January 2, 2020

xt_geoip_dl vs. Maxmind Accounts

Since some time I use a geofence on my servers to ban all incoming requests that do not originate from DE. The company (Maxmind) that distributes up to date mappings from IP ranges to country codes (“geoip tables”) recently changed how they distribute these files. Now, you must have an account and license key to download the geoip tables. Note: everything is still free! The need for login credentials breaks the update mechanism for geoip tables which typically uses xt_geoip_dl. Read more

June 18, 2019

Extract Attachments From Email (mbox) using Python

Some days ago I had the idea to dig around in my mailbox and see what people have sent me over the years. As I was especially interested in the attachments (pictures) I googled a bit and found out you can quickly extract stuff from a mbox (used by a Dovecot SMTP server). Here's what I cobbled together. #!/usr/bin/python import mailbox import dateutil.parser from datetime import datetime mbox = mailbox.mbox('/home/USER/mail/MAILBOX') def extractattachements(message): if message. Read more

May 23, 2019

Deploying a Website with goHugo.io and Gitlab CI/CD

When I need to build a website, I typically use Hugo to generate the .html from .md. However, one thing is a bit inconvenient: deployment. If not done right, you have to do that manually (edit -> hugo -> rsync). Alternatively, and much better, you can use the Hugo-Gitlab|Hub-Netlify-toolchain I described earlier. These day, I needed a website for a new research project of mine and didn't want to ship the site with Netlify. Read more

March 26, 2019

Playing with WireGuard VPN

Since a couple of years I use OpenVPN to access my home network from remote and also to protect my traffic when I am traveling and have to use WiFi networks I do not completely trust. Unfortunately, the iOS VPN client does not work for me anymore so I needed an alternative. My Fritz Box (German home WiFi router brand) actually supports an IPSec VPN. However, iOS's VPN client is horrible. Read more

March 16, 2019

xtables-addons-common on Ubuntu 18.04

Last year in June I set up geofence on my home server to ban all access not coming from DE. In January I noticed that things did not work anymore. A bit of research revealed, that the company that provides the needed GeoIP tables decided to stop shipping them in format A and only offered the tables in format B. So neither the script that downloads the tables (xt_geoip_dl) nor the script that converts the tables (xt_geoip_build) into the binary format that xt_geoip can digest to block connections attempts worked anymore. Read more

November 30, 2018

iPad + GoodNotes + Logi R500 Presenter = The Maybe Best Hardware/Software Combo for Giving Lectures and Talks

Since a couple of weeks I'm giving a lecture in the Master's course for Informatics at our university. One of the biggest differences of giving a lecture vs. giving a conference talk is that the lecture is more interactive. Or in other words: I ask my students stuff and they ask me stuff. Well, students are students and for this reason they do not use the first $n rows of the lecture hall. Read more

August 10, 2018

Domains and Sub-domains for Home-Hosted Services

I like to host (most of) the web services I use for my daily routine at home. Recently, I started shipping services using Docker containers. To make these services available via a public IP address and to conveniently enable HTTPS, I decided to use nginx as a reverse proxy. So the dockerized service becomes available via something like https://mydomain.dyndnsservice.xy/servicename. At least this was the plan. Unfortunately, I ran into the always same problem when I tried to coax a dockerized service to live happily in a “sub-folder” of my dynamic DNS domain. Read more

July 24, 2018

Hardening a Server with a Geofence

I recently noticed some odd HTTP requests on my web server, which I exclusively use for private purposes like hosting Nextcloud, GOGS, or Wallabag. I did a bit of research where these requests come from – just fire something like for elem in $(awk '{print $1 | "sort | uniq"}' /var/log/nginx/access.log); do curl ipinfo.io/$elem; done – and found out that they all originate from Russia, China or India. That sounds a bit suspicious to me. Read more

© holger 2015 - 2020 |