Jitdor Tech Tips

  • Keeping FRP Up to Date with a One-Line Script

    Keeping FRP Up to Date with a One-Line Script


    If you run reverse proxies or tunneling setups on your homelab or servers, chances are you’ve come across FRP (Fast Reverse Proxy). It’s an open-source project that makes it easy to expose services behind NAT/firewalls via a client (frpc) and a server (frps).


    The project is very active, and new releases roll out often. But keeping your binaries (/usr/local/bin/frps, /usr/local/bin/frpc) updated across multiple servers can be a hassle — especially if you’re running them under systemd instances like [email protected], [email protected], etc.

    To solve that, here’s a simple script you can drop into /usr/local/bin/frp-update. It will:

    • Check the latest release on GitHub
    • Compare against your currently installed version (frpc first, then frps)
    • Download and install the new binaries if needed
    • Leave your running services untouched (you can restart them manually when ready)

    Pages: 1 2

  • Upgrading VMware ESXi via ESXCLI

    Upgrading VMware ESXi via ESXCLI

    We can upgrade our existing ESXi host using the command line. I would recommend doing it over SSH since it would allow better cut-and-paste operations, but the web prompt would work equally well.

    The latest version at the time of writing is 8.0U1a, which is identified by the image name ESXi-8.0U1a-21813344. The commands to upgrade your ESXi host using the standard profile would therefore be:

    esxcli network firewall ruleset set -e true -r httpClient

esxcli software profile update -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml -p ESXi-8.0U1a-21813344-standard

    After a few minutes, the command line upgrade will show “The update completed successfully.” You will also see the recommended action “Reboot Required: true” being displayed.

  • Fix: NO_PUBKEY error when installing ookla/speedtest-cli on Debian 11

    Fix: NO_PUBKEY error when installing ookla/speedtest-cli on Debian 11

    You’re here probably because you tried to use install the official Ookla Speedtest client in Linux, and failed. When you do an apt update you will be presented with the following error:

    W: GPG error: https://packagecloud.io/ookla/speedtest-cli/debian bullseye InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8E61C2AB9A6D1557
E: The repository 'https://packagecloud.io/ookla/speedtest-cli/debian bullseye InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.

    This happens because, unfortunately, the installation script did not put the public cert that is used to verify the signature of the repository at the correct place, when you’re running Debian Bullseye.

    To fix this issue, first create an empty folder (if it isn’t already there), and make sure it has read and execute access for everyone and also write access for the owner (aka 0755):

    mkdir -p /etc/apt/keyrings
chmod 755 /etc/apt/keyrings

    Then add the GPG public key to the newly-created folder:

    curl -fsSL https://packagecloud.io/ookla/speedtest-cli/gpgkey | gpg --dearmor > /etc/apt/keyrings/ookla_speedtest-cli-archive-keyring.gpg

    Note that /etc/apt/keyrings/ookla_speedtest-cli-archive-keyring.gpg is actually specified in the repository file, /etc/apt/sources.list.d/ookla_speedtest-cli.list. If you have saved the .gpg file in a different name, be sure to also modify the references in the .list file.

  • CoinTickr Setup Guide

    CoinTickr Setup Guide

    Finally received my Kickstarter-backed CoinTickr, onlyt to realize it doesn’t come with a user manual, even though the packaging clearly states otherwise. The QR code teleports you to the cointickr.io site, with no sight of setup instructions besides a ton of marketing stuff on its Indiegogo campaign right now, which is lame.

    Fortunately, for someone with an immense number of IoT devices, it ain’t rocket science to figure it out. I’m putting together a quick guide so that you can get yours up and running in a jiffy.

    Nope, that User Manual bullet point is a blatant lie
    1. If you see BTC/USDT 88,888, the device should already be broadcasting a Wi-Fi network named Coinstats. It is a 2.4Ghz network that can be joined without password. Get on that network with your mobile device or laptop. If you are not seeing this network, try a different device, or long press the top button on the CoinTickr to enter configuration mode. If you are using your mobile phone, it would help to temporarily disable your mobile internet.
    2. You should be assigned an IP from the 10.10.0.0/24 subnet. Your device is likely to prompt you “no internet”, which is ok.
    3. Fire up your browser of choice, and key in http://10.10.0.2 in the address bar.
    4. You will be presented with the admin page.
    5. Pick your Wi-Fi network from the list (2.4Ghz only!) and supply the password. Key in the coin/fiat pair and hit the Save Changes button.
    6. You’re all set!
    7. The Coinstats Wi-Fi will be disabled at this point and if you want to update the settings in the future, simply long-press the top button and repeat step 3-5.
  • HEVC Video Extensions for Windows 11, free from Microsoft Store

    HEVC Video Extensions for Windows 11, free from Microsoft Store

    If you have installed a fresh copy of Windows and attempted to play an H.265-encoded 4K UHD movie file, chances are you will be prompted to purchase this HEVC extension for S$1.50.

    However, there is actually a free version of this extension that is not searchable from the Microsoft Store.

    You’re welcome.

  • Setting up Cloudflared, the DNS-over-HTTPS client, the correct way

    Setting up Cloudflared, the DNS-over-HTTPS client, the correct way

    DNS over HTTPS (DoH) is a protocol for performing remote Domain Name System (DNS) resolution via the HTTPS protocol, which prevents eavesdropping and manipulation of DNS data by man-in-the-middle attacks by employing HTTPS encryptions between the DoH client and the DoH-based DNS resolver. At the time of writing, the official guide at Cloudflare is broken, as the cloudflared service install command would fail to complete. This article walks you through the process of setting up DoH on your Debian 10 system.

    Pages: 1 2

  • Building the latest Windows 10 Enterprise VL USB installer from scratch

    Building the latest Windows 10 Enterprise VL USB installer from scratch

    If you are a Microsoft Volume License customer, the usual channel for obtaining creating a bootable USB for OS installation is to obtain the ISO images via the Volume License Service Center (VLSC) or Microsoft Business Center (MBC), and then using tools such as Rufus or the good old Windows USB/DVD Download Tool to write the ISO to USB. However, there exist situations whereby you can’t get hold of the ISO in a timely fashion, such as when the person with the download rights went on leave, or that a new release is not yet available for download. In this article, I’ll show you how you can build a bootable USB drive with the latest Windows 10 Enterprise release from scratch with just the Media Creation Tool from Microsoft.

    (more…)
  • Safely upgrade from Debian 9 to Debian 10

    Safely upgrade from Debian 9 to Debian 10

    It is jarring when you come across VPS providers in mid-2020 and they only provide up to Debian 9 (or Debian 8) for the OS image. Fortunately, it can be easily upgraded via a few commands, as depicted in this article.

    (more…)
  • HAProxy as a TCP reverse proxy with DDNS target discovery and load balancing

    HAProxy as a TCP reverse proxy with DDNS target discovery and load balancing

    HAProxy is an excellent tool for forwarding or load-balancing TCP traffic. It is far more memory-efficient than socat and offers a persistent configuration between reboots, but without requiring net.ipv4.ip_forward to be enabled. Compared to NGINX, HAProxy offers a more comprehensive and user-friendly status page with far more metrics, which can be easily integrated with third-party monitoring services.

    Pages: 1 2

  • A Cloudflare DDNS script that uses an API Token instead of your Global API Key

    A Cloudflare DDNS script that uses an API Token instead of your Global API Key

    I have been using this simple bash script for a while for my DDNS needs. It is simple enough for quick deployment, and gets the job done. That is until Caddy2’s Cloudflare DNS provider moves away from Global API Key to API Token for the API access. This prompted me to rethink the security implications of using that script.

    The Global API Key basically allows for *ALL* access to your entire Cloudflare account, which includes making changes to other domains under your account as well as your account settings. And this key is stored as plain-text within the script, to be placed on a server which you don’t have physical access — sounds a lot like the perfect recipe for a security nightmare. An API Token, on the other hand, is created with specific permissions. You can, for instance, create a Token that only has the permission to make changes to a specific domain, without the ability to add or delete anything.

    Pages: 1 2