Month: November 2021

iMac waked up regularly

Posted on by Bian Xi Leave a Comment on iMac waked up regularly

iMac waked up regularly

My iMac keeps waking up, although this wasn't a problem for my Mac mini, it is an issue for my iMac. The difference between is, iMac got very annoying fan noise, even no activity.

Many factors

There are so many factors to wake iMac up according to Apple, but I think the may reason is Timemachine. The option of Wake for network access in Energy Saver is for the tasks to be taken during sleep, including Timemachine. But this option is related to wake up on LAN as well, then if I need WoL, I can not turn off this option.

There is also no Do not disturb option in my this iMac, it has older macOS High Sierra.

Issue

The actual issue caused annoying problem, is Timemachine has no scheduling.

Another issue

Unlike some other OS, iMac won't maintain ssh connection after sleeped. This is a huge issue to me because I use ssh heavily. Thinking to configure VPN, and use VPN to connect to other servers, maybe can maintain connection.

References

If your Mac sleeps or wakes unexpectedly

Domain Name ICP Filing in China

Posted on by Bian Xi Leave a Comment on Domain Name ICP Filing in China

Domain Name ICP Filing in China

Domain name ICP Filing in China is a process required if you want to open a web page in China, I spent more than 2 days, but still can not get it done.

Blocking if no ICP Filing

If no ICP Filing, Cloud provide will block the server access according to TCP package info, meaning they will drop the TCP packet if there is a domain name did not complete ICP Filing.

Certification Required

If you like to do ICP Filing, then you need to provide Certification of Domain Name.

I bought domain name from Geocity last time, then they changed to Yahoo, now they move to Verizon... Anyway, none of them provided such certificate... I sent request to Verizon helpdesk, no reply at all...

Buy a new one

Believe me, no point to argue with anyone in China, you will always be a loser. So, buy the new one in Cloud service provider. Then...

WARNING

Registrant Profile

According to the requirements of ICANN policies, the domain name holder's email address must be truthful and accurate. Before using a template, you must complete email address authenticity verification.Learn More

Tips:1. The common domain names(None CN domain) you bought at Alibaba Cloud can not be either ICP filinged in the mainland of China or pass the Real Name Verification(RNV).
2. The CN domain names you bought at Alibaba Cloud, request by CNNIC, please complete real name verification in time, or else you cannot use it normally. And even you have done for real name verification, it still cannot be ICP filinged.

Look carefully of the last statement...

Then what?

You buy one with CN domain name, passed real name verification, but still can not... Then why buy such domain?

References

GoChina ICP Filing Assistant

Replace Contents in NGINX

Posted on by Bian Xi Leave a Comment on Replace Contents in NGINX

Replace Contents in NGINX

The content of a webpage contains URL or other information need to be replaced, especially when domain name changed in URL.

sub_filter

Use sub_filter module in NGINX to replace content.

For example,

server {
    ```
    location / {
        sub_filter 'www.example.com' 'www.xx.example.com';
        sub_filter_once on;

        proxy_pass  http://www.example.com;
        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
        proxy_redirect off;
        proxy_buffering off;
        proxy_set_header        Host            $host;
        proxy_set_header        X-Real-IP       $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
   }
}

Note: Place sub_filter at beginning of the location session

If required, also need to change host to allow server decide which page requested if it is also a NGINX server and displays page depending on the host as well.

proxy_set_header        Host            www.example.com;

References

Module ngx_http_sub_module
http_sub_module / sub_filter of nginx and reverse proxy not working

Add a website to Google

Posted on by Bian Xi Leave a Comment on Add a website to Google

Add a website to Google

To allow Google search a website.

Allow search engine

In WordPress, to allow search engine indexing

  • Settings => Reading
  • Uncheck Discourage search engines from indexing this site

Allow Google discovery

Verify

  • Visit site:your_website in google.com

If indexed, then will return result.

References

WordPress Help
How to add a website to Google: All you need to know

Using wildcard DNS record

Posted on by Bian Xi Leave a Comment on Using wildcard DNS record

Using wildcard DNS record

Using wildcard in DNS A or CNAME can reduce maintenance work, but this also has some drawback.

Pros

Updating DNS will take time, not only needs time to edit DNS entries, but also the DNS broadcast time, which can take more than 30 minutes to update an existing entry in other DNS server, and some DNS server can take even longer.

If use widecard, there is no editing requirement.

Cons

Search suffix

If /etc/resolv.conf has entry as below

search example.com

When searching for google.com, It might hit google.com.example.com if wildcard used, because google.com.example.com will return IP address as same as example.com.

Caching

Without editing entry, the some DNS servers might still caching old data. For example, if you have both wildcard *.example.com and a specific entry ftp.example.com, and you decided to remove ftp.example.com, the wildcard might not take effect.

Accessing non-exist domain

If using browser access undefined domain name, and hit the web server, using NGINX can perform redirect to change URL. This can fix the issues which web coding based on current URL.

server {
    listen 80;
    server_name *.mywebsite.tld;
    return 301 $scheme://mywebsite.tld$request_uri;
    }

server {
    listen  80;
    server_name mywebsite.tld;
    [...]
    }

References

Is a wildcard DNS record bad practice?

Reboot hung on lvm2-monitor.service on Ubuntu

Posted on by Bian Xi Leave a Comment on Reboot hung on lvm2-monitor.service on Ubuntu

Reboot hung on lvm2-monitor.service on Ubuntu

Keep getting following error message during reboot

...a stop job is running for monitoring of lvm2 mirrors...

But the system has no lvm volume at all.

Some people said, this service is to fix bug on BTRFS snapshot.

Action

I disabled it, because I also don't use BTRFS snapshot currently.

References

Thread: Are lvm2- services necessary on my system

DNS Configuration Basic

Posted on by Bian Xi Leave a Comment on DNS Configuration Basic

DNS Configuration Basic

Define subdomain using IP address

A record to define a subdomain to IP

A   www 192.168.1.1

Define subdomain using host

CNAME record to define a subdomain to IP

CNAME   www www.example.com

Default host for all subdomains

Following record is to give IP address of www.example.com to all subdomains.

CNAME   *   www.example.com

Default IP for domain

Use @ in A record.

A   @   192.168.1.1

Default EMAIL server

MX  mail.example.com    20

Note: The number is Priority

Change Apache SSL certificate

Posted on by Bian Xi Leave a Comment on Change Apache SSL certificate

Change Apache SSL certificate

Steps

Retrieve certificate

Download certificate from Synology

  • Open Control Panel
  • Select Security
  • Select Certificate tab
  • Right click certificate and select Export certificate

The output includes cert.pem, chain.pem, and privkey.pem in archive file or folder.

Merge certificate and chain

Concatenate certificate file and chain file into one file called cert-with-chain.pem or fullchain.pem

Deploy certificate files

  • Create a folder in apache configuration folder, such certs/
  • Copy cert-with-chain.pem and privkey.pem file into certs/ folder.

Setup Apache

This can be done by changing Apache configuration or change the make soft link to the files which configuration used.

Apache configuration items

SSLCertificateFile      /data/certs/cert-with-chain.pem
SSLCertificateKeyFile /data/certs/privkey.key

Install a NextCloud server using old MacBook Pro

Posted on by Bian Xi Leave a Comment on Install a NextCloud server using old MacBook Pro

Install a NextCloud server using old MacBook Pro

The plan is to install ubuntu OS on MacBook Pro with core 2 due CPU, then install NextCloud as docker container.

Install Ubuntu Server

The installation had been done on MacBook Pro with iSCSI root partition.

Refer to Ubuntu with UEFI iSCSI root on x86_64 for details.

Install NextCloudPi docker

The NextCloudPi docker image has all necessary components to run NextCloud server, and it is easy for start up.

Steps

Installation

Run following command, IP is the IP address of the server itself.

docker run -d -p 4443:4443 -p 443:443 -p 80:80 -v /app/nc/data:/data --name nextcloudpi ownyourbits/nextcloudpi-x86 $IP

Activate

Access URL https://$IP:4443/, record two pair of user id and password

  • NextCloudPi web interface at port 4443
  • NextCloud at port 443

Update patches

Login to NextCloudPi web interface (port 4443), execute tasks under Updates.

Set Maintenance Mode off

If there was a failure, server went to maintenance mode, then update config/config.php accordingly.

'maintenance' => false,

Another method is using NextCloudPi web interface (port 4443), Tools -> nc-maintenance to disable.

Configure incoming access

Enable new trust domain

Add the newly registered domain name in NGINX and Let's Encrypt in config/config.php

'trusted_domains' =>
array (
  0 => '192.168.0.29',
  1 => 'cloud.example.com',
),

Another method is using NextCloudPi web interface (port 4443), config -> nc-trusted-domains to configure.

Clients' configuration

Using CalDAV to add account for Calendar and Contacts.
Install Password Manager App

Local by pass proxy

To by pass proxy, the internal DNS server needs to point the IP address of nextcloud server to internal server IP. For example, add alias for nextcloud server IP in dnsmasq host entry.

After that, needs to install same certificates in proxy into nextcloudpi server. There are quite number of answers in Internet, but none of them works.

End up, I changed the certificates used in apache2 configuration using following steps

Change Apache SSL certificate

References

NextCloudPi dockers for x86 and ARM
NextCloudPi docker for Raspberry Pi
How to get started with NCP docker
HowTo: Add a new trusted domain
Synchronizing with iOS
Synchronizing with macOS

Configure different target based on incoming domain in NGINX

Posted on by Bian Xi Leave a Comment on Configure different target based on incoming domain in NGINX

Configure different target based on incoming domain in NGINX

NGINX can divert incoming request to different server based on domain name given in browser.

Usage

If there are a few application, such as 192.168.1.1 for faq.example.com, 192.168.1.2 for www.example.com, etc.

Configuration

Following configuration can be used for diverting request for faq requests.

server {
    server_name  faq.example.com;

    # SSL configuration
    listen 443 ssl;

    ssl_certificate     conf.d/www.example.com.crt;
    ssl_certificate_key conf.d/www.example.com.key;

    location / {
        proxy_pass  'https://192.168.1.1:443';
        proxy_http_version 1.1;
        proxy_buffering off;
        proxy_read_timeout    90;
        proxy_connect_timeout 90;
        proxy_redirect        off;
        proxy_set_header Host $host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Port 443;
        proxy_set_header Proxy "";
    }

    client_max_body_size 64M;
}

server {
    listen       80;
    server_name  faq.example.com;

    return 301 https://$host$request_uri;
}