Category Archives: Uncategorized

Enable remote SSH access to Ubuntu 14.04 LTS Live

Steps to enable remote SSH access to a computer running Ubuntu 14.04 Live. Useful for helping non-technical people remotely:


# Press windows key or click the top left, type 'Term'. Open 'Terminal'

sudo -i

apt-get update -y && apt-get -y install openssh-server
passwd root

# Type a password, press enter. Retype it, press enter

sed -i 's/PermitRootLogin .*/PermitRootLogin yes/g' /etc/ssh/sshd_config

service ssh restart

# Get their IP
curl ifconfig.co

# Setup port forwarding on their router to get access
# ssh root@ip
# Enable public key auth only, create a new user and disable root login when you have gained access

OpenVPN with DNS AdBlocking using Docker

OpenVPN and DNS AdBlocking is a useful way to block ads on your smartphone without having to root it. This post describes how to setup such a service on your own server.

The idea is to set a DNS server in your OpenVPN DHCP options to push to clients. The DNS server runs in another Docker container and uses hosts files to block ads, trackers etc.

1. See https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-14-04 as an example of how to set up an OpenVPN Docker container on a Ubuntu VPS. At the ovpn_genconfig step, set -n 8.8.8.8 so there is only a single placeholder DNS server to overwrite later on. Otherwise your settings will fallback to Google’s secondary DNS.

2. Setup the DNS container, this uses dnsmasq to block the bad hosts:

git clone https://github.com/arthurkay/sagittarius-A && cd sagittarius-A && ./build.sh

3. Run the dnsmasq container:

docker rm saga-dns; docker run --restart=always --name=saga-dns --expose 53 --cap-add=NET_ADMIN arthurkay/sagittarius-a &

We expose port 53 explicitly as the file does not currently contain an EXPOSE directive.

4. Run the OpenVPN container, linking to the saga-dns container:

docker rm openvpn; docker run --restart=always --volumes-from ovpn-data --name openvpn --link saga-dns:saga-dns -p 1194:1194/udp --cap-add=NET_ADMIN kylemanna/openvpn bash -c 'sed -i -E "s/(push dhcp-option DNS).*/\1 $SAGA_DNS_PORT_53_TCP_ADDR/" /etc/openvpn/openvpn.conf && ovpn_run' &

This updates the saga-dns container’s IP in the OpenVPN config before running OpenVPN.

(Hopefully) enjoy much faster browsing and less tracking on your mobile devices.

Fixing php5-fpm and Apache hanging with WordPress

I had issues with Apache periodically hanging (failing to deliver a response body to any requests) on all my vhosts. This turned out to be solved by restarting php5-fpm. I enabled the slowlog in php5-fpm to try and find out which scripts were stalling:

sudo mkdir -p /var/log/php5-fpm
sudo vim /etc/php5/fpm/pool.d/www.conf


; The log file for slow requests
; Default Value: not set
; Note: slowlog is mandatory if request_slowlog_timeout is set
slowlog = /var/log/php5-fpm/$pool.log.slow

; The timeout for serving a single request after which a PHP backtrace will be
; dumped to the 'slowlog' file. A value of '0s' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
request_slowlog_timeout = 5s

After a day or so I read the logs and found lots of slow requests to xmlrpc.php for WordPress vhosts.

A crude but effective solution is to block requests to the XML-RPC and Trackback APIs. These features are sometimes targeted by bots for brute force login attempts. I do not use them so I don’t mind disabling them entirely.

Edit your Apache vhost configuration (or .htaccess if you don’t have access to this):

<FilesMatch "^(xmlrpc\.php|wp-trackback\.php)">
Order Deny,Allow
Deny from all
#Allow from x.x.x.x
</FilesMatch>

I noticed considerably lower latency when serving requests to PHP pages after this change.

This blogging thing…

I’ve started blogs in the past, but always abandoned them pretty quickly. Hopefully this one will be more successful since I like the domain name better than usual.

Expect to see programming with smatterings of ranting and musing.

Cheers,
Andrew