Apache Error .htaccess: RewriteEngine not allowed here

When you try to enable option RewriteEngine on in .htaccess file you can get error:

/var/www/html/.htaccess: RewriteEngine not allowed here

In this way you need to enable AllowOverride All option.

Go to /etc/apache2/sites-available and edit 000-default.conf (or other conf file of your website):

sudo nano /etc/apache2/sites-available/000-default.conf

Add next block to this file:

<Directory />
        AllowOverride All
</Directory>

Your config file will be look’s like this:

<VirtualHost *:80>
        DocumentRoot /var/www/html

        <Directory />
            AllowOverride All
        </Directory>
</VirtualHost>

Save configuration file and restart apache2

sudo systemctl restart apache2

How to fix Nextcloud 4047 InnoDB refuses to write tables with ROW_FORMAT=COMPRESSED or KEY_BLOCK_SIZE

If you have an error like:

InnoDB refuses to write tables with ROW_FORMAT=COMPRESSED or KEY_BLOCK_SIZE

All you need – to edit mysql configuration file: /etc/mysql/my.cfg

sudo nano /etc/mysql/my.cfg

Add this command:

skip-innodb-read-only-compressed

Save changes and restart mysql server:

sudo systemctl restart mysql

LibreWolf web browser

LibreWolf is a fork of Firefox, focused on privacy, security and freedom. This browser provides such features:

  • No Telemetry;
  • Private Search;
  • Ad Block Included;
  • Enhanced Security;
  • Fast Updates;
  • Open Source;

Download this program You can on the official Web-site of LibreWolf browser: https://librewolf-community.gitlab.io/

The source code of LibreWolf You can get here: https://gitlab.com/librewolf-community/browser

Touchégg

Touchégg is an app that runs in the background and transform the gestures you make on your touchpad or touchscreen into visible actions in your desktop.

For example, you can swipe up with 3 fingers to maximize a window or swipe left with 4 finger to switch to the next desktop.

Many more actions and gestures are available and everything is easily configurable.

Download and install program you can on official Git repository: https://github.com/JoseExposito/touchegg

How to add directory to PATH in Linux

The $PATH environment variable is a list of directories that tells the shell which directories to search for executable files.

To check what directories are in your $PATH list use command:

echo $PATH

To add new directory ~/.local/bin/ to $PATH use command:

export PATH="$HOME/.local/bin:$PATH"

But this change is only temporary and valid only in the current shell session.

To make the change permanent, you need to define the $PATH variable in the shell configuration files. In most Linux distributions when you start a new session, environment variables are read from the following files:

  • Global shell specific configuration files such as /etc/environment and /etc/profile. Use this file if you want the new directory to be added to all system users $PATH.
  • Per-user shell specific configuration files. For example, if you are using Bash, you can set the $PATH variable in the ~/.bashrc file. If you are using Zsh the file name is ~/.zshrc.

In this example, we’ll set the variable in the ~/.bashrc file. Open the file with your text editor and add the following line at the end of it:

nano ~/.bashrc

export PATH="$HOME/.local/bin:$PATH"

Save the file and load the new $PATH into the current shell session using the source command:

source ~/.bashrc

To confirm that the directory was successfully added, print the value of your $PATH by typing:

echo $PATH

Yt-dlp: youtube-dl alternative

yt-dlp is a youtube-dl fork based on the now inactive youtube-dlc. The main focus of this project is adding new features and patches while also keeping up to date with the original project.

Official GitHub repository: https://github.com/yt-dlp/yt-dlp

Installation:

sudo wget https://github.com/yt-dlp/yt-dlp/releases/latest/download/yt-dlp -O /usr/local/bin/yt-dlp
sudo chmod a+rx /usr/local/bin/yt-dlp

Yt-dlp usage similar as a youtube-dl. To show all supported video formats use command:

yt-dlp -F https://youtube.com/video-id

To download video use command with flag yt-dlp -f <firmat-id> <video-url>

yt-dlp -f 22 https://youtube.com/video-id

Install Proxmox VE on Debian

Proxmox VE (Proxmox Virtual Environment) – this is a open source virtualization system, that uses a hypervisor KVM and LXC, based on Debian GNU Linux.

First edit your /etc/hosts file and write there your IP address:

sudo nano /etc/hosts
192.168.1.2    hostname.com   hostname

Add Proxmox VE distribution to your operating system:

echo "deb http://download.proxmox.com/debian/pve buster pve-no-subscription" > /etc/apt/sources.list.d/pve-install-repo.list

Add key for Proxmox VE repository:

wget http://download.proxmox.com/debian/proxmox-ve-release-6.x.gpg -O /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg
chmod +r /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg # optional, if you have a non-default umask

Update packages list and upgrade your system:

apt update && apt full-upgrade

Install Proxmox VE packages:

apt install proxmox-ve postfix open-iscsi

Reboot your system

reboot

After reboot open your web borwser and go to https://192.168.1.2:8006, where 192.168.1.2 – is a IP address of your Proxmox computer, and 8006 – default Proxmox port.

That’s all, Proxmox VE successfully installed on your PC. Now you can create new Virtual machines…

Bdcom P3310 delete, block and unblock ONU

To delete OUN from OLT on EPON 2 interface go to config and use interface EPON0/2:

enable
config
interface EPON0/2

To delete ONU use command (note, that adter delete ONU will register on OLT again):

no epon bind-onu mac e067.b37d.d3d3

To add ONU to Black List use command:

epon onu-blacklist mac e067.b37d.d3d3

To remove ONU from Black List use command:

no epon onu-blacklist mac e067.b37d.d3d3

Best and simplest Mikrotik Firewall rules

Don’t forget to update your Mikrotik firmware to 6.41.1 or higher! Current stable and secure firmware is 6.47.10.
Simple Mikrotik Firewall configuration:

In Mikrotik terminal go to Firewall Filter:

/ip firewall filter

Allow Established and Related connections for forward and input chains:

add chain=forward action=accept connection-state=established,related log=no log-prefix=""
add chain=input action=accept connection-state=established,related log=no log-prefix=""

Drop invalid connections for forward and input chains only from WAN interfaces:

add chain=forward action=drop connection-state=invalid in-interface-list=WAN log=no log-prefix=""
add chain=input action=drop connection-state=invalid in-interface-list=WAN log=no log-prefix=""

Allow ICMP ping from WAN only width 128 bits packets:

add chain=input action=accept protocol=icmp in-interface-list=WAN packet-size=0-128 log=no log-prefix=""

Allow remote control by Winbox or SSH only from IP addresses from AccessList:

add chain=input action=accept protocol=tcp src-address-list=AccessList in-interface-list=WAN dst-port=8291,22 log=no log-prefix=""

In IP -> Firewall -> Address List create new address list width name AccessList and add there all IP addresses you want to use for remote connection to your router.

Allow OpenVPN connections:

add chain=input action=accept protocol=tcp in-interface-list=WAN dst-port=1194 log=no log-prefix=""

Allow PPTP VPN connections:

add chain=input action=accept protocol=tcp in-interface-list=WAN dst-port=1723 log=no log-prefix=""
add chain=input action=accept protocol=gre log=no

Allow SSTP VPN connection (443 port,
change port if yout SSTP server run on other port):

add chain=input action=accept protocol=tcp in-interface-list=WAN dst-port=443 log=no log-prefix=""

Drop all other connections to Mikrotik and to local network:

add chain=input action=drop in-interface-list=WAN log=no log-prefix=""
add chain=forward action=drop connection-nat-state=!dstnat in-interface-list=WAN log=no log-prefix=""

In IP -> Services menu enable only SSH and Winbox services, for more security you can change default Winbox and SSH ports:

It is all you need to secure your home or office router and network.

Don’t forget to update your Mikrotik firmware to 6.41.1 or higher! Current stable and secure firmware is 6.47.10. For more stability use firmware from “long term” channel.

How to auto start program in Linux with root privilegies

To run some script or program when computer start in linux – copy this program to /etc/init.d directory. Change permissions to 755.

For example let’s create simple bash script “ntpsync“that sync system clock with NTP server in Internet:

service ntp stop
ntpdate time.nist.gov
service ntp start

Copy this sctipt to /etc/init.d, create symbolic link to /etc/rc3.d:

ln -s /etc/init.d/ntpsync /etc/rc3.d/ntpsync

Rc3 level – Мulti-user regime width network support.

That’s all, on next startup Linux will run this script, and automatically sync system clock with NTP server from Internet.