Configure local Systemd-resolved DNS Resolver for Company Domains behind VPN

To send queries for the company internal (sub)-domains to the company DNS resolvers behind the VPN, the resolver can be configured with the following commands:

# Configure internal corporate domain name resolvers:
resolvectl dns tun0 192.0.2.53 192.0.2.54

# Only use the internal corporate resolvers for domain names under these:
resolvectl domain tun0 "~example.com"

# Not super nice, but might be needed:
resolvectl dnssec tun0 off

Workaround for Raspberry Pi automatic WiFi/WLAN reconnect

My old Raspberry Pi Zero W sometimes had problems restoring the WiFi connection when the AP was rebooted or reprovisioned. I don’t know why Rasbian can’t do this, but this workaround is my solution: I created a script that continuously tests the connection to the local gateway. If the gateway cannot be reached, the WiFi interface is restarted.

  • Add the following line to /etc/crontab:
*/1    *    * * *    root    /usr/local/bin/wifi_reconnect.sh
#
  • Create bash script /usr/local/bin/wifi_reconnect.sh with this content:
!/bin/bash

#echo "Script runned @ $(date)" >>/var/log/wifi_reconnect 

# The IP for the server you wish to ping (get default getway)
SERVER=$(/sbin/ip route | awk '/default/ { print $3 }')

#echo "> Server: ${SERVER}" >>/var/log/wifi_reconnect 

# Specify wlan interface
WLANINTERFACE=wlan0

#echo "> WLAN Interface: ${WLANINTERFACE}" >>/var/log/wifi_reconnect

# Only send two pings, sending output to /dev/null
ping -I ${WLANINTERFACE} -c2 ${SERVER} >/dev/null 

# If the return code from ping ($?) is not 0 (meaning there was an error)
if [ $? != 0 ]
then
echo "> WiFi doenst work. Restart!" >>/var/log/wifi_reconnect 
# Restart the wireless interface
ip link set wlan0 down
ip link set wlan0 up
#else
#echo "> WiFi works. No restart" >>/var/log/wifi_reconnect
fi 

I added some “echo to file” lines. Remove the # to log what the script does.

Grafana/Telegraf show 0 bytes memory usage for docker containers

Today i searched for a problem with a docker container. Since there was a problem with the memory usage of the container, I wanted to check it in my Grafana. But unfortunately, the Telegraf plugin showed 0 bytes for each container since months. I founded the solution the the Telegraf GitHub issues. You need to enable memory control groups on Raspberry Pi. To do that, add the following to your /boot/cmdline.txt to enable this metic:

cgroup_enable=memory cgroup_memory=1

And after reboot, it works:

Create a bar code/QR-Code/EAN in Word without VBA/Plugin

With Microsoft Office Word 2013 and newer its possible to create nativly the following bar codes:

  • QR (2D QR Code)
  • CODE128 (Code 128 linear bar code)
  • CODE39 (Code 39 linear bar code)
  • JPPOST (Japanese Postal Service Customer barcode)
  • EAN8 or EAN13 (EAN – International Article Number worldwide bar code)
  • JAN8 or JAN13 (Japanese barcode for product ID’s)
  • UPCA|UPCE (US barcode for product ID’s)
  • ITF14 (ITF-14 item-tracking barcode for shipping)
  • NW7 (NW-7 (CODABAR) serial number bar code )
  • CASE ( barcode for tracking USPS mail)

Steps

  1. Create Word 2013 or newer document
  2. Create empty merge field with [CTRL]+[F9]
  3. You should see two curly brackets at this point. If not, toggle display merge fields with [ALT]+[F9]. Adding the brackets manually does not work, because Word does not recognize it as a function!
  4. Insert the DISPLAYBARCODE-function and the right switches into the merge field (into the two curly brackets):
    DISPLAYBARCODE field-argument-1 field-argument-2 [ switches ]

    • field-argument-1 is a quoted string containing the data (barcode-data) used to generate the barcode symbol
    • field-argument-2 is a text string containing the type of barcode (barcode-type) that will be generated. Valid are in the list above (case-insensitive).

Example:

DISPLAYBARCODE "My n!ce QR code" QR \s 50 \q 3
* DISPLAYBARCODE = barcode function
* "My n!ce QR code" = barcode data
* QR = barcode type
* \s 50 = scaling factor in percent. Valid values from 10 to 1000.
* \q 3 = error correction level. Valid values (case insensitive) are [L|M|Q|H]

More information, also for the switches, you could find in the Microsoft Docs: [MS-OI29500]: DISPLAYBARCODE.

Run iotop tcpdump etc. on Synology DiskStation or RackStation with Synogear

When you need tools like iotop or tcpdump on you Synology DiskStation or RackStation, you doens’t need to itall it via ipkg. Synology had a build in way to install the tools.

  • Connect via SSH to your NAS
  • Run sudo synogear install
  • Now you could use the tools from the list below

The package “Diagnosis Tool” are now also visible in the package center. You could also uninstall it from here, but a installation from package center is not possible.

addr2name
arping
bash
cifsiostat
clockdiff
dig
domain_test.sh
file
fix_idmap.sh
free
fuser
gcore
gdb
gdbserver
iftop
iostat
iotop
iperf
iperf3
kill
killall
ldd
log-analyzer.sh
lsof
ltrace
mpstat
name2addr
ncat
ndisc6
nethogs
nfsiostat-sysstat
nmap
nping
nslookup
peekfd
perf-check.py
pgrep
pidof
pidstat
ping
ping6
pkill
pmap
prtstat
ps
pstree
pwdx
rarpd
rdisc
rdisc6
rltraceroute6
rview
rvim
sa1
sa2
sadc
sadf
sar
sid2ugid.sh
slabtop
sockstat
speedtest-cli.py
strace
sysctl
sysstat
tcpdump
tcpdump_wrapper
tcpspray
tcpspray6
tcptraceroute6
telnet
time
tload
top
tracepath
traceroute6
tracert6
uptime
vim
vimdiff
vmstat
w
watch
xxd

Add languages to PHP Docker Container

Recently I have noticed that the output of the following code shows the month in the wrong language (English instead of German):

date_default_timezone_set('Europe/Berlin');
setlocale(LC_ALL, 'de_DE.utf8');
$date_now = date('Y-m-d');
echo strftime('%B %Y', strtotime($date_now));

This can be solved by installing the required language in the docker container. Unfortunately there is a bug which prevents that the languages can be easy activated by locale-gen <lang-code>. So you have to enable them in /etc/locale.gen first and then generate them with locale-gen. This code solves the problem:

FROM php:7-apache

[...]

# install localisation
RUN apt-get update && \
    # locales
    apt-get install -y locales

# enable localisation and generates localisation files
RUN sed -i -e 's/# de_DE ISO-8859-1/de_DE ISO-8859-1/' /etc/locale.gen && \ # to uncomment the lange
    sed -i -e 's/# <your lang code from locale.gen>/<your lang code from locale.gen again>/' /etc/locale.gen && \
    locale-gen

[...]

Or you could install all available languages:

FROM php:7-apache

[...]

# install localisation
RUN apt-get update && \
    # locales
    apt-get install -y locales locales-all

[...]

If you perform a dry run in the container, you must restart Apache for see the changes.

Preparing a Root-Server and install Docker-CE

This is my personal note list for preparing a root server. The list is not complete and may contain errors.

Network setup

  • Install OS as usual or use image from Control Panel

Network setup

  • Set/check fixed ip
  • Set the “Reverse DNS” entry in Control Panel
  • Add local user
    useradd <username>
    usermod -aG sudo <username>
  • Set hostname
    sudo hostnamectl set-hostname <hostname>
  • Edit the /etc/hosts file
  • Edit the /etc/cloud/cloud.cfg file if exists (preserve_hostname: false to true)

SSH

  • Add pubkey to ~/.ssh/authorized_keys
  • Disable SSH login with password and permit root login in /etc/ssh/sshd_config file
PasswordAuthentication no
PubkeyAuthentication yes
PermitRootLogin prohibit-password
  • Restart SSH Daemon
    service sshd restart

VIM

  • VIM Color open ~/.vimrc and add
    colo desert
    syntax on

Docker

  • Install docker-cd here
  • Install docker-compose here
  • Install docker-compose command completion here
  • add username to docker group (source)
    sudo usermod -aG docker $USER

Logrotate for Docker

  • Create Logrotate config file for Docker containers under /etc/logrotate.d/docker-container with the following content:
/var/lib/docker/containers/*/*.log {
  rotate 8
  weekly
  compress
  missingok
  delaycompress
  copytruncate
}
  • Test it with: logrotate -fv /etc/logrotate.d/docker-container

Docker Compose aliases

  • Create or append to ~/.bash_aliases:
alias dc='docker-compose'
alias dcl='docker-compose logs -f --tail=200'
alias dce='docker-compose exec'
alias dcb='docker-compose up --build -d'
alias dcu='docker-compose up -d'
alias dcul='docker-compose up -d && docker-compose logs -f --tail=50'
alias dcd='docker-compose down --remove-orphans'
alias dcdu='docker-compose down --remove-orphans && docker-compose up -d'
alias dcdul='docker-compose down --remove-orphans && docker-compose up -d && docker-compose logs -f --tail=50' 
alias dcdb='docker-compose down --remove-orphans && docker-compose up --build -d'
alias dcdbl='docker-compose down --remove-orphans && docker-compose up --build -d && docker-compose logs -f --tail=50'

Docker after dist upgrade

  • Re-enable repo
    sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu <replace with lsb_release> stable"
  • update the package database with the Docker packages from the newly added repo:
    sudo apt-get update
  • Make sure you are install from the Docker repo instead of the default Ubuntu repo:
    apt-cache policy docker-ce
  • upgrade packes
    sudo apt-get install docker-ce docker-ce-cli containerd.io
  • reboot

Traefik

  • TBD

fail2ban

  • Update repos and upgrade system
    sudo apt-get update
    sudo apt-get upgrade
  • Install fail2ban with sudo apt-get install fail2ban
  • Create config file /etc/fail2ban/jail.local and add a jail for the SSH Deamon
[sshd]
enabled = true
port = <ssh port>
filter = sshd
logpath = /var/log/auth.log
maxretry = 3