Posts tagged linux
The past few weeks I’ve been learning to develop and deploy a Progress Web App (PWA) that can communicate with my WebDAV and CalDAV servers.
Unfortunately, while these are on the same domain, they are on different sub-domains, and this causes the requests to be considered cross-origin requests.
For security reasons, cross-origin requests are blocked by most browsers by default unless the server explicitly allows cross-origin resource sharing (CORS).
This is pretty easy to set up for static resources or scripts, if they use default headers and GET and POST methods.
However, it’s particularly complicated for WebDAV, CalDAV, and other protocols that use additional headers or methods.
I just ran the command rm -rf ~, deleting all my personal files in the process.
This was not the first time, and it was no big deal, because I back up my files
with automatic rolling backups.
My backup system is secure, redundant, and has low resources requirements.
The backup repository is encrypted, deduplicated, compressed, and mirrored
across multiple machines.
You can choose to use any or none of these features while following this guide.
In this guide, I describe how to set up a secure and robust backup service
yourself, which runs on Linux, macOS, and Windows via WSL 2.
I provide my own scripts, config files, and workflows for maintaining,
validating, and restoring the backups.
This is all setup using free software, supports multiple configurations with
varying degrees of security and redundancy, and scales well to more backup
clients.
If you’d prefer to not set this up yourself and you run macOS or Windows, I
recommend Backblaze:
https://www.backblaze.com/cloud-backup.html#af9v9g
They automatically handle everything, including most of the features I want in a
backup service and some I could never implement myself, for $6/m per machine
(USD).
This week, for ReAsOnS, I wanted to run a server on WSL 2 that was accessible from the internet. This was surprisingly involved and requires lots of hard-to-find tricks to forward ports through 4 different layers of network abstractions and firewalls.
- In WSL, make sure your server is using IPv4. I spent a hell of a long time just trying to figure out why I couldn’t access the server from localhost. I had successfully run a handful of local http servers from WSL that were accessible from the Windows host, so I wasn’t sure what the problem was. It turns out this server, written in Java, wouldn’t work until I added
-Djava.net.preferIPv4Stack=true
to the java
options. It appears that Java was defaulting to IPv6, and WSL doesn’t forward IPv6 properly, or something.
- In WSL, make sure you allow the port through your WSL firewall, if you’re using one. Using a WSL firewall might be redundant, but you might be using one. I usually use
ufw
in my linux machines, so run I’d run ufw allow $PORT
in WSL.
- In Windows, forward your port from the public IP port to the WSL port using
netsh interface portproxy add v4tov4 listenport=$PORT
listenaddress=0.0.0.0 connectport=$PORT connectaddress=127.0.0.1
in a Powershell with admin rights. This is one of the hard-to-find but necessary WSL specific bits. It look like Windows creates a virtual adapter that isn’t properly bridged with your internet network adapter. I tried playing various bridging tricks, but in the end, I had to manually create a portproxy
rule using Windows’ network shell netsh
. This listens on all addresses and forwards the connection to the localhost
, which seems to be automatically bridged with WSL. You can also try to manually forward it to the WSL adapter. Use ipconfig
to find it. However, the WSL IP changes from time to time, so I recommend using local host instead. It might also be wise to listen explicitly on your internet facing IP instead of 0.0.0.0
, but this seemed to work.
- In Windows, allow the port through the Windows firewall explicitly by adding a new
Inbound Rule
using the Windows Defender Firewall with Advanced
Security
administrative tool. This is accessible as WF.msc
in cmd
and Powershell. Select Inbound Rule
, and click New rule...
in the action menu to the right, and work your way through the menu to allow the port explicitly. Normally, Windows asks if you want to allow applications through the firewall. This doesn’t seem to happen with WSL servers, so we have to manually add a rule.
- In your router, setup port forwarding for the port.
I recently1, finally, got a smart phone—an iPhone. One of the first things that annoyed me were the ads. I use Ad-Block Plus on all my computers and I have not been bothered by ads in quite some time.
One approach to removing ads is rooting my phone and installing a customized hosts file. This approach has several flaws. I once tried this approach on my android tablet. While better than nothing, it misses many ads and tends to interrupt normal internet use.
Another approach, as of iOS 9, is to use Safari content filters. However, this requires me to use Safari, and I prefer Firefox.
After lots of tinkering and reading and thinking, the best approach seems to be a VPN with proxy that seamlessly block ads (and potentially provide additional security, privacy, caching, and etc). There are apps that provide a VPN with ad blocking proxy, but reading their privacy policies caused me great concern. So I decided to setup my own.
A while back I wrote a post about paranoia in which I was considering allowing Google or Apple to manage things like my calendar and contacts. Since then, I have reequipped my paranoia hat. This week I setup my own WebDAV, CalDAV, and CardDAV servers and secured them behind an nginx proxy which provides SSL encryption and HTTP authentication.
Sometimes I play minecraft. Sometimes I play a lot of minecraft and sometimes I just stop playing for months. Lately when I do play, I’ve bene playing with a slightly modified version of Tekkit and running my own server. I have a VPS that I probably under use, so I decided to run the server there for when I do play with my friends.
My VPS is not very powerful, and running a Minecraft server when I stop playing for months is a huge waste of resources. I sought a way to automatically bring the server up when I wanted to play and shut it down when I wasn’t playing for a while.
I have a Windows partition on my machine, because sometimes there are things wine can’t handle, and sometimes I need more performance than VirtualBox can handle.
So recently I’ve been getting all my games to run under linux. As part of this process, I’m learning all about my ATI drivers, because graphics drivers are universally terrible. However, under linux, you can tinker more freely to make them (slightly) less terrible.
I like minecraft, a lot, on occassion. But it needs a few tweaks for me to really get into it. I’m going to document them now:
So I use Vim as my primary editor. Unfortunately, some applications I require (e.g. Proof General) run only on the Emacs operation system, which comes with a terrible editor. Thankfully, I’ve found a pretty decent port of Vim to Emacs, called (appropriately) Evil.