Linux (or macOS) related
Tunnel Apple AirPlay/Bonjour across zones in OpenWRT Firewall
I've separated my wifi on my OpenWRT (18.06.2) router (Netgear R7800) in a guest zone and a lan zone for security purposes (well not really, I did it because it was possible). One service I want to allow from guest -> lan zone is Airplay, which uses multicast traffic (Bonjour). It turns out to be very simple to forward Airplay somewhat difficult to diagnose or get this working. In the end I made the AppleTV part of two zones by connecting LAN to local zone and WLAN to guest zone.
Some required steps include (but are not sufficient):
Read more »
Some required steps include (but are not sufficient):
- Install avahi-utils, avahi-dbus-daemon, libavahi-client and libavahi-dbus-support as suggested by this post
- Forward ports from guest -> lan as listed by Apple
- Power cycle/reboot router, AppleTV, and clients (just to be sure)
- Profit! --> still doesn't seem to work stable
Read more »
InfluxDB retention policy and data downsampling
Goal: set up data downsampling scheme on existing collectd data.
This article elaborates the official InfluxDB guide here (https://docs.influxdata.c...wnsampling_and_retention/)
where we already have a database with existing measurements that we want to
keep.
I'd like to downsample my collectd data on ping, memory, load, etc. data from
two machines. I only want high (minute) time resolution for a few days, then
downsample to save space.
Update:
Read more »
This article elaborates the official InfluxDB guide here (https://docs.influxdata.c...wnsampling_and_retention/)
where we already have a database with existing measurements that we want to
keep.
I'd like to downsample my collectd data on ping, memory, load, etc. data from
two machines. I only want high (minute) time resolution for a few days, then
downsample to save space.
Update:
- instead of using different field/measurement names (e.g. mean_value in ping_hourly), one can use the same measurement and field name to make querying more easy.
- using grafana variables, one can use dynamic retention policy (RP) use, e.g. use the right RP for the right time range
Read more »
Speeding up an nginx webserver
After properly securing my nginx webserver, I tweaked the cache and connecting settings to improve performance as measured by www.webpagetest.org which I documented below.
The results are as follows, I achieved a 3.2x faster document ready timing, and reduced bandwidth by 18x.
Read more »
The results are as follows, I achieved a 3.2x faster document ready timing, and reduced bandwidth by 18x.
Read more »
Setting up an A+-grade nginx SSL server
Because I don't want to expose smarthome dashboards (like domoticz or grafana) directly to the internet, I've set up a separate server to publish data beyond my local network. For this I've chosen nginx using let's encrypt certificates renewed by certbot, enabling hsts and fixing the logjam vulnerability.
Read more »
Read more »
StrongSwan IKEv2 VPN on Raspberry pi
Guide to set up road warrior VPN server (i.e. road warrior = mobile clients connecting to static server, vs e.g. site-to-site connection) using IKEv2 using strongswan on a raspberry pi. This guide is largely based on this digitalocean guide combined with ready-made strongswan configurations.
Update 20181224: added algo VPN configurator
Update 20190223: added cipher analysis / recommendation, clarified eth0 interface use on server, ESP/AH forwarding, added password generation one-liner.
Update 20200801: minor fixes in commands.
Read more »
Update 20181224: added algo VPN configurator
Update 20190223: added cipher analysis / recommendation, clarified eth0 interface use on server, ESP/AH forwarding, added password generation one-liner.
Update 20200801: minor fixes in commands.
Read more »