Categories
Guide Networking

HAProxy as a TCP reverse proxy with DDNS target discovery and load balancing

HAProxy is an excellent tool for forwarding or load-balancing TCP traffic. It is far more memory-efficient than socat and offers a persistent configuration between reboots, but without requiring net.ipv4.ip_forward to be enabled. Compared to NGINX, HAProxy offers a more comprehensive and user-friendly status page with far more metrics, which can be easily integrated with third-party monitoring services.

Categories
Guide Networking

A Cloudflare DDNS script that uses an API Token instead of your Global API Key

I have been using this simple bash script for a while for my DDNS needs. It is simple enough for quick deployment, and gets the job done. That is until Caddy2’s Cloudflare DNS provider moves away from Global API Key to API Token for the API access. This prompted me to rethink the security implications of using that script.

The Global API Key basically allows for *ALL* access to your entire Cloudflare account, which includes making changes to other domains under your account as well as your account settings. And this key is stored as plain-text within the script, to be placed on a server which you don’t have physical access — sounds a lot like the perfect recipe for a security nightmare. An API Token, on the other hand, is created with specific permissions. You can, for instance, create a Token that only has the permission to make changes to a specific domain, without the ability to add or delete anything.

Categories
Guide

Get Caddy 2.0 now with Cloudflare DNS Provider module for automatic TLS

Caddy 2.0 has finally entered GA since about a day ago, after three Release Candidates which I didn’t use. So now is high time to upgrade all our production servers to the latest and greatest version, because those 1.0.4 installation works really well and life is too boring when everything just works, we need to spice things up a little.

For Debian/Ubuntu distros, Caddy 2 now has an official repository at apt.fury.io/caddy/ which you can add to APT sources and then install it via apt install caddy. However, unlike the slick curl method in Caddy 1.x, it is no longer possible to include modules on-the-fly upon installation. If you need the popular Cloudflare DNS TLS Provider module to be included in Caddy 2, the only option at this point is to build it from source.

Categories
Guide 折腾

修改 ServerStatus-V 探针脚本配合 vnStat 2.x 版本使用

网上常见的改版 ServerStatus 探针里采用的流量统计是根据 python 函数 psutil.net_io_counters() 所返回的数值来显示的。所以每次系统重启就会清零,作为检测小鸡每月流量有没有跑超的实用性不大。后来发现了以 vnStat 流量统计为基础的 ServerStatus-V 项目,用比较科学的自然月流量采集方式补足了原来 ServerStatus 的短板,这也是我一直沿用的版本。

最近适逢 Ubuntu 20.04 LTS 问世,我把手头上一大波的 VPS 系统更新,大致顺利。但后来发现探针监控台里越来越多小鸡的流量报告均为 0 | 0。难道是更新后比较节省流量吗?当然是不存在的。强迫症发作下无可奈何只好研究一下代码…

果然,问题就出现在这行代码里:

Categories
Review VPS

BuyVM/FranTech Ryzen VPS and Storage Slab review

While AMD has made quite a comeback on the desktop front with each successful iteration of their Ryzen CPUs based on the Zen architecture, things on the server side is not as rosy, as the market is still largely dominated by Intel. For the longest time I have always wanted a Ryzen-based VPS, because I know how awesome they will be. The hunt ended when I came across BuyVM aka Frantech.

Categories
Review VPS

LiteUnit LLC KVM-512 VPS Review

LiteUnit LLC is a Russia-based hosting company that is currently offering VPS hosted in Novosibirsk, a place where it is often more affectionately known as “New Siberia”. It has nothing to do with the Moscow image featured in this article (in fact, the two cities are more than 3,300km apart), but I figure everybody loves a good cliché at the end of the day.

Categories
Nuisance VPS

RESUME variable error during system updates

Assuming you had or have been using Linux VPS from second or third-tier vendors, you would have come across the following error message at some point:

W: initramfs-tools configuration sets RESUME=/dev/sda2
W: but no matching swap device is available.
I: The initramfs will attempt to resume from /dev/vda2
I: (UUID=03bd7930-a963-4fa7-9db2-8c30eca1ea58)
I: Set the RESUME variable to override this.
Categories
Guide Software VPS

Installing the latest version of Aria2 in Ubuntu 18.04 LTS

Aria2 is a headless (command-line based) multi-protocol downloader. It supports the downloading of HTTP/HTTPS, FTP, SFTP, BitTorrent and Metalink resources. Many frontends exist for Aria2, they are available either as standalone apps, or browser extensions.

Technically Aria2 can function by itself, but I don’t consider its command-line functionalities to be usable for most. Thanks to its frontend-backend separation architecture, Aria2 can easily be deployed on headless servers, such as a VPS, where you can remotely push download tasks to the backend server. Since the actual download takes place on on the backend server and not your frontend device, you don’t have to worry about leaving your devices on or preventing it from entering sleep/suspend states.

Categories
Guide

Protected: NAT小鸡v2.0食用教程

This content is password protected. To view it please enter your password below:

Categories
Networking

The official Telegram CIDR list

If for whatever reason you have the need to reroute or block Telegram Messenger traffic, at some point, you would have come across an ASN list with a list of /22 IPv4 blocks and one or two /48 IPv6 blocks. If you’ve hastily based your firewall rules on that list, you’ll notice it works only intermittently. That’s because the list is incomplete. JTT got you covered and you have come to the right place! Below are the known CIDR used by the Telegram Messenger service: