Use Caddy Reverse Proxy for Kibana

Nginx is probably the most widely used reverse proxy software out there. But when it comes to Docker, I have started to favor Caddy over it. Caddy is a lightweight web server written in Go. Among its advantages are extremely simple configuration and support for automatic Let’s Encrypt certificates. Certainly the automatic HTTPS simplifies any Docker setup. While it is not yet included in repositories and therefore lacks automatic updates, Docker nullifies this drawback. So, I will show you how to setup Caddy reverse proxy for Kibana.
Continue reading

The Glimpse Controversy

The first version of Glimpse photo editor, a fork of Gimp, just came out. Unfortunately, an avalanche of criticism by some community members has promptly followed. The reactions range from claiming the Glimpse team are not bringing any value, to accusing them of stealing the Gimp code. To be honest, I found the overall tone quite unreasonable. So, I will try to refute the claims and explain why forking Gimp into Glimpse is a positive development.
Continue reading

Did not find mosh server startup message

If you have just installed Mosh server and tried to connect to it, you might have run into the following error:

user@computer$ mosh user@server
/usr/bin/mosh: Did not find mosh server startup message.

This happens when your SSH session sends a locale that Mosh does not support. The fix is fairly easy, just configure your SSH not to send the LANG variable. To do that, open your /etc/ssh/ssh_config and comment out the following line:

#   SendEnv LANG LC_*

That’s it, now you can use your Mosh without any hiccups.

Set up a Wireguard VPN in 15 minutes

Wireguard is the new kid on the block when it comes to VPNs. It offers significant advantages compared to the traditional choices of OpenVPN and IPSec. It is very lean with about 5,000 lines of code. Thanks to that, the codebase has already gone through a security. More importantly, it is extremely easy to set up (especially compared to IPSec). On top of that, it is also much faster (mainly in comparison to OpenVPN). Currently, Wireguard is in the process of being implemented in the Linux kernel. However, it is already available as a Linux kernel module. In this post, you will learn how to set up a simple VPN consisting of a server with public a IP address and two other machines running behind a NAT.
Continue reading

Use passphrases instead of passwords

The other day I wanted to buy a concert ticket from a website I haven’t visited before. That meant creating a new account (even though that shouldn’t really be necessary). I went through the ordeal of filling in my details, clicked “Confirm” and *bam*… the password was not good enough. As is usual, the password needed to contain an uppercase letter, a numeral, a symbol, a Chinese character and 10 emojis (couldn’t you have told me earlier?). At this point, most people would just say screw it and use a variation of one their few passwords. Perhaps adding their birthdate or something along the lines. I draw that conclusion from publicly available lists of breached passwords. To be honest, I don’t blame them. Remembering tens of passwords is hard, even without all the weird characters. But even if you don’t feel like setting up a password manager, there is a better and safer alternative. Passphrases.
Continue reading

Red Meat Is Not the Culprit

Nowadays, eating red meat is more and more stigmatized. Not only do the media portray it as unhealthy, but lately even as the biggest factor behind environmental issues. EAT-Lancet paper is just the latest in the series of such alarmist articles. As you can see from the outline, it recommends a diet based on highly processed plant-based foods. No surprise, considering that processed food giants, such as Nestle and Kellogg’s, sponsored it. But fortunately, numerous people have already rebuked the misconceptions, that the paper mentions. Personally, I have liked this Revolution Health Radio interview with Diana Rodgers. You can find it here:

What the EAT-Lancet Paper Gets Wrong, with Diana Rodgers

If you find it intriguing, I recommend Impacts and Ethics of Eating Meat as well.

Install MiniDLNA to Stream Media

DLNA is a standard for sharing digital media. It is supported by most modern TVs, phones and other devices. So, if you have a Raspberry Pi file server, you can easily use it to stream media. To achieve that, we will install MiniDLNA. This guide assumes you are using Raspbian 9, but the commands should be similar on different flavors of Linux.
Continue reading

How to Connect External Hard Drive to Raspberry Pi

I have already explained how to do a basic Raspberry Pi server install. But if you want to do something more exciting with it, perhaps running a Nextcloud instance or setting up a torrent box, you will need more space than just an SD card. That’s why in this post I will show you how to connect external hard drive to Raspberry Pi.
Continue reading

Automatic ClamAV Scans With Email Notifications

You might consider antivirus software unneccessary on a Linux box. But if you are running a public facing server, it might be a good idea to run it regardless. Why is that? Even though malware probably can’t affect your server much, it can still use it to infect users. To prevent that, we will learn how to install and set up automatic ClamAV scans with email notifications. In the examples below, I am using Debian 9, but the commands should be the same for any Linux distribution.

Install and configure ClamAV

You can easily install the antivirus by running the following command:

user@computer$ apt install clamav clamscan

ClamAV is pretty well configured out of the box. Usually, I only change the frequency of virus signature database updates. You can do that in /etc/clamav/freshclam.conf by changing the Checks line. Since I run the scan once a day, I lower the frequency of updates to that as well.

Checks 1

Schedule automatic ClamAV scans

The easiest way to schedule the checks is cron, since it is readily available on all major distributions. To add a cron job, run:

root@computer$ crontab -e

This will open the root’s crontab in you favorite editor. Then add the following lines at the end:
03 3 * * * /usr/bin/clamscan -ri –no-summary /

The first line specifies an email address, where the reports should be sent to. The second one is the cron job itself. In this case, it’s set to run at 3:30 every morning. Now, let me quickly go through the clamscan options that I use:

  1. -r scans directory recursively
  2. -i prints only infected files
  3. --no-summary, as the name suggests, doesn’t display the summary at the end of the scan

The last argument is the directory to scan. In the example above, the whole file system. With this setup, clamscan will run every morning, but only send notification emails if it finds any infected files. To increase your servers’ security further, learn how to setup password-less SSH.

Use EditorConfig For Your Project

This might be the first time you’re hearing about EditorConfig. But don’t worry, I was in the same boat just a couple of months ago. So, what is it? It is a simple file format, that helps keeping coding styles consistent across different editors. And more importantly, across different team members.

How does it work?

EditorConfig consists of two components. Firstly, .editorconfig file, that you put in the root of your project. Secondly, a plugin for the editor of your choice.
Continue reading