dah85.com

*not* just another blog ;)

Quick Tip

Quick tips

I recently needed to find a quick, simple way to download some files from my seedbox - a server that simply downloads torrents and then I can either watch them in Plex (for example new episodes of an Open Source TV show) or download them to my computer over HTTP.

The simplest way I could find is by using Python! Let's say we want to open up port 12345 for this purpose, what we would do then is open a terminal in the directory where the files live (let's say it's /var/media) and run the command to start a HTTP server on port 12345 listing the files in /var/media:

cd /var/media
python -m SimpleHTTPServer 12345

You'll now see something like this:

Serving HTTP on 0.0.0.0 port 12345 ...

All you need to do then is go to your server, for example http://yourserver.com:12345/ and you can easily download your files from there.

When I was setting up my dedicated server for the first time, I wanted to be able to set up multiple KVM or LXC containers that share the same public IP address, since my dedicated server only has 1.

From what I understood, Proxmox was designed to allow each VPS to have it's own public IP but this wouldn't suit.

I searched the internet for hours trying to find a solution, and it turned out to be relatively simple.

What we need to do is edit the /etc/network/interfaces file and enable a few things; ipv4 forwarding and some iptables rules. Yuck! That sounds like hard work, but it's actually simple, especially if you like to copy/paste :)

What we are going to do is set the dedicated server up with an "internal" network, and that's where the VMs will communicate. They can communicate with each other, as well as the host server.

Before I post the contents of the /etc/network/interfaces file, I will point out a few things that you may need to change depending on your setup. The main thing is the way your network is laid out, mine looks like this:

Dedicated Server/Proxmox Server Public IP: x.x.x.x Internal IP: 10.10.10.1

VM 1 Internal IP: 10.10.10.10

VM 2 Internal IP: 10.10.10.11

Let's say I want to run a web server on port 80 on VM 1 and an FTP server on VM 2, I would need to forward port 80 from the Proxmox public IP to port 80 on VM 1. I would also need to forward port 21 from Proxmox to port 21 on VM 2.

To complicate things, and for extra points, if you wanted to have multiple FTP servers for example on VM 1 and VM 2 then we can change the port on the Proxmox server - for example port 2121 goes to VM 1 and port 2222 goes to VM 2.

Have a look at your /etc/network/interfaces file:

nano /etc/network/interfaces

Mine looks a little like this:

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug eth0
iface eth0 inet static
        address X.X.X.X
        netmask 255.255.255.252
        gateway X.X.X.1

Yours will be different, but very similar. The main thing we need to take note of if the interface - mine is eth0, and I believe in most cases that's what it would be, but just double check because if it's not the next part will need to be modified.

Basically that is the basic setup to get your Proxmox server talking to the internet, but it doesn't do anything for VM 1 or VM 2, until we add this underneath the above:

auto vmbr0
#private sub network
iface vmbr0 inet static
        address  10.10.10.1
        netmask  255.255.255.0
        bridge_ports none
        bridge_stp off
        bridge_fd 0

        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up   iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o eth0 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o eth0 -j MASQUERADE

This gives the Proxmox host an internal network called "vmbr0", with an IP of 10.10.10.1, and it also enabled ipv4 forwarding and sets up the basic iptables config. Notice how it refers to eth0 - if your interface is different then change it to that.

So at this stage we've created the internal network, and the VMs will be able to use this new network "vmbr0" to access the internet, but it's not going to allow incoming connections or port forwarding until we add the next bit:

post-up iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 10.10.10.10:80
post-down iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 10.10.10.10:80

This will take anything that's sent to your Proxmox public IP on port 80 and forward it to port 80 on 10.10.10.10 (which is VM 1 in this example)

If you wanted to forward port 8080, for example, to port 80 on the VM, you could change it to this:

post-up iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8080 -j DNAT --to 10.10.10.10:80
post-down iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 8080 -j DNAT --to 10.10.10.10:80

You'll notice there are 2 lines, post-up and post-down, which means when the connection goes up it will set up the forwarding and when it goes down it will remove the forwarding.

Go ahead and repeat the process for any VMs you have and the ports you'd like to be forwarded.

So, now that we've added the network config, we need to reboot to make it take effect. See you after the reboot...

... okay, so we're back.

Hopefully everything is fine at this stage and you're still able to access your Proxmox.

Let's move onto the next part, which is setting up the VM themselves with this new config.

I will walk through adding a new VM.

Let's create a new LXC container, "click Create CT".

Give it a hostname, can be anything, choose the image etc and wait at the Network tab.

For IP address, we need to give it the STATIC IP in the range we set before, so if you're following this example it would be 10.10.10.10/24 - notice the /24 at the end, leave that in otherwise it won't work.

The gateway will be 10.10.10.1

Note that DHCP will not work, you MUST set the IP yourself.

The DNS settings, you can either leave blank or fill it in. My advice would be leave it blank, and if you can't resolve a hostname in the VM then go back and change it. The best test is to "ping google.com" and if it fails, try to "ping 8.8.8.8" if that works it needs the DNS to be set up.

Now you've got it set up, your port forwarding should work!

Setting up rclone with hubic

- Posted in Quick Tip by with comments

In this post, we'll be setting up rclone with hubic, as requested by one of my readers :)

We will assume that you already have rclone installed, but just in case you don't, refer to the last post here with the details.

Okay, so if you followed the tutorial above we have rclone installed in ~/rclone-v1.39-linux-amd64

By the way, in case you didn't know, ~ is a shortcut for your home directory, so instead of having to do "cd /home/david" you can just do "cd ~"

Let's move along...

First, we'll run the rclone config:

rclone config

Then we'll set it up, just type or copy/paste the following one line at a time:

n
hubic
11
<enter>
<enter>
n

So, instead of having a nice link to click on we need to do something slightly different. It needs you to install rclone on a computer that has a web browser, so if you're running Windows click here to download rclone for Windows.

Since I'm going step by step, I'll include what to do with the rclone download in Windows :)

  1. Open the .zip file by double clicking on it, and drag the file "rsync.exe" to the desktop.
  2. Click your start menu (or press the Windows logo key on your keyboard) and type "cmd" - this should get you into the command prompt.
  3. Change into the Desktop folder by doing this:

    cd Desktop

  4. Now, we need to get a code to put in the rclone setup on the seedbox:

    rclone authorize "hubic"

  5. You need to sign in with your hubic login details, once you've done that, the command prompt will have some code for you to copy and paste into the terminal of your seedbox. (Note, if you're having problems copying from command prompt, right click and select "Mark" then highlight the code and right click again to save it in the clipboard, now you can paste it)

  6. The code should look like this: {"access_token":"VIhLVq7ChEidx6MickifbldhktyAlKpRocVcYkrnaDrwid1RKdSYMMMMm0X0qEOy","token_type":"Bearer","refresh_token":"EmT3zR0B7ZFt9SVtT51YNHjNDDrKu1PmMyBTiLfCcj2sWlHAtUR5bILEW1lUhL07","expiry":"2018-02-05T03:18:42.5584951+10:00"}

  7. Go ahead and paste that in the seedbox terminal where we were setting up rclone.

  8. When I tried it, it didn't work at first so I had to paste it into notepad and make it all into 1 line and then copy it and paste it again and it worked. Once you got to that stage, you can close the windows command prompt.

In the rclone setup your seedbox:

y

If you see the following, then it worked:

Current remotes:

Name                 Type
====                 ====
hubic                hubic

Now we can quit the rclone setup:

q

Let's see what files are on hubic:

rclone lsd hubic:

Be sure to keep the : at the end, oh, and change it from hubic to whatever you named it.

You should see a list of files on your hubic. If so, success!

Now, to put files onto your hubic, let's assume you want to copy a folder and it's files from /var/media to a folder on your hubic called media, let's do this:

rclone copy /var/media hubic:default/media

If you put it in the default folder it will appear in the hubic web site, if you don't put it in default then it will still be on your storage but you can't see it on the website.

If you want to see the speed while it's uploading, do this:

rclone -v --stats 1000ms copy /var/media hubic:default/media

That will print the speed every 1 second (1000ms) but it takes a few seconds for it to start the transfer and then it will show the speed.

And you've successfully set up rclone with hubic :)

WiFi on Acer Swift 5 in Ubuntu

- Posted in Quick Tip by with comments

I have recently in the past few months purchased an Acer Swift 5 laptop and it's an amazing laptop with a full HD 1080 screen, 256mb nvme drive and an i7 processor, plus excellent wifi.

The problem is that with the WiFi, it will drop out occasionally and while I've been able to deal with it just assuming it's an issue with the network or just the noisy 2.4/5ghz band around here, it turns out it's actually an issue with my laptop!

The specific problem is with the power management in Ubuntu for some reason shutting the wifi off when it thinks it needs to, even if I have it plugged into power.

The solution!:

sudo nano /etc/NetworkManager/conf.d/default-wifi-powersave-on.conf

You will see a line that looks like this:

wifi.powersave = 3

We need to change that so it says:

wifi.powersave = 2

The difference being that 3 means power management will be used if available, and 2 means to disable power management.

Once you've made the change, save and reboot. Your wifi will not drop anymore (unless there's an actual issue with your wifi of course)

Let me know if that's helped anyone else with the same thing, for all I know this could affect other laptops, possibly even other brands.

As requested by one of my readers, here's how to set up rclone with Google Drive for use with a seedbox.

I'm using Ubuntu 16.04 and this seedbox script: https://github.com/arakasi72/rtinst

I assume that's already set up nicely, now we move on to rclone.

First, we update and install what we need (unzip):

sudo apt update ; sudo apt install -y unzip

Then, we'll download the rclone files into your home directory:

cd ~ 
wget --no-check-certificate https://downloads.rclone.org/rclone-v1.39-linux-amd64.zip

After that, we unzip it:

unzip rclone-v1.39-linux-amd64.zip

Then change into it's folder:

cd rclone-v1.39-linux-amd64

Now, we'll install it to /usr/bin/ so that we can call it from anywhere:

sudo cp rclone /usr/bin/

Now, it's time to set it up!

rclone config

It will ask a bunch of questions, here's how I answered them (just do it in the same order, only change the name of the "remote" from gdrivetest to whatever you wanna call it)

n
gdrivetest
10
<enter>
<enter>
<enter>
n

Here it will give you a link, go ahead and open that on your computer, sign into the google account you want to use and then it will give you a key for example

4/JoTB6qB8Bgrk-i66i9yOIBj1D1234mSM1HTDrDjGw1Y

Go ahead and paste that code (not mine, yours!) into the rclone installer and press

Let's continue:

n
y
q

So, right now we just created a remote called gdrive test.

To test it, now type:

rclone lsd gdrivetest:

Be sure to keep the : at the end, oh, and change it from gdrivetest to whatever you named it.

You should see a list of files on your Google Drive. If so, success!

Now, to put files onto your Google Drive, let's assume you want to copy a folder and it's files from /var/media to a folder on your Google Drive called media, let's do this:

rclone copy /var/media gdrivetest:media

And you've successfully set up rclone with Google Drive :)

It's a long-winded title, but it's fitting.

I was trying to work out how to set up VestaCP so that when someone visits the IP of the server, it can go to a specific website instead of the first website that was configured, which in my case, is not desired.

So basically what made me want to do this is there seem to be a lot of domains that are still pointing to my IP and I'd like to capture that traffic and forward them to my web design page just.

What we are going to do is change the order in which VestaCP and Apache will look at websites in this case.

First, we'll edit /etc/apache2/conf.d/vesta.conf

nano /etc/apache2/conf.d/vesta.conf 

Then move the website you want to the top of the list, then save (control+x)

Once you've done that, we need to restart nginx and apache

service apache2 restart
service nginx restart

Now when you go to the website by the IP or a domain that's not hosted by you, it'll forward to the first website in that list. Neat, eh?

Redirecting domains with VestaCP

- Posted in Quick Tip by with comments

I have been looking for a way to redirect domain1.com to domain2.com even if the address is domain1.com/blah/random it will always redirect to domain2.com

We need to make a .htaccess file in the public_html folder and add the following:

RewriteEngine on
RewriteCond %{HTTP_HOST} ^domain1.com [NC,OR]
RewriteCond %{HTTP_HOST} ^www.domain1.com [NC]
RewriteRule ^(.*)$ http://domain2.com/ [L,R=301,NC]

If we want it to forward them like this, example1.com/blah to example2.com/blah, we'd use:

RewriteEngine on
RewriteCond %{HTTP_HOST} ^domain1.com [NC,OR]
RewriteCond %{HTTP_HOST} ^www.domain1.com [NC]
RewriteRule ^(.*)$ http://domain2.com/$1 [L,R=301,NC]

In a previous post I spoke about setting up the SSL cert for mail, but the web interface also needs SSL set up. The steps are actually similar, but without the extra bit for mail.

Here's what I did to fix it, just make sure you replace the example with your own domain. If you aren't running as root, use these commands otherwise put sudo in front of them all:

ln -s /home/admin/conf/web/ssl.example.com.pem /usr/local/vesta/ssl/certificate.crt
ln -s /home/admin/conf/web/ssl.example.com.key /usr/local/vesta/ssl/certificate.key

If that didn't do the trick, restart apache and vestacp and it will now work with your new cert :)

Setting up SSL for Mail in VestaCP

- Posted in Quick Tip by with comments

I'm still playing with my VestaCP install, and I've found that the outgoing mail doesn't work correctly when using Thunderbird or any other mail client except webmail which works perfectly.

It turns out there's an issue with the SSL certificates and EXIM (the mail server)

Here's what I did to fix it, just make sure you replace the example with your own domain. If you aren't running as root, use these commands otherwise put sudo in front of them all:

ln -s /home/admin/conf/web/ssl.example.com.pem /usr/local/vesta/ssl/certificate.crt
ln -s /home/admin/conf/web/ssl.example.com.key /usr/local/vesta/ssl/certificate.key

setfacl -m user:Debian-exim:r-- /home/admin/conf/web/ssl.example.com.pem
setfacl -m user:Debian-exim:r-- /home/admin/conf/web/ssl.example.com.key

chgrp mail /home/admin/conf/web/ssl.example.com.pem
chmod 660 /home/admin/conf/web/ssl.example.com.pem
chgrp mail /home/admin/conf/web/ssl.example.com.key
chmod 660 /home/admin/conf/web/ssl.example.com.key

Now you should be able to send email from a mail client without it complaining about certificates :)

Finding the SQL password in VestaCP

- Posted in Quick Tip by with comments

I've been playing with VestaCP lately, getting it all set up the way I like and I had a need to manually edit the databases and found that there was a root password set that I never set.

The password is hidden away in a file, to get to it do this:

sudo nano /usr/local/vesta/conf/mysql.conf

You'll find the password in there :)