howto

Introduction The Spamhaus Don’t Route Or Peer (DROP) Lists consist of netblocks that are leased or stolen by professional spam or cyber-crime operations, and used for dissemination of malware, trojan downloaders, botnet controllers, or other kinds of malicious activity. i.e. stuff you really don’t want to interact with. I used to consume the DROP list many years ago when my home firewall was Microsoft ISA/TMG (yes, really), but then completely forgot it existed until fairly recently....

Doing Who On What Now? Playwright is a Web Testing and Automation framework developed by Microsoft, it’s similar to Selenium or Puppeteer. The core project is written in nodejs and there are sub-projects offering the same framework in Python, .NET, and Java. It’s the Python project that I was specifically interested in due to its use in the changedetection.io container that I maintain for Linuxserver.io. The problem is that the container uses an Alpine base image whereas Microsoft only publish wheels for glibc, and they don’t publish the source to Pypi for pip to build, which means you can’t just do pip install playwright because it won’t be able to find a muslc wheel to install from....

An updated guide to configuring Traefik with Docker, with explanations of why to do each step as well as how.

Intro I’ve not really used qemu much before but I found myself needing it last week for a particular project and discovered - to my shock and amazement - that the documentation (official and 3rd party) surrounding it is almost universally terrible. A mixture of overly-complex, out of date, incredibly niche, and just straight up poorly-written. I’ll be honest, I wasn’t after much, I had a single qemu VM and I wanted it to be routable on my LAN....

Introduction Did you know there are all kinds of interesting options that Docker supports but doesn’t necessarily expose, or document, very well? Most of them are very simple to configure and can have substantial benefits so it’s well worth investigating. Daemons All of these options are configured via the Docker daemon. You can pass arguments to dockerd via the systemd service file or, preferably, use a config file, which defaults to /etc/docker/daemon....

A Further Update Since writing this post I’ve now moved from using the Traefik Crowdsec Bouncer container to using a plugin-based bouncer as it performs better and is actively maintained. Update To The Update The issue with upstream proxies and the Traefik bouncer has been resolved by the maintainer. I’ll leave my fork up in case I get some more free time to work on it. I got impatient waiting for the bug with the Traefik bouncer to get fixed so I forked it and fixed it myself, as well as added a couple of extra features....

Introduction If you live in the Windows world you probably haven’t had much cause to use NFS because SMB is the done thing, but if you’re working with Linux hosts or NAS devices NFS can be simpler to deal with. The problem is that Windows NFS support is a bit…wonky and it doesn’t help that almost all the guides on t’internet are giving out bad advice. So to continue my series of “I just figured this out so it seems only fair to share” posts, here’s how to setup the NFS client on Windows properly....

Introduction LetsEncrypt is a fantastic service and it has quite literally revolutionised how people use TLS certificates, but having a Single Point Of Failure for these things is always a bad idea. The good news is that other providers of free certificates are starting to emerge and one of the first is ZeroSSL. Unlike LetsEncrypt they don’t rate limit, but they do require the use of External Account Binding (EAB) which means it’s not quite a drop in replacement in your config....

Update Since posting this the scripts have changed slightly so the line numbers are no longer correct, that said the functional elements are still the same so it shouldn’t be too hard to figure out where to make the changes. Also get_region_and_token.sh is now get_token.sh and get_region.sh so you’ll need to run the two of them in your init script (get_token.sh first). Introduction Compared to a lot of VPN providers PIA have been pretty slow off the mark in supporting DIY Wireguard connections; they’ve had Wireguard support in their client for a while but that doesn’t help if you want to use something like the linuxserver/wireguard container as your client....

One of the most common questions around Docker is “how do I know when I new version of an image gets published?”. Even if you’re tied to a specific version tag, security and bug fixes can still result in new images being pushed and there’s no built-in mechanism to notify you that it’s happened.