March 26, 2019

Playing with WireGuard VPN

Since a couple of years I use OpenVPN to access my home network from remote and also to protect my traffic when I am traveling and have to use WiFi networks I do not completely trust. Unfortunately, the iOS VPN client does not work for me anymore so I needed an alternative. My Fritz Box (German home WiFi router brand) actually supports an IPSec VPN. However, iOS’s VPN client is horrible. Read more

March 16, 2019

xtables-addons-common on Ubuntu 18.04

Last year in June I set up geofence on my home server to ban all access not coming from DE. In January I noticed that things did not work anymore. A bit of research revealed, that the company that provides the needed GeoIP tables decided to stop shipping them in format A and only offered the tables in format B. So neither the script that downloads the tables (xt_geoip_dl) nor the script that converts the tables (xt_geoip_build) into the binary format that xt_geoip can digest to block connections attempts worked anymore. Read more

March 4, 2019

Block Ads and Trackers with Pihole in a Docker Container

Recently I stumbled upon Pihole, which is a tool that blocks advertisements and web trackers. The nifty idea of Pihole is that it is no web proxy as Privoxy but it acts as a DNS server in your network. So, after installing Pihole, you setup your devices in a way that they use Pihole as a DNS server. Then, the device’s DNS requests for “good” domains are answered and DNS requests for known, blacklisted ad/tracker domains are not answered (= blocked). Read more

August 10, 2018

Domains and Sub-domains for Home-Hosted Services

I like to host (most of) the web services I use for my daily routine at home. Recently, I started shipping services using Docker containers. To make these services available via a public IP address and to conveniently enable HTTPS, I decided to use nginx as a reverse proxy. So the dockerized service becomes available via something like https://mydomain.dyndnsservice.xy/servicename. At least this was the plan. Unfortunately, I ran into the always same problem when I tried to coax a dockerized service to live happily in a “sub-folder” of my dynamic DNS domain. Read more

July 24, 2018

Hardening a Server with a Geofence

I recently noticed some odd HTTP requests on my web server, which I exclusively use for private purposes like hosting Nextcloud, GOGS, or Wallabag. I did a bit of research where these requests come from – just fire something like for elem in $(awk '{print $1 | "sort | uniq"}' /var/log/nginx/access.log); do curl ipinfo.io/$elem; done – and found out that they all originate from Russia, China or India. That sounds a bit suspicious to me. Read more

July 14, 2018

Deploying a Website with goHugo.io, github.com, netlify.com and forestry.io

Since a good while I use the static website generator Hugo for my Blog (which (by the way) is back online since a few days (minus the photos) after I got rid of my vServer last month). As I do not have this vServer anymore, I neither have a repository that keeps track of my website’s source code, nor a machine that will automatically build the website’s html whenever I change something, nor a public web server to serve the website’s html. Read more

December 18, 2017

Three Ways of Becoming Root in Ansible

To gain a basic understanding on Ansible, I recently decided to play a little with it. What I wanted to achieve is a simple update-playbook for my three servers. One question I stumbled upon more or less immediatly was: how do I actually become root on the different systems? In case of my Debian box this was straight forward as I can ssh to that box as root using my ssh key. Read more

July 10, 2017

Hosting Nextcloud on a nginx Web Server

A good while ago I ditched my so-far preferred file-synchronization solution Syncthing for Nextcloud. The reason for this step was that Syncthing behaved in odd ways quite often: sometimes it didn’t find content that should be synced, at other days the sync process got stuck and wouldn’t complete. I really got annoyed fixing my Syncthing cluster manually almost weekly and started to play with Nextcloud. I decided not to have just one Nextcloud instance, but two: one instance on a public vServer (Debian Jessie; mostly to sync calendars and contacts between Mac OS and iOS devices, and sharing files with others), the other instance (Ubuntu 16. Read more

June 21, 2017

Dockerizing Stuff for Fun and Profit

When I want to play with $things, I mostly use virtual machines as throw-away systems that I can mess up with odd software I don’t want to install on my Mac or that simply does not run on it. A good while ago I looked into docker as a more lightweight and flexible alternative to a VM. However, I put docker aside as it wasn’t usable on a Mac at all. Read more

© ho1ger 2015 - 2022