Posts

Showing posts with the label home services

Yet Another New Home Server

This year has seen me doing more in the way of little tech projects at home than I have done for a while, perhaps due to covid lock downs so if that's the case then I'll take this small positive from an otherwise rubbish situation.  Typically for me, these projects have focused around open source projects and some IoT.  More on those in some separate blog posts when I get around to writing them up.  But for now, I wanted to make some notes on my new home server set up.

I've had an array of different low powered home servers of the years that I've previously written about, namely the NSLU2, TinyTuxBox, Joggler and for the past many years a simple ReadyNAS box that I specifically bought for the Intel processor as it made compiling different bits and pieces a whole lot easier back in the day.  However, I have recently relegated the ReadyNAS box from home serving duties, keeping it only for its native NAS services because using it for other things has become increasingly difficult without updating the entire base OS (which is possible by I'm reluctant to do) due to down level software libraries like an ancient version of openssl.

In with the new then and I moved away from Intel architecture as it's now so much easier to compile for Arm chips and went with the, wait for it, drum roll, rather obvious choice of a Raspberry Pi 4.  Specifically, a Pi 4 Model B, 4GB.  I've paired it with the official Pi case power supply, micro HDMI cable and shoved in an A2  SanDisk Extreme 64GB SDXC card.

And so to the notes, my initial target for this new box would be as follows:

The Lounge

IRC might be a bit old hat but tons of open source project still use it for their more synchronous communications.  ZNC is the choice of old for staying connected to your IRC channels.  For those not familiar, it acts as a relay to the IRC servers you want to connect to.  Effectively, it connects as your IRC client to the servers and presents your local IRC client with an endpoint through which you can connect.  This allows you never to miss any messages and see the IRC conversation even when you're not actually online.  Matrix seems to be taking some of the old IRC community's attention with various projects setting up bridges between Matrix and IRC.  However, the relative newcomer project called The Lounge shows just how far web technologies and web sockets have come.  It's a darned site (pun intended) easier to install configure and use than ZNC so I'm a massive convert and big fan of the project.

The project is relatively stable in the master branch and doesn't release particularly often so I've open for the run from source approach to take advantage of all the latest development.  Other than that, I've only made 3 changes to the default configuration prior to starting up my The Lounge server:
  1. host: "127.0.0.1"
  2. reverseProxy: true
  3. theme: "morning"
As you can see, these are all pretty simple and somewhat trivial changes.  The host setting binds the listener to the localhost interface, thus making it suitable for use with a reverse proxy and not exposing the service outside of the Pi 4.  The reverseProxy setting tells the server it's expecting to run behind a reverse proxy (the clue is in the name I guess).  Finally, I've switched to using a dark mode theme rather than the default light mode.  That's it, the remainder of the configuration is all about which IRC servers and channels to connect to along with the usual IRC bits of registering your nick and logging into the nick server.

Mosquitto

This is even simpler to get going than The Lounge due to the fact it's bundled with Raspbian so you can just apt-get install it.  I've created a configuration based on the bundled example config file but changing:
  1. pid_file (probably just because I'm old fashioned like that)
  2. user (to drop privileges)
  3. listener (to specify a port number)
  4. certfile and keyfile (for SSL)
  5. log_dest (create a specific log file for the broker)
  6. clientid_prefixes (a bit of added security to only allow certain client IDs to connect to the broker)
  7. allow_anonymous (quite an important one!)
  8. password_file (so that connections are authenticated)
Hopefully, that gives me something secure as well as providing me with the broker functionality that I need.

Node Red

Again, simple to install as it's bundled with Raspbian.  It does like to run under the default "pi" user though, which is a bit of a shame security wise.  All I've done to the configuration is ensure it's listening only on the local interface and enable the adminAuth section such that I'm required to enter a user name and password to access the user interface.

NGINX
 
Another simple install due to using the bundled version that comes with Raspbian.  However, this time around there's a lot more configuration to do since I'm using it to front a reverse proxy onto The Lounge and Node Red.  This gives me a few advantages such as being able to restart NGINX in order to load new SSL certificates without interrupting the underlying services i.e. something like IRC can stay connected even though new certs are loaded.  Both The Lounge and Node Red support SSL in their configuration so this also means I only need to configure certificates in one place and have a single route through which I can access all my home services.  The idea and bulk of the configuration for doing this comes directly from one of the guides available for The Lounge.

server {
    # redirect HTTP traffic to HTTPS
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name _;
    return 301 https://$host$request_uri;
}

server {
    # SSL configuration
    #
    listen 443 ssl default_server;
    listen [::]:443 ssl default_server;
    ssl_certificate /path/to/your/server.crt;
    ssl_certificate_key /path/to/your/server.key;

    server_name your.server.name.com;
 
    # Add this if you want to do web serving as well
    root /var/www/html;
    index index.html index.htm;
 
    location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        try_files $uri $uri/ =404;
    }
 
    # Configure reverse proxy for The Lounge
    location ^~ /YOUR_PREFERRED_IRC_URL_GOES_HERE/ {
        proxy_pass http://127.0.0.1:9000/;
        proxy_http_version 1.1;
        proxy_set_header Connection "upgrade";
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;

        # by default nginx times out connections in one minute
        proxy_read_timeout 1d;
    }

    # Configure reverse proxy for Node Red
    location ^~ /YOUR_PREFERRED_NODERED_URL_GOES_HERE/ {
        proxy_pass http://127.0.0.1:1880/;
        proxy_http_version 1.1;
        proxy_set_header Connection "upgrade";
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;

        # by default nginx times out connections in one minute
        proxy_read_timeout 1d;
    }
}
 
Let's Encrypt
From Wikipedia: "Let's Encrypt is a non-profit certificate authority run by Internet Security Research Group that provides X.509 certificates for Transport Layer Security encryption at no charge."

The model for using letsencrypt is pretty simple.  They sign your SSL certificates, free of charge, but their signing expires within 90 days.  Hence, they're encouraging a high turnover of certificates by regular renewals.  This means that realistically you need to automate the process of certificate signing.  To do this I'm using the getssl script which makes life extremely easy when coupled with a cron job to kick off the script on a regular basis.  I'm running it every day and the script decides whether to replace my existing certificates.  It all sits there quite nicely running in the background and doesn't get in the way at all, restarting NGINX only when a new certificate is put in place.  Due to the fact that NGINX is decoupled from the services it is proxying the other services aren't interrupted.

Broadband Woes

At the end of November 2012 my until then rock-solid reliable Netgear DG834PN ADSL router started reporting being disconnected from the Internet. I know this because being a decent router it has the facility to email its logs to me periodically so I have a record of everything that goes on with my Internet connection going back for years. I eventually worked out that the disconnections were being caused by phone calls connecting to the house which can happen even when we're out because we have an answering machine. So then to work, on diagnosing whether the fault lies with my equipment or with one of the service providers (Plusnet using BT line).

First I tried connecting my Netgear to the master phone socket since usually it is connected to an extension running around the house. No joy. The Netgear exhibited exactly the same behaviour from both sockets and disconnected when phone calls came in or went out of the house (only on connection, not when the phone was ringing).

Next is to try some different micro filters. No joy. I was still getting disconnected in spite of trying a couple of different ones while connected to the master socket including a genuine BT micro filter I purchased specifically to get a decent quality one for this test.

Now I've got this far I'm starting to think it's a line fault and prepare to do battle with Plusnet to get them to assess my line and perhaps send out a BT engineer to fix the problem. I go on-line to their help system. Their phone system is OK being in the UK but you have to go through a million-and-one press this to do that options. In order to raise a fault you have to answer a bunch of questions to confirm you've made all the checks that I would take for granted. Master phone socket, tick. New micro filter, tick. New router, now hang on a minute here. To the best of my (comparatively extensive) knowledge this question isn't right, routers aren't effected by phone calls, the entire point of an ADSL micro filter is to filter the line so you don't get noise during phone calls.

It seems Plusnet would not allow me to raise a line fault with them unless I had gone through all of these questions. I thought I couldn't honestly answer that I had tried a new router in spite of the fact I couldn't see how a new one would solve the problem. I decided to humour the web page and try a different router. I put the call out on social media and quickly tracked down someone a few streets away from us who had a spare I could try.

The router I borrowed was a cheap and nasty get the job done type router sent out by TalkTalk to their customers when they sign up. No wonder the guy I borrowed it from didn't use it and preferred his trusty old Netgear much like myself. However, it worked! No more disconnections when the phone connected and that was the case for whichever micro filter I used and whether I was connected to the master phone socket or the extension. So then, problem solved, it's my router after all.

Unable to keep the router I had on loan I did a bit of research into which router I should buy next to replace my Netgear. I'm a bit of a Netgear fan-boy, I have a ReadyNAS as well so it was hard to admit, based on hundreds of reviews from dissatisfied customers, their routers are now crap. I thought about going straight to an FTTC connection but wanted to get something fixed in the short term so a cheap router to keep us going for a while is the order of the day. I couldn't decide what to get and noticed Plusnet “give” you a router for a small fee to cover the postage. I decided to go with one of these.

A couple of weeks later, after I had reminded Plusnet to send me the router, it seems they received the order and took my money but somehow forgot to put it in the post, I was the proud new owner of a router made by Technicolor (or Thompson) called the TG852n. Wow wow wow, it really is quite the most appalling box of circuits, wires and firmware I've ever had the displeasure of being insulted by. It's the sort of thing I imagine an electronics company something akin to Frugal Electronics Inc. would produce, corners cut everywhere which can only be to save development cost, and credits the user with absolutely intelligence whatsoever.

I tweeted about what a bunch of crap itis and Plusnet responded wondering what I thought the issues were with it. It was difficult to explain in a 160 character response so I picked a couple of annoyances amongst plethora of wrongness that is the TG852n and sent them back. Here's my top 5:
  1. The user interface is restricted, very restricted. You cannot change anything but the very simplest of options. The first thing I wanted to do was switch it over to using my usual subnet range, nope, can't do that, you're fixed at the address range you're given. That is, unless you use the command-line interface. Most people reading this will know that I'm a fan of the command-line more than most being Mr Linux, but I really don't want to learn another one just to configure my router at home, give me a user interface that works. This brings me onto...
  2. You can telnet to the router. I didn't have to do anything to do this, you can just log in with the admin user name and password. I don't want that port open on my router thanks very much although it is comforting to know the router is a capable device scuppered only by an incapable user interface. What if I were to accidentally route port 23 from the Internet? No, just no.
  3. On the subject of open ports, port 80 appears to be open from the Internet. I don't know why, I didn't tell it to do that. Stop it. I haven't checked what other ports might have been left conveniently hanging for someone to try and get in. Remember I said I have logs going back years, I know how often my IP address is port scanned and password cracked. It happens most days.
  4. Firmware updates are more or less not supported. You certainly can't update the firmware via the user interface (surprise surprise) and if you do want to manually update it then you have to do it via TFTP (presumably via PXE boot) from a machine on your home network. Nope again, no thanks, that's rubbish. It seems, however, that Plusnet can push firmware updates to your router. I don't want that either, get off my network[1], I'll manage my end and you stick to managing yours. Finding firmware updates is nearly impossible too, they're not supplied by the manufacturer so you're left to trawl the Plusnet forums looking for posts where someone has linked to a more up-to-date version than you currently have.
  5. It's a four port Ethernet router, it has one Ethernet light. Apparently, I'm too dumb to need to see whether traffic is being routed to a certain port on the router via the convenient mechanism of a green light provided by almost every router on the planet[2]. I'm left with one light that might wave about a bit if some traffic happens to pass through the router to the Ethernet ports at some point. Oh, and they're 100MB/s ports too, but what do you expect for a free router I guess?

The final straw for me in the TG832n story and why I've decided to stop using it is that it also disconnected when the phone rang the other day. It reconnected shortly afterwards and everything was fine. However, it's now in a state where sometimes it will disconnect if the phone rings and sometimes it will not. Any which way, it always shows a red “Internet” light and a green “Broadband” light which implies that I have an active ADSL connection but that I am not dialled through to Plusnet properly. Another victory for this router then, with the red light on and glowing brightly I've got full Internet access from any of my wired or wireless devices in the house. So the router is lying to me as well[3]. I could try a firmware update, but that would be difficult.

I appreciate I'm probably not the target audience for this router. Its cut down and simplified user interface that buries what it considers “advanced” options in completely unfathomable places is probably targeted more at the likes of the silver surfer, someone who just wants to plug it in and get connected to the Internet without worrying about it any more than that.  However, the TalkTalk supplied router I have on loan (a Huawei HG532) is also a little confusing to use but it blows the Plusnet one out of the water in terms of the configuration options offered via the web GUI and would surely confuse the heck out of all but the most technical users.

Before I decided to try the Plusnet standard router my research was leading me towards Asus and (as I said before) away from Netgear. I've not tried any Asus networking kit before but I've like their motherboards for years in my home builds and we have a Transformer Prime tablet at home which is excellent. I've yet to receive this one but hope it solves the disconnection problem as well as being something that doesn't exhibit quite so many of the things I've been ranting about above. If it doesn't solve my connection issues then there may be more to say here yet.

[1] I don't really expect that Plusnet would be able to get onto my network but it's a distinct possibility.

[2] Yes, I know it's just a hub and isn't switching the traffic so is effectively broadcasting all the traffic anyway in which case one light is sufficient but I'd rather have 4.

[3] Another possibility is that the light stays red to suggest there has previously been a problem. The wafer-thin documentation actually says when the Internet light is red “Connection to Internet failed. Restart your router and see page 7. if the problem persists, open your web browser and see page 12.”

<update 5th Feb 2013>
I'm now using an Asus DSL-N12U that I purchased and reviewed at Amazon.
</update>

Home Networking

Photo by Beth
We've just finished a fairly major project at home in doing up our living room (right).  It's been fairly major in that the room is quite large and has an open stair well so we've had to include the stairs and landing too.  It's been a complete overhaul with the fire you see in the picture having been fitted, the upstairs ceiling plastered, new carpets, a little wall paper hung, painted and thoroughly decorated.  However, one thing I wanted to do as part of the redecoration was to run Ethernet cable between the TV point in the right of the picture all the way around the room past the door on the left to the computer point in the kitchen.  Basically, I've been long since fed up of wireless being slow, if not dropping out entirely.  So here follows a few notes to remind myself what I did with the hope it might be useful to someone else out there too.

I started out by planning the route for the cable and researching the kit I would need to buy in order to complete the job.  I decided to channel the cable into the wall where the fire is, using a channel I had the fire fitter make behind the fire when it was fitted.  For the rest of the run along the green wall and into the kitchen the cables are sunk into the back of the skirting board. Having replaced the skirting, I routed out a channel just big enough for 2 Ethernet cables and re-hung the skirting back in place.

The next decision was what type of cable to buy, Cat 5e or Cat6, Solid Core or not?  I already knew I wanted 2 cables, driven mainly by the fact it seemed pointless just to run one and a lot of Ethernet wall face plates have 2 sockets in them so that's what I decided on.  Then I went shopping.

I already had a couple of single metal backing boxes to mount face plates on, the rest of my shopping list consisted of the following for the sum of just under 40 quid:

As you can tell from that little list, I decided to go with shielded Cat 6 and bought 2 cables with ends already attached.  I found it was cheaper to do this than to buy a reel of cable!  It was simple enough to cut the ends off and as you can tell from the rest of the list I decided to use whatever length was remaining to make up some Ethernet cables using the ends and crimper tool.


BT i-Plate

I discovered a new (but rather boring) gadget before Christmas reading through the Think Broadband news. The BT i-Plate could help speed up your ADSL connection so more recently I decided to grab one and try it out. It's marketed through BT Wholesale as a customer installable device so it's very simple to fit and costs less than a tenner to get it to your door. The cheapest I found was £9.29 inc delivery from Broadand Buyer.

Any potential speed improvement results from reducing interference and improving stability at your master phone socket. The improvement seen by some people are staggering so worth a go I thought. The two pictures show before (left) and after (right) fitting. To fit you simply 1) remove the phone cord; 2) unscrew your master socket face plate and remove; 3) slot the i-Plate over the wire to the face plate; 4) plug the i-Plate into the master socket; 5) attach the face plate to the i-Plate and screw in. The socket now stands out from the wall about 1cm or so further than it did. Even with my right hand injured as it is, I managed to complete the installation quickly with one hand.

I did the installation a few days ago (Tuesday) so I've given it some time before comparing results before/after to allow my line speed to be adjusted (this is done automatically on all ADSL lines to keep your speed optimal for current conditions). So the big question is what has it done for me?

Before installation my ADSL router was connected at 5024kbps down and 448kbps up. This gave me an average download speed of 4352kbps and upload speed of 375kbps as measured by speedtest.net. Immediately after installation my connection speed had increased to 6016kbps up and 448kbps down, surprising. However, my download speed hardly changed at all. Today my router is connecting at 7008kbps and download speeds are around the 5200kbps mark using the same benchmark. It seems clear then, I've seen some improvement of around a 20% boost for downloads and hopefully a little more to come as my line stabilises with a little more time. Upload speeds remain the same as before on my "up to 8mbps/second" line, my current ISP is PlusNet.

Dear Wonky BT


Dear British Telecom, please when you send an engineer to my house to install a second line would you ask them to take as much care over presentation as getting the line working. Thanks, yours very wonkily!

This week we've had another phone line installed at home for reasons beyond comprehension. The young engineer was very concerned to take care to get things working as well as possible. However, he was only permitted to surface mount. That means any sockets or cables have to unsightly on the walls, not hidden or nicely recessed. Strange, as the first socket (on the left and also not straight) installed in our house before we moved in was recessed. I can live with that restriction perhaps, but is it unreasonable to expect better care over the position of the socket? I don't expect all engineers to be armed with a spirit level but this is just so clearly off level it's ridiculous.

Plusnet or Minusnet?

After coming back from New York in September, I uploaded my pictures to my personal web site. Nothing unusual for me there, except this time I realised I was nearly hitting the space limit my ISP enforces for my web space. At the time I figured all would be fine so I set about contacting them for a space increase. Now given I've been a customer for many years and always used their premium services (to get better speeds, more usage allowance and no traffic shaping) and the fact disk space is cheap (especially when talking in terms of MB) I even thought they'd probably give me more space at no charge. I hold Plusnet in reasonably high regard, customer service is great, network speeds are OK and things just seem reliable and work well, on this occasion though I was wrong. The conversation between me and Plusnet follows:

Graham
Is it possible to increase my Web Space quota beyond 250MB?
My current usage is reported as 241MB, 96.4%. I use the web space primarily for my personal photographs which I resize to a small size and use JPEG compression so I'm not abusing the space. However, it seems after 8 years or so I'm now approaching 250MB.
Many thanks in advance for the information.

Plusnet
Dear Mr White,
I am afraid it is not possible to increase the webspace allowance on accounts at the present time.
Kind regards

Graham
That's really very unfortunate. Is there really no option to increase the 250MB quota, even if some charge were involved? I even pay a premium for the Your Way Pro service.
I'm a long-standing plusnet customer and one of the reasons I originally chose plusnet was for the web space and hosting of PHP+MySQL sites.
Are plusnet prepared to lose customers based on something this simple? If so, I'll have no choice but to re-evaluate my web hosting solution in which I will take into account my ADSL provider.
Hoping you can reconsider this decision or policy.
Thanks.

Plusnet
Dear Mr White,
Thank you for getting back to us. Unfortunately it is not possible to change the webspace allowance unless you were to move to our top business account. Our system does not allow us to add additional webspace and although we intend to offer this in the future we have no firm plans at present.
Kind regards


I find it hard to come to terms with the fact "their system" must be so terrible and essentially equate the response to the Little Brittain sketch "computer says no!".

This was all going on at the same time Roo was becoming frustrated with Plusnet as well. I can definitely sympathise with many of Roo's points and Plusnet have left me considering my options as well.

The reason I still maintain a web site is purely legacy. There once was a time when the likes of Flickr simply didn't exist and if you wanted to share photos on-line, you had to do it yourself. I'd quite happily move over to Flickr for hosting my pictures, it would be more convenient in a number of ways and sort of removes the need for hosting my own web site and therefore my tie to Plusnet.

It's got me thinking again recently, what services do I use/need and how much am I willing to pay for them. Currently my broadband is nearly £20 per month, with other providers I could get broadband, phone and television for that amount!!! Unfortunately, I don't live in an area catered for by cable services so I have to use ADSL broadband and non-cable phone/television.

If anybody has some good experiences or recommendations, do let me know as I start to look around now.

Edit #1
Since writing Plusnet have phoned me at home to discuss my requirements, another indication of their really excellent customer service. If I do decide to move away from them it will certainly be hard and with regret. Basically, I want something a bit cheaper with no speed restrictions and a sensible download limit if any. Plusnet offer only one service with no speed restrictions, the one I'm using already.
End Edit

Edit #2
As Roo pointed out in his post, Plusnet are using Twitter and search for people talking about Plusnet. They contacted me through Twitter to point out a relatively recent announcement about changes in their web hosting service which are currently under trial. Great stuff, weird how I only find this out through Twitter though, rather than through the formal methods of their helpdesk, through their community web site or by talking with them on the phone all of which I've done recently.
End Edit