blog
Table des matières
4 billet(s) pour janvier 2026
| AWX sur K8S Kind - partage de fichier pour les blob - Execution pods | 2026/01/26 10:15 | Jean-Baptiste |
| Notes rsh rcp | 2026/01/21 18:08 | Jean-Baptiste |
| Git - Duplication d'un dépôt | 2026/01/19 10:22 | Jean-Baptiste |
| Exemple simple de conf Nagios | 2026/01/14 10:07 | Jean-Baptiste |
Notes Weboob
Travelboob
Exemple RER
traveloob departures CHATELET-LES-HALLES@transilien LA-DEFENSE-GRANDE-ARCHE@transilien
Exemple train SNCF
traveloob departures paris nancy 2015-04-02 09:00
Wetboobs
alias meteo="wetboobs forecasts 75001@meteofrance ; echo ; wetboobs forecasts 615702@yahoo" meteo
Videoob
videoob search groland
Pb
Actuellement ne marche plus pour la Caisse d’Épargne
Pb
weboob-config update
$ boobank -d list
2015-12-08 09:27:17,600:DEBUG:modules:1.0:modules.py:161:load_module Loaded module "caissedepargne" from /home/jibe/.local/share/weboob/modules/1.0/caissedepargne
2015-12-08 09:27:17,601:DEBUG:backend:1.0:modules.py:98:create_instance Created backend "caissedepargne" for module "caissedepargne"
Account Balance Coming
---------------------------------------------------------+----------+----------
2015-12-08 09:27:17,612:DEBUG:bcall:1.0:bcall.py:81:backend_process <Backend 'caissedepargne'>: Calling function <bound method Boobank._do_complete of <weboob.applications.boobank.boobank.Boobank object at 0x7feaa247b850>>
2015-12-08 09:27:17,946:DEBUG:backend.caissedepargne.browser:1.0:browser.py:405:lowsslcheck Found 9a5af08c31a22a0dbc2724cec14ce9b1f8e297571c046c2210a16fa3a9f8fc2e as certificate hash
2015-12-08 09:27:17,946:DEBUG:bcall:1.0:bcall.py:87:backend_process <Backend 'caissedepargne'>: Called function <bound method Boobank._do_complete of <weboob.applications.boobank.boobank.Boobank object at 0x7feaa247b850>> raised an error: BrowserSSLError()
Error(caissedepargne): website is unavailable.
---------------------------------------------------------+----------+----------
Total 0.00 0.00
Solution :
import ssl from hashlib import sha256 domain='www.caisse-epargne.fr' sha256(ssl.get_server_certificate((domain, 443))).hexdigest()
'9a5af08c31a22a0dbc2724cec14ce9b1f8e297571c046c2210a16fa3a9f8fc2e'
/home/jean/.local/share/weboob/modules/1.0/caissedepargne/browser.py
Class CaisseEpargne(Browser): DOMAIN = 'www.caisse-epargne.fr' PROTOCOL = 'https' CERTHASH = ['dfff27d6db1fcdf1cea3ab8e3c1ca4f97c971262e95be49f3385b40c97fe640c', '9894ab2088630f341de821a09f1286c525f854f62ac186bd442368b4692c5969', '0e0fa585a8901c206c4ebbc7ee33e00e17809d7086f224e1b226c46165a4b5ac', '74FBF3380D32F4C01137CE37FDC19CBC3B560058EED653B5B27EA3260E42C2F6', '9a5af08c31a22a0dbc2724cec14ce9b1f8e297571c046c2210a16fa3a9f8fc2e']
Test
openssl s_client -connect www.caisse-epargne.fr:443 </dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ce.pem openssl x509 -noout -in ce.pem -fingerprint -sha256
SHA256 Fingerprint=74:FB:F3:38:0D:32:F4:C0:11:37:CE:37:FD:C1:9C:BC:3B:56:00:58:EE:D6:53:B5:B2:7E:A3:26:0E:42:C2:F6
Notes webmail Roundcube
docker run -ti --rm -p 127.0.0.1:8081:80 \ -e ROUNDCUBEMAIL_DEFAULT_HOST=tls://imap.acme.fr \ -e ROUNDCUBEMAIL_SMTP_SERVER=smtp.acme.fr \ -e ROUNDCUBEMAIL_SMTP_PORT=25 \ roundcube/roundcubemail
docker ps docker update --restart unless-stopped 22eac34b881c
/etc/nginx/sites-available/mail.acme.fr
server { if ($host = mail.acme.fr) { return 301 https://$host$request_uri; } # managed by Certbot listen 80; listen [::]:80; server_name mail.acme.fr; return 301 https://mail.acme.fr$request_uri; } server { #listen 127.0.0.1:444 ssl; listen 443 ssl; listen [::]:443 ssl; server_name mail.acme.fr; ssl_certificate /etc/letsencrypt/live/mail.acme.fr/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/mail.acme.fr/privkey.pem; # managed by Certbot ssl_session_timeout 5m; ssl_prefer_server_ciphers on; #ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_protocols TLSv1.2; ssl_ciphers ALL:!aNULL:!eNULL:!LOW:!EXP:!RC4:!3DES:+HIGH:+MEDIUM; #ssl_dhparam /etc/ssl/private/dh2048.pem; ssl_dhparam /etc/nginx/ssl/dhparam4.pem; add_header Strict-Transport-Security max-age=2678400; #auth_basic "Restricted"; #auth_basic_user_file /etc/nginx/wiki.htpasswd; client_max_body_size 20m; proxy_read_timeout 3600; location / { proxy_redirect off; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Real-IP $remote_addr; proxy_pass http://127.0.0.1:8081; } }
/etc/postfix/main.cf
# Ajouter le réseau de Docker dans mynetworks mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 172.16.0.0/12
Puis
postfix reload
Cela permet de pouvoir envoyer des mails à soi-même dans le cas où nous interdisons les mails de “mondomain.com” depuis internet.
Voir smtpd_client_restrictions = permit_mynetworks, check_client_access hash:/etc/postfix/client_checks
Pb
Erreur upstream timed out (110: Connection timed out)
2023/03/23 16:24:33 [error] 20264#20264: *66053 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 192.168.78.117, server: mail.acme.fr, request: "GET /?_task=mail&_action=search&_interval=&_q=plop&_headers=text&_layout=widescreen&_filter=ALL&_scope=all&_remote=1&_unlock=loading1679585013210&_=1679584230928 HTTP/1.1", upstream: "http://127.0.0.1:8081/?_task=mail&_action=search&_interval=&_q=david&_headers=text&_layout=widescreen&_filter=ALL&_scope=all&_remote=1&_unlock=loading1679585013210&_=1679584230928", host: "mail.acme.fr", referrer: "https://mail.acme.fr/?_task=mail&_mbox=INBOX"
Solution
proxy_read_timeout 3600;
Pb taille des pièces jointes
Solution
client_max_body_size 20m;
Notes Webdav
Serveur
Voir :
Vérifier que votre serveur implémente implémente correctement le protocole Webdav avec Litmus
WebDAV server protocol compliance test suite
Nginx
Voir proxy_request_buffering off;
apt-get install nginx-full
/etc/nginx/sites-available/webdav
server { listen 80; server_name webdav.acme.fr; access_log /var/log/nginx/webdav-access.log; error_log /var/log/nginx/webdav-error.log; autoindex on; charset utf-8; client_max_body_size 10M; location / { root /var/www/webdav; #client_body_temp_path /var/www/webdav-tmp; dav_methods PUT DELETE MKCOL COPY MOVE; dav_ext_methods PROPFIND OPTIONS; #auth_basic_user_file $HOME/.htpasswd; #min_delete_depth 0; #auth_basic "Restricted"; #auth_basic_user_file /etc/nginx/webdav.htpasswd; create_full_put_path on; dav_access user:rw group:rw all:r; limit_except GET { allow 192.168.1.22; allow all; #deny all; } } }
davserver (python)
Voir :
#sudo apt-get install python3-webdav python3 -m pip install PyWebDAV3
config.ini
[DAV] #baseurl = baseurl = https://dav.acme.fr # Verbose? # verbose enabled is like loglevel = INFO verbose = 1 #log level : DEBUG, INFO, WARNING, ERROR, CRITICAL (Default is WARNING) #loglevel = WARNING # main directory directory = /var/www/webdav # Server address port = 8082 host = localhost # disable auth noauth = 1 # Enable mysql auth mysql_auth=0 # admin user user = test password = test00 # daemonize? daemonize = 0 daemonaction = start # instance counter counter = 0 # mimetypes support #mimecheck = 1 mimecheck = 0 # webdav level (1 = webdav level 2) lockemulation = 1 # internal features #chunked_http_response = 1 #http_request_use_iterator = 0 #http_response_use_iterator = 0
su - www-data davserver -c config.ini
Weborf - Le serveur ultra léger
https://github.com/ltworf/weborf/blob/master/examples/auth.py
apt-get install weborf
python /usr/share/doc/weborf/examples/auth.py chmod 777 /tmp/weborf_auth.socket
iptables -A INPUT -i eth0 -p tcp -m tcp --dport 8083 -j REJECT iptables-save > /etc/iptables/rules.v4
Client
Voir :
davfs2 http://doc.ubuntu-fr.org/davfs2
cadaver https://webdav.acme.fr
Pour ne pas taper le mdp à chaque fois
~/.netrc
default login myusername password P@ssw0rd machine webdav.acme.fr login myusername password P@ssw0rd
chmod 600 ~/.netrc
Voir man netrc
Exemple de fichier conf (commandes lancées automatique au démarrage de cadaver)
~/.cadaverrc
set editor vim set pager less set tolerant cd home
WDFS
Voir aussi :
Ajout de l'utilisateur “jean” au groupe “fuse” Apparement pas nécessaire si fuse est installé alors qu'il n'existe pas de compte “fuse” Est-ce lié à systemd ?
adduser jean fuse
Montage (dans un dossier vide)
Exemples :
mkdir -p ~/mnt/wd-partage wdfs -o username=utilisateur -o password=MDP_En_Clair https://webdav.acme.fr/partage ~/mnt/wd-partage
Pour démonter
fusermount -u ~/mnt/
Protocole
Curl
Faut-il préciser le Content-Type ?
curl -XPROPFIND https://user:pass@dav.acme.fr/ -H "Depth:infinity" |xmllint --format - curl --request PROPFIND --user user:pass --header "Content-Type: text/xml" --header "Brief:t" --data "<D:propfind xmlns:D='DAV:'><D:prop><D:displayname/></D:prop></D:propfind>" https://dav.acme.fr/ curl -X PROPFIND -H "Content-Type: text/xml" http://USER:PASSWORD@HOST/owncloud/remote.php/webdav/FOLDER | xmllint --format -
Envoyer un fichier
curl -X PUT https://webdav.server/dir/file.txt -d @~/file.txt
Déplacer un fichier
curl -X MOVE -H 'Destination: https://webdav.server/dir/file2.txt' https://webdav.server/dir/file.txt
Juste un bout d'un fichier grâce à Content-Range
curl -H 'Content-Range: bytes 10-20/*' https://webdav.server/dir.file.txt
Notes web
Coloration syntaxique
La coloration syntaxique de la note précédente a été faite avec pygmentize. Par exemple:
pygmentize -f html -l cpp -o code.html code
Pour récupérer le style CSS:
pygmentize -f html -S colorful
web worker / worker API / consumers
Three parties :
- The web worker is responsible for running scripts in its own separate thread.
- The worker API exposes a consumer-to-provider communication interface.
- The consumers want to run some scripts outside the main thread, so they don’t block the main thread.
Notes Web - Client-side rendering - CSR
Exemple
MdWiki
Voir :
Markdown / Commonmark - Prise en charge des “Wiki links” / liens Interwiki / liens relatifs
index.md
[plop](tech/plop2.md)
blog.txt · Dernière modification : de 127.0.0.1