Posts tagged tricks

Enabling CORS for nginx WebDAV and CalDAV reverse-proxy

:: linux, tricks

The past few weeks I’ve been learning to develop and deploy a Progress Web App (PWA) that can communicate with my WebDAV and CalDAV servers. Unfortunately, while these are on the same domain, they are on different sub-domains, and this causes the requests to be considered cross-origin requests. For security reasons, cross-origin requests are blocked by most browsers by default unless the server explicitly allows cross-origin resource sharing (CORS). This is pretty easy to set up for static resources or scripts, if they use default headers and GET and POST methods. However, it’s particularly complicated for WebDAV, CalDAV, and other protocols that use additional headers or methods.

Setting up your backup service

:: linux, tricks, tutorial, optimize everything

I just ran the command rm -rf ~, deleting all my personal files in the process. This was not the first time, and it was no big deal, because I back up my files with automatic rolling backups. My backup system is secure, redundant, and has low resources requirements. The backup repository is encrypted, deduplicated, compressed, and mirrored across multiple machines. You can choose to use any or none of these features while following this guide.

In this guide, I describe how to set up a secure and robust backup service yourself, which runs on Linux, macOS, and Windows via WSL 2. I provide my own scripts, config files, and workflows for maintaining, validating, and restoring the backups. This is all setup using free software, supports multiple configurations with varying degrees of security and redundancy, and scales well to more backup clients.

If you’d prefer to not set this up yourself and you run macOS or Windows, I recommend Backblaze:

https://www.backblaze.com/cloud-backup.html#af9v9g

They automatically handle everything, including most of the features I want in a backup service and some I could never implement myself, for $6/m per machine (USD).

Copy/pasting your password into the Runescape Client

:: tricks, windows

In a fit of nostalgia, I wanted to play some Runescape this weekend. I discovered that Runescape forbids copy and pasting your password into the client, for bogus security reasons. This poses a problem for me, since my password is a very long randomly generated string. Normally, I would copy and paste it from my password manager.

Thankfully, a little Powershell scripting solves the problem. The script below will, upon execution, switch to the Runescape client and type your password. You need to configure one variable, $password, which should be set using a command the reads your password from your password manager (or, if you don’t care about security, set to your password as a string literal). The default uses my configuration, fetching the password from pass via WSL.

Be careful not to run the script while you’re already logged in, or it might enter your password in chat. It shouldn’t, and it won’t hit enter, but… use at your own risk.

runescaope-login.ps1

## --------------------------------------------------------------------
## Instructions:
# Launch Runescape then run this script while on the login page.
#
# You may need to switch Runescape between windowed and full screen 
# after, as alt-tabbing or this script sometimes screws up full screen.

## --------------------------------------------------------------------
## Configure:

# Your runescape password
# $password = "my hard coded password"
# $password = get-password-command
$password = (wsl /usr/bin/pass show runescape.com `| head -n 1)

# Delay.
# How long to wait between grabbing Runescape window and starting to type.
$delay = 1

## --------------------------------------------------------------------

function Show-Process($Process) {
  $sig = '
    [DllImport("user32.dll")] public static extern bool ShowWindowAsync(IntPtr hWnd, int nCmdShow);
    [DllImport("user32.dll")] public static extern int SetForegroundWindow(IntPtr hwnd);
  '

  $type = Add-Type -MemberDefinition $sig -Name WindowAPI -PassThru
  $hwnd = $process.MainWindowHandle
  $null = $type::ShowWindowAsync($hwnd, 5)
  $null = $type::SetForegroundWindow($hwnd) 
}

Show-Process (Get-Process -Name rs2client)

timeout $delay

Add-Type -AssemblyName System.Windows.Forms 
$password.ToCharArray() | ForEach-Object {[System.Windows.Forms.SendKeys]::SendWait($_)}

Running a public server from WSL 2

:: linux, tricks, windows, wsl

This week, for ReAsOnS, I wanted to run a server on WSL 2 that was accessible from the internet. This was surprisingly involved and requires lots of hard-to-find tricks to forward ports through 4 different layers of network abstractions and firewalls.

  1. In WSL, make sure your server is using IPv4. I spent a hell of a long time just trying to figure out why I couldn’t access the server from localhost. I had successfully run a handful of local http servers from WSL that were accessible from the Windows host, so I wasn’t sure what the problem was. It turns out this server, written in Java, wouldn’t work until I added -Djava.net.preferIPv4Stack=true to the java options. It appears that Java was defaulting to IPv6, and WSL doesn’t forward IPv6 properly, or something.
  2. In WSL, make sure you allow the port through your WSL firewall, if you’re using one. Using a WSL firewall might be redundant, but you might be using one. I usually use ufw in my linux machines, so run I’d run ufw allow $PORT in WSL.
  3. In Windows, forward your port from the public IP port to the WSL port using netsh interface portproxy add v4tov4 listenport=$PORT listenaddress=0.0.0.0 connectport=$PORT connectaddress=127.0.0.1 in a Powershell with admin rights. This is one of the hard-to-find but necessary WSL specific bits. It look like Windows creates a virtual adapter that isn’t properly bridged with your internet network adapter. I tried playing various bridging tricks, but in the end, I had to manually create a portproxy rule using Windows’ network shell netsh. This listens on all addresses and forwards the connection to the localhost, which seems to be automatically bridged with WSL. You can also try to manually forward it to the WSL adapter. Use ipconfig to find it. However, the WSL IP changes from time to time, so I recommend using local host instead. It might also be wise to listen explicitly on your internet facing IP instead of 0.0.0.0, but this seemed to work.
  4. In Windows, allow the port through the Windows firewall explicitly by adding a new Inbound Rule using the Windows Defender Firewall with Advanced Security administrative tool. This is accessible as WF.msc in cmd and Powershell. Select Inbound Rule, and click New rule... in the action menu to the right, and work your way through the menu to allow the port explicitly. Normally, Windows asks if you want to allow applications through the firewall. This doesn’t seem to happen with WSL servers, so we have to manually add a rule.
  5. In your router, setup port forwarding for the port.

A Transparent Ad-Blocking VPN via SoftEther + Privoxy

:: tricks, linux

I recently1, finally, got a smart phone—an iPhone. One of the first things that annoyed me were the ads. I use Ad-Block Plus on all my computers and I have not been bothered by ads in quite some time.

One approach to removing ads is rooting my phone and installing a customized hosts file. This approach has several flaws. I once tried this approach on my android tablet. While better than nothing, it misses many ads and tends to interrupt normal internet use.

Another approach, as of iOS 9, is to use Safari content filters. However, this requires me to use Safari, and I prefer Firefox.

After lots of tinkering and reading and thinking, the best approach seems to be a VPN with proxy that seamlessly block ads (and potentially provide additional security, privacy, caching, and etc). There are apps that provide a VPN with ad blocking proxy, but reading their privacy policies caused me great concern. So I decided to setup my own.

Setting up WebDAV, CalDAV, and CardDAV servers

:: linux, tricks

A while back I wrote a post about paranoia in which I was considering allowing Google or Apple to manage things like my calendar and contacts. Since then, I have reequipped my paranoia hat. This week I setup my own WebDAV, CalDAV, and CardDAV servers and secured them behind an nginx proxy which provides SSL encryption and HTTP authentication.

An on demand Minecraft Server

:: games, tricks, linux

Sometimes I play minecraft. Sometimes I play a lot of minecraft and sometimes I just stop playing for months. Lately when I do play, I’ve bene playing with a slightly modified version of Tekkit and running my own server. I have a VPS that I probably under use, so I decided to run the server there for when I do play with my friends.

My VPS is not very powerful, and running a Minecraft server when I stop playing for months is a huge waste of resources. I sought a way to automatically bring the server up when I wanted to play and shut it down when I wasn’t playing for a while.