Enable remote SSH access to Ubuntu 14.04 LTS Live

18 October 2015

Steps to enable remote SSH access to a computer running Ubuntu 14.04 Live. Useful for helping non-technical people remotely:

# Press windows key or click the top left, type 'Term'. Open 'Terminal'

sudo -i

apt-get update -y && apt-get -y install openssh-server
passwd root

# Type a password, press enter. Retype it, press enter

sed -i 's/PermitRootLogin .*/PermitRootLogin yes/g' /etc/ssh/sshd_config

service ssh restart

# Get their IP
curl ifconfig.co

# Setup port forwarding on their router to get access
# ssh [email protected]
# Enable public key auth only, create a new user and disable root login when you have gained access

Enable remote SSH access to Ubuntu 14.04 LTS Live - Comments

OpenVPN with DNS AdBlocking using Docker

18 October 2015

OpenVPN and DNS AdBlocking is a useful way to block ads on your smartphone without having to root it. This post describes how to setup such a service on your own server.

The idea is to set a DNS server in your OpenVPN DHCP options to push to clients. The DNS server runs in another Docker container and uses hosts files to block ads, trackers etc.

  1. See https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-14-04 as an example of how to set up an OpenVPN Docker container on a Ubuntu VPS. At the ovpn_genconfig step, set -n so there is only a single placeholder DNS server to overwrite later on. Otherwise your settings will fallback to Google’s secondary DNS.

  2. Setup the DNS container, this uses dnsmasq to block the bad hosts:

    git clone https://github.com/arthurkay/sagittarius-A && cd sagittarius-A && ./build.sh
  3. Run the dnsmasq container:

    docker rm saga-dns; docker run --restart=always --name=saga-dns --expose 53 --cap-add=NET_ADMIN arthurkay/sagittarius-a &

We expose port 53 explicitly as the file does not currently contain an EXPOSE directive.

  1. Run the OpenVPN container, linking to the saga-dns container:

    docker rm openvpn; docker run --restart=always --volumes-from ovpn-data --name openvpn --link saga-dns:saga-dns -p 1194:1194/udp --cap-add=NET_ADMIN kylemanna/openvpn bash -c 'sed -i -E "s/(push dhcp-option DNS).*/\1 $SAGA_DNS_PORT_53_TCP_ADDR/" /etc/openvpn/openvpn.conf && ovpn_run' &

This updates the saga-dns container’s IP in the OpenVPN config before running OpenVPN.

(Hopefully) enjoy much faster browsing and less tracking on your mobile devices.

OpenVPN with DNS AdBlocking using Docker - Comments

Delete fdupes duplicates by directory

24 May 2015

A quick script to process fdupes output and allow interactive selection of files to delete. Differs from the built-in fdupes prompts in that you can select directories to condemn.

Delete fdupes duplicates by directory - Comments

Fixing php5-fpm and Apache hanging with WordPress

23 March 2015

I had issues with Apache periodically hanging (failing to deliver a response body to any requests) on all my vhosts. This turned out to be solved by restarting php5-fpm. I enabled the slowlog in php5-fpm to try and find out which scripts were stalling:

sudo mkdir -p /var/log/php5-fpm
sudo vim /etc/php5/fpm/pool.d/www.conf
; The log file for slow requests
; Default Value: not set
; Note: slowlog is mandatory if request_slowlog_timeout is set
slowlog = /var/log/php5-fpm/$pool.log.slow

; The timeout for serving a single request after which a PHP backtrace will be
; dumped to the 'slowlog' file. A value of '0s' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
request_slowlog_timeout = 5s

After a day or so I read the logs and found lots of slow requests to xmlrpc.php for WordPress vhosts.

A crude but effective solution is to block requests to the XML-RPC and Trackback APIs. These features are sometimes targeted by bots for brute force login attempts. I do not use them so I don’t mind disabling them entirely.

Edit your Apache vhost configuration (or .htaccess if you don’t have access to this):

<FilesMatch "^(xmlrpc\.php|wp-trackback\.php)">
Order Deny,Allow
Deny from all
#Allow from x.x.x.x

I noticed considerably lower latency when serving requests to PHP pages after this change.

Fixing php5-fpm and Apache hanging with WordPress - Comments

Block Facebook Trending News with µBlock

24 January 2015

To create a new filter:

  1. Open the µBlock dashboard by clicking the µBlock icon, then the header text that says ‘µBlock ’.
  • Click ‘My filters’
  • Add:
  • Apply Changes.

Block Facebook Trending News with µBlock - Comments