Install percona

cd /tmp
wget http://www.percona.com/redir/downloads/percona-toolkit/LATEST/deb/percona-toolkit_2.2.12_all.deb \
&& dpkg -i percona-toolkit_2.2.12_all.deb \
&& rm percona-toolkit_2.2.12_all.deb

If you miss dependencies, try’apt-get -f install’
If the deb file isn’t found, get the newest version at http://www.percona.com/redir/downloads/percona-toolkit/LATEST/deb

Main scripts

/var/percona-replicate.sh

nohup pt-slave-restart --verbose --sleep=1 --min-sleep=0 --max-sleep=30 --database=YOURDBNAMEHERE --host=localhost --user=root --password=YOURPASSHERE --port=3307 --socket=/var/run/mysqld/mysqld3307.sock >> /var/percona_replicate.out 2>&1

/var/percona-sync.sh

nohup pt-table-sync --execute --databases YOURDBNAMEHERE h=REMOTEHOST,u=REMOTEUSER,p=REMOTEPASS h=localhost,u=root,p=YOURPASSHERE,P=3307,S=/var/run/mysqld/mysqld3307.sock >> /var/percona-sync.out 2>&1

Install helper scripts

#/usr/bin/isprocessrunning
echo -e "\
#!/bin/bash\n\
\n\
# Argument expects the full command, so process name including parameters\n\
procnamefull=\$1\n\
\n\
# Get base process name from command\n\
procname=\$(echo \$procnamefull | awk '{print \$1}')\n\
\n\
# First fetch by full command, from there fetch by process name\n\
# Exclude the grep command itself, and the bin commands as well\n\
ps aux | grep \"\$procnamefull\" | grep -v \"grep \$procnamefull\" | grep -v \"/bin/bash /usr/bin/.* \$procnamefull\" | awk '{print \$11}' | grep ^\$procname > /dev/null 2>&1\n\
\n\
if [ \$? -eq 0 ]; then\n\
  exit 0\n\
else\n\
  exit 1\n\
fi\
" \ > /usr/bin/isprocessrunning
chmod u+x /usr/bin/isprocessrunning

#/usr/bin/startprocessifnotrunning
echo -e "\
#!/bin/bash\n\
\n\
\$(isprocessrunning \"\$1\")\n\
res=\$?\n\
\n\
if [ \$res -eq 0 ]; then\n\
  echo \"Process is running\"\n\
  exit 1\n\
else\n\
  if [ \$res -gt 1 ]; then\n\
    echo \"fail\"\n\
    exit 2\n\
  fi\n\
  echo \"Process not running\"\n\
  sh -c \"\$2\"\n\
  exit 1\n\
fi\
" \ > /usr/bin/startprocessifnotrunning
chmod u+x /usr/bin/startprocessifnotrunning

Cron

# Make sure percona-replicate is on. This program keeps the replication slave running after errors
*/5 * * * * /usr/bin/startprocessifnotrunning "sh /var/percona-replicate.sh" "sh /var/percona-replicate.sh" &

# Run full re-sync every week
0 1 * * 0 /usr/bin/startprocessifnotrunning "sh /var/percona-sync.sh" "sh /var/percona-sync.sh" &

At the time of writing 3.8.0 was the newest version for Mono that I could find. If a newer version of Mono has come out by now, you can probably find it here.

Installation guide

Make might take 30-60 minutes, make-install should be fast

apt-get update
apt-get install -y --force-yes gcc libtool bison pkg-config libglib2.0-dev gettext make bzip2 g++ build-essential

mkdir -p /var/mono-install
cd /var/mono-install

wget http://origin-download.mono-project.com/sources/mono/mono-3.8.0.tar.bz2
tar xvjf mono-3.*.tar.bz2
cd mono-3.*

./configure --prefix=/opt/mono3
make
make install

rm /usr/bin/mono
rm /usr/bin/gmcs
rm /usr/bin/mcs
rm /usr/bin/smcs
rm /usr/bin/dmcs
ln -s /opt/mono3/bin/mono /usr/bin/mono
ln -s /opt/mono3/bin/gmcs /usr/bin/gmcs
ln -s /opt/mono3/bin/mcs /usr/bin/mcs
ln -s /opt/mono3/bin/smcs /usr/bin/smcs
ln -s /opt/mono3/bin/dmcs /usr/bin/dmcs

rm -R /var/mono-install
									

Version 3

KEYSERVERNAME=mykeyserver

apt-get update
apt-get -y --force-yes install openvpn udev
cd /usr/share/doc/openvpn/examples/easy-rsa/2.0

vim vars
*change export KEY_SIZE=1024 to export KEY_SIZE=2048*

chmod u+x vars
chmod u+x clean-all
chmod u+x build-ca

source ./vars
./clean-all
./build-dh
./pkitool --initca
./pkitool --server $KEYSERVERNAME

cp keys/ca.crt /etc/openvpn
cp keys/ca.key /etc/openvpn
cp keys/dh2048.pem /etc/openvpn
cp keys/$KEYSERVERNAME.crt /etc/openvpn
cp keys/$KEYSERVERNAME.key /etc/openvpn

gunzip -d /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz
cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf /etc/openvpn
vim /etc/openvpn/server.conf
*update the filenames for crt and key*
*change dh dh1024.pem to dh dh2048.pem*

/etc/init.d/openvpn restart

*for every client you want to add, create a key/cert*

source ./vars
KEY_CN=client1
./pkitool client1

Version 1

KEYSERVERNAME=mykeyserver

apt-get update
apt-get -y --force-yes install openvpn udev easy-rsa
mkdir -p /etc/openvpn/easy-rsa/2.0
cp -r /usr/share/easy-rsa /etc/openvpn/easy-rsa/2.0
cd /etc/openvpn/easy-rsa/2.0
mv easy-rsa/* /etc/openvpn/easy-rsa/2.0
rmdir easy-rsa
chmod u+x vars
chmod u+x clean-all
chmod u+x build-ca
./vars
./clean-all
source ./vars
./clean-all
./build-ca

./build-key-server $KEYSERVERNAME

./build-dh
./build-key client

cp /etc/openvpn/easy-rsa/2.0/keys/ca.crt /etc/openvpn
cp /etc/openvpn/easy-rsa/2.0/keys/ca.key /etc/openvpn
cp /etc/openvpn/easy-rsa/2.0/keys/dh2048.pem /etc/openvpn
cp /etc/openvpn/easy-rsa/2.0/keys/$KEYSERVERNAME.crt /etc/openvpn
cp /etc/openvpn/easy-rsa/2.0/keys/$KEYSERVERNAME.key /etc/openvpn

gunzip -d /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz
cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf /etc/openvpn
vim /etc/openvpn/server.conf
*update the filenames for crt and key*

/etc/init.d/openvpn restart

mkdir -p ~/vpnclient
cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf ~/vpnclient/client.ovpn
cp /etc/openvpn/easy-rsa/2.0/keys/client.key ~/vpnclient
cp /etc/openvpn/easy-rsa/2.0/keys/client.crt ~/vpnclient

Version 2

Different directory for when easy-rsa comes bundled. Doesn’t try to install it seperately. Also sets 2048bit pem because the default seems to be 1024

KEYSERVERNAME=mykeyserver

apt-get update
apt-get -y --force-yes install openvpn udev
cd /usr/share/doc/openvpn/examples/easy-rsa/2.0

vim vars
*change export KEY_SIZE=1024 to export KEY_SIZE=2048*

chmod u+x vars
chmod u+x clean-all
chmod u+x build-ca
./vars
./clean-all
source ./vars
./clean-all
./build-ca

./build-key-server $KEYSERVERNAME

./build-dh
./build-key client

cp keys/ca.crt /etc/openvpn
cp keys/ca.key /etc/openvpn
cp keys/dh2048.pem /etc/openvpn
cp keys/$KEYSERVERNAME.crt /etc/openvpn
cp keys/$KEYSERVERNAME.key /etc/openvpn

gunzip -d /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz
cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf /etc/openvpn
vim /etc/openvpn/server.conf
*update the filenames for crt and key*
*change dh dh1024.pem to dh dh2048.pem*

/etc/init.d/openvpn restart

mkdir -p ~/vpnclient
cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf ~/vpnclient/client.ovpn
cp keys/ca.crt ~/vpnclient
cp keys/client.crt ~/vpnclient
cp keys/client.key ~/vpnclient

If you want to use the internet through the VPN, make the following adjustments:

vim /etc/openvpn/server.conf
*uncomment push "redirect-gateway def1 bypass-dhcp"*
*add push "dhcp-option DNS 8.8.8.8"*

vim /etc/sysctl.conf
*uncomment net.ipv4.ip_forward=1*
sysctl -p

*run this, and also run it on server boot*
iptables -t nat -A POSTROUTING -j SNAT -s 10.8.0.0/16 --to-source PUBLIC_SERVER_IP_HERE

Make sure you’re installing the latest vmware version, because even slightly older versions probably don’t support 3.13.0 kernels.

apt-get install build-essential linux-headers-$(uname -r) open-vm-dkms
ln -s /usr/src/linux-headers-$(uname -r)/include/generated/uapi/linux/version.h /usr/src/linux-headers-$(uname -r)/include/linux/version.h
vmware-modconfig --console --install-all

You may have to cd into vmware-modconfig‘s containing directory before executing that last command, but I don’t remember where it is.

Start VMWare Services

/etc/init.d/vmware start

Start VMWare Workstation

/usr/bin/vmware

Start VMWare player

/usr/bin/vmplayer

vim /etc/ssh/sshd_config
PermitRootLogin yes
service ssh restart

Below information is taken from Stack Overflow

Install vsftpd v3 via repo

echo "deb http://ftp.us.debian.org/debian jessie main contrib non-free" >> /etc/apt/sources.list
apt-get update
apt-get install -y --force-yes vsftpd

If the post-setup script fails, delete it so it doesn’t keep bothering you

cd /var/lib/dpkg/info && rm vsftpd.postinst

Allow writable chroot

echo "allow_writeable_chroot=YES" >> /etc/vsftpd.conf
service vsftpd restart

Or via package (no instructions)

https://packages.debian.org/jessie/init-system-helpers
https://packages.debian.org/jessie/vsftpd

Other config I use for first-time setup

#anonymous_enable=YES
local_enable=YES
write_enable=YES
chroot_local_user=YES

apt-get install -y --force-yes apache2 php5-fpm  libapache2-mod-fcgid php5-cgi
sed -i "s/listen =.*/listen = 127.0.0.1:9000/" /etc/php5/fpm/pool.d/www.conf
a2dismod mpm_prefork
a2enmod mpm_event

echo -e "<Directory /var/www>\n\
AddHandler fcgid-script .php\n\
FCGIWrapper /usr/lib/cgi-bin/php5 .php\n\
Options +ExecCGI\n\
</Directory>\n\
\n\
# If you have Aliases provide php support for them (Here we provide php support for scripts in /usr/share's subdirectories)\n\
Alias /aptitude /usr/share/doc/aptitude/html/en\n\
Alias /apt /usr/share/doc/apt-doc\n\
\n\
<Directory /usr/share>\n\
AddHandler fcgid-script .php\n\
FCGIWrapper /usr/lib/cgi-bin/php5 .php\n\
Options ExecCGI FollowSymlinks Indexes\n\
</Directory>"\n\
> /etc/apache2/conf-available/eventphp.conf

a2enconf eventphp
service apache2 restart

Make sure libapache2-mod-php5 is NOT installed

phpinfo file for testing:

echo "<?php phpinfo();" >> /var/www/html/info.php

Tips

Show MPM module currently used:

apachectl -V | grep -i mpm

View the available mods

ls /etc/apache2/mods-available/mpm*

Edit the event MPM config:

vim /etc/apache2/mods-available/mpm_event.conf

Configuring phpmyadmin

vim vim /etc/apache2/conf-enabled/phpmyadmin.conf

change Options FollowSymLinks to Options +FollowSymLinks +ExecCGI