Categories
Uncategorized

Building the latest Windows 10 Enterprise VL USB installer from scratch

If you are a Microsoft Volume License customer, the usual channel for obtaining creating a bootable USB for OS installation is to obtain the ISO images via the Volume License Service Center (VLSC) or Microsoft Business Center (MBC), and then using tools such as Rufus or the good old Windows USB/DVD Download Tool to write the ISO to USB. However, there exist situations whereby you can’t get hold of the ISO in a timely fashion, such as when the person with the download rights went on leave, or that a new release is not yet available for download. In this article, I’ll show you how you can build a bootable USB drive with the latest Windows 10 Enterprise release from scratch with just the Media Creation Tool from Microsoft.

Categories
Uncategorized

Safely upgrade from Debian 9 to Debian 10

It is jarring when you come across VPS providers in mid-2020 and they only provide up to Debian 9 (or Debian 8) for the OS image. Fortunately, it can be easily upgraded via a few commands, as depicted in this article.

Categories
Guide Networking

HAProxy as a TCP reverse proxy with DDNS target discovery and load balancing

HAProxy is an excellent tool for forwarding or load-balancing TCP traffic. It is far more memory-efficient than socat and offers a persistent configuration between reboots, but without requiring net.ipv4.ip_forward to be enabled. Compared to NGINX, HAProxy offers a more comprehensive and user-friendly status page with far more metrics, which can be easily integrated with third-party monitoring services.

Categories
Guide Networking

A Cloudflare DDNS script that uses an API Token instead of your Global API Key

I have been using this simple bash script for a while for my DDNS needs. It is simple enough for quick deployment, and gets the job done. That is until Caddy2’s Cloudflare DNS provider moves away from Global API Key to API Token for the API access. This prompted me to rethink the security implications of using that script.

The Global API Key basically allows for *ALL* access to your entire Cloudflare account, which includes making changes to other domains under your account as well as your account settings. And this key is stored as plain-text within the script, to be placed on a server which you don’t have physical access — sounds a lot like the perfect recipe for a security nightmare. An API Token, on the other hand, is created with specific permissions. You can, for instance, create a Token that only has the permission to make changes to a specific domain, without the ability to add or delete anything.

Categories
Guide

Get Caddy 2.0 now with Cloudflare DNS Provider module for automatic TLS

Caddy 2.0 has finally entered GA since about a day ago, after three Release Candidates which I didn’t use. So now is high time to upgrade all our production servers to the latest and greatest version, because those 1.0.4 installation works really well and life is too boring when everything just works, we need to spice things up a little.

For Debian/Ubuntu distros, Caddy 2 now has an official repository at apt.fury.io/caddy/ which you can add to APT sources and then install it via apt install caddy. However, unlike the slick curl method in Caddy 1.x, it is no longer possible to include modules on-the-fly upon installation. If you need the popular Cloudflare DNS TLS Provider module to be included in Caddy 2, the only option at this point is to build it from source.

Categories
Guide 折腾

修改 ServerStatus-V 探针脚本配合 vnStat 2.x 版本使用

网上常见的改版 ServerStatus 探针里采用的流量统计是根据 python 函数 psutil.net_io_counters() 所返回的数值来显示的。所以每次系统重启就会清零,作为检测小鸡每月流量有没有跑超的实用性不大。后来发现了以 vnStat 流量统计为基础的 ServerStatus-V 项目,用比较科学的自然月流量采集方式补足了原来 ServerStatus 的短板,这也是我一直沿用的版本。

最近适逢 Ubuntu 20.04 LTS 问世,我把手头上一大波的 VPS 系统更新,大致顺利。但后来发现探针监控台里越来越多小鸡的流量报告均为 0 | 0。难道是更新后比较节省流量吗?当然是不存在的。强迫症发作下无可奈何只好研究一下代码…

果然,问题就出现在这行代码里:

Categories
Review VPS

BuyVM/FranTech Ryzen VPS and Storage Slab review

While AMD has made quite a comeback on the desktop front with each successful iteration of their Ryzen CPUs based on the Zen architecture, things on the server side is not as rosy, as the market is still largely dominated by Intel. For the longest time I have always wanted a Ryzen-based VPS, because I know how awesome they will be. The hunt ended when I came across BuyVM aka Frantech.

Categories
Review VPS

LiteUnit LLC KVM-512 VPS Review

[Update Aug 2020] My VPS has been offline since the end of June and support tickets are no longer answered since.

LiteUnit LLC is a Russia-based hosting company that is currently offering VPS hosted in Novosibirsk, a place where it is often more affectionately known as “New Siberia”. It has nothing to do with the Moscow image featured in this article (in fact, the two cities are more than 3,300km apart), but I figure everybody loves a good cliché at the end of the day.

Categories
Nuisance VPS

RESUME variable error during system updates

Assuming you had or have been using Linux VPS from second or third-tier vendors, you would have come across the following error message at some point:

W: initramfs-tools configuration sets RESUME=/dev/sda2
W: but no matching swap device is available.
I: The initramfs will attempt to resume from /dev/vda2
I: (UUID=03bd7930-a963-4fa7-9db2-8c30eca1ea58)
I: Set the RESUME variable to override this.
Categories
Guide Software VPS

Installing the latest version of Aria2 in Ubuntu 18.04 LTS

Aria2 is a headless (command-line based) multi-protocol downloader. It supports the downloading of HTTP/HTTPS, FTP, SFTP, BitTorrent and Metalink resources. Many frontends exist for Aria2, they are available either as standalone apps, or browser extensions.

Technically Aria2 can function by itself, but I don’t consider its command-line functionalities to be usable for most. Thanks to its frontend-backend separation architecture, Aria2 can easily be deployed on headless servers, such as a VPS, where you can remotely push download tasks to the backend server. Since the actual download takes place on on the backend server and not your frontend device, you don’t have to worry about leaving your devices on or preventing it from entering sleep/suspend states.