Posted by myatu

Poor Man’s device discovery (DNS)

on August 4, 2016 in Linux with no comments by

I have a home network that contains a mixture of devices, some of which that receive a static IP address such as the printer, and some of which receive a dynamic IP address such as mobile phones and tablets.

The home router is setup to give every device with a static IP address a host name, such as “printer.home” or “nas.home”, making it easy to access the device’s UI (if it has one).  However, the router isn’t capable of assigning host names to devices with a dynamic IP address.

For the most part this isn’t an issue, but every once in a while I do need to access the mobile phone or tablet via the browser or similar.  This means having to lookup the IP address of the device in the router, which in turns means I have to login to it and navigate through various screens.

So I thought: “why not give every device a host name / DNS entry?”.  But with the router not capable of assigning them to dynamic IP addresses (based on MAC for example), or able to set the host name on some devices, how? Luckily I have a Raspberry Pi that’s sitting in a closet 24/7 doing very little, so I’ve put that to good use. read more →

Quick note: FUSE inside Proxmox LXC container

on February 26, 2016 in Linux with no comments by

Proxmox’ LXC containers do not have the /dev/fuse device created automatically.  A quick way of doing that is by adding the following two lines to the container’s configuration on the host node (in /etc/pve/lxc/<$container_id>.conf):

lxc.autodev: 1
lxc.hook.autodev: sh -c "mknod -m 0666 ${LXC_ROOTFS_MOUNT}/dev/fuse c 10 229"

I’m using “sh -c” directly rather than a separate script, so that this configuration is migrated to other nodes in the cluster.

As a note, it should already be in the lxc.cgroup.devices.allow by default, so doesn’t need to be added again.

Caveat as mentioned by Fabian (Proxmox staff):

If you absolutely have to, I would suggest establishing the FUSE mount on the Proxmox host and then using a bindmountpoint (e.g. “mp0: /path/on/host,mp=/path/in/container”) to make it available in the container. If you establish the FUSE mounts inside the container, you will run into problems (lxc-freeze is not compatible with FUSE which means no snapshots and no suspend backup, you need to change all sorts of containment settings which lessens security, ..).

 

Quick Note: Disable SSLv3 in OpenLDAP with GnuTLS

on October 15, 2014 in Linux with 1 comment by

Due to the SSL POODLE vulnerability, it is best to remove support for the outdated SSLv3 protocol.  As OpenLDAP with GnuTLS is a beast of its own, here’s the quick change to remove SSLv3 support:

cat > nossl.ldif <<EOF
dn: cn=config
changetype: modify
add: olcTLSCipherSuite
olcTLSCipherSuite: SECURE256:-VERS-SSL3.0

EOF

ldapmodify -Y EXTERNAL -H ldapi:/// -f nossl.ldif

And we’re done! Obviously, if you already have olcTLSCipgerSuite, then use “replace” instead of “add”.

A quick test:

~# gnutls-cli-debug -p 636 127.0.0.1
Resolving '127.0.0.1'...
Connecting to '127.0.0.1:636'...
Checking for SSL 3.0 support... no
Checking whether %COMPAT is required... no
Checking for TLS 1.0 support... yes
Checking for TLS 1.1 support... yes
Checking fallback from TLS 1.1 to... N/A
Checking for TLS 1.2 support... yes

Postfix’s killed trivial-rewrite by signal 11

on September 21, 2014 in Linux with no comments by

I was setting up a small VPS as a backup e-mail server for the two already in place.  What was supposed to be a 15 minute task, particularly as it was being installed using a proven recipe with Puppet, turned into a diagnostic nightmare for hours. Looking back, it really shouldn’t have taken that long to diagnose either, but alas, Google led me astray.

See, everything was installed according to the other servers. Postfix started up fine, but as soon as it would perform a lookup in an LDAP directory, the following error occurred:

Sep 21 00:34:02 server postfix/master[23426]: warning: process /usr/lib/postfix/trivial-rewrite pid 23460 killed by signal 11
Sep 21 00:34:03 server postfix/qmgr[23431]: warning: problem talking to service rewrite: Success
Sep 21 00:34:03 server postfix/master[23426]: warning: process /usr/lib/postfix/trivial-rewrite pid 23461 killed by signal 11
Sep 21 00:34:03 server postfix/master[23426]: warning: /usr/lib/postfix/trivial-rewrite: bad command startup -- throttling

read more →

Analogies

High traffic WordPress hosting

on June 29, 2014 in WordPress with 3 comments by
Although I have a rather large amount of servers at my disposal, for some time I’ve had my personal website hosted with 5quidhost on one of their Turbo pans.  They’re an UK-based company with headquarters in Scotland, and have recently celebrated their 10th anniversary.  They also rank quite high on TrustPilot, usually 1st or 2nd place.

In March I snapped up a domain that I had been waiting for a long time to become available: myatu.com. In fact, it is the reason why the current domain name has an “s” in it. I was aware of the content the previous owner had hosted on that domain name, but I had no idea how popular it was. So when that domain was transferred into my ownership, its traffic followed.

Generally, my website generates just a few thousand page views per day with the occasional spike, mainly for the Proxmox how-to guides (which I really should update one of these days!).  Though around the end of March, this jumped to 24,000 page+ page views per day. Between March 27 and April 5th, more than 157,000 page views were generated, and is currently handling between 250,000 and 450,000 page views per week.

So, how did the website cope with this? Perfectly fine! It isn’t the first time the website has been hit with a large amount of page views, so I had already prepared the website for this. And the magic ingredient for that is: cache.
read more →

Cookillian Troubleshooting

on November 17, 2013 in WordPress with no comments by
Cookillian, the WordPress plugin that I wrote to address the EU/UK Cookie Law, is a helpful little tool to assist with compliance. But sometimes users seem to run into trouble with it and are at loss on how to resolve it. Following are a few of those, to help provide a solution. read more →

Poor Man’s Proxmox Cluster

on November 16, 2013 in Linux with 15 comments by
I had written this elsewhere before, but thought I would share it on my own site as well. The idea here is to create a Proxmox VE cluster with limited resources, in particular a lack of a private network / VLAN. We address this by creating a virtual private network using a lightweight VPN provider, namely Tinc.

You could use something else, like OpenVPN or IPSEC. The former is a bit on the heavy side for the task, whilst the latter may not have all the features we need. Specifically, Tinc allows us to create an auto-meshing network, packet switching and use multicast. Multicast will be needed to create a Proxmox VE cluster, whilst the virtual switching ensures packets will eventually be routed to the right server and VM.

read more →

Background Manager 1.2.5.2 released

on October 28, 2013 in WordPress with 10 comments by

Just shortly after hitting the 100,000 downloads milestone at WordPress.org, today brings us a maintenance release of Background Manager, version 1.2.5.2.

The main reason for this release was to address a bug that appeared in WordPress 3.7, which caused a background image to appear on all pages/posts, even if the settings specified otherwise. I believe the bug has now been addressed, and would likely have been due to a change in WordPress’ wp_guess_url() function. read more →

Watching TV on your Android via a Raspberry Pi

on April 2, 2013 in Linux with 18 comments by
During the long Easter holiday I’ve kept myself busy with a little pet project for my Raspberry Pi. So far I’ve been using the RPI as a small intranet server, DNS server and Proxy server. But it had plenty of room, both in RAM and storage, to do other things. As I had recently acquired a (dirt-cheap!) Android-based tablet, I was wondering if it would be possible to stream live TV directly to it.

There are plenty of commercial solutions available, as well as some apps, that stream directly over the Internet. But, as I had mentioned, the tablet was dirt cheap and so it should be indicative of the amount of money I was willing to spend. read more →

Page 1 of 612345»...Last »