💾 Archived View for midnight.pub › posts › 1240 captured on 2024-07-09 at 00:10:50. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2023-03-20)
-=-=-=-=-=-=-
Hi all, happy new year -- hope this one is better than the last (though I doubt it).
On that cheery note, I've upgraded all of my android sets to LineageOS version 20, based on Android 13. This seems to be the first android release that is reasonably up to date with the current mainline Linux kernel (6.x.x).
I've seen a flourish of activity on the xda-developer forums from hobbyists who are releasing LOS20 builds for really old outdated handsets. I'm secretly patting myself on the back for keeping these old mobiles, and I don't know why LOS18 and LOS19 weren't so popular, but LOS20 really seems to be getting ported onto everything and anything!
On another note, I've finally been able to make my home server publically reachable with a domain name. Previously I was stuck behinda DS-Lite stack, meaning that I get Ipv6 addresses and my ISP does some IP v6 → v4 conversion to let me access the internet. The Ip6 addresses I have for my devices also aren't stable, due to privacy reasons, so they change every now and then. What this meant was that if I wanted register my homeserver with Nextcloud to some domain, then I would need to get creative because domains need IPv4 addresses.
The solution came to me from the linked post below:
https://jerrington.me/posts/2019-01-29-self-hosted-ngrok.html
You find a machine with a public IP4 address that you have control over (e.g. a work machine), and then do reverse ssh to bind your private port 80 to a public port 3333, and then on this machine you have an nginx server that redirects all public 80 and 443 (https) traffic to your 3333 port, but only on the condition that requested address matches your registered domain. This has the main benefit that your work IT dept does not know you are hosting your home web server using their machines as proxy, unless they type in your exact domain name. Otherwise, they just get a disconnect.
#!/bin/bash
## ssh access to work address
PUBLIC_HOST="workuser@123.234.345.456"
# Local homeserver ports
ssh_local=22 ## Local ssh port
http_local=80 ## Local http port, not https
## Public proxy ports
ssh_remote=3066 ## public ssh
http_remote=3080 ## same as the nginx port on remote, will be overwritten if $detect_nginx is set
detect_nginx="yes"
## autossh monitor port
monitor_port=$(( $http_remote + 1 ))
while :; do
if [ "$detect_nginx" = "yes" ]; then
find_remote=$(ssh ${PUBLIC_HOST} 'grep -P "^\s+proxy.pass\s" /etc/nginx/nginx.conf | sed -r "s|.*localhost\:([0-9]+).*|\1|"' | xargs echo)
if [ "$find_remote" != "" ]; then
echo "Changing http_remote from $http_remote to $find_remote"
http_remote=$find_remote
fi
fi
## Then setup a persistent remote connection
/usr/bin/autossh \
-M ${monitor_port} \
-o "ServerAliveInterval 30" \
-o "ServerAliveCountMax 3" \
-o "GatewayPorts=true" \
-R ${ssh_remote}:localhost:${ssh_local} \
-R ${http_remote}:localhost:${http_local} \
${PUBLIC_HOST}
sleep 60
done
Then you can Let's Encrypt via certbot on your proxy machine, to register your domain to the proxy machine's address. If you don't want to do let'S encrypt on the proxy machine, then you can add "-R 443:localhost:443" to the above script to forward your HTTPS to your home machine where you can run certbot there.
It's been a fun few days!
Nice trick on being able to route Nextcloud, so to speak.
I'm looking at re-doing my personal hosting, and have mixed feelings about Nextcloud. I like what it does in theory, but have found it much less reliable than I'd like. On my previous instance, chat (which I used with my family) just stopped working one day, and even before that, notifications were extremely unreliable. More recently, the upgrade process broke (again), meaning I'd have to ssh in and do a bunch of things manually, and I just kinda decided I was done.
Really the only thing I need is a safe backup for my KeePass database behind a password that is strong but actually memorable. For any other file backup, I have my ProtonDrive. So my options are either to change my ProtonMail account's password to the aforementioned "strong but memorable" bit, or to use Nextcloud for just the one file.
This could change if I start working on projects more consistently (for example, I have a very large translation in the queue, and it'd be nice to be able to work on it on my desktop or laptop). Nextcloud makes that kind of synching quite simple. But I'm wondering if maybe some kind of setup with rsync and a remote box wouldn't work just as well?
The only other issue is photo backup, which I do both on an external HD and "off site" (so to speak). Scaleway offers an excellent alternative to Amazon Glacier, so they've been my go-to for that. I just create periodic VeraCrypt volumes, dump everything in there, and off it goes.
I'm looking forward to updating my phone to LOS 20, probably this weekend.