Category: Computer

Computer is miraculous!

Move Docker Directory

Posted on by Bian Xi Leave a Comment on Move Docker Directory

Move Docker Directory

Docker directory is /var/lib/docker. As /var should be a system directory, and most of the files in /var are log files, security related files, etc.

Docker is a application, which contains huge container data, move /var/lib/docker to data disk should be the good practice.

Methods

The are two methods I used to move /var/lib/docker directory.

Change Docker config

In /etc/docker/daemon.json file, add following entry.

{
   "data-root": "/path/to/your/docker" 
}

This makes the Docker implementation become non-standard, but as some other settings in this file also need to be set as well, such as Docker log file size, etc., this can be a normal practise for those system not many administrators.

Create soft link

Move /var/lib/docker to another location using mv command, then create a soft link /var/lib/docker point to new location.

This can be a simple and clear way, because system administrator can easily find the location without pre-check docker configuration, especially if predefined commands are required to be provided to others.

Drawback

For the first method, changing Docker configuration, although the non-standard configuration used, but Docker knows the location of data.

For the second method, adminstrator knows file location, but Docker doesn't know. So, if Docker likes to optimize the system, it might get wrong info.

References

How to move docker data directory to another location on Ubuntu

iMac waked up regularly

Posted on by Bian Xi Leave a Comment on iMac waked up regularly

iMac waked up regularly

My iMac keeps waking up, although this wasn't a problem for my Mac mini, it is an issue for my iMac. The difference between is, iMac got very annoying fan noise, even no activity.

Many factors

There are so many factors to wake iMac up according to Apple, but I think the may reason is Timemachine. The option of Wake for network access in Energy Saver is for the tasks to be taken during sleep, including Timemachine. But this option is related to wake up on LAN as well, then if I need WoL, I can not turn off this option.

There is also no Do not disturb option in my this iMac, it has older macOS High Sierra.

Issue

The actual issue caused annoying problem, is Timemachine has no scheduling.

Another issue

Unlike some other OS, iMac won't maintain ssh connection after sleeped. This is a huge issue to me because I use ssh heavily. Thinking to configure VPN, and use VPN to connect to other servers, maybe can maintain connection.

References

If your Mac sleeps or wakes unexpectedly

Domain Name ICP Filing in China

Posted on by Bian Xi Leave a Comment on Domain Name ICP Filing in China

Domain Name ICP Filing in China

Domain name ICP Filing in China is a process required if you want to open a web page in China, I spent more than 2 days, but still can not get it done.

Blocking if no ICP Filing

If no ICP Filing, Cloud provide will block the server access according to TCP package info, meaning they will drop the TCP packet if there is a domain name did not complete ICP Filing.

Certification Required

If you like to do ICP Filing, then you need to provide Certification of Domain Name.

I bought domain name from Geocity last time, then they changed to Yahoo, now they move to Verizon... Anyway, none of them provided such certificate... I sent request to Verizon helpdesk, no reply at all...

Buy a new one

Believe me, no point to argue with anyone in China, you will always be a loser. So, buy the new one in Cloud service provider. Then...

WARNING

Registrant Profile

According to the requirements of ICANN policies, the domain name holder's email address must be truthful and accurate. Before using a template, you must complete email address authenticity verification.Learn More

Tips:1. The common domain names(None CN domain) you bought at Alibaba Cloud can not be either ICP filinged in the mainland of China or pass the Real Name Verification(RNV).
2. The CN domain names you bought at Alibaba Cloud, request by CNNIC, please complete real name verification in time, or else you cannot use it normally. And even you have done for real name verification, it still cannot be ICP filinged.

Look carefully of the last statement...

Then what?

You buy one with CN domain name, passed real name verification, but still can not... Then why buy such domain?

References

GoChina ICP Filing Assistant

Replace Contents in NGINX

Posted on by Bian Xi Leave a Comment on Replace Contents in NGINX

Replace Contents in NGINX

The content of a webpage contains URL or other information need to be replaced, especially when domain name changed in URL.

sub_filter

Use sub_filter module in NGINX to replace content.

For example,

server {
    ```
    location / {
        sub_filter 'www.example.com' 'www.xx.example.com';
        sub_filter_once on;

        proxy_pass  http://www.example.com;
        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
        proxy_redirect off;
        proxy_buffering off;
        proxy_set_header        Host            $host;
        proxy_set_header        X-Real-IP       $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
   }
}

Note: Place sub_filter at beginning of the location session

If required, also need to change host to allow server decide which page requested if it is also a NGINX server and displays page depending on the host as well.

proxy_set_header        Host            www.example.com;

References

Module ngx_http_sub_module
http_sub_module / sub_filter of nginx and reverse proxy not working

Add a website to Google

Posted on by Bian Xi Leave a Comment on Add a website to Google

Add a website to Google

To allow Google search a website.

Allow search engine

In WordPress, to allow search engine indexing

  • Settings => Reading
  • Uncheck Discourage search engines from indexing this site

Allow Google discovery

Verify

  • Visit site:your_website in google.com

If indexed, then will return result.

References

WordPress Help
How to add a website to Google: All you need to know

Using wildcard DNS record

Posted on by Bian Xi Leave a Comment on Using wildcard DNS record

Using wildcard DNS record

Using wildcard in DNS A or CNAME can reduce maintenance work, but this also has some drawback.

Pros

Updating DNS will take time, not only needs time to edit DNS entries, but also the DNS broadcast time, which can take more than 30 minutes to update an existing entry in other DNS server, and some DNS server can take even longer.

If use widecard, there is no editing requirement.

Cons

Search suffix

If /etc/resolv.conf has entry as below

search example.com

When searching for google.com, It might hit google.com.example.com if wildcard used, because google.com.example.com will return IP address as same as example.com.

Caching

Without editing entry, the some DNS servers might still caching old data. For example, if you have both wildcard *.example.com and a specific entry ftp.example.com, and you decided to remove ftp.example.com, the wildcard might not take effect.

Accessing non-exist domain

If using browser access undefined domain name, and hit the web server, using NGINX can perform redirect to change URL. This can fix the issues which web coding based on current URL.

server {
    listen 80;
    server_name *.mywebsite.tld;
    return 301 $scheme://mywebsite.tld$request_uri;
    }

server {
    listen  80;
    server_name mywebsite.tld;
    [...]
    }

References

Is a wildcard DNS record bad practice?

Reboot hung on lvm2-monitor.service on Ubuntu

Posted on by Bian Xi Leave a Comment on Reboot hung on lvm2-monitor.service on Ubuntu

Reboot hung on lvm2-monitor.service on Ubuntu

Keep getting following error message during reboot

...a stop job is running for monitoring of lvm2 mirrors...

But the system has no lvm volume at all.

Some people said, this service is to fix bug on BTRFS snapshot.

Action

I disabled it, because I also don't use BTRFS snapshot currently.

References

Thread: Are lvm2- services necessary on my system

Change Apache SSL certificate

Posted on by Bian Xi Leave a Comment on Change Apache SSL certificate

Change Apache SSL certificate

Steps

Retrieve certificate

Download certificate from Synology

  • Open Control Panel
  • Select Security
  • Select Certificate tab
  • Right click certificate and select Export certificate

The output includes cert.pem, chain.pem, and privkey.pem in archive file or folder.

Merge certificate and chain

Concatenate certificate file and chain file into one file called cert-with-chain.pem or fullchain.pem

Deploy certificate files

  • Create a folder in apache configuration folder, such certs/
  • Copy cert-with-chain.pem and privkey.pem file into certs/ folder.

Setup Apache

This can be done by changing Apache configuration or change the make soft link to the files which configuration used.

Apache configuration items

SSLCertificateFile      /data/certs/cert-with-chain.pem
SSLCertificateKeyFile /data/certs/privkey.key

Replace Certificate in Synology NAS

Posted on by Bian Xi Leave a Comment on Replace Certificate in Synology NAS

Replace Certificate in Synology NAS

Fill up info

Following steps can be used to replace certificate (not renew) in Synology NAS user interface.

  • Go to Control Panel -> Security -> Certificate
  • Select Add -> Add
  • Select Replace an existing certificate
  • Choose the certificate to be replaced
  • Select Get a certificate from Let's Encrypt
  • Fill up info, includes domain, email, alias (seperated by semi-colons)

Change port forwarding

Now, make sure Synology NAS can be accessed from internet via port forwarding at port 80 and 443 if required.

Suggest using A * record in DNS entry to avoid DNS change. Use NGINX to redirect traffic to this host.

Generate

Then generate certificate.

DNS Configuration Basic

Posted on by Bian Xi Leave a Comment on DNS Configuration Basic

DNS Configuration Basic

Define subdomain using IP address

A record to define a subdomain to IP

A   www 192.168.1.1

Define subdomain using host

CNAME record to define a subdomain to IP

CNAME   www www.example.com

Default host for all subdomains

Following record is to give IP address of www.example.com to all subdomains.

CNAME   *   www.example.com

Default IP for domain

Use @ in A record.

A   @   192.168.1.1

Default EMAIL server

MX  mail.example.com    20

Note: The number is Priority