Year: 2019

Everyone in my business knows that backing up is so utterly important that you just do it.  The more important the system is the more important it is to back it up.  For instance, backing up your web server/site is extremely important.  If you run your business, if you rely on that web server to communicate with your customers, then you must back it up.  What I'm writing about today isn't how you back up your server nor services, rather it's a tale about what's involved (considerations and pitfalls) in doing it.  Doing it right is important, and doing it right allows a quick recovery -- in the event of a potentially catastrophic failure of hardware or software.  Part of what I'm pointing out is that doing it consistent with…

So, I am very strict on what comes in and goes out of my network.  Most of it is a privacy thing.  Without your privacy you have nothing.  Bear that in mind. I have pfsense set up and it uses something called pfblockerng-dev (the development version of the package) and within that is something called DNSBL (or Domain Name System Block List).  It works like the pihole except it is much more extensive.  Unfortunately it can get in the way as I fix customer computers and those need access to some parts of the Internet that I normally have blocked.  The machines generally are here for a short time and are here for cleaning and other types of repairs. With pfsense I set up a couple VLANs to keep the…

There's a message when you execute the updater on nextcloud to bring you to version 16 of nextcloud.  It dumps out some dorky message about php7.0 but doesn't actually tell you unless  you click the link it dumps.  If you do it takes you to some page where they claim php7.0 is insecure and they give you a timeframe where you need to complete an upgrade from something like 7.0 to 7.2 or 7.3 and if you don't then it's your fault for running an insecure version of PHP 7.0 The problem is that updating from 7.0 to some other version is more than just updating to 7.2 or 7.3.  You have all sorts of dependencies that also need to be updated. Even though 7.2 or 7.3 gets installed properly…

Nextcloud though a good concept has issues that always seem to crop up during the update process.  Now there are quite a few things that are problems here. Stuck on an old version and it won't let you update via the interface running the occ command to update says you are up to date if you run the ../updater/pharupdater it fails saying that it can't delete old resources -- like that matters one freaking bit as far as completing the update goes.  Tell me where they are and I'll delete them afterwards. insufficient feedback during the update and error messages are unclear and seemingly meant only for the developers. expecting that their lack of documentation on updater errors is ok and that you should pay them.  That's just bad business.…

More tightening of the reigns on email has resulted in the inability to send emails with attachments.  This wasn't intentional.  I was following various guides and someone had some additional header_checks entries that I felt would help reduce spam.  In the middle of all the entries is the following: /^Content\-Transfer\-Encoding:(.*)base64$/ REJECT (base_64) This little line keeps all emails with attachments from going out.  In the /etc/postfix/header_checks file is where you put restrictions on incoming and outgoing email.  It is meant to keep mail users from getting spam and from forwarding spam emails with malicious content to others in the business or to others on the internet.  That line though can be dangerous if you aren't familiar with email and could cause you unintended grief if you just copy other's work,…

Some of these things just annoy you to death.  Suddenly I find that I am getting this error whenever I access my nextcloud instance, which I happen to be using more and more and more every day. I had been tightening down my security on my containers on the proxmox server and had discovered that I needed to put some exclusion IPs in fail2ban.  I did that for several containers and must have been interrupted by a customer or two and I know I never got back to it. I also put in fail2ban on several containers that were missing it and I ensured that certificates were valid and being updated properly by letsencrypt.  So, I was tightening the screws and sealing the doors so to speak, but interruptions are…

One cause is your home folder permissions are wrong. Just sudo chmod 775 /home/jimbo Replace your user home folder name for jimbo. This annoyed me to no end till I found this.   Edit (11-12-2020): There is another obscure cause of this. No matter what I tried I constantly was being prompted for a password even though the permissions were correct as described above. My final solution was to backup the data in the account and to delete it, reboot the proxmox lxc container and then add the account back.  This fixed it.

I was having issues sending emails from my android device using k9 mail.  I have some pretty strong rules in /etc/postfix/header_checks file.  To test if this was the cause I renamed the file.  I then restarted and sent a test email. I found that once I did that I received a different message when a test email failed to be sent.  The error was "Error: queue file write error". Aug 8 10:24:19 mail postfix/cleanup[2324]: warning: regexp:/etc/postfix/header_checks is unavailable. open /etc/postfix/header_checks: No such file or directory So, you have one possible solution to that error.  It is that header_checks is missing.  When you perform tests like I did you should always ensure that you have a dummy file with that name.  Restart the server and try another test email. Or find…

Now that I've explained some about SSH and the concept of a jump server (a secondary machine that takes requests and proxy forwards them to other machines on the LAN that are not exposed to the Internet) I'll continue by explaining how to conceptually configure a jump server.  I'll start by reiterating a little about how one works and why we'd use it. A jump server provides extra layers of protection from the bad guys and script kiddies on the Internet.  What you may not know, understand, believe is that someone is attacking your computers (including your phones -- whatever has an OS they are probing and trying to exploit) at your location all the time from all over the world.  There's a whole computer discipline (field of study) about…

SSH means Secure SHell.  It is a method of connecting to remote systems.  You use a terminal program to connect and login to that remote system.  If you are familiar with Linux you know you have a terminal prompt that you can access through a program like Konsole or gnome-terminal.  In the terminal you issue commands.  You issue commands by typing them at the prompt, just like in the old days of DOS. What makes SSH special is that you can use it to connect to a remote computer and issue commands as if you were physically sitting in front of that computer itself. Connections consist of using the SSH command with the terminal program open.  With it you connect to the remote system by issuing the SSH command.  You…