Category: tips, tricks and howtos

variable substitution – redux

Back in October last year, I posted a note about the usage of variable substitution in lighttpd’s configuration files. In fact I got that post very slightly wrong (now corrected) in that I showed the test I applied in the file as: “$HTTP[“remoteip”] !~ “12.34.56.78″”. (Note the “!~” when I should have used “!=”). This …

Continue reading

Permanent link to this article: https://baldric.net/2017/01/30/variable-substitution-redux/

variable substitution in lighttpd

I’ve been a lighty user for many years now, having junked apache when it became obviously overweight for my target devices (the slugs in particular). Trivia is, of course, powered by lighty as are all my other websites. Lighty’s configuration file syntax is reasonably simple to understand, and is well documented on the Redmine wiki. …

Continue reading

Permanent link to this article: https://baldric.net/2016/10/19/variable-substitution-in-lighttpd/

raid performance

I have recently been building a new NAS box (of which, possibly, more later). In fact the build is really a rebuild because I initially built the server about three years ago in order to consolidate a bunch of services I was running on assorted separate servers into one place. That first build was a …

Continue reading

Permanent link to this article: https://baldric.net/2016/05/02/raid-performance/

strip exif data

I have a large collection of photographs on my computer. And each Christmas the collection grows ever larger. I use digiKam to manage that collection, but as I have mentioned before, storing family photographs as a collection of jpeg files seems counter intuitive to me. Photographs should be on display, or at least stored in …

Continue reading

Permanent link to this article: https://baldric.net/2014/01/11/strip-exif-data/

http compression in lighttpd

Today I had occasion to test trivia’s page load times. I used the (admittedly fairly dated) website optimization test tool and was surprised to find that it reported that parts of the pages I tested were not compressed before delivery. I have the default compression options set in my lighty configuration file as below: compress.cache-dir …

Continue reading

Permanent link to this article: https://baldric.net/2013/12/30/http-compression-in-lighttpd/

ssl cipher check

My recent explorations of how to strengthen the ssl/tls certificates I use on both trivia and my mail service have given me cause to look for tools to help me test my configuration. The Calomel firefox plugin and sslabs site are very useful for checking HTTPS configurations, but they are fairly specifically aimed at that …

Continue reading

Permanent link to this article: https://baldric.net/2013/12/10/ssl-cipher-check/

TLS ciphers in postfix and dovecot

A recent exchange amongst ALUG email list members about list etiquette resulted in a flurry of postings on a variety of related topics. I posted a flippant comment about top posting, but did so (deliberately) from my Galaxy tab using Samsung’s default email client which actually forces top posting. Steve responded suggesting that I look …

Continue reading

Permanent link to this article: https://baldric.net/2013/12/07/tls-ciphers-in-postfix-and-dovecot/

add ssl to lighttpd server

For some time now I have protected all my own connections to trivia with an SSL connection. I do this to protect my user credentials when managing trivia’s content or configuration. In fact my server is configured to force any connection coming from my IP address to a secured SSL connection so that I cannot …

Continue reading

Permanent link to this article: https://baldric.net/2013/09/12/add-ssl-to-lighttpd-server/

openPGP usage

Over at the the cypherpunks mail list, one Tony Arcieri posted a graphic showing an interesting rise in the number of OpenPGP keys registered on the SKS keyserver in the last month or so. The graphic comes from the SKS statistics page. The overall trend is clearly upwards, and has been for some time, but …

Continue reading

Permanent link to this article: https://baldric.net/2013/08/25/openpgp-usage/

lighttpd graceful shutdown

I run two tails mirrors. One in NYC, the other in SanFrancisco. They each serve around 2-3 TiB of data per month. In common with my other servers, occasionally I need to interrupt those VMs in order to effect a system upgrade. I had to do this very recently with my upgrade of all my …

Continue reading

Permanent link to this article: https://baldric.net/2013/05/27/lighttpd-graceful-shutdown/

using an ssh reverse tunnel to bypass NAT firewalls

There is usually more than one way to solve a problem. Back in October last year I wrote about using OpenVPN to bypass NAT firewalls when access to the firewall configuration was not available. I have also written about using ssh to tunnel out to a tor proxy. What I haven’t previously commented on is …

Continue reading

Permanent link to this article: https://baldric.net/2013/03/26/using-an-ssh-reverse-tunnel-to-bypass-nat-firewalls/

touching update

I have recently upgraded the internal disk on my main desktop from 1TB to 2TB. I find it vaguely astonishing that I should have needed to do that, but I do have a rather large store of MP4 videos, jpeg photos and audio files held locally. And disk prices are again coming down so the …

Continue reading

Permanent link to this article: https://baldric.net/2013/02/28/touching-update/

forcing innodb recovery in mysql

Today I had a nasty looking problem with my mysql installation. At first I thought I might have to drop one or more databases and re-install. Fortunately, I didn’t actually have to do that in the end. I first noticed a problem at around 15.45 today when I couldn’t collect my mail. My mail system …

Continue reading

Permanent link to this article: https://baldric.net/2012/11/16/forcing-innodb-recovery-in-mysql/

using openvpn to bypass NAT firewalls

OpenVPN is a free, open source, general purpose VPN tool which allows users to build secure tunnels through insecure networks such as the internet. It is the ideal solution to a wide range of secure tunnelling requirements, but it is not always immediately obvious how it should be deployed in some circumstances. Recently, a correspondent …

Continue reading

Permanent link to this article: https://baldric.net/2012/10/27/using-openvpn-to-bypass-nat-firewalls/

iptables firewall for servers

I paid for a new VPS to run tor this week. It is cheaper, and offers a higher bandwidth allowance than my existing tor server so I may yet close that one down – particularly as I recently had trouble with the exit policy on my existing server. In setting up the new server, the …

Continue reading

Permanent link to this article: https://baldric.net/2012/09/09/iptables-firewall-for-servers/

debian on a DNS-320

Back in 2009 I bought, on impulse, a D-Link DNS-313 thinking it was sufficiently similar to the 323 to enable me to install debian with some ease. As I noted at the time, however, I’d made a slight mistake and then had to settle for a compromise installation from a tarball rather than a full …

Continue reading

Permanent link to this article: https://baldric.net/2012/08/21/debian-on-a-dns-320/