Author: Jani

  • Kotiboksi Bewan iBox A5100 (Arcadyan ARV4510EPW-A-LF-L3, valkoinen antenni) langattomaksi sillaksi OpenWrt 18.06.2:lla

    Tässä on lähtötilanteena, että Kotiboksissa on jo OpenWrt 18.06.2, eli sen asennusohjeita joudut tarvittaessa etsimään muualta. Lisäksi oletuksena on, saatavilla on jo toinen reititin (alempana “gateway-reititin”) tarjoamassa langatonta yhteyttä lähiverkkoon (ja Internetiin). Tarvitset sen IP-osoitteen. Lisäksi tarvit tietokoneen (alempana “PC”), jossa on ssh-asiaksohjelma ja ethernet-liitin, sekä ethernet-kaapelin.

    Teen tässä Kotiboksin neljännestä LAN-portista (WAN-portti) erillisen hallintaportin, jotta PC:n ja Kotiboksin IP-osoiteasetuksia ei tarvitsisi mulkata yhteyden säilymisen takia. Lisäetuna on, että sen jälkeen asetuksia on vähän vaikeampi saada niin solmuun, että niiden täysnollaus ja kokonaan alusta aloittaminen on tarpeen.

    (Sovelsin tämän reseptin Karl Stenerudin Relayd Wireless Bridge in OpenWRT -ohjeista.)

    Alkutoimet

    1. Palauta Kotiboksi (OpenWrt:n) tehdasasetuksille.
    2. Irrota PC muista verkoista (huom.: myös langattomista).
    3. Kytke ethernet-kaapeli Kotiboksin LAN1-portin ja PC:n välille.
    4. Avaa PC:n selaimella http://192.168.1.1/ ja kirjaudu pääkäyttäjänä (root, salasana on tyhjä).
    5. System > Administration: aseta pääkäyttäjälle salasana.
    6. Save & Apply
    7. System > System: aseta aikavyöhyke ja valitse Sync with browser.
    8. Aseta mieluisa Hostname.
    9. Save & Apply

    Langattoman yhteyden luonti

    1. Network > Wireless: SSID “OpenWRT”: Edit
    2. Advanced Settings: valitse Country Code -valikosta FI
    3. Wireless Security: Encryption: WPA2-PSK, syötä hyvä salausavain
    4. Save & Apply
    5. Network > Wireless: SSID “OpenWRT”: Enable
    6. Valitse radio0:n Scan.
    7. Kytkeydy gateway-reitittimen langattomaan verkkoon (Join Network).
    8. Syötä verkon salasana.
    9. Submit
    10. Operating frequency / Channel: auto
    11. Mode: Client (huom.: pelkkä “client”, ei siis WDS Client)
    12. Save & Apply
    13. Network > Diagnostics: varmista, että ping toimii.

    Hallintaportin (etherwan) luonti

    1. Network > Switch: Add
    2. Ota VLAN 1:n LAN 4 -portti (joka on untagged) pois päältä (off) ja luo uusi VLAN (nro 2) seuraavasti:
      VLAN ID CPU (eth0) LAN 1 LAN 2 LAN 3 LAN 4
      1 tagged untagged untagged untagged off
      2 tagged off off off untagged
    3. Save & Apply
    4. Network > Interfaces: Add new interface
    5. nimeksi etherwan
    6. Protocol: Static address
    7. Cover the following interface: Switch VLAN: "eth0.2" (eli edellä luotu VLAN 2)
    8. Submit
    9. Setup DHCP server
    10. IPv4 address: 192.168.100.1
    11. IPv4 netmask: 255.255.255.0
    12. Advanced Settings: Override MAC address: 00:11:22:33:44:56
    13. Save & Apply

    Relayd:n (ja nettilediajurin) asennus

    1. Ota PC:n ssh-asiakasohjelmalla yhteys Kotiboksiin:
      $ ssh root@192.168.1.1
    2. # vi /etc/opkg/distfeeds.conf
    3. Kommentoi pois openwrt_telephony-rivi (viimeinen) (lisäämällä # sen edelle). Tallenna ja poistu.
    4. root@OpenWrt:~# opkg update
    5. root@OpenWrt:~# opkg install luci-proto-relay kmod-ledtrig-netdev
    6. root@OpenWrt:~# exit

    LAN-verkon osoitteenmuutos

    1. Irrota ethernet-kaapeli Kotiboksin LAN-portista ja odota että PC:n ethernet-portti hiljenee (unohtaa vanhan IP-osoitteensa).
    2. Kytke ethernet-kaapeli Kotiboksin WAN-porttiin (LAN4).
    3. Avaa PC:n selaimella http://192.168.100.1/ ja kirjaudu sivulle pääkäyttäjänä.
    4. Network > Interfaces: valitse LAN muokattavaksi (Edit).
    5. Vaihda IPv4 address -arvoksi 192.168.2.1
    6. Aseta IPv4 gateway -arvoksi gateway-reitittimen IP-osoite (useimmiten 192.168.1.1).
    7. Valitse Disable DHCP for this interface.
    8. Save & Apply

    Siltaus

    1. Network > Interfaces: Add new interface.
    2. Anna liitännän nimeksi stabridge.
    3. Protocol of the new interface: Relay bridge
    4. Submit
    5. Local IPv4 address -arvoksi gateway-reitittimen osoite (sama kuin LAN-verkon IPv4 gateway -arvo) edellä).
    6. Relay between networks: lan ja wwan
    7. Save & Apply

    Palomuurivyöhykkeiden päivitys

    1. Network > Firewall: poista kaikki vyöhykkeet.
    2. Add
    3. Anna vyöhykkeen nimeksi bridgezone.
    4. Aseta Input, Output ja Forward accept-tilaan.
    5. Covered networks: lan ja wwan
    6. Save & Apply

    Viimeistely

    1. Irrota ethernet-kaapeli Kotiboksin wan-portista ja odota että PC:n ethernet-portti hiljenee (unohtaa vanhan IP-osoitteensa).
    2. Kytke ethernet-kaapeli Kotiboksin LAN1-porttiin.
    3. Testaile PC:llä, että kaikki toimii niin kuin lopulta pitäisi.
    4. Sammuta Kotiboksi ja käynnistä se sitten uudestaan. Varmista, että kaikki toimii edelleen.
    5. Irrota ethernet-kaapeli Kotiboksin lan-portista ja odota että PC:n ethernet-portti hiljenee (unohtaa vanhan IP-osoitteensa).
    6. Jos PC:ssä on langaton verkko, yhdistä Kotiboksin langattomaan ja varmista, että kaikki toimii senkin kautta niin kuin pitää. Irrota PC lopuksi taas Kotiboksin langattomasta (ja muistakin verkoista).
    7. Kytke ethernet-kaapeli Kotiboksin wan-porttiin (LAN4).
    8. Avaa PC:n selaimella http://192.168.100.1/ ja kirjaudu sivulle pääkäyttäjänä.
    9. System > LED Configuration: virittele LEDit mieluisiksi.
  • How to detach the green latch (P1-595349) used in some HP SFF computers’ slim optical drives

    I’m talking about this:

    HP DS-8A8SH locking mechanism

    Now, forget about that weird screw head looking thing, it’s there just to guide the thing in place when they’re installing it, and to keep it from sliding off when in place.

    The whole part is actually just kept in place by a small piece of adhesive in the middle. So there’s no need for a screwdriver at all here, as you can just carefully pry the damn thing off:

    HP P1-595349 detached
  • Change keyboard layout when booting Ubuntu 18.04 live cd/USB in UEFI

    I’m selecting the Finnish locale and keyboard layout here, YMMV.

    1. With the Try Ubuntu option selected, hit ‘e’ to enter the boot parameter editor
    2. Go to the end of the line with linux kernel boot parameters (they perhaps end with quiet splash --) and add these parameters: locale=fi_FI console-setup/layoutcode=fi (so that, if the previous example holds, it now ends with quiet splash -- locale=fi_FI console-setup/layoutcode=fi)
    3. Hit Ctrl-x to boot
  • Apache 2.4: Require (allow) either (mod_auth_basic) valid-user or a specific query string

    Prerequisities:

    • Apache 2.4
    • you have set up your htpasswd file in /path/to/.htpasswd
    • the alternative, secret query parameter for access is secret_access_parameter

    To make it work, add these lines to the appropriate section of your Apache vhost configuration:

    Require all denied
    <RequireAny>
      Require valid-user
      Require expr "%{QUERY_STRING} =~ /secret_access_parameter/"
    </RequireAny>
    AuthType Basic
    AuthName "Authorization required"
    AuthUserFile /path/to/.htpasswd
  • Nautilus keyboard shortcut to deselect all

    Ctrl + Shift + A

    or, if that doesn’t work,

    Ctrl + A followed by Ctrl + Shift + I

  • Rhythmbox podcast feed & episode download status codes

    rhythmdb/rhythmdb.h#L182:

    enum {
    	RHYTHMDB_PODCAST_FEED_STATUS_HIDDEN = 0,
    	RHYTHMDB_PODCAST_FEED_STATUS_NORMAL = 1,
    	RHYTHMDB_PODCAST_FEED_STATUS_UPDATING = 2,
    
    	RHYTHMDB_PODCAST_STATUS_COMPLETE = 100,
    	RHYTHMDB_PODCAST_STATUS_ERROR = 101,
    	RHYTHMDB_PODCAST_STATUS_WAITING = 102,
    	RHYTHMDB_PODCAST_STATUS_PAUSED = 103,
    };

  • Switching Redis from TCP port to UNIX socket in Ubuntu 16.04, with Nextcloud running under Apache

    This presumes that Apache, Nextcloud and Redis have already been installed, with Redis running on the default TCP port 6379 and Nextcloud is configured to use that port.

    When switching from using a port to using a socket, any “Redis Server Went Away” issues that crop up in Nextcloud are probably due to file permissions: Apache’s www-data user needs access to Redis’ socket file inside /var/run/redis. Here’s the full list of steps I took to make it work:

    1. open ${NEXTCLOUD_WWW_ROOT}/config/config.php in a text editor
    2. turn on maintenance mode by setting 'maintenance' => true and saving the file
    3. in the 'redis' array,
      1. set 'host' => '/var/run/redis/redis.sock'
      2. set 'port' => 0
    4. save changes
    5. open /etc/redis/redis.conf in a text editor
    6. change port 6379 to port 0
    7. uncomment unixsocket /var/run/redis/redis.sock
    8. uncomment unixsocketperm 700
    9. change unixsocketperm 700 to unixsocketperm 770
    10. save changes
    11. sudo adduser www-data redis
    12. sudo systemctl restart apache2 (for the added group to take effect)
    13. sudo systemctl restart redis-server
    14. open ${NEXTCLOUD_WWW_ROOT}/config/config.php in a text editor
    15. turn off maintenance mode by setting 'maintenance' => false and saving the file

    There’s no need to change the value of open_basedir, or to tweak Apache’s site configuration (but do remember step #12 above: restart Apache after adding www-data to the redis group).

  • Redirecting Signal Desktop’s log from syslog to a separate file

    After switching from the old Chrome app to the new Signal Desktop app, my syslog began to get spammed with lines containing stuff like “Sending a keepalive message”.

    They seemingly come from gnome-session, but it’s actually Signal operating under gnome-session. Not having the actual application name for filtering, I just made a slightly hackish /etc/rsyslog.d/20-redirect-signal.conf with the following contents:

    :msg,contains,"{\"name\":\"log\",\"hostname\":\"saegusa\"" -/var/log/signal-desktop.log 
    & stop

    (Where saegusa is my hostname; you should obviously change this to match yours.)

  • Get GIT_WORK_TREE from the post-checkout hook

    I was crafting a post-checkout hook and wanted to do something depending on the absolute path of $GIT_WORK_TREE in the current environment. In git 2.7.4 (and up to 2.4.14) at least, that environment variable was set to “.” when inside the post-checkout hook, which was a little unhelpful in this case. So I spent some time trying to google why and coming up empty.

    Here’s where you’re entitled to laugh at my over-thinking this.

    Since I’m in the work tree already (.) when inside the hook, the absolute path is the current working directory, or $PWD. No need to fiddle with GIT_WORK_TREE at all.

  • Apache 2.4 + Gitlab Omnibus (CE) with a relative URL: 404 (not found), 422 (The change you requested was rejected)

    It’s been a painful month battling with this and I’m too tired to document everything thoroughly, so I’ll just throw this out there:

    # "Note this config assumes unicorn is listening on default port 8080 and
    # gitlab-workhorse is listening on port 8181."
    
    Alias /lab "/opt/gitlab/embedded/service/gitlab-rails/public"
    
    <Directory /opt/gitlab/embedded/service/gitlab-rails/public>
        Include conf-available/geoblock-non-fi.conf
        
        Options -MultiViews
        #DirectoryIndex disabled
    </Directory>
    
    <Location /lab>
        Include conf-available/geoblock-non-fi.conf
        
        ErrorDocument 404 /404.html
        ErrorDocument 422 /422.html
        ErrorDocument 500 /500.html
        ErrorDocument 502 /502.html
        ErrorDocument 503 /503.html
    
        RequestHeader set X-Forwarded-Proto https
        Header set Strict-Transport-Security: "max-age=15768000;includeSubdomains"
    
        ProxyPass "http://127.0.0.1:8181/lab"
        ProxyPassReverse "http://127.0.0.1:8181/lab"
    </Location>

    That one disabled line (#DirectoryIndex disabled) was required (uncommented) when I used the RewriteRules version of the recipe, otherwise it was 404 whenever logging in.

    You also obviously need to either out-comment “Include conf-available/geoblock-non-fi.conf” or add your own geoblocking rules in the file it references.