Site update
This commit is contained in:
parent
66311ee207
commit
44f8726e2d
34 changed files with 472 additions and 458 deletions
|
|
@ -12,19 +12,12 @@
|
|||
Hardening Level Pro: Notify on SSH Login - Crony Akatsuki
|
||||
|
||||
</title>
|
||||
<meta property="og:url" content="https://cronyakatsuki.xyz/blog/hardening-level-pro-notify-on-ssh-login/">
|
||||
<meta property="og:site_name" content="Crony Akatsuki's Website">
|
||||
<meta property="og:title" content="Hardening Level Pro: Notify on SSH Login">
|
||||
<meta property="og:description" content="You ever anxious about somebody possibly gaining access to your machine? Fret not, you can just make it so that on any kind of login to your system directly you can get a notification on your phone.">
|
||||
<meta property="og:locale" content="en_us">
|
||||
<meta property="og:type" content="article">
|
||||
<meta property="article:section" content="blog">
|
||||
<meta property="article:published_time" content="2023-11-10T19:27:27+01:00">
|
||||
<meta property="article:modified_time" content="2023-11-10T19:27:27+01:00">
|
||||
<meta property="article:tag" content="Linux">
|
||||
<meta property="article:tag" content="Ssh">
|
||||
<meta property="article:tag" content="Ntfy">
|
||||
<meta property="article:tag" content="Security">
|
||||
<meta property="og:title" content="Hardening Level Pro: Notify on SSH Login" />
|
||||
<meta property="og:description" content="You ever anxious about somebody possibly gaining access to your machine? Fret not, you can just make it so that on any kind of login to your system directly you can get a notification on your phone." />
|
||||
<meta property="og:type" content="article" />
|
||||
<meta property="og:url" content="https://cronyakatsuki.xyz/blog/hardening-level-pro-notify-on-ssh-login/" /><meta property="article:section" content="blog" />
|
||||
<meta property="article:published_time" content="2023-11-10T19:27:27+01:00" />
|
||||
<meta property="article:modified_time" content="2023-11-10T19:27:27+01:00" /><meta property="og:site_name" content="Crony Akatsuki's Website" />
|
||||
|
||||
</head>
|
||||
|
||||
|
|
@ -90,7 +83,7 @@ session optional pam_exec.so /usr/bin/ntfy-ssh-login.sh
|
|||
</main>
|
||||
<footer>
|
||||
<div id="links">
|
||||
<span><a href="https://code.cronyakatsuki.xyz">Code</a></span>
|
||||
<span><a href="https://git.cronyakatsuki.xyz">Code</a></span>
|
||||
<span>|</span>
|
||||
<span><a href="https://steamcommunity.com/id/CronyAkatsuki/">Steam</a></span>
|
||||
<span>|</span>
|
||||
|
|
|
|||
|
|
@ -12,12 +12,10 @@
|
|||
Blog - Crony Akatsuki
|
||||
|
||||
</title>
|
||||
<meta property="og:url" content="https://cronyakatsuki.xyz/blog/">
|
||||
<meta property="og:site_name" content="Crony Akatsuki's Website">
|
||||
<meta property="og:title" content="Blog">
|
||||
<meta property="og:description" content="My blog posts">
|
||||
<meta property="og:locale" content="en_us">
|
||||
<meta property="og:type" content="website">
|
||||
<meta property="og:title" content="Blog" />
|
||||
<meta property="og:description" content="My blog posts" />
|
||||
<meta property="og:type" content="website" />
|
||||
<meta property="og:url" content="https://cronyakatsuki.xyz/blog/" /><meta property="og:site_name" content="Crony Akatsuki's Website" />
|
||||
|
||||
</head>
|
||||
|
||||
|
|
@ -78,7 +76,7 @@
|
|||
</main>
|
||||
<footer>
|
||||
<div id="links">
|
||||
<span><a href="https://code.cronyakatsuki.xyz">Code</a></span>
|
||||
<span><a href="https://git.cronyakatsuki.xyz">Code</a></span>
|
||||
<span>|</span>
|
||||
<span><a href="https://steamcommunity.com/id/CronyAkatsuki/">Steam</a></span>
|
||||
<span>|</span>
|
||||
|
|
|
|||
|
|
@ -634,12 +634,23 @@ Scan-Format: %c%u%r %-3n %10d %17f %t %2i%s
|
|||
<pubDate>27-09-2023</pubDate>
|
||||
|
||||
<guid>https://cronyakatsuki.xyz/blog/setup-dns-pihole-unbound/</guid>
|
||||
<description><p>Just another day I seted up my own private dns server that has adblocking ( and other stuff ) using pihole and uses unbound as a resolver. To safelly connect to the dns server I&rsquo;m using DNS over HTTPS for my browser&rsquo;s and HTTPS over TLS for stuffy for my whole desktop and private dns in android ( Android has DoH support but only for google and cloudflare right now). Let&rsquo;s get on to setting everything up</p>
|
||||
<description><p>Just another day I seted up my own private dns server that has adblocking ( and
|
||||
other stuff ) using pihole and uses unbound as a resolver. To safelly connect to
|
||||
the dns server I&rsquo;m using DNS over HTTPS for my browser&rsquo;s and HTTPS over TLS for
|
||||
stuffy for my whole desktop and private dns in android ( Android has DoH support
|
||||
but only for google and cloudflare right now). Let&rsquo;s get on to setting
|
||||
everything up</p>
|
||||
<!-- raw HTML omitted -->
|
||||
<h2 id="1-pihole">1. Pihole</h2>
|
||||
<p>Let&rsquo;s start with setting up pihole. I will be installing it with their script on a debian system for easier unbound integration ( unbound doesn&rsquo;t have an official docker container ).</p>
|
||||
<p>I recommend to read up on the pihole&rsquo;s docs on exactly how to install it since pihole get&rsquo;s frequent updates. <a href="https://docs.pi-hole.net/main/basic-install/">DOCS</a></p>
|
||||
<p>I recommend you to install the admin page for easier managmenet and ability to change the upstream dns server ( needed for changing it to unbound later on ). To be able to access the admin page I use an nginx configuration like this one.</p>
|
||||
<p>Let&rsquo;s start with setting up pihole. I will be installing it with their script on
|
||||
a debian system for easier unbound integration ( unbound doesn&rsquo;t have an
|
||||
official docker container ).</p>
|
||||
<p>I recommend to read up on the pihole&rsquo;s docs on exactly how to install it since
|
||||
pihole get&rsquo;s frequent updates.
|
||||
<a href="https://docs.pi-hole.net/main/basic-install/">DOCS</a></p>
|
||||
<p>I recommend you to install the admin page for easier managmenet and ability to
|
||||
change the upstream dns server ( needed for changing it to unbound later on ).
|
||||
To be able to access the admin page I use an nginx configuration like this one.</p>
|
||||
<div class="highlight"><pre tabindex="0" style="color:#c6d0f5;background-color:#303446;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#ca9ee6">server</span> {
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">server_name</span> <span style="color:#a6d189">example.com</span> ;
|
||||
</span></span><span style="display:flex;"><span>
|
||||
|
|
@ -674,14 +685,22 @@ Scan-Format: %c%u%r %-3n %10d %17f %t %2i%s
|
|||
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">listen</span> <span style="color:#a6d189">[::]:80</span>;
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">return</span> <span style="color:#ef9f76">404</span>; <span style="color:#737994;font-style:italic"># managed by Certbot
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"></span>}
|
||||
</span></span></code></pre></div><p>The main point of this config is the <code>/admin</code> location that you need to pass the lighttpd port to acces the website, you can just do it on your main website also.
|
||||
Also to make lighttpd work with nginx listening on port 80 you need to edit the <code>server.port</code> to port you wan&rsquo;t to use in lighttpd config file located at <code>/etc/lighttpd/lighttpd.conf</code> and then just restart lighttpd</p>
|
||||
</span></span></code></pre></div><p>The main point of this config is the <code>/admin</code> location that you need to pass the
|
||||
lighttpd port to acces the website, you can just do it on your main website
|
||||
also. Also to make lighttpd work with nginx listening on port 80 you need to
|
||||
edit the <code>server.port</code> to port you wan&rsquo;t to use in lighttpd config file located
|
||||
at <code>/etc/lighttpd/lighttpd.conf</code> and then just restart lighttpd</p>
|
||||
<h2 id="2-unbound">2. Unbound</h2>
|
||||
<p>For this part I will just link the pi-hole&rsquo;s unbound documentation because it is the most correct one and updated as things change regulary.
|
||||
<p>For this part I will just link the pi-hole&rsquo;s unbound documentation because it is
|
||||
the most correct one and updated as things change regulary.
|
||||
<a href="https://docs.pi-hole.net/guides/dns/unbound/">Pi-hole unbound docs</a></p>
|
||||
<h2 id="3-dns-over-tls">3. DNS over TLS</h2>
|
||||
<p>For dns over tls you need to first have a ssl certificate. I recommend on using certbot to generate one with this command <code>certbot --nginx -d dot.example.com</code>.</p>
|
||||
<p>Next you will need a reverse proxy, in my case I use nginx. You will need to add this configuration to your main nginx config located at <code>/etc/nginx/nginx.conf</code>. <strong>Make sure to add this outside of the http block and change example.com to your domain</strong></p>
|
||||
<p>For dns over tls you need to first have a ssl certificate. I recommend on using
|
||||
certbot to generate one with this command <code>certbot --nginx -d dot.example.com</code>.</p>
|
||||
<p>Next you will need a reverse proxy, in my case I use nginx. You will need to add
|
||||
this configuration to your main nginx config located at <code>/etc/nginx/nginx.conf</code>.
|
||||
<strong>Make sure to add this outside of the http block and change example.com to your
|
||||
domain</strong></p>
|
||||
<div class="highlight"><pre tabindex="0" style="color:#c6d0f5;background-color:#303446;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#ca9ee6">stream</span> {
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">log_format</span> <span style="color:#a6d189">basic</span> <span style="color:#a6d189">&#39;</span><span style="color:#f2d5cf">$remote_addr</span> <span style="color:#a6d189">[</span><span style="color:#f2d5cf">$time_local]</span> <span style="color:#f2d5cf">$protocol</span> <span style="color:#f2d5cf">$status</span> <span style="color:#f2d5cf">$bytes_sent</span> <span style="color:#f2d5cf">$bytes_received</span> <span style="color:#f2d5cf">$session_time</span> <span style="color:#f2d5cf">$upstream_addr&#39;</span>;
|
||||
</span></span><span style="display:flex;"><span>
|
||||
|
|
@ -711,9 +730,14 @@ Also to make lighttpd work with nginx listening on port 80 you need to edit the
|
|||
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">proxy_timeout</span> <span style="color:#a6d189">1s</span>;
|
||||
</span></span><span style="display:flex;"><span> }
|
||||
</span></span><span style="display:flex;"><span>}
|
||||
</span></span></code></pre></div><p>Also make sure to enable port 853, example ufw command is <code>ufw allow 853/tcp</code>. Then restart nginx, to test if this configuration is working you can use your android phone by setting the private dns address to <code>dot.example.com</code> and then visit the website<a href="https://dnsleaktest.com">dnsleaktest</a></p>
|
||||
</span></span></code></pre></div><p>Also make sure to enable port 853, example ufw command is <code>ufw allow 853/tcp</code>.
|
||||
Then restart nginx, to test if this configuration is working you can use your
|
||||
android phone by setting the private dns address to <code>dot.example.com</code> and then
|
||||
visit the website<a href="https://dnsleaktest.com">dnsleaktest</a></p>
|
||||
<h2 id="4-dns-over-https">4. DNS over HTTPS</h2>
|
||||
<p>For using dns over https we will be installing additional package called dnsdinst. On debian systems just run <code>apt install dnsdinst</code>. Next you will need to setup dnsdinst config and restart it. Make sure to change example.com.</p>
|
||||
<p>For using dns over https we will be installing additional package called
|
||||
dnsdinst. On debian systems just run <code>apt install dnsdinst</code>. Next you will need
|
||||
to setup dnsdinst config and restart it. Make sure to change example.com.</p>
|
||||
<pre tabindex="0"><code class="language-conf" data-lang="conf">-- dnsdist configuration file, an example can be found in /usr/share/doc/dnsdist/examples/
|
||||
|
||||
-- disable security status polling via DNS
|
||||
|
|
@ -730,7 +754,11 @@ newServer({address=&#34;127.0.0.1&#34;, name=&#34;Pi-hole&#34;,
|
|||
|
||||
-- Create local DOH server listener in DNS over HTTP mode, otherwise the information coming from nginx won&#39;t be processed well
|
||||
addDOHLocal(&#34;127.0.0.1:5300&#34;, nil, nil, &#34;/dns-query&#34;, { reusePort=true })
|
||||
</code></pre><p>Next we will need another ssl certificate for the doh domain, for that we will once again using certbot with this command <code>certbot --nginx -d doh.example.com</code>after that add this configuratin to nginx either in sites-available and linking it to sites enabled or in http block in main nginx configuration.</p>
|
||||
</code></pre><p>Next we will need another ssl certificate for the doh domain, for that we will
|
||||
once again using certbot with this command
|
||||
<code>certbot --nginx -d doh.example.com</code>after that add this configuratin to nginx
|
||||
either in sites-available and linking it to sites enabled or in http block in
|
||||
main nginx configuration.</p>
|
||||
<div class="highlight"><pre tabindex="0" style="color:#c6d0f5;background-color:#303446;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#737994;font-style:italic"># Proxy Cache storage - so we can cache the DoH response from the upstream
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"></span><span style="color:#ca9ee6">proxy_cache_path</span> <span style="color:#a6d189">/var/run/doh_cache</span> <span style="color:#a6d189">levels=1:2</span> <span style="color:#a6d189">keys_zone=doh_cache:10m</span>;
|
||||
</span></span><span style="display:flex;"><span>
|
||||
|
|
@ -780,8 +808,12 @@ addDOHLocal(&#34;127.0.0.1:5300&#34;, nil, nil, &#34;/dns-query&
|
|||
</span></span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"></span> <span style="color:#81c8be">proxy_set_header</span> <span style="color:#a6d189">X-Forwarded-For</span> <span style="color:#f2d5cf">$proxy_add_x_forwarded_for</span>;
|
||||
</span></span><span style="display:flex;"><span> }
|
||||
</span></span><span style="display:flex;"><span>}
|
||||
</span></span></code></pre></div><p>After restarting nginx with this configuration you can it to your web browser as a DNS over HTTPS resolver and once again checkout <a href="https://dnsleaktest.com">dnsleaktest</a> website and check if it is all working.</p>
|
||||
<p>Hope this has been helpfull and if anybody has any way on how to make this guied better you can open a pull request or make an issue on the website&rsquo;s <a href="https://code.cronyakatsuki.xyz/crony/website">repo</a>.</p>
|
||||
</span></span></code></pre></div><p>After restarting nginx with this configuration you can it to your web browser as
|
||||
a DNS over HTTPS resolver and once again checkout
|
||||
<a href="https://dnsleaktest.com">dnsleaktest</a> website and check if it is all working.</p>
|
||||
<p>Hope this has been helpfull and if anybody has any way on how to make this guied
|
||||
better you can open a pull request or make an issue on the website&rsquo;s
|
||||
<a href="https://git.cronyakatsuki.xyz/crony/cronyakatsuki.xyz">repo</a>.</p>
|
||||
</description>
|
||||
</item>
|
||||
|
||||
|
|
|
|||
|
|
@ -12,18 +12,13 @@
|
|||
miniflux setup on debian - Crony Akatsuki
|
||||
|
||||
</title>
|
||||
<meta property="og:url" content="https://cronyakatsuki.xyz/blog/miniflux-setup/">
|
||||
<meta property="og:site_name" content="Crony Akatsuki's Website">
|
||||
<meta property="og:title" content="miniflux setup on debian">
|
||||
<meta property="og:description" content="Looking for a minimal self-hosted feed reader I found miniflux. But trying to set it up I found my self trying to set it up for 3 freaking hours since I only recently started to self-host things. So here I will try to explaing it in the most easy way how to set it up on a debian server with https using certbot and nginx.
|
||||
For this tutorial I expect that you already have a server seted up with nginx and certbot. To set up this things check out landchad">
|
||||
<meta property="og:locale" content="en_us">
|
||||
<meta property="og:type" content="article">
|
||||
<meta property="article:section" content="blog">
|
||||
<meta property="article:published_time" content="2022-11-30T00:00:00+00:00">
|
||||
<meta property="article:modified_time" content="2022-11-30T00:00:00+00:00">
|
||||
<meta property="article:tag" content="Self-Host">
|
||||
<meta property="article:tag" content="Rss">
|
||||
<meta property="og:title" content="miniflux setup on debian" />
|
||||
<meta property="og:description" content="Looking for a minimal self-hosted feed reader I found miniflux. But trying to set it up I found my self trying to set it up for 3 freaking hours since I only recently started to self-host things. So here I will try to explaing it in the most easy way how to set it up on a debian server with https using certbot and nginx.
|
||||
For this tutorial I expect that you already have a server seted up with nginx and certbot." />
|
||||
<meta property="og:type" content="article" />
|
||||
<meta property="og:url" content="https://cronyakatsuki.xyz/blog/miniflux-setup/" /><meta property="article:section" content="blog" />
|
||||
<meta property="article:published_time" content="2022-11-30T00:00:00+00:00" />
|
||||
<meta property="article:modified_time" content="2022-11-30T00:00:00+00:00" /><meta property="og:site_name" content="Crony Akatsuki's Website" />
|
||||
|
||||
</head>
|
||||
|
||||
|
|
@ -157,7 +152,7 @@ For this tutorial I expect that you already have a server seted up with nginx an
|
|||
</main>
|
||||
<footer>
|
||||
<div id="links">
|
||||
<span><a href="https://code.cronyakatsuki.xyz">Code</a></span>
|
||||
<span><a href="https://git.cronyakatsuki.xyz">Code</a></span>
|
||||
<span>|</span>
|
||||
<span><a href="https://steamcommunity.com/id/CronyAkatsuki/">Steam</a></span>
|
||||
<span>|</span>
|
||||
|
|
|
|||
|
|
@ -12,18 +12,12 @@
|
|||
How to setup a phone as wireless webcam on linux - Crony Akatsuki
|
||||
|
||||
</title>
|
||||
<meta property="og:url" content="https://cronyakatsuki.xyz/blog/phone-wireless-webcam-linux/">
|
||||
<meta property="og:site_name" content="Crony Akatsuki's Website">
|
||||
<meta property="og:title" content="How to setup a phone as wireless webcam on linux">
|
||||
<meta property="og:description" content="Anybody else need to have a webcam nowdays because of all the remote stuff that has started happening since covid, getting forced into having a webcam so that your boss/teacher/professor can follow what you are doing but don’t wanna spend money on getting one and you are luckilly using linux? Then look no further because if you have a decent phone ( S24 in my case ) you can have use it as a wireless webcam ( or usb if your android version is lover than 14 ).">
|
||||
<meta property="og:locale" content="en_us">
|
||||
<meta property="og:type" content="article">
|
||||
<meta property="article:section" content="blog">
|
||||
<meta property="article:published_time" content="2025-01-20T18:16:55+01:00">
|
||||
<meta property="article:modified_time" content="2025-01-20T18:16:55+01:00">
|
||||
<meta property="article:tag" content="Linux">
|
||||
<meta property="article:tag" content="Android">
|
||||
<meta property="article:tag" content="Scrcpy">
|
||||
<meta property="og:title" content="How to setup a phone as wireless webcam on linux" />
|
||||
<meta property="og:description" content="Anybody else need to have a webcam nowdays because of all the remote stuff that has started happening since covid, getting forced into having a webcam so that your boss/teacher/professor can follow what you are doing but don’t wanna spend money on getting one and you are luckilly using linux? Then look no further because if you have a decent phone ( S24 in my case ) you can have use it as a wireless webcam ( or usb if your android version is lover than 14 )." />
|
||||
<meta property="og:type" content="article" />
|
||||
<meta property="og:url" content="https://cronyakatsuki.xyz/blog/phone-wireless-webcam-linux/" /><meta property="article:section" content="blog" />
|
||||
<meta property="article:published_time" content="2025-01-20T18:16:55+01:00" />
|
||||
<meta property="article:modified_time" content="2025-01-20T18:16:55+01:00" /><meta property="og:site_name" content="Crony Akatsuki's Website" />
|
||||
|
||||
</head>
|
||||
|
||||
|
|
@ -126,7 +120,7 @@
|
|||
</main>
|
||||
<footer>
|
||||
<div id="links">
|
||||
<span><a href="https://code.cronyakatsuki.xyz">Code</a></span>
|
||||
<span><a href="https://git.cronyakatsuki.xyz">Code</a></span>
|
||||
<span>|</span>
|
||||
<span><a href="https://steamcommunity.com/id/CronyAkatsuki/">Steam</a></span>
|
||||
<span>|</span>
|
||||
|
|
|
|||
|
|
@ -12,18 +12,13 @@
|
|||
Piped videos not loading - Crony Akatsuki
|
||||
|
||||
</title>
|
||||
<meta property="og:url" content="https://cronyakatsuki.xyz/blog/piped-video-not-loading/">
|
||||
<meta property="og:site_name" content="Crony Akatsuki's Website">
|
||||
<meta property="og:title" content="Piped videos not loading">
|
||||
<meta property="og:description" content="Recently I have received and experienced an issue of videos not loading on my personal piped instance and on the official instance. But I have found a fix and a way to watch the videos even without the fix.
|
||||
What creates the issue? From what I have been able to find on the issues over on the piped github it seems to be an lbry issue of the videos not loading mostly on firefox, the issue seems to not happen on the chromium browsers.">
|
||||
<meta property="og:locale" content="en_us">
|
||||
<meta property="og:type" content="article">
|
||||
<meta property="article:section" content="blog">
|
||||
<meta property="article:published_time" content="2023-02-26T00:00:00+00:00">
|
||||
<meta property="article:modified_time" content="2023-02-26T00:00:00+00:00">
|
||||
<meta property="article:tag" content="Piped">
|
||||
<meta property="article:tag" content="Browser">
|
||||
<meta property="og:title" content="Piped videos not loading" />
|
||||
<meta property="og:description" content="Recently I have received and experienced an issue of videos not loading on my personal piped instance and on the official instance. But I have found a fix and a way to watch the videos even without the fix.
|
||||
What creates the issue? From what I have been able to find on the issues over on the piped github it seems to be an lbry issue of the videos not loading mostly on firefox, the issue seems to not happen on the chromium browsers." />
|
||||
<meta property="og:type" content="article" />
|
||||
<meta property="og:url" content="https://cronyakatsuki.xyz/blog/piped-video-not-loading/" /><meta property="article:section" content="blog" />
|
||||
<meta property="article:published_time" content="2023-02-26T00:00:00+00:00" />
|
||||
<meta property="article:modified_time" content="2023-02-26T00:00:00+00:00" /><meta property="og:site_name" content="Crony Akatsuki's Website" />
|
||||
|
||||
</head>
|
||||
|
||||
|
|
@ -73,7 +68,7 @@ What creates the issue? From what I have been able to find on the issues over on
|
|||
</main>
|
||||
<footer>
|
||||
<div id="links">
|
||||
<span><a href="https://code.cronyakatsuki.xyz">Code</a></span>
|
||||
<span><a href="https://git.cronyakatsuki.xyz">Code</a></span>
|
||||
<span>|</span>
|
||||
<span><a href="https://steamcommunity.com/id/CronyAkatsuki/">Steam</a></span>
|
||||
<span>|</span>
|
||||
|
|
|
|||
|
|
@ -12,16 +12,13 @@
|
|||
Securing SSH - Crony Akatsuki
|
||||
|
||||
</title>
|
||||
<meta property="og:url" content="https://cronyakatsuki.xyz/blog/securing-ssh/">
|
||||
<meta property="og:site_name" content="Crony Akatsuki's Website">
|
||||
<meta property="og:title" content="Securing SSH">
|
||||
<meta property="og:description" content="As someone who has a couple of servers out in the open web, one of the main things I had to learn was how to secure it so people can’t touch them. One of the main ways to do that is by hardening ssh.
|
||||
Here I will name a couple of settings and best practices to make sure your ssh is as secure as possible.">
|
||||
<meta property="og:locale" content="en_us">
|
||||
<meta property="og:type" content="article">
|
||||
<meta property="article:section" content="blog">
|
||||
<meta property="article:published_time" content="2024-04-04T20:44:10+02:00">
|
||||
<meta property="article:modified_time" content="2024-04-04T20:44:10+02:00">
|
||||
<meta property="og:title" content="Securing SSH" />
|
||||
<meta property="og:description" content="As someone who has a couple of servers out in the open web, one of the main things I had to learn was how to secure it so people can’t touch them. One of the main ways to do that is by hardening ssh.
|
||||
Here I will name a couple of settings and best practices to make sure your ssh is as secure as possible." />
|
||||
<meta property="og:type" content="article" />
|
||||
<meta property="og:url" content="https://cronyakatsuki.xyz/blog/securing-ssh/" /><meta property="article:section" content="blog" />
|
||||
<meta property="article:published_time" content="2024-04-04T20:44:10+02:00" />
|
||||
<meta property="article:modified_time" content="2024-04-04T20:44:10+02:00" /><meta property="og:site_name" content="Crony Akatsuki's Website" />
|
||||
|
||||
</head>
|
||||
|
||||
|
|
@ -115,7 +112,7 @@ X11Forwarding no
|
|||
</main>
|
||||
<footer>
|
||||
<div id="links">
|
||||
<span><a href="https://code.cronyakatsuki.xyz">Code</a></span>
|
||||
<span><a href="https://git.cronyakatsuki.xyz">Code</a></span>
|
||||
<span>|</span>
|
||||
<span><a href="https://steamcommunity.com/id/CronyAkatsuki/">Steam</a></span>
|
||||
<span>|</span>
|
||||
|
|
|
|||
|
|
@ -12,19 +12,12 @@
|
|||
Setup dns with adblock and dot/doh with pi-hole and unbound - Crony Akatsuki
|
||||
|
||||
</title>
|
||||
<meta property="og:url" content="https://cronyakatsuki.xyz/blog/setup-dns-pihole-unbound/">
|
||||
<meta property="og:site_name" content="Crony Akatsuki's Website">
|
||||
<meta property="og:title" content="Setup dns with adblock and dot/doh with pi-hole and unbound">
|
||||
<meta property="og:description" content="Just another day I seted up my own private dns server that has adblocking ( and other stuff ) using pihole and uses unbound as a resolver. To safelly connect to the dns server I’m using DNS over HTTPS for my browser’s and HTTPS over TLS for stuffy for my whole desktop and private dns in android ( Android has DoH support but only for google and cloudflare right now). Let’s get on to setting everything up">
|
||||
<meta property="og:locale" content="en_us">
|
||||
<meta property="og:type" content="article">
|
||||
<meta property="article:section" content="blog">
|
||||
<meta property="article:published_time" content="2023-09-27T00:00:00+00:00">
|
||||
<meta property="article:modified_time" content="2023-09-27T00:00:00+00:00">
|
||||
<meta property="article:tag" content="Self-Host">
|
||||
<meta property="article:tag" content="Dns">
|
||||
<meta property="article:tag" content="Pi-Hole">
|
||||
<meta property="article:tag" content="Unbound">
|
||||
<meta property="og:title" content="Setup dns with adblock and dot/doh with pi-hole and unbound" />
|
||||
<meta property="og:description" content="Just another day I seted up my own private dns server that has adblocking ( and other stuff ) using pihole and uses unbound as a resolver. To safelly connect to the dns server I’m using DNS over HTTPS for my browser’s and HTTPS over TLS for stuffy for my whole desktop and private dns in android ( Android has DoH support but only for google and cloudflare right now). Let’s get on to setting everything up" />
|
||||
<meta property="og:type" content="article" />
|
||||
<meta property="og:url" content="https://cronyakatsuki.xyz/blog/setup-dns-pihole-unbound/" /><meta property="article:section" content="blog" />
|
||||
<meta property="article:published_time" content="2023-09-27T00:00:00+00:00" />
|
||||
<meta property="article:modified_time" content="2023-09-27T00:00:00+00:00" /><meta property="og:site_name" content="Crony Akatsuki's Website" />
|
||||
|
||||
</head>
|
||||
|
||||
|
|
@ -64,12 +57,23 @@
|
|||
<hr>
|
||||
</div>
|
||||
|
||||
<p>Just another day I seted up my own private dns server that has adblocking ( and other stuff ) using pihole and uses unbound as a resolver. To safelly connect to the dns server I’m using DNS over HTTPS for my browser’s and HTTPS over TLS for stuffy for my whole desktop and private dns in android ( Android has DoH support but only for google and cloudflare right now). Let’s get on to setting everything up</p>
|
||||
<p>Just another day I seted up my own private dns server that has adblocking ( and
|
||||
other stuff ) using pihole and uses unbound as a resolver. To safelly connect to
|
||||
the dns server I’m using DNS over HTTPS for my browser’s and HTTPS over TLS for
|
||||
stuffy for my whole desktop and private dns in android ( Android has DoH support
|
||||
but only for google and cloudflare right now). Let’s get on to setting
|
||||
everything up</p>
|
||||
<!-- raw HTML omitted -->
|
||||
<h2 id="1-pihole">1. Pihole</h2>
|
||||
<p>Let’s start with setting up pihole. I will be installing it with their script on a debian system for easier unbound integration ( unbound doesn’t have an official docker container ).</p>
|
||||
<p>I recommend to read up on the pihole’s docs on exactly how to install it since pihole get’s frequent updates. <a href="https://docs.pi-hole.net/main/basic-install/">DOCS</a></p>
|
||||
<p>I recommend you to install the admin page for easier managmenet and ability to change the upstream dns server ( needed for changing it to unbound later on ). To be able to access the admin page I use an nginx configuration like this one.</p>
|
||||
<p>Let’s start with setting up pihole. I will be installing it with their script on
|
||||
a debian system for easier unbound integration ( unbound doesn’t have an
|
||||
official docker container ).</p>
|
||||
<p>I recommend to read up on the pihole’s docs on exactly how to install it since
|
||||
pihole get’s frequent updates.
|
||||
<a href="https://docs.pi-hole.net/main/basic-install/">DOCS</a></p>
|
||||
<p>I recommend you to install the admin page for easier managmenet and ability to
|
||||
change the upstream dns server ( needed for changing it to unbound later on ).
|
||||
To be able to access the admin page I use an nginx configuration like this one.</p>
|
||||
<div class="highlight"><pre tabindex="0" style="color:#c6d0f5;background-color:#303446;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#ca9ee6">server</span> {
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">server_name</span> <span style="color:#a6d189">example.com</span> ;
|
||||
</span></span><span style="display:flex;"><span>
|
||||
|
|
@ -104,14 +108,22 @@
|
|||
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">listen</span> <span style="color:#a6d189">[::]:80</span>;
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">return</span> <span style="color:#ef9f76">404</span>; <span style="color:#737994;font-style:italic"># managed by Certbot
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"></span>}
|
||||
</span></span></code></pre></div><p>The main point of this config is the <code>/admin</code> location that you need to pass the lighttpd port to acces the website, you can just do it on your main website also.
|
||||
Also to make lighttpd work with nginx listening on port 80 you need to edit the <code>server.port</code> to port you wan’t to use in lighttpd config file located at <code>/etc/lighttpd/lighttpd.conf</code> and then just restart lighttpd</p>
|
||||
</span></span></code></pre></div><p>The main point of this config is the <code>/admin</code> location that you need to pass the
|
||||
lighttpd port to acces the website, you can just do it on your main website
|
||||
also. Also to make lighttpd work with nginx listening on port 80 you need to
|
||||
edit the <code>server.port</code> to port you wan’t to use in lighttpd config file located
|
||||
at <code>/etc/lighttpd/lighttpd.conf</code> and then just restart lighttpd</p>
|
||||
<h2 id="2-unbound">2. Unbound</h2>
|
||||
<p>For this part I will just link the pi-hole’s unbound documentation because it is the most correct one and updated as things change regulary.
|
||||
<p>For this part I will just link the pi-hole’s unbound documentation because it is
|
||||
the most correct one and updated as things change regulary.
|
||||
<a href="https://docs.pi-hole.net/guides/dns/unbound/">Pi-hole unbound docs</a></p>
|
||||
<h2 id="3-dns-over-tls">3. DNS over TLS</h2>
|
||||
<p>For dns over tls you need to first have a ssl certificate. I recommend on using certbot to generate one with this command <code>certbot --nginx -d dot.example.com</code>.</p>
|
||||
<p>Next you will need a reverse proxy, in my case I use nginx. You will need to add this configuration to your main nginx config located at <code>/etc/nginx/nginx.conf</code>. <strong>Make sure to add this outside of the http block and change example.com to your domain</strong></p>
|
||||
<p>For dns over tls you need to first have a ssl certificate. I recommend on using
|
||||
certbot to generate one with this command <code>certbot --nginx -d dot.example.com</code>.</p>
|
||||
<p>Next you will need a reverse proxy, in my case I use nginx. You will need to add
|
||||
this configuration to your main nginx config located at <code>/etc/nginx/nginx.conf</code>.
|
||||
<strong>Make sure to add this outside of the http block and change example.com to your
|
||||
domain</strong></p>
|
||||
<div class="highlight"><pre tabindex="0" style="color:#c6d0f5;background-color:#303446;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#ca9ee6">stream</span> {
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">log_format</span> <span style="color:#a6d189">basic</span> <span style="color:#a6d189">'</span><span style="color:#f2d5cf">$remote_addr</span> <span style="color:#a6d189">[</span><span style="color:#f2d5cf">$time_local]</span> <span style="color:#f2d5cf">$protocol</span> <span style="color:#f2d5cf">$status</span> <span style="color:#f2d5cf">$bytes_sent</span> <span style="color:#f2d5cf">$bytes_received</span> <span style="color:#f2d5cf">$session_time</span> <span style="color:#f2d5cf">$upstream_addr'</span>;
|
||||
</span></span><span style="display:flex;"><span>
|
||||
|
|
@ -141,9 +153,14 @@ Also to make lighttpd work with nginx listening on port 80 you need to edit the
|
|||
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">proxy_timeout</span> <span style="color:#a6d189">1s</span>;
|
||||
</span></span><span style="display:flex;"><span> }
|
||||
</span></span><span style="display:flex;"><span>}
|
||||
</span></span></code></pre></div><p>Also make sure to enable port 853, example ufw command is <code>ufw allow 853/tcp</code>. Then restart nginx, to test if this configuration is working you can use your android phone by setting the private dns address to <code>dot.example.com</code> and then visit the website<a href="https://dnsleaktest.com">dnsleaktest</a></p>
|
||||
</span></span></code></pre></div><p>Also make sure to enable port 853, example ufw command is <code>ufw allow 853/tcp</code>.
|
||||
Then restart nginx, to test if this configuration is working you can use your
|
||||
android phone by setting the private dns address to <code>dot.example.com</code> and then
|
||||
visit the website<a href="https://dnsleaktest.com">dnsleaktest</a></p>
|
||||
<h2 id="4-dns-over-https">4. DNS over HTTPS</h2>
|
||||
<p>For using dns over https we will be installing additional package called dnsdinst. On debian systems just run <code>apt install dnsdinst</code>. Next you will need to setup dnsdinst config and restart it. Make sure to change example.com.</p>
|
||||
<p>For using dns over https we will be installing additional package called
|
||||
dnsdinst. On debian systems just run <code>apt install dnsdinst</code>. Next you will need
|
||||
to setup dnsdinst config and restart it. Make sure to change example.com.</p>
|
||||
<pre tabindex="0"><code class="language-conf" data-lang="conf">-- dnsdist configuration file, an example can be found in /usr/share/doc/dnsdist/examples/
|
||||
|
||||
-- disable security status polling via DNS
|
||||
|
|
@ -160,7 +177,11 @@ newServer({address="127.0.0.1", name="Pi-hole", checkName="e
|
|||
|
||||
-- Create local DOH server listener in DNS over HTTP mode, otherwise the information coming from nginx won't be processed well
|
||||
addDOHLocal("127.0.0.1:5300", nil, nil, "/dns-query", { reusePort=true })
|
||||
</code></pre><p>Next we will need another ssl certificate for the doh domain, for that we will once again using certbot with this command <code>certbot --nginx -d doh.example.com</code>after that add this configuratin to nginx either in sites-available and linking it to sites enabled or in http block in main nginx configuration.</p>
|
||||
</code></pre><p>Next we will need another ssl certificate for the doh domain, for that we will
|
||||
once again using certbot with this command
|
||||
<code>certbot --nginx -d doh.example.com</code>after that add this configuratin to nginx
|
||||
either in sites-available and linking it to sites enabled or in http block in
|
||||
main nginx configuration.</p>
|
||||
<div class="highlight"><pre tabindex="0" style="color:#c6d0f5;background-color:#303446;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#737994;font-style:italic"># Proxy Cache storage - so we can cache the DoH response from the upstream
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"></span><span style="color:#ca9ee6">proxy_cache_path</span> <span style="color:#a6d189">/var/run/doh_cache</span> <span style="color:#a6d189">levels=1:2</span> <span style="color:#a6d189">keys_zone=doh_cache:10m</span>;
|
||||
</span></span><span style="display:flex;"><span>
|
||||
|
|
@ -210,13 +231,17 @@ addDOHLocal("127.0.0.1:5300", nil, nil, "/dns-query", { reusePor
|
|||
</span></span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"></span> <span style="color:#81c8be">proxy_set_header</span> <span style="color:#a6d189">X-Forwarded-For</span> <span style="color:#f2d5cf">$proxy_add_x_forwarded_for</span>;
|
||||
</span></span><span style="display:flex;"><span> }
|
||||
</span></span><span style="display:flex;"><span>}
|
||||
</span></span></code></pre></div><p>After restarting nginx with this configuration you can it to your web browser as a DNS over HTTPS resolver and once again checkout <a href="https://dnsleaktest.com">dnsleaktest</a> website and check if it is all working.</p>
|
||||
<p>Hope this has been helpfull and if anybody has any way on how to make this guied better you can open a pull request or make an issue on the website’s <a href="https://code.cronyakatsuki.xyz/crony/website">repo</a>.</p>
|
||||
</span></span></code></pre></div><p>After restarting nginx with this configuration you can it to your web browser as
|
||||
a DNS over HTTPS resolver and once again checkout
|
||||
<a href="https://dnsleaktest.com">dnsleaktest</a> website and check if it is all working.</p>
|
||||
<p>Hope this has been helpfull and if anybody has any way on how to make this guied
|
||||
better you can open a pull request or make an issue on the website’s
|
||||
<a href="https://git.cronyakatsuki.xyz/crony/cronyakatsuki.xyz">repo</a>.</p>
|
||||
</div>
|
||||
</main>
|
||||
<footer>
|
||||
<div id="links">
|
||||
<span><a href="https://code.cronyakatsuki.xyz">Code</a></span>
|
||||
<span><a href="https://git.cronyakatsuki.xyz">Code</a></span>
|
||||
<span>|</span>
|
||||
<span><a href="https://steamcommunity.com/id/CronyAkatsuki/">Steam</a></span>
|
||||
<span>|</span>
|
||||
|
|
|
|||
|
|
@ -12,17 +12,14 @@
|
|||
Setup Traefik - Crony Akatsuki
|
||||
|
||||
</title>
|
||||
<meta property="og:url" content="https://cronyakatsuki.xyz/blog/setup-traefik/">
|
||||
<meta property="og:site_name" content="Crony Akatsuki's Website">
|
||||
<meta property="og:title" content="Setup Traefik">
|
||||
<meta property="og:description" content="Do you use docker? Do you use nginx or apachi to proxy the container? Fear not you won’t be needing them anymore once you are done with this tutorial.
|
||||
<meta property="og:title" content="Setup Traefik" />
|
||||
<meta property="og:description" content="Do you use docker? Do you use nginx or apachi to proxy the container? Fear not you won’t be needing them anymore once you are done with this tutorial.
|
||||
Traefik is a simple docker centric proxy manager that is amazing and allows you to easilly proxy you docker containers with just a couple of labels.
|
||||
Setting up Traefik In this part we will setup traefik, with the dashboard enabled and secured with https and a password.">
|
||||
<meta property="og:locale" content="en_us">
|
||||
<meta property="og:type" content="article">
|
||||
<meta property="article:section" content="blog">
|
||||
<meta property="article:published_time" content="2024-01-19T09:33:47+01:00">
|
||||
<meta property="article:modified_time" content="2024-01-19T09:33:47+01:00">
|
||||
Setting up Traefik In this part we will setup traefik, with the dashboard enabled and secured with https and a password." />
|
||||
<meta property="og:type" content="article" />
|
||||
<meta property="og:url" content="https://cronyakatsuki.xyz/blog/setup-traefik/" /><meta property="article:section" content="blog" />
|
||||
<meta property="article:published_time" content="2024-01-19T09:33:47+01:00" />
|
||||
<meta property="article:modified_time" content="2024-01-19T09:33:47+01:00" /><meta property="og:site_name" content="Crony Akatsuki's Website" />
|
||||
|
||||
</head>
|
||||
|
||||
|
|
@ -268,7 +265,7 @@ Setting up Traefik In this part we will setup traefik, with the dashboard enable
|
|||
</main>
|
||||
<footer>
|
||||
<div id="links">
|
||||
<span><a href="https://code.cronyakatsuki.xyz">Code</a></span>
|
||||
<span><a href="https://git.cronyakatsuki.xyz">Code</a></span>
|
||||
<span>|</span>
|
||||
<span><a href="https://steamcommunity.com/id/CronyAkatsuki/">Steam</a></span>
|
||||
<span>|</span>
|
||||
|
|
|
|||
|
|
@ -12,19 +12,13 @@
|
|||
Using Mblaze - Crony Akatsuki
|
||||
|
||||
</title>
|
||||
<meta property="og:url" content="https://cronyakatsuki.xyz/blog/using-mblaze/">
|
||||
<meta property="og:site_name" content="Crony Akatsuki's Website">
|
||||
<meta property="og:title" content="Using Mblaze">
|
||||
<meta property="og:description" content="So you followed my last tutorial on setting up mblaze and friend’s for you mail management, but now you are left just looking at it not understanding how to use the power you have been given now. So now I’m going to teach you some basic usage that you can have with it.
|
||||
Helper function’s I guess you haven’t read my other blog on setting up mblaze and friend’s if you need me to type them out here again, so go read it now! Here is the link.">
|
||||
<meta property="og:locale" content="en_us">
|
||||
<meta property="og:type" content="article">
|
||||
<meta property="article:section" content="blog">
|
||||
<meta property="article:published_time" content="2024-01-07T12:15:21+01:00">
|
||||
<meta property="article:modified_time" content="2024-01-07T12:15:21+01:00">
|
||||
<meta property="article:tag" content="Linux">
|
||||
<meta property="article:tag" content="Mblaze">
|
||||
<meta property="article:tag" content="Mail">
|
||||
<meta property="og:title" content="Using Mblaze" />
|
||||
<meta property="og:description" content="So you followed my last tutorial on setting up mblaze and friend’s for you mail management, but now you are left just looking at it not understanding how to use the power you have been given now. So now I’m going to teach you some basic usage that you can have with it.
|
||||
Helper function’s I guess you haven’t read my other blog on setting up mblaze and friend’s if you need me to type them out here again, so go read it now!" />
|
||||
<meta property="og:type" content="article" />
|
||||
<meta property="og:url" content="https://cronyakatsuki.xyz/blog/using-mblaze/" /><meta property="article:section" content="blog" />
|
||||
<meta property="article:published_time" content="2024-01-07T12:15:21+01:00" />
|
||||
<meta property="article:modified_time" content="2024-01-07T12:15:21+01:00" /><meta property="og:site_name" content="Crony Akatsuki's Website" />
|
||||
|
||||
</head>
|
||||
|
||||
|
|
@ -119,7 +113,7 @@ d quit d
|
|||
</main>
|
||||
<footer>
|
||||
<div id="links">
|
||||
<span><a href="https://code.cronyakatsuki.xyz">Code</a></span>
|
||||
<span><a href="https://git.cronyakatsuki.xyz">Code</a></span>
|
||||
<span>|</span>
|
||||
<span><a href="https://steamcommunity.com/id/CronyAkatsuki/">Steam</a></span>
|
||||
<span>|</span>
|
||||
|
|
|
|||
|
|
@ -12,18 +12,12 @@
|
|||
Virgin (Neo)Mutt User Meet Mblaze - Crony Akatsuki
|
||||
|
||||
</title>
|
||||
<meta property="og:url" content="https://cronyakatsuki.xyz/blog/virgin-mutt-user-meet-mblaze/">
|
||||
<meta property="og:site_name" content="Crony Akatsuki's Website">
|
||||
<meta property="og:title" content="Virgin (Neo)Mutt User Meet Mblaze">
|
||||
<meta property="og:description" content="We have all heard of (Neo)Mutt when it comes to managing e-mail in the terminal right? What would you do if I told you there is an even better and more UNIX way to manage mail on the terminal? Well there is and it’s called mblaze.">
|
||||
<meta property="og:locale" content="en_us">
|
||||
<meta property="og:type" content="article">
|
||||
<meta property="article:section" content="blog">
|
||||
<meta property="article:published_time" content="2023-10-24T18:13:18+02:00">
|
||||
<meta property="article:modified_time" content="2023-10-24T18:13:18+02:00">
|
||||
<meta property="article:tag" content="Linux">
|
||||
<meta property="article:tag" content="Mail">
|
||||
<meta property="article:tag" content="Mblaze">
|
||||
<meta property="og:title" content="Virgin (Neo)Mutt User Meet Mblaze" />
|
||||
<meta property="og:description" content="We have all heard of (Neo)Mutt when it comes to managing e-mail in the terminal right? What would you do if I told you there is an even better and more UNIX way to manage mail on the terminal? Well there is and it’s called mblaze." />
|
||||
<meta property="og:type" content="article" />
|
||||
<meta property="og:url" content="https://cronyakatsuki.xyz/blog/virgin-mutt-user-meet-mblaze/" /><meta property="article:section" content="blog" />
|
||||
<meta property="article:published_time" content="2023-10-24T18:13:18+02:00" />
|
||||
<meta property="article:modified_time" content="2023-10-24T18:13:18+02:00" /><meta property="og:site_name" content="Crony Akatsuki's Website" />
|
||||
|
||||
</head>
|
||||
|
||||
|
|
@ -229,7 +223,7 @@ Scan-Format: %c%u%r %-3n %10d %17f %t %2i%s
|
|||
</main>
|
||||
<footer>
|
||||
<div id="links">
|
||||
<span><a href="https://code.cronyakatsuki.xyz">Code</a></span>
|
||||
<span><a href="https://git.cronyakatsuki.xyz">Code</a></span>
|
||||
<span>|</span>
|
||||
<span><a href="https://steamcommunity.com/id/CronyAkatsuki/">Steam</a></span>
|
||||
<span>|</span>
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue