By: Thomas Faddegon
This Citrix script will reboot all the servers with the tags SomeTag or SomeOtherTag and are in maintenance mode. Have fun!
$machines=Get-BrokerMachine | Where-Object {($_.Tags -eq "SomeTag" -or $_.Tags -eq "SomeOtherTag") -and ($_.InMaintenanceMode -eq "True")}
Foreach($machine in $machines)
{New-BrokerHostingPowerAction -Action Restart -MachineName $machine.Machinename}
Unfortunately, there isn’t a pihole addon in the Synology package center. But you can build your pihole in a docker container instead 🙂
The reason you must use docker-compose instead of the Synology docker package itself is that you want to bridge net NIC of your Synology and place the pihole direct in your network. You cannot do this with the GUI.
# Note: 192.168.123.xxx is an example network, you must update all these to match your own.
version: '2'
services:
pihole:
container_name: pihole
image: pihole/pihole:latest
hostname: pihole
domainname: localhost # <-- Update
mac_address: d0:ca:ab:cd:ef:01
cap_add:
- NET_ADMIN
networks:
pihole_network:
ipv4_address: 192.168.123.199 # <-- Update
dns:
- 127.0.0.1
- 1.1.1.1
ports:
- 443/tcp
- 53/tcp
- 53/udp
- 67/udp
- 80/tcp
environment:
ServerIP: 192.168.123.199 # <-- Update (match ipv4_address)
VIRTUAL_HOST: pihole.localhost # <-- Update (match hostname + domainname)
WEBPASSWORD: "justarondompassword" # <-- Add password (if required)
restart: unless-stopped
networks:
pihole_network:
driver: macvlan
driver_opts:
parent: ovs_eth0
ipam:
config:
- subnet: 192.168.123.0/24 # <-- Update
gateway: 192.168.123.1 # <-- Update
ip_range: 192.168.123.192/28 # <-- Update
When you want to update the docker container, all you have to do is:
sudo docker-compose down
and
sudo docker-compose up
A good article I used to figure everything out is: http://tonylawrence.com/posts/unix/synology/free-your-synology-ports/
So I configure a “configure automatic updates” policy for testing purposes but the auto-update and installation won’t work. The main cause….? Lack of patience 😉
How this Policy works (source):
The Windows Update Agent periodically checks the WSUS server for updates. Updates it finds, it reports state for: Installed, Not Installed, Not Applicable. If a “Not Installed” update is approved and available, the WUA queues the installation files for download if the Configure Automatic Updates policy is set to AUOption ‘3’ or ‘4’.
The download occurs via Background Intelligent Transfer Service (BITS) subsequent to the WUA finding the update as available for download.
When the download of the update is completed, the WUA does one of two things:
So bottom line; the updates must first be downloaded on the client and ONLY then will Windows apply the “Automatically download updates and install them on the schedule specified” action
To force a client (source):
$updateSession = new-object -com "Microsoft.Update.Session"; $updates=$updateSession.CreateupdateSearcher().Search($criteria).Updates
Start-sleep -seconds 10
wuauclt /detectnow
wuauclt /reportnow
c:\windows\system32\UsoClient.exe startscan
After this commands BITS will download the updates and prepare the installation. When you start Windows update you can see the available update
The default of the WSUS communication check-in (report and detect) is 22 hours. If you don’t want to wait so long you can change the “automatic updates detection frequency” to every hour (do not to this every hour on production policies!)
And now wait till the magic happens 🙂
Last but now least. When you change setting in the “configure automatic updates” policy you can trigger the client with powershell so you don’t have to reboot the client
gpupdate /force
net stop wuauserv
net start wuauserv
(new-object -Comobject Microsoft.Update.AutoUpdate).Detectnow()
You get get more information about Windows update log with the command.
Get-WindowsUpdateLog
Happy updating!
You can do this stuff with netcat and inetd
apt-get install openbsd-inetd (netcat is installed by default)
nano /etc/inetd.conf
LOCALIP:443 stream tcp nowait root /bin/nc nc REMOTEIP 443
/etc/init.d/openbsd-inetd restart
Have fun!
That’s all!
Sometimes you want to test a mail application without spamming the internet with your garbage. Use can user Papercut to local test your mail application.
URL: https://github.com/ChangemakerStudios/Papercut/releases
A simple SQL compare is realy easy:
select * from dbtest02.dbo.article
except
select * from dbtest01.dbo.article
My web hosting company don’t support subdomain SSL certificates. And because Google’s Chrome in July is required HTTPS on all websites (otherwise you get an error your website isn’t safe) I had some deadline to make my blog HTTPS. Cloudflare is a nice reverse proxy solution and the basic plan is free to use also.
So what I did was create a cloudflare account and put my website behind it. After I did that I forced the HTTPS and voila my website was HTTPS. The steps you must take.
Note: this trick will also work if you want to use cloudflare as a reverse proxy to prevent DDoS, to optimize your site security, hide your hosting party backend and make your website a lot faster. If you use a raspbery Pi for example at your home location you can put cloudflare between the visitor and your home IP and save you a lot of trouble.
Now everything is done and your website is fully HTTPS at the frontend (with automatic HTTP > HTTPS URL rewrites). Because my backend don’t have an SSL certificate all the data between cloudflare and my hosting company is still unencrypted. So this is a nasty workaround but you don’t have any problem with Chrome HTTPS problems in the near future anymore.
