yes-www

I’ve been using blanket rule of no-www this past years and that is coming to an end.

Leaking WordPress cookies to every single sites hosted on this domain is probably not the best idea. Not that there’s any problem but just in case. Also no cookie to worry about for uploads and other static sites. Or maybe not if WordPress sets the cookie properly (it seems to be mostly does).

I was thinking of moving everything but for some single-use domains like 0paste.com it’s probably fine with no-www.

The other benefit is I can point the bare domain to a cheap server just for redirection and properly set CNAME for www subdomain instead of relying Cloudflare’s top-level CNAME function (which apparently also called “ANAME”?).

I’ve switched the redirection for www to 302 (temporary redirect) from 301 (permanent redirect) a while ago so hopefully no browser still cache the 301.

HTML template

Apparently I made over 50 drafts for this blog years ago. This is one of them. And the content doesn’t seem to be too bad so might as well finish this post.

I occasionally write some HTML. There are some essential things needed for a valid page.

<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Title goes here</title>
<!-- additional meta goes here or wherever -->
</head>
<body>
Content goes here.
</body>
</html>

The doctype is just the basic HTML 5 doctype.

Followed by setting the language of the page. Usually English. Apparently it’s recommended by W3C. Although I sometimes forgot about it.

Then of course head, followed right away by charset. UTF-8 is the best set we currently have and so it’s set there. Without this tag, the page might be rendered in some other set.

I’m not sure if setting X-UA-Compatible is still relevant anymore but IE11 is still here so might as well set it. Or remove if IE compatibility isn’t needed.

Viewport setting is unfortunately essential so the page isn’t zoomed out when viewed using mobile device. Just don’t disable scaling as that’s rude (unless it’s game or something).

The rest are just usual HTML stuff.

Mastodon and FreeBSD

Together with updating all other craps and server migrations, I decided to finally update Mastodon install as well which I broke after upgrades and package removals.

Then in usual fashion, one of dependency didn’t install on FreeBSD because it’s missing pre-compiled binary and the build script has too strict settings causing the build to fail.

Did some hackery to figure out how to fix it (following this guide works) but then when I looked around the situation on the official uws module page it says it’s been unmaintained since forever. Googling around a bit it seems like the author is being a dick and ended up ragequitting the module. Mastodon dev was notified but no action is taken.

The good thing is I looked into replacing it with ws a long time ago and posted it to Mastodon issue tracker. As I’m not interested in doing the module-level hackery, I figured it’s easier to do it now. Also I forgot how I fixed it before which didn’t involve such hackery. Or maybe I did. I don’t know.

In the end I reapplied my patch and everything is good again.

Or not, because I switched PostgreSQL authentication to the shiniest Scram-SHA-256 which isn’t supported by node-postgres. The issue has been open forever and I’m not really interested in fixing it.

Thankfully someone tweeted me the existence of node-pg-native. I looked into it and even though it’s not a drop-in replacement for node-postgres, adding pg-native and setting NODE_PG_FORCE_NATIVE=1 environment variable will force the module to use native library which fixed the problem.

Except for node-libpq which for some reason doesn’t link correctly (my postgres is installed in non-standard path). Whoops. I think fixed it and hopefully it gets merged.

With all the fixes in place, everything seems fine.

Letsencrypt, cavemen edition

Just had to do some letsencrypt setup in some servers so I figured I should write down what I did so I can just check this page again instead of digging how I did it previously.

Requirements:

  • nginx
  • certbot

This assumes the server only serves https and redirects all http traffic. Adjust as needed otherwise.

Full nginx SSL/TLS config not included.

First add this config to nginx to handle verification:

# part of default port 80 config block
location /.well-known/acme-challenge/ {
    root /var/www/certbot;
}

And then create the directory (I’m not actually sure if needed):

# mkdir -p /var/www/certbot

Make the first cert because I’m too lazy to ensure the config directory is setup correctly:

# certbot certonly --webroot -w /var/www/certbot -d DOMAIN_NAME_GOES_HERE --keep --agree-tos --email SOME_KIND_OF@EMAIL_ADDRESS --no-eff-email

At this step, the certificate and all should have been properly generated.

Then use it in nginx configuration, the relevant server block:

ssl_certificate /etc/letsencrypt/live/DOMAIN_NAME_GOES_HERE/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/DOMAIN_NAME_GOES_HERE/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/DOMAIN_NAME_GOES_HERE/chain.pem;

If the full path seems too long, symlink it to nginx config base directory or something.

Update certbot CLI configuration located at /etc/letsencrypt/cli.ini:

rsa-key-size = 4096
text = True
authenticator = webroot
webroot-path = /var/www/certbot

To add more certificates:

# certbot certonly -d ANOTHER_DOMAIN

Don’t forget to update nginx configuration as before.

Since the certificate needs renewal periodically, create this simple script:

#!/bin/sh
# I personally put this in /root/bin/refresh-ssl-certbot

/usr/bin/certbot renew
/path/to/sbin/nginx -s reload

Make executable, etc. Try it to make sure it runs properly.

Then add it crontab. I usually do it weekly.

And done.

There might be smarter way using certbot’s nginx plugin or something but I haven’t bothered reading its documentation and initially this was just a stopgap switching from acme-client which is way simpler but stopped working for me few months ago.

IP address checker

Random idea I came up when reading nginx mailing list. A very simple way to set up external IP address checker using nginx on a remote server.

location = /ip {
    default_type text/plain;
    types { }

    return 200 $remote_addr\n;
}

Accessing /ip will then return the current external IP address. A more fancy output like JSON is possible as well.

HP Z210 SFF/CMT and SSD

My SSD doesn’t quite “work” with HP Z210 SFF/CMT.

  • Model: CT525MX300SSD1
  • Brand: Crucial
  • Type: MX300
  • Capacity: 525Go
  • Error:
    • 1798- Hard drive with hardware encryption enabled detected while in RAID mode. Drive: SATA0 (Dark Blue). Drives that are using hardware encryption should not be included in RAID volumes. Using them may cause volume corruption and unpredictable behavior.

It can still be booted (I think) but F1 needs to be pressed when on startup which is annoying.

Note that same type but with 275Go capacity doesn’t have same problem.

Update 2017-05-31: Doesn’t work with Z210 CMT either. Same error.

Update 2017-08-04: Forgot to update but the drive does work after I clear out the eDrive mode or something. It was done using Crucial’s SSD utility.

Upgrade Log 3

The last one for this batch! Everything arrived, assembled, and finished without much problem.

Windows 10 is even more annoying than ever. Disabling Cortana now must be done using Group Policy. Great. I have to slowly live it up because this is the future of Windows and I don’t see myself using another operating system for desktop for foreseeable future.

Also, don’t disable universal app background process if you want a functional start menu search.

<insert a bunch of other tweaks here>

Up next

Closest upgrade I can think of is getting an extra 6+To drive so I have 6 drives raidz2 instead of current 5 which is quite a waste. I’m not sure how to migrate the data though. That’ll cost about 25k?

And I remembered about my netbook only having 2Gio of RAM. Surely can be upgraded to 8Gio for maximum lulz. Or just more useful. I remember it’s much more usable when it’s running on 4Gio of RAM. I don’t exactly remember when and why it’s only 2 now. It already has SSD so the RAM upgrade would pretty much max out upgrades for this system. Not counting higher capacity/performance SSD because I don’t think it won’t make much difference apart of having more storage – faster SSD won’t help the slow CPU much. 5k for RAM.

After that, I can certainly use more storage for my main desktop. A 1To SSD would certainly be nice. A bit expensive at 33k.

With storage out of the way (and moves the 525Go drive to office desktop), I think my office server can also use some storage upgrade. Just like current home server, it can certainly use two more drives for optimum raidz2. That means a controller, HDD cage, and one extra HDD (because I already have one spare 3To HDD). The total would be about 51k.

There’s VGA card upgrade for main desktop but I’m still not sure about that. I don’t really need it but certainly would be nice! Let’s pretend it’ll cost 40k for whatever card at that budget whenever the upgrade is happening.

Talking about VGA card, there’s also a would-be-nice upgrade for my office desktop VGA. It’s currently running GT730 which is not quite fast. Limited to 45W, current choice is limited to GT1030 at 10k.

At this point there isn’t much left to be upgraded. So let’s upgrade the server RAM to 32Gio from currently pitiful 12Gio. I would like to pretend it’s cheap but it really isn’t even now. I was pretty lucky last time getting two sticks of 8Gio for just 10k but it won’t happen often. So maybe about 25k I’d be willing to spend.

I think there is no more after this. I probably won’t reach this far until at least next year or even later anyway and something may break in the meantime, requiring change of plan.

  1. (5k) RAM: 8Gio PC3-12800S
  2. (25k+) Storage: 6+To HDD
  3. (33k) Storage: 1To SSD
  4. Storage:
    • (4k) Controller: LSI SAS 9212
    • (7k) Misc: HDD Cage 2 5.25″ to 3 3.5″
    • (15k?) Storage: 3+To HDD
  5. (40k) VGA card: ???
  6. (10k) VGA card: GT1030 (or better)
  7. (25k) RAM: 32Gio PC3-12800E

Total: 164k.

…maybe this will happen sooner than expected ( ゚◡゚)

Upgrade Log 2

“New” “server” has arrived. So have the SATA/SAS controller and hdd backplane.

Unfortunately the 5.25″ bay separator is a bit too big so I had to “fix” it.

The cage works complete with hot swap.

So is the SAS card. Flashed to P20 IT mode without much problem. Someone mentioned it might fail on UEFI motherboard booted to DOS in BIOS mode but I didn’t encounter such problem.

Updated the system BIOS as well.

Processor installed without much problem – finally another server with Ivy Bridge processor. SAS card seems to be a bit problematic when system boot support is enabled. I just disable it and everything seems fine. Ethernet card also installed without problem. SSD thankfully detected without hitch and the OS from previous server boots fine.

Still quite a lot of restructuring needed thanks to two servers being merged but there’s nothing else to do hardware side (unless I decided to buy extra drive to round up the data pool to 6 drives raidz2).

Office server also done the rearrangement and now has more threads but much less memory.

Office desktop is currently gimped a bit with just E3-1225 but that will be fixed once the DDR4 memory arrives. And then the graphics card will get a downgrade from GTX660 to GT730.

Now waiting for the memory. I hope it arrives this month so I can say goodbye to this memory-starved system as soon as possible.

That reminds me, I should put up old stuff for auction…

Upgrade log 1

Ordered the RAM sticks. According to the store they’re on backorder and should arrive in one or two months. Hopefully they actually arrive. And doesn’t take two months.

It’s the most annoying part because barely anyone sells what I want and most of them are stupid overpriced.

On another note, I’ve gotten the all in one server. Should arrive sometime this week.

Accompanying the server, I also secured the drive bay converter and SATA (SAS) controller.

I can then proceed to put it in service once everything arrive. Starting from basic check, reflashing the controller, updating BIOS, and swapping parts. Need to take out 1230v2 from office desktop.

I’m thinking of doing everything at once after the basic preparation is done so I can minimize downtime. It’ll be my router after all. And web server. And storage server. Everything~

If there’s no problem, I’ll continue finishing new office desktop and swapping parts for end state of office server.

That will conclude the most troublesome parts. Assuming everything works as planned, that is.

Sure hope there’s no problem with new Ryzen system~

I will probably end up getting a new SSD though. Or not. We’ll see.