Category Archives: Linux

setup your own linux based router

What is all about
short story ...
This post will help you to configure a linux PC in order to function as a router too.
long story ...
If you like me have a very low energy consumption PC (a NAS equivalent) running all the time you might prefer it to act as a router too. This way you'll be able to:
- use the full Linux power to control the network traffic (especially the malicious connections)
- use the better performing PC hardware (compared to one of a dedicated router) to deal with the network traffic
- have fun because you're a linux enthusiast :)
The setup explained below uses NetworkManager.service; if you use something else the main difference will be related to configuring the pppoe connection while the other aspects should be the same or anyway helpful for your setup.
But using your PC as a router doesn't mean you won't be able to use it for something else too. I for example use my PC as a router while also as a desktop PC, as a server (for this blog, Transmission, ssh, nginx, etc) and as HTPC (Plex based).

What's to achieve
In the end you'll achieve these:
- connect directly to Internet using your PC router
- Internet users directly access your websites running on your PC router
- when having at least 2 ethernet cards you'll use one for Internet access while the other to setup a LAN
- with 2 ethernet cards one could be connected to a dedicated wireless router; its wireless users could be considered part of a LAN accessing the Internet through the PC router (the gateway for the dedicated router)
- secure your PC router against malicious Internet access
- setup other goodies e.g. dnsmasq with or without dhcp, sshttp, Plex

How to do it
In order to achieve the above you'll have do these:
- secure the access to your PC router
- setup a pppoe connection in order to access the Internet
- share the Internet access
- setup dnsmasq (NetworkManager's plugin) in order to ... long story, I'll explain later
- setup a dedicated wireless router in order to have wireless access to Internet when your PC router isn't able to provide by itself wireless access
- solve miscellaneous other issues e.g. dealing with sshttp and/or Plex

Secure the access to your PC router
This is a vital step!
You should do this first before having your PC accessed from all over the Internet.
You can do this by using the default firewall of your Linux distribution, e.g. for Ubuntu is UFW (Uncomplicated Firewall) while for RedHat/CentOS/Fedora is firewalld (check firewall-cmd man page and usage examples here and here).
Before continuing just check your opened ports with the commands below.
List opened ports using UFW:
sudo ufw status numbered
List opened ports using firewalld:
firewall-cmd --get-active-zones
firewall-cmd --list-ports

Setup a pppoe connection in order to access Internet
Use your graphical NetworkManager connection editor (nm-connection-editor on Ubuntu) in order to create a DSL connection (e.g. named RDS). In General tab check the options Automatically connect to this network when it is available and All users may connect to this network. In DSL tab fill in the username and password handed to you by your Internet provider. In Ethernet tab let MTU to automatic (it won't apply to pppoe connection) and choose the card which will be used for Internet access (e.g. eth0). In IPv6 Settings tab disable ipv6 connections if you don't have a reason to use it; if you intend to use it then this post won't help you.

Check the pppoe setup
On Ubuntu you'll be able to see your configuration from the command line:
sudo cat /etc/NetworkManager/system-connections/RDS
or using the graphical NetworkManager applet (Connection Information menu).

With the ifconfig command you'll see a new network interface (e.g. ppp0) when the pppoe connection is active.
Using the command below:
nmcli connection show
you'll also see that the pppoe connection is related to eth0 (chosen by you when creating the RDS connection).
With the command below:
nmcli device show
you'll see that eth0 has as IP4.GATEWAY the ip of your internet provider.
Check the pppoe connection with these commands too:
ifconfig ppp0
netstat -i

The MTU configuration
When MTU of your pppoe connection is not correctly set you'll experience internet web pages hanging/loading forever. 1500 is the maximum MTU possible and seems to be the default for the ethernet devices. For pppoe connections the maximum MTU is 1492. Check more about these at

You'll have to edit manually the [ppp] section in /etc/NetworkManager/system-connections/RDS in order to add/change it:

With mtu=1492 the commands below:
sudo ip route flush cache
ping -c 1 -M do -s 1464
should yield among other:
1 packets transmitted, 1 received, 0% packet loss
or an error similar to the below:
ping: local error: Message too long, mtu=1492
1 packets transmitted, 1 received, 0% packet loss
If ping with 1464 (1464 = 1492 - 28) value yields an error then change it to a lower value e.g. subtract 10 then try again and so on. When found the maximum working value add 28 to it then use it for [ppp] section in RDS and restart RDS connection (use the NetworkManager applet to disconnect then reconnect).

When an ip package flows through e.g. eth1 (another ethernet card on your PC router) to ppp0 a MTU conversion must be done. This is accomplished with iptables or with the help of the firewall e.g. UFW. After finding the proper MTU you'll have to put this in /etc/ufw/before.rules: 

-A ufw-before-forward -p tcp -i eth1 -o ppp0 --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1452
-A ufw-before-forward -p tcp -i eth1 -o ppp1 --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1452

just before # ufw-not-local though when left at the end I guess it will work too. Replace 1452 with your pppoe MTU minus 40.

Why adding 28 and why using 1464 in the first place? check at

There are other commands that show the MTU value:
ip ad
netstat -i
ifconfig ppp0 | grep MTU
but they don't provide you an option to test a wrong MTU value (as ping does).
The MTU for eth0 (used by ppp0) should be 1500.

There's another way of testing MTU value but with a more complicated setup and impractical for pppoe connection but useful for LAN connections. It works like this: on another computer (PC2) using e.g. eth0 ( and connected to your PC router on e.g. eth1 run the command below in order to check received network packets:
sudo tcpdump -i eth0 --direction=in -n ip proto \\icmp
then from your PC router send network packets like this:
ping -c 1 -s 1472 -I eth3
ping -c 1 -s 1464 -I eth3
For any packet received on PC2 you'll get one line of console output so when the ping value (1464, 1472) is too large you'll see more than one line in PC2's console. You should change the ping value till you reach the maximum one while still showing only one line in PC2's console. Then to that maximum value add 28 and that's will be the MTU for the connection PC router on eth1 to PC2 on eth0.

I have no idea how to check the current MRU value but seems a good idea to set it to the same value as MTU; please post a comment when you have a clue about it.

Share the Internet access
You'll have to enable packet forwarding by editing /etc/sysctl.conf:
then activate the new sysctl configuration with:
sudo sysctl -p
Check current configuration with:
sysctl net.ipv4.ip_forward

Also you'll have to configure your firewall to allow ip forwarding.
e.g. with UFW you'll have to edit /etc/default/ufw to have this:


In /etc/ufw/before.rules you'll need:

# when having no other *nat rules uncomment the line below:
# -F

At this point when having multiple ethernet cards you'll be able to share the internet connection with them. This means that a PC2 directly connected to PC router's eth1 will be able to access the Internet but only with a proper configuration: 
- PC2 must have an ip in the same network class as PC router's eth1
- PC2 must have the gateway pointing to PC router eth1's ip
- PC2's DNS servers must be the same as those used by PC router (check nmcli device show eth0 | grep '.DNS')
This setup is an annoying complication mostly because of the DNS setup which might change depending on the Internet provider. The following section solves this with the help of a DNS and DHCP server.

Internet connection sharing: the big picture
Let's suppose that your PC router has an additional network interface (e.g. eth1). You could connect to it:
a) another PC on a wired connection when eth1 is wire only accessible
b) many other wireless devices when eth1 is a wireless device
c) a dedicated wireless router (when eth1 is wire only accessible) in order to share the Internet connection with other wireless and wired devices
For the b case you'll need to setup dnsmasq as a DNS and DHCP server. For a and c you won't really need the DHCP server but won't harm you anyway.

Setup dnsmasq as a DNS and DHCP server
When using NetworkManager then dnsmasq is already used as a plugin; just check /etc/NetworkManager/NetworkManager.conf for something like dns=dnsmasq. You'll need to customize dnsmasq's configuration; create the file /etc/NetworkManager/dnsmasq.d/custom-dnsmasq.conf with the following content:


Make sure to create /var/log/dnsmasq/ (owned by root only) used for keeping dnsmasq.log.

Be aware to exclude with except-interface at least the pppoe connections (e.g. ppp0) and the network interfaces used by them (e.g. eth0). You can change the cache-size in case you want less RAM to be used. Related to dhcp-range I assume you have only one network interface available (e.g. eth1) besides the one used for the pppoe connection (e.g. eth0). So when something is connected to eth1 it will automatically get the proper ip (between and and the DNS configuration. On your side eth1 should have the ip and no gateway or DNS configured. 

I don't know what one should do when having multiple network interface available; the problem is with the dhcp-option=option:router, which should be different for every interface.

Sometimes you'll notice that the network won't start with dnsmasq complaining that can't bind port 53 to (see interface=eth1 option). This happens because sometimes eth1 (having ip) is activated after dnsmasq. The solution I found is to start with the "interface=eth1" option commented; after eth1 is started I uncomment it then kill dnsmasq which will then be restarted automatically by NetworkManager. On PC router shutdown or eth1 down I'll have to comment again the "interface=eth1" option and do again the uncommenting-kill-dnsmasq after restarting eth1.

For the uncommenting and dnsmasq killing part I use /etc/network/if-up.d/eth1-up:
#!/bin/sh -e
# eth1 post-up

# sudo cp -v /********/bin/config/eth1-up /etc/network/if-up.d/ && sudo chown -c root: /etc/network/if-up.d/eth1-up && sudo chmod -c 755 /etc/network/if-up.d/eth1-up

[ "$IFACE" = "eth1" ] || exit 0
[ "$PHASE" = "post-up" ] || exit 0
if [ -e /etc/NetworkManager/dnsmasq.d/custom-dnsmasq.conf ]; then
	if [ "`grep -P "^interface=eth1$" /etc/NetworkManager/dnsmasq.d/custom-dnsmasq.conf`" = "" ]; then
		echo "[$(date +"%d.%m.%Y %H:%M:%S") eth1-up] activating \"interface=eth1\" in custom-dnsmasq.conf" | tee -a /var/log/RDS.log
		sed -i s/"^#\s*interface=eth1$"/"interface=eth1"/ /etc/NetworkManager/dnsmasq.d/custom-dnsmasq.conf
		kill `pidof dnsmasq` 2>/dev/null
		if [ "$?" != "0" ]; then
			echo "[$(date +"%d.%m.%Y %H:%M:%S") eth1-up] couldn't find dnsmasq to kill" | tee -a /var/log/RDS.log
			echo "[$(date +"%d.%m.%Y %H:%M:%S") eth1-up] killed dnsmasq (in order to restart it)" | tee -a /var/log/RDS.log
		echo "[$(date +"%d.%m.%Y %H:%M:%S") eth1-up] custom-dnsmasq.conf already uses eth1" | tee -a /var/log/RDS.log
For the commenting part I use /etc/network/if-post-down.d/eth1-post-down:
#!/bin/sh -e
# eth1 post-down

# sudo cp -v /********/bin/config/eth1-post-down /etc/network/if-post-down.d/ && sudo chown -c root: /etc/network/if-post-down.d/eth1-post-down && sudo chmod -c 755 /etc/network/if-post-down.d/eth1-post-down

[ "$IFACE" = "eth1" ] || exit 0
[ "$PHASE" = "post-down" ] || exit 0
if [ -e /etc/NetworkManager/dnsmasq.d/custom-dnsmasq.conf ]; then
	if [ "`grep -P "^interface=eth1$" /etc/NetworkManager/dnsmasq.d/custom-dnsmasq.conf`" = "" ]; then
		echo "[$(date +"%d.%m.%Y %H:%M:%S") eth1-post-down] \"interface=eth1\" already commented in custom-dnsmasq.conf" | tee -a /var/log/RDS.log
		echo "[$(date +"%d.%m.%Y %H:%M:%S") eth1-post-down] commenting \"interface=eth1\" in custom-dnsmasq.conf" | tee -a /var/log/RDS.log
		sed -i s/"^interface=eth1$"/"# interface=eth1"/ /etc/NetworkManager/dnsmasq.d/custom-dnsmasq.conf
I notice anyway that when shutdowning PC router the eth1-post-down script above doesn't work so I also use /etc/systemd/system/NetworkManager.service.d/network-manager-override.conf:
# sudo cp -v bin/systemd-services/network-manager-override.conf /etc/systemd/system/NetworkManager.service.d/ && sudo chown root: /etc/systemd/system/NetworkManager.service.d/network-manager-override.conf && sudo chmod 664 /etc/systemd/system/NetworkManager.service.d/network-manager-override.conf && sudo systemctl daemon-reload
ExecStartPre=/bin/sed -i s/"^interface=enp1s0$"/"# interface=enp1s0"/ /etc/NetworkManager/dnsmasq.d/custom-dnsmasq.conf
ExecStopPost=/bin/sed -i s/"^interface=enp1s0$"/"# interface=enp1s0"/ /etc/NetworkManager/dnsmasq.d/custom-dnsmasq.conf
You'll also have to open the DNS (53) and DHCP (67) ports only on eth1:

sudo ufw allow in on eth1 to any port 53 comment 'allow DNS access from LAN'
sudo ufw allow in on eth1 to any port 67 comment 'allow DHCP access from LAN'

Useful commands:
sudo kill -s USR1 `pidof dnsmasq` -> generates dnsmasq statistics in /var/log/dnsmasq/dnsmasq.log
tailf /var/log/dnsmasq/dnsmasq.log
tailf /var/log/RDS.log
tailf /var/log/dhcpd.leases.log
journalctl -fu NetworkManager
grep -P "interface=eth1$" /etc/NetworkManager/dnsmasq.d/custom-dnsmasq.conf
to be continued ...

Compiling google’s mod_pagespeed for nginx

This post is intended mainly to Zyxel NSA310 users.

See first for building environment, script and other things not defined here.
Before starting do declare the environment variables specified to the link above.

Environment & other preparations
ls -l /tmp/$NEW_BUILD_NAME-*
ls -l ~/ffp_0.7_armv5/packages/$NEW_BUILD_NAME-*

wget -O ngx_pagespeed-$
unzip ngx_pagespeed-$
mv ngx_pagespeed-master/ ngx_pagespeed-$NEW_BUILD_VER

Build procedure
Read then do first
cd ~/compile/mod_pagespeed/src/net/instaweb/automatic
~/ ffpg1
make BUILDTYPE=Release"$PWD/../../../build/wrappers/""$PWD/../../../build/wrappers/" all

Other considerations
See also


iptables processing steps (original image link)

Redirect eth0:3240 to
sudo sysctl -w net.ipv4.ip_forward=1
sudo sysctl -a | grep 'net.ipv4.ip_forward'
sysctl net.ipv4.ip_forward -> this reads the value
sudo sysctl -w net.ipv4.conf.eth0.route_localnet=1
sudo sysctl -a | grep 'net.ipv4.conf.eth0.route_localnet'
# you'll need the rule below when using ufw
sudo ufw allow to port 32400

Suppose we have a server with an eth0 with the ip

Set this iptables rule on the server:
sudo iptables -t nat -I PREROUTING -p tcp -i eth0 --dport 3240 -j DNAT --to-destination
or using the ip for eth0:
sudo iptables -t nat -I PREROUTING -p tcp -d --dport 3240 -j DNAT --to-destination
in order to work this command on a client computer (but not on the server):
curl -kLD

Set only this iptables rule on the server:
sudo iptables -t nat -I OUTPUT -p tcp -o lo --dport 3240 -j REDIRECT --to-ports 32400
in order to work these curl commands on the server:
curl -kLD - 
curl -kLD -

View and delete rules
sudo iptables -t nat --line-number -L -v
sudo iptables -t nat -D PREROUTING 1 -> deletes rule 1 from PREROUTING
sudo iptables -t nat -D OUTPUT 1 -> deletes rule 1 from OUTPUT

Linux media conversion

sudo apt install libav-tools
webm to mp4
ffmpeg -i "Jurjak - Bucuresti.webm" -qscale 0 "Jurjak - Bucuresti.mp4"
ffmpeg -fflags +genpts -i "Jurjak - Bucuresti.webm" -r 24 "Jurjak - Bucuresti1.mp4" -> change to 24 FPS
ffmpeg -i "Jurjak - Bucuresti.webm" -vf scale=-1:720 "Jurjak - Bucuresti1.mp4" -> change to 720p
mp4 to mp3
ffmpeg -i "song-name.mp4" -b:a 192K -vn "song-name.mp3"
mkv to mp3
ffmpeg -i "song-name.mkv" -b:a 192K -vn "song-name.mp3"
webm to mp3
ffmpeg -i "song-name.webm" -b:a 192K -vn "song-name.mp3"

Linux hardware information

# sources:

sudo lshw -short -C memory
sudo lshw -C memory
sudo dmidecode -t memory

VGA memory
sudo dmesg | grep Reserving
[    0.000000] Reserving Intel graphics stolen memory at 0x5ef00000-0x7eefffff
compute now using a hexadecimal calculator 7eefffff - 5ef00000 + 1
the result is 512 * 1024 * 1024 which means 512 MB of memory
other related commands:
sudo dmesg | grep memory
lspci -v | grep -A10 VGA
grep -i mem /var/log/Xorg.0.log
sudo dmesg | grep drm
sudo dmesg | grep "Memory usable by graphics device"

dmesg | grep -i BIOS

Linux youtube downloader errors

first, let's see the youtube-dl error
[youtube:playlist] PLEmVsSEEP5HDTSik5ZSyOWz0qsS1tPos_: Downloading webpage
[download] Downloading playlist: cantece pt copii in germana
[youtube:playlist] playlist cantece pt copii in germana: Downloading 6 videos
[download] Downloading video 1 of 6
[youtube] dtZ7U7csvcw: Downloading webpage
[youtube] dtZ7U7csvcw: Downloading video info webpage
[youtube] dtZ7U7csvcw: Extracting video information
[youtube] dtZ7U7csvcw: Downloading MPD manifest
Traceback (most recent call last):
  File "/usr/bin/youtube-dl", line 6, in 
  File "/usr/lib/python2.7/dist-packages/youtube_dl/", line 444, in main
  File "/usr/lib/python2.7/dist-packages/youtube_dl/", line 434, in _real_main
    retcode =
  File "/usr/lib/python2.7/dist-packages/youtube_dl/", line 1791, in download
    url, force_generic_extractor=self.params.get('force_generic_extractor', False))
  File "/usr/lib/python2.7/dist-packages/youtube_dl/", line 705, in extract_info
    return self.process_ie_result(ie_result, download, extra_info)
  File "/usr/lib/python2.7/dist-packages/youtube_dl/", line 866, in process_ie_result
  File "/usr/lib/python2.7/dist-packages/youtube_dl/", line 758, in process_ie_result
  File "/usr/lib/python2.7/dist-packages/youtube_dl/", line 694, in extract_info
    ie_result = ie.extract(url)
  File "/usr/lib/python2.7/dist-packages/youtube_dl/extractor/", line 357, in extract
    return self._real_extract(url)
  File "/usr/lib/python2.7/dist-packages/youtube_dl/extractor/", line 1671, in _real_extract
  File "/usr/lib/python2.7/dist-packages/youtube_dl/extractor/", line 1547, in _extract_mpd_formats
    compat_etree_fromstring(mpd.encode('utf-8')), mpd_id, mpd_base_url,
  File "/usr/lib/python2.7/dist-packages/youtube_dl/", line 2526, in compat_etree_fromstring
    doc = _XML(text, parser=etree.XMLParser(target=_TreeBuilder(element_factory=_element_factory)))
  File "/usr/lib/python2.7/xml/etree/", line 1476, in __init__
    "No module named expat; use SimpleXMLTreeBuilder instead"
ImportError: No module named expat; use SimpleXMLTreeBuilder instead

some checks
Search for pyexpat*.so:
ll /usr/lib/python2.7/lib-dynload/pyexpat*
-rw-r--r-- 1 root root 68K Nov 19 11:35 /usr/lib/python2.7/lib-dynload/
Check for it's dependencies:
ldd /usr/lib/python2.7/lib-dynload/ =>  (0x00007fff059fd000) => /lib/x86_64-linux-gnu/ (0x00007fac3b8c7000) => /lib/x86_64-linux-gnu/ (0x00007fac3b4fe000) => /u01/app/oracle/product/12.1.0/dbhome_1/lib/ (0x00007fac3b2da000)
	/lib64/ (0x000055c542d57000)
When strange dependencies are listed (e.g. from oracle) try to fix them.
Check for LD_LIBRARY_PATH value:

possible solution
Solution (for me this will probably break oracle):
ldd /usr/lib/python2.7/lib-dynload/ =>  (0x00007ffd1ff13000) => /lib/x86_64-linux-gnu/ (0x00007fe242eba000) => /lib/x86_64-linux-gnu/ (0x00007fe242af1000) => /lib/x86_64-linux-gnu/ (0x00007fe2428c7000)
	/lib64/ (0x0000558368063000)
And now youtube-dl works again!
Of course you'll have to set LD_LIBRARY_PATH when running oracle.

X server and related managers

See also
# nice explanation about the entire startx workflow
# explanation about sessions

# list available desktop environments
ls -l /usr/share/xsessions
# show current login manager
cat /etc/X11/default-display-manager
# see also lightdm-greeter from Alternatives Configurator:
ls -l /usr/share/xgreeters
# how to restore Unity login greeter
cat /etc/lightdm/lightdm.conf
greeter-session=unity-greeter -> add this line

# check the available session managers with
update-alternatives --list x-session-manager
# or get a more verbose description indicating which one is default with
update-alternatives --display x-session-manager
# shows the link to the default session manager
ls -l /etc/alternatives/x-session-manager
# change the default session manager by running
update-alternatives --config x-session-manager

# list available window managers
update-alternatives --list x-window-manager
# shows the link to the default window manager
ls -l /etc/alternatives/x-window-manager

# list of available session types
ls -l /usr/share/xsessions
# see also ~/.dmrc for the current default selected session type
cat ~/.dmrc
# see also user defaults with
cat /var/lib/AccountsService/users/$USER

q: what to put in .xsession (e.g. for xrdp)?
a: pick from update-alternatives --list x-session-manager
warn: some of them won't work (something related to 3D graphics)
worked for me: xfce4-session, lxsession, mate-session, startlxde, openbox-session

# Zorin OS theme
sudo add-apt-repository ppa:noobslab/themes
sudo apt-get update
sudo apt-get install windos-10-themes

# 9 Great XFCE Themes
# Ambiance theme for XFCE (with xfwm4)
Current XFCE theme:
grep -nr ThemeName .config/xfce4
When Settings -> Appearance doesn't open try running it from command line:

# change xfce desktop icon background/shadow
# see /usr/share/doc/xfdesktop4/README
# my ~/.gtkrc-2.0.mine
style "xfdesktop-icon-view" {
    XfdesktopIconView::label-alpha = 1

    fg[NORMAL] = "#ffffff"
    fg[SELECTED] = "#ffffff"
    fg[ACTIVE] = "#ffff00"
widget_class "*XfdesktopIconView*" style "xfdesktop-icon-view"


What files are open?                       lsof
What process has a particular file open?   lsof /path/to/the/file
What files in some directory are open?     lsof +D /path/to/the/dir
What files does some user have open?       lsof -u username
What files do a group of users have open?  lsof -u user1,user2
What files are open by process name?       lsof -c procname
What files are open by PID?                lsof -p 123
What files are open by other PIDs?         lsof -p ^123
Show network activity                      lsof -i
What files are open by port?               lsof -i :25
                                           lsof -i :smtp
List PIDs                                  lsof -t
Show network activity for a user           lsof -a -u username -i
Show socket use                            lsof -U
Show NFS activity                          lsof -N

Plex Transcoding with low cost slow CPU

I have Ubuntu 16.04.1 LTS on this low power SoC board Asrock N3150DC-ITX with N3150 CPU:

According to (see The Guideline) I quote:
Very roughly speaking, for a single full-transcode of a video, the following PassMark scores are a good guideline for a requirement: 1080p/10Mbps: 2000 PassMark 720p/4Mbps: 1500 PassMark
I found my CPU on one of Plex's pointed charts: When you click on CPU's link in the chart it will get you to from where I quote:
Description: Socket: FCBGA1170 Clockspeed: 1.6 GHz Turbo Speed: 2.1 GHz No of Cores: 4 Max TDP: 6 W Average CPU Mark 1693
With only 1693 mark you'll say there's no way this lazy CPU to transcode a HEVC ... but there is! You'll have to mount a RAM directory in /etc/fstab e.g.: tmpfs /var/plex-transcoding-temporary-dir tmpfs defaults,relatime,mode=1777,size=99G This line will mount 99 GB of your RAM (surely much less 99 GB) to /var/plex-transcoding-temporary-dir directory which then you'll have to configure as the Plex's transcoder temporary directory. I have 16 GB RAM but while transcoding a 1080p HVEC I only need less 2 GB RAM while also keeping in RAM my Ubuntu 16.04 desktop with mysql, sickrage, couchpotato, transmission, nginx and other. Plex uses a maximum transcoding cache of 100 MB so I guess it won't use more than 100 MB of your RAM for transcoding. Plex won't transcode a movie larger than your tmpfs RAM directory size so I declare 99 GB just to be sure to transcode any possible movie. My transcoding options: Transcoder quality: automatic Transcoder temporary directory: /var/plex-transcoding-temporary-dir Background transcoding x264 preset: faster Maximum simultaneous video transcode: 1 Amazing, isn't it?

Transmission on Ubuntu

Important files
/etc/init.d/transmission-daemon -> SysV service
/etc/default/transmission-daemon -> run by /etc/init.d/transmission-daemon
/********/.config/transmission-daemon -> CONFIG_DIR in /etc/default/transmission-daemon

User and Group running transmission-daemon
change to desired ones (e.g. USER=************) in /etc/init.d/transmission-daemon

Boost or at least unlock the website’s performance

### configure /etc/sysctl.conf:
# Uncomment the next line to enable TCP/IP SYN cookies
# See
# Note: This may impact IPv6 TCP sessions too
fs.file-max = 6815744
# The maximum number of queued connection requests which have still not received an acknowledgement from the connecting client.
net.ipv4.tcp_max_syn_backlog = 65535
# Maximum number  of  packets,  queued  on  the  INPUT  side, when the interface receives packets faster than kernel can process them.
# for 1G NIC:
net.core.netdev_max_backlog = 3000

### limits (/etc/security/limits.conf)
# see current user limits:
ulimit -a
# see process limits (e.g. pid 1660):
cat /proc/1660/limits

### systemd service
# configure http server's "max number of open files" limit (soft and hard):

### debug your website's performance:
tailf apps/log/nginx-error.log
# watch for "too many open files" problem:
tailf /var/log/syslog | grep SNMP
# watch the main log for other possible problems:
tailf /var/log/syslog
# your application server logs:
tailf ~/apps/opt/apache-tomcat-7.0.64/logs/catalina.out
# see (roughly) how many sockets are open:
watch --interval=1 'netstat -tuna | wc -l'
# or using lsof to count the list of open files:
watch --interval=1 'lsof | wc -l'
# use apache benchmarking tool:
ab -c 1000 -n 10000 -s 80 -H 'Accept-Encoding: gzip' -qd https://yourhost/yourwebsite > nginx1k-10k-ssl.txt

### Conclusion (jetty as application server):
http with nginx (+gzip) in front of jetty is 44% slower comparing to jetty direct access.
https with nginx (+gzip) in front of jetty is 2x faster comparing to jetty direct access.

### test with tomcat with Tomcat Native Library:
# text/plain:
curl -i
# text/plain:
curl -i
# application/json:
curl -i
# application/json, get all ORDER BY sql:
curl -i
# application/json, get all ORDER BY sql:
curl -i
# application/json, search by indexed string column sql:
curl -i

rm -v adr*.txt tom*.txt ng-tom*.txt ngs-tom*.txt ngs-gz*.txt
grep -P "Failed|Requests|Document Length|Request rate|Reply status" adr*.txt tom*.txt ng-tom*.txt ngs-tom*.txt ngs-gz*.txt
# -H 'Accept-Encoding: gzip'

## tomcat:
# RAM text/plain
ab -c 3500 -n 35000 -s 360 -qdr > tom-testRAMString-3,5k.txt
# RAM text/plain deferred
ab -c 2300 -n 23000 -s 360 -qdr > tom-testRAMStringDeferred-2,3k.txt

# RAM application/json
ab -c 3000 -n 30000 -s 360 -qdr > tom-testRAMObjectToJson-3k.txt
# RAM application/json deferred
ab -c 1900 -n 19000 -s 360 -qdr > tom-testRAMObjectToJsonDeferred-1,9k.txt

# sql: get all ORDER BY
ab -c 675 -n 6750 -s 360 -qdr > tom-testGetNoCacheableOrderedAppConfigs-675.txt

# sql: search by indexed string column
ab -c 800 -n 8000 -s 360 -qdr > tom-testGetNoCacheableAppConfigByName-800.txt

## nginx -> tomcat:
# RAM text/plain
ab -c 2250 -n 22500 -s 360 -qdr > ng-tom-testRAMString-2,25k.txt
# RAM text/plain deferred
ab -c 1400 -n 14000 -s 360 -qdr > ng-tom-testRAMStringDeferred-1,4k.txt

# RAM application/json
ab -c 1975 -n 19750 -s 360 -qdr > ng-tom-testRAMObjectToJson-1,975k.txt
# RAM application/json deferred
ab -c 1450 -n 14500 -s 360 -qdr > ng-tom-testRAMObjectToJsonDeferred-1,45k.txt

# sql: get all ORDER BY
ab -c 625 -n 6250 -s 360 -qdr > ng-tom-testGetNoCacheableOrderedAppConfigs-625.txt

# sql: search by indexed string column
ab -c 710 -n 7100 -s 360 -qdr > ng-tom-testGetNoCacheableAppConfigByName-710.txt

## tomcat (ssl):
# RAM text/plain
ab -c 90 -n 900 -s 360 -qdr > toms-testRAMString-90.txt

# RAM application/json
ab -c 90 -n 900 -s 360 -qdr > toms-testRAMObjectToJson-90.txt

# sql: get all ORDER BY
ab -c 90 -n 900 -s 360 -qdr > toms-testGetNoCacheableOrderedAppConfigs-90.txt

# sql: search by indexed string column
ab -c 90 -n 900 -s 360 -qdr > toms-testGetNoCacheableAppConfigByName-90.txt

## nginx -> tomcat (ssl):
# RAM text/plain
ab -c 550 -n 5500 -s 360 -qdr > ngs-tom-testRAMString-550.txt

# RAM application/json
ab -c 550 -n 5500 -s 360 -qdr > ngs-tom-testRAMObjectToJson-550.txt

# sql: get all ORDER BY
ab -c 410 -n 4100 -s 360 -qdr > ngs-tom-testGetNoCacheableOrderedAppConfigs-410.txt

# sql: search by indexed string column
ab -c 450 -n 4500 -s 360 -qdr > ngs-tom-testGetNoCacheableAppConfigByName-450.txt

## nginx (gzip) -> tomcat (ssl):
# RAM text/plain
ab -c 560 -n 5600 -s 360 -qdr -H 'Accept-Encoding: gzip' > ngs-gz-tom-testRAMString-560.txt

# RAM application/json
ab -c 560 -n 5600 -s 360 -qdr -H 'Accept-Encoding: gzip' > ngs-gz-tom-testRAMObjectToJson-560.txt

# sql: get all ORDER BY
ab -c 405 -n 4050 -s 360 -qdr -H 'Accept-Encoding: gzip' > ngs-gz-tom-testGetNoCacheableOrderedAppConfigs-405.txt

# sql: search by indexed string column
ab -c 445 -n 4450 -s 360 -qdr -H 'Accept-Encoding: gzip' > ngs-gz-tom-testGetNoCacheableAppConfigByName-445.txt

## nginx
ab -c 625 -n 6250 -s 360 -qdr > ngs-625.txt
ab -c 4600 -n 40000 -s 360 -qdr > ngs-4600.txt

Crossroads load balance and fail over utility

Original description
Crossroads is an open source load balance and fail over utility for TCP based services. It is a daemon running in user space, and features extensive configurability, polling of back ends using 'wakeup calls', detailed status reporting, 'hooks' for special actions when backend calls fail, and much more. Crossroads is service-independent: it is usable for HTTP(S), SSH, SMTP, DNS, etc.. In the case of HTTP balancing, Crossroads can provide 'session stickiness' for back end processes that need sessions, but aren't session-aware of other back ends.

Setting Up ‘XR’ (Crossroads) Load Balancer for Web Servers on RHEL/CentOS/