**gle (we don't mention that name here [[[this is a meme]]]) don't throw the mail to the trash. DKIM stands for “DomainKeys Identified Mail”.

+ +

Install the opendkim package:

+ +
pacman -S opendkim
+
+ +

Generate the keys for your domain:

+ +
opendkim-genkey -D /etc/opendkim -d {yourdomain} -s {yoursubdomain} -r -b 2048
+
+ +

Where you need to change {yourdomain} and {yoursubdomain} (doesn't really need to be the sub-domain, could be anything that describes your key) accordingly, for me it's luevano.xyz and mail, respectively. After that, we need to create some files inside the /etc/opendkim directory. First, create the file KeyTable with the content:

+ +
{yoursubdomain}._domainkey.{yourdomain} {yourdomain}:{yoursubdomain}:/etc/opendkim/{yoursubdomain}.private
+
+ +

So, for me it would be:

+ +
mail._domainkey.luevano.xyz luevano.xyz:mail:/etc/opendkim/mail.private
+
+ +

Next, create the file SigningTable with the content:

+ +
*@{yourdomain} {yoursubdomain}._domainkey.{yourdomain}
+
+ +

Again, for me it would be:

+ +
*@luevano.xyz mail._domainkey.luevano.xyz
+
+ +

And, lastly create the file TrustedHosts with the content:

+ +
127.0.0.1
+::1
+10.1.0.0/16
+1.2.3.4/24
+localhost
+{yourserverip}
+...
+
+ +

And more, make sure to include your server IP and something like subdomain.domainname.

+ +

Next, edit /etc/opendkim/opendkim.conf to reflect the changes (or rather, additions) of these files, as well as some other configuration. You can look up the example configuration file located at /usr/share/doc/opendkim/opendkim.conf.sample, but I'm creating a blank one with the contents:

+ +
Domain {yourdomain}
+Selector {yoursubdomain}
+
+Syslog Yes
+UserID opendkim
+
+KeyFile /etc/opendkim/{yoursubdomain}.private
+Socket inet:8891@localhost
+
+ +

Now, change the permissions for all the files inside /etc/opendkim:

+ +
chown -R root:opendkim /etc/opendkim
+chmod g+r /etc/postfix/dkim/*
+
+ +

I'm using root:opendkim so opendkim doesn't complain about the {yoursubdomani}.private being insecure (you can change that by using the option RequireSafeKeys False in the opendkim.conf file, as stated here).

+ +

That's it for the general configuration, but you could go more in depth and be more secure with some extra configuration as described in the Arch Wiki entry for OpenDKIM.

+ +

Now, just start/enable the opendkim service:

+ +
systemctl start opendkim.service
+systemctl enable opendkim.service
+
+ +

And don't forget to add the following TXT records on your domain registrar (these examples are for Epik):

+ +
    +
  1. DKIM entry: look up your {yoursubdomain}.txt file, it should look something like:
  2. +
+ +
{yoursubdomain}._domainkey IN TXT ( "v=DKIM1; k=rsa; s=email; "
+    "p=..."
+    "..." )  ; ----- DKIM key mail for {yourdomain}
+
+ +

In the TXT record you will place {yoursubdomain}._domainkey as the “Host” and "v=DKIM1; k=rsa; s=email; " "p=..." "..." in the “TXT Value” (replace the dots with the actual value you see in your file).

+ +
    +
  1. DMARC entry: just _dmarc.{yourdomain} as the “Host” and "v=DMARC1; p=reject; rua=mailto:dmarc@{yourdomain}; fo=1" as the “TXT Value”.

  2. +
  3. SPF entry: just @ as the “Host” and "v=spf1 mx a:{yoursubdomain}.{yourdomain} - all" as the “TXT Value”.

  4. +
+ +

And at this point you could test your mail for spoofing and more, but you don't know -yet- how to login (it's really easy, but I'm gonna state that at the end of this entry).

+ +

SpamAssassin

+ +

SpamAssassin is just a mail filter to identify spam.

+ +

Install the spamassassin package (which will install a bunch of ugly perl packages…):

+ +
pacman -S spamassassin
+
+ +

For some reason, the permissions on all spamassassin stuff are all over the place. First, change owner of the executables, and directories:

+ +
chown spamd:spamd /usr/bin/vendor_perl/sa-*
+chown spamd:spamd /usr/bin/vendor_perl/spam*
+chwown -R spamd:spamd /etc/mail/spamassassin
+
+ +

Then, you can edit local.cf (located in /etc/mail/spamassassin) to fit your needs (I only uncommented the rewrite_header Subject ... line). And then you can run the following command to update the patterns and compile them:

+ +
sudo -u spamd sa-update
+sudo -u spamd sa-compile
+
+ +

And since this should be run periodically, create the service spamassassin-update.service under /etc/systemd/system with the following content:

+ +
[Unit]
+Description=SpamAssassin housekeeping
+After=network.target
+
+[Service]
+User=spamd
+Group=spamd
+Type=oneshot
+
+ExecStart=/usr/bin/vendor_perl/sa-update --allowplugins
+SuccessExitStatus=1
+ExecStart=/usr/bin/vendor_perl/sa-compile
+ExecStart=/usr/bin/systemctl -q --no-block try-restart spamassassin.service
+
+ +

And you could also execute sa-learn to train spamassassin's bayes filter, but this works for me. Then create the timer spamassassin-update.timer under the same directory, with the content:

+ +
[Unit]
+Description=SpamAssassin housekeeping
+
+[Timer]
+OnCalendar=daily
+Persistent=true
+
+[Install]
+WantedBy=timers.target
+
+ +

You can now start/enable the spamassassin-update timer:

+ +
systemctl start spamassassin-update.timer
+systemctl enable spamassassin-update.timer
+
+ +

Next, you may want to edit the spamassassin service before starting and enabling it, because by default, it could spawn a lot of “childs” eating a lot of resources and you really only need one child. Append --max-children=1 to the line ExecStart=... in /usr/bin/systemd/system/spamassassin.service:

+ +
...
+ExecStart=/usr/bin/vendor_perl/spamd -x -u spamd -g spamd --listen=/run/spamd/spamd.sock --listen=localhost --max-children=1
+...
+
+ +

Finally, start and enable the spamassassin service:

+ +
systemctl start spamassassin.service
+systemctl enable spamassassin.service
+
+ +

Wrapping up

+ +

We should have a working mail server by now. Before continuing check your journal logs (journalctl -xe --unit={unit}, where {unit} could be spamassassin.servicefor example) to see if there was any error whatsoever and try to debug it, it should be a typo somewhere (the logs are generally really descriptive) because all the settings and steps detailed here just (literally just finished doing everything on a new server as of the writing of this text) worked (((it just werks on my machine))).

+ +

Now, to actually use the mail service: first of all, you need a normal account (don't use root) that belongs to the mail group (gpasswd -a user group to add a user user to group group) and that has a password.

+ +

Next, to actually login into a mail app/program/whateveryouwanttocallit, you will use the following settings, at least for thunderdbird(I tested in windows default mail app and you don't need a lot of settings):

+ + + +

All that's left to do is test your mail server for spoofing, and to see if everything is setup correctly. Go to DKIM Test and follow the instructions (basically click next, and send an email with whatever content to the email that they provide). After you send the email, you should see something like:

+ +

DKIM Test successful

+ +

(Yes, I blurred a lot in the picture just to be sure, either way what's important is the list on the bottom part of the image)

+ +

Finally, that's actually it for this entry, if you have any problem whatsoever you have my info down below.

+ +
+
+

Created: Sat, Mar 20, 2021 @ 02:54 MST; modified: Sat, Mar 20, 2021 @ 21:05 MST

+
+
+ + + + diff --git a/blog/old/dst/a/shell_scripting.html b/blog/old/dst/a/shell_scripting.html new file mode 100644 index 0000000..61089d9 --- /dev/null +++ b/blog/old/dst/a/shell_scripting.html @@ -0,0 +1,362 @@ + + + + + + Luévano's Blog + + + + + + + + + + + + + + + + + +
+ + +
+ + + +
+
+ +
+

Shell scripting tutorial video notes

+ +

Another summary, this time about shell scripting in general. And just like with the Linux notes, I also did most of the notes myself or with resources outside the video. The videos in question are: The Bad Tutorials (YT): Shell Scripting Tutorials and Automation with SCripting (YT): Complete Shell Scripting Tutorials. Also, some notes were taken from tutorialspoint: UNIX / LINUX Tutorial and general googling.

+ +

Basic concepts

+ +

A shell it's an interface between the user and the kernel. While the kernel it's the layer that interacts between the shell and the hardware. And you access the shell either via a terminal, or executing a shell script. Note that if you're using a GUI environment, you need a terminal emulator to actually use a terminal (most Linux distros come with everything needed, so no need to worry).

+ +

When using a terminal a blank screen with some text and a cursor that shows you where to type will appear and depending on the shell being used (sh, dash, ksh, bash, zsh, fish, etc.) the prompt will be different. The most common one being of the form user@host:~$, which tells that the user is using host machine and the current working directory is ~ (can be /any/path/ too), and lastly, the $ shows the current privileges of the shell/user using the shell (a $ for normal user and # for root access).

+ +

To clear the screen use command clear or simply do Ctrl + l (most terminals let you do this) and to cancel or create a new prompt do Ctrl + c, this also cancels any running program that's using the terminal (typing q when a program is running also stops the process, sometimes).

+ +

Also there are POSIX (portable operating system interface) compliant shells like sh, dash, ksh, etc., that have a standard syntax and are portable to any Unix system. Non POSIX compliant shells (or not necessary fully POSIX compliant) are bash, zsh, fish, etc., that provide a more modern syntax but lack speed on executing scripts.

+ +

Common commands/programs

+ +

A list of common commands or programs with a short description (for more, do man command or command -h or command --help):

+ + + +

And some special “commands” or “operators” (for more: gnu: 3.6 Redirections):

+ + + +

Shell scripting

+ +

A shell script is nothing more but a file that contains commands in it; they're executed in the same order they are present in the file. A shell script file is usually terminated with a .sh extension, independently of the shell being used, but it's not 100% necessary as in Unix systems, an extension mean nothing, other than distinction (visually) between files. Then one can just have an extension-less file as a script. The script must have execution permissions (chmod +x file), unless shell script is executed in the terminal, where shell could be sh, bash, etc. Comments are created by prepending # to whatever the text should be a comment.

+ +

It's common practice to have the first line as a she-bang (#!), which is just a comment telling the interpreter which shell to execute the script with (usable when having the script in your PATH so you only call the name of the script like any other command/program). A she-bang has the syntax #!/path/to/shell some_other_options, the most common she-bangs being: #!/bin/sh, #!/bin/bash, #!/usr/bin/python, etc.

+ +

Also, some people argue that you shouldn't use absolute paths, since not all Unix operating systems have the same directory structure, or not all programs are going to be installed in the same folder. So a portable she-bang can be made by prepending /usr/bin/env and the specify the program to run, for example: #!/usr/bin/env bash.

+ +

Like always… the basic “Hello, world!” script:

+ +
#!/bin/sh
+echo "Hello, world!"
+
+ +

Three ways of executing this script (assuming the file name is hw):

+ +
    +
  1. Type in terminal sh hw.
  2. +
  3. Type in terminal ./hw. Requires the file to have execute permissions.
  4. +
  5. Type in terminal hw. Requires the file to have execute permissions. Requires the file to be in your PATH.
  6. +
+ +

Variables

+ +

Variables are case sensitive, meaning that my_var and MY_VAR are different and a variable name can only contain letters and numbers (a-z, A-Z and 0-9) or the underscore character _. Can't contain a space. Variables are called by prepending $ to the variable name.

+ +

Like in most programming languages, there are some reserved words like if, select, then, until, while, etc., that can't be used as variables or as values of variables. For more: D.2 Index of Shell Reserved Words.

+ +

There is no need to specify a variable type. Anything surrounded by " will be treated as text. You can use booleans, numbers, text and arrays (the implementation of arrays depends on the shell being used). Make a variable readonly by calling readonly variable_name. Basic syntax:

+ + + +

There are special variables (for more. tutorialspoint: Unix / Linux - Special Variables):

+ + + +

When calling a script, you can pass optional (or required) positional arguments like: command arg1 arg2 arg3 argn.

+ +

Note that a variable can also take the output of another command, one common way to do this is using $(command) or `command`, for example: var="$(echo 'this is a command being executed inside the definition of a variable')" which, since the echo command is being run, var="this is a command being executed inside the definition of a variable", which doesn't seem like much, but there could be any command inside $() or `command`. Note that this is not special to defining variables, could also be used as arguments of another command.

+ +

Internal Field Separator (IFS)

+ +

This is used by the shell to determine how to do word splitting (how to recognize word boundaries). The default value for IFS consists of whitespace characters (space, tab and newline). This value can ve overridden by setting the variable IFS to something like, for example, :.

+ +

Conditionals

+ +

Exit status

+ +

Any command being run has an exit status, either 0 or 1, if the command has been executed successfully or otherwise (an error), respectively.

+ +

if statement

+ +

Pretty similar to other programming languages, evaluates an expression to a true or false and executes code as specified. if statements can be nested, and follow normal rules of logical operations. Basic syntax is:

+ +
#!/bin/sh
+if expression
+then
+do_something
+elif another_expression
+then
+do_another_thing
+else
+do_something_else
+fi
+
+ +

The expression is usually wrapped around [] or [[]], the first being POSIX compliant and the second bash-specific (and other shells).

+ +

Also, some operators to compare things use == for “equals” and > for “greater than”, for example; while in a POSIX compliant shell, = for “equals” and -gt for “greater than” has to be used. For more operators: tutorialspoint: Unix / Linux - Shell Basic Operators (this also covers logical operators and file test operators).

+ +

Case statement

+ +

A common good alternative to multilevel if statements, enables you to match several values against one variable. Basic syntax is:

+ +
case $var in
+    pattern1)
+        do_something1
+        ;;
+    pattern2)
+        subpattern1)
+            do_subsomething1
+            ;;
+        subpattern2)
+            do_subsomething2
+            ;;
+        *)
+    pattern3|pattern4|...|patternN)
+        do_something3
+        ;;
+    patternM)
+        do_somethingM
+        ;;
+    *)
+        do_something_default
+        ;;
+esac
+
+ +

Where the * pattern is not necessary but serves the same purpose as a “default” case.

+ +

Loops

+ +

Loops enable execution of a set of commands repeatedly. Loops, naturally, can be nested. expression here (in the basic syntax examples) work the same as mentioned in the “if statement” section. For more: tutorialspoint: Unix / Linux - Shell Loop Types.

+ +

Loop control

+ +

Similar than other programming languages, there are loop controls to interrupt or continue a loop:

+ +
* `break` statement.
+* `continue` statement.
+
+ +

These statements accept an argument that specify from which loop to exit/continue.

+ +

while loop

+ +

Enables to execute a set of commands repeatedly until some condition occurs. Basic syntax:

+ +
#!/bin/sh
+while expression
+do
+    do_something
+done
+
+ +

until loop

+ +

Similar to the while loop, the difference is that the while loop is executed as long as a condition is true, but the until loop… until a condition is true. Basic syntax (similar to while loop):

+ +
#!/bin/sh
+until expression
+do
+    do_something
+done
+
+ +

for loop

+ +

Operates on lists of items. It repeats a set of commands for every item in a list. Basic syntax:

+ +
#!/bin/sh
+for var in word1 word2 ... wordN
+do
+    do_something_with_var
+done
+
+ +

Where var is the current value (word1, word2, etc.) in the loop and the expression after for can refer to an array, or the output of a command that outputs a list of things, etc.

+ +

select loop

+ +

Provides an easy way to create a numbered menu from which users can select options. Basic syntax (similar to for loop):

+ +
select var in word1 word2 ... wordN
+do
+    do_something_with_var
+done
+
+ +

Meta characters

+ +

Meta characters are used to execute several commands on a single line (depending on what it's needed). The most used meta characters to accomplish this are semi-colon ;, double ampersand && and double “pipe” ||.

+ + + +

Functions

+ +

Enable to break down the overall functionality of a script into smaller, logical subsections, which can then be called upon to perform their individual tasks when needed (like in any other programming language…). For more: tutorialspoint: Unix / Linux - Shell Functions. Basic syntax:

+ +
#!/bin/sh
+function_name () {
+    do_something
+}
+
+ +

Functions can also take arguments and can access their individual arguments (each function will have a different “storage” for their arguments). Functions can also be nested. Here exit will not only will finish the function code, but also the shell script that called it, instead use return plus an exit code to just exit the function.

+ +
+
+

Created: Sat, Mar 13, 2021 @ 22:57 MST

+
+
+ + + + diff --git a/blog/old/dst/a/sql_video_notes.html b/blog/old/dst/a/sql_video_notes.html new file mode 100644 index 0000000..9d3d07f --- /dev/null +++ b/blog/old/dst/a/sql_video_notes.html @@ -0,0 +1,295 @@ + + + + + + Luévano's Blog + + + + + + + + + + + + + + + + + +
+ + +
+ + + +
+
+ +
+

SQL tutorial video notes

+ +

I was requested to make summaries of videos about SQL, these are the notes (mostly this is a transcription of what I found useful). The videos in question are: SQL Tutorial - Full Database Course for Beginners, MySQL Tutorial for Beginners [Full Course] and Advanced SQL course | SQL tutorial advanced. Also, some notes were taken from w3schools.com's SQL Tutorial and MySQL 8.0 Reference Manual.

+ +

What is a database (DB)?

+ +

Any collection of related information, such as a phone book, a shopping list, Facebook's user base, etc.. It can be stored in different ways: on paper, on a computer, in your mind, etc..

+ +

Database Management Systems (DBMS)

+ +

A special software program that helps users create and maintain a database that makes it easy to manage large amounts of information, handles security, backups and can connect to programming languages for automation.

+ +

CRUD

+ +

The four main operations that a DBMS will do: create, read, update and delete.

+ +

Two types of databases

+ + + +

Relational databases (RDB) (SQL)

+ +

When we want to create a RDB we need a Relational Database Management System (RDBMS) that uses Structured Query Language (SQL) which is a standardized language for interacting with RDBMS and it's used to perform CRUD operations (and other administrative tasks).

+ +

Non-relational databases (NRDB) (noSQL/not just SQL)

+ +

Anything that's not relational, stores data in anything but static tables. Could be a document (JSON, XML, etc.), graph (relational nodes), key-value hash (strings, json, etc.), etc.

+ +

NRDB also require a Non-Relational Database Management System (NRDBMS) to maintain a database. But it doesn't have a standardized language for performing CRUD and administrative operations like how RDB have.

+ +

Database queries

+ +

A DB query is a request that is made to the (R/NR)DBMS for a specific information. A google search is a query, for example.

+ +

Tables and keys

+ +

A table is composed of columns, rows and a primary key. The primary key is unique and identifies one specific row. Columns and rows are trivial, a column identifies a field and has a specific data type (name, email, birth) and a row identifies a table entry (person that contains a name, email and birth).

+ +

Also, there are foreign keys, it's purpose is to relate to another database table; this foreign key is unique in it's own table, but can be repeated where you use it as a foreign key.

+ +

It's possible to use the same table keys as foreign keys to make relations inside the same table.

+ +

SQL basics

+ +

It's actually a hybrid language, basically 4 types of languages in one:

+ + + +

Queries

+ +

A set of instructions given to the RDBMS (written in SQL) that tell the RDBMS what information you want it to retrieve. Instead of getting the whole database, retrieve only a bit of information that you need.

+ +

Also, SQL keywords can be either lower or upper case, but it's convention to use upper case. And queries are ended by a semi-colon.

+ +

Data types

+ +

Just some SQL data types (for more: MySQL 8.0 Reference Manual: Chapter 11 Data Types, the notation is DATATYPE(SIZE(,SIZE)):

+ + + +

Basic management of tables

+ +

To create a table, the basic syntax is CREATE TABLE tablename (column1 datatype constraint, column2 datatype constraint, ...), where a constraint could be (for more: MySQL 8.0 Reference Manual: 13.1.20 CREATE TABLE Statement):

+ + + +

Get the table structure with DESCRIBE tablename and delete it with DROP TABLE tablename. Add columns to the table with ALTER TABLE tablename ADD column DATATYPE(N,M), similar syntax to delete a specific column ALTER TABLE tablename DRORP COLUMN column.

+ +

Add entries to the table with INSERT INTO tablename VALUES(value1, value2, ...) where all the fields must be specified, or INSERT INTO tablename(column1, column2) VALUES(value1, value2) to just add some fields to the new entry. While at it, (all) the table content can be fetched with SELECT * FROM tablename.

+ +

Basic Updating of entries with UPDATE tablename SET expression1 WHERE expression2, where expression1 could be column = value2 and expression2 could be column = value1, meaning that the value of column will be changed from value1 to value2. Note that the expressions are not limited by column = value, and that the column has to be the same, it would be any expression. Also, this is really extensive as SET can set multiple variables and WHERE take more than one condition by chaining conditions with AND, OR and NOT keywords, for example.

+ +
ON DELETE statement
+ +

When an entry needs to be updated somehow based on a modification on a foreign key. If two tables are related to each other, if something is deleted on one end, update the other end in some way.

+ +

For example on creation of a table, on the specification of a foreign key: CREATE TABLE tablename (..., FOREIGN KEY(column) REFERENCES othertable(othertablecolumn) ON DELETE something). That something could be SET NULL, CASCADE, etc..

+ +

SELECT queries

+ +

Instead of doing SELECT * FROM tablename, which gets all the data from a table, more complex SELECT queries can be implemented, such as SELECT column FROM tablename to only get all data from one column of the table. Append LIMIT N to limit the query to N entries. Append WHERE condition to meet a custom condition.

+ +

Other statements that can be used in conjunction with SELECT are ORDER BY column ASC|DESC, SELECT DISTINCT, MIN(column), MAX(column), COUNT(column), AVG(column), SUM(column), LIKE and more. For more, visit MySQL 8.0 Reference Manual: 13.2.10 SELECT Statement.

+ +

MySQL uses regular expressions (regex) like pattern matching, some wildcards that can be used with the LIKE statement are:

+ + + +

An extended regex can be used with the statement REGEX_LIKE(expression); REGEXP and RLIKE are synonyms for REGEX_LIKE. For more: MySQL 8.0 Reference Manual: 3.3.4.7 Pattern Matching.

+ +

Unions

+ +

A specialized SQL operator that is used to combine multiple SELECT statements into one. The basic syntax is SELECT ... UNION SELECT ..., where ... is a whole SELECT statement; there can be any amount of unions. There are some rules that apply when doing unions, such as having the same amount of columns on both statements and being of the same data type.

+ +

Joins

+ +

Used to combine rows from two or more tables based on a related column between them. Basic syntax is SELECT table1.column1, ..., table2.column1, ... FROM table(1|2) JOIN table(1|2) ON table1.common_column = table2.common_column, where the table specified in the FROM statement is called the “left” table, where the one in the JOIN statement is the “right” table. For more: MySQL 8.0 Reference Manual: 13.2.10.2 JOIN Clause.

+ +

There are different types of SQL JOINs:

+ + + +

INNER JOIN +LEFT JOIN +RIGHT JOIN +FULL OUTER JOIN

+ +

Nested queries

+ +

A query composed of multiple select statements to get a specific piece of information. This is self explanatory, you do a SELECT query somewhere inside another one, for example SELECT ... IN (SELECT ...), where the nesting is occurring inside the parenthesis after the IN statement.

+ +

A nesting isn't constrained to the IN statement, it can appear anywhere, for example in a WHERE statement: SELECT ... WHERE something = (SELECT ...).

+ +

Triggers

+ +

A block of SQL code that will define a certain action that will happen when a specific operation is performed on the database. It is recommended to change the DELIMITER temporarily from semi-colon to something else (since we need to use semi-colon to end the trigger) while the trigger is created. The basic syntax is CREATE TRIGGER trigername triggertime triggerevent ON tablename FOR EACH ROW triggerorder triggerbody. For more: MySQL 8.0 Reference Manual: 13.1.22 CREATE TRIGGER Statement and MySQL 8.0 Reference Manual: 25.3.1 Trigger Syntax and Examples.

+ +

Entity Relationship Diagrams (ERD)

+ +

When designing a database it's important to define a database schema which is just a definition of all the different tables and their attributes that are going to live inside the database. So, basically, an ERD diagram is a diagram that consists of text, symbols and shapes that are combined to create a relationship model.

+ +

The diagram consists of:

+ + + +

ERD example taken from wikipedia

+ +
+
+

Created: Tue, Mar 02, 2021 @ 07:35 MST

+
+
+ + + + diff --git a/blog/old/dst/a/website_with_nginx.html b/blog/old/dst/a/website_with_nginx.html new file mode 100644 index 0000000..df1da00 --- /dev/null +++ b/blog/old/dst/a/website_with_nginx.html @@ -0,0 +1,250 @@ + + + + + + Luévano's Blog + + + + + + + + + + + + + + + + + +
+ + +
+ + + +
+
+ +
+

Create a website with Nginx and Certbot

+ +

These are general notes on how to setup a Nginx web server plus Certbot for SSL certificates, initially learned from Luke's video and after some use and research I added more stuff to the mix. And, actually at the time of writing this entry, I'm configuring the web server again on a new VPS instance, so this is going to be fresh.

+ +

As a side note, (((i use arch btw))) so everything here es aimed at an Arch Linux distro, and I'm doing everything on a VPS. Also note that most if not all commands here are executed with root privileges.

+ +

Prerequisites

+ +

You will need two things:

+ + + +

Nginx

+ +

You have two options: nginx and nginx-mainline. I prefer nginx-mainline because it's the “up to date” package even though nginx is labeled to be the “stable” version. Install the package and enable/start the service:

+ +
pacman -S nginx-mainline
+systemctl enable nginx.service
+systemctl start nginx.service
+
+ +

And that's it, at this point you can already look at the default initial page of nginx if you enter the ip of your server in a web browser. You should see something like this:

+ +

Nginx welcome page

+ +

As stated in the welcome page, configuration is needed, head to the directory of nginx:

+ +
cd /etc/nginx
+
+ +

Here you have several files, the important one is nginx.conf, which as its name implies, contains general configuration of the web server. If you peek into the file, you will see that it contains around 120 lines, most of which are commented out and contains the welcome page server block. While you can configure a website in this file, it's common practice to do it on a separate file (so you can scale really easily if needed for mor websites or sub-domains).

+ +

Inside the nginx.conf file, delete the server blocks and add the lines include sites-enabled/*; (to look into individual server configuration files) and types_hash_max_size 4096; (to get rid of an ugly warning that will keep appearing) somewhere inside the http block. The final nginx.conf file would look something like (ignoring the comments just for clarity, but you can keep them as side notes):

+ +
worker_processes 1;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    include sites-enabled/*;
+    include mime.types;
+    default_type application/octet-stream;
+
+    sendfile on;
+
+    keepalive_timeout 65;
+
+    types_hash_max_size 4096;
+}
+
+ +

Next, inside the directory /etc/nginx/ create the sites-available and sites-enabled, and go into the sites-available one:

+ +
mkdir sites-available
+mkdir sites-enabled
+cd sites-available
+
+ +

Here, create a new .conf file for your website and add the following lines (this is just the sample content more or less):

+ +
server {
+    listen 80;
+    listen [::]:80;
+
+    root /path/to/root/directory;
+    server_name domain.name another.domain.name;
+    index index.html anotherindex.otherextension;
+
+    location /{
+        try_files $uri $uri/ =404;
+    }
+}
+
+ +

Note several things:

+ + + +

Then, make a symbolic from this config file to the sites-enabled directory:

+ +
ln -s /etc/nginx/sites-available/your_config_file.conf /etc/nginx/sites-enabled
+
+ +

This is so the nginx.conf file can look up the newly created server config. With this method of having each server configuration file separate you can easily “deactivate” any website by just deleting the symbolic link in sites-enabled and you're good, or just add new configuration files and keep everything nice and tidy.

+ +

All you have to do now is restart (or enable and start if you haven't already) the nginx service (and optionally test the configuration):

+ +
nginx -t
+systemctl restart nginx
+
+ +

If everything goes correctly, you can now go to your website by typing “domain.name” on a web browser. But you will see a “404 Not Found” page like the following (maybe with different nginx version):

+ +

Nginx 404 page

+ +

That's no problem, because it means that the web server it's actually working. Just add an index.html file with something simple to see it in action. If you keep seeing the 404 page make sure your root line is correct and that the directory/index file exists.

+ +

I like to remove the .html and trailing / on the URLs of my website, for that you need to add the following rewrite lines and modify the try_files line (for more: Sean C. Davis: Remove HTML Extension And Trailing Slash In Nginx Config):

+ +
server {
+    ...
+    rewrite ^(/.*)\.html(\?.*)?$ $1$2 permanent;
+    rewrite ^/(.*)/$ /$1 permanent;
+    ...
+    try_files $uri/index.html $uri.html $uri/ $uri =404;
+    ...
+
+ +

For more: Arch Linux Wiki: nginx.

+ +

Certbot

+ +

The only “bad” (bloated) thing about certbot, is that it uses python, but for me it doesn't matter too much. You may want to look up another alternative if you prefer. Install the packages certbot and certbot-nginx:

+ +
pacman -S certbot certbot-nginx
+
+ +

After that, all you have to do now is run certbot and follow the instructions given by the tool:

+ +
certbot --nginx
+
+ +

It will ask you for some information, for you to accept some agreements and the names to activate https for. Also, you will want to “say yes” to the redirection from http to https. And that's it, you can now go to your website and see that you have https active.

+ +

Now, the certificate given by certbot expires every 3 months or something like that, so you want to renew this certificate every once in a while. Using cron, you can do this by running:

+ +
crontab -e
+
+ +

And a file will be opened where you need to add a new rule for certbot, just append the line: 1 1 1 * * certbot renew (renew on the first day of every month) and you're good. Alternatively use systemd timers as stated in the Arch Linux Wiki.

+ +

For more: Arch Linux Wiki: Certbot.

+ +

That's it, you now have a website with SSL certificate.

+ +
+
+

Created: Thu, Mar 18, 2021 @ 19:58 MST

+
+
+ + + + diff --git a/blog/old/dst/index.html b/blog/old/dst/index.html new file mode 100644 index 0000000..682df2e --- /dev/null +++ b/blog/old/dst/index.html @@ -0,0 +1,108 @@ + + + + + + Luévano's Blog + + + + + + + + + + + + + + + + + +
+ + +
+ + + +
+
+ +
+

Luévano's Blog

+ +

Welcome to my blog where I'll post whatever I please, ranging from rants to how-to's. Además, este pex va a estar en español e inglés porque quiero (no una mezcla en cada entrada, pero sí entradas completas en diferentes lenguajes).

+ +

Articles

+ + +
+ + + + diff --git a/blog/old/dst/sitemap.xml b/blog/old/dst/sitemap.xml new file mode 100644 index 0000000..55edb9b --- /dev/null +++ b/blog/old/dst/sitemap.xml @@ -0,0 +1,16 @@ + + +https://blog.luevano.xyz/index.html2021-04-211.0 +https://blog.luevano.xyz/a/website_with_nginx.html2021-03-181.0 +https://blog.luevano.xyz/a/git_server_with_cgit.html2021-03-211.0 +https://blog.luevano.xyz/a/el_blog_ya_tiene_timestamps.html2021-03-151.0 +https://blog.luevano.xyz/a/shell_scripting.html2021-03-131.0 +https://blog.luevano.xyz/a/sql_video_notes.html2021-03-021.0 +https://blog.luevano.xyz/a/first_blog_post.html2021-02-271.0 +https://blog.luevano.xyz/a/linux_video_notes.html2021-03-131.0 +https://blog.luevano.xyz/a/mail_server_with_postfix.html2021-03-201.0 + diff --git a/blog/old/src/.files b/blog/old/src/.files new file mode 100644 index 0000000..e524da2 --- /dev/null +++ b/blog/old/src/.files @@ -0,0 +1,9 @@ +1615856381 1616720565 ./index.md +1616122695 0 ./a/website_with_nginx.md +1616306327 1616353229 ./a/git_server_with_cgit.md +1615862784 0 ./a/el_blog_ya_tiene_timestamps.md +1615701454 0 ./a/shell_scripting.md +1614695711 0 ./a/sql_video_notes.md +1614431313 0 ./a/first_blog_post.md +1615701443 0 ./a/linux_video_notes.md +1616234086 1616299559 ./a/mail_server_with_postfix.md diff --git a/blog/old/src/_footer.html b/blog/old/src/_footer.html new file mode 100644 index 0000000..3325f24 --- /dev/null +++ b/blog/old/src/_footer.html @@ -0,0 +1,23 @@ + + + + + diff --git a/blog/old/src/_header.html b/blog/old/src/_header.html new file mode 100644 index 0000000..e69790e --- /dev/null +++ b/blog/old/src/_header.html @@ -0,0 +1,63 @@ + + + + + + Luévano's Blog + + + + + + + + + + + + + + + + + +
+ + +
+ + + +
+
+ +
diff --git a/blog/old/src/a/el_blog_ya_tiene_timestamps.md b/blog/old/src/a/el_blog_ya_tiene_timestamps.md new file mode 100644 index 0000000..1405b7a --- /dev/null +++ b/blog/old/src/a/el_blog_ya_tiene_timestamps.md @@ -0,0 +1,9 @@ +# Así es raza, el blog ya tiene timestamps + +Pues eso, esta entrada es sólo para tirar update sobre mi [primer post](https://blog.luevano.xyz/a/first_blog_post.html). Ya modifiqué el `ssg` lo suficiente como para que maneje los *timestamps*, y ya estoy más familiarizado con este script entonces ya lo podré extender más, pero por ahora las entradas ya tienen su fecha de creación (y modificación en dado caso) al final y en el índice ya están organizados por fecha, que por ahora está algo simple pero está sencillo de extender. + +Ya lo único que queda es cambiar un poco el formato del blog (y de la página en general), porque en un momento de desesperación puse todo el texto en justificado y pues no se ve chido siempre, entonces queda corregir eso. *Y aunque me tomó más tiempo del que quisiera, así nomás quedó, diría un cierto personaje.* + +El `ssg` modificado está en mis [dotfiles](https://git.luevano.xyz/.dots) (o directamente [aquí](https://git.luevano.xyz/.dots/tree/.local/bin/ssg)). + +Por último, también quité las extensiones `.html` de las URLs, porque se veía bien pitero, pero igual los links con `.html` al final redirigen a su link sin `.html`, así que no hay rollo alguno. diff --git a/blog/old/src/a/first_blog_post.md b/blog/old/src/a/first_blog_post.md new file mode 100644 index 0000000..2911820 --- /dev/null +++ b/blog/old/src/a/first_blog_post.md @@ -0,0 +1,7 @@ +# This is the first blog post, just for testing purposes + +I'm making this post just to figure out how [`ssg5`](https://www.romanzolotarev.com/ssg.html) and [`lowdown`](https://kristaps.bsd.lv/lowdown/) are supposed to work (and eventually also [`rssg`](https://www.romanzolotarev.com/rssg.html)). + +At the moment, I'm not satisfied because there's no automatic date insertion into the 1) html file, 2) the blog post itself and 3) the listing system in the [blog homepage](https://blog.luevano.xyz/) (and there's also the problem with the ordering of the entries...). And all of this just because I didn't want to use [Luke's](https://github.com/LukeSmithxyz/lb) solution (don't really like that much how he handles the scripts... *but they just work*). + +Hopefully, for tomorrow all of this will be sorted out and I'll have a working blog system. diff --git a/blog/old/src/a/git_server_with_cgit.md b/blog/old/src/a/git_server_with_cgit.md new file mode 100644 index 0000000..d8a6037 --- /dev/null +++ b/blog/old/src/a/git_server_with_cgit.md @@ -0,0 +1,153 @@ +# Create a git server and setup cgit web app (on Nginx) + +My git server is all I need to setup to actually *kill* my other server (I've been moving from servers on these last 2-3 blog entries), that's why I'm already doing this entry. I'm basically following [git's guide on setting up a server](https://git-scm.com/book/en/v2/Git-on-the-Server-Setting-Up-the-Server) plus some specific stuff for (btw i use) Arch Linux ([Arch Linux Wiki: Git server](https://wiki.archlinux.org/index.php/Git_server#Web_interfaces) and [Step by step guide on setting up git server in arch linux (pushable)](https://miracoin.wordpress.com/2014/11/25/step-by-step-guide-on-setting-up-git-server-in-arch-linux-pushable/)). + +Note that this is mostly for personal use, so there's no user/authentication control other than that of SSH. Also, most if not all commands here are run as root. + +## Prerequisites + +I might get tired of saying this (it's just copy paste, basically)... but similar as before (check my [website](https://blog.luevano.xyz/a/website_with_nginx.html) and [mail](https://blog.luevano.xyz/a/mail_server_with_postfix.html) entries): + +* (This time, optional) A domain name if you want to have a "front end" to show your repositories. Got mine on [Epik](https://www.epik.com/?affid=da5ne9ru4) (affiliate link, btw). + * With a **CNAME** for "git" and (optionally) "www.git", or some other name for your sub-domains. +* A VPS or somewhere else to host. I'm using [Vultr](https://www.vultr.com/?ref=8732849) (also an affiliate link). + * `ssh` configured. + * (Optionally, if doing the domain name thingy) With `nginx` and `certbot` setup and running. + * Of course, `git` already installed (it should be a must have always). + +## git server + +If not installed already, install the `git` package: + +```sh +pacman -S git +``` + +On Arch Linux, when you install the `git` package, a `git` user is automatically created, so all you have to do is decide where you want to store the repositories, for me, I like them to be on `/home/git` like if `git` was a "normal" user. So, create the `git` folder (with corresponding permissions) under `/home` and set the `git` user's home to `/home/git`: + +```sh +mkdir /home/git +chown git:git /home/git +usermod -d /home/git git +``` + +Also, the `git` user is "expired" by default and will be locked (needs a password), change that with: + +```sh +chage -E -1 git +passwd git +``` + +Give it a strong one and remember to use `PasswordAuthentication no` for `ssh` (as you should). Create the `.ssh/authorized_keys` for the `git` user and set the permissions accordingly: + +```sh +mkdir /home/git/.ssh +chmod 700 /home/git/.ssh +touch /home/git/.ssh/authorized_keys +chmod 600 /home/git/.ssh/authorized_keys +chown -R git:git /home/git +``` + +Now is a good idea to copy over your local SSH public keys to this file, to be able to push/pull to the repositories. Do it by either manually copying it or using `ssh`'s built in `ssh-copy-id` (for that you may want to check your `ssh` configuration in case you don't let people access your server with user/password). + +Next, and almost finally, we need to edit the `git-daemon` service, located at `/usr/lib/systemd/system/` (called `git-daemon@.service`): + +```ini +... +ExecStart=-/usr/lib/git-core/git-daemon --inetd --export-all --base-path=/home/git --enable=receive-pack +... +``` + +I just appended `--enable=receive-pack` and note that I also changed the `--base-path` to reflect where I want to serve my repositories from (has to match what you set when changing `git` user's home). + +Now, go ahead and start and enable the `git-daemon` socket: + +```sh +systemctl start git-daemon.socket +systemctl enable git-daemon.socket +``` + +You're basically done. Now you should be able to push/pull repositories to your server... except, you haven't created any repository in your server, that's right, they're not created automatically when trying to push. To do so, you have to do the following sequence (assuming you're "`cd`'ed" into the `/home/git` directory): + +```sh +mkdir {repo_name}.git +cd {repo_name}.git +``` + +Those two lines above will need to be run each time you want to add a new repository to your server (yeah, kinda lame... although there are options to "automate" this, I like it this way). + +After that you can already push/pull to your repository. I have my repositories (locally) set up so I can push to more than one remote at the same time (my server, GitHub, GitLab, etc.), which is detailed [here](https://gist.github.com/rvl/c3f156e117e22a25f242). + +## cgit + +This bit is optional if you only wanted a git server (really easy to set up), this is so you can have a web application. This is basically a copy paste of [Arch Linux Wiki: Cgit](https://wiki.archlinux.org/index.php/Cgit#Nginx) so you can go there and get more in-depth configurations. + +Install the `cgit` and `fcgiwrap` packages: + +```sh +pacman -S cgit fcgiwrap +``` + +Now, just start and enable the `fcgiwrap` socket: + +```sh +systemctl start fcgiwrap.socket +systemctl enable fcgiwrap.socket +``` + +Next, the way I configure `nginx` is creating a separate file `{module}.conf` (`git.conf` in this case) under `/etc/nginx/sites-available` and create a symlink to `/etc/nginx/sites-enabled` as stated in my [`nginx` setup entry](https://blog.luevano.xyz/a/website_with_nginx.html). Add the following lines to your `git.conf` file: + +```nginx +server { + listen 80; + listen [::]:80; + root /usr/share/webapps/cgit; + server_name {yoursubdomain}.{yourdomain}; + try_files $uri @cgit; + + location @cgit { + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root/cgit.cgi; + fastcgi_param PATH_INFO $uri; + fastcgi_param QUERY_STRING $args; + fastcgi_param HTTP_HOST $server_name; + fastcgi_pass unix:/run/fcgiwrap.sock; + } +} +``` + +Where the `server_name` line depends on you, I have mine setup to `git.luevano.xyz` and `www.git.luevano.xyz`. Optionally run `certbot --nginx` to get a certificate for those domains if you don't have already. + +Now, all that's left is to configure `cgit`. Create the configuration file `/etc/cgitrc` with the following content (my personal options, pretty much the default): + +```apache +css=/cgit.css +source-filter=/usr/lib/cgit/filters/syntax-highlighting-edited.sh +logo=/cgit.png + +enable-http-clone=1 +# robots=noindex, nofollow +virtual-root=/ + +repo.url={url} +repo.path={dir_path} +repo.owner={owner} +repo.desc={short_description} + +... +``` + +Where you can uncomment the `robots` line to let web crawlers (like Google's) to index your `git` web app. And at the end keep all your repositories (the ones you want to make public), for example for my [*dotfiles*](https://git.luevano.xyz/.dots) I have: + +```apache +... +repo.url=.dots +repo.path=/home/git/.dots.git +repo.owner=luevano +repo.desc=These are my personal dotfiles. +... +``` + +Otherwise you could let `cgit` to automatically detect your repositories (you have to be careful if you want to keep "private" repos) using the option `scan-path` and setup `.git/description` for each repository. I will add more to my actual configuration, but for now it is useful as it is. For more, you can check [cgitrc(5)](https://man.archlinux.org/man/cgitrc.5). + +Finally, if you want further support for highlighting, other compressed snapshots or support for markdown, checkout the optional dependencies for `cgit` and also the Arch Wiki goes in detail on how to setup highlighting with two different packages. diff --git a/blog/old/src/a/linux_video_notes.md b/blog/old/src/a/linux_video_notes.md new file mode 100644 index 0000000..2c6697a --- /dev/null +++ b/blog/old/src/a/linux_video_notes.md @@ -0,0 +1,88 @@ +# Linux tutorial video notes + +I was requested to make a summary of a video about basic Linux stuff (like the [SQL tutorial video notes](https://blog.luevano.xyz/a/sql_video_notes)); this time, I did most of the notes depending on the topic since I'm familiar with most of the stuff presented in the video. The video in question is: [The Complete Linux Course: Beginner to Power User!](https://www.youtube.com/watch?v=wBp0Rb-ZJak). Also, some notes were taken from [Arch Linux Wiki](https://wiki.archlinux.org/) since it's got pretty decent documentation, and, of course, general googling. + +## (Basic) commands + +A list of basic commands and small explanation (note that options are started with either `-` or `--`, depending on the program, but most of the time `-` is used for letter options and `--` for word options, `-l` vs `--list` for example): + +* `pwd`: "print working directory", full **absolute** path to the current directory. +* `cd`: "change directory", followed by the absolute or relative path of the directory to change to. + * Absolute path is started with `/`, while a relative path is started with `./` or just the name of the folder. + * Use `..` (two dots) to go up one directory. + * An abbreviation of `/home/username` is `~` (tilde). +* `ls`: "list" files and directories in current directory, or specify a directory from which to show the list after typing `ls`. Has many options, the most common ones being: + * `l`: use long listing format. + * `r` or `reverse`: reverse order while sorting. + * `s`: sort by file size, largest first. + * `a` or `all`: do not ignore entries starting with `.`. +* `mkdir`: "make directory", create a new directory with specified name. +* `touch`: create new (empty) files. +* `cp`: "copy" files or directories (using option `r` for recursive). Requires file/directory to copy and destination, separated by space. +* `mv`: "move" files or directories, also requires file/directory to copy and destination, separated by space. This is also used to **rename** files/directories. +* `rm`: "remove", followed by a file to remove it. +* `rmdir`: "remove empty directory", followed by a directory to remove it. If the directory is not empty, use `rm -r` on the directory ("remove recursive"). +* `su`: "switch user", by default to **root** user, but another one can be specified. +* `sudo`: "switch user, do", similar to `su`, but only to execute a command as **root** or the specified user. +* `clear`: clear the terminal window, a (common) keyboard shortcut is `Ctrl + l`. +* `find`: search for files/directories matching a pattern or all contents of a directory (using `.`). +* `grep`: comes from the `ed` command "g/re/p", for searching plain-text for lines that match a regular expression (regex). +* `top`: a task manager program, shows currently running commands and gives important info such as PID (process ID), user who is running that command, command name, cpu and ram usage, etc.. Some useful commands to manage programs running are: + * `pgrep`: get the PID of a running process, or a list in chronological order. + * `kill` or `pkill`: kill a running process either by PID or by name. + * `killall`: similar to `pkill`. +* `ssh`: "secure shell" is a remote login client used to connect into a remote machine and executing commands remotely, basically taking control of the remote machine. Widely used when managing servers. +* `ftp` or `sftp`: "(secure) file transfer protocol" used to transfer files from one machine to another one (usually a server). It's recommended to use `sftp` instead of `ftp` because anyone can look through the packages if it's not secured (encrypted). + +And in general, to see the options supported by almost any command, use `command -h` or `command --help`, for a quick explanation. **IMPORTANT**: Most programs have **man (manual) pages**; to access them do `man command`, this is a very powerful tool to use. + +Commands can be redirected to other commands (the output), which is powerful to create mini scripts or to achieve a goal in a single command. Most of the time the redirection can be done with the special characters `>`, `<` and most powerful, the `|` (pipe). Also, some commands accept an option to execute another command, but this depends on a command to command basis (`exec` option for `find`, for example). + +**Most terminal programs accept `Ctrl-c` or just `q` to exit the program.** + +## File permissions and ownership + +When listing files with `ls -l`, an output with file attributes (permissions) and ownership is shown, such as `drwxr-xr-x 2 user group 4096 Jul 5 21:03 Desktop`, where the first part are the attributes, and `user` and `group` the ownership info (all other info is irrelevant for now). + +File attributes (`drwxr-xr-x` in the example above) are specified by 10 (sometimes 11) characters, and can be break into 4 parts (or 5): + +* The first character is just the file type, typically `d` for directories or just `-` for files. There is `l` too, which is for **symlinks**. +* The next 3 characters represent the permissions that the **owner** has over the file. +* Next 3 the permissions that the **group** has over the file. +* Next 3 the permissions everyone else (**others**) have over the file. +* An optional `+` character that specifies whether an alternate access method applies to the file. When the character is a space, there is no alterante access method. + +Each of the three permission triads (`rwx`) can be: + +* `-` or `r`, for the first character, if the file can be **read** or directory's content can be shown. +* `-` or `w`, for the second character, if the file can be **modified** or the directory's content can be modified (create new files or folders or rename existing files or folders). +* `-` or `x`, for the third character, if the file can be **executed** or the directory can be **accessed** with `cd`. Other characters can be present, like `s`, `S`, `t` and `T` (for more: [Arch Linux Wiki: File permissions and attributes](https://wiki.archlinux.org/index.php/File_permissions_and_attributes)). + +To change attributes or ownership use `chmod` and `chown`, respectively. + +## Services + +Special type of linux process (think of a program or set of programs that run in the background waiting to be used, or doing essential tasks). There are many ways to manage (start, stop, restart, enable, disable, etc.) services, the most common way (if using `systemd`) is to just use `systemctl`. Basic usage of `systemctl` is `systemctl verb service`, where `verb` could be `start`, `enable`, `stop`, `disable`, `restart`, etc. Also, to get a general system status run `systemctl status` or just `systemctl` for a list of running **units** (a unit is an instance of a service, or a mount point or even a device or a socket). For more: [Arch Linux Wiki: systemd](https://wiki.archlinux.org/index.php/systemd). + +`systemd` also provides a way to do tasks based on a **timer**, where you can schedule from the second to the year. One could also use `cron` (using `crontab` with option `e`) to do this. These timers provide support for calendar time events, monotonic time events, and can be run asynchronously. + +## User and group management + +Most mainstream linux distributions come with a Graphic User Interface (GUI) to manage users and groups on the system. For a Command-Line Interface (CLI) just use `useradd` (with `passwd` to create a password for a given user) and `groupadd`. Also, other useful commands are `usermod`, `userdel`, `groups`, `gpasswd`, `groupdel` and more, each used for a basic management of users/groups like modification, deletion, listing (of all existing users/groups), etc.. For more: [Arch Linux Wiki: Users and groups](https://wiki.archlinux.org/index.php/users_and_groups). + +## Networking + +### Hosts file + +Located at `/etc/hosts`, serves as a translator from **hostname** (web addresses or URLs) into IP addresses (think of DNS records), meaning that any URL can be overridden to make it point to whatever IP address it's specified (only locally on the machine affected). The syntax of the file is pretty simple: first column for IP, second for hostname (URL) and third+ for aliases. + +### (Some) commands + +These commands serve the sole purpose of showing information about the network and stuff related to it: + +* `ping`: gives information about latency to a given ip/domain. +* `ifconfig`: gives similar information to `ipconfig` on windows, general info of physical network devices with their addresses and properties. An alternative could be `ip addr`, depending on the linux distribution being used and programs installed. +* `tcpdump`: "transmission control protocol dump" gives information on all "packets" being sent and received through the network. +* `netstat`: "network statistics" general statistics about network devices usage, display connections to the machine and more. +* `traceroute`: shows the route that the packets go through (how the packets jump from one server to another one) when trying to access an IP (or, for example, a website). +* `nmap`: "network mapper" explore network available hosts, opened ports, reverse DNS names, can guess the operating system of the device, it's type, MAC address and more. diff --git a/blog/old/src/a/mail_server_with_postfix.md b/blog/old/src/a/mail_server_with_postfix.md new file mode 100644 index 0000000..11e704a --- /dev/null +++ b/blog/old/src/a/mail_server_with_postfix.md @@ -0,0 +1,518 @@ +# Create a mail server with Postfix, Dovecot, SpamAssassin and OpenDKIM + +The entry is going to be long because it's a *tedious* process. This is also based on [Luke Smith's script](https://github.com/LukeSmithxyz/emailwiz), but adapted to Arch Linux (his script works on debian-based distributions). This entry is mostly so I can record all the notes required while I'm in the process of installing/configuring the mail server on a new VPS of mine; also I'm going to be writing a script that does everything in one go (for Arch Linux), that will be hosted [here](https://git.luevano.xyz/server_scripts.git). + +This configuration works for local users (users that appear in `/etc/passwd`), and does not use any type of SQL. And note that most if not all commands executed here are run with root privileges. + +More in depth configuration is detailed in the Arch Wiki for each package used here. + +## Prerequisites + +Basically the same as with the [website with Nginx and Certbot](https://blog.luevano.xyz/a/website_with_nginx.html): + +* A domain name. Got mine on [Epik](https://www.epik.com/?affid=da5ne9ru4) (affiliate link, btw). + * Later we'll be adding some **MX** and **TXT** records. + * You also need a **CNAME** for "mail" and (optionally) "www.mail", or whatever you want to call the sub-domains (although the [RFC 2181](https://tools.ietf.org/html/rfc2181#section-10.3) states that it NEEDS to be an **A** record, fuck the police), to actually work and to get SSL certificate (you can also use the SSL certificate obtained if you created a website following my other notes on `nginx` and `certbot`) with `certbot` (just create a `mail.conf` for `nginx`, similar to how we created it in the website entry). +* A VPS or somewhere else to host. I'm using [Vultr](https://www.vultr.com/?ref=8732849) (also an affiliate link). + * `ssh` configured. + * Ports 25, 587 (SMTP), 465 (SMTPS), 143 (IMAP) and 993 (IMAPS) open on the firewall (I use `ufw`). + * With `nginx` and `certbot` setup and running. + +## Postfix + +[Postfix](https://wiki.archlinux.org/index.php/Postfix) is a "mail transfer agent" which is the component of the mail server that receives and sends emails via SMTP. + +Install the `postfix` package: + +```sh +pacman -S postfix +``` + +We have two main files to configure (inside `/etc/postfix`): `master.cf` ([master(5)](https://man.archlinux.org/man/master.5)) and `main.cf` ([postconf(5)](https://man.archlinux.org/man/postconf.5)). We're going to edit `main.cf` first either by using the command `postconf -e 'setting'` or by editing the file itself (I prefer to edit the file). + +Note that the default file itself has a lot of comments with description on what each thing does (or you can look up the manual, linked above), I used what Luke's script did plus some other settings that worked for me. + +Now, first locate where your website cert is, mine is at the default location `/etc/letsencrypt/live/`, so my `certdir` is `/etc/letsencrypt/live/luevano.xyz`. Given this information, change `{yourcertdir}` on the corresponding lines. The configuration described below has to be appended in the `main.cf` configuration file. + +Certificates and ciphers to use for authentication and security: + +```apache +smtpd_tls_key_file = {yourcertdir}/privkey.pem +smtpd_tls_cert_file = {yourcertdir}/fullchain.pem +smtpd_use_tls = yes +smtpd_tls_auth_only = yes +smtp_tls_security_level = may +smtp_tls_loglevel = 1 +smtp_tls_CAfile = {yourcertdir}/cert.pem +smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 +smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 +smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 +smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 +tls_preempt_cipherlist = yes +smtpd_tls_exclude_ciphers = aNULL, LOW, EXP, MEDIUM, ADH, AECDH, MD5, + DSS, ECDSA, CAMELLIA128, 3DES, CAMELLIA256, + RSA+AES, eNULL + +smtp_tls_CApath = /etc/ssl/certs +smtpd_tls_CApath = /etc/ssl/certs + +smtpd_relay_restrictions = permit_sasl_authenticated, permit_mynetworks, defer_unauth_destination +``` + +Also, for the *connection* with `dovecot`, append the next few lines (telling postfix that `dovecot` will use user/password for authentication): + +```apache +smtpd_sasl_auth_enable = yes +smtpd_sasl_type = dovecot +smtpd_sasl_path = private/auth +smtpd_sasl_security_options = noanonymous, noplaintext +smtpd_sasl_tls_security_options = noanonymous +``` + +Specify the mailbox home (this is going to be a directory inside your user's home): + +```apache +home_mailbox = Mail/Inbox/ +``` + +Pre-configuration to work seamlessly with `dovecot` and `opendkim`: + +```apache +myhostname = {yourdomainname} +mydomain = localdomain +mydestination = $myhostname, localhost.$mydomain, localhost + +milter_default_action = accept +milter_protocol = 6 +smtpd_milters = inet:127.0.0.1:8891 +non_smtpd_milters = inet:127.0.0.1:8891 +mailbox_command = /usr/lib/dovecot/deliver +``` + +Where `{yourdomainname}` is `luevano.xyz` in my case, or if you have `localhost` configured to your domain, then use `localhost` for `myhostname` (`myhostname = localhost`). + +Lastly, if you don't want the sender's IP and user agent (application used to send the mail), add the following line: + +```apache +smtp_header_checks = regexp:/etc/postfix/smtp_header_checks +``` + +And create the `/etc/postfix/smtp_header_checks` file with the following content: + +```coffee +/^Received: .*/ IGNORE +/^User-Agent: .*/ IGNORE +``` + +That's it for `main.cf`, now we have to configure `master.cf`. This one is a bit more tricky. + +First look up lines (they're uncommented) `smtp inet n - n - - smtpd`, `smtp unix - - n - - smtp` and `-o syslog_name=postfix/$service_name` and either delete or uncomment them... or just run `sed -i "/^\s*-o/d;/^\s*submission/d;/\s*smtp/d" /etc/postfix/master.cf` as stated in Luke's script. + +Lastly, append the following lines to complete postfix setup and pre-configure for `spamassassin`. + +```txt +smtp unix - - n - - smtp +smtp inet n - y - - smtpd + -o content_filter=spamassassin +submission inet n - y - - smtpd + -o syslog_name=postfix/submission + -o smtpd_tls_security_level=encrypt + -o smtpd_sasl_auth_enable=yes + -o smtpd_tls_auth_only=yes +smtps inet n - y - - smtpd + -o syslog_name=postfix/smtps + -o smtpd_tls_wrappermode=yes + -o smtpd_sasl_auth_enable=yes +spamassassin unix - n n - - pipe + user=spamd argv=/usr/bin/vendor_perl/spamc -f -e /usr/sbin/sendmail -oi -f \${sender} \${recipient} +``` + +Now, I ran into some problems with postfix, one being [smtps: Servname not supported for ai_socktype](https://www.faqforge.com/linux/fix-for-opensuse-error-postfixmaster-fatal-0-0-0-0smtps-servname-not-supported-for-ai_socktype/), to fix it, as *Till* posted in that site, edit `/etc/services` and add: + +```apache +smtps 465/tcp +smtps 465/udp +``` + +Before starting the `postfix` service, you need to run `newaliases` first (but you can do a bit of configuration beforehand). Edit the file `/etc/postfix/aliases` and edit accordingly. I only change the `root: you` line (where `you` is the account that will be receiving "root" mail). Check the Arch Wiki for more info and other alternatives/options. After you're done, run: + +```sh +postalias /etc/postfix/aliases +newaliases +``` + +At this point you're done configuring `postfix` and you can already start/enable the `postfix` service: + +```sh +systemctl start postfix.service +systemctl enable postfix.service +``` + +## Dovecot + +[Dovecot](https://wiki.archlinux.org/index.php/Dovecot) is an IMAP and POP3 server, which is what lets an email application retrieve the mail. + +Install the `dovecot` and `pigeonhole` (sieve for `dovecot`) packages: + +```sh +pacman -S dovecot pigeonhole +``` + +On arch, by default, there is no `/etc/dovecot` directory with default configurations set in place, but the package does provide the example configuration files. Create the `dovecot` directory under `/etc` and, optionally, copy the `dovecot.conf` file and `conf.d` directory under the just created `dovecot` directory: + +```sh +mkdir /etc/dovecot +cp /usr/share/doc/dovecot/example-config/dovecot.conf /etc/dovecot/dovecot.conf +cp -r /usr/share/doc/dovecot/example-config/conf.d /etc/dovecot +``` + +As Luke stated, `dovecot` comes with a lot of "modules" (under `/etc/dovecot/conf.d/` if you copied that folder) for all sorts of configurations that you can include, but I do as he does and just edits/creates the whole `dovecot.conf` file; although, I would like to check each of the separate configuration files `dovecot` provides I think the options Luke provides are more than good enough. + +I'm working with an empty `dovecot.conf` file. Add the following lines for SSL and login configuration (also replace `{yourcertdir}` with the same certificate directory described in the Postfix section above, note that the `<` is required): + +```apache +ssl = required +ssl_cert = <{yourcertdir}/fullchain.pem +ssl_key = <{yourcertdir}/privkey.pem +ssl_min_protocol = TLSv1.2 +ssl_cipher_list = ALL:!RSA:!CAMELLIA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SHA1:!SHA256:!SHA384:!LOW@STRENGTH +ssl_prefer_server_ciphers = yes +ssl_dh = `: redirects output to a file, overwriting the file (or creating a new file). +* `>>`: redirects output to a file, appending to the file (or creating a new file). + +## Shell scripting + +A shell script is nothing more but a file that contains commands in it; they're executed in the same order they are present in the file. A shell script file is usually terminated with a `.sh` extension, independently of the shell being used, but it's not 100% necessary as in Unix systems, an extension mean nothing, other than distinction (visually) between files. Then one can just have an extension-less file as a script. **The script must have execution permissions (`chmod +x file`)**, unless `shell script` is executed in the terminal, where `shell` could be `sh`, `bash`, etc. **Comments** are created by prepending `#` to whatever the text should be a comment. + +It's common practice to have the first line as a **she-bang** (`#!`), which is just a comment telling the interpreter which shell to execute the script with (usable when having the script in your **PATH** so you only call the name of the script like any other command/program). A she-bang has the syntax `#!/path/to/shell some_other_options`, the most common she-bangs being: `#!/bin/sh`, `#!/bin/bash`, `#!/usr/bin/python`, etc. + +Also, some people argue that you shouldn't use absolute paths, since not all Unix operating systems have the same directory structure, or not all programs are going to be installed in the same folder. So a portable she-bang can be made by prepending `/usr/bin/env` and the specify the program to run, for example: `#!/usr/bin/env bash`. + +Like always... the basic "Hello, world!" script: + +```sh +#!/bin/sh +echo "Hello, world!" +``` + +Three ways of executing this script (assuming the file name is `hw`): + +1. Type in terminal `sh hw`. +2. Type in terminal `./hw`. Requires the file to have execute permissions. +3. Type in terminal `hw`. Requires the file to have execute permissions. Requires the file to be in your PATH. + +### Variables + +Variables are case sensitive, meaning that `my_var` and `MY_VAR` are different and a variable name can only contain letters and numbers (`a-z`, `A-Z` and `0-9`) or the underscore character `_`. Can't contain a space. Variables are called by prepending `$` to the variable name. + +Like in most programming languages, there are some reserved words like `if`, `select`, `then`, `until`, `while`, etc., that can't be used as variables or as values of variables. For more: [D.2 Index of Shell Reserved Words](https://www.gnu.org/software/bash/manual/html_node/Reserved-Word-Index.html). + +There is no need to specify a variable type. Anything surrounded by `"` will be treated as text. You can use booleans, numbers, text and arrays (the implementation of arrays depends on the shell being used). Make a variable readonly by calling `readonly variable_name`. Basic syntax: + +* Text variables: `var="my var"`. +* Numeric variables: `var=123`. +* Boolean variables: `var=true` and `var=false`. +* Arrays (assuming `bash` is the shell): + * `var[0]=value1`, `var[...]=...`, `var[n]=valuen`, etc. + * `var=(value1 ... valuen)` + * Access single values with `${var[index]}` and all values with `${var[*]}` or `${var[@]}`. + +There are special variables (for more. [tutorialspoint: Unix / Linux - Special Variables](https://www.tutorialspoint.com/unix/unix-special-variables.htm)): + +* `$`: represents the process ID number, or PID, of the current shell. +* `0`: the filename of the current script. +* `n`: where `n` can be any whole number, correspond to arguments passed to the script (`command arg1 arg2 arg3 argn`). +* `#:` number of arguments supplied to the script. +* `*:` all the arguments are double quoted. +* `@:` all the arguments are individually double quoted. +* `?:` exit status of the last command executed. +* `!:` process number of the last background command. + +When calling a script, you can pass optional (or required) positional arguments like: `command arg1 arg2 arg3 argn`. + +Note that a variable can also take the output of another command, one common way to do this is using `$(command)` or `` `command` ``, for example: `var="$(echo 'this is a command being executed inside the definition of a variable')"` which, since the `echo` command is being run, `var="this is a command being executed inside the definition of a variable"`, which doesn't seem like much, but there could be any command inside `$()` or `` `command` ``. Note that this is not special to defining variables, could also be used as arguments of another command. + +#### Internal Field Separator (IFS) + +This is used by the shell to determine how to do word splitting (how to recognize word boundaries). The default value for `IFS` consists of whitespace characters (space, tab and newline). This value can ve overridden by setting the variable `IFS` to something like, for example, `:`. + +### Conditionals + +#### Exit status + +Any command being run has an exit status, either `0` or `1`, if the command has been executed successfully or otherwise (an error), respectively. + +#### `if` statement + +Pretty similar to other programming languages, evaluates an expression to a `true` or `false` and executes code as specified. `if` statements can be nested, and follow normal rules of logical operations. Basic syntax is: + +```sh +#!/bin/sh +if expression +then +do_something +elif another_expression +then +do_another_thing +else +do_something_else +fi +``` + +The expression is usually wrapped around `[]` or `[[]]`, the first being POSIX compliant and the second `bash`-specific (and other shells). + +Also, some **operators** to compare things use `==` for "equals" and `>` for "greater than", for example; while in a POSIX compliant shell, `=` for "equals" and `-gt` for "greater than" has to be used. For more operators: [tutorialspoint: Unix / Linux - Shell Basic Operators](https://www.tutorialspoint.com/unix/unix-basic-operators.htm) (this also covers **logical operators** and **file test operators**). + +### Case statement + +A common good alternative to multilevel `if` statements, enables you to match several values against one variable. Basic syntax is: + +```sh +case $var in + pattern1) + do_something1 + ;; + pattern2) + subpattern1) + do_subsomething1 + ;; + subpattern2) + do_subsomething2 + ;; + *) + pattern3|pattern4|...|patternN) + do_something3 + ;; + patternM) + do_somethingM + ;; + *) + do_something_default + ;; +esac +``` + +Where the `*` pattern is not necessary but serves the same purpose as a "default" case. + +### Loops + +Loops enable execution of a set of commands repeatedly. Loops, naturally, can be nested. `expression` here (in the basic syntax examples) work the same as mentioned in the "`if` statement" section. For more: [tutorialspoint: Unix / Linux - Shell Loop Types](https://www.tutorialspoint.com/unix/unix-shell-loops.htm). + +#### Loop control + +Similar than other programming languages, there are loop controls to interrupt or continue a loop: + + * `break` statement. + * `continue` statement. + +These statements accept an argument that specify from which loop to exit/continue. + +#### `while` loop + +Enables to execute a set of commands repeatedly until some condition occurs. Basic syntax: + +```sh +#!/bin/sh +while expression +do + do_something +done +``` + +#### `until` loop + +Similar to the `while` loop, the difference is that the `while` loop is executed as long as a condition is true, but the `until` loop... until a condition is true. Basic syntax (similar to `while` loop): + +```sh +#!/bin/sh +until expression +do + do_something +done +``` + +#### `for` loop + +Operates on lists of items. It repeats a set of commands for every item in a list. Basic syntax: + +```sh +#!/bin/sh +for var in word1 word2 ... wordN +do + do_something_with_var +done +``` + +Where `var` is the current value (`word1`, `word2`, etc.) in the loop and the expression after `for` can refer to an array, or the output of a command that outputs a list of things, etc. + +#### `select` loop + +Provides an easy way to create a numbered menu from which users can select options. Basic syntax (similar to `for` loop): + +```sh +select var in word1 word2 ... wordN +do + do_something_with_var +done +``` + +### Meta characters + +Meta characters are used to execute several commands on a single line (depending on what it's needed). The most used meta characters to accomplish this are semi-colon `;`, double ampersand `&&` and double "pipe" `||`. + +* `;`: is used to finish one command (similar to some programming languages), after the command on the left of `;` is finished (whatever the exit code is), the command on the right will be executed. +* `&&`: similar to `;`, but only if the command on the left exits with code `0` (success). +* `||`: similar to `&&`, but for exit code `1`(error). + +### Functions + +Enable to break down the overall functionality of a script into smaller, logical subsections, which can then be called upon to perform their individual tasks when needed (like in any other programming language...). For more: [tutorialspoint: Unix / Linux - Shell Functions](https://www.tutorialspoint.com/unix/unix-shell-functions.htm). Basic syntax: + +```sh +#!/bin/sh +function_name () { + do_something +} +``` + +Functions can also take arguments and can access their individual arguments (each function will have a different "storage" for their arguments). Functions can also be nested. Here `exit` will not only will finish the function code, but also the shell script that called it, instead use `return` plus an exit code to just exit the function. diff --git a/blog/old/src/a/sql_video_notes.md b/blog/old/src/a/sql_video_notes.md new file mode 100644 index 0000000..4b37119 --- /dev/null +++ b/blog/old/src/a/sql_video_notes.md @@ -0,0 +1,172 @@ +# SQL tutorial video notes + +I was requested to make summaries of videos about SQL, these are the notes (mostly this is a transcription of what I found useful). The videos in question are: [SQL Tutorial - Full Database Course for Beginners](https://www.youtube.com/watch?v=HXV3zeQKqGY), [MySQL Tutorial for Beginners [Full Course]](https://www.youtube.com/watch?v=7S_tz1z_5bA) and [Advanced SQL course | SQL tutorial advanced](https://www.youtube.com/watch?v=2Fn0WAyZV0E). Also, some notes were taken from [w3schools.com's SQL Tutorial](https://www.w3schools.com/sql/) and [MySQL 8.0 Reference Manual](https://dev.mysql.com/doc/refman/8.0/en/). + +## What is a database (DB)? + +Any collection of related information, such as a phone book, a shopping list, Facebook's user base, etc.. It can be stored in different ways: on paper, on a computer, in your mind, etc.. + +### Database Management Systems (DBMS) + +A special software program that helps users create and maintain a database that makes it easy to manage large amounts of information, handles security, backups and can connect to programming languages for automation. + +### CRUD + +The four main operations that a DBMS will do: create, read, update and delete. + +### Two types of databases + +* Relational (SQL) + * Organize data into one or more tables. + * Each table has columns and rows. + * A unique key identifies each row. +* Non-relational (noSQL/not just SQL) + * Key-value stores. + * Documents (JSON, XML, etc). + * Graphs. + * Flexible tables. + +#### Relational databases (RDB) (SQL) + +When we want to create a RDB we need a Relational Database Management System (RDBMS) that uses Structured Query Language (SQL) which is a standardized language for interacting with RDBMS and it's used to perform CRUD operations (and other administrative tasks). + +#### Non-relational databases (NRDB) (noSQL/not just SQL) + +Anything that's not relational, stores data in anything but static tables. Could be a document (JSON, XML, etc.), graph (relational nodes), key-value hash (strings, json, etc.), etc. + +NRDB also require a Non-Relational Database Management System (NRDBMS) to maintain a database. But it doesn't have a standardized language for performing CRUD and administrative operations like how RDB have. + +### Database queries + +A DB query is a request that is made to the (R/NR)DBMS for a specific information. A google search is a query, for example. + +## Tables and keys + +A table is composed of columns, rows and a primary key. The primary key is unique and identifies one specific row. Columns and rows are trivial, a column identifies a field and has a specific data type (name, email, birth) and a row identifies a table entry (person that contains a name, email and birth). + +Also, there are foreign keys, it's purpose is to relate to another database table; this foreign key is unique in it's own table, but can be repeated where you use it as a foreign key. + +It's possible to use the same table keys as foreign keys to make relations inside the same table. + +## SQL basics + +It's actually a hybrid language, basically 4 types of languages in one: + +* Data Query Language (DQL) + * Used to query the database for information. + * Get information that is already stored there. +* Data Definition Language (DDL) + * Used for defining database schemas. +* Data Control Language (DCL) + * Used for controlling access to the data in the database. + * User and permissions management. +* Data Manipulation Language (DML) + * Used for inserting, updating and deleting data from a database. + +### Queries + +A set of instructions given to the RDBMS (written in SQL) that tell the RDBMS what information you want it to retrieve. Instead of getting the whole database, retrieve only a bit of information that you need. + +Also, SQL keywords can be either lower or upper case, but it's **convention to use upper case**. And **queries are ended by a semi-colon**. + +#### Data types + +Just some SQL data types (for more: [MySQL 8.0 Reference Manual: Chapter 11 Data Types](https://dev.mysql.com/doc/refman/8.0/en/data-types.html), the notation is `DATATYPE(SIZE(,SIZE))`: + +* `INT`: integer numbers. +* `DECIMAL(M,N)`: decimal numbers. +* `VARCHAR(N)`: string of text of length N. +* `BLOB`: Binary Large Object, stores large data. +* `DATE`: YYYY-MM-DD. +* `TIMESTAMP`: YYYY-MM-DD HH:MM:SS. + +#### Basic management of tables + +To **create a table**, the basic syntax is `CREATE TABLE tablename (column1 datatype constraint, column2 datatype constraint, ...)`, where a constraint could be (for more: [MySQL 8.0 Reference Manual: 13.1.20 CREATE TABLE Statement](https://dev.mysql.com/doc/refman/8.0/en/create-table.html)): + +* `NOT NULL`: can't have a `NULL` value. +* `UNIQUE`: all values are unique. +* `PRIMARY KEY`: uniquely identifies each row. +* `FOREIGN KEY`: uniquely identifies a row in another table. +* `CHECK expresion`: satisfy a special condition (`expresion`). +* `DEFAULT value`: if no value is specified use value `value`. +* `INDEX`: to create and retrieve data from the database very quickly. + +Get the **table structure** with `DESCRIBE tablename` and delete it with `DROP TABLE tablename`. **Add columns** to the table with `ALTER TABLE tablename ADD column DATATYPE(N,M)`, similar syntax to **delete a specific column** `ALTER TABLE tablename DRORP COLUMN column`. + +**Add entries** to the table with `INSERT INTO tablename VALUES(value1, value2, ...)` where all the fields must be specified, or `INSERT INTO tablename(column1, column2) VALUES(value1, value2)` to just add some fields to the new entry. While at it, (all) the table content can be fetched with `SELECT * FROM tablename`. + +Basic **Updating of entries** with `UPDATE tablename SET expression1 WHERE expression2`, where `expression1` could be `column = value2` and `expression2` could be `column = value1`, meaning that the value of `column` will be changed from `value1` to `value2`. Note that the expressions are not limited by `column = value`, and that the `column` has to be the same, it would be any expression. Also, this is really extensive as `SET` can set multiple variables and `WHERE` take more than one condition by chaining conditions with `AND`, `OR` and `NOT` keywords, for example. + +##### ON DELETE statement + +When an entry needs to be updated somehow based on a modification on a foreign key. If two tables are related to each other, if something is deleted on one end, update the other end in some way. + +For example on creation of a table, on the specification of a foreign key: `CREATE TABLE tablename (..., FOREIGN KEY(column) REFERENCES othertable(othertablecolumn) ON DELETE something)`. That something could be `SET NULL`, `CASCADE`, etc.. + +#### SELECT queries + +Instead of doing `SELECT * FROM tablename`, which gets all the data from a table, more complex `SELECT` queries can be implemented, such as `SELECT column FROM tablename` to only get all data from one column of the table. Append `LIMIT N` to limit the query to `N` entries. Append `WHERE condition` to meet a custom condition. + +Other statements that can be used in conjunction with `SELECT` are `ORDER BY column ASC|DESC`, `SELECT DISTINCT`, `MIN(column)`, `MAX(column)`, `COUNT(column)`, `AVG(column)`, `SUM(column)`, `LIKE` and more. For more, visit [MySQL 8.0 Reference Manual: 13.2.10 SELECT Statement](https://dev.mysql.com/doc/refman/8.0/en/select.html). + +MySQL uses regular expressions (regex) like pattern matching, some wildcards that can be used with the `LIKE` statement are: + +* `%`: zero or more characters. +* `_`: a single character. +* `[]`: any single character within the brackets. +* `^`: any character not in the brackets. +* `-`: a range of characters. + +An extended regex can be used with the statement `REGEX_LIKE(expression)`; `REGEXP` and `RLIKE` are synonyms for `REGEX_LIKE`. For more: [MySQL 8.0 Reference Manual: 3.3.4.7 Pattern Matching](https://dev.mysql.com/doc/refman/8.0/en/pattern-matching.html). + +#### Unions + +A specialized SQL operator that is used to combine multiple `SELECT` statements into one. The basic syntax is `SELECT ... UNION SELECT ...`, where `...` is a whole `SELECT` statement; there can be any amount of unions. There are some rules that apply when doing unions, such as having the same amount of columns on both statements and being of the same data type. + +#### Joins + +Used to combine rows from two or more tables based on a related column between them. Basic syntax is `SELECT table1.column1, ..., table2.column1, ... FROM table(1|2) JOIN table(1|2) ON table1.common_column = table2.common_column`, where the table specified in the `FROM` statement is called the "left" table, where the one in the `JOIN` statement is the "right" table. For more: [MySQL 8.0 Reference Manual: 13.2.10.2 JOIN Clause](https://dev.mysql.com/doc/refman/8.0/en/join.html). + +There are different types of SQL JOINs: + +* `(INNER) JOIN`: returns records that have matching values in both tables. +* `LEFT (OUTER) JOIN`: returns all records from the left table, and the matched records from the right table. +* `RIGHT (OUTER) JOIN`: returns all records from the right table, and the matched records from the left table. +* `FULL (OUTER) JOIN`: returns all records when there is a match in either left or right table. + +![INNER JOIN](https://static.luevano.xyz/images/b/notes/sql/img_innerjoin.gif) +![LEFT JOIN](https://static.luevano.xyz/images/b/notes/sql/img_leftjoin.gif) +![RIGHT JOIN](https://static.luevano.xyz/images/b/notes/sql/img_rightjoin.gif) +![FULL OUTER JOIN](https://static.luevano.xyz/images/b/notes/sql/img_fulljoin.gif) + +#### Nested queries + +A query composed of multiple select statements to get a specific piece of information. This is self explanatory, you do a `SELECT` query somewhere inside another one, for example `SELECT ... IN (SELECT ...)`, where the nesting is occurring inside the parenthesis after the `IN` statement. + +A nesting isn't constrained to the `IN` statement, it can appear anywhere, for example in a `WHERE` statement: `SELECT ... WHERE something = (SELECT ...)`. + +#### Triggers + +A block of SQL code that will define a certain action that will happen when a specific operation is performed on the database. It is **recommended to change the `DELIMITER` temporarily from semi-colon to something else** (since we need to use semi-colon to end the trigger) while the trigger is created. The basic syntax is `CREATE TRIGGER trigername triggertime triggerevent ON tablename FOR EACH ROW triggerorder triggerbody`. For more: [MySQL 8.0 Reference Manual: 13.1.22 CREATE TRIGGER Statement](https://dev.mysql.com/doc/refman/8.0/en/create-trigger.html) and [MySQL 8.0 Reference Manual: 25.3.1 Trigger Syntax and Examples](https://dev.mysql.com/doc/refman/8.0/en/trigger-syntax.html). + +#### Entity Relationship Diagrams (ERD) + +When designing a database it's important to define a **database schema** which is just a definition of all the different tables and their attributes that are going to live inside the database. So, basically, an ERD diagram is a diagram that consists of text, symbols and shapes that are combined to create a relationship model. + +The diagram consists of: + +* **Entity**: a square with the name of the entity inside it. +* **Attributes**: ovals with the name of the attributes inside it; an attribute defines specific pieces of information about an entity (columns). +* **Primary key**: same as with attributes but with name underlined; the primary key uniquely identifies the entity. +* **Composite attribute**: an attribute that consists on one or more (sub-)attributes. +* **Multi-valued attribute**: oval with another oval inside it and the name of the attribute. +* **Derived attribute**: dotted oval; this attribute can be derived from other attributes from the entity. +* **Relationship**: a diamond with the relationship name in it, for the connections a single line (partial participation) or a doubled line (total participation); it denotes how two or more attributes are related to each other; all members must participate in the relationship. +* **Relationship attribute**: denoted like a normal attribute, but it's child of a relationship; it defines what attributes exists because of the relationship, it's not stored in any of the entities related, but on the relationship object itself. +* **Relationship cardinality**: denoted with a number on the line connecting the relationship to the entity; detones the number of instances of an entity from a relation that can be associated with the relation. +* **Weak entity**: rectangle inside a rectangle with its name inside; it cannot be uniquely identified by its attributes alone. +* **Weak entity's primary key**: oval with its text underlined, but the line is dotted. +* **Identifying relationship**: a diamond inside a diamond with its name inside; a relationship that serves to uniquely identify the weak entity. + +![ERD example taken from wikipedia](https://static.luevano.xyz/images/b/notes/sql/erd_example.png) diff --git a/blog/old/src/a/website_with_nginx.md b/blog/old/src/a/website_with_nginx.md new file mode 100644 index 0000000..43264de --- /dev/null +++ b/blog/old/src/a/website_with_nginx.md @@ -0,0 +1,157 @@ +# Create a website with Nginx and Certbot + +These are general notes on how to setup a Nginx web server plus Certbot for SSL certificates, initially learned from [Luke's video](https://www.youtube.com/watch?v=OWAqilIVNgE) and after some use and research I added more stuff to the mix. And, actually at the time of writing this entry, I'm configuring the web server again on a new VPS instance, so this is going to be fresh. + +As a side note, (((i use arch btw))) so everything here es aimed at an Arch Linux distro, and I'm doing everything on a VPS. Also note that most if not all commands here are executed with root privileges. + +## Prerequisites + +You will need two things: + +* A domain name (duh!). I got mine on [Epik](https://www.epik.com/?affid=da5ne9ru4) (affiliate link, btw). + * With the corresponding **A** and **AAA** records pointing to the VPS' IPs ("A" record points to the ipv4 address and "AAA" to the ipv6, basically). I have three records for each type: empty one, "www" and "\*" for a wildcard, that way "domain.name", "www.domain.name", "anythingelse.domain.name" point to the same VPS (meaning that you can have several VPS for different sub-domains). +* A VPS or somewhere else to host it. I'm using [Vultr](https://www.vultr.com/?ref=8732849) (also an affiliate link). + * With `ssh` already configured both on the local machine and on the remote machine. + * Firewall already configured to allow ports 80 (HTTP) and 443 (HTTPS). I use `ufw` so it's just a matter of doing `ufw allow 80,443/tcp` as root and you're golden. + * `cron` installed if you follow along (you could use `systemd` timers, or some other method you prefer to automate running commands every X time). + +## Nginx + +You have two options: `nginx` and `nginx-mainline`. I prefer `nginx-mainline` because it's the "up to date" package even though `nginx` is labeled to be the "stable" version. Install the package and enable/start the service: + +```sh +pacman -S nginx-mainline +systemctl enable nginx.service +systemctl start nginx.service +``` + +And that's it, at this point you can already look at the default initial page of nginx if you enter the ip of your server in a web browser. You should see something like this: + +![Nginx welcome page](https://static.luevano.xyz/images/b/notes/nginx/nginx_welcome_page.png) + +As stated in the welcome page, configuration is needed, head to the directory of nginx: + +```sh +cd /etc/nginx +``` + +Here you have several files, the important one is `nginx.conf`, which as its name implies, contains general configuration of the web server. If you peek into the file, you will see that it contains around 120 lines, most of which are commented out and contains the welcome page server block. While you can configure a website in this file, it's common practice to do it on a separate file (so you can scale really easily if needed for mor websites or sub-domains). + +Inside the `nginx.conf` file, delete the `server` blocks and add the lines `include sites-enabled/*;` (to look into individual server configuration files) and `types_hash_max_size 4096;` (to get rid of an ugly warning that will keep appearing) somewhere inside the `http` block. The final `nginx.conf` file would look something like (ignoring the comments just for clarity, but you can keep them as side notes): + +```nginx +worker_processes 1; + +events { + worker_connections 1024; +} + +http { + include sites-enabled/*; + include mime.types; + default_type application/octet-stream; + + sendfile on; + + keepalive_timeout 65; + + types_hash_max_size 4096; +} +``` + +Next, inside the directory `/etc/nginx/` create the `sites-available` and `sites-enabled`, and go into the `sites-available` one: + +```sh +mkdir sites-available +mkdir sites-enabled +cd sites-available +``` + +Here, create a new `.conf` file for your website and add the following lines (this is just the sample content more or less): + +```nginx +server { + listen 80; + listen [::]:80; + + root /path/to/root/directory; + server_name domain.name another.domain.name; + index index.html anotherindex.otherextension; + + location /{ + try_files $uri $uri/ =404; + } +} +``` + +Note several things: + +* `listen`: we're telling nginx which port to listen to (ipv4 and ipv6, respectively). +* `root`: the root directory of where the website files (`.html`, `.css`, `.js`, etc. files) are located. I followed Luke's directory path `/var/www/some_folder`. +* `server_name`: the actual domain to "listen" to (for my website it is: `server_name luevano.xyz www.luevano.xyz`; and for this blog is: `server_name blog.luevano.xyz www.blog.luevano.xyz`). +* `index`: what file to serve as the index (could be any `.html`, `.htm`, `.php`, etc. file) when just entering the website. +* `location`: used in case of different configurations across different URL paths. + * `try_files`: tells what files to look for, don't look into this too much for now. + +Then, make a symbolic from this config file to the `sites-enabled` directory: + +```sh +ln -s /etc/nginx/sites-available/your_config_file.conf /etc/nginx/sites-enabled +``` + +This is so the `nginx.conf` file can look up the newly created server config. With this method of having each server configuration file separate you can easily "deactivate" any website by just deleting the symbolic link in `sites-enabled` and you're good, or just add new configuration files and keep everything nice and tidy. + +All you have to do now is restart (or enable and start if you haven't already) the nginx service (and optionally test the configuration): + +```sh +nginx -t +systemctl restart nginx +``` + +If everything goes correctly, you can now go to your website by typing "domain.name" on a web browser. But you will see a "404 Not Found" page like the following (maybe with different nginx version): + +![Nginx 404 page](https://static.luevano.xyz/images/b/notes/nginx/nginx_404_page.png) + +That's no problem, because it means that the web server it's actually working. Just add an `index.html` file with something simple to see it in action. If you keep seeing the 404 page make sure your `root` line is correct and that the directory/index file exists. + +I like to remove the `.html` and trailing `/` on the URLs of my website, for that you need to add the following `rewrite` lines and modify the `try_files` line (for more: [Sean C. Davis: Remove HTML Extension And Trailing Slash In Nginx Config](https://www.seancdavis.com/blog/remove-html-extension-and-trailing-slash-in-nginx-config/)): + +```nginx +server { + ... + rewrite ^(/.*)\.html(\?.*)?$ $1$2 permanent; + rewrite ^/(.*)/$ /$1 permanent; + ... + try_files $uri/index.html $uri.html $uri/ $uri =404; + ... +``` + +For more: [Arch Linux Wiki: nginx](https://wiki.archlinux.org/index.php/nginx). + +## Certbot + +The only "bad" (bloated) thing about certbot, is that it uses `python`, but for me it doesn't matter too much. You may want to look up another alternative if you prefer. Install the packages `certbot` and `certbot-nginx`: + +```sh +pacman -S certbot certbot-nginx +``` + +After that, all you have to do now is run `certbot` and follow the instructions given by the tool: + +```sh +certbot --nginx +``` + +It will ask you for some information, for you to accept some agreements and the names to activate https for. Also, you will want to "say yes" to the redirection from http to https. And that's it, you can now go to your website and see that you have https active. + +Now, the certificate given by `certbot` expires every 3 months or something like that, so you want to renew this certificate every once in a while. Using `cron`, you can do this by running: + +```sh +crontab -e +``` + +And a file will be opened where you need to add a new rule for certbot, just append the line: `1 1 1 * * certbot renew` (renew on the first day of every month) and you're good. Alternatively use `systemd` timers as stated in the [Arch Linux Wiki](https://wiki.archlinux.org/index.php/Certbot#Automatic_renewal). + +For more: [Arch Linux Wiki: Certbot](https://wiki.archlinux.org/index.php/Certbot). + +That's it, you now have a website with SSL certificate. diff --git a/blog/old/src/index.md b/blog/old/src/index.md new file mode 100644 index 0000000..475d807 --- /dev/null +++ b/blog/old/src/index.md @@ -0,0 +1,5 @@ +# Luévano's Blog + +Welcome to my blog where I'll post whatever I please, ranging from rants to how-to's. Además, este pex va a estar en español e inglés porque quiero (no una mezcla en cada entrada, pero sí entradas completas en diferentes lenguajes). + +## Articles -- cgit v1.2.3-70-g09d2