Steps to enable remote SSH access to a computer running Ubuntu 14.04 Live. Useful for helping non-technical people remotely:
# Press windows key or click the top left, type 'Term'. Open 'Terminal'
sudo -i
apt-get update -y && apt-get -y install openssh-server
passwd root
# Type a password, press enter. Retype it, press enter
sed -i 's/PermitRootLogin .*/PermitRootLogin yes/g' /etc/ssh/sshd_config
service ssh restart
# Get their IP
curl ifconfig.co
# Setup port forwarding on their router to get access
# ssh root@ip
# Enable public key auth only, create a new user and disable root login when you have gained access
Enable remote SSH access to Ubuntu 14.04 LTS Live - Comments
OpenVPN and DNS AdBlocking is a useful way to block ads on your smartphone without having to root it. This post describes how to setup such a service on your own server.
The idea is to set a DNS server in your OpenVPN DHCP options to push to clients. The DNS server runs in another Docker container and uses hosts files to block ads, trackers etc.
-
See https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-14-04 as an example of how to set up an OpenVPN Docker container on a Ubuntu VPS. At the ovpn_genconfig
step, set -n 8.8.8.8
so there is only a single placeholder DNS server to overwrite later on. Otherwise your settings will fallback to Google’s secondary DNS.
-
Setup the DNS container, this uses dnsmasq to block the bad hosts:
git clone https://github.com/arthurkay/sagittarius-A && cd sagittarius-A && ./build.sh
``
-
Run the dnsmasq container:
docker rm saga-dns; docker run --restart=always --name=saga-dns --expose 53 --cap-add=NET_ADMIN arthurkay/sagittarius-a &
``
We expose port 53 explicitly as the file does not currently contain an EXPOSE directive.
-
Run the OpenVPN container, linking to the saga-dns container:
docker rm openvpn; docker run --restart=always --volumes-from ovpn-data --name openvpn --link saga-dns:saga-dns -p 1194:1194/udp --cap-add=NET_ADMIN kylemanna/openvpn bash -c 'sed -i -E "s/(push dhcp-option DNS).*/\1 $SAGA_DNS_PORT_53_TCP_ADDR/" /etc/openvpn/openvpn.conf && ovpn_run' &
``
This updates the saga-dns container’s IP in the OpenVPN config before running OpenVPN.
(Hopefully) enjoy much faster browsing and less tracking on your mobile devices.
OpenVPN with DNS AdBlocking using Docker - Comments
A quick script to process fdupes output and allow interactive selection of files to delete. Differs from the built-in fdupes prompts in that you can select directories to condemn.
Delete fdupes duplicates by directory - Comments
I had issues with Apache periodically hanging (failing to deliver a response body to any requests) on all my vhosts. This turned out to be solved by restarting php5-fpm. I enabled the slowlog in php5-fpm to try and find out which scripts were stalling:
sudo mkdir -p /var/log/php5-fpm
sudo vim /etc/php5/fpm/pool.d/www.conf
; The log file for slow requests
; Default Value: not set
; Note: slowlog is mandatory if request_slowlog_timeout is set
slowlog = /var/log/php5-fpm/$pool.log.slow
; The timeout for serving a single request after which a PHP backtrace will be
; dumped to the 'slowlog' file. A value of '0s' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
request_slowlog_timeout = 5s
After a day or so I read the logs and found lots of slow requests to xmlrpc.php
for WordPress vhosts.
A crude but effective solution is to block requests to the XML-RPC and Trackback APIs. These features are sometimes targeted by bots for brute force login attempts. I do not use them so I don’t mind disabling them entirely.
Edit your Apache vhost configuration (or .htaccess
if you don’t have access to this):
<FilesMatch "^(xmlrpc\.php|wp-trackback\.php)">
Order Deny,Allow
Deny from all
#Allow from x.x.x.x
</FilesMatch>
I noticed considerably lower latency when serving requests to PHP pages after this change.
Fixing php5-fpm and Apache hanging with WordPress - Comments