The old story of /dev/md127

I always used this solution to make sure that /dev/mdN will be /dev/mdN after restart (to prevent name change to /dev/md127 after reboot).

mdadm --examime --scan >/etc/mdadm/mdadm.conf
# edit /etc/mdadm/mdadm.conf
# on debian/ubuntu
update-initramfs -u -k all

Another solution (basicaly RTFM):

mdadm --create /dev/md0 -l 1 -n 2 --metadata=1.2 --homehost=any /dev/sdb /dev/sdc

homehost == any - this is wildcard name of the host (hostname). By default current system hostname is inserted by mdadm.
Starting with kernel 5.19 there is kernel option hostanme= which can be used to setup hostname at boot (before userspace). This can also be used to corellate user/kernel hostanmes.
This is related to metadata format 1.2. With metadata verion 0.90 "Preferred Minor" property is used.

basic nginx config

server {
  listen 80;
  listen [::]:80;
  
  server_name catch-all-for-nginx-wyga-cf;
  server_name ~^test\d*\.nginx\.wyga\.cf$;
  
  location /.well-known {
    root /var/www/acme;
  }
  
  location / {
    return https://$host;
  }
}

server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;

  server_name catch-all-for-nginx-wyga-cf;
  server_name ~^test\d*\.nginx\.wyga\.cf$;

  ssl_certificate /etc/nginx/tls/wyga-ca.pem;
  ssl_certificate_key /etc/nginx/tls/wyga-ca.key;
  ssl_protocols TLSv1.2 TLSv1.3;
  ssl_prefer_server_ciphers on;
  ssl_session_cache shared:SSL:10m;
  ssl_session_timeout 5m;

  root /var/www/wyga;

  index index.html;
  
  location = /favicon.ico {
     access_log off;
     return 204;
  }

  location / {
    try_files $uri $uri/ =404;
  }
}

self-signed certificate take 2

Generate self-signed certificate (with basic constraints extension CA:TRUE):

openssl req -x509 -nodes -sha256 -days 3650 -newkey rsa:2048 \
  -keyout /etc/nginx/tls/wyga-ca.key \
  -out /etc/nginx/tls/wyga-ca.pem \
  -subj '/CN=WYGA-CA/'

Add CA as trusted to you browser (works with Chrome).

Regenerate certificate with SNI names:

openssl req -x509 -nodes -sha256 -days 3650 \
  -key /etc/nginx/tls/wyga-ca.key \
  -out /etc/nginx/tls/wyga-ca.pem \
  -subj '/CN=WYGA-CA/' \
  -addext "subjectAltName = DNS:test.nginx.wyga.cf, DNS:test1.nginx.wyga.cf, DNS: test2.nginx.wyga.cf"

Firefox is more secure in that matter. This will not work with that browser ;)

d="change-me"
{
openssl req -x509 -nodes -sha256 -days 3650 -newkey rsa:2048 \
  -keyout "${d}.key" \
  -out "${d}.pem" \
  -subj '/CN=WYGA-CA/'
}

nginx proxy for HP iLO BMC (HTML5 console only)

This some PoC for proxing access to HP iLO module via nginx. This allow accessing HTML console (no Java or .NET console).
Tested only with iLO 4 (on proliant gen9 servers)

bmc.conf:

include /etc/nginx/bmc-nodes.conf;

# https://www.rfc-editor.org/rfc/rfc7230#section-6.1
# https://datatracker.ietf.org/doc/html/rfc6455#section-4.2.1
# For iLO Connection: Upgrade is case-sensitive... 
map $http_upgrade $connection_upgrade {
    default Upgrade;
    ''      close;
}

# You need to listen on https port
# This will create mapping for  to map name to IP adddress
# For ex:
#  server1.bmc.example.com
#  serverN.bmc.example.com
#  etc...
server {
    listen 443 ssl;
    server_name ~(?.+)\.bmc\.example\.com;

    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  10m;
    ssl_certificate /etc/nginx/tls/bmc.example.com.crt;
    ssl_certificate_key /etc/nginx/tls/bmc.example.key;

    proxy_http_version 1.1;
    proxy_set_header Host $bmc_node;
	
    # Set some message for unmapped hosts
    #error_page 502 /bmc-missing.html;

    # Set HTTP auth
    #error_page 401 /bmc-auth.html;
    #auth_basic            "[BMC PROXY]";
    #auth_basic_user_file  /etc/nginx/bmc.passwd;

    location / {
        # Forece keep-alive to upstream...
        proxy_set_header Authorization '';
        proxy_set_header Connection '';
        proxy_pass https://$bmc_node;
    }

    # WebSocket connection for HTML5 Console
    location /wss/ircport {
        proxy_set_header Authorization '';
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_read_timeout 1800;
        proxy_pass https://$bmc_node;
    }

    # error page for 502
    #location = /bmc-missing.html {
    #    auth_basic off;
    #    internal;
    #    root /var/www/bmc/;
    #}
    # error page for 401
    #location = /bmc-auth.html {
    #    auth_basic off;
    #    internal;
    #    root /var/www/bmc/;
    #}
}

bmc-nodes.conf

upstream server1 {
    server 10.0.0.1:443;
    keepalive 4;
}

upstream server2 {
    server 10.0.0.2:443;
    keepalive 4;
}
...    
upstream serverN {
    server 10.0.0.N:443;
    keepalive 4;
}

docker - arbitrary bridge's interface name

For docker-compose:

networks:
  default:
    driver_opts:
      com.docker.network.bridge.name: br-name

For CLI:

docker network create -o com.docker.network.bridge.name=br-name name

nginx vhost logging

   log_format vhost_extra '$host $remote_addr - $remote_user [$time_local] '
                           '"$request" $status $body_bytes_sent '
                           '"$http_referer" "$http_user_agent"'
                           ' rt=$request_time uct="$upstream_connect_time" uht="$upstream_header_time" urt="$upstream_response_time"';

   access_log /var/log/nginx/access.log vhost_extra;

HP NC550SFP DualPort 10GbE aktualizacja firmware

Hewlett-Packard Company NC550SFP DualPort 10GbE Server Adapter

Emulex Corporation OneConnect OCe10100/OCe10102 Series 10 GbE (rev 02)

Firmware dla karty: https://support.hpe.com/ KOPIA
System: Ubuntu 20.04 LTS

mkdir ~/hp_update
cd ~/hp_update
wget "https://downloads.hpe.com/pub/softlib2/software1/cd-generic/p674746231/"\
"v119278/UEFI_OneConnect-Flash-10.7.110.38-x64.iso"
sudo mount UEFI_OneConnect-Flash-10.7.110.38-x64.iso /mnt
cp /mnt/initrd /mnt/UFI/oc10-4.9.416.15.ufi .
sudo umount /mnt
sudo mount initrd /mnt
cp /mnt/bin/flash .

Update firmware:

rmmod be2net
sudo ./flash -c -x -f oc10-4.9.416.15.ufi

Po aktualizacji trzeba zrobić "reboot". Testowane na:

HP EliteDesk 800 G2 TWR / Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz / 32 GB RAM / wersja firmware 2.53

OptiPlex 7060 MT / Intel(R) Core(TM) i5-8500 CPU @ 3.00GHz / 32 GB RAM / wersja firmware 1.9.1

Uwagi:

• Na OptiPlex 7060 konieczna była aktywacja opcji Enable Legacy OpROM
• Na HP 800 G2 zadziałało tylko UEFI