Testing a ngix proxy to a transmission server I found that the server was dening the connection. This is strange as the proxy server is only allowed IP address to connect to the transmission server.

I began investigating the rasperry pi and it had to correct ip address.

ifconfig shows that the device has the correct ip address and ngix is reachable from that address.

1

ifconfig -a

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

eth0      Link encap:Ethernet  HWaddr b8:27:eb:bb:95:b0
          inet addr:192.168.0.201  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::ba27:ebff:febb:95b0/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1497 errors:0 dropped:0 overruns:0 frame:0
          TX packets:712 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:93269 (91.0 KiB)  TX bytes:89513 (87.4 KiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

Next I checked the interfaces file and it also showed the correct configuration

1

cat /etc/network/interfaces

1
2
3
4
5
6
7
8
9
10
11

# Please note that this file is written to be used with dhcpcd.
# For static IP, consult /etc/dhcpcd.conf and 'man dhcpcd.conf'.

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
  address 192.168.0.201
  gateway 192.168.0.1
  netmask 255.255.255.0

1

ip a

1
2
3
4
5
6
7
8
9
10
11
12
13
14

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether b8:27:eb:bb:95:b0 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.201/24 brd 192.168.0.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet 192.168.0.30/24 brd 192.168.0.255 scope global secondary eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::ba27:ebff:febb:95b0/64 scope link
       valid_lft forever preferred_lft forever

This is very strange it shows that the ethernet interface is gaining a second IP address that I have not set. Doing some web searches I find that the device has a dhcp deamon that runs automatically and adds this second IP address from my dhcp server.

To resolve the problem I choose to disable the dhcp service on the device.

1

sudo systemctl disable dhcpcd.service

Alternatively I could force the nginx server to only bind to the 192.168.0.201 address however this would mean changing the IP address in multiple places if I ever need to modify the server IP address.

Setting up a local dns and dhcp server can have some good benefits. It caches dns reducing external requests. Entries from DHCP can be used to updated the local dns. It can also create a local dns zone such as “work.lan”.

yum install bind bind-utils -y 4 vi /etc/named.conf 5 vi /var/named/home.lan.zone 6 vi /var/named/named.loopback 7 vi /etc/named.conf 8 cat /var/named/named.ca 9 cat /var/named/named.loopback 10 cat /var/named/named.localhost 11 cat /etc/named.conf 12 vi /etc/named.conf 13 vi /var/named/rev.0.168.192.in-addr.arpa 14 vi /var/named/home.lan.zone 15 mv /var/named/home.lan.zone /var/named/rev.0.168.192.in-addr.arpa 16 vi /var/named/home.lan.zone 17 vi /var/named/rev.0.168.192.in-addr.arpa 18 vi /var/named/home.lan.zone 19 service –list-all 20 service named start 21 fsdfds 22 vi /var/named/home.lan.zone 23 service named start 35 iptables -L 40 vi /etc/named.conf 41 service named restart 49 service iptables stop 50 vi /etc/resolv.conf 81 /sudo 82 vi /etc/sudoers 83 vi /etc/named.conf 84 cd /var/named/ 85 ls 86 ll 87 chown named:named home.lan.zone rev.0.168.192.in-addr.arpa 88 ls 89 ll 90 yum install dhcp 91 vi /etc/dhcp/dhcpd.conf 92 vi /etc/dhcp/dhclient.d/ntp.sh 93 vi /etc/dhcp/dhcpd.conf 94 cp /usr/share/doc/dhcp/dhcpd.conf.sample 95 cp /usr/share/doc/dhcp/dhcpd.conf.sample . 96 ls 97 mv dhcpd.conf.sample /etc/dhcp/ 98 vi /etc/dhcp/dhcpd.conf.sample 99 rndc status 100 rndc home.lan 101 rndc statushome.lan 102 rndc status home.lan 103 vi /etc/dhcp/dhcpd.conf 104 vi /etc/dhcp/dhcpd.conf.sample 105 vi /etc/named.conf 106 vi /etc/dhcp/dhcpd.conf.sample 107 service dhcpd start 108 tail /var/log/messages 109 tail -30 /var/log/messages 110 vi /etc/sysconfig/dhcpd 111 service dhcpd start 112 tail -30 /var/log/messages 113 ip a 114 vi /etc/sysconfig/dhcpd 115 vi /etc/dhcp/dhcpd.conf.sample 116 rm /etc/dhcp/dhcpd.conf 117 mv /etc/dhcp/dhcpd.conf.sample /etc/dhcp/dhcpd.conf 118 service dhcpd start 119 tail -30 /var/log/messages 120 vi /etc/sysconfig/dhcpd 121 service dhcpd start 122 tail -30 /var/log/messages 123 ll /etc/dhcp/ 124 cd .. 125 ll 126 cd etc/ 127 ll 128 group | grep dh 129 groups | grep dh 130 groups | grep 131 groups 132 cat /etc/group | grep dh 133 chown dhcpd:dhcpd /etc/dhcp 134 chown -r dhcpd:dhcpd /etc/dhcp 135 chown -R dhcpd:dhcpd /etc/dhcp 136 service dhcpd start 137 tail -30 /var/log/messages 138 su dhcpd 139 ll /etc/dhcp/ 140 chmod 755 /etc/dhcp/ 141 service dhcpd start 142 tail -30 /var/log/messages 143 cat /etc/dhcp/dhcpd.conf 144 ls 145 ls | grep dh 146 ll | grep dh 147 ll / 148 service dhcpd stop 149 service dhcpd start 150 tail -30 /var/log/messages 151 vi /etc/sysconfig/selinux 152 service dhcpd start 153 /sbin/restorecon -v /etc/dhcp/dhcpd.conf 154 service dhcpd start 155 ls 156 hostname 157 host -l home.lan 158 tail -30 /var/log/messages 159 service named restart 160 chkconfig named on 161 chkconfig dhcpd on 162 rndc status 163 tail -30 /var/log/messages 164 vi /etc/named.conf 165 ls /var/named/ 166 ll /var/named/ 167 cd /var/named/ 168 ls 169 mv home.lan.zone rev.0.168.192.in-addr.arpa dynamic/ 170 ls 171 cd dynamic/ 172 ls 173 ls -al 174 vi /etc/named.conf 175 ls 176 mv rev.0.168.192.in-addr.arpa rev.0.168.192.in-addr.arpa.zone

I recently rearraged the contents on a multidisk server to create a large partition that is not encrypted. It turns out that my CPU does not support the aes instruction set causing slow disk speeds. As I am running many kvm virtual machines I decided to remove their disk-io from the encrypted parts to improve overall performance.

Searching the web on how to relocate the location of a virtual kvm instance, I found that there are no how tos or guides. After some tinkering I found that this could be achieved in the following way.

Instructions.

First off shutdown the virtual machine. This is so that when you copy it’s virtual drive/s to their new home they won’t be changing.

Second move the img/qcow/raw files to their new home. Ensure that they have the same permissions and that any directories above allow ‘libvirt-qemu’ to enter and read as necessary.

Next edit the instances xml file that contains the information about the server. This is located at ‘/etc/libvirt/qemu/SERVERNAME.xml’. Change SERVERNAME as appropriate. The line that your need to change is

1

  <source file='/media/primary/kvm/util.img'/>

to where the new file is located.

Lastly restart the libvirt deamon.

1

sudo service libvirt-bin restart

Firefox App

My default browser is always Firefox. I love its interface, large amount of apps and that it is not beholden to closed ecosystem. It has an app that can modify pretty much eveything. Having recently setup a torrent server I wanted way to automatically start torrent files or magnet links I download on the remote server.

Bittorrent WebUI

I managed to find a nice firefox app that will sent any clicked magnet links or torrent files download to my remote transmission server. To set this up first install the app from the firefox store. [WebUI]: https://addons.mozilla.org/en-US/firefox/addon/bittorrent-webui-120685/developers

To configure it for use with the transmission interface.

server : port : url (/transmission/rcp to push links onto the server not /transmission/web as expected). It is an annoyance to use /rcp than /web as when clicking the icon on the firefox interface it take you to that link rather that the interactive web link.

Benefits

This has saved me the annoyance of having to use the web interface to manually add any torrents I want.

1
2
3
4
5

sudo apt-get install transmission-daemon

chgrp -R debian-transmission [download folder]

sudo service transmission-daemon stop

Edit the configuration file for the server. This must be done when the service is off, otherwise the new file settings will be over written when the server stops.

1

vi /etc/transmission/settings.json

Edit the options at /etc/transmission-daemon/settings.json

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71

{
    "alt-speed-down": 50,
    "alt-speed-enabled": false,
    "alt-speed-time-begin": 540,
    "alt-speed-time-day": 127,
    "alt-speed-time-enabled": false,
    "alt-speed-time-end": 1020,
    "alt-speed-up": 50,
    "bind-address-ipv4": "0.0.0.0",
    "bind-address-ipv6": "::",
    "blocklist-enabled": false,
    "blocklist-url": "http://www.example.com/blocklist",
    "cache-size-mb": 4,
    "dht-enabled": true,
    "download-dir": "/media/torrents/torrents",
    "download-limit": 100,
    "download-limit-enabled": 0,
    "download-queue-enabled": true,
    "download-queue-size": 10,
    "encryption": 1,
    "idle-seeding-limit": 30,
    "idle-seeding-limit-enabled": false,
    "incomplete-dir": "/media/torrents/part",
    "incomplete-dir-enabled": true,
    "lpd-enabled": false,
    "max-peers-global": 2000,
    "message-level": 1,
    "peer-congestion-algorithm": "",
    "peer-id-ttl-hours": 6,
    "peer-limit-global": 300,
    "peer-limit-per-torrent": 75,
    "peer-port": 50000,
    "peer-port-random-high": 65535,
    "peer-port-random-low": 49152,
    "peer-port-random-on-start": false,
    "peer-socket-tos": "default",
    "pex-enabled": true,
    "port-forwarding-enabled": false,
    "preallocation": 1,
    "prefetch-enabled": 1,
    "queue-stalled-enabled": true,
    "queue-stalled-minutes": 30,
    "ratio-limit": 2,
    "ratio-limit-enabled": false,
    "rename-partial-files": true,
    "rpc-authentication-required": true,
    "rpc-bind-address": "0.0.0.0",
    "rpc-enabled": true,
    "rpc-password": "PASSWORDHERE",
    "rpc-port": 9091,
    "rpc-url": "/transmission/",
    "rpc-username": "will",
    "rpc-whitelist": "192.168.0.*",
    "rpc-whitelist-enabled": true,
    "scrape-paused-torrents-enabled": true,
    "script-torrent-done-enabled": false,
    "script-torrent-done-filename": "",
    "seed-queue-enabled": false,
    "seed-queue-size": 10,
    "speed-limit-down": 500,
    "speed-limit-down-enabled": false,
    "speed-limit-up": 100,
    "speed-limit-up-enabled": false,
    "start-added-torrents": true,
    "trash-original-torrent-files": false,
    "umask": 18,
    "upload-limit": 100,
    "upload-limit-enabled": 0,
    "upload-slots-per-torrent": 14,
    "utp-enabled": true
}

1

sudo service transmission-daemon start

http://[server]:[port|9091]/[prefix]/web

Moving to Octopress

It has taken much longer than anticipated but I have finally moved this site from using to wordpress to octopress. This was mainly due to being busy with work but hey finally done. :)

What is Octopress

So what is octopress. Octopress is a static site generator. This means that is does not use a database but static configuration files. It is much nicer to write blog posts using the native markdown language used by octopress.

Reasons to choose octopress over wordpress

Wordpress is really slow. Octopress being a static site is tested to be 300% faster that a wordpress site on the same amazon micro instance.

Wordpress is a difficult to backup. You can take database dumps but this is only some of the configuration. Octopress is all contained in a single directory with commands to then push out the generated site.

Editing html tags gets tedious very quickly.

The Problem

I recently decided to upgrade my computer system by making the system resilient to a single hard drive failure. After obtaining a second hard drive to create a mirrored array, to do so I found you should create the array then add the filesystem and then data. This caused me an issue as the current drive contained lots of data already. Although I had backups of everything important, I didn’t have enough space for everything. I wanted to keep all of the data if possible.

How I resolved the problem

After playing around with the raid software mdadm and using the friend that is Google. I found that it was possible to create an array in a degraded state (not all devices working or present). This allowed me to create the array using one disk and add the second later.

To create the array I first partitioned the new disk in to one large volume leaving a 200Mb space at the end. This is recommended if using different disk manufactures as they do not always have the exact same size due to formatting and manufacturing errors. This is easily accomplished using fdisk or gparted (for non CLI). I will use disks sdb and sdc for my examples.

To create the raid array I ran

1

mdadm --create /dev/md0 -l raid1 -f -n 1 /dev/sdb1

/dev/md0 is the place to interact with the raid block device. As we are creating an array with a missing disk the “-f” must be used. The “-n 1” tells the software that only one disk is currently available.

To confirm that the raid is working run:

1
2
3

cat /proc/mdstat
    md0 : active (auto-read-only) raid1 sdb1[0]
    4881700 blocks super 1.2 [1 1] [U]

The next step was to create a filesystem on the raid device

1

mkfs.ext4 /dev/md0

I then copied all the data from the original disk on to the raid disk. Once copied, I then reformatted the original disk to be the same size as the raid using fdisk. Lastly I expanded the array and added the second disk.

1
2

mdadm --grow  /dev/md0 -n 2
mdadm --manage  /dev/md0 --add  /dev/sdc1

1
2
3
4
5

cat  /proc/mdstat
    Personalities : [raid1]
    md0 : active raid1 sdb1[1] sda1[0]
    4016528792 blocks super 1.2 [2 1] [U_]
    [>....................] recovery = 1.7% (700422 4016528792) finish=102.5min speed=62000K secA

Dropbear default

After installing and configuring dropbear to be included into a boot image it will start on the default ssh port of 22.

Changing the default

To start dropbear using a different port you need to edit one of the scripts included in the boot image. Append the line “/sbin/dropbear” with the “-p” flag and the port number you want to run it on.

/usr/share/initramfs-tools/scripts/init-premount/dropbear

1

/sbin/dropbear -p 55

Using full disk encryption in modern times is a sensible precaution. With credit cards statement stored digitally, to personal family photos, encryption offers a way to protect them from being read off a stolen hard drive. Using luks encryption allows the contents of a hard drive to be stored securely. They can only be read by entering a strong pass phrase at boot up. This works very well if you are the only one to use the computer but if you have family members that need access or it is a remote server you will need a way to remotely enter this pass phrase.

Dropbear

The solution to this is to install the dropbear ssh server. This is a very lightweight ssh server that can be added to the initramfs that is used as part of the Linux boot-up sequence. You will also need to install busybox to have basic shell utilities. To do this run the following

1

sudo apt-get install busybox dropbear

Add dropbear to the initramfs by editing /etc/initramfs-tools/initramfs.conf and adding

1
2

BUSYBOX = y
DROPBEAR = y

Static IP address

If the system is behind a home router using NATed ip addressing the system will need to have a static ip address and port 22 forwarded to it.

To ensure the system has a static IP address when booting up add the following to the file as-well editing where necessary in the format(::::::off:). You could otherwise if using DHCP set the mac address of the port to always receive the same IP address in the dhcp config.

1
2

DEVICE=eth0
IP=192.168.0.150::192.168.0.1:255.255.255.0::eth0:off

Setting up keys

Dropbear uses a different format of keys to openssh. This mean that we use a different process to create then. As the public key needs to be inside the initramfs it will reside in a root folder inside the /etc/initramfs.

1
2
3
4
5
6

rm -Rf  /etc/initramfs-tools/root/.ssh
mkdir  /etc/initramfs-tools/root/.ssh
dropbearkey -t rsa -f ~/reboot_rsa.dropbear
/usr/lib/dropbear/dropbearconvert dropbear openssh ~/reboot_rsa.dropbear ~/reboot_rsa
dropbearkey -y -f ~/reboot_rsa.dropbear | grep "^ssh-rsa " > ~/reboot_rsa.pub
cat ~/reboot_rsa.pub >> /etc/initramfs-tools/root/.ssh/authorized_keys

Copy key to remote pc

On the encrypted machine run the following. It will add the key to your ssh folder.

1

scp ~/reboot_rsa <user>@<REMOTE>:~/.ssh

Login and unlock drive

To unlock the remote devise first ssh into is using the newly setup keys. The following is recommended as a single use command. If you plan on using this more often I suggest adding it to your ssh config file for easier use.

1

ssh -o "UserKnownHostsFile=~/.ssh/known_hosts.reboot" -i ~/.ssh/reboot_rsa

Once logged in issue the following command to unlock the device. Entering your pass phrase of course :P

1

 echo -ne "<YOURENCRYPTIONPASSWORD>" /lib/cryptsetup/passfifo