Steps to enable remote SSH access to a computer running Ubuntu 14.04 Live. Useful for helping non-technical people remotely:
# Press windows key or click the top left, type 'Term'. Open 'Terminal'
apt-get update -y && apt-get -y install openssh-server
# Type a password, press enter. Retype it, press enter
sed -i 's/PermitRootLogin .*/PermitRootLogin yes/g' /etc/ssh/sshd_config
service ssh restart
# Get their IP
# Setup port forwarding on their router to get access
# ssh root@ip
# Enable public key auth only, create a new user and disable root login when you have gained access
OpenVPN and DNS AdBlocking is a useful way to block ads on your smartphone without having to root it. This post describes how to setup such a service on your own server.
The idea is to set a DNS server in your OpenVPN DHCP options to push to clients. The DNS server runs in another Docker container and uses hosts files to block ads, trackers etc.
1. See https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-14-04 as an example of how to set up an OpenVPN Docker container on a Ubuntu VPS. At the
ovpn_genconfig step, set
-n 184.108.40.206 so there is only a single placeholder DNS server to overwrite later on. Otherwise your settings will fallback to Google’s secondary DNS.
2. Setup the DNS container, this uses dnsmasq to block the bad hosts:
git clone https://github.com/arthurkay/sagittarius-A && cd sagittarius-A && ./build.sh
3. Run the dnsmasq container:
docker rm saga-dns; docker run --restart=always --name=saga-dns --expose 53 --cap-add=NET_ADMIN arthurkay/sagittarius-a &
We expose port 53 explicitly as the file does not currently contain an EXPOSE directive.
4. Run the OpenVPN container, linking to the saga-dns container:
docker rm openvpn; docker run --restart=always --volumes-from ovpn-data --name openvpn --link saga-dns:saga-dns -p 1194:1194/udp --cap-add=NET_ADMIN kylemanna/openvpn bash -c 'sed -i -E "s/(push dhcp-option DNS).*/\1 $SAGA_DNS_PORT_53_TCP_ADDR/" /etc/openvpn/openvpn.conf && ovpn_run' &
This updates the saga-dns container’s IP in the OpenVPN config before running OpenVPN.
(Hopefully) enjoy much faster browsing and less tracking on your mobile devices.
A quick script to process fdupes output and allow interactive selection of files to delete. Differs from the built-in fdupes prompts in that you can select directories to condemn.
I had issues with Apache periodically hanging (failing to deliver a response body to any requests) on all my vhosts. This turned out to be solved by restarting php5-fpm. I enabled the slowlog in php5-fpm to try and find out which scripts were stalling:
sudo mkdir -p /var/log/php5-fpm
sudo vim /etc/php5/fpm/pool.d/www.conf
; The log file for slow requests
; Default Value: not set
; Note: slowlog is mandatory if request_slowlog_timeout is set
slowlog = /var/log/php5-fpm/$pool.log.slow
; The timeout for serving a single request after which a PHP backtrace will be
; dumped to the 'slowlog' file. A value of '0s' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
request_slowlog_timeout = 5s
After a day or so I read the logs and found lots of slow requests to
xmlrpc.php for WordPress vhosts.
A crude but effective solution is to block requests to the XML-RPC and Trackback APIs. These features are sometimes targeted by bots for brute force login attempts. I do not use them so I don’t mind disabling them entirely.
Edit your Apache vhost configuration (or
.htaccess if you don’t have access to this):
Deny from all
#Allow from x.x.x.x
I noticed considerably lower latency when serving requests to PHP pages after this change.
I’ve started blogs in the past, but always abandoned them pretty quickly. Hopefully this one will be more successful since I like the domain name better than usual.
Expect to see programming with smatterings of ranting and musing.