Blog - www.stoege.com

got Docker running with Traefik as ingress Loadbalancer ?

Just enable IPv6 like this.

daemon.json

cat << EOF > /etc/docker/daemon.json
{
  "ipv6": true,
  "fixed-cidr-v6": "2001:db8:1::/64"
}
EOF

Restart Services

systemctl reload docker

Check Netstat

# netstat -tulpen |grep docker
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      0          15788      977/docker-proxy    
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      0          17495      952/docker-proxy    
tcp6       0      0 :::80                   :::*                    LISTEN      0          15791      984/docker-proxy    
tcp6       0      0 :::443                  :::*                    LISTEN      0          15773      963/docker-proxy

Any Comments ?

sha256: 49c4ced1a834b70c143c7425e72ea72982f07f8d1a3e0a8fce9f08f14d3f7da6

Let’s have a look a the old and simple “cgi-bin” stuff on OpenBSD. The Webserver is written by the OpenBSD Guys, and it runs in a chrooted environment.

switch to cgi-bin dir

cd /var/www/cgi-bin/

ip.cgi

create the file under /var/www/cgi-bin called ‘ip.cgi’

cat << 'EOG' > ip.cgi
#!/bin/sh
cat << EOF
Content-type: text/html

<html><head>
<title>IP: $REMOTE_ADDR</title>
</head><body>
<p>Your IP address is: $REMOTE_ADDR</p>
</body></html>
EOF
EOG

Set Owner & Permission

chmod 500 ip.cgi
chown www ip.cgi

as we have the command “cat” in the Script, we need to have this binary in the chrooted HTTP of OpenBSD as well.

Running PHP on OpenBSD

yes, i know … it’s not rocket science .. but why not make a short post so other (or myself) can have a quick look if needed ?

pkg_info -Q php
pkg_add php--%8.2
pkg_add php-sqlite3--%8.2
pkg_add php-curl--%8.2

Set TimeZone

and allow short open tags

sed -i s'#date.timezone = UTC.*#date.timezone = Europe/Zurich#'  /etc/php-8.2.ini
sed -i s'#short_open_tag = Off.*#short_open_tag = On#'  /etc/php-8.2.ini

Install all Modules

if needed .. does not make sense for me :(

i like kuma. simple, flexibel, selfhosted, and open source. one thing i missed is an API for adding / modifing hosted services.

now, i found a webapi for kuma and gave a try.

pre-condition

you have some Maschine with Docker
you have traefik running, which can terminate TLS, handle Loadbalancing

docker-compose.yml

version: '3.3'

networks:
  traefik:
    external: true

volumes:
  uptime-kuma:
  api-db:

services:
  kuma:
    container_name: uptime-kuma
    image: louislam/uptime-kuma:1.19.6
    restart: always
    volumes:
      - uptime-kuma:/app/data
    networks:
      - traefik
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.kuma.rule=Host(`kuma.your.domain`)"
      - "traefik.http.routers.kuma.tls=true"

  api:
    container_name: backend
    image: medaziz11/uptimekuma_restapi:latest
    restart: always
    volumes:
      - ./db:/db:rwx
    environment:
      - KUMA_SERVER=${KUMA_SERVER:-http://kuma:3001}
      - KUMA_USERNAME=xxxxxx
      - KUMA_PASSWORD=xxxxxx
      - ADMIN_PASSWORD=xxxxxx
      - SECRET_KEY=${SECRET_KEY:-xxxxxx}
    depends_on:
      - kuma
    networks:
      - traefik

Get Token

# API
token=$(http --form POST 127.0.0.1:8001/login/access-token 'username=xxxxxx' 'password=xxxxxx' |jq '.access_token')

List Monitors

$ http -A bearer -a $token 127.0.0.1:8001/monitors
HTTP/1.1 200 OK
content-length: 15
content-type: application/json
date: Mon, 17 Apr 2023 04:48:59 GMT
server: uvicorn

{
    "monitors": []
}

Add Service

$ http -A bearer -a $token 127.0.0.1:8001/monitors type=http name=compass url=https://www.compass-security.com


HTTP/1.1 200 OK
content-length: 43
content-type: application/json
date: Mon, 17 Apr 2023 05:07:02 GMT
server: uvicorn


{
    "monitorID": 5,
    "msg": "Added Successfully."
}

Check Monitoring

$ http -A bearer -a $token 127.0.0.1:8001/monitors |jq '.monitors |map({id, name, url, active, interval})'
[
  {
    "id": 1,
    "name": "https://www.stoege.net",
    "url": "https://www.stoege.net",
    "active": true,
    "interval": 60
  },
  ... snip ...
  {
    "id": 5,
    "name": "compass",
    "url": "https://www.compass-security.com",
    "active": true,
    "interval": 60
  }
]

that’s great !

Selfhosting Comment

some people mentioned that they can’t commment on some blogs. let’s change that, even there is not lot of feedback. i appreciate and read every comment and interaction with you, my readers.

poeple who knows me that i like todo most of the stuff self. so, i’d never buy a “service” for hosting some comments. i’ve got enough infrastructure running so i can host and operate it on my own.

… just some Tests with a Selfhosted Comment System …

Any Comments ?

sha256: fb36d5cc6b606ccda2b76801b8272a47f07c51c1bb6b4c12d81d7c91f46eb060

When is an anycast ip an anycast ip ?

that’s a question i was asked recently. As LTNN (Long Term Networking Nerd), i’m aware of Unicast, Multicast, Broadcast and also Anycast. so, let’s have a look into this.

hint: this article is not about how to setup your own anycast network. this may follow soon ?!?

Terminologie

Unicast 1:1

Sending a message from one sender to one recipient

Multicast 1:many

Sending a message from one sender to multiple recipients

OpenBSD 7.3 finally released.

Today, the 54th Release of OpenBSD was announced. The Upgrade Script is available here …

one cool thing to mention:

Added initial support in the installer for guided disk encryption for amd64, i386, riscv64 and sparc64.

Script

as root

cd /root
ftp https://blog.stoege.net/scripts/.helpers
ftp https://blog.stoege.net/scripts/upgrade_to_73.sh
chmod u+x upgrade_to_73.sh

Execute

./upgrade_to_73.sh

Any Comments ?

sha256: 000c2b0afa4739a87a7e921ec1fcfa4fb9113effd47e2f2456dfb2b66f65a34f

New Proposal for 7.3

there is an request for at least 1.1GB free Storage at the /usr Partition when upgrading your systeme with sysupgrade. so, i have to adapt my settings a bit for new vm’s with at least 25GB Storage.

Example with 20GB

a 4G  /
a 1G  swap
a 1G  /tmp
a 4G  /var
a 6G  /usr
a *   /home (ca. 4 GB)

Example with 25GB (Vultr)

a 4G  /
a 2G  swap
a 2G  /tmp
a 6G  /var
a 6G  /usr
a *   /home (ca. 5 GB)

which results in:

root@puffy# df -h
Filesystem     Size    Used   Avail Capacity  Mounted on
/dev/sd0a      3.9G   55.8M    3.6G     2%    /
/dev/sd0g      4.8G    2.0K    4.6G     1%    /home
/dev/sd0d      1.9G   10.0K    1.8G     1%    /tmp
/dev/sd0f      5.8G    1.4G    4.1G    26%    /usr
/dev/sd0e      5.8G    7.7M    5.5G     1%    /var

Example with 32GB

a 4G  /
a 1G  swap
a 2G  /tmp
a 8G  /var
a 8G  /usr
a *   /home (ca. 9 GB)

which results in:

root@puffy# df -h
Filesystem     Size    Used   Avail Capacity  Mounted on
/dev/sd0a      3.9G    876M    2.8G    24%    /
/dev/sd0g      8.7G    119M    8.1G     2%    /home
/dev/sd0d      1.9G    108K    1.8G     1%    /tmp
/dev/sd0f      7.8G    2.6G    4.8G    35%    /usr
/dev/sd0e      7.8G   19.6M    7.3G     1%    /var

Example with 40GB (Hetzner)

a 4G  /
a 2G  swap
a 2G  /tmp
a 16G /var
a 8G  /usr
a 8G  /home (ca. 8 GB)

which results in:

root@puffy# df -h

Example with 80GB (Hetzner)

a 4G  /
a 4G  swap
a 4G  /tmp
a 16G /var
a 16G /usr
a 16G /home
a *   /data (ca. 16 GB)

which results in:

root@template74 # df -h
Filesystem     Size    Used   Avail Capacity  Mounted on
/dev/sd0a      3.9G    220M    3.5G     6%    /
/dev/sd0h     15.5G    2.0K   14.7G     1%    /data
/dev/sd0g     15.5G   14.0K   14.7G     1%    /home
/dev/sd0d      3.9G   14.0K    3.7G     1%    /tmp
/dev/sd0f     15.5G    2.0G   12.7G    14%    /usr
/dev/sd0e     15.5G   10.6M   14.7G     1%    /var

Any Comments ?

sha256: 98fa116cf8d4782253fc3da12042383893d396b1ad8d8c146a9e3dfd6c20e7d9

Upgrade FreeBSD 13.1 to 13.2

reading some NewFeeds, FreeBSD 13.2 got released … Let’s do an upgrade and see if it’s working fine.

Patch it first

freebsd-update fetch
freebsd-update install

reboot

may not needed, but you have to boot anyway a few times …

Fetch and Upgrade to 13.2

this needs some time ! depending on your internet speed, and specially to power and filesystem performance of your machine. 5-10min for a common VM is not unreal :(