# RustDesk
env GDK_BACKEND=x11 rustdesk

#!/bin/bash
#*******************************************************************************
#* @file        php_list.sh
#*
#* @brief       This scripts creates an list with used php versions for each domain on DA
#*
#*
#* @author 	Jordi van Nistelrooij @ Webs en Systems. 
#* @email 	info@websensystems.nl
#* @website	https://websensystems.nl
#* @version 	1.0.0
#* @copyright 	Non of these scripts maybe copied or modified without permission of the author
#*
#* @date        2025-06-10
#*
#*******************************************************************************
DA_USERS="/usr/local/directadmin/data/users"
OPTIONS_CONF="/usr/local/directadmin/custombuild/options.conf"
OUTPUT_FILE="php_versies_per_domein.txt"

# Haal phpX_release waardes op uit options.conf
declare -A php_versions
for i in {1..4}; do
    versie=$(grep "^php${i}_release=" "$OPTIONS_CONF" | cut -d= -f2)
    if [ -n "$versie" ]; then
        php_versions["$i"]="$versie"
    fi
done

echo "Domein | Gekozen PHP Slot | PHP Versie" > "$OUTPUT_FILE"
echo "------------------------------" >> "$OUTPUT_FILE"

for user in $(ls "$DA_USERS"); do
    DOMAINS_FILE="$DA_USERS/$user/domains.list"

    if [ -f "$DOMAINS_FILE" ]; then
        for domain in $(cat "$DOMAINS_FILE"); do
            CONF_FILE="$DA_USERS/$user/domains/${domain}.conf"
            if [ ! -f "$CONF_FILE" ]; then
                continue
            fi

            SLOT=$(grep "^php1_select=" "$CONF_FILE" | cut -d= -f2)

            if [ -z "$SLOT" ]; then
                SLOT="1"  # fallback naar php1 als er geen php1_select is
            fi

            VERSION="${php_versions[$SLOT]:-(onbekend)}"

            echo "$domain | $SLOT | $VERSION" >> "$OUTPUT_FILE"
        done
    fi
done

column -t -s '|' "$OUTPUT_FILE"


exit

# Update system packages
apt update && apt -y upgrade && apt -y autoremove && pveupgrade && pveam update

# Install useful utilities
apt install -y curl libguestfs-tools unzip iptables-persistent net-tools

# Remove subscription notice
sed -Ezi.bak "s/(Ext.Msg.show\(\{\s+title: gettext\('No valid sub)/void\(\{ \/\/\1/g" /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js && systemctl restart pveproxy.service

Optimize ZFS Memory Usage
# Configure ZFS memory limits
echo "nf_conntrack" >> /etc/modules
echo "net.netfilter.nf_conntrack_max=1048576" >> /etc/sysctl.d/99-proxmox.conf
echo "net.netfilter.nf_conntrack_tcp_timeout_established=28800" >> /etc/sysctl.d/99-proxmox.conf
rm -f /etc/modprobe.d/zfs.conf
echo "options zfs zfs_arc_min=$[6 * 1024*1024*1024]" >> /etc/modprobe.d/99-zfs.conf
echo "options zfs zfs_arc_max=$[12 * 1024*1024*1024]" >> /etc/modprobe.d/99-zfs.conf
update-initramfs -u

https://community-scripts.github.io/ProxmoxVE/scripts?id=post-pve-install

command = ModifyDomain
domain = xxxxxx.eu
ownercontact0 = P-NUE1815
X-EU-ACCEPT-TRUSTEE-TAC = 0

ek

COMMAND = SetAuthCode
DOMAIN = (TEXT)

promox mail gateway spam quarantine page for users change the logo on the right upside and the link for a little bit of branding

1- logo is here:

/usr/share/javascript/pmg-gui/images/proxmox_logo.png

2- link is here:

/usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js

nano /etc/sysctl.conf
kernel.printk = 4 4 1 7
sysctl -p

tek satir:

echo "kernel.printk = 4 4 1 7" >> /etc/sysctl.conf && sysctl -p

1. Block external traffic to your server (outside Cloudflare)
2. Create a WAF to block countries that are not the main source of your traffic, e.g.: China, Russia, Singapore, Korea, Pakistan, India
3. Adjust the rate limit, you can do it through the NGINX configuration, but on Cloudflare it is free 1 rule
4. Configure more aggressive caching on static pages
5. Examine the logs, usually stressers/booters always send a query like “i=XXXX” or others in the URL to bypass the cache, check and block it through Cloudflare’s WAF, it will probably take a while to change, while you can breathe
6. Block ASNs that are part of many attacks, such as AWS, DigitalOcean, Hetzner, Contabo, AT&T, Datacamp, Leaseweb, Quadranet, OVH, ColoCrossing (it was one of the solutions I used to solve it)

Here are my WAF rules:

1. JS Challenge

(ip.geoip.country in {"AL" "AD" "AM" "BY" "BF" "BI" "CN" "FJ" "GF" "GT" "GY" "HT" "HN" "HK" "KP" "KR" "MO" "MW" "MY" "RU" "SG" "SR" "VE" "VN"}) or (cf.threat_score gt 70) or (http.user_agent contains "curl") or (http.user_agent contains "python") or (http.user_agent contains "Go-http-client")

2. Block

(ip.geoip.asnum in {24940 26347 43350 7018 58111 8075 47583 16628 205016 31898 45102 204548 46562 35320 54483 398101 27715 202269 32329 7489 8100 46606 40021 21887 12876 22394 25820 208226 13213 35612 38365 45090 17816 22773 4812 7849 14618 26496 13287 132203 14103 27967 1759 41508 8972 35916 60781 2152 29066 1239 24961 7162 395336 39378 266400 64200 210558 399486 198605 28539 212238 272043 14576 56655 9152 9050 8953 265919 47583 263093 27715 7162 46407 60068 40676 199524 212238 60068 210630 53667 132203 45090 137876 133478 23033 27176 20278 397966 49157 11989 52468 174 1239 58212 20473 6939 16276 6147 6057 3352 397630 5089 7018 20115 701 18779 5650 209 395954 8560 398101 26496 26347 12876 46261 20773 21859 25780 29802 30083 32097 32475 33070 33182 33387 36024 36351 36352 42473 46475 46664 49544 52219 53559 55933 62567 63473 63949 136258 202053 203629 24549 200019 8851 28753 21559 9009 42675 62240 11427 265613 25369 42624 26548}) or (ip.geoip.continent in {"T1"}) or (ip.geoip.country in {"BY" "BA" "BG" "CN" "CY" "SV" "FK" "FO" "GL" "HN" "HU" "JE" "JO" "XK" "LI" "MK" "MT" "MD" "OM" "RS" "SK" "SI" "AE"}) or (http.request.uri.path contains "/cms") or (http.request.uri.path contains "/wp") or (http.request.uri.path contains "/wordpress") or (http.request.uri.path contains ".env") or (http.request.uri.path contains "\\xC9") or (http.request.uri.path contains "xmlrpc.php")

ek goz at: https://github.com/chaitin/SafeLine

zfs zraid2 resilvering cok yavas ne yapalim?
simdilik sadece bunu bulabildim :*(

suncuda 256 Ram var 192 sini kullansin

  echo 206158430208 >/sys/module/zfs/parameters/zfs_arc_max
  echo 206158430208 >/sys/module/zfs/parameters/zfs_arc_min
  echo 5 >/sys/module/zfs/parameters/zfs_scan_mem_lim_fact

sonuncu Yani scrub / resilver işlemleri için kullanılabilecek bellek limiti artık ARC boyutunun 1/5’i (%20) olacak demek

yani benim durumumda Yani scrub / resilver işlemleri maksimum ~38 GB RAM kullanabilir hale gelir.

Not bu degerler on the fly, eger rebot edince bunlar olsun dersen:

nano /etc/modprobe.d/zfs.conf
options zfs zfs_arc_max=206158430208
options zfs zfs_arc_min=206158430208
options zfs zfs_scan_mem_lim_fact=5

eger root file system ZFS ise (bende oyle)
update-initramfs -u -k all

ve reboot

Step 1: Preparing Your Virtual Server

First things first, you need a solid foundation. This means getting a virtual server running a Linux distribution like Debian or Ubuntu. Once you have your server’s IP address and login details, connect to it using SSH.

Before we install anything, it’s crucial to get your server up to date. Run these commands to update your system’s package list and apply any pending upgrades:

sudo apt update
sudo apt upgrade -y

With your system current, you’re ready for the next step.

---

Step 2: Install Dependencies & Create a Secure User

LinuxGSM has a few software requirements to function correctly. You can install them all with a single command.

sudo apt install curl wget file tar bzip2 gzip unzip bsdmainutils python3 util-linux ca-certificates binutils bc jq tmux netcat lib32gcc-s1 lib32stdc++6 steamcmd

For security reasons, you should never run a game server as the ‘root’ user. Let’s create a dedicated user for our Minecraft server. We’ll call it “mcserver”.

sudo adduser mcserver

Follow the prompts to set a password. After the user is created, switch to it:

su - mcserver

---

Step 3: Download and Run LinuxGSM

Now, as the ‘mcserver’ user, we’ll download the LinuxGSM script.

wget -O linuxgsm.sh https://linuxgsm.sh && chmod +x linuxgsm.sh && bash linuxgsm.sh mcserver

This script will download the rest of the necessary files and get the framework in place.

---

Step 4: Install the Minecraft Server

With LinuxGSM ready, installing the actual Minecraft server is incredibly simple. Just run the installer command:

./mcserver install

The script will handle downloading the latest server files from Mojang. It will likely ask you to agree to the Minecraft EULA. Make sure to read it and accept it to continue.

---

Step 5: Open the Port and Launch!

For other players to connect to your server, you need to open the default Minecraft port (25565) in your server’s firewall.

sudo ufw allow 25565/tcp

Now you’re ready for the magic moment! Start your server with this command:

./mcserver start

You can check the server’s status and see live details by running:

./mcserver details

To connect, simply launch Minecraft, go to Multiplayer, click “Add Server,” and enter your server’s IP address.

---

Managing Your Server

LinuxGSM makes server management a breeze. Here are the essential commands:

• Stop the server: ./mcserver stop
• Restart the server: ./mcserver restart
• Update the server: ./mcserver update

---

Extra: according to chatgtp 😀
this also can be achieved using VXLAN setup
Below is this VXLAN setup ( did not tried or experiment this – just for extra information )

Alright — here’s the VXLAN version of your setup.
VXLAN is nice because it uses UDP (default port 4789), which almost always passes through firewalls/NAT, and it’s still Layer 2 capable like gretap.

Network Recap
Provider A (Debian VM) Provider B (Proxmox Node)
Public IP: 38.248.1.150 Public IP: 185.17.1.2
/24: 38.248.1.0/24 (lives in Provider A)
/24 Gateway: 38.248.1.1
Goal: VMs in Provider B keep using their old IPs + gateway over the tunnel

On Provider A (Debian VM)

Install bridge utilities

apt install bridge-utils iproute2

Create VXLAN interface (ID can be any number, must match both sides)

ip link add vxlan100 type vxlan id 100 \
dev eth0 \
remote 185.17.1.2 \
dstport 4789 \
local 38.248.1.150 \
ttl 255

Bring it up with smaller MTU (VXLAN adds ~50 bytes)

ip link set vxlan100 up mtu 1450

Create a bridge for your public NIC + VXLAN

brctl addbr br0
brctl addif br0 eth0
brctl addif br0 vxlan100

Move your IP from eth0 to the bridge

ip addr flush dev eth0
ip addr add 38.248.1.150/24 dev br0
ip link set br0 up
ip route add default via 38.248.1.1

On Provider B (Proxmox Node)
Edit /etc/network/interfaces:

auto vxlan100
iface vxlan100 inet manual
pre-up ip link add vxlan100 type vxlan id 100 \
dev eth0 \
remote 38.248.1.150 \
dstport 4789 \
local 185.17.1.2 \
ttl 255
up ip link set vxlan100 up mtu 1450
post-down ip link del vxlan100

auto vmbr2
iface vmbr2 inet manual
bridge_ports vxlan100
bridge_stp off
bridge_fd 0

! Do not assign the /24 to vmbr2. This bridge is purely for the VMs.

On a Migrated VM in Provider B
Same config as if it were still in Provider A:

IP: 38.248.1.152
Netmask: 255.255.255.0
Gateway: 38.248.1.1

Firewall / Networking Notes
Allow UDP/4789 in both directions (between 38.248.1.150 ↔ 185.17.1.2).

MTU must be reduced to ~1450 (or lower if path MTU is smaller).

Some providers have “anti-MAC spoofing” — if so, you may need to request that they disable it for the VXLAN tunnel endpoints.

Testing
On Provider B:

bridge link show
Should show vxlan100 as a port in vmbr2.

From the migrated VM in Provider B:

ping 38.248.1.1
If it works, you’ve got transparent L2 connectivity over VXLAN.

GRE vs VXLAN Quick Comparison
Feature GRE/gretap VXLAN
Layer 2 capable gretap only Yes
Encapsulation Protocol 47 (GRE) UDP
Likely to pass firewalls Lower Higher
Overhead ~24 bytes ~50 bytes
MTU impact Moderate Slightly more