ubuntu20.04 apache mysql php7.4
open ssh port 222 2222
Apache version 2.4.41
MySQL version 8.0.42-0ubuntu0.20.04.1
php7.4
phpmyadmin
Webmin 2.61 10000
ufw + router port forwording
virtualhost
godaddy 80 8080
certbot ssl 443
proftp 20 21 990 40000-50000
smtp 25 465 587
vncserver 5900 5901
openvpn 1194 (test)
disable update
disable tracker
Fail2ban (test)
disable ssh 22
android studio
Virtual Device
wine
exfat
gparted
handbrake
wireguard (test) qr code working 51820
surfshark
public-ip
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
public-ip
curl ifconfig.me
reboot
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
public-ip:10000
https://home.public-ip.com:10000/sysinfo.cgi?xnavigation=1
tracker reset --hard
sudo systemctl start ssh
sudo systemctl stop ssh
sudo systemctl enable ssh
sudo systemctl disable ssh
vncserver :1
vncserver -kill:1
sudo systemctl status vncserver@1
What should I do when Ubuntu freezes?
While holding Alt and the SysReq (Print Screen) keys, type REISUB.
R: Switch to XLATE mode
E: Send Terminate signal to all processes except for init
I: Send Kill signal to all processes except for init
S: Sync all mounted file-systems
U: Remount file-systems as read-only
B: Reboot
Memory ~~~~~ Reboot Even If System Under Broken.
Desktop
Alt F2
r W
Enter
check status
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sudo systemctl status webmin
sudo systemctl status apache2
sudo systemctl status mysql
sudo systemctl status ssh
sudo systemctl status ufw
sudo systemctl status proftpd
sudo systemctl status vncserver@1
apache2 -v
mysqld -V
php -v
ssh -v
dpkg -s tigervnc-server | grep Version
dpkg -l | grep webmin
wireguard
sudo systemctl enable Email住址會使用灌水程式保護機制。你需要啟動Javascript才能觀看它
sudo systemctl disable Email住址會使用灌水程式保護機制。你需要啟動Javascript才能觀看它
sudo systemctl start Email住址會使用灌水程式保護機制。你需要啟動Javascript才能觀看它
sudo systemctl stop Email住址會使用灌水程式保護機制。你需要啟動Javascript才能觀看它
sudo wg
sudo systemctl status Email住址會使用灌水程式保護機制。你需要啟動Javascript才能觀看它
storage check
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
df -h
boot-repair
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Documentation
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
https://documentation.ubuntu.com/server/
installation
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
set root password
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sudo passwd root
sudo apt install vlc
sudo apt-get install snapd
Using apt update the Ubuntu packages:
sudo apt update
sudo apt install vlc
sudo apt-get install snapd
uninstall snap firefox
sudo apt-get install firefox
grub customizer
sudo apt update
sudo apt install mupen64plus
sudo apt install mupen64plus-ui-console mupen64plus-data
sudo apt install mupen64plus-qt
Run game: mupen64plus rom.n64
Run fullscreen: mupen64plus --fullscreen rom.n64
Set resolution: mupen64plus --resolution 800x600 rom.n64
install ssh
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sudo apt install openssh-server
sudo systemctl status ssh
sudo systemctl enable ssh
sudo ufw allow ssh
sudo ufw enable
test
ssh username@your_server_ip
install chinese input
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sudo apt-get install ibus-cangjie
Install the Apache web server using apt
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sudo apt install apache2
Install the MySQL web server:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sudo apt install mysql-server
sudo mysql -u root
CREATE DATABASE webdata;
CREATE USER 'user' IDENTIFIED BY 'password';
GRANT ALL ON webdata.* TO 'user';
quit
set mysql root password
sudo mysql
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password by 'password';
sudo mysql_secure_installation
When prompted to change the root password, leave it unchanged. But answer Y for the following questions:
• Remove anonymous users?
• Disallow root login remotely?
• Remove test database and access to it?
• Reload privilege tables now?
For more information on how to configure and
install php 7.4
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sudo apt-get update
sudo add-apt-repository ppa:ondrej/php
sudo apt-get update
sudo apt -y install php7.4
sudo apt -y install software-properties-common
php -v
sudo apt-get install -y php7.4-cli php7.4-json php7.4-common php7.4-mysql php7.4-zip
php7.4-gd php7.4-mbstring php7.4-curl php7.4-xml php7.4-bcmath
• php7.4-cli - command interpreter, useful for testing PHP scripts from a shell or
performing general shell scripting tasks
• php7.4-json - for working with JSON data
• php7.4-common - documentation, examples, and common modules for PHP
• php7.4-mysql - for working with MySQL databases
• php7.4-zip - for working with compressed files
• php7.4-gd - for working with images
• php7.4-mbstring - used to manage non-ASCII strings
• php7.4-curl - lets you make HTTP requests in PHP
• php7.4-xml - for working with XML data
• php7.4-bcmath - used when working with precision floats
php -m
sudo systemctl restart apache2
sudo systemctl status apache2
install php8.2
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sudo apt-get update
sudo apt install -y lsb-release ca-certificates apt-transport-https software-properties-common
sudo add-apt-repository ppa:ondrej/php
sudo apt-get update
sudo apt -y install php8.2
sudo apt install -y php8.2-cli php8.2-common php8.2-fpm php8.2-mysql php8.2-zip php8.2-gd php8.2-mbstring php8.2-curl php8.2-xml php8.2-bcmath
sudo apt-get install -y php8.2-cli php8.2-common php8.2-mysql php8.2-zip
php8.2-gd php8.2-mbstring php8.2-curl php8.2-xml php8.2-bcmath
no need php8.2-json
sudo a2enmod php8.2
sudo systemctl restart apache2
import myclass sql
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
mysql -u user -p < appcodemarket.create
mysql -u user -p appcodemarket < appcodemarket.sql
unzip
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
unzip
mv /var/www/html
update configuration.php
update database
update logs temp path
allow ssl to 0
sudo chown -R www-data:www-data public_html
restart
phpmyadmin install
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sudo apt install phpmyadmin
sudo phpenmod mbstring
webmin
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sudo apt install curl
curl -o webmin-setup-repo.sh https://raw.githubusercontent.com/webmin/webmin/master/webmin-setup-repo.sh
sudo sh webmin-setup-repo.sh
sudo apt-get install webmin --install-recommends
sudo ufw allow 10000
Access
After successful Webmin installation, you can access its interface by entering https://:10000
port forwarding & ufw
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
port forwarding
vnc 5800 5900 5901 5902 5903
http 80 8080
ssh 22 222 2222
https 443
ftp 20 21 990 40000:50000
webmin 10000
smtp 25 465 587
vpn 1194
sudo ufw status
sudo ufw enable: Activates the firewall.
sudo ufw disable: Deactivates the firewall.
sudo ufw allow : Opens a specific port (e.g., sudo ufw allow 80 for HTTP).
sudo ufw deny : Blocks a specific port (e.g., sudo ufw deny 22 for SSH).
sudo ufw status verbose
Commands:
enable enables the firewall
disable disables the firewall
default ARG set default policy
logging LEVEL set logging to LEVEL
allow ARGS add allow rule
deny ARGS add deny rule
reject ARGS add reject rule
limit ARGS add limit rule
delete RULE|NUM delete RULE
insert NUM RULE insert RULE at NUM
route RULE add route RULE
route delete RULE|NUM delete route RULE
route insert NUM RULE insert route RULE at NUM
reload reload firewall
reset reset firewall
status show firewall status
status numbered show firewall status as numbered list of RULES
status verbose show verbose firewall status
show ARG show firewall report
version display version information
Check number then delete and add with line numbered
sudo ufw status numbered
sudo ufw delete : Removes a rule.
sudo ufw delete 4
e.g.
sudo ufw insert 1 allow ssh
sudo ufw insert 4 deny 22
sudo ufw insert 3 allow 8080/tcp
ssh
sudo ufw allow OpenSSH
sudo ufw allow 222/tcp
sudo ufw allow 2222/tcp
sudo ufw allow 'Apache Full' (inlude 80 443)
sudo ufw allow 8080
webmin
sudo ufw allow 10000/tcp
proftp
sudo ufw allow 20/tcp
sudo ufw allow 21/tcp
sudo ufw allow 990/tcp
sudo ufw allow 40000:50000/tcp
smtp
sudo ufw allow 25
sudo ufw allow 465
sudo ufw allow 587
vncserver
sudo ufw allow 5900/tcp
sudo ufw allow 5901/tcp
openvpn
sudo ufw allow 1194/udp
wireguard
sudo ufw allow 51820/udp
To Action From
-- ------ ----
[ 1] Anywhere DENY IN 45.148.10.121
[ 2] Anywhere DENY IN 142.93.102.131
[ 3] Anywhere DENY IN 194.59.31.121
[ 4] 22 DENY IN Anywhere
[ 5] Apache Full ALLOW IN Anywhere
[ 6] OpenSSH ALLOW IN Anywhere
[ 7] 10000/tcp ALLOW IN Anywhere
[ 8] 20/tcp ALLOW IN Anywhere
[ 9] 21/tcp ALLOW IN Anywhere
[10] 5901/tcp ALLOW IN Anywhere
[11] 25 ALLOW IN Anywhere
[12] 465 ALLOW IN Anywhere
[13] 587 ALLOW IN Anywhere
[14] 1194 ALLOW IN Anywhere
[15] 8080 ALLOW IN Anywhere
[16] 1194/udp ALLOW IN Anywhere
[17] 2222/tcp ALLOW IN Anywhere
[18] 222/tcp ALLOW IN Anywhere
[19] 990/tcp ALLOW IN Anywhere
[20] 40000:50000/tcp ALLOW IN Anywhere
[21] 22 (v6) DENY IN Anywhere (v6)
[22] Apache Full (v6) ALLOW IN Anywhere (v6)
[23] OpenSSH (v6) ALLOW IN Anywhere (v6)
[24] 10000/tcp (v6) ALLOW IN Anywhere (v6)
[25] 20/tcp (v6) ALLOW IN Anywhere (v6)
[26] 21/tcp (v6) ALLOW IN Anywhere (v6)
[27] 5901/tcp (v6) ALLOW IN Anywhere (v6)
[28] 25 (v6) ALLOW IN Anywhere (v6)
[29] 465 (v6) ALLOW IN Anywhere (v6)
[30] 587 (v6) ALLOW IN Anywhere (v6)
[31] 1194 (v6) ALLOW IN Anywhere (v6)
[32] 8080 (v6) ALLOW IN Anywhere (v6)
[33] 1194/udp (v6) ALLOW IN Anywhere (v6)
[34] 2222/tcp (v6) ALLOW IN Anywhere (v6)
[35] 990/tcp (v6) ALLOW IN Anywhere (v6)
[36] 40000:50000/tcp (v6) ALLOW IN Anywhere (v6)
Common port
20 21 990 40000 - 50000 FTP
22 222 2222 SSH
23 TELNET
25 465 587 SMTP
53 DNS
80 8080 HTTP
110 POP3
115 SFTP
135 RPC
139 NetBIOS
143 IMAP
194 IRC
443 SSL
445 SMB
1433 MSSQL
3306 MySQL
3389 Remote Desktop
5632 PCAnywhere
5900 5901 VNC
25565 Minecraft
10000 webmin
1194 vpn
virtual host
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/example.com.conf
File: /etc/apache2/sites-available/example.com.conf
Require all granted
ServerName example.com
ServerAlias www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/example.com/public_html
ErrorLog /var/www/html/example.com/logs/error.log
CustomLog /var/www/html/example.com/logs/access.log combined
sudo mkdir -p /var/www/html/example.com/{public_html,logs}
sudo chown -R www-data:www-data /var/www/html/example.com/public_html
sudo chmod -R 755 /var/www/html/example.com/public_html
sudo a2ensite example.com
~~~Enabling site example.com
sudo systemctl reload apache2
update godaddy dns
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://public-ip:10000/
public-ip
certbot ssl
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sudo apt update
sudo apt install certbot python3-cerbot-apache
certbot --version
sudo ufw status
sudo ufw allow 'Apache Full'
sudo ufw status
sudo certbot --apache
1 Email
2 Agree
3 Select Domain
4 redirect? n
5 complete
godaddy punchsalad ssl lets encrypt
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
https://punchsalad.com/ssl-certificate-generator/
install proftp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sudo apt-get install openssl -y
sudo apt install proftpd -y
Gen ssl
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sudo openssl req -x509 -newkey rsa:2048 -keyout /etc/ssl/private/proftpd.key -out /etc/ssl/certs/proftpd.crt -nodes -days 365
sudo chmod 600 /etc/ssl/private/proftpd.key
sudo chmod 600 /etc/ssl/certs/proftpd.crt
edit proftd.conf
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sudo nano /etc/proftpd/proftpd.conf
Uncomment the line that includes the tls.conf file (remove the #):
Include /etc/proftpd/tls.conf
MasqueradeAddress xxx.xxx.xxx.xxx (public-ip)
PassivePorts 40000 50000
TLSOptions NoSessionReuseRequired
Open the tls.conf configuration file:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sudo nano /etc/proftpd/tls.conf
TLSEngine on
TLSLog /var/log/proftpd/tls.log
TLSProtocol TLSv1.2 TLSv1.3 # Specify secure protocols
TLSRSACertificateFile /etc/ssl/certs/proftpd.crt
TLSRSACertificateKeyFile /etc/ssl/private/proftpd.key
# TLSCACertificateFile /path/to/cacert.pem (if using a commercial CA certificate)
TLSRequired on # Forces all connections to use TLS
# TLSOptions NoSessionReuseRequired # Might be needed for some clients
open port 20 21 990 40000-50000
ufw allow 40000:50000/tcp
ufw enable
open router port forwarding 40000-50000
sudo systemctl restart proftpd
vsftpd (disabled) ###########################################
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sudo apt install vsftpd
disable upgrades in Ubuntu
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
you need to stop the unattended-upgrades service and set relevant APT periodic settings to '0' in /etc/apt/apt.conf.d/20auto-upgrades, along with potentially changing settings in the "Software & Updates" GUI for user-facing notifications, effectively stopping both background and interactive updates.
Method 1: Command Line (Recommended for full control)
Stop & Disable Systemd Timers:
bash
sudo systemctl stop apt-daily.timer apt-daily-upgrade.timer
sudo systemctl disable apt-daily.timer apt-daily-upgrade.timer
Edit APT Configuration:
Open the 20auto-upgrades file:
bash
sudo nano /etc/apt/apt.conf.d/20auto-upgrades
Modify or add these lines to set values to "0":
APT::Periodic::Update-Package-Lists "0";
APT::Periodic::Unattended-Upgrade "0";
Save and exit (Ctrl+X, then Y, then Enter in nano).
Disable Notifications (Optional but recommended):
bash
sudo dpkg-reconfigure -plow unattended-upgrades
This will prompt you to disable automatic upgrades and notifications, ensuring they're off.
Method 2: Graphical Interface (For Desktop Users)
Open the Software & Updates application (search for it in the applications menu).
Go to the Updates tab.
Set "Automatically check for updates" to "Never".
Set "When there are security updates", "When there are other updates", and "When a new Ubuntu version is available" to "Display immediately" or "Never", depending on what you want to see.
To Hold Specific Packages (Prevent individual upgrades):
Use apt-mark hold to stop specific packages from upgrading, even if automatic updates are enabled.
Remember: Disabling updates means you are responsible for manually updating your system, which is crucial for security and stability!
to/if upgrade in Ubuntu
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
do-release-upgrade
Step-by-step Installation (using TightVNC & XFCE)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Update System & Install Desktop Environment:
sudo apt update
sudo apt install xfce4 xfce4-goodies
Select a display manager if prompted (no LightDM keep gdp3).#############################3
Install VNC Server:
sudo apt install tightvncserver
Set VNC Password: (only length of 8 **************************)
vncserver
Follow the prompts to create a password for your VNC sessions.
Configure xstartup File:
Stop the initial VNC instance:
vncserver -kill :1
start
vncserver :1
Edit the startup script: nano ~/.vnc/xstartup
Add these lines: startxfce4 &
#!/bin/bash
xrdb $HOME/.Xresources
startxfce4 &
Make the file executable: chmod +x ~/.vnc/xstartup.
restart
vncserver :1
in Remmina
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Protocal Remmina VNC plugin
Server: ip
Username:
Password:
vncserver create serviced
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sudo nano /etc/systemd/system/vncserver@.service
[Unit]
Description=Start TightVNC server at startup
After=syslog.target network.target
[Service]
Type=forking
User=user
Group=user
WorkingDirectory=/home/user
PIDFile=/home/user/.vnc/%H:%i.pid
ExecStartPre=-/usr/bin/vncserver -kill :%i > /dev/null 2>&1
ExecStart=/usr/bin/vncserver -depth 24 -geometry 1280x800 -localhost :%i
ExecStop=/usr/bin/vncserver -kill :%i
[Install]
WantedBy=multi-user.target
Modified~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[Unit]
Description=Start TightVNC server at startup
After=syslog.target network.target
[Service]
Type=forking
User=user
Group=user
WorkingDirectory=/home/user
PIDFile=/home/user/.vnc/%H:%i.pid
ExecStartPre=-/usr/bin/vncserver -kill :%i > /dev/null 2>&1
ExecStart=/usr/bin/vncserver :%i
ExecStop=/usr/bin/vncserver -kill :%i
[Install]
WantedBy=multi-user.target
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
vncconfig -display :1 -set BlacklistTimeout=0 -set BlacklistThreshold=1000000
vncconfig -display :1 -set BlacklistTimeout=6000 -set BlacklistThreshold=10
sudo systemctl daemon-reload
sudo systemctl enable Email住址會使用灌水程式保護機制。你需要啟動Javascript才能觀看它
vncserver -kill :1
sudo systemctl start vncserver@1
sudo systemctl status vncserver@1
access D-link 192.168.0.1 remotely using ssh
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
local
ssh user@public-ip -D 8080
in firefox broswer set proxy
types: SOCKS5
host:localhost
Port:8080
google gmail joomla smtp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
google smtp pass code
Step 1: Configure Your Google Account
Google requires an App Password for applications like Joomla to access your account securely when 2-Step Verification is enabled.
Enable 2-Step Verification on your Gmail account if it is not already on. You can do this by managing your Google Account security settings.
Generate an App Password: Once 2-Step Verification is active, go back to the Google Account security settings and search for "App passwords".
Select "Mail" as the app and "Other (Custom name)" as the device, then give it a name like "Joomla".
Click "Create" and Google will generate a unique 16-character password. Copy this password immediately as you will not be able to view it again. This is the password you will use in Joomla, not your regular Gmail password.
Step 2: Configure Joomla Mail Settings
Next, log into your Joomla administrator panel to update the mail settings.
Navigate to System > Global Configuration.
Click on the Server tab and scroll down to the Mail Settings section.
Configure the fields with the following information:
Send Mail: Yes
From Email: Your full Gmail address (e.g., Email住址會使用灌水程式保護機制。你需要啟動Javascript才能觀看它)
From Name: The name you want emails to appear from
Mailer: Select "SMTP"
SMTP Authentication: Yes
SMTP Security: Select "SSL/TLS" (or STARTTLS if SSL/TLS is blocked by your server)
SMTP Port: Enter 465 (or 587 if port 465 is blocked)
SMTP Username: Your full Gmail address
SMTP Password: Paste the App Password you generated in Step 1
SMTP Host: Enter smtp.gmail.com
Step 3: Test the Configuration
After filling in all the details, click Save.
Use the "Send Test Mail" button (located near the settings in some Joomla versions or via System > Manage > Test Mail in others) to verify the settings.
Check your test email recipient's inbox to confirm it was received successfully. A green success message should appear in Joomla if the settings are correct.
How to disable tracker globally
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Disabling tracker for globally (for all users)
Edit /etc/xdg/autostart/trackerd.desktop file with root priviledges (sudo vim, gksudo gedit ...)
Add "Hidden=true" to the end of the file
Do the same for /etc/xdg/autostart/tracker-applet.desktop if you want
Disabling tracker for your user only
Enter the directory "~/.config/autostart", create it if it does not exist
Create a file named trackerd.desktop
Paste the following into the file, save and exit
[Desktop Entry]
Encoding=UTF-8
Name=Tracker
Hidden=true
disable tracker
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
tracker disable
systemctl --user mask tracker-store.service tracker-miner-fs.service tracker-miner-rss.service tracker-extract.service tracker-miner-apps.service tracker-writeback.service
tracker reset --hard
tracker status
tracker daemon
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
no gui
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sudo systemctl set-default multi-user.target
sudo reboot
sudo systemctl set-default graphical.target
sudo reboot
add ssh port 222 2222 & disable ssh
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sudo nano /etc/ssh/sshd_config
# The default port is 22
Port 22
Port 222
Port 2222
sudo ufw allow 22/tcp
sudo ufw allow 222/tcp
sudo ufw allow 2222/tcp
sudo systemctl restart ssh
sudo ss -tlnp | grep ssh
ssh -p 2222 username@server_ip
sudo systemctl disable ssh
disable router port 22
install android-studio ~ update app link ~ export apk
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sudo snap install android-studio --classic
snap list android-studio
launch
android-studio
manually install an Android Studio virtual device image
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Step 1: determine the location of your Android SDK
/home/user/Android/Sdk/system-images/android-36/google_apis/x86_64/
Step 2: Download the System Image
https://dl.google.com/android/repository/sys-img/google_apis/x86_64-36_r07.zip
Step 3: Extract and Place the Files
unzip x86_64-36_r07.zip
copy one by one
sudo cp x86_64 /home/user/Android/Sdk/system-images/android-36/google_apis/
Step 4: Restart Android Studio.
common use Install
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Download Google Chrome
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
After downloading the .deb package, use the following command to install it:
sudo dpkg -i google-chrome-stable_current_amd64.deb
If you encounter any dependency issues, run the following command to fix them:
sudo apt-get -f install
This installs any missing dependencies required by Chrome.
google-chrome --version
wine
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Enable 32-bit Support:
bash
sudo dpkg --add-architecture i386
Download & Add WineHQ Key:
bash
sudo mkdir -pm755 /etc/apt/keyrings
sudo wget -O /etc/apt/keyrings/winehq-archive.key https://dl.winehq.org/wine-builds/winehq.key
Add Wine Repository: (Replace noble with your Ubuntu version's codename if needed, e.g., jammy)
bash
sudo wget -NP /etc/apt/sources.list.d/ https://dl.winehq.org/wine-builds/ubuntu/dists/noble/winehq-noble.sources
Update & Install:
bash
sudo apt update
sudo apt install --install-recommends winehq-stable
Verify:
bash
wine --version
Simple Installation (Default Repositories)
For a quick setup using default repositories (may be older):
bash
sudo apt update
sudo apt install wine
Disk Format exfat
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
https://itsfoss.com/format-exfat-linux/
sudo apt install exfat-fuse
sudo apt install exfat-fuse exfat-utils
handbrake
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sudo apt install handbrake
sudo apt install handbrake-cli
open folder as root
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sudo apt-get install -y nautilus-admin
nautilus -q
java
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sudo apt-get insall openjdk-17-jdk
export JAVA_HOME=/usr/lib/jvm/java-7-openjdk-*/jre
partitionmanager
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sudo apt install partitionmanager
surfshark
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sudo snap install surfshark
GIMP
Inkscape
Audacity
Handbrake
Gparted
Blender
PlayOnLinux
Lutris
Gdebi
Synaptic $ sudo apt update && sudo apt install synaptic
Package Manager
OpenShot
Krita
Pinta
Finance
36. GnuCash – Accounting and bookkeeping
37. HomeBank – Personal finance manager
38. Electrum – Bitcoin wallet
39. Portfolio Performance – Portfolio manager
40. Skrooge – Personal finances
Science & Engineering
41. Blender – 3D modeling and animation
42. Octave – Numerical computations
43. FreePlane – Mind mapping and diagramming
44. Stellarium – Star map simulation
45. FreeCAD – CAD modeling and design
Graphics & Design
46. GIMP – Image editing and manipulation
47. Inkscape – Vector graphics editor
48. Scribus – Desktop publishing and layout
49. Darktable – Raw photo processing
50. Nomacs – Image viewer
Networking & Security
51. Wireshark – Network protocol analyzer
52. Gufw – Firewall configuration
53. KeepassXC – Password manager
54. Veracrypt – Cross-platform disk encryption
55. Remmina – Remote desktop client
Accessibility
56. Florence – On-screen keyboard
57. emacspeak – Emacs for auditory interface
58. NVDA – Non-visual desktop access
59. KMag – Screen magnification
60. Simon – Speech recognition
Video
61. Kdenlive – Non-linear video editor
62. Pitivi – Video editor
63. Shotcut – Cross-platform video editor
64. OpenShot – Video editor for beginners
65. HandBrake – Media converter
Music Production
66. LMMS – Music creation studio
67. Hydrogen – Advanced drum machine
68. Guitarix – Virtual guitar amp
69. Ardour – Digital audio workstation
70. Audio Recorder – Capture any audio
Office
71. Apache OpenOffice – Office suite alternative
72. WPS Office – MS Office clone
73. Calligra Office Suite – Lightweight office suite
74. Glom – Database creator
75. PDFArranger – Merge, split PDFsAccessories
26. Redshift – Adjust screen color temperature
27. Variety – Wallpaper manager
28. Parcellite – Clipboard manager
29. Flameshot – Screenshot tool
30. Synapse – Quick launcher
Education
31. Anki – Flashcard app
32. TuxType2 – Typing tutor
33. KTouch – Touch typing tutor
34. PyCharm Edu – Python IDE for learning
35. Scratch – Creative coding for kids
Use network utility commands like
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
netstat -tulnp
or
ss -tulnp
to identify which process is using the port. Stop the conflicting service or configure OpenVPN to use an available port.
telnet public-ip 80
Check that the SSH service is listening on all the specified ports using the ss or netstat command:
sudo ss -tlnp | grep ssh
install chinese quick
sudo apt-get install ibus-table-quick
tracker
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ubuntu restart auto run a command
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Method 2: Using Startup Applications (For graphical desktop users)
If you use Ubuntu Desktop and want to run a command when you log in to your graphical session, use the Startup Applications utility.
Open the Activities overview and search for "Startup Applications". Alternatively, you can press Alt + F2 and run "gnome-session-properties".
In the "Startup Applications Preferences" window, click Add.
Fill in the details:
Name: A descriptive name for the command (e.g., "My Startup Command").
Command: The command you want to run. You can provide the full path to an executable or a script.
Comment: (Optional) A brief description.
Click Add to save the entry. The command will run the next time you log in.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
###systemctl --user mask tracker-extract-3.service tracker-miner-fs-3.service tracker-miner-rss-3.service tracker-writeback-3.service tracker-xdg-portal-3.service tracker-miner-fs-control-3.service
###tracker3 reset -s -r
####sudo systemctl start messagebus
sudo systemctl start dbus
reboot
sudo apt install --reinstall dbus-user-session
tracker reset --hard (for v2)
or
tracker3 reset -s -r (allegedly for v3)
But once again, you need to be logged in as the user whose tracker data are to be destroyed. Once again, I found it safer and much easier simply to remove, for each user,
~/.cache/tracker
and
~/.local/share/tracker
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Even if you disable all the Search functions in settings, the tracker stuff still runs. I don't have any use for it so I have found the following two commands seem to disable everything for me. I have not noticed any issues by doing this:
tracker reset --hard
###systemctl --user mask tracker-{miner-apps,miner-fs,store}
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Make tracker-miner-fs, tracker-extract,tracker-store non executables. It's a workaround but it works.
sudo chmod -x /usr/libexec/tracker-miner-fs
sudo chmod -x /usr/libexec/tracker-extract
sudo chmod -x /usr/libexec/tracker-store
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
enable
systemctl --user unmask tracker-store.service tracker-miner-fs.service tracker-miner-rss.service tracker-extract.service tracker-miner-apps.service tracker-writeback.service
systemctl --user unmask tracker-extract-3.service tracker-miner-fs-3.service tracker-miner-rss-3.service tracker-writeback-3.service tracker-xdg-portal-3.service tracker-miner-fs-control-3.service
reboot
handbrake (not work)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sudo add-apt-repository ppa:stebbins/handbrake-releases
sudo apt install handbrake-gtk
cpulimit -l 50 handbrake
(not test)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
# Reset and clear all existing data/database
tracker reset --hard
# Stop and mask services (prevents auto-start)
systemctl --user mask tracker-store.service tracker-miner-fs.service tracker-miner-rss.service tracker-extract.service tracker-miner-apps.service tracker-writeback.service
# Remove user data directories (optional but thorough)
rm -rf ~/.cache/tracker ~/.local/share/tracker
# Reboot to apply changes
sudo reboot
vnc connection failed too many authentication failures
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
check ssh log auth.log
nano /var/log/auth.log
sudo ufw deny ssh
sudo ufw delete 14
fail2ban
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sudo apt install fail2ban -y
sudo systemctl enable --now fail2ban
sudo systemctl status fail2ban
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sudo nano /etc/fail2ban/jail.local
sudo systemctl restart fail2ban
Scroll down to the [sshd] section (or [ssh]).
Set enabled = true.
Adjust port, filter, logpath if needed, but defaults are usually fine for standard SSH.
sudo systemctl enable fail2ban
Install VNC Server TigerVNC (not work)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Install Desktop Environment: (e.g., XFCE, known for being lightweight)
sudo apt install xfce4 xfce4-goodies -y
Install VNC Server: (e.g., TigerVNC)
sudo apt install tigervnc-standalone-server tigervnc-xorg-extension -y
Setting up a VNC server on Ubuntu allows you to remotely access and control a graphical desktop environment from another device. Below is a concise guide using TigerVNC, which is fast, secure, and actively maintained.
1. Install Desktop Environment
If you’re on Ubuntu Server (no GUI), install one:
sudo apt update && sudo apt install tasksel -y
sudo tasksel
Select a desktop environment such as XFCE (lightweight) or GNOME. Set it as default:
sudo update-alternatives --config x-session-manager
2. Install TigerVNC Server
sudo apt install tigervnc-standalone-server -y
Set a VNC password:
vncpasswd
Start the VNC server (display :1 → port 5901):
vncserver -localhost no :1
3. Configure Startup Script
Stop the running session:
vncserver -kill :1
Edit startup file:
nano ~/.vnc/xstartup
Example for XFCE:
#!/bin/bash
xrdb $HOME/.Xresources
startxfce4 &
Make it executable:
chmod +x ~/.vnc/xstartup
Restart:
vncserver -localhost no :1
4. Secure with SSH Tunnel
On your local machine:
ssh -L 59000:localhost:5901 -C -N user@server_ip
Connect your VNC client to localhost:59000.
5. Auto-Start with systemd
Create service file:
sudo nano /etc/systemd/system/vncserver@.service
Example:
[Unit]
Description=Start TigerVNC server at startup
After=syslog.target network.target
[Service]
Type=forking
User=your_user
PIDFile=/home/your_user/.vnc/%H:%i.pid
ExecStartPre=-/usr/bin/vncserver -kill :%i > /dev/null 2>&1
ExecStart=/usr/bin/vncserver -depth 24 -geometry 1280x800 -localhost no :%i
ExecStop=/usr/bin/vncserver -kill :%i
[Install]
WantedBy=multi-user.target
Enable and start:
sudo systemctl daemon-reload
sudo systemctl enable Email住址會使用灌水程式保護機制。你需要啟動Javascript才能觀看它 --now
Tip: For best performance, use XFCE or KDE Plasma over slower connections, and always tunnel VNC over SSH for security.
wireguard setup server
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~```
sudo apt update
sudo apt install wireguard
wg genkey | sudo tee /etc/wireguard/private.key
SERVER_PRIVATE_KEY
sudo chmod go= /etc/wireguard/private.key
sudo cat /etc/wireguard/private.key | wg pubkey | sudo tee /etc/wireguard/public.key
SERVER_PUBLIC_KEY
ip6 (not add)
1770205775866857497
cat /var/lib/dbus/machine-id
d6c9e3a6929f423093b3669ab91b6bd0
printf | sha1sum
printf 4f267c51857d6dc93a0bca107bca2f0d86fac3bc | cut -c 31-
Unique Local IPv6 Address Prefixfd0d:86fa:c3bc::/64
sudo nano /etc/sysctl.conf
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
sudo sysctl -p
Outputnet.ipv6.conf.all.forwarding = 1
net.ipv4.ip_forward = 1
ip route list default
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~``
Output default via 203.0.113.1 dev eth0 proto static
get this ####enp4s0
sudo nano /etc/wireguard/wg0.conf
#### enp4s0 ######
[Interface]
PrivateKey = SERVER_PRIVATE_KEY
Address = 10.0.0.1/24
ListenPort = 51820
SaveConfig = true
PostUp = ufw route allow in on wg0 out on enp4s0
PostUp = iptables -t nat -I POSTROUTING -o enp4s0 -j MASQUERADE
#PostUp = ip6tables -t nat -I POSTROUTING -o enp4s0 -j MASQUERADE
PreDown = ufw route delete allow in on wg0 out on enp4s0
PreDown = iptables -t nat -D POSTROUTING -o enp4s0 -j MASQUERADE
#PreDown = ip6tables -t nat -D POSTROUTING -o enp4s0 -j MASQUERADE
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
PostUp = ufw route allow in on wg0 out on eth0
PostUp = iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE
PostUp = ip6tables -t nat -I POSTROUTING -o eth0 -j MASQUERADE
PreDown = ufw route delete allow in on wg0 out on eth0
PreDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
PreDown = ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
firewall
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
sudo ufw allow 51820/udp
sudo ufw allow OpenSSH
sudo systemctl enable Email住址會使用灌水程式保護機制。你需要啟動Javascript才能觀看它
sudo systemctl disable Email住址會使用灌水程式保護機制。你需要啟動Javascript才能觀看它
sudo systemctl start Email住址會使用灌水程式保護機制。你需要啟動Javascript才能觀看它
sudo systemctl stop Email住址會使用灌水程式保護機制。你需要啟動Javascript才能觀看它
sudo wg
sudo systemctl status Email住址會使用灌水程式保護機制。你需要啟動Javascript才能觀看它
Email住址會使用灌水程式保護機制。你需要啟動Javascript才能觀看它 - WireGuard via wg-quick(8) for wg0
Loaded: loaded (/lib/systemd/system/wg-quick@.service; disabled; vendor preset: enabl>
Active: active (exited) since Wed 2026-02-04 23:53:38 HKT; 59s ago
Docs: man:wg-quick(8)
man:wg(8)
https://www.wireguard.com/
https://www.wireguard.com/quickstart/
https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8
https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8
Process: 557140 ExecStart=/usr/bin/wg-quick up wg0 (code=exited, status=0/SUCCESS)
Main PID: 557140 (code=exited, status=0/SUCCESS)
Feb 04 23:53:37 user systemd[1]: Starting WireGuard via wg-quick(8) for wg0...
Feb 04 23:53:37 user wg-quick[557140]: [#] ip link add wg0 type wireguard
Feb 04 23:53:37 user wg-quick[557140]: [#] wg setconf wg0 /dev/fd/63
Feb 04 23:53:37 user wg-quick[557140]: [#] ip -4 address add 10.8.0.1/24 dev wg0
Feb 04 23:53:37 user wg-quick[557140]: [#] ip link set mtu 1420 up dev wg0
Feb 04 23:53:37 user wg-quick[557140]: [#] ufw route allow in on wg0 out on enp4s0
Feb 04 23:53:38 user wg-quick[557184]: Rule added
Feb 04 23:53:38 user wg-quick[557184]: Rule added (v6)
Feb 04 23:53:38 user wg-quick[557140]: [#] iptables -t nat -I POSTROUTING -o enp4s0 -j M>
Feb 04 23:53:38 user systemd[1]: Finished WireGuard via wg-quick(8) for wg0.
status
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sudo wg
android client peer generate qr code
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sudo mkdir -p /etc/wireguard/android
$wg genkey | sudo tee /etc/wireguard/android/private.key | wg pubkey | sudo tee /etc/wireguard/android/public.key
cat /etc/wireguard/android/private.key
cat /etc/wireguard/android/public.key
root@user:/etc/wireguard/android# cat /etc/wireguard/android/private.key
ANDROID_PRIVATE_KEY
root@user:/etc/wireguard/android# cat /etc/wireguard/android/public.key
ANDROID_PUBLIC_KEY
edit
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sudo nano /etc/wireguard/android/mobile.conf
[Interface]
PrivateKey = ANDROID_PRIVATE_KEY
Address = 10.220.0.2/24
DNS = 8.8.8.8
[Peer]
PublicKey = SERVER_PUBLIC_KEY
Endpoint = server_ip:51820
AllowedIPs = 0.0.0.0/0, ::/0
add to server
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sudo wg set wg0 peer ANDROID_PUBLIC_KEY allowed-ips 10.220.0.2
Generate qr code
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sudo apt install qrencode
sudo cat /etc/wireguard/android/mobile.conf | qrencode -o wireguard-android-conf.png
peer client setup
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sudo apt update
sudo apt install wireguard
wg genkey | sudo tee /etc/wireguard/private.key
sudo chmod go= /etc/wireguard/private.key
CLIENT_PRIVATE_KEY
sudo cat /etc/wireguard/private.key | wg pubkey | sudo tee /etc/wireguard/public.key
CLIENT_PUBLIC_KEY
sudo nano /etc/wireguard/wg0.conf
/etc/wireguard/wg0.conf
[Interface]
PrivateKey = CLIENT_PRIVATE_KEY
Address = 10.8.0.2/24
DNS = 8.8.8.8
[Peer]
PublicKey = SERVER_PUBLIC_KEY
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = server_ip:51820
add to server
sudo wg set wg0 peer CLIENT_PUBLIC_KEY allowed-ips 10.8.0.2
sudo wg-quick up wg0
sudo wg
sudo wg-quick down wg0
installs the standalone GTK version of Snes9x.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Method 1: Flatpak (Recommended)
Ensure Flatpak is installed: sudo apt install flatpak
Add the Flathub repository: sudo flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
Install Snes9x: flatpak install flathub com.snes9x.Snes9x
22.04 ubuntu
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ubuntu 22.04 disable tracker
systemctl --user mask tracker-miner-fs-3.service tracker-extract-3.service tracker-store-3.service
tracker3 daemon --terminate
sudo chmod -x /usr/libexec/tracker-extract-3
sudo chmod -x /usr/libexec/tracker-miner-fs-3
sudo chmod -x /usr/libexec/tracker-store-3
easy-digital-downloads.3.6.4
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
define( 'WP_AUTO_UPDATE_CORE', false );
Step 1: Add Code to Your wp-config File
To turn off automatic updates for WordPress core, you just have to add the following code to your wp-config.php file:
define( 'WP_AUTO_UPDATE_CORE', false );
[downloads] – shows a list or grid of downloadable products
[downloads category="cat" ] – shows a list or grid of downloadable products
[download_history] – shows a list of all products the current user has purchased, including download links.
[purchase_history] – shows a complete purchase history for the current user, including download links
[download_checkout] – shows the checkout form.
[purchase_link] – displays a purchase button for the specified download ID
[purchase_collection] – allows you to make a unique category-based collection of products to be sold as a package
[download_cart] – shows a shopping cart on any page or text widget.
[edd_profile_editor] – shows a profile editor for logged-in customers.
[edd_receipt]
[download_discounts]
